Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
diff --git a/admportal/package.json b/admportal/package.json
index f30d059..6274d72 100644
--- a/admportal/package.json
+++ b/admportal/package.json
@@ -12,12 +12,16 @@
"bootstrap-submenu": "^2.0.3",
"bootstrap-table": "^1.9.1",
"cookie-parser": "~1.3.3",
+ "crypto": "^1.0.1",
+ "csurf": "^1.10.0",
"csv": "^0.4.1",
"csvtojson": "^0.5.3",
"dateformat": "^1.0.11",
"debug": "~2.0.0",
+ "dns-sync": "~0.1.3",
"ejs": "~0.8.5",
"express": "~4.9.0",
+ "express-sanitizer": "^1.0.5",
"express-session": "^1.10.1",
"fs.extra": "^1.3.2",
"lodash": "^3.8.0",
@@ -30,7 +34,6 @@
"properties-reader": "0.0.9",
"sax": "^0.6.1",
"serve-favicon": "~2.1.3",
- "xml2js": "^0.4.5",
- "dns-sync": "~0.1.3"
+ "xml2js": "^0.4.5"
}
}
diff --git a/admportal/pom.xml b/admportal/pom.xml
index 29f9ce9..f01096a 100644
--- a/admportal/pom.xml
+++ b/admportal/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.ccsdk.parent</groupId>
<artifactId>binding-parent</artifactId>
- <version>1.3.0-SNAPSHOT</version>
+ <version>1.3.1-SNAPSHOT</version>
<relativePath/>
</parent>
diff --git a/admportal/server/app.js b/admportal/server/app.js
index 33cdb64..898645e 100644
--- a/admportal/server/app.js
+++ b/admportal/server/app.js
@@ -8,6 +8,7 @@
var properties = PropertiesReader(process.argv[2]); //property file passed
var morgan = require('morgan');
var _ = require('lodash');
+var expressSanitizer = require('express-sanitizer');
//var multer = require('multer');
//var done=false;
@@ -47,6 +48,9 @@
extended: true
}));
+// mount express-sanitizer here
+app.use(expressSanitizer()); // this line needs to follow bodyParser
+
app.use(accesslog); // http access log
app.use(express.static(process.cwd() + '/public')); // static files
diff --git a/admportal/server/router/index.js b/admportal/server/router/index.js
index 76cd611..a529375 100644
--- a/admportal/server/router/index.js
+++ b/admportal/server/router/index.js
@@ -9,9 +9,9 @@
app.use('/odl', require('./routes/odl'));
app.use('/sla', require('./routes/sla'));
app.use('/user', require('./routes/user'));
- app.use('/gamma', require('./routes/gamma'));
+ //app.use('/gamma', require('./routes/gamma'));
app.use('/mobility', require('./routes/mobility'));
- app.use('/admin', require('./routes/admin'));
+ //app.use('/admin', require('./routes/admin'));
app.use('/preload', require('./routes/preload'));
//app.use('/svc-topology-operation', require('./routes/odl'));
//app.use('/wklist-delete', require('./routes/odl'));
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 4b7b808..96c7fd8 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -5,40 +5,43 @@
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
+var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
+var csrf = require('csurf');
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
// GET
router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
+router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteParameter(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from PARAMETERS table.');
- dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
+ tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); });
+ async.series(tasks, function(err,result){
+ var msgArray = new Array();
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Row successfully deleted from PARAMETERS table.');
+ dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
// POST
-router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -59,7 +62,7 @@
});
// gamma - updateAicSite
-router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js
index 435aaf9..8828052 100644
--- a/admportal/server/router/routes/csp.js
+++ b/admportal/server/router/routes/csp.js
@@ -15,13 +15,18 @@
function login (req,res) {
+console.log('login');
+var tkn = req.sanitize(req.body._csrf);
+console.log('login:tkn=' + tkn);
+
var loggedInAdmin={};
- var email = req.body.email;
+ var email = req.sanitize(req.body.email);
+ var pswd = req.sanitize(req.body.password);
dbRoutes.findAdminUser(email,res,function(adminUser){
if(adminUser !== null){
// make sure correct password is provided
- if (req.body.password != adminUser.password) {
+ if (pswd != adminUser.password) {
res.render("pages/login",
{
result:
@@ -36,6 +41,7 @@
var loggedInAdmin = {
email:adminUser.email,
+ csrfToken: tkn,
password:adminUser.password,
privilege:adminUser.privilege
}
@@ -57,6 +63,7 @@
}
function checkAuth(req,res,next){
+
var host = req.get('host');
var url = req.url;
var originalUrl = req.originalUrl;
@@ -64,8 +71,7 @@
console.log("checkAuth");
var host = req.headers['host'];
-console.log('host=' + host);
-
+ console.log('host=' + host);
console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
if(req.session == null || req.session == undefined
|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
@@ -79,6 +85,40 @@
next();
}
+function checkPriv(req,res,next)
+{
+ var priv = req.session.loggedInAdmin;
+ if(req.session == null || req.session == undefined
+ || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
+ {
+ res.render("pages/err",
+ {
+ result: {code:'error', msg:'Unexpected null session.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ else
+ {
+ if (priv.privilege == 'A')
+ {
+ next();
+ return;
+ }
+ else
+ {
+ res.render("pages/err",
+ {
+ result: { code:'error', msg:'User does not have permission to run operation.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ }
+}
+
+
exports.login = login;
exports.logout = logout;
exports.checkAuth = checkAuth;
+exports.checkPriv = checkPriv;
diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js
index 34a90c7..c4a09fd 100644
--- a/admportal/server/router/routes/dbRoutes.js
+++ b/admportal/server/router/routes/dbRoutes.js
@@ -262,18 +262,22 @@
exports.saveUser = function(req,res){
- pool.getConnection(function(err,connection){
+console.log('b4 sani');
+ var email = req.sanitize(req.body.nf_email);
+ var pswd = req.sanitize(req.body.nf_password);
+console.log('after sani');
+
+ pool.getConnection(function(err,connection)
+ {
if(err){
console.error( String(err) ); // ALARM
res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
return;
- }
- //var sql = "SELECT AES_DECRYPT(password, '" + enckey + "') password FROM PORTAL_USERS";
- var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + req.body.nf_email + "'";
+ }
+ var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'";
- console.log(sql);
-
- connection.query(sql, function(err,result){
+ connection.query(sql, function(err,result)
+ {
if(err){
connection.release();
res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
@@ -287,13 +291,12 @@
}
sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES ("
- +"'"+ req.body.nf_email + "',"
- + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
+ +"'"+ email + "',"
+ + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
+"'A')";
- console.log(sql);
-
- connection.query(sql, function(err,result){
+ connection.query(sql, function(err,result)
+ {
connection.release();
if(err){
@@ -360,172 +363,207 @@
exports.addUser = function(req,res){
var rows={};
- var resultObj = { code:'', msg:'' };
+ var resultObj = { code:'', msg:'' };
var privilegeObj = req.session.loggedInAdmin;
+ var privilege = req.sanitize(req.body.nf_privilege);
+ var email = req.sanitize(req.body.nf_email);
+ var pswd = req.sanitize(req.body.nf_password);
- pool.getConnection(function(err,connection) {
- if(err){
+
+ pool.getConnection(function(err,connection)
+ {
+ if(err)
+ {
console.error( String(err) ); // ALARM
- res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
+ }
- if( req.body.nf_privilege == "admin" ){
- var char_priv = 'A';
- }else if(req.body.nf_privilege == 'readonly'){
- var char_priv = 'R';
- }else{
- var char_priv = 'A';
- }
+ if( privilege == "admin" ){
+ var char_priv = 'A';
+ }else if(privilege == 'readonly'){
+ var char_priv = 'R';
+ }else{
+ var char_priv = 'R';
+ }
+
+ //connection.query(sqlRequest, function(err,result)
+ var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
+ +"'"+ email + "',"
+ + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
+ +"'"+ char_priv + "')";
- //connection.query(sqlRequest, function(err,result){
- var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
- +"'"+ req.body.nf_email + "',"
- + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
- +"'"+ char_priv + "')";
-
- console.log(sqlUpdate);
-
- connection.query(sqlUpdate,function(err,result){
-
- if(err){
- resultObj = {code:'error', msg:'Add of user failed Error: '+err};
- }
-
- // Need DB lookup logic here
- connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) {
-
- connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
+ connection.query(sqlUpdate,function(err,result)
+ {
+ if(err){
+ resultObj = {code:'error', msg:'Add of user failed Error: '+err};
+ }
+ // Need DB lookup logic here
+ connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows)
+ {
+ connection.release();
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
resultObj = {code:'success',msg:'Successfully added user.'};
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+ res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
return;
- }else{
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
+ }else{
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
+ }
+ }
+ else {
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- }); //end query
- });
-
- }); // end of getConnection
+ }
+ }); //end query
+ });
+ }); // end of getConnection
}
// updateUser
exports.updateUser= function(req,res){
- var rows={};
+ var rows={};
var resultObj = { code:'', msg:'' };
var privilegeObj = req.session.loggedInAdmin;
+ var email = req.sanitize(req.body.uf_email);
+ var key_email = req.sanitize(req.body.uf_key_email)
