aboutsummaryrefslogtreecommitdiffstats
path: root/admportal/server/router
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-07-31 14:46:56 +0000
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-07-31 14:31:07 -0400
commit18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/server/router
parent33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/server/router')
-rw-r--r--admportal/server/router/index.js4
-rwxr-xr-xadmportal/server/router/routes/admin.js45
-rw-r--r--admportal/server/router/routes/csp.js48
-rw-r--r--admportal/server/router/routes/dbRoutes.js550
-rw-r--r--admportal/server/router/routes/gamma.js307
-rw-r--r--admportal/server/router/routes/mobility.js817
-rw-r--r--admportal/server/router/routes/network.js52
-rw-r--r--admportal/server/router/routes/preload.js101
-rw-r--r--admportal/server/router/routes/root.js45
-rw-r--r--admportal/server/router/routes/sla.js220
-rw-r--r--admportal/server/router/routes/user.js27
-rw-r--r--admportal/server/router/routes/vnf.js51
12 files changed, 750 insertions, 1517 deletions
diff --git a/admportal/server/router/index.js b/admportal/server/router/index.js
index 76cd6115..a529375e 100644
--- a/admportal/server/router/index.js
+++ b/admportal/server/router/index.js
@@ -9,9 +9,9 @@ module.exports = function(app) {
app.use('/odl', require('./routes/odl'));
app.use('/sla', require('./routes/sla'));
app.use('/user', require('./routes/user'));
- app.use('/gamma', require('./routes/gamma'));
+ //app.use('/gamma', require('./routes/gamma'));
app.use('/mobility', require('./routes/mobility'));
- app.use('/admin', require('./routes/admin'));
+ //app.use('/admin', require('./routes/admin'));
app.use('/preload', require('./routes/preload'));
//app.use('/svc-topology-operation', require('./routes/odl'));
//app.use('/wklist-delete', require('./routes/odl'));
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 4b7b8088..96c7fd85 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -5,40 +5,43 @@ var util = require('util');
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
+var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
+var csrf = require('csurf');
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
// GET
router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
+router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteParameter(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from PARAMETERS table.');
- dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
+ tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); });
+ async.series(tasks, function(err,result){
+ var msgArray = new Array();
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Row successfully deleted from PARAMETERS table.');
+ dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
// POST
-router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -59,7 +62,7 @@ router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
});
// gamma - updateAicSite
-router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js
index 435aaf91..8828052f 100644
--- a/admportal/server/router/routes/csp.js
+++ b/admportal/server/router/routes/csp.js
@@ -15,13 +15,18 @@ function logout(req,res){
function login (req,res) {
+console.log('login');
+var tkn = req.sanitize(req.body._csrf);
+console.log('login:tkn=' + tkn);
+
var loggedInAdmin={};
- var email = req.body.email;
+ var email = req.sanitize(req.body.email);
+ var pswd = req.sanitize(req.body.password);
dbRoutes.findAdminUser(email,res,function(adminUser){
if(adminUser !== null){
// make sure correct password is provided
- if (req.body.password != adminUser.password) {
+ if (pswd != adminUser.password) {
res.render("pages/login",
{
result:
@@ -36,6 +41,7 @@ function login (req,res) {
var loggedInAdmin = {
email:adminUser.email,
+ csrfToken: tkn,
password:adminUser.password,
privilege:adminUser.privilege
}
@@ -57,6 +63,7 @@ function login (req,res) {
}
function checkAuth(req,res,next){
+
var host = req.get('host');
var url = req.url;
var originalUrl = req.originalUrl;
@@ -64,8 +71,7 @@ function checkAuth(req,res,next){
console.log("checkAuth");
var host = req.headers['host'];
-console.log('host=' + host);
-
+ console.log('host=' + host);
console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
if(req.session == null || req.session == undefined
|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
@@ -79,6 +85,40 @@ console.log('host=' + host);
next();
}
+function checkPriv(req,res,next)
+{
+ var priv = req.session.loggedInAdmin;
+ if(req.session == null || req.session == undefined
+ || req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
+ {
+ res.render("pages/err",
+ {
+ result: {code:'error', msg:'Unexpected null session.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ else
+ {
+ if (priv.privilege == 'A')
+ {
+ next();
+ return;
+ }
+ else
+ {
+ res.render("pages/err",
+ {
+ result: { code:'error', msg:'User does not have permission to run operation.'},
+ header: process.env.MAIN_MENU
+ });
+ return;
+ }
+ }
+}
+
+
exports.login = login;
exports.logout = logout;
exports.checkAuth = checkAuth;
+exports.checkPriv = checkPriv;
diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js
index 34a90c7b..c4a09fdc 100644
--- a/admportal/server/router/routes/dbRoutes.js
+++ b/admportal/server/router/routes/dbRoutes.js
@@ -262,18 +262,22 @@ console.log('checkDB');
exports.saveUser = function(req,res){
- pool.getConnection(function(err,connection){
+console.log('b4 sani');
+ var email = req.sanitize(req.body.nf_email);
+ var pswd = req.sanitize(req.body.nf_password);
+console.log('after sani');
+
+ pool.getConnection(function(err,connection)
+ {
if(err){
console.error( String(err) ); // ALARM
res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
return;
- }
- //var sql = "SELECT AES_DECRYPT(password, '" + enckey + "') password FROM PORTAL_USERS";
- var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + req.body.nf_email + "'";
-
- console.log(sql);
+ }
+ var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'";
- connection.query(sql, function(err,result){
+ connection.query(sql, function(err,result)
+ {
if(err){
connection.release();
res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
@@ -287,13 +291,12 @@ exports.saveUser = function(req,res){
}
sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES ("
- +"'"+ req.body.nf_email + "',"
- + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
+ +"'"+ email + "',"
+ + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
+"'A')";
- console.log(sql);
-
- connection.query(sql, function(err,result){
+ connection.query(sql, function(err,result)
+ {
connection.release();
if(err){
@@ -360,172 +363,207 @@ exports.deleteUser = function(req,res){
exports.addUser = function(req,res){
var rows={};
- var resultObj = { code:'', msg:'' };
+ var resultObj = { code:'', msg:'' };
var privilegeObj = req.session.loggedInAdmin;
+ var privilege = req.sanitize(req.body.nf_privilege);
+ var email = req.sanitize(req.body.nf_email);
+ var pswd = req.sanitize(req.body.nf_password);
- pool.getConnection(function(err,connection) {
- if(err){
+
+ pool.getConnection(function(err,connection)
+ {
+ if(err)
+ {
console.error( String(err) ); // ALARM
- res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
-
- if( req.body.nf_privilege == "admin" ){
- var char_priv = 'A';
- }else if(req.body.nf_privilege == 'readonly'){
- var char_priv = 'R';
- }else{
- var char_priv = 'A';
- }
-
-
- //connection.query(sqlRequest, function(err,result){
- var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
- +"'"+ req.body.nf_email + "',"
- + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
- +"'"+ char_priv + "')";
-
- console.log(sqlUpdate);
+ }
- connection.query(sqlUpdate,function(err,result){
+ if( privilege == "admin" ){
+ var char_priv = 'A';
+ }else if(privilege == 'readonly'){
+ var char_priv = 'R';
+ }else{
+ var char_priv = 'R';
+ }
- if(err){
- resultObj = {code:'error', msg:'Add of user failed Error: '+err};
- }
+ //connection.query(sqlRequest, function(err,result)
+ var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
+ +"'"+ email + "',"
+ + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
+ +"'"+ char_priv + "')";
- // Need DB lookup logic here
- connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) {
- connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
+ connection.query(sqlUpdate,function(err,result)
+ {
+ if(err){
+ resultObj = {code:'error', msg:'Add of user failed Error: '+err};
+ }
+ // Need DB lookup logic here
+ connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows)
+ {
+ connection.release();
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
resultObj = {code:'success',msg:'Successfully added user.'};
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+ res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
return;
- }else{
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
+ }else{
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
+ }
+ }
+ else {
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- }); //end query
- });
-
- }); // end of getConnection
+ }
+ }); //end query
+ });
+ }); // end of getConnection
}
// updateUser
exports.updateUser= function(req,res){
- var rows={};
+ var rows={};
var resultObj = { code:'', msg:'' };
var privilegeObj = req.session.loggedInAdmin;
+ var email = req.sanitize(req.body.uf_email);
+ var key_email = req.sanitize(req.body.uf_key_email)
+ var pswd = req.sanitize(req.body.uf_password);
+ var privilege = req.sanitize(req.body.uf_privilege);
- pool.getConnection(function(err,connection) {
-
- if(err){
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
console.error( String(err) ); // ALARM
- res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
+ res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
+ }
- if( req.body.uf_privilege == "admin" ){
+ if( privilege == "admin" ){
var char_priv = 'A';
- }else if(req.body.uf_privilege == 'readonly'){
+ }else if(privilege == 'readonly'){
var char_priv = 'R';
}else{
- var char_priv = 'A';
+ var char_priv = 'R';
}
-
- //connection.query(sqlRequest, function(err,result){
var sqlUpdate = "UPDATE PORTAL_USERS SET "
- + "email = '" + req.body.uf_email + "',"
- + "password = " + "AES_ENCRYPT('" + req.body.uf_password + "','" + enckey + "'), "
+ + "email = '" + email + "',"
+ + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), "
+ "privilege = '"+ char_priv + "'"
- + " WHERE email = '" + req.body.uf_key_email + "'";
-
- console.log(sqlUpdate);
-
- connection.query(sqlUpdate,function(err,result){
+ + " WHERE email = '" + key_email + "'";
+ connection.query(sqlUpdate,function(err,result)
+ {
if(err){
- resultObj = {code:'error', msg:'Update of user failed Error: '+err};
+ resultObj = {code:'error', msg:'Update of user failed Error: '+err};
}
-
- // Need DB lookup logic here
- connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) {
- connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
+ // Need DB lookup logic here
+ connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows)
+ {
+ connection.release();
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
resultObj = {code:'success',msg:'Successfully updated user.'};
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
- return;
- }else{
- res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
+ res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
+ return;
+ }else{
+ res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
+ }
+ } else {
+ res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
}
- }); //end query
- });
- }); // end of getConnection
-};
+ }); //end query
+ });
+ }); // end of getConnection
+}
exports.listUsers = function(req,res,resultObj){
var privilegeObj = req.session.loggedInAdmin;
- var rows={};
- pool.getConnection(function(err,connection) {
+ var rows={};
+ pool.getConnection(function(err,connection)
+ {
- if(err){
+ if(err){
console.error( String(err) ); // ALARM
- res.render("pages/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ res.render("pages/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:"Unable to get database connection. " + String(err),
+ privilege:privilegeObj },
+ header:process.env.MAIN_MENU
+ });
return;
- }
+ }
- // Need DB lookup logic here
- var selectUsers = "SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege from PORTAL_USERS";
- console.log(selectUsers);
- connection.query(selectUsers, function(err, rows) {
+ // Need DB lookup logic here
+ var selectUsers = "SELECT email, AES_DECRYPT(password,'"
+ + enckey + "') password, privilege from PORTAL_USERS";
- connection.release();
- if(err){
- resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+ connection.query(selectUsers, function(err, rows) {
+
+ connection.release();
+ if(err){
+ resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+ }
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
+ console.log(JSON.stringify(rows));
+ res.render('user/list',
+ {
+ rows: rows,
+ result:resultObj,
+ privilege:privilegeObj,
+ header:process.env.MAIN_MENU
+ });
+ return;
}
-
- if(!err) {
- if ( rows.length > 0 )
- {
- console.log(JSON.stringify(rows));
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU });
- return;
- }
- else{
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database.',
- privilege:privilegeObj },header:process.env.MAIN_MENU});
- return;
- }
- } else {
- res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
- return;
+ else{
+ res.render("user/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:'Unexpected no rows returned from database.',
+ privilege:privilegeObj },
+ header:process.env.MAIN_MENU
+ });
+ return;
}
- }); //end query
- }); // end getConnection
+ }
+ else
+ {
+ res.render("user/list",
+ {
+ rows: null,
+ result:{
+ code:'error',
+ msg:'Unexpected no rows returned from database. ' + String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU
+ });
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
exports.listSLA = function(req,res,resultObj){
@@ -689,29 +727,29 @@ exports.getMetaTable = function(req,res,sql,rdestination,resultObj,privilegeObj)
exports.getVnfProfile = function(req,res,resultObj,privilegeObj){
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- connection.query("SELECT vnf_type,availability_zone_count,equipment_role "
- + "FROM VNF_PROFILE ORDER BY VNF_TYPE", function(err, rows)
- {
- connection.release();
- if(err) {
- res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
- else {
- res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
- return;
- }
- }); //end query
-console.log('after query');
- }); // end getConnection
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ var sql = "SELECT vnf_type,availability_zone_count,equipment_role FROM VNF_PROFILE ORDER BY VNF_TYPE";
+ console.log(sql);
+ connection.query(sql, function(err, rows)
+ {
+ connection.release();
+ if(err) {
+ res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ else {
+ console.log('render vnfProfile');
+ res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
@@ -747,103 +785,102 @@ exports.getVnfPreloadData = function(req,res,dbtable,callback){
-exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj){
-
-
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- // Need DB lookup logic here
- connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
- + "FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id", function(err, rows)
- {
- var msgArray = new Array();
-
- connection.release();
- if(err) {
- msgArray = 'Database Error: '+ String(err);
- res.render("mobility/vnfPreloadNetworkData", {
+exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj)
+{
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err",
+ {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ // Need DB lookup logic here
+ var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id";
+ console.log(sql);
+ connection.query(sql, function(err, rows)
+ {
+ var msgArray = new Array();
+ connection.release();
+ if(err) {
+ msgArray = 'Database Error: '+ String(err);
+ res.render("mobility/vnfPreloadNetworkData", {
result:{code:'error',msg:msgArray},
+ privilege:privilegeObj,
preloadImportDirectory: properties.preloadImportDirectory,
header:process.env.MAIN_MENU
});
- return;
- }
- else {
- var retData = [];
- for( r=0; r<rows.length; r++)
- {
- var rowObj = {};
- rowObj.row = rows[r];
- if ( rows[r].filename.length > 0 )
- {
- try{
+ return;
+ }
+ else {
+ var retData = [];
+ for( r=0; r<rows.length; r++)
+ {
+ var rowObj = {};
