Hack webpack to not use MD4

OpenSSL 3 removed support for MD4, the default hashFunction.
As the issue describes, the proper fix here is to move to webpack 5.

Moving to webpack 5 requires numerous c

Hack webpack to not use MD4

OpenSSL 3 removed support for MD4, the default hashFunction.
As the issue describes, the proper fix here is to move to webpack 5.

Moving to webpack 5 requires numerous changes.

Attempted moving to webpack 5 but migration requires a ton of changes.

This solution is from:
https://github.com/webpack/webpack/issues/13572#issuecomment-923736472

This should enable the new Yocto bump to pass.

Tested: npm install && npm run-script build and loaded those onto a
Witherspoon system. Yocto bump with this change built.

Change-Id: I5818fc49c8e0f0df7911edc069ff75a9b047dd21
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Drop encoding library

Commit f4a43cca440535a63592877c9bdbbe28636d803c attempted to fix a IE
bug in the SOL library. Unfortunately, it did it by pulling in the
entire NPM encoding library, which is

Drop encoding library

Commit f4a43cca440535a63592877c9bdbbe28636d803c attempted to fix a IE
bug in the SOL library. Unfortunately, it did it by pulling in the
entire NPM encoding library, which is insanely large (190kb after
minification and compression). This is almost equivalent to the rest of
our javascript put together! That's nuts, and I don't think anyone
would argue that's a binary hit worth taking for IE9 support.

This commit removes it, and swaps in an inline polyfill from the mozilla
recommendations, that compresses much....much smaller.

Before this patchset build prints:
app.bundle.js.gz 522 KiB [emitted] [big]

After this patchset:
app.bundle.js.gz 332 KiB [emitted] [big]

If you don't want to break out a calculator, that's 190KB savings in the
root filesystem, and should cut the initial page load time (on slow
connections) by nearly 30 percent.

Note: text-encodings was never pinned in the package-lock.json, hence
why you don't see a diff removing it from package lock. This was a miss
on the original commiters part, although it doesn't really matter, as
it's now removed.

PS: A reviewer may note, I could've moved the polyfill into its own
file. Considering the serial console is the only page that uses that,
and it's not that big I elected not to, to make removing it analagous
with removing xterm/the serial console.

Bonus content!
Added a (commented out) webpack config that allows you to generate the
webui as individual gzipped fragments, instead of one bundle. This
allows you to see file sizes on a package by package basis, and was how
I found this commit in question.

Testing:
This is where this patchset gets hairy. I dont' have an IE9 instance to
test on. Given it's low usage, and the fact that it's a relatively
straightforward change we can probably just wait for someone to tell us
it's broken again.

Enjoy the sweet sweet savings.

Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I2820ff1c4b33d725ebc63490793a72fe600b8ed3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly,

Remove CSP protections from HTML

When I originally wrote CSP into the webui files, I intended to drop it
into the HTML file so it could be removed from bmcweb. Unfortunately,
that plan doesn't fly, as the CSP headers in bmcweb need to remain for
non-html files.

This normally wouldn't matter, but a number of people utilize
BMCWEB_INSECURE_DISABLE_XSS_PREVENTION to run the webui locally and
debug a new webui patch from a working BMC. This causes the CSP headers
to conflict, and the browser to fail with a CSP error on connect-src
when debugging locally.

Removing the CSP section entirely from the webui resolves this, and
doesn't change functionality at all, as it's still covered in bmcweb.

Tested: Will verify on a real platform.

Verified that building the webui locally with the above bmcweb flag
allows the webui to launch correctly.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I60e5011361ec3ce1930249a20cf34480beb48a7f

show more ...

Add 'wss:' to connect-src directive in CSP

This will fix Safari console errors for WebSocket connections.

This fix is dependent on
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/24610

Signe

Add 'wss:' to connect-src directive in CSP

This will fix Safari console errors for WebSocket connections.

This fix is dependent on
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/24610

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I54987124037c206773bbc4ee690f854bfae8fa19

show more ...

Fix app header template rendering in Safari

Add 'connect-src' directive to Content Security Policy to allow
WebSocket connection.
Added additional error handling when Websocket connection
refused.

Fix app header template rendering in Safari

Add 'connect-src' directive to Content Security Policy to allow
WebSocket connection.
Added additional error handling when Websocket connection
refused.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I83cfaa0b314099aea57ee7f2be75a0658462b2a9

show more ...

Fix IE11 support

While we don't really officially support IE, it would be nice if
_most_ non-complicated things actually worked. Given where
transpilation is, and the fact that we already have webp

Fix IE11 support

While we don't really officially support IE, it would be nice if
_most_ non-complicated things actually worked. Given where
transpilation is, and the fact that we already have webpack, this isn't
actually that riddiculous of an idea.

using babel was the intent with the original webpack stuff, but it turns out
babel-loader wasn't pulling in the babelrc properly when it was in the
root dir, so babel wasn't actually transpiling anything properly.

Functionally, this commit does 3 things:
1. Fixes the published Accepts header, as the ajax call confuses IE if
it doesn't have an encoding.
2. Includes core-js, to allow us to not really have to worry about
javascript features that aren't present in a given browser.
4. Includes the config to support all browsers with > 0.25% market
share, which should keep us compatible with most stuff.

Requires a patch to bmcweb for the updated charset header, as we didn't
handle that properly previously.
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/24063

Tested:
Loaded the bmcweb patch.
Started the webui in IE11 with the console open. Observed that webui
launches and logs in properly with no errors on the console.
Opened the webui in chrome to verify that nothing was broken. Appears
working as it was before.