+ var pswd = req.sanitize(req.body.uf_password);
+ var privilege = req.sanitize(req.body.uf_privilege);
- pool.getConnection(function(err,connection) {
-
- if(err){
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
console.error( String(err) ); // ALARM
- res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
+ res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
-
- if( req.body.uf_privilege == "admin" ){
- var char_priv = 'A';
- }else if(req.body.uf_privilege == 'readonly'){
- var char_priv = 'R';
- }else{
- var char_priv = 'A';
}
+ if( privilege == "admin" ){
+ var char_priv = 'A';
+ }else if(privilege == 'readonly'){
+ var char_priv = 'R';
+ }else{
+ var char_priv = 'R';
+ }
- //connection.query(sqlRequest, function(err,result){
var sqlUpdate = "UPDATE PORTAL_USERS SET "
- + "email = '" + req.body.uf_email + "',"
- + "password = " + "AES_ENCRYPT('" + req.body.uf_password + "','" + enckey + "'), "
+ + "email = '" + email + "',"
+ + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), "
+ "privilege = '"+ char_priv + "'"
- + " WHERE email = '" + req.body.uf_key_email + "'";
+ + " WHERE email = '" + key_email + "'";
- console.log(sqlUpdate);
-
- connection.query(sqlUpdate,function(err,result){
-
+ connection.query(sqlUpdate,function(err,result)
+ {
if(err){
- resultObj = {code:'error', msg:'Update of user failed Error: '+err};
+ resultObj = {code:'error', msg:'Update of user failed Error: '+err};
}
-
- // Need DB lookup logic here
- connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) {
- connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
+ // Need DB lookup logic here
+ connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows)
+ {
+ connection.release();
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
resultObj = {code:'success',msg:'Successfully updated user.'};
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
- return;
- }else{
- res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
+ res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
+ return;
+ }else{
+ res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
+ }
+ } else {
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
}
- }); //end query
- });
- }); // end of getConnection
-};
+ }); //end query
+ });
+ }); // end of getConnection
+}
exports.listUsers = function(req,res,resultObj){
var privilegeObj = req.session.loggedInAdmin;
- var rows={};
- pool.getConnection(function(err,connection) {
+ var rows={};
+ pool.getConnection(function(err,connection)
+ {
- if(err){
+ if(err){
console.error( String(err) ); // ALARM
- res.render("pages/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ res.render("pages/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:"Unable to get database connection. " + String(err),
+ privilege:privilegeObj },
+ header:process.env.MAIN_MENU
+ });
return;
- }
+ }
- // Need DB lookup logic here
- var selectUsers = "SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege from PORTAL_USERS";
- console.log(selectUsers);
- connection.query(selectUsers, function(err, rows) {
+ // Need DB lookup logic here
+ var selectUsers = "SELECT email, AES_DECRYPT(password,'"
+ + enckey + "') password, privilege from PORTAL_USERS";
- connection.release();
- if(err){
- resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+ connection.query(selectUsers, function(err, rows) {
+
+ connection.release();
+ if(err){
+ resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+ }
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
+ console.log(JSON.stringify(rows));
+ res.render('user/list',
+ {
+ rows: rows,
+ result:resultObj,
+ privilege:privilegeObj,
+ header:process.env.MAIN_MENU
+ });
+ return;
}
-
- if(!err) {
- if ( rows.length > 0 )
- {
- console.log(JSON.stringify(rows));
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU });
- return;
- }
- else{
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database.',
- privilege:privilegeObj },header:process.env.MAIN_MENU});
- return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
- return;
+ else{
+ res.render("user/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:'Unexpected no rows returned from database.',
+ privilege:privilegeObj },
+ header:process.env.MAIN_MENU
+ });
+ return;
}
- }); //end query
- }); // end getConnection
+ }
+ else
+ {
+ res.render("user/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:'Unexpected no rows returned from database. ' + String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU
+ });
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
exports.listSLA = function(req,res,resultObj){
@@ -689,29 +727,29 @@
exports.getVnfProfile = function(req,res,resultObj,privilegeObj){
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- connection.query("SELECT vnf_type,availability_zone_count,equipment_role "
- + "FROM VNF_PROFILE ORDER BY VNF_TYPE", function(err, rows)
- {
- connection.release();
- if(err) {
- res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
- else {
- res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
- return;
- }
- }); //end query
-console.log('after query');
- }); // end getConnection
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ var sql = "SELECT vnf_type,availability_zone_count,equipment_role FROM VNF_PROFILE ORDER BY VNF_TYPE";
+ console.log(sql);
+ connection.query(sql, function(err, rows)
+ {
+ connection.release();
+ if(err) {
+ res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ else {
+ console.log('render vnfProfile');
+ res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
@@ -747,103 +785,34 @@
-exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj){
-
-
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- // Need DB lookup logic here
- connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
- + "FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id", function(err, rows)
- {
- var msgArray = new Array();
-
- connection.release();
- if(err) {
- msgArray = 'Database Error: '+ String(err);
- res.render("mobility/vnfPreloadNetworkData", {
- result:{code:'error',msg:msgArray},
- preloadImportDirectory: properties.preloadImportDirectory,
- header:process.env.MAIN_MENU
- });
- return;
- }
- else {
- var retData = [];
- for( r=0; r<rows.length; r++)
- {
- var rowObj = {};
- rowObj.row = rows[r];
- if ( rows[r].filename.length > 0 )
- {
- try{
- var buffer = rows[r].preload_data;
- var decode_buffer = decodeURI(buffer);
- var filecontent = JSON.parse(decode_buffer);
- rowObj.filecontent = filecontent;
- rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
- rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
- }
- catch(error){
- msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
- }
- }
- else {
- rowObj.filecontent = '';
- }
- retData.push(rowObj);
- }
- if(msgArray.length>0){
- resultObj.code = 'failure';
- resultObj.msg = msgArray;
- }
- res.render('mobility/vnfPreloadNetworkData', {
- retData:retData,
- result:resultObj,
- privilege:privilegeObj,
- preloadImportDirectory: properties.preloadImportDirectory,
- header:process.env.MAIN_MENU
- });
- return;
- }
- }); //end query
- }); // end getConnection
-}
-
-exports.getVnfData = function(req,res,resultObj,privilegeObj){
-
-
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- // Need DB lookup logic here
- connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
- + "FROM PRE_LOAD_VNF_DATA ORDER BY id", function(err, rows)
+exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj)
+{
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err",
+ {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ // Need DB lookup logic here
+ var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id";
+ console.log(sql);
+ connection.query(sql, function(err, rows)
{
var msgArray = new Array();
-
- connection.release();
- if(err) {
+ connection.release();
+ if(err) {
msgArray = 'Database Error: '+ String(err);
- res.render("mobility/vnfPreloadData", {
+ res.render("mobility/vnfPreloadNetworkData", {
result:{code:'error',msg:msgArray},
+ privilege:privilegeObj,
preloadImportDirectory: properties.preloadImportDirectory,
header:process.env.MAIN_MENU
});
- return;
- }
- else {
+ return;
+ }
+ else {
var retData = [];
for( r=0; r<rows.length; r++)
{
@@ -853,35 +822,103 @@
{
try{
var buffer = rows[r].preload_data;
- var s_buffer = decodeURI(buffer);
- var filecontent = JSON.parse(s_buffer);
+ var decode_buffer = decodeURI(buffer);
+ var filecontent = JSON.parse(decode_buffer);
rowObj.filecontent = filecontent;
- rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"];
- rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"];
+ rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
+ rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
}
catch(error){
- msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+ msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
}
}
else {
rowObj.filecontent = '';
}
retData.push(rowObj);
- }
+ }//endloop
if(msgArray.length>0){
resultObj.code = 'failure';
resultObj.msg = msgArray;
}
- res.render('mobility/vnfPreloadData',{
- retData:retData, result:resultObj,
- privilege:privilegeObj,
- header:process.env.MAIN_MENU,
- preloadImportDirectory: properties.preloadImportDirectory
+ res.render('mobility/vnfPreloadNetworkData', {
+ retData:retData,
+ result:resultObj,
+ privilege:privilegeObj,
+ preloadImportDirectory: properties.preloadImportDirectory,
+ header:process.env.MAIN_MENU
});
- return;
- }
- }); //end query
- }); // end getConnection
+ return;
+ }
+ }); //end query
+ }); // end getConnection
+}
+
+exports.getVnfData = function(req,res,resultObj,privilegeObj)
+{
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ // Need DB lookup logic here
+ var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_DATA ORDER BY id";
