diff options
author | Rotundo, Al (ar3165) <ar3165@att.com> | 2019-07-31 14:46:56 +0000 |
---|---|---|
committer | Timoney, Dan (dt5972) <dtimoney@att.com> | 2019-07-31 14:31:07 -0400 |
commit | 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch) | |
tree | 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router/routes | |
parent | 33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff) |
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40
Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>
Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router/routes')
-rwxr-xr-x | admportal/server/router/routes/admin.js | 45 | ||||
-rw-r--r-- | admportal/server/router/routes/csp.js | 48 | ||||
-rw-r--r-- | admportal/server/router/routes/dbRoutes.js | 550 | ||||
-rw-r--r-- | admportal/server/router/routes/gamma.js | 307 | ||||
-rw-r--r-- | admportal/server/router/routes/mobility.js | 817 | ||||
-rw-r--r-- | admportal/server/router/routes/network.js | 52 | ||||
-rw-r--r-- | admportal/server/router/routes/preload.js | 101 | ||||
-rw-r--r-- | admportal/server/router/routes/root.js | 45 | ||||
-rw-r--r-- | admportal/server/router/routes/sla.js | 220 | ||||
-rw-r--r-- | admportal/server/router/routes/user.js | 27 | ||||
-rw-r--r-- | admportal/server/router/routes/vnf.js | 51 |
11 files changed, 748 insertions, 1515 deletions
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js index 4b7b8088..96c7fd85 100755 --- a/admportal/server/router/routes/admin.js +++ b/admportal/server/router/routes/admin.js @@ -5,40 +5,43 @@ var util = require('util'); var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); +var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); +var csrf = require('csurf'); + +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()); // GET router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) { dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) { +router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) { - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.deleteParameter(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from PARAMETERS table.'); - dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + var privilegeObj = req.session.loggedInAdmin; + var tasks = []; + tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); }); + async.series(tasks, function(err,result){ + var msgArray = new Array(); + if(err){ + msgArray.push(err); + dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Row successfully deleted from PARAMETERS table.'); + dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); // POST -router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ +router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){ var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -59,7 +62,7 @@ router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ }); // gamma - updateAicSite -router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){ +router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){ var privilegeObj = req.session.loggedInAdmin; var tasks = []; diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js index 435aaf91..8828052f 100644 --- a/admportal/server/router/routes/csp.js +++ b/admportal/server/router/routes/csp.js @@ -15,13 +15,18 @@ function logout(req,res){ function login (req,res) { +console.log('login'); +var tkn = req.sanitize(req.body._csrf); +console.log('login:tkn=' + tkn); + var loggedInAdmin={}; - var email = req.body.email; + var email = req.sanitize(req.body.email); + var pswd = req.sanitize(req.body.password); dbRoutes.findAdminUser(email,res,function(adminUser){ if(adminUser !== null){ // make sure correct password is provided - if (req.body.password != adminUser.password) { + if (pswd != adminUser.password) { res.render("pages/login", { result: @@ -36,6 +41,7 @@ function login (req,res) { var loggedInAdmin = { email:adminUser.email, + csrfToken: tkn, password:adminUser.password, privilege:adminUser.privilege } @@ -57,6 +63,7 @@ function login (req,res) { } function checkAuth(req,res,next){ + var host = req.get('host'); var url = req.url; var originalUrl = req.originalUrl; @@ -64,8 +71,7 @@ function checkAuth(req,res,next){ console.log("checkAuth"); var host = req.headers['host']; -console.log('host=' + host); - + console.log('host=' + host); console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin)); if(req.session == null || req.session == undefined || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined) @@ -79,6 +85,40 @@ console.log('host=' + host); next(); } +function checkPriv(req,res,next) +{ + var priv = req.session.loggedInAdmin; + if(req.session == null || req.session == undefined + || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined) + { + res.render("pages/err", + { + result: {code:'error', msg:'Unexpected null session.'}, + header: process.env.MAIN_MENU + }); + return; + } + else + { + if (priv.privilege == 'A') + { + next(); + return; + } + else + { + res.render("pages/err", + { + result: { code:'error', msg:'User does not have permission to run operation.'}, + header: process.env.MAIN_MENU + }); + return; + } + } +} + + exports.login = login; exports.logout = logout; exports.checkAuth = checkAuth; +exports.checkPriv = checkPriv; diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js index 34a90c7b..c4a09fdc 100644 --- a/admportal/server/router/routes/dbRoutes.js +++ b/admportal/server/router/routes/dbRoutes.js @@ -262,18 +262,22 @@ console.log('checkDB'); exports.saveUser = function(req,res){ - pool.getConnection(function(err,connection){ +console.log('b4 sani'); + var email = req.sanitize(req.body.nf_email); + var pswd = req.sanitize(req.body.nf_password); +console.log('after sani'); + + pool.getConnection(function(err,connection) + { if(err){ console.error( String(err) ); // ALARM res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); return; - } - //var sql = "SELECT AES_DECRYPT(password, '" + enckey + "') password FROM PORTAL_USERS"; - var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + req.body.nf_email + "'"; - - console.log(sql); + } + var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'"; - connection.query(sql, function(err,result){ + connection.query(sql, function(err,result) + { if(err){ connection.release(); res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU}); @@ -287,13 +291,12 @@ exports.saveUser = function(req,res){ } sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES (" - +"'"+ req.body.nf_email + "'," - + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "')," + +"'"+ email + "'," + + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," +"'A')"; - console.log(sql); - - connection.query(sql, function(err,result){ + connection.query(sql, function(err,result) + { connection.release(); if(err){ @@ -360,172 +363,207 @@ exports.deleteUser = function(req,res){ exports.addUser = function(req,res){ var rows={}; - var resultObj = { code:'', msg:'' }; + var resultObj = { code:'', msg:'' }; var privilegeObj = req.session.loggedInAdmin; + var privilege = req.sanitize(req.body.nf_privilege); + var email = req.sanitize(req.body.nf_email); + var pswd = req.sanitize(req.body.nf_password); - pool.getConnection(function(err,connection) { - if(err){ + + pool.getConnection(function(err,connection) + { + if(err) + { console.error( String(err) ); // ALARM - res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - - if( req.body.nf_privilege == "admin" ){ - var char_priv = 'A'; - }else if(req.body.nf_privilege == 'readonly'){ - var char_priv = 'R'; - }else{ - var char_priv = 'A'; - } - - - //connection.query(sqlRequest, function(err,result){ - var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES (" - +"'"+ req.body.nf_email + "'," - + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "')," - +"'"+ char_priv + "')"; - - console.log(sqlUpdate); + } - connection.query(sqlUpdate,function(err,result){ + if( privilege == "admin" ){ + var char_priv = 'A'; + }else if(privilege == 'readonly'){ + var char_priv = 'R'; + }else{ + var char_priv = 'R'; + } - if(err){ - resultObj = {code:'error', msg:'Add of user failed Error: '+err}; - } + //connection.query(sqlRequest, function(err,result) + var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES (" + +"'"+ email + "'," + + "AES_ENCRYPT('" + pswd + "','" + enckey + "')," + +"'"+ char_priv + "')"; - // Need DB lookup logic here - connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) { - connection.release(); - if(!err) { - if ( rows.length > 0 ) - { + connection.query(sqlUpdate,function(err,result) + { + if(err){ + resultObj = {code:'error', msg:'Add of user failed Error: '+err}; + } + // Need DB lookup logic here + connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) + { + connection.release(); + if(!err) + { + if ( rows.length > 0 ) + { resultObj = {code:'success',msg:'Successfully added user.'}; - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); + res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); return; - }else{ - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', + }else{ + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.', privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err , + } + } + else { + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err , privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - }); //end query - }); - - }); // end of getConnection + } + }); //end query + }); + }); // end of getConnection } // updateUser exports.updateUser= function(req,res){ - var rows={}; + var rows={}; var resultObj = { code:'', msg:'' }; var privilegeObj = req.session.loggedInAdmin; + var email = req.sanitize(req.body.uf_email); + var key_email = req.sanitize(req.body.uf_key_email) + var pswd = req.sanitize(req.body.uf_password); + var privilege = req.sanitize(req.body.uf_privilege); - pool.getConnection(function(err,connection) { - - if(err){ + pool.getConnection(function(err,connection) + { + if(err){ console.error( String(err) ); // ALARM - res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), + res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } + } - if( req.body.uf_privilege == "admin" ){ + if( privilege == "admin" ){ var char_priv = 'A'; - }else if(req.body.uf_privilege == 'readonly'){ + }else if(privilege == 'readonly'){ var char_priv = 'R'; }else{ - var char_priv = 'A'; + var char_priv = 'R'; } - - //connection.query(sqlRequest, function(err,result){ var sqlUpdate = "UPDATE PORTAL_USERS SET " - + "email = '" + req.body.uf_email + "'," - + "password = " + "AES_ENCRYPT('" + req.body.uf_password + "','" + enckey + "'), " + + "email = '" + email + "'," + + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), " + "privilege = '"+ char_priv + "'" - + " WHERE email = '" + req.body.uf_key_email + "'"; - - console.log(sqlUpdate); - - connection.query(sqlUpdate,function(err,result){ + + " WHERE email = '" + key_email + "'"; + connection.query(sqlUpdate,function(err,result) + { if(err){ - resultObj = {code:'error', msg:'Update of user failed Error: '+err}; + resultObj = {code:'error', msg:'Update of user failed Error: '+err}; } - - // Need DB lookup logic here - connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) { - connection.release(); - if(!err) { - if ( rows.length > 0 ) - { + // Need DB lookup logic here + connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) + { + connection.release(); + if(!err) + { + if ( rows.length > 0 ) + { resultObj = {code:'success',msg:'Successfully updated user.'}; - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} ); - return; - }else{ - res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.', + res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} ); + return; + }else{ + res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.', privilege:privilegeObj },header:process.env.MAIN_MENU}); return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), + } + } else { + res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), privilege:privilegeObj },header:process.env.MAIN_MENU}); return; } - }); //end query - }); - }); // end of getConnection -}; + }); //end query + }); + }); // end of getConnection +} exports.listUsers = function(req,res,resultObj){ var privilegeObj = req.session.loggedInAdmin; - var rows={}; - pool.getConnection(function(err,connection) { + var rows={}; + pool.getConnection(function(err,connection) + { - if(err){ + if(err){ console.error( String(err) ); // ALARM - res.render("pages/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); + res.render("pages/list", + { + rows: null, + result:{ + code:'error', + msg:"Unable to get database connection. " + String(err), + privilege:privilegeObj }, + header:process.env.MAIN_MENU + }); return; - } + } - // Need DB lookup logic here - var selectUsers = "SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege from PORTAL_USERS"; - console.log(selectUsers); - connection.query(selectUsers, function(err, rows) { + // Need DB lookup logic here + var selectUsers = "SELECT email, AES_DECRYPT(password,'" + + enckey + "') password, privilege from PORTAL_USERS"; - connection.release(); - if(err){ - resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err}; + connection.query(selectUsers, function(err, rows) { + + connection.release(); + if(err){ + resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err}; + } + if(!err) + { + if ( rows.length > 0 ) + { + console.log(JSON.stringify(rows)); + res.render('user/list', + { + rows: rows, + result:resultObj, + privilege:privilegeObj, + header:process.env.MAIN_MENU + }); + return; } - - if(!err) { - if ( rows.length > 0 ) - { - console.log(JSON.stringify(rows)); - res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU }); - return; - } - else{ - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database.', - privilege:privilegeObj },header:process.env.MAIN_MENU}); - return; - } - } else { - res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err), - privilege:privilegeObj },header:process.env.MAIN_MENU}); - return; + else{ + res.render("user/list", + { + rows: null, + result:{ + code:'error', + msg:'Unexpected no rows returned from database.', + privilege:privilegeObj }, + header:process.env.MAIN_MENU + }); + return; } - }); //end query - }); // end getConnection + } + else + { + res.render("user/list", + { + rows: null, + result:{ + code:'error', + msg:'Unexpected no rows returned from database. ' + String(err), + privilege:privilegeObj },header:process.env.MAIN_MENU + }); + return; + } + }); //end query + }); // end getConnection } exports.listSLA = function(req,res,resultObj){ @@ -689,29 +727,29 @@ exports.getMetaTable = function(req,res,sql,rdestination,resultObj,privilegeObj) exports.getVnfProfile = function(req,res,resultObj,privilegeObj){ - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - connection.query("SELECT vnf_type,availability_zone_count,equipment_role " - + "FROM VNF_PROFILE ORDER BY VNF_TYPE", function(err, rows) - { - connection.release(); - if(err) { - res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU}); - return; - } - else { - res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); - return; - } - }); //end query -console.log('after query'); - }); // end getConnection + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + var sql = "SELECT vnf_type,availability_zone_count,equipment_role FROM VNF_PROFILE ORDER BY VNF_TYPE"; + console.log(sql); + connection.query(sql, function(err, rows) + { + connection.release(); + if(err) { + res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU}); + return; + } + else { + console.log('render vnfProfile'); + res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } ); + return; + } + }); //end query + }); // end getConnection } @@ -747,103 +785,102 @@ exports.getVnfPreloadData = function(req,res,dbtable,callback){ -exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj){ - - - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - // Need DB lookup logic here - connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data " - + "FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id", function(err, rows) - { - var msgArray = new Array(); - - connection.release(); - if(err) { - msgArray = 'Database Error: '+ String(err); - res.render("mobility/vnfPreloadNetworkData", { +exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj) +{ + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", + {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + // Need DB lookup logic here + var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id"; + console.log(sql); + connection.query(sql, function(err, rows) + { + var msgArray = new Array(); + connection.release(); + if(err) { + msgArray = 'Database Error: '+ String(err); + res.render("mobility/vnfPreloadNetworkData", { result:{code:'error',msg:msgArray}, + privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - else { - var retData = []; - for( r=0; r<rows.length; r++) - { - var rowObj = {}; - rowObj.row = rows[r]; - if ( rows[r].filename.length > 0 ) - { - try{ + return; + } + else { + var retData = []; + for( r=0; r<rows.length; r++) + { + var rowObj = {}; + rowObj.row = rows[r]; + if ( rows[r].filename.length > 0 ) + { + try{ var buffer = rows[r].preload_data; - var decode_buffer = decodeURI(buffer); - var filecontent = JSON.parse(decode_buffer); - rowObj.filecontent = filecontent; - rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"]; - rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"]; - } - catch(error){ - msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); - } - } - else { - rowObj.filecontent = ''; - } - retData.push(rowObj); - } - if(msgArray.length>0){ - resultObj.code = 'failure'; - resultObj.msg = msgArray; - } - res.render('mobility/vnfPreloadNetworkData', { + var