X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fhtml_out.py;h=316e15b41489d833811a731bc4b5a84dc0b07ef5;hp=f6f92d98f5e82a724645aca67b8cc3266b0ee3e6;hb=341ac1bac7b115d64a50ec166aa5e6d186b39443;hpb=c94c3df90aa64298a7935a80b221f80f3c043260;ds=sidebyside

diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py
index f6f92d9..316e15b 100644
--- a/osm_nbi/html_out.py
+++ b/osm_nbi/html_out.py
@@ -1,9 +1,23 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 """
 Contains html text in variables to make and html response
 """
 
 import yaml
 from http import HTTPStatus
+from html import escape as html_escape
 
 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
 
@@ -12,20 +26,31 @@ html_start = """
 <html>
 <head>
   <link href="/osm/static/style.css" rel="stylesheet">
-<title>Welcome to OSM</title>
+  <title>Welcome to OSM</title>
+  <link rel="shortcut icon" href="/osm/static/favicon.ico">
 </head>
 <body>
   <div id="osm_topmenu">
     <div>
-      <a href="https://osm.etsi.org"> <img src="/osm/static/OSM-logo.png" height="42" width="100" style="vertical-align:middle"> </a>
+      <a href="https://osm.etsi.org"> <img src="/osm/static/OSM-logo.png" height="42" width="100"
+        style="vertical-align:middle"> </a>
       <a>( {} )</a>
+      <a href="/osm/pdu/v1/pdu_descriptors">PDUs </a>
       <a href="/osm/vnfpkgm/v1/vnf_packages">VNFDs </a>
       <a href="/osm/nsd/v1/ns_descriptors">NSDs </a>
       <a href="/osm/nslcm/v1/ns_instances">NSs </a>
-      <a href="/osm/user/v1">USERs </a>
-      <a href="/osm/project/v1">PROJECTs </a>
-      <a href="/osm/token/v1">TOKENs </a>
-      <a href="/osm/token/v1?METHOD=DELETE">logout </a>
+      <a href="/osm/nst/v1/netslice_templates">NSTDs </a>
+      <a href="/osm/nsilcm/v1/netslice_instances">NSIs </a>
+      <a href="/osm/admin/v1/users">USERs </a>
+      <a href="/osm/admin/v1/projects">PROJECTs </a>
+      <a href="/osm/admin/v1/tokens">TOKENs </a>
+      <a href="/osm/admin/v1/vim_accounts">VIMs </a>
+      <a href="/osm/admin/v1/wim_accounts">WIMs </a>
+      <a href="/osm/admin/v1/sdns">SDNs </a>
+      <a href="/osm/admin/v1/k8sclusters">K8s_clusters </a>
+      <a href="/osm/admin/v1/k8srepos">K8s_repos </a>
+      <a href="/osm/nslcm/v1/subscriptions">NS_Subs </a>
+      <a href="/osm/admin/v1/tokens?METHOD=DELETE">logout </a>
     </div>
   </div>
 """
@@ -36,19 +61,19 @@ html_body = """
 
 html_end = """
 </body>
-</html> 
+</html>
 """
 
 html_body_error = "<h2> Error <pre>{}</pre> </h2>"
 
 
-
 html_auth2 = """
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <link href="/osm/static/style.css" rel="stylesheet">
   <title>OSM Login</title>
+  <link rel="shortcut icon" href="/osm/static/favicon.ico">
 </head>
 <body>
   <div id="osm_header">
@@ -61,7 +86,7 @@ html_auth2 = """
   </div>
   <div class="gerritBody" id="osm_body">
     <h1>Sign in to OSM</h1>
-    <form action="/osm/token/v1" id="login_form" method="POST">
+    <form action="/osm/admin/v1/tokens" id="login_form" method="POST">
       <table style="border: 0;">
         <tr><th>Username</th><td><input id="f_user" name="username" size="25" tabindex="1" type="text"></td></tr>
         <tr><th>Password</th><td><input id="f_pass" name="password" size="25" tabindex="2" type="password"></td></tr>
@@ -88,8 +113,30 @@ html_upload_body = """
 </form>
 """
 