+ console.log(sql);
+ connection.query(sql,function(err, rows)
+ {
+ var msgArray = new Array();
+ connection.release();
+ if(err) {
+ msgArray = 'Database Error: '+ String(err);
+ res.render("mobility/vnfPreloadData", {
+ result:{code:'error',msg:msgArray},
+ privilege:privilegeObj,
+ preloadImportDirectory: properties.preloadImportDirectory,
+ header:process.env.MAIN_MENU
+ });
+ return;
+ }
+ else {
+ var retData = [];
+ for( r=0; r<rows.length; r++)
+ {
+ var rowObj = {};
+ rowObj.row = rows[r];
+ if ( rows[r].filename.length > 0 )
+ {
+ try{
+ var buffer = rows[r].preload_data;
+ var s_buffer = decodeURI(buffer);
+ var filecontent = JSON.parse(s_buffer);
+ rowObj.filecontent = filecontent;
+ rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"];
+ rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"];
+ }
+ catch(error){
+ msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+ }
+ }
+ else {
+ rowObj.filecontent = '';
+ }
+ retData.push(rowObj);
+ }//endloop
+ if(msgArray.length>0){
+ resultObj.code = 'failure';
+ resultObj.msg = msgArray;
+ }
+ res.render('mobility/vnfPreloadData',{
+ retData:retData, result:resultObj,
+ privilege:privilegeObj,
+ header:process.env.MAIN_MENU,
+ preloadImportDirectory: properties.preloadImportDirectory
+ });
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
@@ -927,28 +964,27 @@
exports.addRow = function(sql,req,res,callback){
- console.log(sql);
+ console.log(sql);
- pool.getConnection(function(err,connection) {
+ pool.getConnection(function(err,connection) {
- if(err){
- console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
- return;
- }
-
- connection.query(sql, function(err,result){
- connection.release();
- if(err){
- console.debug('Database operation failed. ' + err );
- callback(err,'Database operation failed. ' + err );
- }
- else
- {
- callback(null, result.affectedRows);
- }
- }); //end query
- }); // end getConnection
+ if(err){
+ console.error( String(err) ); // ALARM
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ connection.query(sql, function(err,result){
+ connection.release();
+ if(err){
+ console.debug('Database operation failed. ' + err );
+ callback(err,'Database operation failed. ' + err );
+ }
+ else
+ {
+ callback(null, result.affectedRows);
+ }
+ }); //end query
+ }); // end getConnection
}
diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js
index 70e6713..5b8c764 100644
--- a/admportal/server/router/routes/gamma.js
+++ b/admportal/server/router/routes/gamma.js
@@ -53,314 +53,7 @@
dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- if (typeof req.query.vlan_plan_id == "undefined"){
- dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }else{
- var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN "
- + req.query.range_start + " AND " + req.query.range_end;
- dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }
-});
-
-router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var network_type = removeNL(req.body.nf_network_type);
- var technology = removeNL(req.body.nf_technology);
- var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES ("
- + "'"+ network_type + "',"
- + "'"+ technology + "')";
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result == 1 )
- {
- msgArray.push('Successfully added Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Was not able to add Network Profile.');
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var plan_type = req.body.nf_plan_type;
- var purpose = req.body.nf_purpose;
- var range_start = padLeft(removeNL(req.body.nf_range_start),4);
- var range_end = padLeft(removeNL(req.body.nf_range_end),4);
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback){
- dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback);
-
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push("Error: " + err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result[0] == 1 )
- {
- msgArray.push('Successfully deleted Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('No rows removed.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- tasks.push(function(callback){
- dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully deleted Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE NETWORK_PROFILE SET "
- + "network_type='"+ removeNL(req.body.uf_network_type) + "', "
- + "technology='" + removeNL(req.body.uf_technology) + "' "
- + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'";
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE VLAN_POOL SET "
- + "status='"+ removeNL(req.body.uf_status) + "' "
- + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'"
- + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'"
- + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'"
- + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'"
- + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'"
- + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id);
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-});
-router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var vlan_plan_id = req.query.vlan_plan_id;
- var plan_type = req.query.plan_type;
- var purpose = req.query.purpose;
- var range_start = req.query.range_start;
- var range_end = req.query.range_end;
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-///// end 1604
-
-
// GET
-router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-
-// ROLLBACK SERVICE_HOMING
-router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.rollbackServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('SERVICE_HOMING table successfully restored.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-// DELETE SERVICE_HOMING
-router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from SERVICE_HOMING table.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-// DELETE AIC_SITE
router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js
index d19f65a..cd798dc 100644
--- a/admportal/server/router/routes/mobility.js
+++ b/admportal/server/router/routes/mobility.js
@@ -6,13 +6,18 @@
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
var multer = require('multer');
+var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
var l_ = require('lodash');
var dateFormat = require('dateformat');
var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var crypto = require('crypto');
+var csrf = require('csurf');
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser())
// pass host, username and password to ODL
// target host for ODL request
@@ -57,30 +62,28 @@
});
-
-
// GET
-router.get('/getVnfData', csp.checkAuth, function(req,res) {
+router.get('/getVnfData', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.getVnfData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
- dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVnfProfile', csp.checkAuth, function(req,res) {
- dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
- dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVmProfile', csp.checkAuth, function(req,res) {
- dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-////////
-router.get('/getVnfNetworkData', csp.checkAuth, function(req,res) {
+router.get('/getVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
+router.get('/getVnfProfile', csp.checkAuth, csrfProtection, function(req,res) {
+ dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+});
+//router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
+// dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
+// dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVmProfile', csp.checkAuth, function(req,res) {
+// dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+////////
-router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/viewVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res)
{
var privilegeObj = req.session.loggedInAdmin;
var resp_msg = '';
@@ -110,7 +113,7 @@
});
-router.get('/viewVnfData', csp.checkAuth, function(req,res)
+router.get('/viewVnfData', csp.checkAuth, csrfProtection, function(req,res)
{
var privilegeObj = req.session.loggedInAdmin;
var resp_msg = '';
@@ -140,87 +143,85 @@
});
-router.get('/loadVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res)
{
+ var privilegeObj = req.session.loggedInAdmin;
+ var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
- var msgArray = new Array();
+ if ( req.query.status != 'pending' )
+ {
+ msgArray.push("Upload Status must be in 'pending' state.");
+ dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
+ }
- if ( req.query.status != 'pending' )
- {
- msgArray.push("Upload Status must be in 'pending' state.");
- dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
- }
-
- // build request-id
- var now = new Date();
- var df = dateFormat(now,"isoDateTime");
- var rnum = Math.floor((Math.random() * 9999) +1);
- var svc_req_id = req.query.id + "-" + df + "-" + rnum;
-
- var tasks = [];
+ // build request-id
+ var now = new Date();
+ var df = dateFormat(now,"isoDateTime");
+ const rnum = crypto.randomBytes(4);
+ var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');;
+ var tasks = [];
// first get the contents of the file from the db
- tasks.push(function(callback){
+ tasks.push(function(callback){
dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_NETWORK_DATA",callback);
});
// then format the request and send it using the arg1 parameter
// which is the contents of the file returned from the previous function
// call in the tasks array
- tasks.push(function(arg1,callback){
+ tasks.push(function(arg1,callback){
var s_file = JSON.stringify(arg1);
- // remove the last two braces, going to add the headers there
- // will add them back later.
- s_file = s_file.substring(0, (s_file.length-2));
+ // remove the last two braces, going to add the headers there
+ // will add them back later.