decode_buffer = decodeURI(buffer); + var filecontent = JSON.parse(decode_buffer); + rowObj.filecontent = filecontent; + rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"]; + rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"]; + } + catch(error){ + msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); + } + } + else { + rowObj.filecontent = ''; + } + retData.push(rowObj); + }//endloop + if(msgArray.length>0){ + resultObj.code = 'failure'; + resultObj.msg = msgArray; + } + res.render('mobility/vnfPreloadNetworkData', { retData:retData, result:resultObj, privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - }); //end query - }); // end getConnection + return; + } + }); //end query + }); // end getConnection } -exports.getVnfData = function(req,res,resultObj,privilegeObj){ - - - pool.getConnection(function(err,connection) { - - if(err){ - console.error( String(err) ); // ALARM - res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); - return; - } - - // Need DB lookup logic here - connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data " - + "FROM PRE_LOAD_VNF_DATA ORDER BY id", function(err, rows) +exports.getVnfData = function(req,res,resultObj,privilegeObj) +{ + pool.getConnection(function(err,connection) + { + if(err){ + console.error( String(err) ); // ALARM + res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU}); + return; + } + // Need DB lookup logic here + var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_DATA ORDER BY id"; + console.log(sql); + connection.query(sql,function(err, rows) { var msgArray = new Array(); - - connection.release(); - if(err) { + connection.release(); + if(err) { msgArray = 'Database Error: '+ String(err); - res.render("mobility/vnfPreloadData", { + res.render("mobility/vnfPreloadData", { result:{code:'error',msg:msgArray}, + privilege:privilegeObj, preloadImportDirectory: properties.preloadImportDirectory, header:process.env.MAIN_MENU }); - return; - } - else { + return; + } + else { var retData = []; for( r=0; r<rows.length; r++) { @@ -853,35 +890,35 @@ exports.getVnfData = function(req,res,resultObj,privilegeObj){ { try{ var buffer = rows[r].preload_data; - var s_buffer = decodeURI(buffer); + var s_buffer = decodeURI(buffer); var filecontent = JSON.parse(s_buffer); rowObj.filecontent = filecontent; rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"]; rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"]; } catch(error){ - msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); + msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error); } } else { rowObj.filecontent = ''; } retData.push(rowObj); - } + }//endloop if(msgArray.length>0){ resultObj.code = 'failure'; resultObj.msg = msgArray; } - res.render('mobility/vnfPreloadData',{ - retData:retData, result:resultObj, - privilege:privilegeObj, - header:process.env.MAIN_MENU, - preloadImportDirectory: properties.preloadImportDirectory + res.render('mobility/vnfPreloadData',{ + retData:retData, result:resultObj, + privilege:privilegeObj, + header:process.env.MAIN_MENU, + preloadImportDirectory: properties.preloadImportDirectory }); - return; - } - }); //end query - }); // end getConnection + return; + } + }); //end query + }); // end getConnection } @@ -927,28 +964,27 @@ exports.findAdminUser = function(email,res,callback) { exports.addRow = function(sql,req,res,callback){ - console.log(sql); - - pool.getConnection(function(err,connection) { + console.log(sql); - if(err){ - console.error( String(err) ); // ALARM - callback(err, 'Unable to get database connection.' + err); - return; - } + pool.getConnection(function(err,connection) { - connection.query(sql, function(err,result){ - connection.release(); - if(err){ - console.debug('Database operation failed. ' + err ); - callback(err,'Database operation failed. ' + err ); - } - else - { - callback(null, result.affectedRows); - } - }); //end query - }); // end getConnection + if(err){ + console.error( String(err) ); // ALARM + callback(err, 'Unable to get database connection.' + err); + return; + } + connection.query(sql, function(err,result){ + connection.release(); + if(err){ + console.debug('Database operation failed. ' + err ); + callback(err,'Database operation failed. ' + err ); + } + else + { + callback(null, result.affectedRows); + } + }); //end query + }); // end getConnection } diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js index 70e6713c..5b8c7649 100644 --- a/admportal/server/router/routes/gamma.js +++ b/admportal/server/router/routes/gamma.js @@ -53,314 +53,7 @@ router.get('/getNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - if (typeof req.query.vlan_plan_id == "undefined"){ - dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - }else{ - var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN " - + req.query.range_start + " AND " + req.query.range_end; - dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin); - } -}); - -router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var network_type = removeNL(req.body.nf_network_type); - var technology = removeNL(req.body.nf_technology); - var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES (" - + "'"+ network_type + "'," - + "'"+ technology + "')"; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result == 1 ) - { - msgArray.push('Successfully added Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Was not able to add Network Profile.'); - dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var plan_type = req.body.nf_plan_type; - var purpose = req.body.nf_purpose; - var range_start = padLeft(removeNL(req.body.nf_range_start),4); - var range_end = padLeft(removeNL(req.body.nf_range_end),4); - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback){ - dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback); - - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push("Error: " + err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - if ( result[0] == 1 ) - { - msgArray.push('Successfully deleted Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('No rows removed.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - } - }); -}); - -router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - - tasks.push(function(callback){ - dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully deleted Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE NETWORK_PROFILE SET " - + "network_type='"+ removeNL(req.body.uf_network_type) + "', " - + "technology='" + removeNL(req.body.uf_technology) + "' " - + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'"; - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var sql = "UPDATE VLAN_POOL SET " - + "status='"+ removeNL(req.body.uf_status) + "' " - + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'" - + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'" - + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'" - + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'" - + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'" - + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id); - - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully updated Network Profile.'); - dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ -}); -router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){ - - var vlan_plan_id = req.query.vlan_plan_id; - var plan_type = req.query.plan_type; - var purpose = req.query.purpose; - var range_start = req.query.range_start; - var range_end = req.query.range_end; - var tasks = []; - var privilegeObj = req.session.loggedInAdmin; - - tasks.push( function(callback) { - dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback); - }); - - // will probably need to be a new call that is a transaction if i use a new - // plan_type-purpose-counter table. - //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err) - { - msgArray.push(err); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj); - return; - } - else - { - msgArray.push('Successfully added VLAN Range.'); - dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -///// end 1604 - - // GET -router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); - -// ROLLBACK SERVICE_HOMING -router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.rollbackServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('SERVICE_HOMING table successfully restored.