e5a1ac0228
Rework the apply confirmation mechanism to be session agnostic in order to circumvent cross domain restrictions which prevent the JS code from issuing apply confirm requests in some cases, e.g. when changing the LAN IP. Confirmation calls may now be done from unauthenticated pages, as long as a matching confirmation token is sent along with the request. The reasoning behind this is that there is little security impact in confirming pending apply sessions, especially since those sessions can only be initiated while being authenticated. After this change, LuCI will now launch a confirmation process on every rendered page when a rollback is pending. The confirmation will happen regardless of whether the user is logged in or not, or if the current page is a CBI form or static template. A confirmation request now also requires a random one-time token which is rendered along with the confirmation JavaScript code in order to succeed. This token is not meant to provide security but to ensure that the confirm was triggered from an interactive browser session and not some background HTTP requests that happened to end up in the admin ui. As a consequence, the different apply/confirm/rollback code paths in CBI maps and the UCI change/revert pages have been consolidated into one common implementation residing in the common global theme agnostic footer template. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
228 lines
8 KiB
HTML
228 lines
8 KiB
HTML
<% export("cbi_apply_widget", function(redirect_ok, rollback_token) -%>
|
|
<style type="text/css">
|
|
#cbi_apply_overlay {
|
|
position: absolute;
|
|
top: 0;
|
|
left: 0;
|
|
bottom: 0;
|
|
right: 0;
|
|
background: rgba(0, 0, 0, 0.7);
|
|
display: none;
|
|
z-index: 20000;
|
|
}
|
|
|
|
#cbi_apply_overlay .alert-message {
|
|
position: relative;
|
|
top: 10%;
|
|
width: 60%;
|
|
margin: auto;
|
|
display: flex;
|
|
flex-wrap: wrap;
|
|
min-height: 32px;
|
|
align-items: center;
|
|
}
|
|
|
|
#cbi_apply_overlay .alert-message > h4,
|
|
#cbi_apply_overlay .alert-message > p,
|
|
#cbi_apply_overlay .alert-message > div {
|
|
flex-basis: 100%;
|
|
}
|
|
|
|
#cbi_apply_overlay .alert-message > img {
|
|
margin-right: 1em;
|
|
flex-basis: 32px;
|
|
}
|
|
|
|
body.apply-overlay-active {
|
|
overflow: hidden;
|
|
height: 100vh;
|
|
}
|
|
|
|
body.apply-overlay-active #cbi_apply_overlay {
|
|
display: block;
|
|
}
|
|
</style>
|
|
|
|
<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-18.138.59467-72fe5dd"></script>
|
|
<script type="text/javascript">//<![CDATA[
|
|
var xhr = new XHR(),
|
|
uci_apply_auth = { sid: '<%=luci.dispatcher.context.authsession%>', token: '<%=token%>' },
|
|
uci_apply_rollback = <%=math.max(luci.config and luci.config.apply and luci.config.apply.rollback or 30, 30)%>,
|
|
uci_apply_holdoff = <%=math.max(luci.config and luci.config.apply and luci.config.apply.holdoff or 4, 1)%>,
|
|
uci_apply_timeout = <%=math.max(luci.config and luci.config.apply and luci.config.apply.timeout or 5, 1)%>,
|
|
uci_apply_display = <%=math.max(luci.config and luci.config.apply and luci.config.apply.display or 1.5, 1)%>,
|
|
uci_confirm_auth = <% if rollback_token then %>{ token: '<%=rollback_token%>' }<% else %>null<% end %>,
|
|
was_xhr_poll_running = false;
|
|
|
|