+ s_file = s_file.substring(0, (s_file.length-2));
- // add the request-information header
- s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
+ // add the request-information header
+ s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
- // add the sdnc-request-header
- s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
- s_file = s_file.concat(svc_req_id);
- s_file = s_file.concat('","svc-action": "reserve"}');
+ // add the sdnc-request-header
+ s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
+ s_file = s_file.concat(svc_req_id);
+ s_file = s_file.concat('","svc-action": "reserve"}');
- // add the two curly braces at the end that we stripped off
- s_file = s_file.concat('}}');
+ // add the two curly braces at the end that we stripped off
+ s_file = s_file.concat('}}');
- OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation',
- options,s_file,res,callback);
- });
+ OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation',
+ options,s_file,res,callback);
+ });
// if successful then update the status
- tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
+ tasks.push(function(arg1,callback){
+ dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
- });
+ });
// use the waterfall method of making calls
async.waterfall(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push("Error posting pre-load data to ODL: "+err);
- dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
- }
- else{
- msgArray.push('Successfully loaded VNF pre-loaded data.');
- dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ {
+ var msgArray = new Array();
+ if(err){
+ msgArray.push("Error posting pre-load data to ODL: "+err);
+ dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
+ }
+ else{
+ msgArray.push('Successfully loaded VNF pre-loaded data.');
+ dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
-router.get('/loadVnfData', csp.checkAuth, function(req,res)
+router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
{
- var privilegeObj = req.session.loggedInAdmin;
+ var privilegeObj = req.session.loggedInAdmin;
var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename
- var msgArray = new Array();
+ var msgArray = new Array();
if ( req.query.status != 'pending' )
{
@@ -232,28 +233,27 @@
// build request-id
var now = new Date();
var df = dateFormat(now,"isoDateTime");
- var rnum = Math.floor((Math.random() * 9999) +1);
- var svc_req_id = req.query.id + "-" + df + "-" + rnum;
-
+ const rnum = crypto.randomBytes(4);
+ var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');
var tasks = [];
// first get the contents of the file from the db
tasks.push(function(callback){
- dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
- });
+ dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
+ });
// then format the request and send it using the arg1 parameter
// which is the contents of the file returned from the previous function
// call in the tasks array
tasks.push(function(arg1,callback){
- var s1_file = JSON.stringify(arg1);
- var s_file = decodeURI(s1_file);
+ var s1_file = JSON.stringify(arg1);
+ var s_file = decodeURI(s1_file);
// remove the last two braces, going to add the headers there
- // will add them back later.
- s_file = s_file.substring(0, (s_file.length-2));
+ // will add them back later.
+ s_file = s_file.substring(0, (s_file.length-2));
// add the request-information header
s_file = s_file.concat(',"request-information": {"request-action": "PreloadVNFRequest"}');
@@ -267,12 +267,12 @@
s_file = s_file.concat('}}');
OdlInterface.Post('/restconf/operations/VNF-API:preload-vnf-topology-operation',
- options,s_file,res,callback);
+ options,s_file,res,callback);
});
// if successful then update the status
tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
+ dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
});
@@ -281,20 +281,20 @@
{
var msgArray = new Array();
if(err){
- msgArray.push("Error posting pre-load data to ODL: "+err);
- dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
+ msgArray.push("Error posting pre-load data to ODL: "+err);
+ dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
}
else{
msgArray.push('Successfully loaded VNF pre-loaded data.');
- dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
+ dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
});
});
-router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -347,7 +347,9 @@
});
-router.get('/deleteVnfData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
+
+console.log('deleteVnfData');
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -360,14 +362,14 @@
dbRoutes.executeSQL(sql,req,res,callback);
});
} else {
- var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
- inputString = inputString.concat(req.query.vnf_name);
- inputString = inputString.concat('","vnf-type":"');
- inputString = inputString.concat(req.query.vnf_type);
- inputString = inputString.concat('"}},');
+ var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
+ inputString = inputString.concat(req.query.vnf_name);
+ inputString = inputString.concat('","vnf-type":"');
+ inputString = inputString.concat(req.query.vnf_type);
+ inputString = inputString.concat('"}},');
- // add the request-information header
- inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
+ // add the request-information header
+ inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
// add the request-information header
//inputString = inputString.concat('"request-information": {"request-id": "259c0f93-23cf-46ad-84dc-162ea234fff1",');
@@ -412,36 +414,7 @@
});
-router.get('/deleteVmProfile', csp.checkAuth, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql = '';
-
- sql = "DELETE FROM VM_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'"
- + " AND vm_type='" + req.query.vm_type + "'";
-
- tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from VM_PROFILE table.');
- dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetwork', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -469,7 +442,7 @@
});
});
-router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -496,215 +469,39 @@
});
});
-router.get('/deleteVmNetwork', csp.checkAuth, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql = '';
-
- sql = "DELETE FROM VM_NETWORKS WHERE vnf_type='" + req.query.vnf_type
- + "' AND vm_type='" + req.query.vm_type + "' AND network_role='"
- + req.query.network_role + "'";
-
- tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from VM_NETWORKS table.');
- dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
// POST
-router.post('/addVmProfile', csp.checkAuth, function(req,res){
+router.post('/addVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res){
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
+ var privilegeObj = req.session.loggedInAdmin;
+ var vnf_type = req.sanitize(req.body.nf_vnf_type);
+ var availability_zone_count = req.sanitize(req.body.nf_availability_zone_count);
+ var equipment_role = req.sanitize(req.body.nf_equipment_role);
+ var tasks = [];
var sql;
-
- if ( req.body.nf_vm_count.length > 0 )
- {
- sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type,vm_count) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + req.body.nf_vm_count + ")";
- }
- else
- {
- sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "')";
- }
-
-
- console.log("SQL: " + sql);
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VM Profile');
- dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-router.post('/addVnfNetwork', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- var sql = "INSERT INTO VNF_NETWORKS (vnf_type,network_role) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_network_role + "')";
-
- console.log("SQL: " + sql);
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VNF Network');
- dbRoutes.getVnfNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/addVnfProfile', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql;
-
- sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + req.body.nf_availability_zone_count
- + ",'" + req.body.nf_equipment_role + "')";
+ sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
+ + "'" + vnf_type + "'," + availability_zone_count + ",'" + equipment_role + "')";
console.log(sql);
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VNF Profile');
- dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/addVmNetwork', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var msgArray = new Array();
-
- // convert true|false to 1|0
- var assign_ips = (req.body.nf_assign_ips == 'true') ? 1 : 0;
- var assign_macs = (req.body.nf_assign_macs == 'true') ? 1 : 0;
- var assign_floating_ip = (req.body.nf_assign_floating_ip == 'true') ? 1 : 0;
-
-
- if ((req.body.nf_assign_ips == 'true' &&
- (typeof req.body.nf_ip_count == 'undefined' || req.body.nf_ip_count.length <=0)))
- {
- msgArray.push("If assign_ips equals 'true', ip_count must be populated with a number.");
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
-
-
- if ( req.body.nf_ip_count.length >0 )
- {
- var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,ip_count,assign_ips,assign_macs,assign_floating_ip) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + "'" + req.body.nf_network_role + "',"
- + req.body.nf_ip_count + ","
- + assign_ips + ","
- + assign_macs + ","
- + assign_floating_ip + ")";
- }
- else
- {
- var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,assign_ips,assign_macs,assign_floating_ip) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + "'" + req.body.nf_network_role + "',"
- + assign_ips + ","
- + assign_macs + ","
- + assign_floating_ip + ")";
- }
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VM Network');
- var message = '';
- if (req.body.nf_ip_count.length >0)
- {
- message = req.body.nf_vnf_type
- + ',' + req.body.nf_vm_type
- + ',' + req.body.nf_network_role
- + ',' + req.body.nf_ip_count
- + ',' + req.body.nf_assign_ips
- + ',' + req.body.nf_assign_macs
- + ',' + req.body.nf_assign_floating_ip;
- }
- else
- {
- message = req.body.nf_vnf_type
