From 101126e54d702906ee16dd637fde33439ecf0587 Mon Sep 17 00:00:00 2001 From: Ronni Skansing Date: Mon, 3 Nov 2025 20:36:08 +0100 Subject: [PATCH] fix mitm page should not be available when campaign closed Signed-off-by: Ronni Skansing --- backend/proxy/proxy.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/backend/proxy/proxy.go b/backend/proxy/proxy.go index be4749a..838b070 100644 --- a/backend/proxy/proxy.go +++ b/backend/proxy/proxy.go @@ -192,6 +192,14 @@ func (m *ProxyHandler) HandleHTTPRequest(w http.ResponseWriter, req *http.Reques if err != nil { return err } + // if context is nil, campaign is not active - return 404 + if reqCtx == nil { + return m.writeResponse(w, &http.Response{ + StatusCode: http.StatusNotFound, + Header: make(http.Header), + Body: io.NopCloser(strings.NewReader("")), + }) + } // check for URL rewrite and redirect if needed if rewriteResp := m.checkAndApplyURLRewrite(req, reqCtx); rewriteResp != nil { @@ -337,6 +345,15 @@ func (m *ProxyHandler) initializeRequestContext(ctx context.Context, req *http.R if err != nil { return nil, errors.Errorf("failed to get campaign: %w", err) } + + // check if campaign is active + if !campaign.IsActive() { + m.logger.Debugw("campaign is not active", + "campaignID", campaignID.String(), + ) + return nil, nil + } + reqCtx.Campaign = campaign // preload campaign template if available @@ -602,6 +619,15 @@ func (m *ProxyHandler) resolveSessionContext(req *http.Request, reqCtx *RequestC reqCtx.CampaignID = session.CampaignID reqCtx.CampaignRecipientID = session.CampaignRecipientID reqCtx.RecipientID = session.RecipientID + + // check if campaign is still active + if !session.Campaign.IsActive() { + m.logger.Debugw("session campaign is no longer active", + "sessionID", reqCtx.SessionID, + "campaignID", session.CampaignID.String(), + ) + return fmt.Errorf("campaign is no longer active") + } } }