function uci_status_message(type, content) {
|
|
var overlay = document.getElementById('cbi_apply_overlay') || document.body.appendChild(E('<div id="cbi_apply_overlay"><div class="alert-message"></div></div>')),
|
|
message = overlay.querySelector('.alert-message');
|
|
|
|
if (message && type) {
|
|
if (!message.classList.contains(type)) {
|
|
message.classList.remove('notice');
|
|
message.classList.remove('warning');
|
|
message.classList.add(type);
|
|
}
|
|
|
|
if (content)
|
|
message.innerHTML = content;
|
|
|
|
document.body.classList.add('apply-overlay-active');
|
|
|
|
if (!was_xhr_poll_running) {
|
|
was_xhr_poll_running = XHR.running();
|
|
XHR.halt();
|
|
}
|
|
}
|
|
else {
|
|
document.body.classList.remove('apply-overlay-active');
|
|
|
|
if (was_xhr_poll_running)
|
|
XHR.run();
|
|
}
|
|
}
|
|
|
|
function uci_rollback(checked) {
|
|
if (checked) {
|
|
uci_status_message('warning',
|
|
'<img src="<%=resource%>/icons/loading.gif" alt="" style="vertical-align:middle" /> ' +
|
|
'<%:Failed to confirm apply within %ds, waiting for rollback…%>'.format(uci_apply_rollback));
|
|
|
|
var call = function(r, data, duration) {
|
|
if (r.status === 204) {
|
|
uci_status_message('warning',
|
|
'<h4><%:Configuration has been rolled back!%></h4>' +
|
|
'<p><%:The device could not be reached within %d seconds after applying the pending changes, which caused the configuration to be rolled back for safety reasons. If you believe that the configuration changes are correct nonetheless, perform an unchecked configuration apply. Alternatively, you can dismiss this warning and edit changes before attempting to apply again, or revert all pending changes to keep the currently working configuration state.%></p>'.format(uci_apply_rollback) +
|
|
'<div class="right">' +
|
|
'<input type="button" class="btn" onclick="uci_status_message(false)" value="<%:Dismiss%>" /> ' +
|
|
'<input type="button" class="btn cbi-button-action important" onclick="uci_revert()" value="<%:Revert changes%>" /> ' +
|
|
'<input type="button" class="btn cbi-button-negative important" onclick="uci_apply(false)" value="<%:Apply unchecked%>" />' +
|
|
'</div>');
|
|
|
|
return;
|
|
}
|
|
|
|
var delay = isNaN(duration) ? 0 : Math.max(1000 - duration, 0);
|
|
window.setTimeout(function() {
|
|
xhr.post('<%=url("admin/uci/confirm")%>', uci_apply_auth, call, uci_apply_timeout * 1000);
|
|
}, delay);
|
|
};
|
|
|
|
call({ status: 0 });
|
|
}
|
|
else {
|
|
uci_status_message('warning',
|
|
'<h4><%:Device unreachable!%></h4>' +
|
|
'<p><%:Could not regain access to the device after applying the configuration changes. You might need to reconnect if you modified network related settings such as the IP address or wireless security credentials.%></p>');
|
|
}
|
|
}
|
|
|
|
function uci_confirm(checked, deadline) {
|
|
var tt;
|
|
var ts = Date.now();
|
|
|
|
uci_status_message('notice');
|
|
|
|
var call = function(r, data, duration) {
|
|
if (Date.now() >= deadline) {
|
|
uci_rollback(checked);
|
|
return;
|
|
}
|
|
else if (r && (r.status === 200 || r.status === 204)) {
|
|
var indicator = document.querySelector('.uci_change_indicator');
|
|
if (indicator) indicator.style.display = 'none';
|
|
|
|
uci_status_message('notice', '<%:Configuration has been applied.%>');
|
|
|
|
window.clearTimeout(tt);
|
|