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -// DELETE SERVICE_HOMING -router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - tasks.push(function(callback) { - dbRoutes.deleteServiceHoming(req,res,callback); - }); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from SERVICE_HOMING table.'); - dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -// DELETE AIC_SITE router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) { var privilegeObj = req.session.loggedInAdmin; diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js index d19f65aa..cd798dc8 100644 --- a/admportal/server/router/routes/mobility.js +++ b/admportal/server/router/routes/mobility.js @@ -6,13 +6,18 @@ var fs = require('fs.extra'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); var multer = require('multer'); +var cookieParser = require('cookie-parser'); var bodyParser = require('body-parser'); var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); var l_ = require('lodash'); var dateFormat = require('dateformat'); var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json'); +var crypto = require('crypto'); +var csrf = require('csurf'); +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()) // pass host, username and password to ODL // target host for ODL request @@ -57,30 +62,28 @@ var upload = multer({ }); - - // GET -router.get('/getVnfData', csp.checkAuth, function(req,res) { +router.get('/getVnfData', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.getVnfData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVmNetworks', csp.checkAuth, function(req,res) { - dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +router.get('/getVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) { + dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVnfProfile', csp.checkAuth, function(req,res) { +router.get('/getVnfProfile', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); -router.get('/getVnfNetworks', csp.checkAuth, function(req,res) { - dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/getVmProfile', csp.checkAuth, function(req,res) { - dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); +//router.get('/getVmNetworks', csp.checkAuth, function(req,res) { +// dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); +//router.get('/getVnfNetworks', csp.checkAuth, function(req,res) { +// dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); +//router.get('/getVmProfile', csp.checkAuth, function(req,res) { +// dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin); +//}); //////// -router.get('/getVnfNetworkData', csp.checkAuth, function(req,res) { - dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin); -}); -router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res) +router.get('/viewVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var resp_msg = ''; @@ -110,7 +113,7 @@ router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res) }); -router.get('/viewVnfData', csp.checkAuth, function(req,res) +router.get('/viewVnfData', csp.checkAuth, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var resp_msg = ''; @@ -140,87 +143,85 @@ router.get('/viewVnfData', csp.checkAuth, function(req,res) }); -router.get('/loadVnfNetworkData', csp.checkAuth, function(req,res) +router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res) { + var privilegeObj = req.session.loggedInAdmin; + var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - var msgArray = new Array(); - - if ( req.query.status != 'pending' ) - { - msgArray.push("Upload Status must be in 'pending' state."); - dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; - } - - // build request-id - var now = new Date(); - var df = dateFormat(now,"isoDateTime"); - var rnum = Math.floor((Math.random() * 9999) +1); - var svc_req_id = req.query.id + "-" + df + "-" + rnum; + if ( req.query.status != 'pending' ) + { + msgArray.push("Upload Status must be in 'pending' state."); + dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; + } - var tasks = []; + // build request-id + var now = new Date(); + var df = dateFormat(now,"isoDateTime"); + const rnum = crypto.randomBytes(4); + var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');; + var tasks = []; // first get the contents of the file from the db - tasks.push(function(callback){ + tasks.push(function(callback){ dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_NETWORK_DATA",callback); }); // then format the request and send it using the arg1 parameter // which is the contents of the file returned from the previous function // call in the tasks array - tasks.push(function(arg1,callback){ + tasks.push(function(arg1,callback){ var s_file = JSON.stringify(arg1); - // remove the last two braces, going to add the headers there - // will add them back later. - s_file = s_file.substring(0, (s_file.length-2)); + // remove the last two braces, going to add the headers there + // will add them back later. + s_file = s_file.substring(0, (s_file.length-2)); - // add the request-information header - s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}'); + // add the request-information header + s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}'); - // add the sdnc-request-header - s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"'); - s_file = s_file.concat(svc_req_id); - s_file = s_file.concat('","svc-action": "reserve"}'); + // add the sdnc-request-header + s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"'); + s_file = s_file.concat(svc_req_id); + s_file = s_file.concat('","svc-action": "reserve"}'); - // add the two curly braces at the end that we stripped off - s_file = s_file.concat('}}'); + // add the two curly braces at the end that we stripped off + s_file = s_file.concat('}}'); - OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation', - options,s_file,res,callback); - }); + OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation', + options,s_file,res,callback); + }); // if successful then update the status - tasks.push(function(arg1,callback){ - dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + tasks.push(function(arg1,callback){ + dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback); - }); + }); // use the waterfall method of making calls async.waterfall(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push("Error posting pre-load data to ODL: "+err); - dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; - } - else{ - msgArray.push('Successfully loaded VNF pre-loaded data.'); - dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + { + var msgArray = new Array(); + if(err){ + msgArray.push("Error posting pre-load data to ODL: "+err); + dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; + } + else{ + msgArray.push('Successfully loaded VNF pre-loaded data.'); + dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); -router.get('/loadVnfData', csp.checkAuth, function(req,res) +router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res) { - var privilegeObj = req.session.loggedInAdmin; + var privilegeObj = req.session.loggedInAdmin; var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename - var msgArray = new Array(); + var msgArray = new Array(); if ( req.query.status != 'pending' ) { @@ -232,28 +233,27 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) // build request-id var now = new Date(); var df = dateFormat(now,"isoDateTime"); - var rnum = Math.floor((Math.random() * 9999) +1); - var svc_req_id = req.query.id + "-" + df + "-" + rnum; - + const rnum = crypto.randomBytes(4); + var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex'); var tasks = []; // first get the contents of the file from the db tasks.push(function(callback){ - dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback); - }); + dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback); + }); // then format the request and send it using the arg1 parameter // which is the contents of the file returned from the previous function // call in the tasks array tasks.push(function(arg1,callback){ - var s1_file = JSON.stringify(arg1); - var s_file = decodeURI(s1_file); + var s1_file = JSON.stringify(arg1); + var s_file = decodeURI(s1_file); // remove the last two braces, going to add the headers there - // will add them back later. - s_file = s_file.substring(0, (s_file.length-2)); + // will add them back later. + s_file = s_file.substring(0, (s_file.length-2)); // add the request-information header s_file = s_file.concat(',"request-information": {"request-action": "PreloadVNFRequest"}'); @@ -267,12 +267,12 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) s_file = s_file.concat('}}'); OdlInterface.Post('/restconf/operations/VNF-API:preload-vnf-topology-operation', - options,s_file,res,callback); + options,s_file,res,callback); }); // if successful then update the status tasks.push(function(arg1,callback){ - dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback); }); @@ -281,20 +281,20 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res) { var msgArray = new Array(); if(err){ - msgArray.push("Error posting pre-load data to ODL: "+err); - dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj); - return; + msgArray.push("Error posting pre-load data to ODL: "+err); + dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj); + return; } else{ msgArray.push('Successfully loaded VNF pre-loaded