+html_nslcmop_body = """
+<a href="/osm/nslcm/v1/ns_lcm_op_occs?nsInstanceId={id}">nslcm operations </a>
+<a href="/osm/nslcm/v1/vnf_instances?nsr-id-ref={id}">VNFRS </a>
+<form action="/osm/nslcm/v1/ns_instances/{id}/terminate" method="post" enctype="multipart/form-data">
+    <h3> <table style="border: 0;"> <tr>
+        <td> <input type="submit" value="Terminate"/> </td>
+    </tr> </table> </h3>
+</form>
+"""
+
+html_nsilcmop_body = """
+<a href="/osm/nsilcm/v1/nsi_lcm_op_occs?netsliceInstanceId={id}">nsilcm operations </a>
+<form action="/osm/nsilcm/v1/netslice_instances/{id}/terminate" method="post" enctype="multipart/form-data">
+    <h3> <table style="border: 0;"> <tr>
+        <td> <input type="submit" value="Terminate"/> </td>
+    </tr> </table> </h3>
+</form>
+"""
 
-def format(data, request, response, session):
+html_vnfpackage_body = """<a href="/osm/vnfpkgm/v1/vnf_packages/{id}/artifacts">Artifacts </a>"""
+html_nspackage_body = """<a href="/osm/nsd/v1/ns_descriptors/{id}/artifacts">Artifacts </a>"""
+
+
+def format(data, request, response, toke_info):
     """
     Format a nice html response, depending on the data
     :param data:
@@ -104,34 +151,60 @@ def format(data, request, response, session):
             return
         else:
             return html_auth2.format(error=data)
-    body = html_body.format(item=request.path_info)
+    if request.path_info in ("/version", "/system"):
+        return "<pre>" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "</pre>"
+    body = html_body.format(item=html_escape(request.path_info))
     if response.status and response.status > 202:
-        body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))
+        # input request.path_info (URL) can contain XSS that are translated into output error detail
+        body += html_body_error.format(html_escape(
+            yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)))
     elif isinstance(data, (list, tuple)):
         if request.path_info == "/vnfpkgm/v1/vnf_packages":
-            body += html_upload_body.format("VNFD", request.path_info)
+            body += html_upload_body.format(request.path_info + "_content", "VNFD")
         elif request.path_info == "/nsd/v1/ns_descriptors":
-            body += html_upload_body.format("NSD", request.path_info)
+            body += html_upload_body.format(request.path_info + "_content", "NSD")
+        elif request.path_info == "/nst/v1/nst_templates":
+            body += html_upload_body.format(request.path_info + "_content", "NSTD")
         for k in data:
-            data_id = k.pop("_id", None)
-            body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(url=request.path_info, id=data_id, t=k)
+            if isinstance(k, dict):
+                data_id = k.pop("_id", None)
+            elif isinstance(k, str):
+                data_id = k
+            body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(url=request.path_info, id=data_id,
+                                                                              t=html_escape(str(k)))
     elif isinstance(data, dict):
         if "Location" in response.headers:
             body += '<a href="{}"> show </a>'.format(response.headers["Location"])
         else:
-            body += '<a href="/osm/{}?METHOD=DELETE"> <img src="/osm/static/delete.png" height="25" width="25"> </a>'.format(request.path_info)
-        body += "<pre>" + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) + "</pre>"
+            _id = request.path_info[request.path_info.rfind("/")+1:]
+            body += '<a href="/osm/{}?METHOD=DELETE"> <img src="/osm/static/delete.png" height="25" width="25"> </a>'\
+                .format(request.path_info)
+            if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \
+                    request.path_info.startswith("/nslcm/v1/ns_instances/"):
+                body += html_nslcmop_body.format(id=_id)
+            elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \
+                    request.path_info.startswith("/nsilcm/v1/netslice_instances/"):
+                body += html_nsilcmop_body.format(id=_id)
+            elif request.path_info.startswith("/vnfpkgm/v1/vnf_packages/") or \
+                    request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"):
+                body += html_vnfpackage_body.format(id=_id)
+            elif request.path_info.startswith("/nsd/v1/ns_descriptors/") or \
+                    request.path_info.startswith("/nsd/v1/ns_descriptors_content/"):
+                body += html_nspackage_body.format(id=_id)
+        body += "<pre>" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
+                "</pre>"
+    elif data is None:
+        if request.method == "DELETE" or "METHOD=DELETE" in request.query_string:
+            body += "<pre> deleted </pre>"
     else:
-        body = str(data)
+        body = html_escape(str(data))
     user_text = "    "
-    if session:
-        if session.get("username"):
-            user_text += "user: {}".format(session.get("username"))
-        if session.get("project_id"):
-            user_text += ", project: {}".format(session.get("project_id"))
+    if toke_info:
+        if toke_info.get("username"):
+            user_text += "user: {}".format(toke_info.get("username"))
+        if toke_info.get("project_id"):
+            user_text += ", project: {}".format(toke_info.get("project_name"))
     return html_start.format(user_text) + body + html_end
-    #yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)
+    # yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)
     # tags=False,
     # encoding='utf-8', allow_unicode=True)
-
-