diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb | |
parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
45 files changed, 943 insertions, 1699 deletions
diff --git a/SdncReports/pom.xml b/SdncReports/pom.xml index 27effb16..048b5a42 100644 --- a/SdncReports/pom.xml +++ b/SdncReports/pom.xml @@ -13,7 +13,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>spring-boot-1-starter-parent</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <distributionManagement> <repository> diff --git a/admportal/package.json b/admportal/package.json index f30d0599..6274d72d 100644 --- a/admportal/package.json +++ b/admportal/package.json @@ -12,12 +12,16 @@ "bootstrap-submenu": "^2.0.3", "bootstrap-table": "^1.9.1", "cookie-parser": "~1.3.3", + "crypto": "^1.0.1", + "csurf": "^1.10.0", "csv": "^0.4.1", "csvtojson": "^0.5.3", "dateformat": "^1.0.11", "debug": "~2.0.0", + "dns-sync": "~0.1.3", "ejs": "~0.8.5", "express": "~4.9.0", + "express-sanitizer": "^1.0.5", "express-session": "^1.10.1", "fs.extra": "^1.3.2", "lodash": "^3.8.0", @@ -30,7 +34,6 @@ "properties-reader": "0.0.9", "sax": "^0.6.1", "serve-favicon": "~2.1.3", - "xml2js": "^0.4.5", - "dns-sync": "~0.1.3" + "xml2js": "^0.4.5" } } diff --git a/admportal/pom.xml b/admportal/pom.xml index 29f9ce95..f01096a2 100644 --- a/admportal/pom.xml +++ b/admportal/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>binding-parent</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/admportal/server/app.js b/admportal/server/app.js index 33cdb64f..898645e8 100644 --- a/admportal/server/app.js +++ b/admportal/server/app.js @@ -8,6 +8,7 @@ var PropertiesReader = require('properties-reader'); var properties = PropertiesReader(process.argv[2]); //property file passed var morgan = require('morgan'); var _ = require('lodash'); +var expressSanitizer = require('express-sanitizer'); //var multer = require('multer'); //var done=false; @@ -47,6 +48,9 @@ app.use(bodyParser.urlencoded({ extended: true })); +// mount express-sanitizer here +app.use(expressSanitizer()); // this line needs to follow bodyParser + app.use(accesslog); // http access log app.use(express.static(process.cwd() + '/public')); // static files diff --git a/admportal/server/router/index.js b/admportal/server/router/index.js index 76cd6115..a529375e 100644 --- a/admportal/server/router/index.js +++ b/admportal/server/router/index.js @@ -9,9 +9,9 @@ module.exports = function(app) { app.use('/odl', require('./routes/odl')); app.use('/sla', require('./routes/sla')); app.use('/user', require('./routes/user')); - app.use('/gamma', require('./routes/gamma')); + //app.use('/gamma', require('./routes/gamma')); app.use('/mobility', require('./routes/mobility')); - app.use('/admin', require('./routes/admin')); + //app.use('/admin', require('./routes/admin')); app.use('/preload', require('./routes/preload')); //app.use('/svc-topology-operation', require('./routes/odl')); //app.use('/wklist-delete', require('./routes/odl')); diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js index 4b7b8088..96c7fd85 100755 --- a/admportal/server/router/routes/admin.js +++ b/admportal/server/router/routes/admin.js @@ -5,40 +5,43 @@ var util = require('util'); var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); +var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); +var csrf = require('csurf'); + +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()); // GET router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) { dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) { +router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) { - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.deleteParameter(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from PARAMETERS table.'); - dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + var privilegeObj = req.session.loggedInAdmin; + var tasks = []; + tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); }); + async.series(tasks, function(err,result){ + var msgArray = new Array(); + if(err){ + msgArray.push(err); + dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Row successfully deleted from PARAMETERS table.'); + dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); // POST -router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ +router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){ var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -59,7 +62,7 @@ router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ }); // gamma - updateAicSite -router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ +router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){ var privilegeObj = req.session.loggedInAdmin; var tasks = []; diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js index 435aaf91..8828052f 100644 --- a/admportal/server/router/routes/csp.js +++ b/admportal/server/router/routes/csp.js @@ -15,13 +15,18 @@ function logout(req,res){ function login (req,res) { +console.log('login'); +var tkn = req.sanitize(req.body._csrf); +console.log('login:tkn=' + tkn); + var loggedInAdmin={}; - var email = req.body.email; + var email = req.sanitize(req.body.email); + var pswd = req.sanitize(req.body.password); dbRoutes.findAdminUser(email,res,function(adminUser){ if(adminUser !== null){ // make sure correct password is provided - if (req.body.password != adminUser.password) { + if (pswd != adminUser.password) { res.render("pages/login", { result: @@ -36,6 +41,7 @@ function login (req,res) { var loggedInAdmin = { email:adminUser.email, + csrfToken: tkn, password:adminUser.password, privilege:adminUser.privilege } @@ -57,6 +63,7 @@ function login (req,res) { } function checkAuth(req,res,next){ + var host = req.get('host'); var url = req.url; var originalUrl = req.originalUrl; @@ -64,8 +71,7 @@ function checkAuth(req,res,next){ console.log("checkAuth"); var host = req.headers['host']; -console.log('host=' + host); - + console.log('host=' + host); console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin)); if(req.session == null || req.session == undefined || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined) @@ -79,6 +85,40 @@ console.log('host=' + host); next(); } +function checkPriv(req,res,next) +{ + var priv = req.session.loggedInAdmin; + if(req.session == null || req.session == undefined + || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined) + { + res.render("pages/err", + { + result: {code:'error', msg:'Unexpected null session.'}, + header: process.env.MAIN_MENU + }); + return; + } + else + { + if (priv.privilege == 'A') + { + next(); + return; + } + else + { + res.render("pages/err", + { + result: { code:'error', msg:'User does not have permission to run operation.'}, + header: process.env.MAIN_MENU + }); + return; + } + } +} + + exports.login = login; exports.logout = logout; exports.checkAuth = checkAuth; +exports.checkPriv = checkPriv; diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js index 34a90c7b..c4a09fdc 100644 --- a/admportal/server/router/routes/dbRoutes.js +++ b/admportal/server/router/routes/dbRoutes.js @@ -262,18 +262,22 @@ console.log('checkDB'); exports.saveUser = function(req,res){ - pool.getConnection(function(err,connection){ +console.log('b4 sani'); + var email = req.sanitize(req.body.nf_email); + var pswd = req.sanitize(req.body.nf_password); +console.log('after sani'); + + pool.getConnection(function(err,connection) + { if(err){ console.error( String(err) ); // ALARM res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); return; - } - //var sql = "SELECT AES_DECRYPT(password, '" + enckey + "') password FROM PORTAL_USERS"; - var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + req.body.nf_email + "'"; - - console.log(sql); + } + var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'"; - connection.query(sql, function(err,result){ + connection.query(sql, function(err,result) + { if(err){ connection.release(); res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); @@ -287,13 +291,12 @@ exports.saveUser = function(req,res){ } sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES (" - +"'"+ req.body.nf_email + "'," - + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "')," + +"'"+ email + "'," + + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," +"'A')"; - console.log(sql); - - connection.query(sql, function(err,result){ + connection.query(sql, function(err,result) + { connection.release(); if(err){ @@ -360,172 +363,207 @@ exports.deleteUser = function(req,res){ exports.addUser = function(req,res){ var rows={}; - var resultObj = { code:'', msg:'' }; + var resultObj = { code:'', msg:'' }; var privilegeObj = req.session.loggedInAdmin; + var privilege = req.sanitize(req.body.nf_privilege); + var email = req.sanitize(req.body.nf_email); + var pswd = req.sanitize(req.body.nf_password); - pool.getConnection(function(err,connection) { - if(err){ + + pool.getConnection(function(err,connection) + { + if(err) + { console.error( String(err) ); // ALARM - res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - - if( req.body.nf_privilege == "admin" ){ - var char_priv = 'A'; - }else if(req.body.nf_privilege == 'readonly'){ - var char_priv = 'R'; - }else{ - var char_priv = 'A'; - } - - - //connection.query(sqlRequest, function(err,result){ - var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES (" - +"'"+ req.body.nf_email + "'," - + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "')," - +"'"+ char_priv + "')"; - - console.log(sqlUpdate); + } - connection.query(sqlUpdate,function(err,result){ + if( privilege == "admin" ){ + var char_priv = 'A'; + }else if(privilege == 'readonly'){ + var char_priv = 'R'; + }else{ + var char_priv = 'R'; + } - if(err){ - resultObj = {code:'error', msg:'Add of user failed Error: '+err}; - } + //connection.query(sqlRequest, function(err,result) + var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES (" + +"'"+ email + "'," + + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," + +"'"+ char_priv + "')"; - // Need DB lookup logic here - connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) { - connection.release(); - if(!err) { - if ( rows.length > 0 ) - { + connection.query(sqlUpdate,function(err,result) + { + if(err){ + resultObj = {code:'error', msg:'Add of user failed Error: '+err}; + } + // Need DB lookup logic here + connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) + { + connection.release(); + if(!err) + { + if ( rows.length > 0 ) + { resultObj = {code:'success',msg:'Successfully added user.'}; - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); + res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); return; - }else{ - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', + }else{ + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err , + } + } + else { + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err , privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - }); //end query - }); - - }); // end of getConnection + } + }); //end query + }); + }); // end of getConnection } // updateUser exports.updateUser= function(req,res){ - var rows={}; + var rows={}; var resultObj = { code:'', msg:'' }; var privilegeObj = req.session.loggedInAdmin; + var email = req.sanitize(req.body.uf_email); + var key_email = req.sanitize(req.body.uf_key_email) + var pswd = req.sanitize(req.body.uf_password); + var privilege = req.sanitize(req.body.uf_privilege); - pool.getConnection(function(err,connection) { - - if(err){ + pool.getConnection(function(err,connection) + { + if(err){ console.error( String(err) ); // ALARM - res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), + res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } + } - if( req.body.uf_privilege == "admin" ){ + if( privilege == "admin" ){ var char_priv = 'A'; - }else if(req.body.uf_privilege == 'readonly'){ + }else if(privilege == 'readonly'){ var char_priv = 'R'; }else{ - var char_priv = 'A'; + var char_priv = 'R'; } - - //connection.query(sqlRequest, function(err,result){ var sqlUpdate = "UPDATE PORTAL_USERS SET " - + "email = '" + req.body.uf_email + "'," - + "password = " + "AES_ENCRYPT('" + req.body.uf_password + "','" + enckey + "'), " + + "email = '" + email + "'," + + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), " + "privilege = '"+ char_priv + "'" - + " WHERE email = '" + req.body.uf_key_email + "'"; - - console.log(sqlUpdate); - - connection.query(sqlUpdate,function(err,result){ + + " WHERE email = '" + key_email + "'"; + connection.query(sqlUpdate,function(err,result) + { if(err){ - resultObj = {code:'error', msg:'Update of user failed Error: '+err}; + resultObj = {code:'error', msg:'Update of user failed Error: '+err}; } - - // Need DB lookup logic here - connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) { - connection.release(); - if(!err) { - if ( rows.length > 0 ) - { + // Need DB lookup logic here + connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) + { + connection.release(); + if(!err) + { + if ( rows.length > 0 ) + { resultObj = {code:'success',msg:'Successfully updated user.'}; - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} ); - return; - }else{ - res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.', + res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} ); + return; + }else{ + res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.', privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), + } + } else { + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), privilege:privilegeObj },header:process.env.MAIN_MENU}); return; } - }); //end query - }); - }); // end of getConnection -}; + }); //end query + }); + }); // end of getConnection +} exports.listUsers = function(req,res,resultObj){ var privilegeObj = req.session.loggedInAdmin; - var rows={}; - pool.getConnection(function(err,connection) { + var rows={}; + pool.getConnection(function(err,connection) + { - if(err){ + if(err){ console.error( String(err) ); // ALARM - res.render("pages/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + res.render("pages/list", + { + rows: null, + result:{ + code:'error', + msg:"Unable to get database connection. " + String(err), + privilege:privilegeObj }, + header:process.env.MAIN_MENU + }); return; - } + } - // Need DB lookup logic here - var selectUsers = "SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege from PORTAL_USERS"; - console.log(selectUsers); - connection.query(selectUsers, function(err, rows) { + // Need DB lookup logic here + var selectUsers = "SELECT email, AES_DECRYPT(password,'" + + enckey + "') password, privilege from PORTAL_USERS"; - connection.release(); - if(err){ - resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err}; + connection.query(selectUsers, function(err, rows) { + + connection.release(); + if(err){ + resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err}; + } + if(!err) + { + if ( rows.length > 0 ) + { + console.log(JSON.stringify(rows)); + res.render('user/list', + { + rows: rows, + result:resultObj, + privilege:privilegeObj, + header:process.env.MAIN_MENU + }); + return; } - - if(!err) { - if ( rows.length > 0 ) - { - console.log(JSON.stringify(rows)); - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU }); - return; - } - else{ - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database.', - privilege:privilegeObj },header:process.env.MAIN_MENU}); - return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); - return; + else{ + res.render("user/list", + { + rows: null, + result:{ + code:'error', + msg:'Unexpected no rows returned from database.', + privilege:privilegeObj }, + header:process.env.MAIN_MENU + }); + return; } - }); //end query - }); // end getConnection + } + else + { + res.render("user/list", + { + rows: null, + result:{ + code:'error', + msg:'Unexpected no rows returned from database. ' + String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU + }); + return; + } + }); //end query + }); // end getConnection } exports.listSLA = function(req,res,resultObj){ @@ -689,29 +727,29 @@ exports.getMetaTable = function(req,res,sql,rdestination,resultObj,privilegeObj) exports.getVnfProfile = function(req,res,resultObj,privilegeObj){ - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - connection.query("SELECT vnf_type,availability_zone_count,equipment_role " - + "FROM VNF_PROFILE ORDER BY VNF_TYPE", function(err, rows) - { - connection.release(); - if(err) { - res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU}); - return; - } - else { - res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); - return; - } - }); //end query -console.log('after query'); - }); // end getConnection + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + var sql = "SELECT vnf_type,availability_zone_count,equipment_role FROM VNF_PROFILE ORDER BY VNF_TYPE"; + console.log(sql); + connection.query(sql, function(err, rows) + { + connection.release(); + if(err) { + res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU}); + return; + } + else { + console.log('render vnfProfile'); + res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); + return; + } + }); //end query + }); // end getConnection } @@ -747,103 +785,102 @@ exports.getVnfPreloadData = function(req,res,dbtable,callback){ -exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj){ - - - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - // Need DB lookup logic here - connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data " - + "FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id", function(err, rows) - { - var msgArray = new Array(); - - connection.release(); - if(err) { - msgArray = 'Database Error: '+ String(err); - res.render("mobility/vnfPreloadNetworkData", { +exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj) +{ + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", + {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + // Need DB lookup logic here + var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id"; + console.log(sql); + connection.query(sql, function(err, rows) + { + var msgArray = new Array(); + connection.release(); + if(err) { + msgArray = 'Database Error: '+ String(err); + res.render("mobility/vnfPreloadNetworkData", { result:{code:'error',msg:msgArray}, + privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - else { - var retData = []; - for( r=0; r<rows.length; r++) - { - var rowObj = {}; - rowObj.row = rows[r]; - if ( rows[r].filename.length > 0 ) - { - try{ + return; + } + else { + var retData = []; + for( r=0; r<rows.length; r++) + { + var rowObj = {}; + rowObj.row = rows[r]; + if ( rows[r].filename.length > 0 ) + { + try{ var buffer = rows[r].preload_data; - var decode_buffer = decodeURI(buffer); - var filecontent = JSON.parse(decode_buffer); - rowObj.filecontent = filecontent; - rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"]; - rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"]; - } - catch(error){ - msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); - } - } - else { - rowObj.filecontent = ''; - } - retData.push(rowObj); - } - if(msgArray.length>0){ - resultObj.code = 'failure'; - resultObj.msg = msgArray; - } - res.render('mobility/vnfPreloadNetworkData', { + var decode_buffer = decodeURI(buffer); + var filecontent = JSON.parse(decode_buffer); + rowObj.filecontent = filecontent; + rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"]; + rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"]; + } + catch(error){ + msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); + } + } + else { + rowObj.filecontent = ''; + } + retData.push(rowObj); + }//endloop + if(msgArray.length>0){ + resultObj.code = 'failure'; + resultObj.msg = msgArray; + } + res.render('mobility/vnfPreloadNetworkData', { retData:retData, result:resultObj, privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - }); //end query - }); // end getConnection + return; + } + }); //end query + }); // end getConnection } -exports.getVnfData = function(req,res,resultObj,privilegeObj){ - - - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - // Need DB lookup logic here - connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data " - + "FROM PRE_LOAD_VNF_DATA ORDER BY id", function(err, rows) +exports.getVnfData = function(req,res,resultObj,privilegeObj) +{ + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + // Need DB lookup logic here + var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_DATA ORDER BY id"; + console.log(sql); + connection.query(sql,function(err, rows) { var msgArray = new Array(); - - connection.release(); - if(err) { + connection.release(); + if(err) { msgArray = 'Database Error: '+ String(err); - res.render("mobility/vnfPreloadData", { + res.render("mobility/vnfPreloadData", { result:{code:'error',msg:msgArray}, + privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - else { + return; + } + else { var retData = []; for( r=0; r<rows.length; r++) { @@ -853,35 +890,35 @@ exports.getVnfData = function(req,res,resultObj,privilegeObj){ { try{ var buffer = rows[r].preload_data; - var s_buffer = decodeURI(buffer); + var s_buffer = decodeURI(buffer); var filecontent = JSON.parse(s_buffer); rowObj.filecontent = filecontent; rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"]; rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"]; } catch(error){ - msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); + msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); } } else { rowObj.filecontent = ''; } retData.push(rowObj); - } + }//endloop if(msgArray.length>0){ resultObj.code = 'failure'; resultObj.msg = msgArray; } - res.render('mobility/vnfPreloadData',{ - retData:retData, result:resultObj, - privilege:privilegeObj, - header:process.env.MAIN_MENU, - preloadImportDirectory: properties.preloadImportDirectory + res.render('mobility/vnfPreloadData',{ + retData:retData, result:resultObj, + privilege:privilegeObj, + header:process.env.MAIN_MENU, + preloadImportDirectory: properties.preloadImportDirectory }); - return; - } - }); //end query - }); // end getConnection + return; + } + }); //end query + }); // end getConnection } @@ -927,28 +964,27 @@ exports.findAdminUser = function(email,res,callback) { exports.addRow = function(sql,req,res,callback){ - console.log(sql); - - pool.getConnection(function(err,connection) { + console.log(sql); - if(err){ - console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); - return; - } + pool.getConnection(function(err,connection) { - connection.query(sql, function(err,result){ - connection.release(); - if(err){ - console.debug('Database operation failed. ' + err ); - callback(err,'Database operation failed. ' + err ); - } - else - { - callback(null, result.affectedRows); - } - }); //end query - }); // end getConnection + if(err){ + console.error( String(err) ); // ALARM + callback(err, 'Unable to get database connection.' + err); + return; + } + connection.query(sql, function(err,result){ + connection.release(); + if(err){ + console.debug('Database operation failed. ' + err ); + callback(err,'Database operation failed. ' + err ); + } + else + { + callback(null, result.affectedRows); + } + }); //end query + }); // end getConnection } diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js index 70e6713c..5b8c7649 100644 --- a/admportal/server/router/routes/gamma.js +++ b/admportal/server/router/routes/gamma.js @@ -53,314 +53,7 @@ router.get('/getNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - if (typeof req.query.vlan_plan_id == "undefined"){ - dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - }else{ - var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN " - + req.query.range_start + " AND " + req.query.range_end; - dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - } -}); - -router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var network_type = removeNL(req.body.nf_network_type); - var technology = removeNL(req.body.nf_technology); - var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES (" - + "'"+ network_type + "'," - + "'"+ technology + "')"; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result == 1 ) - { - msgArray.push('Successfully added Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Was not able to add Network Profile.'); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var plan_type = req.body.nf_plan_type; - var purpose = req.body.nf_purpose; - var range_start = padLeft(removeNL(req.body.nf_range_start),4); - var range_end = padLeft(removeNL(req.body.nf_range_end),4); - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback){ - dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback); - - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push("Error: " + err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result[0] == 1 ) - { - msgArray.push('Successfully deleted Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('No rows removed.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - - tasks.push(function(callback){ - dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully deleted Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE NETWORK_PROFILE SET " - + "network_type='"+ removeNL(req.body.uf_network_type) + "', " - + "technology='" + removeNL(req.body.uf_technology) + "' " - + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'"; - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE VLAN_POOL SET " - + "status='"+ removeNL(req.body.uf_status) + "' " - + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'" - + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'" - + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'" - + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'" - + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'" - + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id); - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ -}); -router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var vlan_plan_id = req.query.vlan_plan_id; - var plan_type = req.query.plan_type; - var purpose = req.query.purpose; - var range_start = req.query.range_start; - var range_end = req.query.range_end; - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -///// end 1604 - - // GET -router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); - -// ROLLBACK SERVICE_HOMING -router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.rollbackServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('SERVICE_HOMING table successfully restored.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -// DELETE SERVICE_HOMING -router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.deleteServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from SERVICE_HOMING table.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -// DELETE AIC_SITE router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { var privilegeObj = req.session.loggedInAdmin; diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js index d19f65aa..cd798dc8 100644 --- a/admportal/server/router/routes/mobility.js +++ b/admportal/server/router/routes/mobility.js @@ -6,13 +6,18 @@ var fs = require('fs.extra'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); var multer = require('multer'); +var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); var l_ = require('lodash'); var dateFormat = require('dateformat'); var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json'); +var crypto = require('crypto'); +var csrf = require('csurf'); +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()) // pass host, username and password to ODL // target host for ODL request @@ -57,30 +62,28 @@ var upload = multer({ }); - - // GET -router.get('/getVnfData', csp.checkAuth, function(req,res) { +router.get('/getVnfData', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.getVnfData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVmNetworks', csp.checkAuth, function(req,res) { - dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +router.get('/getVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) { + dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVnfProfile', csp.checkAuth, function(req,res) { +router.get('/getVnfProfile', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVnfNetworks', csp.checkAuth, function(req,res) { - dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVmProfile', csp.checkAuth, function(req,res) { - dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); +//router.get('/getVmNetworks', csp.checkAuth, function(req,res) { +// dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); +//router.get('/getVnfNetworks', csp.checkAuth, function(req,res) { +// dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); +//router.get('/getVmProfile', csp.checkAuth, function(req,res) { +// dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); //////// -router.get('/getVnfNetworkData', csp.checkAuth, function(req,res) { - dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res) +router.get('/viewVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var resp_msg = ''; @@ -110,7 +113,7 @@ router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res) }); -router.get('/viewVnfData', csp.checkAuth, function(req,res) +router.get('/viewVnfData', csp.checkAuth, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var resp_msg = ''; @@ -140,87 +143,85 @@ router.get('/viewVnfData', csp.checkAuth, function(req,res) }); -router.get('/loadVnfNetworkData', csp.checkAuth, function(req,res) +router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res) { + var privilegeObj = req.session.loggedInAdmin; + var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - var msgArray = new Array(); - - if ( req.query.status != 'pending' ) - { - msgArray.push("Upload Status must be in 'pending' state."); - dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; - } - - // build request-id - var now = new Date(); - var df = dateFormat(now,"isoDateTime"); - var rnum = Math.floor((Math.random() * 9999) +1); - var svc_req_id = req.query.id + "-" + df + "-" + rnum; + if ( req.query.status != 'pending' ) + { + msgArray.push("Upload Status must be in 'pending' state."); + dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; + } - var tasks = []; + // build request-id + var now = new Date(); + var df = dateFormat(now,"isoDateTime"); + const rnum = crypto.randomBytes(4); + var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');; + var tasks = []; // first get the contents of the file from the db - tasks.push(function(callback){ + tasks.push(function(callback){ dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_NETWORK_DATA",callback); }); // then format the request and send it using the arg1 parameter // which is the contents of the file returned from the previous function // call in the tasks array - tasks.push(function(arg1,callback){ + tasks.push(function(arg1,callback){ var s_file = JSON.stringify(arg1); - // remove the last two braces, going to add the headers there - // will add them back later. - s_file = s_file.substring(0, (s_file.length-2)); + // remove the last two braces, going to add the headers there + // will add them back later. + s_file = s_file.substring(0, (s_file.length-2)); - // add the request-information header - s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}'); + // add the request-information header + s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}'); - // add the sdnc-request-header - s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"'); - s_file = s_file.concat(svc_req_id); - s_file = s_file.concat('","svc-action": "reserve"}'); + // add the sdnc-request-header + s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"'); + s_file = s_file.concat(svc_req_id); + s_file = s_file.concat('","svc-action": "reserve"}'); - // add the two curly braces at the end that we stripped off - s_file = s_file.concat('}}'); + // add the two curly braces at the end that we stripped off + s_file = s_file.concat('}}'); - OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation', - options,s_file,res,callback); - }); + OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation', + options,s_file,res,callback); + }); // if successful then update the status - tasks.push(function(arg1,callback){ - dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + tasks.push(function(arg1,callback){ + dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback); - }); + }); // use the waterfall method of making calls async.waterfall(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push("Error posting pre-load data to ODL: "+err); - dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; - } - else{ - msgArray.push('Successfully loaded VNF pre-loaded data.'); - dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + { + var msgArray = new Array(); + if(err){ + msgArray.push("Error posting pre-load data to ODL: "+err); + dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; + } + else{ + msgArray.push('Successfully loaded VNF pre-loaded data.'); + dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); -router.get('/loadVnfData', csp.checkAuth, function(req,res) +router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res) { - var privilegeObj = req.session.loggedInAdmin; + var privilegeObj = req.session.loggedInAdmin; var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename - var msgArray = new Array(); + var msgArray = new Array(); if ( req.query.status != 'pending' ) { @@ -232,28 +233,27 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) // build request-id var now = new Date(); var df = dateFormat(now,"isoDateTime"); - var rnum = Math.floor((Math.random() * 9999) +1); - var svc_req_id = req.query.id + "-" + df + "-" + rnum; - + const rnum = crypto.randomBytes(4); + var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex'); var tasks = []; // first get the contents of the file from the db tasks.push(function(callback){ - dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback); - }); + dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback); + }); // then format the request and send it using the arg1 parameter // which is the contents of the file returned from the previous function // call in the tasks array tasks.push(function(arg1,callback){ - var s1_file = JSON.stringify(arg1); - var s_file = decodeURI(s1_file); + var s1_file = JSON.stringify(arg1); + var s_file = decodeURI(s1_file); // remove the last two braces, going to add the headers there - // will add them back later. - s_file = s_file.substring(0, (s_file.length-2)); + // will add them back later. + s_file = s_file.substring(0, (s_file.length-2)); // add the request-information header s_file = s_file.concat(',"request-information": {"request-action": "PreloadVNFRequest"}'); @@ -267,12 +267,12 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) s_file = s_file.concat('}}'); OdlInterface.Post('/restconf/operations/VNF-API:preload-vnf-topology-operation', - options,s_file,res,callback); + options,s_file,res,callback); }); // if successful then update the status tasks.push(function(arg1,callback){ - dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback); }); @@ -281,20 +281,20 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) { var msgArray = new Array(); if(err){ - msgArray.push("Error posting pre-load data to ODL: "+err); - dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; + msgArray.push("Error posting pre-load data to ODL: "+err); + dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; } else{ msgArray.push('Successfully loaded VNF pre-loaded data.'); - dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } + dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } }); }); -router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) { +router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -347,7 +347,9 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) { }); -router.get('/deleteVnfData', csp.checkAuth, function(req,res) { +router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { + +console.log('deleteVnfData'); var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -360,14 +362,14 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) { dbRoutes.executeSQL(sql,req,res,callback); }); } else { - var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "'; - inputString = inputString.concat(req.query.vnf_name); - inputString = inputString.concat('","vnf-type":"'); - inputString = inputString.concat(req.query.vnf_type); - inputString = inputString.concat('"}},'); + var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "'; + inputString = inputString.concat(req.query.vnf_name); + inputString = inputString.concat('","vnf-type":"'); + inputString = inputString.concat(req.query.vnf_type); + inputString = inputString.concat('"}},'); - // add the request-information header - inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},'); + // add the request-information header + inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},'); // add the request-information header //inputString = inputString.concat('"request-information": {"request-id": "259c0f93-23cf-46ad-84dc-162ea234fff1",'); @@ -412,36 +414,7 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) { }); -router.get('/deleteVmProfile', csp.checkAuth, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql = ''; - - sql = "DELETE FROM VM_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'" - + " AND vm_type='" + req.query.vm_type + "'"; - - tasks.push(function(callback) { - dbRoutes.executeSQL(sql,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from VM_PROFILE table.'); - dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) { +router.get('/deleteVnfNetwork', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -469,7 +442,7 @@ router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) { }); }); -router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) { +router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -496,215 +469,39 @@ router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) { }); }); -router.get('/deleteVmNetwork', csp.checkAuth, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql = ''; - - sql = "DELETE FROM VM_NETWORKS WHERE vnf_type='" + req.query.vnf_type - + "' AND vm_type='" + req.query.vm_type + "' AND network_role='" - + req.query.network_role + "'"; - - tasks.push(function(callback) { - dbRoutes.executeSQL(sql,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from VM_NETWORKS table.'); - dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - // POST -router.post('/addVmProfile', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql; - - - if ( req.body.nf_vm_count.length > 0 ) - { - sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type,vm_count) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + req.body.nf_vm_count + ")"; - } - else - { - sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "')"; - } - - - console.log("SQL: " + sql); - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VM Profile'); - dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -router.post('/addVnfNetwork', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - - var sql = "INSERT INTO VNF_NETWORKS (vnf_type,network_role) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_network_role + "')"; +router.post('/addVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res){ - console.log("SQL: " + sql); - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVnfNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VNF Network'); - dbRoutes.getVnfNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/addVnfProfile', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; + var privilegeObj = req.session.loggedInAdmin; + var vnf_type = req.sanitize(req.body.nf_vnf_type); + var availability_zone_count = req.sanitize(req.body.nf_availability_zone_count); + var equipment_role = req.sanitize(req.body.nf_equipment_role); + var tasks = []; var sql; - sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + req.body.nf_availability_zone_count - + ",'" + req.body.nf_equipment_role + "')"; + sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES (" + + "'" + vnf_type + "'," + availability_zone_count + ",'" + equipment_role + "')"; console.log(sql); - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VNF Profile'); - dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/addVmNetwork', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var msgArray = new Array(); - - // convert true|false to 1|0 - var assign_ips = (req.body.nf_assign_ips == 'true') ? 1 : 0; - var assign_macs = (req.body.nf_assign_macs == 'true') ? 1 : 0; - var assign_floating_ip = (req.body.nf_assign_floating_ip == 'true') ? 1 : 0; - - - if ((req.body.nf_assign_ips == 'true' && - (typeof req.body.nf_ip_count == 'undefined' || req.body.nf_ip_count.length <=0))) - { - msgArray.push("If assign_ips equals 'true', ip_count must be populated with a number."); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - - - if ( req.body.nf_ip_count.length >0 ) - { - var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,ip_count,assign_ips,assign_macs,assign_floating_ip) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + "'" + req.body.nf_network_role + "'," - + req.body.nf_ip_count + "," - + assign_ips + "," - + assign_macs + "," - + assign_floating_ip + ")"; - } - else - { - var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,assign_ips,assign_macs,assign_floating_ip) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + "'" + req.body.nf_network_role + "'," - + assign_ips + "," - + assign_macs + "," - + assign_floating_ip + ")"; - } - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VM Network'); - var message = ''; - if (req.body.nf_ip_count.length >0) - { - message = req.body.nf_vnf_type - + ',' + req.body.nf_vm_type - + ',' + req.body.nf_network_role - + ',' + req.body.nf_ip_count - + ',' + req.body.nf_assign_ips - + ',' + req.body.nf_assign_macs - + ',' + req.body.nf_assign_floating_ip; - } - else - { - message = req.body.nf_vnf_type - + ',' + req.body.nf_vm_type - + ',' + req.body.nf_network_role - + ',' + req.body.nf_assign_ips - + ',' + req.body.nf_assign_macs - + ',' + req.body.nf_assign_floating_ip; - } - dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); + async.series(tasks, function(err,result){ + var msgArray = new Array(); + if(err){ + msgArray.push(err); + dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Successfully added VNF Profile'); + dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); // POST -router.post('/uploadVnfData', csp.checkAuth, upload.single('filename'), function(req, res) +router.post('/uploadVnfData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res) { console.log('filename:'+ JSON.stringify(req.file.originalname)); var msgArray = new Array(); @@ -776,7 +573,7 @@ console.log('filename:'+ JSON.stringify(req.file.originalname)); } ); -router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), function(req, res) +router.post('/uploadVnfNetworkData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res) { var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; @@ -846,128 +643,7 @@ router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), f } ); -router.post('/uploadVmNetworks', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname){ - if (req.file.originalname.size == 0) { - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:'There was an error uploading the file, please try again.'},privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVmNetwork(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.parallelLimit(funcArray, 50, function(err,result){ - - if ( err ) { - dbRoutes.getVmNetworks(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVmNetworks(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - -} ); - -router.post('/uploadVnfProfile', csp.checkAuth, upload.single('filename'), function(req, res){ +router.post('/uploadVnfProfile', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res){ var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; @@ -1091,249 +767,4 @@ console.log('result='+JSON.stringify(result)); } } ); - -router.post('/uploadVnfNetworks', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname) - { - if (req.file.originalname.size == 0) { - dbRoutes.getVnfProfile(req,res, - {code:'failure', msg:'There was an error uploading the file, please try again.'}, - privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVnfNetwork(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.series(funcArray, function(err,result){ - - if ( err ) { - dbRoutes.getVnfNetworks(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVnfNetworks(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } -} ); - -router.post('/uploadVmProfile', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname) - { - if (req.file.originalname.size == 0) { - dbRoutes.getVmProfile(req,res, - {code:'failure', msg:'There was an error uploading the file, please try again.'}, - privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVmProfile(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.series(funcArray, function(err,result){ - - if ( err ) { - dbRoutes.getVmProfile(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVmProfile(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } -} ); - module.exports = router; diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js index c64beae2..30aa66b2 100644 --- a/admportal/server/router/routes/network.js +++ b/admportal/server/router/routes/network.js @@ -20,12 +20,15 @@ var finalJson={}; var platform;
