diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/gamma.js | |
parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/gamma.js')
-rw-r--r-- | admportal/server/router/routes/gamma.js | 307 |
1 files changed, 0 insertions, 307 deletions
diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js index 70e6713c..5b8c7649 100644 --- a/admportal/server/router/routes/gamma.js +++ b/admportal/server/router/routes/gamma.js @@ -53,314 +53,7 @@ router.get('/getNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - if (typeof req.query.vlan_plan_id == "undefined"){ - dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - }else{ - var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN " - + req.query.range_start + " AND " + req.query.range_end; - dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - } -}); - -router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var network_type = removeNL(req.body.nf_network_type); - var technology = removeNL(req.body.nf_technology); - var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES (" - + "'"+ network_type + "'," - + "'"+ technology + "')"; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result == 1 ) - { - msgArray.push('Successfully added Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Was not able to add Network Profile.'); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var plan_type = req.body.nf_plan_type; - var purpose = req.body.nf_purpose; - var range_start = padLeft(removeNL(req.body.nf_range_start),4); - var range_end = padLeft(removeNL(req.body.nf_range_end),4); - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback){ - dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback); - - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push("Error: " + err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result[0] == 1 ) - { - msgArray.push('Successfully deleted Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('No rows removed.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - - tasks.push(function(callback){ - dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully deleted Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE NETWORK_PROFILE SET " - + "network_type='"+ removeNL(req.body.uf_network_type) + "', " - + "technology='" + removeNL(req.body.uf_technology) + "' " - + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'"; - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE VLAN_POOL SET " - + "status='"+ removeNL(req.body.uf_status) + "' " - + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'" - + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'" - + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'" - + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'" - + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'" - + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id); - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ -}); -router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var vlan_plan_id = req.query.vlan_plan_id; - var plan_type = req.query.plan_type; - var purpose = req.query.purpose; - var range_start = req.query.range_start; - var range_end = req.query.range_end; - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -///// end 1604 - - // GET -router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); - -// ROLLBACK SERVICE_HOMING -router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.rollbackServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('SERVICE_HOMING table successfully restored.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -// DELETE SERVICE_HOMING -router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.deleteServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from SERVICE_HOMING table.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -// DELETE AIC_SITE router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { var privilegeObj = req.session.loggedInAdmin; |