- + ',' + req.body.nf_vm_type
- + ',' + req.body.nf_network_role
- + ',' + req.body.nf_assign_ips
- + ',' + req.body.nf_assign_macs
- + ',' + req.body.nf_assign_floating_ip;
- }
- dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
+ async.series(tasks, function(err,result){
+ var msgArray = new Array();
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Successfully added VNF Profile');
+ dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
// POST
-router.post('/uploadVnfData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
{
console.log('filename:'+ JSON.stringify(req.file.originalname));
var msgArray = new Array();
@@ -776,7 +573,7 @@
} );
-router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfNetworkData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
{
var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
@@ -846,128 +643,7 @@
} );
-router.post('/uploadVmNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname){
- if (req.file.originalname.size == 0) {
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:'There was an error uploading the file, please try again.'},privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVmNetwork(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.parallelLimit(funcArray, 50, function(err,result){
-
- if ( err ) {
- dbRoutes.getVmNetworks(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVmNetworks(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-
-} );
-
-router.post('/uploadVnfProfile', csp.checkAuth, upload.single('filename'), function(req, res){
+router.post('/uploadVnfProfile', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res){
var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
@@ -1091,249 +767,4 @@
}
} );
-
-router.post('/uploadVnfNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname)
- {
- if (req.file.originalname.size == 0) {
- dbRoutes.getVnfProfile(req,res,
- {code:'failure', msg:'There was an error uploading the file, please try again.'},
- privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVnfNetwork(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.series(funcArray, function(err,result){
-
- if ( err ) {
- dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-} );
-
-router.post('/uploadVmProfile', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname)
- {
- if (req.file.originalname.size == 0) {
- dbRoutes.getVmProfile(req,res,
- {code:'failure', msg:'There was an error uploading the file, please try again.'},
- privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVmProfile(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.series(funcArray, function(err,result){
-
- if ( err ) {
- dbRoutes.getVmProfile(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVmProfile(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-} );
-
module.exports = router;
diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js
index c64beae..30aa66b 100644
--- a/admportal/server/router/routes/network.js
+++ b/admportal/server/router/routes/network.js
@@ -20,12 +20,15 @@
var platform;
var req,res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error = false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
network.go = function(lreq,lres,cb,dir) {
puts("Processing NETWORK workbook");
+ proc_error = false;
req = lreq;
res = lres;
callback = cb;
@@ -49,7 +52,8 @@
helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('general file is missing from upload.');
+ proc_error=true;
}
}
@@ -57,8 +61,9 @@
if (err) {
puts("\nError!");
putd(err);
- callback('General.csv file is missing from upload.');
- return;
+ proc_error=true;
+ callback('General.csv file is missing from upload.');
+ return;
}
csvGeneral = jsonObj;
puts("\nRead this: ");
@@ -77,7 +82,10 @@
helpers.readCsv(indir, newFileName, gotSubnets);
}
else {
+ puts('subnets file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -85,6 +93,7 @@
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Subnets.csv file is missing from upload.');
return;
}
@@ -108,7 +117,10 @@
helpers.readCsv(indir, newFileName, gotVpnBindings);
}
else {
+ puts('vnp-bindings file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -116,6 +128,7 @@
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VPN-Bindings.csv file is missing from upload.');
return;
}
@@ -140,7 +153,10 @@
helpers.readCsv(indir, newFileName, gotPolicies);
}
else {
+ puts('policies file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -148,6 +164,7 @@
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Policies.csv file is missing from upload.');
return;
}
@@ -178,7 +195,10 @@
helpers.readCsv(indir, newFileName, gotNetRoutes);
}
else {
+ puts('network-routes file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -186,6 +206,7 @@
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Network-Routes.csv file is missing from upload.');
return;
}
@@ -218,6 +239,21 @@
processPolicies();
processNetRoutes();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -256,7 +292,7 @@
finalJson = {"input": networkInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -265,7 +301,7 @@
puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";
@@ -275,7 +311,7 @@
filename = "output.json." + unixTime;
}
helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //callback(null, finalJson, filename);
}
@@ -288,7 +324,9 @@
if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {
puts("\nError - incorrect version of preload worksheet.");
- callback('Error - incorrect version of preload worksheet.');
+ proc_error=true;
+ //callback('Error - incorrect version of preload worksheet.');
+ return;
}
rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js
index fd41bb4..522c6da 100644
--- a/admportal/server/router/routes/preload.js
+++ b/admportal/server/router/routes/preload.js
@@ -16,8 +16,6 @@
var network = require('./network');
var moment = require('moment');
-
-
// pass host, username and password to ODL
// target host for ODL request
var username = properties.odlUser;
@@ -35,14 +33,17 @@
strictSSL: false
};
-// multer 1.1
+// multer
var unixTime = moment().unix();
var storage = multer.diskStorage({
destination: function (req, file, cb) {
cb(null, process.cwd() + '/uploads/')
+ return;
},
filename: function (req, file, cb) {
+console.log('filename');
cb(null, unixTime + "." + file.originalname )
+ return;
}
});
@@ -54,98 +55,84 @@
return cb(null,false);
}
cb(null,true);
+ return;
}
});
router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
-
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
+ var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
tasks.push ( function(callback) { vnf.go(req,res,callback,''); } );
tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
async.waterfall(tasks, function(err,result)
{
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
});
-
});
router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
+ console.log('uploadNetworkCsv');
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
+ var msgArray = new Array();
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- tasks.push ( function(callback) { network.go(req,res,callback,''); } );
- tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
- async.waterfall(tasks, function(err,result)
- {
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-
+ tasks.push ( function(callback) { network.go(req,res,callback,''); } );
+ tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ async.waterfall(tasks, function(err,result)
+ {
+ if(err){
+ console.log('ERROR:' + err);
+ msgArray.push(err);
+ dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ }
+ });
});
function formatVnfInsertStatement(content,filename,req,res,callback)
{
- //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"');
- //var ins_str = newstr.replace("\r\n ", "\\r\\n");
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
function formatNetworkInsertStatement(content,filename,req,res,callback)
{
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
-
-
module.exports = router;
diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js
index b314d7d..78b6982 100644
--- a/admportal/server/router/routes/root.js
+++ b/admportal/server/router/routes/root.js
@@ -7,6 +7,12 @@
var async = require('async');
var OdlInterface = require('./OdlInterface');
var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var cookieParser = require('cookie-parser')
+var csrf = require('csurf')
+var bodyParser = require('body-parser')
+
+var csrfProtection = csrf({cookie:true});
+var parseForm = bodyParser.urlencoded({ extended: false })
@@ -70,28 +76,33 @@
return function(callback) { OdlInterface.Healthcheck(loptions,callback); };
}
-router.get('/mytree', function(req,res) {
- res.render('pages/tree');
+//router.get('/mytree', function(req,res) {
+// res.render('pages/tree');
+//});
+//router.get('/setuplogin', function(req,res) {
+// res.render('pages/setuplogin');
+//});
+//router.post('/formSetupLogin', function(req,res) {
+// dbRoutes.saveSetupLogin(req,res);
+//});
+
+router.get('/login', csrfProtection, function(req,res) {
+ var tkn = req.csrfToken();
+ res.render('pages/login', {csrfToken:tkn});
+ return;
});
-router.get('/setuplogin', function(req,res) {
- res.render('pages/setuplogin');
+router.post('/formlogin', csrfProtection, function(req,res) {
+ csp.login(req,res);
});
-router.post('/formSetupLogin', function(req,res) {
- dbRoutes.saveSetupLogin(req,res);
+
+router.get('/signup', csrfProtection, function(req,res) {
+ var tkn = req.csrfToken();
+ res.render('pages/signup', {csrfToken:tkn});
});
-router.post('/formSignUp', function(req,res) {
+router.post('/formSignUp', csrfProtection, function(req,res) {
dbRoutes.saveUser(req,res);
});
-router.post('/formlogin', csp.login, function(req,res) {
-});
-router.get('/login', function(req,res) {
- res.render('pages/login');
- // handle get
-});
-router.get('/signup', function(req,res) {
- res.render('pages/signup');
- // handle get
-});
+
router.get('/info', function(req,res) {
// handle get
res.send("login info");
diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js
index 10d6433..098cd66 100644
--- a/admportal/server/router/routes/sla.js
+++ b/admportal/server/router/routes/sla.js
@@ -6,6 +6,8 @@
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
var multer = require('multer');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
var bodyParser = require('body-parser');
//var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
@@ -21,9 +23,8 @@
// used for file upload button, retain original file name
//router.use(bodyParser());
-router.use(bodyParser.urlencoded({
- extended: true
-}));
+var csrfProtection = csrf({cookie: true});
+router.use(bodyParser.urlencoded({ extended: true }));
//var upload = multer({ dest: process.cwd() + '/uploads/', rename: function(fieldname,filename){ return filename; } });
// multer 1.1
@@ -57,11 +58,11 @@
// GET
-router.get('/listSLA', csp.checkAuth, function(req,res) {
+router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.listSLA(req,res,{code:'', msg:''} );
});
-router.get('/activate', csp.checkAuth, function(req,res){
+router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -82,7 +83,7 @@
});
});
-router.get('/deactivate', csp.checkAuth, function(req,res){
+router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -102,7 +103,7 @@
});
});
-router.get('/deleteDG', csp.checkAuth, function(req,res){
+router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -122,7 +123,7 @@
});
});
-router.post('/dgUpload', upload.single('filename'), function(req, res, next){
+router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){
if(req.file.originalname){
if (req.file.originalname == 0) {
@@ -188,88 +189,94 @@
// POST
-router.post('/upload', csp.checkAuth, upload.single('filename'), function(req, res, next){
+router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){
console.log('file:'+ JSON.stringify(req.file));
- if(req.file.originalname){
- if (req.file.originalname.size == 0) {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
- fs.exists(req.file.path, function(exists) {
- if(exists) {
-
+ if(req.file.originalname)
+ {
+ if (req.file.originalname.size == 0)
+ {
+ dbRoutes.listSLA(req,res,
+ { code:'danger', msg:'There was an error uploading the file, please try again.'});
+ }
+ fs.exists(req.file.path, function(exists)
+ {
+ if(exists)
+ {
// parse xml
- try {
+ try
+ {
//dbRoutes.checkSvcLogic(req,res);
var currentDB = dbRoutes.getCurrentDB();
- var file_buf = fs.readFileSync(req.file.path, "utf8");
+ var file_buf = fs.readFileSync(req.file.path, "utf8");
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh load "
+ // call svclogic shell script from here
+ var commandToExec = process.cwd() + "/shell/svclogic.sh load "
+ req.file.path + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
+ + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
- console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec ,function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
+ console.log("commandToExec:" + commandToExec);
+ child = exec(commandToExec ,function (error,stdout,stderr)
+ {
+ if(error)
+ {
+ console.error("error:" + error);
dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
return;
- }
- if(stderr){
- console.error("stderr:" + JSON.stringify(stderr,null,2));
- var s_stderr = JSON.stringify(stderr);
- if ( s_stderr.indexOf("Saving") > -1 )
- {
- dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- }else {
- dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
- }
- return;
- }
- if(stdout){
- console.log("stderr:" + stdout);
+ }
+ if(stderr){
+ console.error("stderr:" + JSON.stringify(stderr,null,2));
+ var s_stderr = JSON.stringify(stderr);
+ if ( s_stderr.indexOf("Saving") > -1 )
+ {
+ dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
+ }else {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
+ }
+ return;
+ }
+ if(stdout){
+ console.log("stderr:" + stdout);
dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- return;
+ return;
}
// remove the grave accents, the sax parser does not like them
//parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
//dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
//dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- // keep 'em silent
- console.error("error:" + ex);
- dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
-
- } else {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
- });
+ });
+ } catch(ex) {
+ // keep 'em silent
+ console.error("error:" + ex);
+ dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+ }
+ }
+ else {
+ dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
+ }
+ });
}
else {
dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
}
});
-router.get('/printAsXml', csp.checkAuth, function(req,res){
+router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){
try {
//dbRoutes.checkSvcLogic(req,res);
var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
+ var rpc = req.query.rpc;
+ var version = req.query.version;
+ var mode = req.query.mode;
var currentDB = dbRoutes.getCurrentDB();
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
+ // call Dan's svclogic shell script from here
+ var commandToExec = process.cwd()
+ "/shell/svclogic.sh get-source "
+ _module + " "
+ rpc + " "
@@ -279,91 +286,34 @@
console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
- if(error){
+ child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
+ if(error){
console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
+ dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
return;
- }
- //if(stderr){
- //logger.info("stderr:" + stderr);
- //}
- if(stdout){
- console.log("OUTPUT:" + stdout);
- res.render('sla/printasxml', {result:{code:'success',
- msg:'Module : ' + _module + '\n' +
+ }
+ //if(stderr){
+ //logger.info("stderr:" + stderr);
+ //}
+ if(stdout){
+ console.log("OUTPUT:" + stdout);
+ res.render('sla/printasxml', {result:{code:'success',
+ msg:'Module : ' + _module + '\n' +
'RPC : ' + rpc + '\n' +
'Mode : ' + mode + '\n' +
'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU});
- }
+ }
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
+ // remove the grave accents, the sax parser does not like them
+ //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
+ //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
+ //dbRoutes.listSLA(req,res, resultObj);
+ });
+ } catch(ex) {
console.error("error:" + ex);
dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
+ }
});
-router.get('/printAsGv', csp.checkAuth, function(req,res){
-
- try {
- //dbRoutes.checkSvcLogic(req,res);
-
- var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
- var currentDB = dbRoutes.getCurrentDB();
-console.log('currentDB='+currentDB);
-
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh print "
- + _module + " "
- + rpc + " "
- + mode + " "
- + version + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB
- + " | dot -Tpng";
-
- console.log("commandToExec:" + commandToExec);
-
- child = exec(commandToExec ,
- {encoding:'base64',maxBuffer:5000*1024}, function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
- return;
- }
- if(stderr){
- console.error("stderr:" + stderr);
- }
- if(stdout){
- //logger.info("OUTPUT:" + stdout);
- //res.render('sla/printasgv', result = {code:'success',
- //msg:new Buffer(stdout,'base64')} );
- res.render('sla/printasgv', {result:{code:'success',
- module: _module,
- rpc: rpc,
- version: version,
- mode:mode,
- msg:stdout}, header:process.env.MAIN_MENU});
- }
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- console.error("error:" + ex);
- dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
-
-});
module.exports = router;
diff --git a/admportal/server/router/routes/user.js b/admportal/server/router/routes/user.js
index 40d3437..df5f860 100644
--- a/admportal/server/router/routes/user.js
+++ b/admportal/server/router/routes/user.js
@@ -5,8 +5,13 @@
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
var bodyParser = require('body-parser');
-var sax = require('sax'),strict=true,parser = sax.parser(strict);
+//var sax = require('sax'),strict=true,parser = sax.parser(strict);
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
// SVC_LOGIC table columns
var _module=''; // cannot use module its a reserved word
@@ -17,16 +22,21 @@
//router.use(bodyParser());
-router.use(bodyParser.urlencoded({
- extended: true
-}));
+router.use(bodyParser.urlencoded({ extended: true }));
// GET
router.get('/listUsers', csp.checkAuth, function(req,res) {
dbRoutes.listUsers(req,res, {user:req.session.loggedInAdmin,code:'', msg:''} );
});
-router.get('/deleteUser', csp.checkAuth, function(req,res) {
+// POST
+router.post('/updateUser', csp.checkAuth, csrfProtection, function(req,res,next){
+ dbRoutes.updateUser(req,res,{code:'',msg:''});
+});
+router.post('/addUser', csp.checkAuth, csrfProtection, function(req,res) {
+ dbRoutes.addUser(req,res, {code:'', msg:''} );
+});
+router.get('/deleteUser', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.deleteUser(req,res, {code:'', msg:''} );
});
@@ -93,13 +103,6 @@
*/
-// POST
-router.post('/updateUser', csp.checkAuth, function(req,res,next){
- dbRoutes.updateUser(req,res,{code:'',msg:''});
-});
-router.post('/addUser', csp.checkAuth, function(req,res) {
- dbRoutes.addUser(req,res, {code:'', msg:''} );
-});
//router.post('/upload', csp.checkAuth, function(req, res, next){
diff --git a/admportal/server/router/routes/vnf.js b/admportal/server/router/routes/vnf.js
index be004fe..99bb3a7 100644
--- a/admportal/server/router/routes/vnf.js
+++ b/admportal/server/router/routes/vnf.js
@@ -21,12 +21,15 @@
var platform;
var req, res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error=false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
vnf.go = function(lreq,lres,cb,dir){
puts("Processing VNF workbook");
+ proc_error=false;
req = lreq;
res = lres;
callback = cb;
@@ -51,7 +54,8 @@
helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('General.csv file is missing from upload.');
+ proc_error=true;
}
}
@@ -59,6 +63,7 @@