var req,res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error = false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
network.go = function(lreq,lres,cb,dir) {
puts("Processing NETWORK workbook");
+ proc_error = false;
req = lreq;
res = lres;
callback = cb;
@@ -49,7 +52,8 @@ function doGeneral() { helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('general file is missing from upload.');
+ proc_error=true;
}
}
@@ -57,8 +61,9 @@ function gotGeneral(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
- callback('General.csv file is missing from upload.');
- return;
+ proc_error=true;
+ callback('General.csv file is missing from upload.');
+ return;
}
csvGeneral = jsonObj;
puts("\nRead this: ");
@@ -77,7 +82,10 @@ function doSubnets() { helpers.readCsv(indir, newFileName, gotSubnets);
}
else {
+ puts('subnets file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -85,6 +93,7 @@ function gotSubnets(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Subnets.csv file is missing from upload.');
return;
}
@@ -108,7 +117,10 @@ function doVpnBindings() { helpers.readCsv(indir, newFileName, gotVpnBindings);
}
else {
+ puts('vnp-bindings file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -116,6 +128,7 @@ function gotVpnBindings(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VPN-Bindings.csv file is missing from upload.');
return;
}
@@ -140,7 +153,10 @@ function doPolicies() { helpers.readCsv(indir, newFileName, gotPolicies);
}
else {
+ puts('policies file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -148,6 +164,7 @@ function gotPolicies(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Policies.csv file is missing from upload.');
return;
}
@@ -178,7 +195,10 @@ function doNetRoutes() { helpers.readCsv(indir, newFileName, gotNetRoutes);
}
else {
+ puts('network-routes file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -186,6 +206,7 @@ function gotNetRoutes(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Network-Routes.csv file is missing from upload.');
return;
}
@@ -218,6 +239,21 @@ function processJson() { processPolicies();
processNetRoutes();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -256,7 +292,7 @@ function assembleJson() { finalJson = {"input": networkInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -265,7 +301,7 @@ function outputJson() { puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";
@@ -275,7 +311,7 @@ function outputJson() { filename = "output.json." + unixTime;
}
helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //callback(null, finalJson, filename);
}
@@ -288,7 +324,9 @@ function processGeneral() { if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {
puts("\nError - incorrect version of preload worksheet.");
- callback('Error - incorrect version of preload worksheet.');
+ proc_error=true;
+ //callback('Error - incorrect version of preload worksheet.');
+ return;
}
rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js index fd41bb44..522c6daa 100644 --- a/admportal/server/router/routes/preload.js +++ b/admportal/server/router/routes/preload.js @@ -16,8 +16,6 @@ var vnf = require('./vnf'); var network = require('./network'); var moment = require('moment'); - - // pass host, username and password to ODL // target host for ODL request var username = properties.odlUser; @@ -35,14 +33,17 @@ var options = { strictSSL: false }; -// multer 1.1 +// multer var unixTime = moment().unix(); var storage = multer.diskStorage({ destination: function (req, file, cb) { cb(null, process.cwd() + '/uploads/') + return; }, filename: function (req, file, cb) { +console.log('filename'); cb(null, unixTime + "." + file.originalname ) + return; } }); @@ -54,98 +55,84 @@ var upload = multer({ return cb(null,false); } cb(null,true); + return; } }); router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - + var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; var tasks = []; tasks.push ( function(callback) { vnf.go(req,res,callback,''); } ); tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); async.waterfall(tasks, function(err,result) { - if(err){ - msgArray.push(err); - dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } + if(err){ + msgArray.push(err); + dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } }); - }); router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; + console.log('uploadNetworkCsv'); - tasks.push ( function(callback) { network.go(req,res,callback,''); } ); - tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); - async.waterfall(tasks, function(err,result) - { - if(err){ - msgArray.push(err); - dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + var msgArray = new Array(); + var privilegeObj = req.session.loggedInAdmin; + var tasks = []; + tasks.push ( function(callback) { network.go(req,res,callback,''); } ); + tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + async.waterfall(tasks, function(err,result) + { + if(err){ + console.log('ERROR:' + err); + msgArray.push(err); + dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); + } + }); }); function formatVnfInsertStatement(content,filename,req,res,callback) { - //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"'); - //var ins_str = newstr.replace("\r\n ", "\\r\\n"); - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } function formatNetworkInsertStatement(content,filename,req,res,callback) { - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } - - module.exports = router; diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js index b314d7db..78b69829 100644 --- a/admportal/server/router/routes/root.js +++ b/admportal/server/router/routes/root.js @@ -7,6 +7,12 @@ var os = require('os'); var async = require('async'); var OdlInterface = require('./OdlInterface'); var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json'); +var cookieParser = require('cookie-parser') +var csrf = require('csurf') +var bodyParser = require('body-parser') + +var csrfProtection = csrf({cookie:true}); +var parseForm = bodyParser.urlencoded({ extended: false }) @@ -70,28 +76,33 @@ function createFunctionObj( loptions ) { return function(callback) { OdlInterface.Healthcheck(loptions,callback); }; } -router.get('/mytree', function(req,res) { - res.render('pages/tree'); +//router.get('/mytree', function(req,res) { +// res.render('pages/tree'); +//}); +//router.get('/setuplogin', function(req,res) { +// res.render('pages/setuplogin'); +//}); +//router.post('/formSetupLogin', function(req,res) { +// dbRoutes.saveSetupLogin(req,res); +//}); + +router.get('/login', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/login', {csrfToken:tkn}); + return; }); -router.get('/setuplogin', function(req,res) { - res.render('pages/setuplogin'); +router.post('/formlogin', csrfProtection, function(req,res) { + csp.login(req,res); }); -router.post('/formSetupLogin', function(req,res) { - dbRoutes.saveSetupLogin(req,res); + +router.get('/signup', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/signup', {csrfToken:tkn}); }); -router.post('/formSignUp', function(req,res) { +router.post('/formSignUp', csrfProtection, function(req,res) { dbRoutes.saveUser(req,res); }); -router.post('/formlogin', csp.login, function(req,res) { -}); -router.get('/login', function(req,res) { - res.render('pages/login'); - // handle get -}); -router.get('/signup', function(req,res) { - res.render('pages/signup'); - // handle get -}); + router.get('/info', function(req,res) { // handle get res.send("login info"); diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js index 10d64334..098cd66b 100644 --- a/admportal/server/router/routes/sla.js +++ b/admportal/server/router/routes/sla.js @@ -6,6 +6,8 @@ var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); var multer = require('multer'); +var cookieParser = require('cookie-parser'); +var csrf = require('csurf'); var bodyParser = require('body-parser'); //var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); @@ -21,9 +23,8 @@ var xmlfile=''; // used for file upload button, retain original file name //router.use(bodyParser()); -router.use(bodyParser.urlencoded({ - extended: true -})); +var csrfProtection = csrf({cookie: true}); +router.use(bodyParser.urlencoded({ extended: true })); //var upload = multer({ dest: process.cwd() + '/uploads/', rename: function(fieldname,filename){ return filename; } }); // multer 1.1 @@ -57,11 +58,11 @@ router.use(multer({ // GET -router.get('/listSLA', csp.checkAuth, function(req,res) { +router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.listSLA(req,res,{code:'', msg:''} ); }); -router.get('/activate', csp.checkAuth, function(req,res){ +router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -82,7 +83,7 @@ router.get('/activate', csp.checkAuth, function(req,res){ }); }); -router.get('/deactivate', csp.checkAuth, function(req,res){ +router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -102,7 +103,7 @@ router.get('/deactivate', csp.checkAuth, function(req,res){ }); }); -router.get('/deleteDG', csp.checkAuth, function(req,res){ +router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -122,7 +123,7 @@ router.get('/deleteDG', csp.checkAuth, function(req,res){ }); }); -router.post('/dgUpload', upload.single('filename'), function(req, res, next){ +router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){ if(req.file.originalname){ if (req.file.originalname == 0) { @@ -188,88 +189,94 @@ router.post('/dgUpload', upload.single('filename'), function(req, res, next){ // POST -router.post('/upload', csp.checkAuth, upload.single('filename'), function(req, res, next){ +router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){ console.log('file:'+ JSON.stringify(req.file)); - if(req.file.originalname){ - if (req.file.originalname.size == 0) { - dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); - } - fs.exists(req.file.path, function(exists) { - if(exists) { - + if(req.file.originalname) + { + if (req.file.originalname.size == 0) + { + dbRoutes.listSLA(req,res, + { code:'danger', msg:'There was an error uploading the file, please try again.'