data.'); - dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } + dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } }); }); -router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) { +router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -347,7 +347,9 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) { }); -router.get('/deleteVnfData', csp.checkAuth, function(req,res) { +router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { + +console.log('deleteVnfData'); var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -360,14 +362,14 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) { dbRoutes.executeSQL(sql,req,res,callback); }); } else { - var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "'; - inputString = inputString.concat(req.query.vnf_name); - inputString = inputString.concat('","vnf-type":"'); - inputString = inputString.concat(req.query.vnf_type); - inputString = inputString.concat('"}},'); + var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "'; + inputString = inputString.concat(req.query.vnf_name); + inputString = inputString.concat('","vnf-type":"'); + inputString = inputString.concat(req.query.vnf_type); + inputString = inputString.concat('"}},'); - // add the request-information header - inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},'); + // add the request-information header + inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},'); // add the request-information header //inputString = inputString.concat('"request-information": {"request-id": "259c0f93-23cf-46ad-84dc-162ea234fff1",'); @@ -412,36 +414,7 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) { }); -router.get('/deleteVmProfile', csp.checkAuth, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql = ''; - - sql = "DELETE FROM VM_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'" - + " AND vm_type='" + req.query.vm_type + "'"; - - tasks.push(function(callback) { - dbRoutes.executeSQL(sql,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from VM_PROFILE table.'); - dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) { +router.get('/deleteVnfNetwork', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -469,7 +442,7 @@ router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) { }); }); -router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) { +router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; var tasks = []; @@ -496,215 +469,39 @@ router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) { }); }); -router.get('/deleteVmNetwork', csp.checkAuth, function(req,res) { - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql = ''; - - sql = "DELETE FROM VM_NETWORKS WHERE vnf_type='" + req.query.vnf_type - + "' AND vm_type='" + req.query.vm_type + "' AND network_role='" - + req.query.network_role + "'"; - - tasks.push(function(callback) { - dbRoutes.executeSQL(sql,req,res,callback); - }); - async.series(tasks, function(err,result) - { - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Row successfully deleted from VM_NETWORKS table.'); - dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - // POST -router.post('/addVmProfile', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var sql; - - - if ( req.body.nf_vm_count.length > 0 ) - { - sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type,vm_count) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + req.body.nf_vm_count + ")"; - } - else - { - sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "')"; - } - - - console.log("SQL: " + sql); - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VM Profile'); - dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - - -router.post('/addVnfNetwork', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - - var sql = "INSERT INTO VNF_NETWORKS (vnf_type,network_role) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_network_role + "')"; +router.post('/addVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res){ - console.log("SQL: " + sql); - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVnfNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VNF Network'); - dbRoutes.getVnfNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/addVnfProfile', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; + var privilegeObj = req.session.loggedInAdmin; + var vnf_type = req.sanitize(req.body.nf_vnf_type); + var availability_zone_count = req.sanitize(req.body.nf_availability_zone_count); + var equipment_role = req.sanitize(req.body.nf_equipment_role); + var tasks = []; var sql; - sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + req.body.nf_availability_zone_count - + ",'" + req.body.nf_equipment_role + "')"; + sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES (" + + "'" + vnf_type + "'," + availability_zone_count + ",'" + equipment_role + "')"; console.log(sql); - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - var msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VNF Profile'); - dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); -}); - -router.post('/addVmNetwork', csp.checkAuth, function(req,res){ - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; - var msgArray = new Array(); - - // convert true|false to 1|0 - var assign_ips = (req.body.nf_assign_ips == 'true') ? 1 : 0; - var assign_macs = (req.body.nf_assign_macs == 'true') ? 1 : 0; - var assign_floating_ip = (req.body.nf_assign_floating_ip == 'true') ? 1 : 0; - - - if ((req.body.nf_assign_ips == 'true' && - (typeof req.body.nf_ip_count == 'undefined' || req.body.nf_ip_count.length <=0))) - { - msgArray.push("If assign_ips equals 'true', ip_count must be populated with a number."); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - - - if ( req.body.nf_ip_count.length >0 ) - { - var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,ip_count,assign_ips,assign_macs,assign_floating_ip) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + "'" + req.body.nf_network_role + "'," - + req.body.nf_ip_count + "," - + assign_ips + "," - + assign_macs + "," - + assign_floating_ip + ")"; - } - else - { - var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,assign_ips,assign_macs,assign_floating_ip) VALUES (" - + "'" + req.body.nf_vnf_type + "'," - + "'" + req.body.nf_vm_type + "'," - + "'" + req.body.nf_network_role + "'," - + assign_ips + "," - + assign_macs + "," - + assign_floating_ip + ")"; - } - - tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); - async.series(tasks, function(err,result){ - msgArray = new Array(); - if(err){ - msgArray.push(err); - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - msgArray.push('Successfully added VM Network'); - var message = ''; - if (req.body.nf_ip_count.length >0) - { - message = req.body.nf_vnf_type - + ',' + req.body.nf_vm_type - + ',' + req.body.nf_network_role - + ',' + req.body.nf_ip_count - + ',' + req.body.nf_assign_ips - + ',' + req.body.nf_assign_macs - + ',' + req.body.nf_assign_floating_ip; - } - else - { - message = req.body.nf_vnf_type - + ',' + req.body.nf_vm_type - + ',' + req.body.nf_network_role - + ',' + req.body.nf_assign_ips - + ',' + req.body.nf_assign_macs - + ',' + req.body.nf_assign_floating_ip; - } - dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } ); + async.series(tasks, function(err,result){ + var msgArray = new Array(); + if(err){ + msgArray.push(err); + dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Successfully added VNF Profile'); + dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } + }); }); // POST -router.post('/uploadVnfData', csp.checkAuth, upload.single('filename'), function(req, res) +router.post('/uploadVnfData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res) { console.log('filename:'+ JSON.stringify(req.file.originalname)); var msgArray = new Array(); @@ -776,7 +573,7 @@ console.log('filename:'+ JSON.stringify(req.file.originalname)); } ); -router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), function(req, res) +router.post('/uploadVnfNetworkData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res) { var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; @@ -846,128 +643,7 @@ router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), f } ); -router.post('/uploadVmNetworks', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname){ - if (req.file.originalname.size == 0) { - dbRoutes.getVmNetworks(req,res,{code:'failure', msg:'There was an error uploading the file, please try again.'},privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVmNetwork(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.parallelLimit(funcArray, 50, function(err,result){ - - if ( err ) { - dbRoutes.getVmNetworks(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVmNetworks(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - -} ); - -router.post('/uploadVnfProfile', csp.checkAuth, upload.single('filename'), function(req, res){ +router.post('/uploadVnfProfile', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res){ var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; @@ -1091,249 +767,4 @@ console.log('result='+JSON.stringify(result)); } } ); - -router.post('/uploadVnfNetworks', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname) - { - if (req.file.originalname.size == 0) { - dbRoutes.getVnfProfile(req,res, - {code:'failure', msg:'There was an error uploading the file, please try again.'}, - privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVnfNetwork(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.series(funcArray, function(err,result){ - - if ( err ) { - dbRoutes.getVnfNetworks(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVnfNetworks(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } -} ); - -router.post('/uploadVmProfile', csp.checkAuth, upload.single('filename'), function(req, res){ - - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - if(req.file.originalname) - { - if (req.file.originalname.size == 0) { - dbRoutes.getVmProfile(req,res, - {code:'failure', msg:'There was an error uploading the file, please try again.'}, - privilegeObj); - return; - } - fs.exists(req.file.path, function(exists) { - - if(exists) { - - var str = req.file.originalname; - - try { - var csv = require('csv'); - - // the job of the parser is to convert a CSV file - // to a list of rows (array of rows) - var parser = csv.parse({ - columns: function(line) { - // By defining this callback, we get handed the - // first line of the spreadsheet. Which we'll - // ignore and effectively skip this line from processing - }, - skip_empty_lines: true - }); - - var row = 0; - var f = new Array(); - var transformer = csv.transform(function(data){ - // this will get row by row data, so for example, - //logger.debug(data[0]+','+data[1]+','+data[2]); - - // build an array of rows - f[row] = new Array(); - for ( col=0; col<data.length; col++ ) - { - f[row][col] = data[col]; - } - row++; - }); - - // called when done with processing the CSV - transformer.on("finish", function() { - - var funcArray = new Array(); - - function createFunction(lrow,res) - { - return function(callback) { dbRoutes.addVmProfile(lrow,res,callback); } - } - // loop for each row and create an array of callbacks for async.parallelLimit - // had to create a function above 'createFunction' to get - for (var x=0; x<f.length; x++) - { - funcArray.push( createFunction(f[x],res) ); - } - - // make db calls in parrallel - async.series(funcArray, function(err,result){ - - if ( err ) { - dbRoutes.getVmProfile(req,res,result,privilegeObj); - return; - } - else { - // result array has an entry in it, success entries are blank, figure out - // how many are not blank, aka errors. - var rowError = 0; - for(var i=0;i<result.length;i++){ - if ( result[i].length > 0 ) - { - rowError++; - } - } - var rowsProcessed = f.length - rowError; - result.push(rowsProcessed + ' of ' + f.length + ' rows processed.'); - if ( rowError > 0 ) - { - result = {code:'failure', msg:result}; - } - else - { - result = {code:'success', msg:result}; - } - dbRoutes.getVmProfile(req,res,result,privilegeObj); - return; - } - }); - }); - - var stream = fs.createReadStream(req.file.path, "utf8"); - stream.pipe(parser).pipe(transformer); - - } catch(ex) { - msgArray.length = 0; - msgArray.push('There was an error uploading the file. '+ex); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - } else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } - }); - } - else { - msgArray.length = 0; - msgArray.push('There was an error uploading the file.'); - dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj); - return; - } -} ); - module.exports = router; diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js index c64beae2..30aa66b2 100644 --- a/admportal/server/router/routes/network.js +++ b/admportal/server/router/routes/network.js @@ -20,12 +20,15 @@ var finalJson={}; var platform;
var req,res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error = false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
network.go = function(lreq,lres,cb,dir) {
puts("Processing NETWORK workbook");
+ proc_error = false;
req = lreq;
res = lres;
callback = cb;
@@ -49,7 +52,8 @@ function doGeneral() { helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('general file is missing from upload.');
+ proc_error=true;
}
}
@@ -57,8 +61,9 @@ function gotGeneral(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
- callback('General.csv file is missing from upload.');
- return;
+ proc_error=true;
+ callback('General.csv file is missing from upload.');
+ return;
}
csvGeneral = jsonObj;
puts("\nRead this: ");
@@ -77,7 +82,10 @@ function doSubnets() { helpers.readCsv(indir, newFileName, gotSubnets);
}
else {
+ puts('subnets file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -85,6 +93,7 @@ function gotSubnets(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Subnets.csv file is missing from upload.');
return;
}
@@ -108,7 +117,10 @@ function doVpnBindings() { helpers.readCsv(indir, newFileName, gotVpnBindings);
}
else {
+ puts('vnp-bindings file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -116,6 +128,7 @@ function gotVpnBindings(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VPN-Bindings.csv file is missing from upload.');
return;
}
@@ -140,7 +153,10 @@ function doPolicies() { helpers.readCsv(indir, newFileName, gotPolicies);
}
else {
+ puts('policies file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -148,6 +164,7 @@ function gotPolicies(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Policies.csv file is missing from upload.');
return;
}
@@ -178,7 +195,10 @@ function doNetRoutes() { helpers.readCsv(indir, newFileName, gotNetRoutes);
}
else {
+ puts('network-routes file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -186,6 +206,7 @@ function gotNetRoutes(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Network-Routes.csv file is missing from upload.');
return;
}
@@ -218,6 +239,21 @@ function processJson() { processPolicies();
processNetRoutes();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -256,7 +292,7 @@ function assembleJson() { finalJson = {"input": networkInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -265,7 +301,7 @@ function outputJson() { puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";
@@ -275,7 +311,7 @@ function outputJson() { filename = "output.json." + unixTime;
}
helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //callback(null, finalJson, filename);
}
@@ -288,7 +324,9 @@ function processGeneral() { if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {
puts("\nError - incorrect version of preload worksheet.");
- callback('Error - incorrect version of preload worksheet.');
+ proc_error=true;
+ //callback('Error - incorrect version of preload worksheet.');
+ return;
}
rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js index fd41bb44..522c6daa 100644 --- a/admportal/server/router/routes/preload.js +++ b/admportal/server/router/routes/preload.js @@ -16,8 +16,6 @@ var vnf = require('./vnf'); var network = require('./network'); var moment = require('moment'); - - // pass host, username and password to ODL // target host for ODL request var username = properties.odlUser; @@ -35,14 +33,17 @@ var options = { strictSSL: false }; -// multer 1.1 +// multer var unixTime = moment().unix(); var storage = multer.diskStorage({ destination: function (req, file, cb) { cb(null, process.cwd() + '/uploads/') + return; }, filename: function (req, file, cb) { +console.log('filename'); cb(null, unixTime + "." + file.originalname ) + return; } }); @@ -54,98 +55,84 @@ var upload = multer({ return cb(null,false); } cb(null,true); + return; } }); router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - + var msgArray = new Array(); var privilegeObj = req.session.loggedInAdmin; var tasks = []; tasks.push ( function(callback) { vnf.go(req,res,callback,''); } ); tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); async.waterfall(tasks, function(err,result) { - if(err){ - msgArray.push(err); - dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } + if(err){ + msgArray.push(err); + dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj); + return; + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj); + return; + } }); - }); router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res) { - console.log('files:'+ JSON.stringify(req.files,null,4)); - - var tasks = [] - var msgArray = new Array(); - var privilegeObj = req.session.loggedInAdmin; - - var privilegeObj = req.session.loggedInAdmin; - var tasks = []; + console.log('uploadNetworkCsv'); - tasks.push ( function(callback) { network.go(req,res,callback,''); } ); - tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); - tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); - async.waterfall(tasks, function(err,result) - { - if(err){ - msgArray.push(err); - dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); - return; - } - else { - //logger.debug('Successfully uploaded ' + req.session.worksheetFilename); - msgArray.push('Successfully uploaded file.' ); - dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); - return; - } - }); + var msgArray = new Array(); + var privilegeObj = req.session.loggedInAdmin; + var tasks = []; + tasks.push ( function(callback) { network.go(req,res,callback,''); } ); + tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } ); + tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } ); + async.waterfall(tasks, function(err,result) + { + if(err){ + console.log('ERROR:' + err); + msgArray.push(err); + dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj); + } + else { + msgArray.push('Successfully uploaded file.' ); + dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj); + } + }); }); function formatVnfInsertStatement(content,filename,req,res,callback) { - //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"'); - //var ins_str = newstr.replace("\r\n ", "\\r\\n"); - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } function formatNetworkInsertStatement(content,filename,req,res,callback) { - var newstr = JSON.stringify(content); - var enc_str = encodeURI(newstr); - var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + var newstr = JSON.stringify(content); + var enc_str = encodeURI(newstr); + var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA " + "(filename,preload_data) VALUES (" + "'"+ filename + "'," + "'" + enc_str + "')"; callback(null,sql); + return; } - - module.exports = router; diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js index b314d7db..78b69829 100644 --- a/admportal/server/router/routes/root.js +++ b/admportal/server/router/routes/root.js @@ -7,6 +7,12 @@ var os = require('os'); var async = require('async'); var OdlInterface = require('./OdlInterface'); var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json'); +var cookieParser = require('cookie-parser') +var csrf = require('csurf') +var bodyParser = require('body-parser') + +var csrfProtection = csrf({cookie:true}); +var parseForm = bodyParser.urlencoded({ extended: false }) @@ -70,28 +76,33 @@ function createFunctionObj( loptions ) { return function(callback) { OdlInterface.Healthcheck(loptions,callback); }; } -router.get('/mytree', function(req,res) { - res.render('pages/tree'); +//router.get('/mytree', function(req,res) { +// res.render('pages/tree'); +//}); +//router.get('/setuplogin', function(req,res) { +// res.render('pages/setuplogin'); +//}); +//router.post('/formSetupLogin', function(req,res) { +// dbRoutes.saveSetupLogin(req,res); +//}); + +router.get('/login', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/login', {csrfToken:tkn}); + return; }); -router.get('/setuplogin', function(req,res) { - res.render('pages/setuplogin'); +router.post('/formlogin', csrfProtection, function(req,res) { + csp.login(req,res); }); -router.post('/formSetupLogin', function(req,res) { - dbRoutes.saveSetupLogin(req,res); + +router.get('/signup', csrfProtection, function(req,res) { + var tkn = req.csrfToken(); + res.render('pages/signup', {csrfToken:tkn}); }); -router.post('/formSignUp', function(req,res) { +router.post('/formSignUp', csrfProtection, function(req,res) { dbRoutes.saveUser(req,res); }); -router.post('/formlogin', csp.login, function(req,res) { -}); -router.get('/login', function(req,res) { - res.render('pages/login'); - // handle get -}); -router.get('/signup', function(req,res) { - res.render('pages/signup'); - // handle get -}); + router.get('/info', function(req,res) { // handle get res.send("login info"); diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js index 10d64334..098cd66b 100644 --- a/admportal/server/router/routes/sla.js +++ b/admportal/server/router/routes/sla.js @@ -6,6 +6,8 @@ var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); var multer = require('multer'); +var cookieParser = require('cookie-parser'); +var csrf = require('csurf'); var bodyParser = require('body-parser'); //var sax = require('sax'),strict=true,parser = sax.parser(strict); var async = require('async'); @@ -21,9 +23,8 @@ var xmlfile=''; // used for file upload button, retain original file name //router.use(bodyParser()); -router.use(bodyParser.urlencoded({ - extended: true -})); +var csrfProtection = csrf({cookie: true}); +router.use(bodyParser.urlencoded({ extended: true })); //var upload = multer({ dest: process.cwd() + '/uploads/', rename: function(fieldname,filename){ return filename; } }); // multer 1.1 @@ -57,11 +58,11 @@ router.use(multer({ // GET -router.get('/listSLA', csp.checkAuth, function(req,res) { +router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.listSLA(req,res,{code:'', msg:''} ); }); -router.get('/activate', csp.checkAuth, function(req,res){ +router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -82,7 +83,7 @@ router.get('/activate', csp.checkAuth, function(req,res){ }); }); -router.get('/deactivate', csp.checkAuth, function(req,res){ +router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -102,7 +103,7 @@ router.get('/deactivate', csp.checkAuth, function(req,res){ }); }); -router.get('/deleteDG', csp.checkAuth, function(req,res){ +router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){ var _module = req.query.module; var rpc = req.query.rpc; @@ -122,7 +123,7 @@ router.get('/deleteDG', csp.checkAuth, function(req,res){ }); }); -router.post('/dgUpload', upload.single('filename'), function(req, res, next){ +router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){ if(req.file.originalname){ if (req.file.originalname == 0) { @@ -188,88 +189,94 @@ router.post('/dgUpload', upload.single('filename'), function(req, res, next){ // POST -router.post('/upload', csp.checkAuth, upload.single('filename'), function(req, res, next){ +router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){ console.log('file:'+ JSON.stringify(req.file)); - if(req.file.originalname){ - if (req.file.originalname.size == 0) { - dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); - } - fs.exists(req.file.path, function(exists) { - if(exists) { - + if(req.file.originalname) + { + if (req.file.originalname.size == 0) + { + dbRoutes.listSLA(req,res, + { code:'danger', msg:'There was an error uploading the file, please try again.'}); + } + fs.exists(req.file.path, function(exists) + { + if(exists) + { // parse xml - try { + try + { //dbRoutes.checkSvcLogic(req,res); var currentDB = dbRoutes.getCurrentDB(); - var file_buf = fs.readFileSync(req.file.path, "utf8"); + var file_buf = fs.readFileSync(req.file.path, "utf8"); - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() - + "/shell/svclogic.sh load " + // call svclogic shell script from here + var commandToExec = process.cwd() + "/shell/svclogic.sh load " + req.file.path + " " - + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB; + + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB; - console.log("commandToExec:" + commandToExec); - child = exec(commandToExec ,function (error,stdout,stderr){ - if(error){ - console.error("error:" + error); + console.log("commandToExec:" + commandToExec); + child = exec(commandToExec ,function (error,stdout,stderr) + { + if(error) + { + console.error("error:" + error); dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); return; - } - if(stderr){ - console.error("stderr:" + JSON.stringify(stderr,null,2)); - var s_stderr = JSON.stringify(stderr); - if ( s_stderr.indexOf("Saving") > -1 ) - { - dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); - }else { - dbRoutes.listSLA(req,res,{code:'failure', msg:stderr}); - } - return; - } - if(stdout){ - console.log("stderr:" + stdout); + } + if(stderr){ + console.error("stderr:" + JSON.stringify(stderr,null,2)); + var s_stderr = JSON.stringify(stderr); + if ( s_stderr.indexOf("Saving") > -1 ) + { + dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); + }else { + dbRoutes.listSLA(req,res,{code:'failure', msg:stderr}); + } + return; + } + if(stdout){ + console.log("stderr:" + stdout); dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'}); - return; + return; } // remove the grave accents, the sax parser does not like them //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { - // keep 'em silent - console.error("error:" + ex); - dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } - - } else { - dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); - } - }); + }); + } catch(ex) { + // keep 'em silent + console.error("error:" + ex); + dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); + } + } + else { + dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); + } + }); } else { dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'}); } }); -router.get('/printAsXml', csp.checkAuth, function(req,res){ +router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){ try { //dbRoutes.checkSvcLogic(req,res); var _module = req.query.module; - var rpc = req.query.rpc; - var version = req.query.version; - var mode = req.query.mode; + var rpc = req.query.rpc; + var version = req.query.version; + var mode = req.query.mode; var currentDB = dbRoutes.getCurrentDB(); - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() + // call Dan's svclogic shell script from here + var commandToExec = process.cwd() + "/shell/svclogic.sh get-source " + _module + " " + rpc + " " @@ -279,91 +286,34 @@ router.get('/printAsXml', csp.checkAuth, function(req,res){ console.log("commandToExec:" + commandToExec); - child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){ - if(error){ + child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){ + if(error){ console.error("error:" + error); - dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); + dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); return; - } - //if(stderr){ - //logger.info("stderr:" + stderr); - //} - if(stdout){ - console.log("OUTPUT:" + stdout); - res.render('sla/printasxml', {result:{code:'success', - msg:'Module : ' + _module + '\n' + + } + //if(stderr){ + //logger.info("stderr:" + stderr); + //} + if(stdout){ + console.log("OUTPUT:" + stdout); + res.render('sla/printasxml', {result:{code:'success', + msg:'Module : ' + _module + '\n' + 'RPC : ' + rpc + '\n' + 'Mode : ' + mode + '\n' + 'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU}); - } - - // remove the grave accents, the sax parser does not like them - //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); - //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); - //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { + } + + // remove the grave accents, the sax parser does not like them + //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); + //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); + //dbRoutes.listSLA(req,res, resultObj); + }); + } catch(ex) { console.error("error:" + ex); dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } + } }); -router.get('/printAsGv', csp.checkAuth, function(req,res){ - - try { - //dbRoutes.checkSvcLogic(req,res); - - var _module = req.query.module; - var rpc = req.query.rpc; - var version = req.query.version; - var mode = req.query.mode; - var currentDB = dbRoutes.getCurrentDB(); -console.log('currentDB='+currentDB); - - // call Dan's svclogic shell script from here - var commandToExec = process.cwd() - + "/shell/svclogic.sh print " - + _module + " " - + rpc + " " - + mode + " " - + version + " " - + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB - + " | dot -Tpng"; - - console.log("commandToExec:" + commandToExec); - - child = exec(commandToExec , - {encoding:'base64',maxBuffer:5000*1024}, function (error,stdout,stderr){ - if(error){ - console.error("error:" + error); - dbRoutes.listSLA(req,res,{code:'failure',msg:error} ); - return; - } - if(stderr){ - console.error("stderr:" + stderr); - } - if(stdout){ - //logger.info("OUTPUT:" + stdout); - //res.render('sla/printasgv', result = {code:'success', - //msg:new Buffer(stdout,'base64')} ); - res.render('sla/printasgv', {result:{code:'success', - module: _module, - rpc: rpc, - version: version, - mode:mode, - msg:stdout}, header:process.env.MAIN_MENU}); - } - - // remove the grave accents, the sax parser does not like them - //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close(); - //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res); - //dbRoutes.listSLA(req,res, resultObj); - }); - } catch(ex) { - console.error("error:" + ex); - dbRoutes.listSLA(req,res,{code:'failure',msg:ex} ); - } - -}); module.exports = router; diff --git a/admportal/server/router/routes/user.js b/admportal/server/router/routes/user.js index 40d3437c..df5f8607 100644 --- a/admportal/server/router/routes/user.js +++ b/admportal/server/router/routes/user.js @@ -5,8 +5,13 @@ var util = require('util'); var fs = require('fs'); var dbRoutes = require('./dbRoutes'); var csp = require('./csp'); +var cookieParser = require('cookie-parser'); +var csrf = require('csurf'); var bodyParser = require('body-parser'); -var sax = require('sax'),strict=true,parser = sax.parser(strict); +//var sax = require('sax'),strict=true,parser = sax.parser(strict); + +var csrfProtection = csrf({cookie: true}); +router.use(cookieParser()); // SVC_LOGIC table columns var _module=''; // cannot use module its a reserved word @@ -17,16 +22,21 @@ var xmlfile=''; //router.use(bodyParser()); -router.use(bodyParser.urlencoded({ - extended: true -})); +router.use(bodyParser.urlencoded({ extended: true })); // GET router.get('/listUsers', csp.checkAuth, function(req,res) { dbRoutes.listUsers(req,res, {user:req.session.loggedInAdmin,code:'', msg:''} ); }); -router.get('/deleteUser', csp.checkAuth, function(req,res) { +// POST +router.post('/updateUser', csp.checkAuth, csrfProtection, function(req,res,next){ + dbRoutes.updateUser(req,res,{code:'',msg:''}); +}); +router.post('/addUser', csp.checkAuth, csrfProtection, function(req,res) { + dbRoutes.addUser(req,res, {code:'', msg:''} ); +}); +router.get('/deleteUser', csp.checkAuth, csrfProtection, function(req,res) { dbRoutes.deleteUser(req,res, {code:'', msg:''} ); }); @@ -93,13 +103,6 @@ parser.onend = function () { */ -// POST -router.post('/updateUser', csp.checkAuth, function(req,res,next){ - dbRoutes.updateUser(req,res,{code:'',msg:''}); -}); -router.post('/addUser', csp.checkAuth, function(req,res) { - dbRoutes.addUser(req,res, {code:'', msg:''} ); -}); //router.post('/upload', csp.checkAuth, function(req, res, next){ diff --git a/admportal/server/router/routes/vnf.js b/admportal/server/router/routes/vnf.js index be004fe2..99bb3a7d 100644 --- a/admportal/server/router/routes/vnf.js +++ b/admportal/server/router/routes/vnf.js @@ -21,12 +21,15 @@ var finalJson={}; var platform;
var req, res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error=false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
vnf.go = function(lreq,lres,cb,dir){
puts("Processing VNF workbook");
+ proc_error=false;
req = lreq;
res = lres;
callback = cb;
@@ -51,7 +54,8 @@ function doGeneral() { helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('General.csv file is missing from upload.');
+ proc_error=true;
}
}
@@ -59,6 +63,7 @@ function gotGeneral(err, jsonObj) { if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('General.csv file is missing from upload.');
return;
}
@@ -79,14 +84,17 @@ function doAvailZones() { helpers.readCsv(indir, newFileName, gotAvailZones);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotAvailZones(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Availability-zones.csv file is missing from upload.');
return;
}
@@ -110,14 +118,17 @@ function doNetworks() { helpers.readCsv(indir, newFileName, gotNetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotNetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Networks.csv file is missing from upload.');
return;
}
@@ -142,14 +153,17 @@ function doVMs() { helpers.readCsv(indir, newFileName, gotVMs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VMs.csv file is missing from upload.');
return;
}
@@ -174,14 +188,17 @@ function doVMnetworks() { helpers.readCsv(indir, newFileName, gotVMnetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-networks.csv file is missing from upload.');
return;
}
@@ -206,14 +223,17 @@ function doVMnetworkIPs() { helpers.readCsv(indir, newFileName, gotVMnetworkIPs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkIPs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-IPs.csv file is missing from upload.');
return;
}
@@ -238,14 +258,17 @@ function doVMnetworkMACs() { helpers.readCsv(indir, newFileName, gotVMnetworkMACs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkMACs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-MACs.csv file is missing from upload.');
return;
}
@@ -270,14 +293,17 @@ function doTagValues() { helpers.readCsv(indir, newFileName, gotTagValues);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotTagValues(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Tag-values.csv file is missing from upload.');
return;
}
@@ -315,6 +341,21 @@ function processJson() { processVMs();
processTagValues();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -350,7 +391,7 @@ function assembleJson() { finalJson = {"input": vnfInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -359,7 +400,7 @@ function outputJson() { puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".vnf_worksheet.json";
@@ -368,8 +409,8 @@ function outputJson() { fullpath_filename = "./output.json."+unixTime;
filename = "output.json." + unixTime;
}
- helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
+ //callback(null, finalJson, filename);
}
|