+ rowObj.row = rows[r];
+ if ( rows[r].filename.length > 0 )
+ {
+ try{
var buffer = rows[r].preload_data;
- var decode_buffer = decodeURI(buffer);
- var filecontent = JSON.parse(decode_buffer);
- rowObj.filecontent = filecontent;
- rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
- rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
- }
- catch(error){
- msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
- }
- }
- else {
- rowObj.filecontent = '';
- }
- retData.push(rowObj);
- }
- if(msgArray.length>0){
- resultObj.code = 'failure';
- resultObj.msg = msgArray;
- }
- res.render('mobility/vnfPreloadNetworkData', {
+ var decode_buffer = decodeURI(buffer);
+ var filecontent = JSON.parse(decode_buffer);
+ rowObj.filecontent = filecontent;
+ rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
+ rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
+ }
+ catch(error){
+ msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+ }
+ }
+ else {
+ rowObj.filecontent = '';
+ }
+ retData.push(rowObj);
+ }//endloop
+ if(msgArray.length>0){
+ resultObj.code = 'failure';
+ resultObj.msg = msgArray;
+ }
+ res.render('mobility/vnfPreloadNetworkData', {
retData:retData,
result:resultObj,
privilege:privilegeObj,
preloadImportDirectory: properties.preloadImportDirectory,
header:process.env.MAIN_MENU
});
- return;
- }
- }); //end query
- }); // end getConnection
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
-exports.getVnfData = function(req,res,resultObj,privilegeObj){
-
-
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
- return;
- }
-
- // Need DB lookup logic here
- connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
- + "FROM PRE_LOAD_VNF_DATA ORDER BY id", function(err, rows)
+exports.getVnfData = function(req,res,resultObj,privilegeObj)
+{
+ pool.getConnection(function(err,connection)
+ {
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+ // Need DB lookup logic here
+ var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_DATA ORDER BY id";
+ console.log(sql);
+ connection.query(sql,function(err, rows)
{
var msgArray = new Array();
-
- connection.release();
- if(err) {
+ connection.release();
+ if(err) {
msgArray = 'Database Error: '+ String(err);
- res.render("mobility/vnfPreloadData", {
+ res.render("mobility/vnfPreloadData", {
result:{code:'error',msg:msgArray},
+ privilege:privilegeObj,
preloadImportDirectory: properties.preloadImportDirectory,
header:process.env.MAIN_MENU
});
- return;
- }
- else {
+ return;
+ }
+ else {
var retData = [];
for( r=0; r<rows.length; r++)
{
@@ -853,35 +890,35 @@ exports.getVnfData = function(req,res,resultObj,privilegeObj){
{
try{
var buffer = rows[r].preload_data;
- var s_buffer = decodeURI(buffer);
+ var s_buffer = decodeURI(buffer);
var filecontent = JSON.parse(s_buffer);
rowObj.filecontent = filecontent;
rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"];
rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"];
}
catch(error){
- msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+ msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
}
}
else {
rowObj.filecontent = '';
}
retData.push(rowObj);
- }
+ }//endloop
if(msgArray.length>0){
resultObj.code = 'failure';
resultObj.msg = msgArray;
}
- res.render('mobility/vnfPreloadData',{
- retData:retData, result:resultObj,
- privilege:privilegeObj,
- header:process.env.MAIN_MENU,
- preloadImportDirectory: properties.preloadImportDirectory
+ res.render('mobility/vnfPreloadData',{
+ retData:retData, result:resultObj,
+ privilege:privilegeObj,
+ header:process.env.MAIN_MENU,
+ preloadImportDirectory: properties.preloadImportDirectory
});
- return;
- }
- }); //end query
- }); // end getConnection
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
@@ -927,28 +964,27 @@ exports.findAdminUser = function(email,res,callback) {
exports.addRow = function(sql,req,res,callback){
- console.log(sql);
-
- pool.getConnection(function(err,connection) {
+ console.log(sql);
- if(err){
- console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
- return;
- }
+ pool.getConnection(function(err,connection) {
- connection.query(sql, function(err,result){
- connection.release();
- if(err){
- console.debug('Database operation failed. ' + err );
- callback(err,'Database operation failed. ' + err );
- }
- else
- {
- callback(null, result.affectedRows);
- }
- }); //end query
- }); // end getConnection
+ if(err){
+ console.error( String(err) ); // ALARM
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ connection.query(sql, function(err,result){
+ connection.release();
+ if(err){
+ console.debug('Database operation failed. ' + err );
+ callback(err,'Database operation failed. ' + err );
+ }
+ else
+ {
+ callback(null, result.affectedRows);
+ }
+ }); //end query
+ }); // end getConnection
}
diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js
index 70e6713c..5b8c7649 100644
--- a/admportal/server/router/routes/gamma.js
+++ b/admportal/server/router/routes/gamma.js
@@ -53,314 +53,7 @@ router.get('/getNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res)
dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- if (typeof req.query.vlan_plan_id == "undefined"){
- dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }else{
- var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN "
- + req.query.range_start + " AND " + req.query.range_end;
- dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
- }
-});
-
-router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var network_type = removeNL(req.body.nf_network_type);
- var technology = removeNL(req.body.nf_technology);
- var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES ("
- + "'"+ network_type + "',"
- + "'"+ technology + "')";
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result == 1 )
- {
- msgArray.push('Successfully added Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Was not able to add Network Profile.');
- dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var plan_type = req.body.nf_plan_type;
- var purpose = req.body.nf_purpose;
- var range_start = padLeft(removeNL(req.body.nf_range_start),4);
- var range_end = padLeft(removeNL(req.body.nf_range_end),4);
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback){
- dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback);
-
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push("Error: " + err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- if ( result[0] == 1 )
- {
- msgArray.push('Successfully deleted Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('No rows removed.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- }
- });
-});
-
-router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- tasks.push(function(callback){
- dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully deleted Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE NETWORK_PROFILE SET "
- + "network_type='"+ removeNL(req.body.uf_network_type) + "', "
- + "technology='" + removeNL(req.body.uf_technology) + "' "
- + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'";
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var sql = "UPDATE VLAN_POOL SET "
- + "status='"+ removeNL(req.body.uf_status) + "' "
- + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'"
- + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'"
- + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'"
- + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'"
- + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'"
- + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id);
-
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully updated Network Profile.');
- dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-});
-router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var vlan_plan_id = req.query.vlan_plan_id;
- var plan_type = req.query.plan_type;
- var purpose = req.query.purpose;
- var range_start = req.query.range_start;
- var range_end = req.query.range_end;
- var tasks = [];
- var privilegeObj = req.session.loggedInAdmin;
-
- tasks.push( function(callback) {
- dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback);
- });
-
- // will probably need to be a new call that is a transaction if i use a new
- // plan_type-purpose-counter table.