}); + } + fs.exists(req.file.path, function(exists) + { + if(exists) + { // parse xml - try { + try + { //dbRoutes.checkSvcLogic(req,res); var currentDB = dbRoutes.getCurrentDB(); - var file_buf = fs.readFileSync(req.file.path, "utf8"); + var file_buf = fs.readFileSync(req.file.path, "utf8"); - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() - + "/shell/svclogic.sh load " + // call svclogic shell script from here + var commandToExec = process.cwd() + "/shell/svclogic.sh load " + req.file.path + " " - + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB; + + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB; - console.log("commandToExec:" + commandToExec); - child = exec(commandToExec ,function (error,stdout,stderr){ - if(error){ - console.error("error:" + error); + console.log("commandToExec:" + commandToExec); + child = exec(commandToExec ,function (error,stdout,stderr) + { + if(error) + { + console.error("error:" + error); dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); return; - } - if(stderr){ - console.error("stderr:" + JSON.stringify(stderr,null,2)); - var s_stderr = JSON.stringify(stderr); - if ( s_stderr.indexOf("Saving") > -1 ) - { - dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); - }else { - dbRoutes.listSLA(req,res,{code:'failure', msg:stderr}); - } - return; - } - if(stdout){ - console.log("stderr:" + stdout); + } + if(stderr){ + console.error("stderr:" + JSON.stringify(stderr,null,2)); + var s_stderr = JSON.stringify(stderr); + if ( s_stderr.indexOf("Saving") > -1 ) + { + dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); + }else { + dbRoutes.listSLA(req,res,{code:'failure', msg:stderr}); + } + return; + } + if(stdout){ + console.log("stderr:" + stdout); dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); - return; + return; } // remove the grave accents, the sax parser does not like them //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { - // keep 'em silent - console.error("error:" + ex); - dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } - - } else { - dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); - } - }); + }); + } catch(ex) { + // keep 'em silent + console.error("error:" + ex); + dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); + } + } + else { + dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); + } + }); } else { dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); } }); -router.get('/printAsXml', csp.checkAuth, function(req,res){ +router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){ try { //dbRoutes.checkSvcLogic(req,res); var _module = req.query.module; - var rpc = req.query.rpc; - var version = req.query.version; - var mode = req.query.mode; + var rpc = req.query.rpc; + var version = req.query.version; + var mode = req.query.mode; var currentDB = dbRoutes.getCurrentDB(); - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() + // call Dan's svclogic shell script from here + var commandToExec = process.cwd() + "/shell/svclogic.sh get-source " + _module + " " + rpc + " " @@ -279,91 +286,34 @@ router.get('/printAsXml', csp.checkAuth, function(req,res){ console.log("commandToExec:" + commandToExec); - child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){ - if(error){ + child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){ + if(error){ console.error("error:" + error); - dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); + dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); return; - } - //if(stderr){ - //logger.info("stderr:" + stderr); - //} - if(stdout){ - console.log("OUTPUT:" + stdout); - res.render('sla/printasxml', {result:{code:'success', - msg:'Module : ' + _module + '\n' + + } + //if(stderr){ + //logger.info("stderr:" + stderr); + //} + if(stdout){ + console.log("OUTPUT:" + stdout); + res.render('sla/printasxml', {result:{code:'success', + msg:'Module : ' + _module + '\n' + 'RPC : ' + rpc + '\n' + 'Mode : ' + mode + '\n' + 'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU}); - } - - // remove the grave accents, the sax parser does not like them - //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); - //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); - //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { + } + + // remove the grave accents, the sax parser does not like them + //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); + //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); + //dbRoutes.listSLA(req,res, resultObj); + }); + } catch(ex) { console.error("error:" + ex); dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } + } }); -router.get('/printAsGv', csp.checkAuth, function(req,res){ - - try { - //dbRoutes.checkSvcLogic(req,res); - - var _module = req.query.module; - var rpc = req.query.rpc; - var version = req.query.version; - var mode = req.query.mode; - var currentDB = dbRoutes.getCurrentDB(); -console.log('currentDB='+currentDB); - - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() - + "/shell/svclogic.sh print " - + _module + " " - + rpc + " " - + mode + " " - + version + " " - + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB - + " | dot -Tpng"; - - console.log("commandToExec:" + commandToExec); - - child = exec(commandToExec , - {encoding:'base64',maxBuffer:5000*1024}, function (error,stdout,stderr){ - if(error){ - console.error("error:" + error); - dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); - return; - } - if(stderr){ - console.error("stderr:" + stderr); - } - if(stdout){ - //logger.info("OUTPUT:" + stdout); - //res.render('sla/printasgv', result = {code:'success', - //msg:new Buffer(stdout,'base64')} ); - res.render('sla/printasgv', {result:{code:'success', - module: _module, - rpc: rpc, - version: version, - mode:mode, - msg:stdout}, header:process.env.MAIN_MENU}); - } - - // remove the grave accents, the sax parser does not like them - //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); - //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); - //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { - console.error("error:" + ex); - dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } - -}); module.exports = router; diff --git a/admportal/server/router/routes/user.js b/admportal/server/router/routes/user.js index 40d3437c..df5f8607 100644 --- a/admportal/server/router/routes/user.js +++ b/admportal/server/router/routes/user.js @@ -5,8 +5,13 @@ var util = require('util'); var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); +var cookieParser = require('cookie-parser'); +var csrf = require('csurf'); var bodyParser = require('body-parser'); -var sax = require('sax'),strict=true,parser = sax.parser(strict); +//var sax = require('sax'),strict=true,parser = sax.parser(strict); + +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()); // SVC_LOGIC table columns var _module=''; // cannot use module its a reserved word @@ -17,16 +22,21 @@ var xmlfile=''; //router.use(bodyParser()); -router.use(bodyParser.urlencoded({ - extended: true -})); +router.use(bodyParser.urlencoded({ extended: true })); // GET router.get('/listUsers', csp.checkAuth, function(req,res) { dbRoutes.listUsers(req,res, {user:req.session.loggedInAdmin,code:'', msg:''} ); }); -router.get('/deleteUser', csp.checkAuth, function(req,res) { +// POST +router.post('/updateUser', csp.checkAuth, csrfProtection, function(req,res,next){ + dbRoutes.updateUser(req,res,{code:'',msg:''}); +}); +router.post('/addUser', csp.checkAuth, csrfProtection, function(req,res) { + dbRoutes.addUser(req,res, {code:'', msg:''} ); +}); +router.get('/deleteUser', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.deleteUser(req,res, {code:'', msg:''} ); }); @@ -93,13 +103,6 @@ parser.onend = function () { */ -// POST -router.post('/updateUser', csp.checkAuth, function(req,res,next){ - dbRoutes.updateUser(req,res,{code:'',msg:''}); -}); -router.post('/addUser', csp.checkAuth, function(req,res) { - dbRoutes.addUser(req,res, {code:'', msg:''} ); -}); //router.post('/upload', csp.checkAuth, function(req, res, next){ diff --git a/admportal/server/router/routes/vnf.js b/admportal/server/router/routes/vnf.js index be004fe2..99bb3a7d 100644 --- a/admportal/server/router/routes/vnf.js +++ b/admportal/server/router/routes/vnf.js @@ -21,12 +21,15 @@ var finalJson={}; var platform;
var req, res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error=false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
vnf.go = function(lreq,lres,cb,dir){
puts("Processing VNF workbook");
+ proc_error=false;
req = lreq;
res = lres;
callback = cb;
@@ -51,7 +54,8 @@ function doGeneral() { helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('General.csv file is missing from upload.');
+ proc_error=true;
}
}
@@ -59,6 +63,7 @@ function gotGeneral(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('General.csv file is missing from upload.');
return;
}
@@ -79,14 +84,17 @@ function doAvailZones() { helpers.readCsv(indir, newFileName, gotAvailZones);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotAvailZones(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Availability-zones.csv file is missing from upload.');
return;
}
@@ -110,14 +118,17 @@ function doNetworks() { helpers.readCsv(indir, newFileName, gotNetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotNetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Networks.csv file is missing from upload.');
return;
}
@@ -142,14 +153,17 @@ function doVMs() { helpers.readCsv(indir, newFileName, gotVMs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VMs.csv file is missing from upload.');
return;
}
@@ -174,14 +188,17 @@ function doVMnetworks() { helpers.readCsv(indir, newFileName, gotVMnetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-networks.csv file is missing from upload.');
return;
}
@@ -206,14 +223,17 @@ function doVMnetworkIPs() { helpers.readCsv(indir, newFileName, gotVMnetworkIPs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkIPs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-IPs.csv file is missing from upload.');
return;
}
@@ -238,14 +258,17 @@ function doVMnetworkMACs() { helpers.readCsv(indir, newFileName, gotVMnetworkMACs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkMACs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-MACs.csv file is missing from upload.');
return;
}
@@ -270,14 +293,17 @@ function doTagValues() { helpers.readCsv(indir, newFileName, gotTagValues);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotTagValues(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Tag-values.csv file is missing from upload.');
return;
}
@@ -315,6 +341,21 @@ function processJson() { processVMs();
processTagValues();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -350,7 +391,7 @@ function assembleJson() { finalJson = {"input": vnfInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -359,7 +400,7 @@ function outputJson() { puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".vnf_worksheet.json";
@@ -368,8 +409,8 @@ function outputJson() { fullpath_filename = "./output.json."+unixTime;
filename = "output.json." + unixTime;
}
- helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
+ //callback(null, finalJson, filename);
}
