aboutsummaryrefslogtreecommitdiffstats
path: root/admportal/server/router/routes/gamma.js
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-07-31 14:46:56 +0000
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-07-31 14:31:07 -0400
commit18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/gamma.js
parent33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/gamma.js')
-rw-r--r--admportal/server/router/routes/gamma.js307
1 files changed, 0 insertions, 307 deletions
diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js
index 70e6713c..5b8c7649 100644
--- a/admportal/server/router/routes/gamma.js
+++ b/admportal/server/router/routes/gamma.js
@@ -53,314 +53,7 @@ router.get('/getNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res)
dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- if (typeof req.query.vlan_plan_id == "undefined"){
- dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }else{
- var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN "
- + req.query.range_start + " AND " + req.query.range_end;
- dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }
-});
-
-router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var network_type = removeNL(req.body.nf_network_type);
- var technology = removeNL(req.body.nf_technology);
- var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES ("
- + "'"+ network_type + "',"
- + "'"+ technology + "')";
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result == 1 )
- {
- msgArray.push('Successfully added Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Was not able to add Network Profile.');
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var plan_type = req.body.nf_plan_type;
- var purpose = req.body.nf_purpose;
- var range_start = padLeft(removeNL(req.body.nf_range_start),4);
- var range_end = padLeft(removeNL(req.body.nf_range_end),4);
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback){
- dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback);
-
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push("Error: " + err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result[0] == 1 )
- {
- msgArray.push('Successfully deleted Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('No rows removed.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- tasks.push(function(callback){
- dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully deleted Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE NETWORK_PROFILE SET "
- + "network_type='"+ removeNL(req.body.uf_network_type) + "', "
- + "technology='" + removeNL(req.body.uf_technology) + "' "
- + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'";
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE VLAN_POOL SET "
- + "status='"+ removeNL(req.body.uf_status) + "' "
- + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'"
- + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'"
- + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'"
- + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'"
- + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'"
- + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id);
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-});
-router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var vlan_plan_id = req.query.vlan_plan_id;
- var plan_type = req.query.plan_type;
- var purpose = req.query.purpose;
- var range_start = req.query.range_start;
- var range_end = req.query.range_end;
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-///// end 1604
-
-
// GET
-router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-
-// ROLLBACK SERVICE_HOMING
-router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.rollbackServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('SERVICE_HOMING table successfully restored.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-// DELETE SERVICE_HOMING
-router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from SERVICE_HOMING table.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-// DELETE AIC_SITE
router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;