- //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err)
- {
- msgArray.push(err);
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else
- {
- msgArray.push('Successfully added VLAN Range.');
- dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-///// end 1604
-
-
// GET
-router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
- dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-
-// ROLLBACK SERVICE_HOMING
-router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.rollbackServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('SERVICE_HOMING table successfully restored.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-// DELETE SERVICE_HOMING
-router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- tasks.push(function(callback) {
- dbRoutes.deleteServiceHoming(req,res,callback);
- });
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from SERVICE_HOMING table.');
- dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-// DELETE AIC_SITE
router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js
index d19f65aa..cd798dc8 100644
--- a/admportal/server/router/routes/mobility.js
+++ b/admportal/server/router/routes/mobility.js
@@ -6,13 +6,18 @@ var fs = require('fs.extra');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
var multer = require('multer');
+var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
var l_ = require('lodash');
var dateFormat = require('dateformat');
var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var crypto = require('crypto');
+var csrf = require('csurf');
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser())
// pass host, username and password to ODL
// target host for ODL request
@@ -57,30 +62,28 @@ var upload = multer({
});
-
-
// GET
-router.get('/getVnfData', csp.checkAuth, function(req,res) {
+router.get('/getVnfData', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.getVnfData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
- dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+router.get('/getVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) {
+ dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getVnfProfile', csp.checkAuth, function(req,res) {
+router.get('/getVnfProfile', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
-router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
- dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVmProfile', csp.checkAuth, function(req,res) {
- dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
+//router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
+// dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
+// dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVmProfile', csp.checkAuth, function(req,res) {
+// dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
////////
-router.get('/getVnfNetworkData', csp.checkAuth, function(req,res) {
- dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/viewVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res)
{
var privilegeObj = req.session.loggedInAdmin;
var resp_msg = '';
@@ -110,7 +113,7 @@ router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res)
});
-router.get('/viewVnfData', csp.checkAuth, function(req,res)
+router.get('/viewVnfData', csp.checkAuth, csrfProtection, function(req,res)
{
var privilegeObj = req.session.loggedInAdmin;
var resp_msg = '';
@@ -140,87 +143,85 @@ router.get('/viewVnfData', csp.checkAuth, function(req,res)
});
-router.get('/loadVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res)
{
+ var privilegeObj = req.session.loggedInAdmin;
+ var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
- var msgArray = new Array();
-
- if ( req.query.status != 'pending' )
- {
- msgArray.push("Upload Status must be in 'pending' state.");
- dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
- }
-
- // build request-id
- var now = new Date();
- var df = dateFormat(now,"isoDateTime");
- var rnum = Math.floor((Math.random() * 9999) +1);
- var svc_req_id = req.query.id + "-" + df + "-" + rnum;
+ if ( req.query.status != 'pending' )
+ {
+ msgArray.push("Upload Status must be in 'pending' state.");
+ dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
+ }
- var tasks = [];
+ // build request-id
+ var now = new Date();
+ var df = dateFormat(now,"isoDateTime");
+ const rnum = crypto.randomBytes(4);
+ var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');;
+ var tasks = [];
// first get the contents of the file from the db
- tasks.push(function(callback){
+ tasks.push(function(callback){
dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_NETWORK_DATA",callback);
});
// then format the request and send it using the arg1 parameter
// which is the contents of the file returned from the previous function
// call in the tasks array
- tasks.push(function(arg1,callback){
+ tasks.push(function(arg1,callback){
var s_file = JSON.stringify(arg1);
- // remove the last two braces, going to add the headers there
- // will add them back later.
- s_file = s_file.substring(0, (s_file.length-2));
+ // remove the last two braces, going to add the headers there
+ // will add them back later.
+ s_file = s_file.substring(0, (s_file.length-2));
- // add the request-information header
- s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
+ // add the request-information header
+ s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
- // add the sdnc-request-header
- s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
- s_file = s_file.concat(svc_req_id);
- s_file = s_file.concat('","svc-action": "reserve"}');
+ // add the sdnc-request-header
+ s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
+ s_file = s_file.concat(svc_req_id);
+ s_file = s_file.concat('","svc-action": "reserve"}');
- // add the two curly braces at the end that we stripped off
- s_file = s_file.concat('}}');
+ // add the two curly braces at the end that we stripped off
+ s_file = s_file.concat('}}');
- OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation',
- options,s_file,res,callback);
- });
+ OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation',
+ options,s_file,res,callback);
+ });
// if successful then update the status
- tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
+ tasks.push(function(arg1,callback){
+ dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
- });
+ });
// use the waterfall method of making calls
async.waterfall(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push("Error posting pre-load data to ODL: "+err);
- dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
- }
- else{
- msgArray.push('Successfully loaded VNF pre-loaded data.');
- dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ {
+ var msgArray = new Array();
+ if(err){
+ msgArray.push("Error posting pre-load data to ODL: "+err);
+ dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
+ }
+ else{
+ msgArray.push('Successfully loaded VNF pre-loaded data.');
+ dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
-router.get('/loadVnfData', csp.checkAuth, function(req,res)
+router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
{
- var privilegeObj = req.session.loggedInAdmin;
+ var privilegeObj = req.session.loggedInAdmin;
var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename
- var msgArray = new Array();
+ var msgArray = new Array();
if ( req.query.status != 'pending' )
{
@@ -232,28 +233,27 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res)
// build request-id
var now = new Date();
var df = dateFormat(now,"isoDateTime");
- var rnum = Math.floor((Math.random() * 9999) +1);
- var svc_req_id = req.query.id + "-" + df + "-" + rnum;
-
+ const rnum = crypto.randomBytes(4);
+ var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');
var tasks = [];
// first get the contents of the file from the db
tasks.push(function(callback){
- dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
- });
+ dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
+ });
// then format the request and send it using the arg1 parameter
// which is the contents of the file returned from the previous function
// call in the tasks array
tasks.push(function(arg1,callback){
- var s1_file = JSON.stringify(arg1);
- var s_file = decodeURI(s1_file);
+ var s1_file = JSON.stringify(arg1);
+ var s_file = decodeURI(s1_file);
// remove the last two braces, going to add the headers there
- // will add them back later.
- s_file = s_file.substring(0, (s_file.length-2));
+ // will add them back later.