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('General.csv file is missing from upload.');
return;
}
@@ -79,14 +84,17 @@
helpers.readCsv(indir, newFileName, gotAvailZones);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotAvailZones(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Availability-zones.csv file is missing from upload.');
return;
}
@@ -110,14 +118,17 @@
helpers.readCsv(indir, newFileName, gotNetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotNetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Networks.csv file is missing from upload.');
return;
}
@@ -142,14 +153,17 @@
helpers.readCsv(indir, newFileName, gotVMs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VMs.csv file is missing from upload.');
return;
}
@@ -174,14 +188,17 @@
helpers.readCsv(indir, newFileName, gotVMnetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-networks.csv file is missing from upload.');
return;
}
@@ -206,14 +223,17 @@
helpers.readCsv(indir, newFileName, gotVMnetworkIPs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkIPs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-IPs.csv file is missing from upload.');
return;
}
@@ -238,14 +258,17 @@
helpers.readCsv(indir, newFileName, gotVMnetworkMACs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkMACs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-MACs.csv file is missing from upload.');
return;
}
@@ -270,14 +293,17 @@
helpers.readCsv(indir, newFileName, gotTagValues);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotTagValues(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Tag-values.csv file is missing from upload.');
return;
}
@@ -315,6 +341,21 @@
processVMs();
processTagValues();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -350,7 +391,7 @@
finalJson = {"input": vnfInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -359,7 +400,7 @@
puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".vnf_worksheet.json";
@@ -368,8 +409,8 @@
fullpath_filename = "./output.json."+unixTime;
filename = "output.json." + unixTime;
}
- helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
+ //callback(null, finalJson, filename);
}
diff --git a/admportal/views/mobility/vnfPreloadData.ejs b/admportal/views/mobility/vnfPreloadData.ejs
index 69f02e5..4dc7398 100644
--- a/admportal/views/mobility/vnfPreloadData.ejs
+++ b/admportal/views/mobility/vnfPreloadData.ejs
@@ -110,8 +110,9 @@
<div class="col-md-8 col-md-push-4">
<form method="POST" action="/mobility/uploadVnfData" enctype="multipart/form-data">
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<label for="dest">Upload pre processed JSON file.</label>
- <input name="filename" type="file" id="dest">
+ <input name="filename" type="file" id="dest" />
<p class="help-block">Choose a JSON file to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
@@ -123,8 +124,9 @@
<div class="col-md-4 col-md-pull-8">
<form method="POST" action="/preload/uploadVnfCsv" enctype="multipart/form-data">
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
- <input name="filename" type="file" id="dest" multiple>
+ <input name="filename" type="file" id="dest" multiple />
<p class="help-block">Choose Worksheet CSV files to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
diff --git a/admportal/views/mobility/vnfPreloadNetworkData.ejs b/admportal/views/mobility/vnfPreloadNetworkData.ejs
index 099dcba..5d6204c 100644
--- a/admportal/views/mobility/vnfPreloadNetworkData.ejs
+++ b/admportal/views/mobility/vnfPreloadNetworkData.ejs
@@ -111,7 +111,7 @@
<form method="POST" action="/mobility/uploadVnfNetworkData" enctype="multipart/form-data">
<div class="form-group">
<label for="dest">Upload pre processed JSON file.</label>
- <input name="filename" type="file" id="dest"></input>
+ <input name="filename" type="file" id="dest" />
<p class="help-block">Choose a JSON file to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
@@ -125,7 +125,7 @@
<form method="POST" action="/preload/uploadNetworkCsv" enctype="multipart/form-data">
<div class="form-group">
<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
- <input name="filename" type="file" id="dest" multiple></input>
+ <input name="filename" type="file" id="dest" multiple />
<p class="help-block">Choose Worksheet CSV files to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
diff --git a/admportal/views/mobility/vnfProfile.ejs b/admportal/views/mobility/vnfProfile.ejs
index 1a49498..a801b90 100644
--- a/admportal/views/mobility/vnfProfile.ejs
+++ b/admportal/views/mobility/vnfProfile.ejs
@@ -90,6 +90,7 @@
<% if(priv == 'A'){ %>
<div class="actions" style="padding:0px 25px;">
<form method="POST" action="/mobility/uploadVnfProfile" enctype="multipart/form-data">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<div class="form-group">
<label for="dest">File input</label>
<input name="filename" type="file" id="dest">
diff --git a/admportal/views/pages/login.ejs b/admportal/views/pages/login.ejs
index 3a3e5e4..9da2f31 100644
--- a/admportal/views/pages/login.ejs
+++ b/admportal/views/pages/login.ejs
@@ -33,6 +33,7 @@
<form class="form-signin" method="POST" action="/formlogin">
<h3 class="form-signin-heading">AdminPortal Login</h3>
+ <input type="hidden" name="_csrf" value="<%= csrfToken %>" />
<input type="text" name="email" id="email" class="form-control" placeholder="Email" required>
<input type="password" name="password" id="password" class="form-control" placeholder="Password" required>
diff --git a/admportal/views/pages/signup.ejs b/admportal/views/pages/signup.ejs
index 03ac7bc..2a03953 100644
--- a/admportal/views/pages/signup.ejs
+++ b/admportal/views/pages/signup.ejs
@@ -33,6 +33,7 @@
<form class="form-signin" method="POST" action="/formSignUp">
<h3 class="form-signin-heading">AdminPortal Signup</h3>
+ <input type="hidden" name="_csrf" value="<%= csrfToken %>" />
<input type="email" name="nf_email" id="nf_email" class="form-control" placeholder="Email Address" required>
<input type="password" name="nf_password" id="nf_password" class="form-control" placeholder="Password" required>
diff --git a/admportal/views/partials/new_parameter.ejs b/admportal/views/partials/new_parameter.ejs
index b6d1f5b..4a2c0fe 100644
--- a/admportal/views/partials/new_parameter.ejs
+++ b/admportal/views/partials/new_parameter.ejs
@@ -1,36 +1,37 @@
- <div class="modal fade" id="new_parameter" tabindex="-1" role="dialog"
+<div class="modal fade" id="new_parameter" tabindex="-1" role="dialog"
aria-labelledby="new_parameter_label" aria-hidden="true">
- <div class="modal-dialog">
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
- <h4 class="modal-title">Add Parameter</h4>
- </div>
- <div class="modal-body">
- <form name="addForm" role="form" action="/admin/addParameter" method="POST">
- <div class="form-group">
- <label for="nf_name">*Name</label>
- <input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)">
- </div>
- <div class="form-group">
- <label for="nf_value">*Value</label>
- <input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)">
- </div>
- <div class="form-group">
- <label for="nf_category">Category</label>
- <input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)">
- </div>
- <div class="form-group">
- <label for="nf_memo">Memo</label>
- <input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)">
- </div>
- <div class="form-group">
- <input type="hidden" name="nf_action" id="nf_action">
- <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
- <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
- </div>
- </form>
- </div>
- </div>
- </div>
- </div>
+ <div class="modal-dialog">
+ <div class="modal-content">
+ <div class="modal-header">
+ <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
+ <h4 class="modal-title">Add Parameter</h4>
+ </div>
+ <div class="modal-body">
+ <form name="addForm" role="form" action="/admin/addParameter" method="POST">
+ <div class="form-group">
+ <label for="nf_name">*Name</label>
+ <input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)" />
+ </div>
+ <div class="form-group">
+ <label for="nf_value">*Value</label>
+ <input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)" />
+ </div>
+ <div class="form-group">
+ <label for="nf_category">Category</label>
+ <input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)" />
+ </div>
+ <div class="form-group">
+ <label for="nf_memo">Memo</label>
+ <input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)" />
+ </div>
+ <div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+ <input type="hidden" name="nf_action" id="nf_action">
+ <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
+ <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+ </div>
+ </form>
+ </div>
+ </div>
+ </div>
+</div>
diff --git a/admportal/views/partials/newuserform.ejs b/admportal/views/partials/newuserform.ejs
index 6045994..61bf2dd 100644
--- a/admportal/views/partials/newuserform.ejs
+++ b/admportal/views/partials/newuserform.ejs
@@ -1,32 +1,33 @@
-<div class="modal fade" id="newUserModal" tabindex="-1" role="dialog" aria-labelledby="newUserModalLabel" aria-hidden="true">
+<div class="modal fade" id="new_user" tabindex="-1" role="dialog" aria-labelledby="new_user" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
- <h4 class="modal-title" id="newUserModalLabel">New User</h4>
+ <h4 class="modal-title">New User</h4>
</div>
<div class="modal-body">
<form id="addForm" name="addForm" role="form" action="/user/addUser" method="POST">
<div class="form-group">
- <label for="email">Email</label>
- <input type="email" class="form-control" name="nf_email" id="nf_email">
+ <label for="nf_email">Email</label>
+ <input type="email" class="form-control" name="nf_email" id="nf_email" placeholder="varchar(64)" maxlength="64" />
</div>
<div class="form-group">
<label for="nf_password">Password</label>
- <input type="password" class="form-control" name="nf_password" id="nf_password">
+ <input type="password" class="form-control" name="nf_password" id="nf_password" />
