diff options
| author |   Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
|---|---|---|
| committer |   Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
| commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
| tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes/root.js | |
| parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) | |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes/root.js')
| -rw-r--r-- | admportal/server/router/routes/root.js | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js index b314d7db..78b69829 100644 --- a/admportal/server/router/routes/root.js +++ b/admportal/server/router/routes/root.js @@ -7,6 +7,12 @@ var os = require('os'); var async = require('async'); var OdlInterface = require('./OdlInterface'); var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json'); +var cookieParser = require('cookie-parser') +var csrf = require('csurf') +var bodyParser = require('body-parser') + +var csrfProtection = csrf({cookie:true}); +var parseForm = bodyParser.urlencoded({ extended: false }) @@ -70,28 +76,33 @@ function createFunctionObj( loptions ) { return function(callback) { OdlInterface.Healthcheck(loptions,callback); }; } -router.get('/mytree', function(req,res) { - res.render('pages/tree'); +//router.get('/mytree', function(req,res) { +// res.render('pages/tree'); +//}); +//router.get('/setuplogin', function(req,res) { +// res.render('pages/setuplogin'); +//}); +//router.post('/formSetupLogin', function(req,res) { +// dbRoutes.saveSetupLogin(req,res); +//}); + +router.get('/login', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/login', {csrfToken:tkn}); + return; }); -router.get('/setuplogin', function(req,res) { - res.render('pages/setuplogin'); +router.post('/formlogin', csrfProtection, function(req,res) { + csp.login(req,res); }); -router.post('/formSetupLogin', function(req,res) { - dbRoutes.saveSetupLogin(req,res); + +router.get('/signup', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/signup', {csrfToken:tkn}); }); -router.post('/formSignUp', function(req,res) { +router.post('/formSignUp', csrfProtection, function(req,res) { dbRoutes.saveUser(req,res); }); -router.post('/formlogin', csp.login, function(req,res) { -}); -router.get('/login', function(req,res) { - res.render('pages/login'); - // handle get -}); -router.get('/signup', function(req,res) { - res.render('pages/signup'); - // handle get -}); + router.get('/info', function(req,res) { // handle get res.send("login info"); |