Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

luci-app-olsr: migrate to JavaScript-based implementation #6445

Merged
merged 1 commit into from
Jul 25, 2023
Merged

luci-app-olsr: migrate to JavaScript-based implementation #6445

merged 1 commit into from
Jul 25, 2023

Conversation

Ayushmanwebdeveloper
Copy link
Contributor

@Ayushmanwebdeveloper Ayushmanwebdeveloper commented Jun 25, 2023
edited
Loading

luci-app-olsrjs.mp4

Hi! I've almost completed the migration of luci-app-olsr to JavaScript. Most of the features are functioning just like they did in the old Lua app. There are only two minor bugs remaining in the status views, which I will make sure to fix soon.

You can review the changes and please provide any suggestions or improvements. Since this is a very large application, I believe there is ample scope for feedback.

During the migration, I implemented a new RPCD and made changes to how plugins and their configurations were handled in the old app. I have implemented plugin configuration using the previous approach used for interfaces.

Most of the work is complete and functional. I am also uploading a screencast for reference. Fixes #5363

Thank you for your time!

@Ayushmanwebdeveloper
Copy link
Contributor Author

Ayushmanwebdeveloper commented Jun 26, 2023
edited
Loading

And one issue is the null that you can see in the screencast in some of the status views, which is actually the hostname that I'm attempting to obtain using hosthints.getHostnameByIPAddr(v.gateway). We're getting the data and hosthints successfully, as can be seen in the screenshot, but it's still returning null, meaning that the hostname not known
LuCI.network.Hosts.getHostnameByIPAddr

It's used in other apps & modules like this.

luci/modules/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/30_wifi.js

Line 205 in fd5440a

name = hosthints.getHostnameByMACAddr(bss.mac);
But I'll attempt to fix it as soon as possible.

image

					network
						.getHostHints()
						.then(function (hosthints) {
							modifiedData = data.map(function (v) {
								if (resolveVal === '1') {
									var hostname = hosthints.getHostnameByIPAddr(v.gateway);

@jow-
Copy link
Contributor

jow- commented Jun 26, 2023

Looks good! You should deal with the empty hostnames by doing something like hostname || '?' when outputting them.

I see you do something like x = '<a href="http://' + v.hostname + '/blah">' + v.hostname + '</a>'; in various places. This will allow for XSS injections if someone broadcasts packets containing forged hostnames into the network. Ideally use LuCI's builtin format function together with the %h and %q placeholder which take care of HTML- and quote-escaping their arguments respectively:

x = '<a href="http://%q/blah">%h</a>'.format(v.hostname, v.hostname);

@Ayushmanwebdeveloper
Copy link
Contributor Author

Ayushmanwebdeveloper commented Jun 26, 2023
edited
Loading

Looks good! You should deal with the empty hostnames by doing something like hostname || '?' when outputting them.

I see you do something like x = '<a href="http://' + v.hostname + '/blah">' + v.hostname + '</a>'; in various places. This will allow for XSS injections if someone broadcasts packets containing forged hostnames into the network. Ideally use LuCI's builtin format function together with the %h and %q placeholder which take care of HTML- and quote-escaping their arguments respectively:

x = '<a href="http://%q/blah">%h</a>'.format(v.hostname, v.hostname);

Okay! Sure, I'll fix it with the format function, and actually, in the old app, hostnames are visible instead of null. Means we've to find a way to get the hostnames. Because in my same VirtualBox OpenWrt, If I use the old Lua app, then all hostnames are visible.This is the only issue left.

@Ayushmanwebdeveloper
Copy link
Contributor Author

Looks good! You should deal with the empty hostnames by doing something like hostname || '?' when outputting them.

I see you do something like x = '<a href="http://' + v.hostname + '/blah">' + v.hostname + '</a>'; in various places. This will allow for XSS injections if someone broadcasts packets containing forged hostnames into the network. Ideally use LuCI's builtin format function together with the %h and %q placeholder which take care of HTML- and quote-escaping their arguments respectively:

x = '<a href="http://%q/blah">%h</a>'.format(v.hostname, v.hostname);

I fixed that for every instance of the hostname.