diff --git a/admportal/views/mobility/vnfPreloadData.ejs b/admportal/views/mobility/vnfPreloadData.ejs index 69f02e59..4dc73987 100644 --- a/admportal/views/mobility/vnfPreloadData.ejs +++ b/admportal/views/mobility/vnfPreloadData.ejs @@ -110,8 +110,9 @@ <div class="col-md-8 col-md-push-4"> <form method="POST" action="/mobility/uploadVnfData" enctype="multipart/form-data"> <div class="form-group"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> <label for="dest">Upload pre processed JSON file.</label> - <input name="filename" type="file" id="dest"> + <input name="filename" type="file" id="dest" /> <p class="help-block">Choose a JSON file to upload.</p> <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" @@ -123,8 +124,9 @@ <div class="col-md-4 col-md-pull-8"> <form method="POST" action="/preload/uploadVnfCsv" enctype="multipart/form-data"> <div class="form-group"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> <label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label> - <input name="filename" type="file" id="dest" multiple> + <input name="filename" type="file" id="dest" multiple /> <p class="help-block">Choose Worksheet CSV files to upload.</p> <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" diff --git a/admportal/views/mobility/vnfPreloadNetworkData.ejs b/admportal/views/mobility/vnfPreloadNetworkData.ejs index 099dcba5..5d6204c0 100644 --- a/admportal/views/mobility/vnfPreloadNetworkData.ejs +++ b/admportal/views/mobility/vnfPreloadNetworkData.ejs @@ -111,7 +111,7 @@ <form method="POST" action="/mobility/uploadVnfNetworkData" enctype="multipart/form-data"> <div class="form-group"> <label for="dest">Upload pre processed JSON file.</label> - <input name="filename" type="file" id="dest"></input> + <input name="filename" type="file" id="dest" /> <p class="help-block">Choose a JSON file to upload.</p> <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" @@ -125,7 +125,7 @@ <form method="POST" action="/preload/uploadNetworkCsv" enctype="multipart/form-data"> <div class="form-group"> <label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label> - <input name="filename" type="file" id="dest" multiple></input> + <input name="filename" type="file" id="dest" multiple /> <p class="help-block">Choose Worksheet CSV files to upload.</p> <button type="button" class="btn btn-default" data-toggle="tooltip" data-placement="bottom" diff --git a/admportal/views/mobility/vnfProfile.ejs b/admportal/views/mobility/vnfProfile.ejs index 1a494985..a801b90c 100644 --- a/admportal/views/mobility/vnfProfile.ejs +++ b/admportal/views/mobility/vnfProfile.ejs @@ -90,6 +90,7 @@ <% if(priv == 'A'){ %> <div class="actions" style="padding:0px 25px;"> <form method="POST" action="/mobility/uploadVnfProfile" enctype="multipart/form-data"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> <div class="form-group"> <label for="dest">File input</label> <input name="filename" type="file" id="dest"> diff --git a/admportal/views/pages/login.ejs b/admportal/views/pages/login.ejs index 3a3e5e4e..9da2f31d 100644 --- a/admportal/views/pages/login.ejs +++ b/admportal/views/pages/login.ejs @@ -33,6 +33,7 @@ <form class="form-signin" method="POST" action="/formlogin"> <h3 class="form-signin-heading">AdminPortal Login</h3> + <input type="hidden" name="_csrf" value="<%= csrfToken %>" /> <input type="text" name="email" id="email" class="form-control" placeholder="Email" required> <input type="password" name="password" id="password" class="form-control" placeholder="Password" required> diff --git a/admportal/views/pages/signup.ejs b/admportal/views/pages/signup.ejs index 03ac7bc5..2a039531 100644 --- a/admportal/views/pages/signup.ejs +++ b/admportal/views/pages/signup.ejs @@ -33,6 +33,7 @@ <form class="form-signin" method="POST" action="/formSignUp"> <h3 class="form-signin-heading">AdminPortal Signup</h3> + <input type="hidden" name="_csrf" value="<%= csrfToken %>" /> <input type="email" name="nf_email" id="nf_email" class="form-control" placeholder="Email Address" required> <input type="password" name="nf_password" id="nf_password" class="form-control" placeholder="Password" required> diff --git a/admportal/views/partials/new_parameter.ejs b/admportal/views/partials/new_parameter.ejs index b6d1f5be..4a2c0fe3 100644 --- a/admportal/views/partials/new_parameter.ejs +++ b/admportal/views/partials/new_parameter.ejs @@ -1,36 +1,37 @@ - <div class="modal fade" id="new_parameter" tabindex="-1" role="dialog" +<div class="modal fade" id="new_parameter" tabindex="-1" role="dialog" aria-labelledby="new_parameter_label" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> - <h4 class="modal-title">Add Parameter</h4> - </div> - <div class="modal-body"> - <form name="addForm" role="form" action="/admin/addParameter" method="POST"> - <div class="form-group"> - <label for="nf_name">*Name</label> - <input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)"> - </div> - <div class="form-group"> - <label for="nf_value">*Value</label> - <input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)"> - </div> - <div class="form-group"> - <label for="nf_category">Category</label> - <input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)"> - </div> - <div class="form-group"> - <label for="nf_memo">Memo</label> - <input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)"> - </div> - <div class="form-group"> - <input type="hidden" name="nf_action" id="nf_action"> - <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button> - <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> - </div> - </form> - </div> - </div> - </div> - </div> + <div class="modal-dialog"> + <div class="modal-content"> + <div class="modal-header"> + <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> + <h4 class="modal-title">Add Parameter</h4> + </div> + <div class="modal-body"> + <form name="addForm" role="form" action="/admin/addParameter" method="POST"> + <div class="form-group"> + <label for="nf_name">*Name</label> + <input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)" /> + </div> + <div class="form-group"> + <label for="nf_value">*Value</label> + <input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)" /> + </div> + <div class="form-group"> + <label for="nf_category">Category</label> + <input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)" /> + </div> + <div class="form-group"> + <label for="nf_memo">Memo</label> + <input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)" /> + </div> + <div class="form-group"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> + <input type="hidden" name="nf_action" id="nf_action"> + <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button> + <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> + </div> + </form> + </div> + </div> + </div> +</div> diff --git a/admportal/views/partials/newuserform.ejs b/admportal/views/partials/newuserform.ejs index 60459947..61bf2ddc 100644 --- a/admportal/views/partials/newuserform.ejs +++ b/admportal/views/partials/newuserform.ejs @@ -1,32 +1,33 @@ -<div class="modal fade" id="newUserModal" tabindex="-1" role="dialog" aria-labelledby="newUserModalLabel" aria-hidden="true"> +<div class="modal fade" id="new_user" tabindex="-1" role="dialog" aria-labelledby="new_user" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> - <h4 class="modal-title" id="newUserModalLabel">New User</h4> + <h4 class="modal-title">New User</h4> </div> <div class="modal-body"> <form id="addForm" name="addForm" role="form" action="/user/addUser" method="POST"> <div class="form-group"> - <label for="email">Email</label> - <input type="email" class="form-control" name="nf_email" id="nf_email"> + <label for="nf_email">Email</label> + <input type="email" class="form-control" name="nf_email" id="nf_email" placeholder="varchar(64)" maxlength="64" /> </div> <div class="form-group"> <label for="nf_password">Password</label> - <input type="password" class="form-control" name="nf_password" id="nf_password"> + <input type="password" class="form-control" name="nf_password" id="nf_password" /> </div> <div class="form-group"> <label for="nf_confirm_password">Confirm Password</label> - <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password"> + <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password" /> </div> <div class="form-group"> - <label for="privilege">Privilege</label> + <label for="nf_privilege">Privilege</label> <select class="form-control" name="nf_privilege" id="nf_privilege"> <option value=admin>Administrator</option> <option value=readonly>Readonly</option> </select> </div> <div class="form-group"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button> <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> </div> diff --git a/admportal/views/partials/update_parameter.ejs b/admportal/views/partials/update_parameter.ejs index c0ef57d2..257f657e 100644 --- a/admportal/views/partials/update_parameter.ejs +++ b/admportal/views/partials/update_parameter.ejs @@ -25,6 +25,7 @@ <input maxlength="128" type="text" class="form-control" name="uf_memo" id="uf_memo" placeholder="varchar(128)"> </div> <div class="form-group"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> <input type="hidden" name="nf_action" id="nf_action"> <input type="hidden" name="uf_key_name" id="uf_key_name"> <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button> diff --git a/admportal/views/partials/userform.ejs b/admportal/views/partials/userform.ejs index fae52ad2..f882c6d0 100644 --- a/admportal/views/partials/userform.ejs +++ b/admportal/views/partials/userform.ejs @@ -1,41 +1,42 @@ - <div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true"> - <div class="modal-dialog"> - <div class="modal-content"> - <div class="modal-header"> - <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> - <h4 class="modal-title" id="myUserModalLabel">Update User</h4> - </div> - <div class="modal-body"> - <form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST"> - <div class="form-group"> - <label for="uf_email">attuid</label> - <input type="email" class="form-control" name="uf_email" id="uf_email"> - </div> - <div class="form-group"> - <label for="uf_password">Password</label> - <input type="password" class="form-control" name="uf_password" id="uf_password"> - </div> - <div class="form-group"> - <label for="uf_confirm_password">Confirm Password</label> - <input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password"> - </div> - <div class="form-group"> - <label for="privilege">Privilege</label> - <select class="form-control" name="uf_privilege" id="uf_privilege"> - <option value=admin>Administrator</option> - <option value=readonly>Readonly</option> - </select> - </div> - <div class="form-group"> - <input type="hidden" name="uf_action" id="uf_action"> - <input type="hidden" name="uf_key_email" id="uf_key_email"> - <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button> - <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> - </div> - </form> - </div> - </div> - </div> - </div> +<div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true"> + <div class="modal-dialog"> + <div class="modal-content"> + <div class="modal-header"> + <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> + <h4 class="modal-title" id="myUserModalLabel">Update User</h4> + </div> + <div class="modal-body"> + <form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST"> + <div class="form-group"> + <label for="uf_email">Email</label> + <input type="email" class="form-control" name="uf_email" id="uf_email" /> + </div> + <div