</div>
<div class="form-group">
<label for="nf_confirm_password">Confirm Password</label>
- <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password">
+ <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password" />
</div>
<div class="form-group">
- <label for="privilege">Privilege</label>
+ <label for="nf_privilege">Privilege</label>
<select class="form-control" name="nf_privilege" id="nf_privilege">
<option value=admin>Administrator</option>
<option value=readonly>Readonly</option>
</select>
</div>
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div>
diff --git a/admportal/views/partials/update_parameter.ejs b/admportal/views/partials/update_parameter.ejs
index c0ef57d..257f657 100644
--- a/admportal/views/partials/update_parameter.ejs
+++ b/admportal/views/partials/update_parameter.ejs
@@ -25,6 +25,7 @@
<input maxlength="128" type="text" class="form-control" name="uf_memo" id="uf_memo" placeholder="varchar(128)">
</div>
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<input type="hidden" name="nf_action" id="nf_action">
<input type="hidden" name="uf_key_name" id="uf_key_name">
<button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
diff --git a/admportal/views/partials/userform.ejs b/admportal/views/partials/userform.ejs
index fae52ad..f882c6d 100644
--- a/admportal/views/partials/userform.ejs
+++ b/admportal/views/partials/userform.ejs
@@ -1,41 +1,42 @@
- <div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true">
- <div class="modal-dialog">
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
- <h4 class="modal-title" id="myUserModalLabel">Update User</h4>
- </div>
- <div class="modal-body">
- <form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST">
- <div class="form-group">
- <label for="uf_email">attuid</label>
- <input type="email" class="form-control" name="uf_email" id="uf_email">
- </div>
- <div class="form-group">
- <label for="uf_password">Password</label>
- <input type="password" class="form-control" name="uf_password" id="uf_password">
- </div>
- <div class="form-group">
- <label for="uf_confirm_password">Confirm Password</label>
- <input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password">
- </div>
- <div class="form-group">
- <label for="privilege">Privilege</label>
- <select class="form-control" name="uf_privilege" id="uf_privilege">
- <option value=admin>Administrator</option>
- <option value=readonly>Readonly</option>
- </select>
- </div>
- <div class="form-group">
- <input type="hidden" name="uf_action" id="uf_action">
- <input type="hidden" name="uf_key_email" id="uf_key_email">
- <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
- <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
- </div>
- </form>
- </div>
- </div>
- </div>
- </div>
+<div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true">
+ <div class="modal-dialog">
+ <div class="modal-content">
+ <div class="modal-header">
+ <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
+ <h4 class="modal-title" id="myUserModalLabel">Update User</h4>
+ </div>
+ <div class="modal-body">
+ <form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST">
+ <div class="form-group">
+ <label for="uf_email">Email</label>
+ <input type="email" class="form-control" name="uf_email" id="uf_email" />
+ </div>
+ <div class="form-group">
+ <label for="uf_password">Password</label>
+ <input type="password" class="form-control" name="uf_password" id="uf_password" />
+ </div>
+ <div class="form-group">
+ <label for="uf_confirm_password">Confirm Password</label>
+ <input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password" />
+ </div>
+ <div class="form-group">
+ <label for="uf_privilege">Privilege</label>
+ <select class="form-control" name="uf_privilege" id="uf_privilege">
+ <option value=admin>Administrator</option>
+ <option value=readonly>Readonly</option>
+ </select>
+ </div>
+ <div class="form-group">
+ <input type="hidden" name="uf_action" id="uf_action" />
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+ <input type="hidden" name="uf_key_email" id="uf_key_email" />
+ <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
+ <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+ </div>
+ </form>
+ </div>
+ </div>
+ </div>
+</div>
diff --git a/admportal/views/partials/vnf_profile.ejs b/admportal/views/partials/vnf_profile.ejs
index d67cf1a..f513219 100644
--- a/admportal/views/partials/vnf_profile.ejs
+++ b/admportal/views/partials/vnf_profile.ejs
@@ -21,9 +21,10 @@
<input type="text" class="form-control" name="nf_equipment_role" id="nf_equipment_role" maxlength="11" placeholder="varchar(80)">
</div>
<div class="form-group">
- <input type="hidden" name="nf_action" id="nf_action">
- <button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button>
- <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+ <input type="hidden" name="nf_action" id="nf_action">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+ <button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button>
+ <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div>
</form>
</div>
diff --git a/admportal/views/sla/list.ejs b/admportal/views/sla/list.ejs
index 10bd4f4..575e206 100644
--- a/admportal/views/sla/list.ejs
+++ b/admportal/views/sla/list.ejs
@@ -40,79 +40,73 @@
<div class="container-fluid">
<table id="sla" class="table table-hover table-condensed">
- <thead>
- <tr>
- <th>Module</th>
- <th>RPC</th>
- <th>Version</th>
- <th>Mode</th>
- <th>Active</th>
- <% if(priv == 'A') { %>
- <th>Activate/Deactive</th>
- <% } %>
- <th>Display</th>
- <th>XML code</th>
- <% if(priv=='A') { %>
- <th>Delete</th>
- <% } %>
- </tr>
- </thead>
- <tbody>
- <% var i=0; rows.forEach( function(row) { %>
- <tr>
- <td><%= row.module %></td>
- <td><%= row.rpc %></td>
- <td><%= row.version %></td>
- <td><%= row.mode %></td>
- <td><%= row.active %></td>
- <% if ( priv == 'A' ) {
- if (row.active == "Y") { %>
- <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td>
- <% } else { %>
- <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td>
- <% } %>
- <% } %>
- <td>
- <button type="button" class="btn btn-default btn-xs"
- onclick='location.assign("/sla/printAsGv?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>Display</button>
- </td>
- <td>
- <button type="button" class="btn btn-default btn-xs"
- onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button>
- </td>
- <% if ( priv == 'A' ) { %>
- <td>
- <button type="button" class="btn btn-default btn-xs"
+ <thead>
+ <tr>
+ <th>Module</th>
+ <th>RPC</th>
+ <th>Version</th>
+ <th>Mode</th>
+ <th>Active</th>
+ <% if(priv == 'A') { %>
+ <th>Activate/Deactive</th>
+ <% } %>
+ <th>XML code</th>
+ <% if(priv=='A') { %>
+ <th>Delete</th>
+ <% } %>
+ </tr>
+ </thead>
+ <tbody>
+ <% var i=0; rows.forEach( function(row) { %>
+ <tr>
+ <td><%= row.module %></td>
+ <td><%= row.rpc %></td>
+ <td><%= row.version %></td>
+ <td><%= row.mode %></td>
+ <td><%= row.active %></td>
+ <% if ( priv == 'A' ) {
+ if (row.active == "Y") { %>
+ <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td>
+ <% } else { %>
+ <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td>
+ <% } %>
+ <% } %>
+ <td>
+ <button type="button" class="btn btn-default btn-xs"
+ onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button>
+ </td>
+ <% if ( priv == 'A' ) { %>
+ <td>
+ <button type="button" class="btn btn-default btn-xs"
onclick="deleteGraph('<%=row.module %>',
- '<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button>
- </td>
- <% } %>
- </tr>
- <% i++; }); %>
- </tbody>
- </table>
+ '<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button>
+ </td>
+ <% } %>
+ </tr>
+ <% i++; }); %>
+ </tbody>
+ </table>
<% if(priv == 'A') { %>
<div class="actions" style="padding:0px 25px;">
<form method="POST" action="/sla/upload" enctype="multipart/form-data">
<div class="form-group">
- <label for="dest">File input</label>
- <input name="filename" type="file" id="dest">
- <p class="help-block">Choose a file to upload.</p>
- </div>
- <%
- if ( priv == 'A' )
- {
- %>
- <button type="button" class="btn btn-default"
- onclick="uploadFile(this.form);">Upload File</button>
- <% } else { %>
- <button type="button" class="btn btn-default disabled"
- onclick="uploadFile(this.form);">Upload File</button>
- <% } %>
+ <label for="dest">File input</label>
+ <input name="filename" type="file" id="dest" />
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+ <p class="help-block">Choose a file to upload.</p>
+ </div>
+ <% if ( priv == 'A' ) { %>
+ <button type="button" class="btn btn-default"
+ onclick="uploadFile(this.form);">Upload File</button>
+ <% } else { %>
+ <button type="button" class="btn btn-default disabled"
+ onclick="uploadFile(this.form);">Upload File</button>
+ <% } %>
</form>
</div>
<% } %>
+
</div>
diff --git a/admportal/views/user/list.ejs b/admportal/views/user/list.ejs
index 947a811..ec650b0 100644
--- a/admportal/views/user/list.ejs
+++ b/admportal/views/user/list.ejs
@@ -43,7 +43,7 @@
<div class="container-fluid">
<div class="actions" style="padding:15px 0px;">
<% if(priv == 'A') { %>
- <button class="btn btn-primary" data-toggle="modal" data-target="#newUserModal">Add User</button>
+ <button class="btn btn-primary" data-toggle="modal" data-target="#new_user">Add User</button>
<% } %>
</div>
@@ -75,14 +75,14 @@
<% } %>
</td>
<% if(priv == 'A') { %>
- <td><form name="rowform">
- <input type="hidden" name="rfemail" id="rfemail" value="<%= row.email %>"</input>
+ <td>
+ <form name="rowform">
+ <button type="button" class="btn btn-default btn-xs"
+ onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
+ <button type="button" class="btn btn-default btn-xs"
+ onclick="deleteRequest('<%=row.email %>');">Delete</button>
</form>
- <button type="button" class="btn btn-default btn-xs"
- onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
- <button type="button" class="btn btn-default btn-xs"
- onclick="deleteRequest('<%=row.email %>');">Delete</button>
- </td>
+ </td>
<% } %>
</tr>
<% }); }; %>