+ s_file = s_file.substring(0, (s_file.length-2));
// add the request-information header
s_file = s_file.concat(',"request-information": {"request-action": "PreloadVNFRequest"}');
@@ -267,12 +267,12 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res)
s_file = s_file.concat('}}');
OdlInterface.Post('/restconf/operations/VNF-API:preload-vnf-topology-operation',
- options,s_file,res,callback);
+ options,s_file,res,callback);
});
// if successful then update the status
tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
+ dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
});
@@ -281,20 +281,20 @@ router.get('/loadVnfData', csp.checkAuth, function(req,res)
{
var msgArray = new Array();
if(err){
- msgArray.push("Error posting pre-load data to ODL: "+err);
- dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
- return;
+ msgArray.push("Error posting pre-load data to ODL: "+err);
+ dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+ return;
}
else{
msgArray.push('Successfully loaded VNF pre-loaded data.');
- dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
+ dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
});
});
-router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -347,7 +347,9 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) {
});
-router.get('/deleteVnfData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
+
+console.log('deleteVnfData');
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -360,14 +362,14 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) {
dbRoutes.executeSQL(sql,req,res,callback);
});
} else {
- var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
- inputString = inputString.concat(req.query.vnf_name);
- inputString = inputString.concat('","vnf-type":"');
- inputString = inputString.concat(req.query.vnf_type);
- inputString = inputString.concat('"}},');
+ var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
+ inputString = inputString.concat(req.query.vnf_name);
+ inputString = inputString.concat('","vnf-type":"');
+ inputString = inputString.concat(req.query.vnf_type);
+ inputString = inputString.concat('"}},');
- // add the request-information header
- inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
+ // add the request-information header
+ inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
// add the request-information header
//inputString = inputString.concat('"request-information": {"request-id": "259c0f93-23cf-46ad-84dc-162ea234fff1",');
@@ -412,36 +414,7 @@ router.get('/deleteVnfData', csp.checkAuth, function(req,res) {
});
-router.get('/deleteVmProfile', csp.checkAuth, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql = '';
-
- sql = "DELETE FROM VM_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'"
- + " AND vm_type='" + req.query.vm_type + "'";
-
- tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from VM_PROFILE table.');
- dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetwork', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -469,7 +442,7 @@ router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) {
});
});
-router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
@@ -496,215 +469,39 @@ router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) {
});
});
-router.get('/deleteVmNetwork', csp.checkAuth, function(req,res) {
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql = '';
-
- sql = "DELETE FROM VM_NETWORKS WHERE vnf_type='" + req.query.vnf_type
- + "' AND vm_type='" + req.query.vm_type + "' AND network_role='"
- + req.query.network_role + "'";
-
- tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
- });
- async.series(tasks, function(err,result)
- {
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Row successfully deleted from VM_NETWORKS table.');
- dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
// POST
-router.post('/addVmProfile', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var sql;
-
-
- if ( req.body.nf_vm_count.length > 0 )
- {
- sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type,vm_count) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + req.body.nf_vm_count + ")";
- }
- else
- {
- sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "')";
- }
-
-
- console.log("SQL: " + sql);
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VM Profile');
- dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-
-router.post('/addVnfNetwork', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
-
- var sql = "INSERT INTO VNF_NETWORKS (vnf_type,network_role) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_network_role + "')";
+router.post('/addVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res){
- console.log("SQL: " + sql);
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VNF Network');
- dbRoutes.getVnfNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/addVnfProfile', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
+ var privilegeObj = req.session.loggedInAdmin;
+ var vnf_type = req.sanitize(req.body.nf_vnf_type);
+ var availability_zone_count = req.sanitize(req.body.nf_availability_zone_count);
+ var equipment_role = req.sanitize(req.body.nf_equipment_role);
+ var tasks = [];
var sql;
- sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + req.body.nf_availability_zone_count
- + ",'" + req.body.nf_equipment_role + "')";
+ sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
+ + "'" + vnf_type + "'," + availability_zone_count + ",'" + equipment_role + "')";
console.log(sql);
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- var msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VNF Profile');
- dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
-});
-
-router.post('/addVmNetwork', csp.checkAuth, function(req,res){
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
- var msgArray = new Array();
-
- // convert true|false to 1|0
- var assign_ips = (req.body.nf_assign_ips == 'true') ? 1 : 0;
- var assign_macs = (req.body.nf_assign_macs == 'true') ? 1 : 0;
- var assign_floating_ip = (req.body.nf_assign_floating_ip == 'true') ? 1 : 0;
-
-
- if ((req.body.nf_assign_ips == 'true' &&
- (typeof req.body.nf_ip_count == 'undefined' || req.body.nf_ip_count.length <=0)))
- {
- msgArray.push("If assign_ips equals 'true', ip_count must be populated with a number.");
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
-
-
- if ( req.body.nf_ip_count.length >0 )
- {
- var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,ip_count,assign_ips,assign_macs,assign_floating_ip) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + "'" + req.body.nf_network_role + "',"
- + req.body.nf_ip_count + ","
- + assign_ips + ","
- + assign_macs + ","
- + assign_floating_ip + ")";
- }
- else
- {
- var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,assign_ips,assign_macs,assign_floating_ip) VALUES ("
- + "'" + req.body.nf_vnf_type + "',"
- + "'" + req.body.nf_vm_type + "',"
- + "'" + req.body.nf_network_role + "',"
- + assign_ips + ","
- + assign_macs + ","
- + assign_floating_ip + ")";
- }
-
- tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
- async.series(tasks, function(err,result){
- msgArray = new Array();
- if(err){
- msgArray.push(err);
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- msgArray.push('Successfully added VM Network');
- var message = '';
- if (req.body.nf_ip_count.length >0)
- {
- message = req.body.nf_vnf_type
- + ',' + req.body.nf_vm_type
- + ',' + req.body.nf_network_role
- + ',' + req.body.nf_ip_count
- + ',' + req.body.nf_assign_ips
- + ',' + req.body.nf_assign_macs
- + ',' + req.body.nf_assign_floating_ip;
- }
- else
- {
- message = req.body.nf_vnf_type
- + ',' + req.body.nf_vm_type
- + ',' + req.body.nf_network_role
- + ',' + req.body.nf_assign_ips
- + ',' + req.body.nf_assign_macs
- + ',' + req.body.nf_assign_floating_ip;
- }
- dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
+ async.series(tasks, function(err,result){
+ var msgArray = new Array();
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Successfully added VNF Profile');
+ dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
+ });
});
// POST
-router.post('/uploadVnfData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
{
console.log('filename:'+ JSON.stringify(req.file.originalname));
var msgArray = new Array();
@@ -776,7 +573,7 @@ console.log('filename:'+ JSON.stringify(req.file.originalname));
} );
-router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfNetworkData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
{
var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
@@ -846,128 +643,7 @@ router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), f
} );
-router.post('/uploadVmNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname){
- if (req.file.originalname.size == 0) {
- dbRoutes.getVmNetworks(req,res,{code:'failure', msg:'There was an error uploading the file, please try again.'},privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVmNetwork(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.parallelLimit(funcArray, 50, function(err,result){
-
- if ( err ) {
- dbRoutes.getVmNetworks(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVmNetworks(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-
-} );
-
-router.post('/uploadVnfProfile', csp.checkAuth, upload.single('filename'), function(req, res){
+router.post('/uploadVnfProfile', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res){
var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
@@ -1091,249 +767,4 @@ console.log('result='+JSON.stringify(result));
}
} );
-
-router.post('/uploadVnfNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname)
- {
- if (req.file.originalname.size == 0) {
- dbRoutes.getVnfProfile(req,res,
- {code:'failure', msg:'There was an error uploading the file, please try again.'},
- privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVnfNetwork(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.series(funcArray, function(err,result){
-
- if ( err ) {
- dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-} );
-
-router.post('/uploadVmProfile', csp.checkAuth, upload.single('filename'), function(req, res){
-
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- if(req.file.originalname)
- {
- if (req.file.originalname.size == 0) {
- dbRoutes.getVmProfile(req,res,
- {code:'failure', msg:'There was an error uploading the file, please try again.'},
- privilegeObj);
- return;
- }
- fs.exists(req.file.path, function(exists) {
-
- if(exists) {
-
- var str = req.file.originalname;
-
- try {
- var csv = require('csv');
-
- // the job of the parser is to convert a CSV file
- // to a list of rows (array of rows)
- var parser = csv.parse({
- columns: function(line) {
- // By defining this callback, we get handed the
- // first line of the spreadsheet. Which we'll
- // ignore and effectively skip this line from processing
- },
- skip_empty_lines: true
- });
-
- var row = 0;
- var f = new Array();
- var transformer = csv.transform(function(data){
- // this will get row by row data, so for example,
- //logger.debug(data[0]+','+data[1]+','+data[2]);
-
- // build an array of rows
- f[row] = new Array();
- for ( col=0; col<data.length; col++ )
- {
- f[row][col] = data[col];
- }
- row++;
- });
-
- // called when done with processing the CSV
- transformer.on("finish", function() {
-
- var funcArray = new Array();
-
- function createFunction(lrow,res)
- {
- return function(callback) { dbRoutes.addVmProfile(lrow,res,callback); }
- }
- // loop for each row and create an array of callbacks for async.parallelLimit
- // had to create a function above 'createFunction' to get
- for (var x=0; x<f.length; x++)
- {
- funcArray.push( createFunction(f[x],res) );
- }
-
- // make db calls in parrallel
- async.series(funcArray, function(err,result){
-
- if ( err ) {
- dbRoutes.getVmProfile(req,res,result,privilegeObj);
- return;
- }
- else {
- // result array has an entry in it, success entries are blank, figure out
- // how many are not blank, aka errors.