window.setTimeout(function() {
|
|
<% if redirect_ok then -%>
|
|
location.href = decodeURIComponent('<%=luci.util.urlencode(redirect_ok)%>');
|
|
<%- else -%>
|
|
window.location = window.location.href.split('#')[0];
|
|
<% end %>
|
|
}, uci_apply_display * 1000);
|
|
|
|
return;
|
|
}
|
|
|
|
var delay = isNaN(duration) ? 0 : Math.max(1000 - duration, 0);
|
|
window.setTimeout(function() {
|
|
xhr.post('<%=url("admin/uci/confirm")%>', uci_confirm_auth, call, uci_apply_timeout * 1000);
|
|
}, delay);
|
|
};
|
|
|
|
var tick = function() {
|
|
var now = Date.now();
|
|
|
|
uci_status_message('notice',
|
|
'<img src="<%=resource%>/icons/loading.gif" alt="" style="vertical-align:middle" /> ' +
|
|
'<%:Waiting for configuration to get applied… %ds%>'.format(Math.max(Math.floor((deadline - Date.now()) / 1000), 0)));
|
|
|
|
if (now >= deadline)
|
|
return;
|
|
|
|
tt = window.setTimeout(tick, 1000 - (now - ts));
|
|
ts = now;
|
|
};
|
|
|
|
tick();
|
|
|
|
/* wait a few seconds for the settings to become effective */
|
|
window.setTimeout(call, Math.max(uci_apply_holdoff * 1000 - ((ts + uci_apply_rollback * 1000) - deadline), 1));
|
|
}
|
|
|
|
function uci_apply(checked) {
|
|
uci_status_message('notice',
|
|
'<img src="<%=resource%>/icons/loading.gif" alt="" style="vertical-align:middle" /> ' +
|
|
'<%:Starting configuration apply…%>');
|
|
|
|
xhr.post('<%=url("admin/uci")%>/' + (checked ? 'apply_rollback' : 'apply_unchecked'), uci_apply_auth, function(r, tok) {
|
|
if (r.status === (checked ? 200 : 204)) {
|
|
if (checked && tok !== null && typeof(tok) === 'object' && typeof(tok.token) === 'string')
|
|
uci_confirm_auth = tok;
|
|
|
|
uci_confirm(checked, Date.now() + uci_apply_rollback * 1000);
|
|
}
|
|
else if (checked && r.status === 204) {
|
|
uci_status_message('notice', '<%:There are no changes to apply.%>');
|
|
window.setTimeout(function() {
|
|
<% if redirect_ok then -%>
|
|
location.href = decodeURIComponent('<%=luci.util.urlencode(redirect_ok)%>');
|
|
<%- else -%>
|
|
uci_status_message(false);
|
|
<%- end %>
|
|
}, uci_apply_display * 1000);
|
|
}
|
|
else {
|
|
uci_status_message('warning', '<%_Apply request failed with status <code>%h</code>%>'.format(r.responseText || r.statusText || r.status));
|
|
window.setTimeout(function() { uci_status_message(false); }, uci_apply_display * 1000);
|
|
}
|
|
});
|
|
}
|
|
|
|
function uci_revert() {
|
|
uci_status_message('notice',
|
|
'<img src="<%=resource%>/icons/loading.gif" alt="" style="vertical-align:middle" /> ' +
|
|
'<%:Reverting configuration…%>');
|
|
|
|
xhr.post('<%=url("admin/uci/revert")%>', uci_apply_auth, function(r) {
|
|
if (r.status === 200) {
|
|
uci_status_message('notice', '<%:Changes have been reverted.%>');
|
|
window.setTimeout(function() {
|
|
<% if redirect_ok then -%>
|
|
location.href = decodeURIComponent('<%=luci.util.urlencode(redirect_ok)%>');
|
|
<%- else -%>
|
|
window.location = window.location.href.split('#')[0];
|
|
<%- end %>
|
|
}, uci_apply_display * 1000);
|
|
}
|
|
else {
|
|
uci_status_message('warning', '<%_Revert request failed with status <code>%h</code>%>'.format(r.statusText || r.status));
|
|
window.setTimeout(function() { uci_status_message(false); }, uci_apply_display * 1000);
|
|
}
|
|
});
|
|
}
|
|
//]]></script>
|
|
<%- end) %>
|