class="form-group"> + <label for="uf_password">Password</label> + <input type="password" class="form-control" name="uf_password" id="uf_password" /> + </div> + <div class="form-group"> + <label for="uf_confirm_password">Confirm Password</label> + <input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password" /> + </div> + <div class="form-group"> + <label for="uf_privilege">Privilege</label> + <select class="form-control" name="uf_privilege" id="uf_privilege"> + <option value=admin>Administrator</option> + <option value=readonly>Readonly</option> + </select> + </div> + <div class="form-group"> + <input type="hidden" name="uf_action" id="uf_action" /> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> + <input type="hidden" name="uf_key_email" id="uf_key_email" /> + <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button> + <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> + </div> + </form> + </div> + </div> + </div> +</div> diff --git a/admportal/views/partials/vnf_profile.ejs b/admportal/views/partials/vnf_profile.ejs index d67cf1a6..f5132191 100644 --- a/admportal/views/partials/vnf_profile.ejs +++ b/admportal/views/partials/vnf_profile.ejs @@ -21,9 +21,10 @@ <input type="text" class="form-control" name="nf_equipment_role" id="nf_equipment_role" maxlength="11" placeholder="varchar(80)"> </div> <div class="form-group"> - <input type="hidden" name="nf_action" id="nf_action"> - <button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button> - <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> + <input type="hidden" name="nf_action" id="nf_action"> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> + <button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button> + <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> </div> </form> </div> diff --git a/admportal/views/sla/list.ejs b/admportal/views/sla/list.ejs index 10bd4f4c..575e2066 100644 --- a/admportal/views/sla/list.ejs +++ b/admportal/views/sla/list.ejs @@ -40,79 +40,73 @@ <div class="container-fluid"> <table id="sla" class="table table-hover table-condensed"> - <thead> - <tr> - <th>Module</th> - <th>RPC</th> - <th>Version</th> - <th>Mode</th> - <th>Active</th> - <% if(priv == 'A') { %> - <th>Activate/Deactive</th> - <% } %> - <th>Display</th> - <th>XML code</th> - <% if(priv=='A') { %> - <th>Delete</th> - <% } %> - </tr> - </thead> - <tbody> - <% var i=0; rows.forEach( function(row) { %> - <tr> - <td><%= row.module %></td> - <td><%= row.rpc %></td> - <td><%= row.version %></td> - <td><%= row.mode %></td> - <td><%= row.active %></td> - <% if ( priv == 'A' ) { - if (row.active == "Y") { %> - <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td> - <% } else { %> - <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td> - <% } %> - <% } %> - <td> - <button type="button" class="btn btn-default btn-xs" - onclick='location.assign("/sla/printAsGv?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>Display</button> - </td> - <td> - <button type="button" class="btn btn-default btn-xs" - onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button> - </td> - <% if ( priv == 'A' ) { %> - <td> - <button type="button" class="btn btn-default btn-xs" + <thead> + <tr> + <th>Module</th> + <th>RPC</th> + <th>Version</th> + <th>Mode</th> + <th>Active</th> + <% if(priv == 'A') { %> + <th>Activate/Deactive</th> + <% } %> + <th>XML code</th> + <% if(priv=='A') { %> + <th>Delete</th> + <% } %> + </tr> + </thead> + <tbody> + <% var i=0; rows.forEach( function(row) { %> + <tr> + <td><%= row.module %></td> + <td><%= row.rpc %></td> + <td><%= row.version %></td> + <td><%= row.mode %></td> + <td><%= row.active %></td> + <% if ( priv == 'A' ) { + if (row.active == "Y") { %> + <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td> + <% } else { %> + <td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td> + <% } %> + <% } %> + <td> + <button type="button" class="btn btn-default btn-xs" + onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button> + </td> + <% if ( priv == 'A' ) { %> + <td> + <button type="button" class="btn btn-default btn-xs" onclick="deleteGraph('<%=row.module %>', - '<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button> - </td> - <% } %> - </tr> - <% i++; }); %> - </tbody> - </table> + '<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button> + </td> + <% } %> + </tr> + <% i++; }); %> + </tbody> + </table> <% if(priv == 'A') { %> <div class="actions" style="padding:0px 25px;"> <form method="POST" action="/sla/upload" enctype="multipart/form-data"> <div class="form-group"> - <label for="dest">File input</label> - <input name="filename" type="file" id="dest"> - <p class="help-block">Choose a file to upload.</p> - </div> - <% - if ( priv == 'A' ) - { - %> - <button type="button" class="btn btn-default" - onclick="uploadFile(this.form);">Upload File</button> - <% } else { %> - <button type="button" class="btn btn-default disabled" - onclick="uploadFile(this.form);">Upload File</button> - <% } %> + <label for="dest">File input</label> + <input name="filename" type="file" id="dest" /> + <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" /> + <p class="help-block">Choose a file to upload.</p> + </div> + <% if ( priv == 'A' ) { %> + <button type="button" class="btn btn-default" + onclick="uploadFile(this.form);">Upload File</button> + <% } else { %> + <button type="button" class="btn btn-default disabled" + onclick="uploadFile(this.form);">Upload File</button> + <% } %> </form> </div> <% } %> + </div> diff --git a/admportal/views/user/list.ejs b/admportal/views/user/list.ejs index 947a8114..ec650b0b 100644 --- a/admportal/views/user/list.ejs +++ b/admportal/views/user/list.ejs @@ -43,7 +43,7 @@ <div class="container-fluid"> <div class="actions" style="padding:15px 0px;"> <% if(priv == 'A') { %> - <button class="btn btn-primary" data-toggle="modal" data-target="#newUserModal">Add User</button> + <button class="btn btn-primary" data-toggle="modal" data-target="#new_user">Add User</button> <% } %> </div> @@ -75,14 +75,14 @@ <% } %> </td> <% if(priv == 'A') { %> - <td><form name="rowform"> - <input type="hidden" name="rfemail" id="rfemail" value="<%= row.email %>"</input> + <td> + <form name="rowform"> + <button type="button" class="btn btn-default btn-xs" + onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button> + <button type="button" class="btn btn-default btn-xs" + onclick="deleteRequest('<%=row.email %>');">Delete</button> </form> - <button type="button" class="btn btn-default btn-xs" - onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button> - <button type="button" class="btn btn-default btn-xs" - onclick="deleteRequest('<%=row.email %>');">Delete</button> - </td> + </td> <% } %> </tr> <% }); }; %> diff --git a/configbackuprestore/pom.xml b/configbackuprestore/pom.xml index a8f6b1b8..68ef0125 100644 --- a/configbackuprestore/pom.xml +++ b/configbackuprestore/pom.xml @@ -12,7 +12,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>spring-boot-1-starter-parent</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <properties> diff --git a/installation/admportal/pom.xml b/installation/admportal/pom.xml index 8c7214e6..9ab60c89 100644 --- a/installation/admportal/pom.xml +++ b/installation/admportal/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/installation/ansible-server/pom.xml b/installation/ansible-server/pom.xml index 0fbfd4a9..27b2b8f7 100644 --- a/installation/ansible-server/pom.xml +++ b/installation/ansible-server/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <packaging>pom</packaging> diff --git a/installation/dmaap-listener/pom.xml b/installation/dmaap-listener/pom.xml index 54771e99..cbcc739c 100644 --- a/installation/dmaap-listener/pom.xml +++ b/installation/dmaap-listener/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <packaging>pom</packaging> diff --git a/installation/pom.xml b/installation/pom.xml index 01f8aa53..7d7fa0e8 100644 --- a/installation/pom.xml +++ b/installation/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml index b9e3b145..6c42afdb 100644 --- a/installation/sdnc/pom.xml +++ b/installation/sdnc/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -25,7 +25,7 @@ <ccsdk.docker.version>0.5.0-STAGING-latest</ccsdk.docker.version> <ccsdk.features.version>0.5.0-SNAPSHOT</ccsdk.features.version> <sdnc.keystore>org.onap.sdnc.p12</sdnc.keystore> - <sdnc.keypass><![CDATA[ff^G9D]yf&r}Ktum@BJ0YB?N]]></sdnc.keypass> + <sdnc.keypass>ff^G9D]yf&r}Ktum@BJ0YB?N</sdnc.keypass> <sdnc.secureport>8443</sdnc.secureport> <docker.buildArg.https_proxy>${https_proxy}</docker.buildArg.https_proxy> <docker.push.phase>deploy</docker.push.phase> diff --git a/installation/ueb-listener/pom.xml b/installation/ueb-listener/pom.xml index e068909b..1fbe0600 100644 --- a/installation/ueb-listener/pom.xml +++ b/installation/ueb-listener/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <packaging>pom</packaging> diff --git a/platform-logic/datachange/pom.xml b/platform-logic/datachange/pom.xml index ae4419f3..b0d237ff 100644 --- a/platform-logic/datachange/pom.xml +++ b/platform-logic/datachange/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/generic-resource-api/pom.xml b/platform-logic/generic-resource-api/pom.xml index a7bf825a..01f88de9 100644 --- a/platform-logic/generic-resource-api/pom.xml +++ b/platform-logic/generic-resource-api/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/installer/pom.xml b/platform-logic/installer/pom.xml index de6500df..38d3bdcd 100644 --- a/platform-logic/installer/pom.xml +++ b/platform-logic/installer/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/lcm/pom.xml b/platform-logic/lcm/pom.xml index 923daf76..73d172b1 100644 --- a/platform-logic/lcm/pom.xml +++ b/platform-logic/lcm/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/pom.xml b/platform-logic/pom.xml index 6ee01b36..499641b2 100644 --- a/platform-logic/pom.xml +++ b/platform-logic/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/restapi-templates/pom.xml b/platform-logic/restapi-templates/pom.xml index 37948603..824297a2 100644 --- a/platform-logic/restapi-templates/pom.xml +++ b/platform-logic/restapi-templates/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/restconfapi-yang/pom.xml b/platform-logic/restconfapi-yang/pom.xml index 16f92af2..7b8d2e16 100644 --- a/platform-logic/restconfapi-yang/pom.xml +++ b/platform-logic/restconfapi-yang/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/setup/pom.xml b/platform-logic/setup/pom.xml index c9d9c5f1..dbda36c4 100644 --- a/platform-logic/setup/pom.xml +++ b/platform-logic/setup/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> diff --git a/platform-logic/vnfapi/pom.xml b/platform-logic/vnfapi/pom.xml index 8b0c667e..0f1e718e 100644 --- a/platform-logic/vnfapi/pom.xml +++ b/platform-logic/vnfapi/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> <relativePath/> </parent> @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.ccsdk.parent</groupId> <artifactId>odlparent-lite</artifactId> - <version>1.3.0-SNAPSHOT</version> + <version>1.3.1-SNAPSHOT</version> </parent> <groupId>org.onap.sdnc.oam</groupId> |