- var rowError = 0;
- for(var i=0;i<result.length;i++){
- if ( result[i].length > 0 )
- {
- rowError++;
- }
- }
- var rowsProcessed = f.length - rowError;
- result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
- if ( rowError > 0 )
- {
- result = {code:'failure', msg:result};
- }
- else
- {
- result = {code:'success', msg:result};
- }
- dbRoutes.getVmProfile(req,res,result,privilegeObj);
- return;
- }
- });
- });
-
- var stream = fs.createReadStream(req.file.path, "utf8");
- stream.pipe(parser).pipe(transformer);
-
- } catch(ex) {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file. '+ex);
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- } else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
- });
- }
- else {
- msgArray.length = 0;
- msgArray.push('There was an error uploading the file.');
- dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
- return;
- }
-} );
-
module.exports = router;
diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js
index c64beae2..30aa66b2 100644
--- a/admportal/server/router/routes/network.js
+++ b/admportal/server/router/routes/network.js
@@ -20,12 +20,15 @@ var finalJson={};
var platform;
var req,res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error = false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
network.go = function(lreq,lres,cb,dir) {
puts("Processing NETWORK workbook");
+ proc_error = false;
req = lreq;
res = lres;
callback = cb;
@@ -49,7 +52,8 @@ function doGeneral() {
helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('general file is missing from upload.');
+ proc_error=true;
}
}
@@ -57,8 +61,9 @@ function gotGeneral(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
- callback('General.csv file is missing from upload.');
- return;
+ proc_error=true;
+ callback('General.csv file is missing from upload.');
+ return;
}
csvGeneral = jsonObj;
puts("\nRead this: ");
@@ -77,7 +82,10 @@ function doSubnets() {
helpers.readCsv(indir, newFileName, gotSubnets);
}
else {
+ puts('subnets file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -85,6 +93,7 @@ function gotSubnets(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Subnets.csv file is missing from upload.');
return;
}
@@ -108,7 +117,10 @@ function doVpnBindings() {
helpers.readCsv(indir, newFileName, gotVpnBindings);
}
else {
+ puts('vnp-bindings file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -116,6 +128,7 @@ function gotVpnBindings(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VPN-Bindings.csv file is missing from upload.');
return;
}
@@ -140,7 +153,10 @@ function doPolicies() {
helpers.readCsv(indir, newFileName, gotPolicies);
}
else {
+ puts('policies file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -148,6 +164,7 @@ function gotPolicies(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Policies.csv file is missing from upload.');
return;
}
@@ -178,7 +195,10 @@ function doNetRoutes() {
helpers.readCsv(indir, newFileName, gotNetRoutes);
}
else {
+ puts('network-routes file is missing from upload.');
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
+ return;
}
}
@@ -186,6 +206,7 @@ function gotNetRoutes(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Network-Routes.csv file is missing from upload.');
return;
}
@@ -218,6 +239,21 @@ function processJson() {
processPolicies();
processNetRoutes();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -256,7 +292,7 @@ function assembleJson() {
finalJson = {"input": networkInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -265,7 +301,7 @@ function outputJson() {
puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";
@@ -275,7 +311,7 @@ function outputJson() {
filename = "output.json." + unixTime;
}
helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //callback(null, finalJson, filename);
}
@@ -288,7 +324,9 @@ function processGeneral() {
if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {
puts("\nError - incorrect version of preload worksheet.");
- callback('Error - incorrect version of preload worksheet.');
+ proc_error=true;
+ //callback('Error - incorrect version of preload worksheet.');
+ return;
}
rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');
diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js
index fd41bb44..522c6daa 100644
--- a/admportal/server/router/routes/preload.js
+++ b/admportal/server/router/routes/preload.js
@@ -16,8 +16,6 @@ var vnf = require('./vnf');
var network = require('./network');
var moment = require('moment');
-
-
// pass host, username and password to ODL
// target host for ODL request
var username = properties.odlUser;
@@ -35,14 +33,17 @@ var options = {
strictSSL: false
};
-// multer 1.1
+// multer
var unixTime = moment().unix();
var storage = multer.diskStorage({
destination: function (req, file, cb) {
cb(null, process.cwd() + '/uploads/')
+ return;
},
filename: function (req, file, cb) {
+console.log('filename');
cb(null, unixTime + "." + file.originalname )
+ return;
}
});
@@ -54,98 +55,84 @@ var upload = multer({
return cb(null,false);
}
cb(null,true);
+ return;
}
});
router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
-
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
+ var msgArray = new Array();
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
tasks.push ( function(callback) { vnf.go(req,res,callback,''); } );
tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
async.waterfall(tasks, function(err,result)
{
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
+ if(err){
+ msgArray.push(err);
+ dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ return;
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ return;
+ }
});
-
});
router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res)
{
- console.log('files:'+ JSON.stringify(req.files,null,4));
-
- var tasks = []
- var msgArray = new Array();
- var privilegeObj = req.session.loggedInAdmin;
-
- var privilegeObj = req.session.loggedInAdmin;
- var tasks = [];
+ console.log('uploadNetworkCsv');
- tasks.push ( function(callback) { network.go(req,res,callback,''); } );
- tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
- tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
- async.waterfall(tasks, function(err,result)
- {
- if(err){
- msgArray.push(err);
- dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
- return;
- }
- else {
- //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
- msgArray.push('Successfully uploaded file.' );
- dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
- return;
- }
- });
+ var msgArray = new Array();
+ var privilegeObj = req.session.loggedInAdmin;
+ var tasks = [];
+ tasks.push ( function(callback) { network.go(req,res,callback,''); } );
+ tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
+ tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+ async.waterfall(tasks, function(err,result)
+ {
+ if(err){
+ console.log('ERROR:' + err);
+ msgArray.push(err);
+ dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+ }
+ else {
+ msgArray.push('Successfully uploaded file.' );
+ dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+ }
+ });
});
function formatVnfInsertStatement(content,filename,req,res,callback)
{
- //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"');
- //var ins_str = newstr.replace("\r\n ", "\\r\\n");
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
function formatNetworkInsertStatement(content,filename,req,res,callback)
{
- var newstr = JSON.stringify(content);
- var enc_str = encodeURI(newstr);
- var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ var newstr = JSON.stringify(content);
+ var enc_str = encodeURI(newstr);
+ var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+ "(filename,preload_data) VALUES ("
+ "'"+ filename + "',"
+ "'" + enc_str + "')";
callback(null,sql);
+ return;
}
-
-
module.exports = router;
diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js
index b314d7db..78b69829 100644
--- a/admportal/server/router/routes/root.js