@Ayushmanwebdeveloper Ayushmanwebdeveloper force-pushed the luci-app-olsr-js-mig branch 4 times, most recently from dc4a59d to 6d65aee Compare July 5, 2023 02:57
@Ayushmanwebdeveloper Ayushmanwebdeveloper marked this pull request as ready for review July 5, 2023 03:02
@Ayushmanwebdeveloper
Copy link
Contributor Author

image
image

Hi! @jow- @aparcar @feckert Now it's ready for review; I fixed all of the bugs, including the Hostname. Everything is functional, and we tested the package for the last 2 weeks and tried to resolve every issue. Could you please review? Thanks

@Ayushmanwebdeveloper
luci-app-olsr: migrate to js
ebd0933 
Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js fix XSS vulnerability

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix minor bugs

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix plugins bugs

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix interfaces bugs

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix interface & snr bugs

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix hostname

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix typo

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix missing files, use rpc for hostnames, remove luci-compat

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js

luci-app-olsr: migrate to js fix menu order

Signed-off-by: Ayushman Tripathi <ayushmantripathi7724@gmail.com>

luci-app-olsr: migrate to js
@andibraeu
Copy link
Contributor

@jow- @aparcar can you please take a look on that PR?

for me it looks good

@jow-
Copy link
Contributor

jow- commented Jul 25, 2023

@andibraeu - I don't have the means to runtime test but if you say it's fine then I'll go ahead and merge it. @Ayushmanwebdeveloper - thanks a lot for your effort!

@jow- jow- merged commit 5d5cf55 into openwrt:master Jul 25, 2023
2 checks passed
@andibraeu
Copy link
Contributor

@jow- is it possible to backport this app to 23.05? I just tested 23.05 and the old app doesn't work anymore there. The new one is working fine

@thuehn
Copy link

thuehn commented Aug 27, 2023
edited
Loading

Hi all,

Just flashing our Freifunk Evernet last nigth with current OpenWrt trunk and Luci we run into the following issue, that might belong to this commit:

after flashing trunk, the LUCI webinterface did only show olsr status - no menu for admin/network & co anymore:

image

After deinstalling luci-app-olsr the Luci webinterface went back to a normal menu:

image

@andibraeu @jow- any hints from the experts ? (seems like something is overloaded by luci-app-olsr)

Greets Bluse

@Ayushmanwebdeveloper
Copy link
Contributor Author

Ayushmanwebdeveloper commented Aug 27, 2023
edited
Loading

Hi all,

Just flashing our Freifunk Evernet last nigth with current OpenWrt trunk and Luci we run into the following issue, that might belong to this commit:

after flashing trunk, the LUCI webinterface did only show olsr status - no menu for admin/network & co anymore:

image After deinstalling luci-app-olsr the Luci webinterface went back to a normal menu: image @andibraeu @jow- any hints from the experts ? (seems like something is overloaded by luci-app-olsr)

Greets Bluse

Hello! We migrated the app such that status views are exposed to the public, which means they can be accessed without authentication.

Particularly in your openwrt theme, you can return to admin by choosing Administration in the bottom right area of the page.

image
image

In the Freifunk or Material theme everything works okay as shown in my screencast.

@thuehn
Copy link

thuehn commented Aug 27, 2023
edited
Loading

Hiho

The button OLSR | ADMINISTRATION is nether on theme material nor on bootstrap visible at the bottom right on our side:

image image

There is no exit to the admin web interface available as long as luci-app-olsr is installed.. ?

Greetz Bluse

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andibraeu andibraeu andibraeu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

luci-app-olsr: port to js
4 participants
@Ayushmanwebdeveloper @jow- @andibraeu @thuehn