Sean Condon | 98b6ddb | 2019-12-24 08:07:40 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015-present Open Networking Foundation |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package org.onosproject.ui.impl.gui2; |
| 17 | |
| 18 | import com.fasterxml.jackson.databind.node.ObjectNode; |
| 19 | import com.google.common.collect.ImmutableList; |
| 20 | import com.google.common.collect.ImmutableList.Builder; |
| 21 | import org.onlab.osgi.ServiceNotFoundException; |
| 22 | import org.onosproject.rest.AbstractInjectionResource; |
| 23 | import org.onosproject.ui.UiExtensionService; |
| 24 | import org.onosproject.ui.UiPreferencesService; |
| 25 | import org.onosproject.ui.UiSessionToken; |
| 26 | import org.onosproject.ui.UiTokenService; |
| 27 | |
| 28 | import javax.ws.rs.GET; |
| 29 | import javax.ws.rs.Path; |
| 30 | import javax.ws.rs.Produces; |
| 31 | import javax.ws.rs.core.Context; |
| 32 | import javax.ws.rs.core.MediaType; |
| 33 | import javax.ws.rs.core.Response; |
| 34 | import javax.ws.rs.core.SecurityContext; |
| 35 | import java.io.ByteArrayInputStream; |
| 36 | import java.io.IOException; |
| 37 | import java.io.InputStream; |
| 38 | import java.io.SequenceInputStream; |
| 39 | import java.net.URI; |
| 40 | |
| 41 | import static com.google.common.collect.ImmutableList.of; |
| 42 | import static com.google.common.io.ByteStreams.toByteArray; |
| 43 | |
| 44 | /** |
| 45 | * Resource for serving the dynamically composed index.html for GUI2. |
| 46 | */ |
| 47 | @Path("/") |
| 48 | public class MainIndexResource extends AbstractInjectionResource { |
| 49 | |
| 50 | private static final String INDEX_REDIRECT = "/onos/ui/index.html"; |
| 51 | |
| 52 | private static final String INDEX = "index.html"; |
| 53 | private static final String NOT_READY = "not-ready.html"; |
| 54 | |
Lakshya Thakur | f111f57 | 2020-11-27 23:42:51 +0530 | [diff] [blame] | 55 | private static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; |
| 56 | private static final String FRAME_ANCESTORS_NONE = "frame-ancestors 'none'"; |
| 57 | |
Sean Condon | 98b6ddb | 2019-12-24 08:07:40 +0000 | [diff] [blame] | 58 | private static final String INJECT_USER_START = "<!-- {INJECTED-USER-START} -->"; |
| 59 | private static final String INJECT_USER_END = "<!-- {INJECTED-USER-END} -->"; |
| 60 | |
| 61 | private static final byte[] SCRIPT_START = "\n<script>\n".getBytes(); |
| 62 | private static final byte[] SCRIPT_END = "</script>\n\n".getBytes(); |
| 63 | |
| 64 | @Context |
| 65 | private SecurityContext ctx; |
| 66 | |
| 67 | @GET |
| 68 | @Produces(MediaType.TEXT_HTML) |
| 69 | public Response getMainIndexRedirect() throws IOException { |
| 70 | if (ctx == null || ctx.getUserPrincipal() == null) { |
| 71 | return Response.temporaryRedirect(URI.create(INDEX_REDIRECT)).build(); |
| 72 | } |
| 73 | return getMainIndex(); |
| 74 | } |
| 75 | |
| 76 | @GET |
| 77 | @Produces(MediaType.TEXT_HTML) |
| 78 | @Path("/index.html") |
| 79 | public Response getMainIndex() throws IOException { |
| 80 | ClassLoader classLoader = getClass().getClassLoader(); |
| 81 | UiExtensionService service; |
| 82 | UiTokenService tokens; |
| 83 | |
| 84 | try { |
| 85 | service = get(UiExtensionService.class); |
| 86 | tokens = get(UiTokenService.class); |
| 87 | |
| 88 | } catch (ServiceNotFoundException e) { |
| 89 | return Response.ok(classLoader.getResourceAsStream(NOT_READY)).build(); |
| 90 | } |
| 91 | |
| 92 | InputStream indexTemplate = classLoader.getResourceAsStream(INDEX); |
| 93 | String index = new String(toByteArray(indexTemplate)); |
| 94 | |
| 95 | int p0s = split(index, 0, INJECT_USER_START) - INJECT_USER_START.length(); |
| 96 | int p0e = split(index, p0s, INJECT_USER_END); |
| 97 | int p3s = split(index, p0e, null); |
| 98 | |
| 99 | |
| 100 | // FIXME: use global opaque auth token to allow secure failover |
| 101 | |
| 102 | // for now, just use the user principal name... |
| 103 | String userName = ctx.getUserPrincipal().getName(); |
| 104 | |
| 105 | // get a session token to use for UI-web-socket authentication |
| 106 | UiSessionToken token = tokens.issueToken(userName); |
| 107 | |
| 108 | String auth = "var onosUser='" + userName + "',\n" + |
| 109 | " onosAuth='" + token + "';\n"; |
| 110 | |
| 111 | StreamEnumeration streams = |
| 112 | new StreamEnumeration(of(stream(index, 0, p0s), |
| 113 | new ByteArrayInputStream(SCRIPT_START), |
| 114 | stream(auth, 0, auth.length()), |
| 115 | userPreferences(userName), |
| 116 | userConsoleLog(userName), |
| 117 | new ByteArrayInputStream(SCRIPT_END), |
| 118 | stream(index, p0e, p3s))); |
| 119 | |
Lakshya Thakur | f111f57 | 2020-11-27 23:42:51 +0530 | [diff] [blame] | 120 | return Response.ok(new SequenceInputStream(streams)) |
| 121 | .header(CONTENT_SECURITY_POLICY, FRAME_ANCESTORS_NONE) |
| 122 | .build(); |
Sean Condon | 98b6ddb | 2019-12-24 08:07:40 +0000 | [diff] [blame] | 123 | } |
| 124 | |
| 125 | private InputStream userConsoleLog(String userName) { |
| 126 | String code = "console.log('Logging in as user >" + userName + "<');\n"; |
| 127 | return new ByteArrayInputStream(code.getBytes()); |
| 128 | } |
| 129 | |
| 130 | // Produces an input stream including user preferences. |
| 131 | private InputStream userPreferences(String userName) { |
| 132 | UiPreferencesService service = get(UiPreferencesService.class); |
| 133 | ObjectNode prefs = mapper().createObjectNode(); |
| 134 | service.getPreferences(userName).forEach(prefs::set); |
| 135 | String string = "var userPrefs = " + prefs.toString() + ";\n"; |
| 136 | return new ByteArrayInputStream(string.getBytes()); |
| 137 | } |
| 138 | |
| 139 | private static final String NL = String.format("%n"); |
| 140 | private static final byte[] NL_BYTES = NL.getBytes(); |
| 141 | } |