+++ b/admportal/server/router/routes/root.js
@@ -7,6 +7,12 @@ var os = require('os');
var async = require('async');
var OdlInterface = require('./OdlInterface');
var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var cookieParser = require('cookie-parser')
+var csrf = require('csurf')
+var bodyParser = require('body-parser')
+
+var csrfProtection = csrf({cookie:true});
+var parseForm = bodyParser.urlencoded({ extended: false })
@@ -70,28 +76,33 @@ function createFunctionObj( loptions ) {
return function(callback) { OdlInterface.Healthcheck(loptions,callback); };
}
-router.get('/mytree', function(req,res) {
- res.render('pages/tree');
+//router.get('/mytree', function(req,res) {
+// res.render('pages/tree');
+//});
+//router.get('/setuplogin', function(req,res) {
+// res.render('pages/setuplogin');
+//});
+//router.post('/formSetupLogin', function(req,res) {
+// dbRoutes.saveSetupLogin(req,res);
+//});
+
+router.get('/login', csrfProtection, function(req,res) {
+ var tkn = req.csrfToken();
+ res.render('pages/login', {csrfToken:tkn});
+ return;
});
-router.get('/setuplogin', function(req,res) {
- res.render('pages/setuplogin');
+router.post('/formlogin', csrfProtection, function(req,res) {
+ csp.login(req,res);
});
-router.post('/formSetupLogin', function(req,res) {
- dbRoutes.saveSetupLogin(req,res);
+
+router.get('/signup', csrfProtection, function(req,res) {
+ var tkn = req.csrfToken();
+ res.render('pages/signup', {csrfToken:tkn});
});
-router.post('/formSignUp', function(req,res) {
+router.post('/formSignUp', csrfProtection, function(req,res) {
dbRoutes.saveUser(req,res);
});
-router.post('/formlogin', csp.login, function(req,res) {
-});
-router.get('/login', function(req,res) {
- res.render('pages/login');
- // handle get
-});
-router.get('/signup', function(req,res) {
- res.render('pages/signup');
- // handle get
-});
+
router.get('/info', function(req,res) {
// handle get
res.send("login info");
diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js
index 10d64334..098cd66b 100644
--- a/admportal/server/router/routes/sla.js
+++ b/admportal/server/router/routes/sla.js
@@ -6,6 +6,8 @@ var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
var multer = require('multer');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
var bodyParser = require('body-parser');
//var sax = require('sax'),strict=true,parser = sax.parser(strict);
var async = require('async');
@@ -21,9 +23,8 @@ var xmlfile='';
// used for file upload button, retain original file name
//router.use(bodyParser());
-router.use(bodyParser.urlencoded({
- extended: true
-}));
+var csrfProtection = csrf({cookie: true});
+router.use(bodyParser.urlencoded({ extended: true }));
//var upload = multer({ dest: process.cwd() + '/uploads/', rename: function(fieldname,filename){ return filename; } });
// multer 1.1
@@ -57,11 +58,11 @@ router.use(multer({
// GET
-router.get('/listSLA', csp.checkAuth, function(req,res) {
+router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.listSLA(req,res,{code:'', msg:''} );
});
-router.get('/activate', csp.checkAuth, function(req,res){
+router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -82,7 +83,7 @@ router.get('/activate', csp.checkAuth, function(req,res){
});
});
-router.get('/deactivate', csp.checkAuth, function(req,res){
+router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -102,7 +103,7 @@ router.get('/deactivate', csp.checkAuth, function(req,res){
});
});
-router.get('/deleteDG', csp.checkAuth, function(req,res){
+router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){
var _module = req.query.module;
var rpc = req.query.rpc;
@@ -122,7 +123,7 @@ router.get('/deleteDG', csp.checkAuth, function(req,res){
});
});
-router.post('/dgUpload', upload.single('filename'), function(req, res, next){
+router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){
if(req.file.originalname){
if (req.file.originalname == 0) {
@@ -188,88 +189,94 @@ router.post('/dgUpload', upload.single('filename'), function(req, res, next){
// POST
-router.post('/upload', csp.checkAuth, upload.single('filename'), function(req, res, next){
+router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){
console.log('file:'+ JSON.stringify(req.file));
- if(req.file.originalname){
- if (req.file.originalname.size == 0) {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
- fs.exists(req.file.path, function(exists) {
- if(exists) {
-
+ if(req.file.originalname)
+ {
+ if (req.file.originalname.size == 0)
+ {
+ dbRoutes.listSLA(req,res,
+ { code:'danger', msg:'There was an error uploading the file, please try again.'});
+ }
+ fs.exists(req.file.path, function(exists)
+ {
+ if(exists)
+ {
// parse xml
- try {
+ try
+ {
//dbRoutes.checkSvcLogic(req,res);
var currentDB = dbRoutes.getCurrentDB();
- var file_buf = fs.readFileSync(req.file.path, "utf8");
+ var file_buf = fs.readFileSync(req.file.path, "utf8");
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh load "
+ // call svclogic shell script from here
+ var commandToExec = process.cwd() + "/shell/svclogic.sh load "
+ req.file.path + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
+ + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
- console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec ,function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
+ console.log("commandToExec:" + commandToExec);
+ child = exec(commandToExec ,function (error,stdout,stderr)
+ {
+ if(error)
+ {
+ console.error("error:" + error);
dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
return;
- }
- if(stderr){
- console.error("stderr:" + JSON.stringify(stderr,null,2));
- var s_stderr = JSON.stringify(stderr);
- if ( s_stderr.indexOf("Saving") > -1 )
- {
- dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- }else {
- dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
- }
- return;
- }
- if(stdout){
- console.log("stderr:" + stdout);
+ }
+ if(stderr){
+ console.error("stderr:" + JSON.stringify(stderr,null,2));
+ var s_stderr = JSON.stringify(stderr);
+ if ( s_stderr.indexOf("Saving") > -1 )
+ {
+ dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
+ }else {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
+ }
+ return;
+ }
+ if(stdout){
+ console.log("stderr:" + stdout);
dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- return;
+ return;
}
// remove the grave accents, the sax parser does not like them
//parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
//dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
//dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- // keep 'em silent
- console.error("error:" + ex);
- dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
-
- } else {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
- });
+ });
+ } catch(ex) {
+ // keep 'em silent
+ console.error("error:" + ex);
+ dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+ }
+ }
+ else {
+ dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
+ }
+ });
}
else {
dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
}
});
-router.get('/printAsXml', csp.checkAuth, function(req,res){
+router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){
try {
//dbRoutes.checkSvcLogic(req,res);
var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
+ var rpc = req.query.rpc;
+ var version = req.query.version;
+ var mode = req.query.mode;
var currentDB = dbRoutes.getCurrentDB();
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
+ // call Dan's svclogic shell script from here
+ var commandToExec = process.cwd()
+ "/shell/svclogic.sh get-source "
+ _module + " "
+ rpc + " "
@@ -279,91 +286,34 @@ router.get('/printAsXml', csp.checkAuth, function(req,res){
console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
- if(error){
+ child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
+ if(error){
console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
+ dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
return;
- }
- //if(stderr){
- //logger.info("stderr:" + stderr);
