diff options
| author | Pliable Pixels <pliablepixels@gmail.com> | 2018-09-28 14:29:43 -0400 |
|---|---|---|
| committer | Pliable Pixels <pliablepixels@gmail.com> | 2018-09-28 14:29:43 -0400 |
| commit | ebe04f8fc791413131c37425998be5be4a2ef538 (patch) | |
| tree | a8f6e6a15c9e3125f20e9081c59755911a8253bb | |
| parent | d8fea09d65e5207ef8c4fafcddd5fc74a7f7be00 (diff) | |
#709 dont escape urls in caller, incorporate cordova http ssl and basic auth checks
| -rwxr-xr-x | build_android.sh | 2 | ||||
| -rw-r--r-- | config.xml | 1 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | www/js/DataModel.js | 24 | ||||
| -rw-r--r-- | www/js/EventCtrl.js | 8 | ||||
| -rw-r--r-- | www/js/LoginCtrl.js | 21 | ||||
| -rw-r--r-- | www/js/MenuController.js | 31 | ||||
| -rw-r--r-- | www/js/NewsCtrl.js | 12 | ||||
| -rwxr-xr-x | www/js/app.js | 169 | ||||
| -rw-r--r-- | www/templates/events.html | 7 |
10 files changed, 117 insertions, 160 deletions
diff --git a/build_android.sh b/build_android.sh index 4deac966..f310e887 100755 --- a/build_android.sh +++ b/build_android.sh @@ -33,7 +33,7 @@ fi echo "----------> Only building native. Not building crosswalk anymore due to compatibility issues <----------------------" BUILD_MODE="native" -ionic cordova plugin remove cordova-plugin-ionic-webview 2>/dev/null +#ionic cordova plugin remove cordova-plugin-ionic-webview 2>/dev/null ############ Crosswalk build #################################### if [ "$BUILD_MODE" = "xwalk" ] || [ "$BUILD_MODE" = "all" ]; then @@ -163,7 +163,6 @@ <plugin name="cordova-plugin-ionic-webview" spec="^2.1.4"> <variable name="ANDROID_SUPPORT_ANNOTATIONS_VERSION" value="27.+" /> </plugin> - <plugin name="cordova-plugin-certificates" spec="^0.6.4" /> <plugin name="cordova-plugin-advanced-http" spec="^2.0.1" /> <engine name="android" spec="^6.4.0" /> <engine name="ios" spec="~4.5.5" /> diff --git a/package.json b/package.json index cd735462..891ce164 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,6 @@ "cordova-plugin-ionic-webview": { "ANDROID_SUPPORT_ANNOTATIONS_VERSION": "27.+" }, - "cordova-plugin-certificates": {}, "cordova-plugin-advanced-http": {} } }, @@ -72,7 +71,6 @@ "cordova-plugin-android-permissions": "^1.0.0", "cordova-plugin-app-version": "^0.1.9", "cordova-plugin-canvas2image-pp-fork": "^0.6.0", - "cordova-plugin-certificates": "^0.6.4", "cordova-plugin-cloud-settings": "^1.0.4", "cordova-plugin-customurlscheme": "^4.3.0", "cordova-plugin-device": "^2.0.1", diff --git a/www/js/DataModel.js b/www/js/DataModel.js index a92b5453..eeaf2f53 100644 --- a/www/js/DataModel.js +++ b/www/js/DataModel.js @@ -202,18 +202,27 @@ angular.module('zmApp.controllers') * * @returns */ - function setSSLCerts() { - if (!window.cordova) return; + function setCordovaHttpOptions() { + + if (loginData.isUseBasicAuth) { + debug ("Cordova HTTP: configuring basic auth"); + cordova.plugin.http.useBasicAuth(loginData.basicAuthUser, loginData.basicAuthPassword); + } + if (!loginData.enableStrictSSL) { //alert("Enabling insecure SSL"); log(">>>> Disabling strict SSL checking (turn off in Dev Options if you can't connect)"); - cordova.plugins.certificates.trustUnsecureCerts(true); + cordova.plugin.http.setSSLCertMode('nocheck', function() { + debug('--> SSL is permissive, will allow any certs. Use at your own risk.'); + }, function() { + console.log('-->Error setting SSL permissive'); + }); } else { log(">>>> Enabling strict SSL checking (turn off in Dev Options if you can't connect)"); - cordova.plugins.certificates.trustUnsecureCerts(false); + } } @@ -1444,10 +1453,9 @@ angular.module('zmApp.controllers') log("defaultServer configuration NOT found. Keeping login at defaults"); } - //console.log ("LOGS="+JSON.stringify(loginData.enableLogs)); - // now set up SSL - need to do it after data return + // from local forage - setSSLCerts(); + if (window.cordova) setCordovaHttpOptions(); // FIXME: HACK: This is the latest entry point into dataModel init, so start portal login after this @@ -2871,7 +2879,7 @@ angular.module('zmApp.controllers') $http.get(loginData.apiurl + '/host/logout.json', { timeout: 7000, transformResponse: undefined, - responseType:'text', + // responseType:'text', }) .then(function (s) { debug("Logout returned... "); diff --git a/www/js/EventCtrl.js b/www/js/EventCtrl.js index 8ce922e3..871285ec 100644 --- a/www/js/EventCtrl.js +++ b/www/js/EventCtrl.js @@ -1761,7 +1761,7 @@ angular.module('zmApp.controllers') var af = "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0); - var apiurl = ld.apiurl + "/events/consoleEvents/1%20hour" + af + ".json"; + var apiurl = ld.apiurl + "/events/consoleEvents/1 hour" + af + ".json"; NVRDataModel.debug("consoleEvents API:" + apiurl); $http.get(apiurl) @@ -1798,7 +1798,7 @@ angular.module('zmApp.controllers') } }); - apiurl = ld.apiurl + "/events/consoleEvents/1%20day" + af + ".json"; + apiurl = ld.apiurl + "/events/consoleEvents/1 day" + af + ".json"; NVRDataModel.debug("consoleEvents API:" + apiurl); $http.get(apiurl) .then(function (data) { @@ -1831,7 +1831,7 @@ angular.module('zmApp.controllers') } }); - apiurl = ld.apiurl + "/events/consoleEvents/1%20week" + af + ".json"; + apiurl = ld.apiurl + "/events/consoleEvents/1 week" + af + ".json"; NVRDataModel.debug("consoleEvents API:" + apiurl); $http.get(apiurl) .then(function (data) { @@ -1865,7 +1865,7 @@ angular.module('zmApp.controllers') } }); - apiurl = ld.apiurl + "/events/consoleEvents/1%20month" + af + ".json"; + apiurl = ld.apiurl + "/events/consoleEvents/1 month" + af + ".json"; NVRDataModel.debug("consoleEvents API:" + apiurl); $http.get(apiurl) .then(function (data) { diff --git a/www/js/LoginCtrl.js b/www/js/LoginCtrl.js index d7548258..fc63ff06 100644 --- a/www/js/LoginCtrl.js +++ b/www/js/LoginCtrl.js @@ -582,6 +582,27 @@ angular.module('zmApp.controllers').controller('zmApp.LoginCtrl', ['$scope', '$r if ($rootScope.platformOS != 'desktop') { + if ($scope.loginData.isUseBasicAuth) { + debug ("Cordova HTTP: configuring basic auth"); + cordova.plugin.http.useBasicAuth($scope.loginData.basicAuthUser, $scope.loginData.basicAuthPassword); + } + + if (!$scope.loginData.enableStrictSSL) { + + //alert("Enabling insecure SSL"); + log(">>>> Disabling strict SSL checking (turn off in Dev Options if you can't connect)"); + cordova.plugin.http.setSSLCertMode('nocheck', function() { + debug('--> SSL is permissive, will allow any certs. Use at your own risk.'); + }, function() { + console.log('-->Error setting SSL permissive'); + }); + + } else { + + log(">>>> Enabling strict SSL checking (turn off in Dev Options if you can't connect)"); + + } + if ($scope.loginData.saveToCloud) { NVRDataModel.debug ("writing data to cloud"); diff --git a/www/js/MenuController.js b/www/js/MenuController.js index 8de4aeb3..1ab7a6fa 100644 --- a/www/js/MenuController.js +++ b/www/js/MenuController.js @@ -2,14 +2,14 @@ /* jslint browser: true*/ /* global cordova,StatusBar,angular,console */ -angular.module('zmApp.controllers').controller('MenuController', ['$scope', '$ionicSideMenuDelegate', 'zm', '$stateParams', '$ionicHistory', '$state', 'NVRDataModel', '$rootScope', '$ionicPopup', '$translate', '$timeout', '$location','EventServer', 'zmAutoLogin','$http',function ($scope, $ionicSideMenuDelegate, zm, $stateParams, $ionicHistory, $state, NVRDataModel, $rootScope, $ionicPopup, $translate, $timeout, $location, EventServer, zmAutoLogin, $http) { +angular.module('zmApp.controllers').controller('MenuController', ['$scope', '$ionicSideMenuDelegate', 'zm', '$stateParams', '$ionicHistory', '$state', 'NVRDataModel', '$rootScope', '$ionicPopup', '$translate', '$timeout', '$location','EventServer', 'zmAutoLogin','$http','SecuredPopups',function ($scope, $ionicSideMenuDelegate, zm, $stateParams, $ionicHistory, $state, NVRDataModel, $rootScope, $ionicPopup, $translate, $timeout, $location, EventServer, zmAutoLogin, $http, SecuredPopups) { $scope.openMenu = function () { $ionicSideMenuDelegate.toggleLeft(); }; //---------------------------------------------------------------- // This controller sits along with the main app to bring up - // the language menu from the main menu + // the language menu from the main //---------------------------------------------------------------- @@ -83,6 +83,33 @@ angular.module('zmApp.controllers').controller('MenuController', ['$scope', '$io } + + if (window.cordova) { + + if (loginData.isUseBasicAuth) { + NVRDataModel.debug ("Cordova HTTP: configuring basic auth"); + cordova.plugin.http.useBasicAuth(loginData.basicAuthUser, loginData.basicAuthPassword); + } + + if (loginData.enableStrictSSL) { + + //alert("Enabling insecure SSL"); + NVRDataModel.log(">>>> Disabling strict SSL checking (turn off in Dev Options if you can't connect)"); + cordova.plugin.http.setSSLCertMode('nocheck', function() { + NVRDataModel.debug('--> SSL is permissive, will allow any certs. Use at your own risk.'); + }, function() { + console.log('-->Error setting SSL permissive'); + }); + + } else { + + NVRDataModel.log(">>>> Enabling strict SSL checking (turn off in Dev Options if you can't connect)"); + + } + + } + + if (loginData.isUseEventServer) { EventServer.init(); if ($rootScope.apnsToken && loginData.disablePush != true) { diff --git a/www/js/NewsCtrl.js b/www/js/NewsCtrl.js index f18722d9..55712753 100644 --- a/www/js/NewsCtrl.js +++ b/www/js/NewsCtrl.js @@ -87,16 +87,10 @@ angular.module('zmApp.controllers').controller('zmApp.NewsCtrl', ['$scope', '$ro $scope.newsItems = []; - $http.get(zm.blogUrl/*, { - transformResponse: function (d, h) { - var trunc = "])}while(1);</x>"; - d = d.substr(trunc.length); - return d; - } - }*/) + $http.get(zm.blogUrl, { + responseType:'text' + }) .then(function (datastr) { - - datastr = datastr.data; var trunc = "])}while(1);</x>"; datastr= datastr.substr(trunc.length); diff --git a/www/js/app.js b/www/js/app.js index dfcade8f..1d12b353 100755 --- a/www/js/app.js +++ b/www/js/app.js @@ -785,16 +785,16 @@ angular.module('zmApp', [ NVRDataModel.log("Checking for news updates"); $http.get(zm.blogUrl, { - transformResponse: function (d, h) { - var trunc = "])}while(1);</x>"; - if (d) { - d = d.substr(trunc.length); - } - return d; - } + responseType:'text', + transformResponse:undefined }) .then(function (datastr) { + // again, for cordova-http + + datastr = datastr.data; + var trunc = "])}while(1);</x>"; + datastr = datastr.substr(trunc.length); var data = JSON.parse(datastr); $rootScope.newBlogPost = ""; @@ -2260,100 +2260,81 @@ angular.module('zmApp', [ }]); + // Wraps around $http that switches between browser XHR + // or cordova-advanced-http based on if cordova is available + // credits: + // a) https://www.exratione.com/2013/08/angularjs-wrapping-http-for-fun-and-profit/ + // b) https://gist.github.com/adamreisnz/354364e2a58786e2be71 + $provide.decorator('$http', ['$delegate', '$q', function($delegate, $q) { // create function which overrides $http function var $http = $delegate; var wrapper = function () { - - - var url; var method; url = arguments[0].url; method = arguments[0].method; - - - - console.log ("+++++ IN WRAPPER WITH "+method+" for "+url); - var isOutgoingRequest = /^(http|https):\/\//.test(url); - - if (window.cordova && isOutgoingRequest) { - console.log ("**** -->"+method+"<-- using native HTTP with:"+url); - console.log ("ARGUMENTS="+JSON.stringify(arguments)); + console.log ("**** -->"+method+"<-- using native HTTP with:"+encodeURI(url)); var d = $q.defer(); - var options = { method: method, data: arguments[0].data, headers: arguments[0].headers, timeout: arguments[0].timeout, responseType: arguments[0].responseType - }; - /* RGUMENTS={"0":{"method":"POST","timeout":7000,"url":"8889/zm/index.php","headers":{"Content-Type":"application/x-www-form-urlencoded","Accept":"application/json"},"data":{"action":"logout","view":"login"}}}*/ - cordova.plugin.http.sendRequest(encodeURI(url),options, function (succ) { - console.log ("*** Inside native HTTP success with:"+JSON.stringify(succ)); - - try { - - - if (options.responseType =='text') - d.resolve({"data":succ.data}); - else - d.resolve({"data":JSON.parse(succ.data)}); - return d.promise; - - } - catch (e) { + // automatic JSON parse if no responseType: text + // fall back to text if JSON parse fails too + if (options.responseType =='text') { + // don't parse into JSON d.resolve({"data":succ.data}); return d.promise; } - + else { + try { + d.resolve({"data":JSON.parse(succ.data)}); + return d.promise; + } + catch (e) { + + console.log ("*** Native HTTP response: JSON parsing failed for "+url+", returning text"); + d.resolve({"data":succ.data}); + return d.promise; + } + + } }, function (err) { - console.log ("*** Inside native HTTP error"); + console.log ("*** Inside native HTTP error: "+JSON.stringify(err)); d.reject(err); return d.promise; }); return d.promise; } - else { + else { // not cordova, so lets go back to default http console.log ("**** "+method+" using XHR HTTP for "+url); return $http.apply($http, arguments); } - }; - Object.keys($http).forEach( function (key) { - - console.log ("----> "+key+" IS "+typeof($http[key])); - }); - - - + // wrap around all HTTP methods Object.keys($http).filter(function (key) { return (typeof $http[key] === 'function'); }).forEach(function (key) { wrapper[key] = function () { - - // Apply global changes to arguments, or perform other - // nefarious acts. - - // console.log ("KEY="+key); - return $http[key].apply($http, arguments); }; }); - console.log ("*** WRAPPING EASY"); + // wrap convenience functions $delegate.get = function (url,config) { return wrapper(angular.extend(config || {}, { @@ -2362,97 +2343,23 @@ angular.module('zmApp', [ })); }; - $delegate.post = function (url,config) { + $delegate.post = function (url,data,config) { return wrapper(angular.extend(config || {}, { method: 'post', - url: url + url: url, + data:data })); }; $delegate.delete = function (url,config) { - return wrapper(angular.extend(config || {}, { method: 'delete', url: url })); }; - return wrapper; - -/* - $delegate.post = function(args) { - var isOutgoingRequest = /^(http|https):\/\//.test(args); - - if (window.cordova && isOutgoingRequest) { - console.log ("**** POST using native HTTP2 with:"+args); - console.log ("POST ARGUMENTS="+JSON.stringify(arguments)); - var d = $q.defer(); - - var options = { - method: 'post', - - }; - - cordova.plugin.http.sendRequest(args,options, - function (succ) { - console.log ("*** POST Inside native HTTP success"); - - d.resolve({"data":JSON.parse(succ.data)}); - return d.promise; - }, - function (err) { - console.log ("*** POST Inside native HTTP error"); - d.reject(err); - return d.promise; - }); - return d.promise; - - } - else { - console.log ("**** POST using XHR HTTP with "+args); - return originalPost.apply(this, arguments); - } - - }; - - $delegate.get = function(args) { - var isOutgoingRequest = /^(http|https):\/\//.test(args); - if (window.cordova && isOutgoingRequest) { - console.log ("**** using native HTTP2 with:"+args); - console.log ("ARGUMENTS="+JSON.stringify(arguments)); - var d = $q.defer(); - - var options = { - method: 'get', - - }; - - cordova.plugin.http.sendRequest(args,options, - function (succ) { - console.log ("*** GET Inside native HTTP success"); - - d.resolve({"data":JSON.parse(succ.data)}); - return d.promise; - }, - function (err) { - console.log ("*** GET Inside native HTTP error"); - d.reject(err); - return d.promise; - }); - return d.promise; - - } - else { - console.log ("**** GET using XHR HTTP with:"+args); - return originalGet.apply(this, arguments); - } - - }; - - return $delegate; - */ }]); // If you do this, Allow Origin can't be * diff --git a/www/templates/events.html b/www/templates/events.html index 291762a4..66291c55 100644 --- a/www/templates/events.html +++ b/www/templates/events.html @@ -100,8 +100,11 @@ <div align="right" class="col col-40" ng-if="loginData.enableThumbs" > - <img ng-image-appear no-loader transition-duration="0.3s" animation="fillIn" bg-color="#6C7A89" ng-src="{{constructThumbnail(event)}}" - on-tap="closeIfOpen(event);openModalWithSnapshot(event)" width="{{event.Event.thumbWidth}}px" height="{{event.Event.thumbHeight}}px" /> + + <img ng-image-appear no-loader transition-duration="0.3s" animation="fillIn" bg-color="#6C7A89" ng-src="{{constructThumbnail(event)}}" + on-tap="closeIfOpen(event);openModalWithSnapshot(event)" width="{{event.Event.thumbWidth}}px" height="{{event.Event.thumbHeight}}px" /> + + <!--<p>{{event.Event.thumbWidth}}px*{{event.Event.thumbHeight}}px</p>--> |