- //}
- if(stdout){
- console.log("OUTPUT:" + stdout);
- res.render('sla/printasxml', {result:{code:'success',
- msg:'Module : ' + _module + '\n' +
+ }
+ //if(stderr){
+ //logger.info("stderr:" + stderr);
+ //}
+ if(stdout){
+ console.log("OUTPUT:" + stdout);
+ res.render('sla/printasxml', {result:{code:'success',
+ msg:'Module : ' + _module + '\n' +
'RPC : ' + rpc + '\n' +
'Mode : ' + mode + '\n' +
'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU});
- }
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
+ }
+
+ // remove the grave accents, the sax parser does not like them
+ //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
+ //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
+ //dbRoutes.listSLA(req,res, resultObj);
+ });
+ } catch(ex) {
console.error("error:" + ex);
dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
+ }
});
-router.get('/printAsGv', csp.checkAuth, function(req,res){
-
- try {
- //dbRoutes.checkSvcLogic(req,res);
-
- var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
- var currentDB = dbRoutes.getCurrentDB();
-console.log('currentDB='+currentDB);
-
- // call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh print "
- + _module + " "
- + rpc + " "
- + mode + " "
- + version + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB
- + " | dot -Tpng";
-
- console.log("commandToExec:" + commandToExec);
-
- child = exec(commandToExec ,
- {encoding:'base64',maxBuffer:5000*1024}, function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
- return;
- }
- if(stderr){
- console.error("stderr:" + stderr);
- }
- if(stdout){
- //logger.info("OUTPUT:" + stdout);
- //res.render('sla/printasgv', result = {code:'success',
- //msg:new Buffer(stdout,'base64')} );
- res.render('sla/printasgv', {result:{code:'success',
- module: _module,
- rpc: rpc,
- version: version,
- mode:mode,
- msg:stdout}, header:process.env.MAIN_MENU});
- }
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- console.error("error:" + ex);
- dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
- }
-
-});
module.exports = router;
diff --git a/admportal/server/router/routes/user.js b/admportal/server/router/routes/user.js
index 40d3437c..df5f8607 100644
--- a/admportal/server/router/routes/user.js
+++ b/admportal/server/router/routes/user.js
@@ -5,8 +5,13 @@ var util = require('util');
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
var csp = require('./csp');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
var bodyParser = require('body-parser');
-var sax = require('sax'),strict=true,parser = sax.parser(strict);
+//var sax = require('sax'),strict=true,parser = sax.parser(strict);
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
// SVC_LOGIC table columns
var _module=''; // cannot use module its a reserved word
@@ -17,16 +22,21 @@ var xmlfile='';
//router.use(bodyParser());
-router.use(bodyParser.urlencoded({
- extended: true
-}));
+router.use(bodyParser.urlencoded({ extended: true }));
// GET
router.get('/listUsers', csp.checkAuth, function(req,res) {
dbRoutes.listUsers(req,res, {user:req.session.loggedInAdmin,code:'', msg:''} );
});
-router.get('/deleteUser', csp.checkAuth, function(req,res) {
+// POST
+router.post('/updateUser', csp.checkAuth, csrfProtection, function(req,res,next){
+ dbRoutes.updateUser(req,res,{code:'',msg:''});
+});
+router.post('/addUser', csp.checkAuth, csrfProtection, function(req,res) {
+ dbRoutes.addUser(req,res, {code:'', msg:''} );
+});
+router.get('/deleteUser', csp.checkAuth, csrfProtection, function(req,res) {
dbRoutes.deleteUser(req,res, {code:'', msg:''} );
});
@@ -93,13 +103,6 @@ parser.onend = function () {
*/
-// POST
-router.post('/updateUser', csp.checkAuth, function(req,res,next){
- dbRoutes.updateUser(req,res,{code:'',msg:''});
-});
-router.post('/addUser', csp.checkAuth, function(req,res) {
- dbRoutes.addUser(req,res, {code:'', msg:''} );
-});
//router.post('/upload', csp.checkAuth, function(req, res, next){
diff --git a/admportal/server/router/routes/vnf.js b/admportal/server/router/routes/vnf.js
index be004fe2..99bb3a7d 100644
--- a/admportal/server/router/routes/vnf.js
+++ b/admportal/server/router/routes/vnf.js
@@ -21,12 +21,15 @@ var finalJson={};
var platform;
var req, res;
var preloadVersion; // 1607, 1610, etc...
+var proc_error=false;
+var filename;
puts = helpers.puts;
putd = helpers.putd;
vnf.go = function(lreq,lres,cb,dir){
puts("Processing VNF workbook");
+ proc_error=false;
req = lreq;
res = lres;
callback = cb;
@@ -51,7 +54,8 @@ function doGeneral() {
helpers.readCsv(indir, newFileName, gotGeneral);
}
else {
- callback(csvFilename + ' file is missing from upload.');
+ puts('General.csv file is missing from upload.');
+ proc_error=true;
}
}
@@ -59,6 +63,7 @@ function gotGeneral(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('General.csv file is missing from upload.');
return;
}
@@ -79,14 +84,17 @@ function doAvailZones() {
helpers.readCsv(indir, newFileName, gotAvailZones);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotAvailZones(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Availability-zones.csv file is missing from upload.');
return;
}
@@ -110,14 +118,17 @@ function doNetworks() {
helpers.readCsv(indir, newFileName, gotNetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotNetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Networks.csv file is missing from upload.');
return;
}
@@ -142,14 +153,17 @@ function doVMs() {
helpers.readCsv(indir, newFileName, gotVMs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VMs.csv file is missing from upload.');
return;
}
@@ -174,14 +188,17 @@ function doVMnetworks() {
helpers.readCsv(indir, newFileName, gotVMnetworks);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworks(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-networks.csv file is missing from upload.');
return;
}
@@ -206,14 +223,17 @@ function doVMnetworkIPs() {
helpers.readCsv(indir, newFileName, gotVMnetworkIPs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkIPs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-IPs.csv file is missing from upload.');
return;
}
@@ -238,14 +258,17 @@ function doVMnetworkMACs() {
helpers.readCsv(indir, newFileName, gotVMnetworkMACs);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotVMnetworkMACs(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('VM-network-MACs.csv file is missing from upload.');
return;
}
@@ -270,14 +293,17 @@ function doTagValues() {
helpers.readCsv(indir, newFileName, gotTagValues);
}
else {
+ proc_error=true;
callback(csvFilename + ' file is missing from upload.');
}
+ return;
}
function gotTagValues(err, jsonObj) {
if (err) {
puts("\nError!");
putd(err);
+ proc_error=true;
callback('Tag-values.csv file is missing from upload.');
return;
}
@@ -315,6 +341,21 @@ function processJson() {
processVMs();
processTagValues();
assembleJson();
+ outputJson();
+
+ puts('proc_error=');
+ putd(proc_error);
+ if ( proc_error ){
+ puts('callback with failure');
+ callback('Error was encountered processing upload.');
+ return;
+ }
+ else
+ {
+ puts('callback with success');
+ callback(null, finalJson, filename);
+ return;
+ }
}
// ASSEMBLE AND OUTPUT RESULTS
@@ -350,7 +391,7 @@ function assembleJson() {
finalJson = {"input": vnfInput};
- outputJson();
+ //outputJson();
}
function outputJson() {
@@ -359,7 +400,7 @@ function outputJson() {
puts(JSON.stringify(finalJson,null,2));
puts("\n");
puts("\n");
- var unixTime, fullpath_filename, filename;
+ var unixTime, fullpath_filename;
unixTime = moment().unix();
if (platform=='portal') {
fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".vnf_worksheet.json";
@@ -368,8 +409,8 @@ function outputJson() {
fullpath_filename = "./output.json."+unixTime;
filename = "output.json." + unixTime;
}
- helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
- callback(null, finalJson, filename);
+ //helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);
+ //callback(null, finalJson, filename);
}