Measured the pre-rootfs size before and after this patchset. It
adds 36KB to the final package size. (404KB to 440KB). For supporting
IE11 (and probably other browsers) I think this is well worth the cost.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: Ie402e3296deede466a7a05726ebd7a18bead0b80

show more ...

Consolidate button styles

This patchset will create consistent button styling according
to the styleguide and remove redundant button styles by creating
reusable button classes.

This patchset also

Consolidate button styles

This patchset will create consistent button styling according
to the styleguide and remove redundant button styles by creating
reusable button classes.

This patchset also implements a consistent strategy for including
icon assets. Currently, svg icons are imported as CSS background
images or inlined into the markup. Inlining an svg is preferred,
especially when used with buttons or links so the colors can
be easily changed for different states (hover, focus, disabled)
without having to request variants.
The icon provider allows us to inline svgs without cluttering
the markup. Webpack config was adjusted to use svg-inline-loader
when resolving svgs that are used by the icon provider directive.

- All svgs were optimized to remove unncessary information.
- Removed unused svg color variants
- Moved icons used by icon provider to separate directory to
avoid Webpack parsing the files twice
- Small changes to navigation icons

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: I1ca214b74fc502e6b6e760cfee88b48110237c43

show more ...

Implement KVM in webui

This patchset adds the infrastructure to allow KVM sessions
through the webui. A websocket capable VNC/RFB connection
on the BMC is needed for KVM sessions.

To access, naviga

Implement KVM in webui

This patchset adds the infrastructure to allow KVM sessions
through the webui. A websocket capable VNC/RFB connection
on the BMC is needed for KVM sessions.

To access, navigate to Server control -> KVM.

Tested: Ran obmc-ikvm on the BMC, added a KVM Handler to
Phosphor Rest Server, and was able to establish a
KVM session in the webui on a Witherspoon.
Change-Id: I7dda5bec41d270ae8d0913697714d4df4ec3a257
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Enable strict content security policy

Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context. Because we're a

Enable strict content security policy

Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context. Because we're a single page application, this means that we
can effectively defend the whole page with a few extra lines of setup.

This does not utilitize _any_ of the unsafe-* calls that content
security policy has, which should meet security standards for all uses.

Tested By:
Launched GUI, observed no functional changes, and watched console for
CSP errors. Saw none.

Change-Id: I892df1f1b004384943be0ae6e51046054991fd45
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

move phosphor webui into 2018 style

This commit moves us to the latest versions of all the packages we use.
For the bitbake build to succeed, it requires the patchset here to be
merged. Details on

move phosphor webui into 2018 style

This commit moves us to the latest versions of all the packages we use.
For the bitbake build to succeed, it requires the patchset here to be
merged. Details on why are available on that commit.
https://gerrit.openbmc-project.xyz/#/c/openbmc/openbmc/+/12561/2//COMMIT_MSG@10

This upgrade of webpack is done to decrease our size on flash, and to
increase the load time of the webui. In my basic testing, this
patchset decreases the webui load time (to the login page) by about
40% and significnatly reduces the load on the bmc. This is because
the entire page is loaded in a single request.

This should also save some runtime memory on the BMC as well, as the
webui route is now greatly decreased. Basic testing shows that we have
gone from 1188KB of pre-squashfs flash used to down to 456KB.

Change-Id: I5992f2808978ee0e6b00196b030f7b122cac20d9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Remove 2nd CopyWebpackPlugin var

Found using sonar scanner.

Change-Id: I7ca70f2d13a8adfeebfee2b727ffed7c118a89bc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Turn uglification back on

Fixes github bug openbmc/openbmc#2871

Turn on uglification again. It turns out, we only had one issue
preventing the UI from starting when running in uglified mode. This

Turn uglification back on

Fixes github bug openbmc/openbmc#2871

Turn on uglification again. It turns out, we only had one issue
preventing the UI from starting when running in uglified mode. This
patchset fixes the issue, and reenables uglification.

This patchset drops our gzip compressed payload size by about 50K (about
14%). While it doesn't seem like a lot now, it increases our ability
to scale the javascript payloads going forward.

Change-Id: I0744687203a9db0f4b26d1e1d2f4e3bdb4a52f78
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Format code using clang-format-5.0

Once merged, this repository will have CI enforce
the coding guidelines in the .clang-format file.

Change-Id: I96a05972665f9c67625c6850c3da25edc540be06
Signed-off

Format code using clang-format-5.0

Once merged, this repository will have CI enforce
the coding guidelines in the .clang-format file.

Change-Id: I96a05972665f9c67625c6850c3da25edc540be06
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

Run js-beautify and fixjsstyle on code

Found this pointer on stackoverflow:
https://stackoverflow.com/a/31660434/5508494

End goal is to get the code formatted well enough that
clang format will run

Run js-beautify and fixjsstyle on code

Found this pointer on stackoverflow:
https://stackoverflow.com/a/31660434/5508494

End goal is to get the code formatted well enough that
clang format will run correctly against it.

Change-Id: I80053e78d253d8eee49233e42d55e5807ae8fdc8
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

Fix issue number in TODO

The Uglifying build error is 2871 not 2781.
https://github.com/openbmc/openbmc/issues/2871

Change-Id: I84dedc50c1cc2f45a04eacd1d83cd43bd2a7230f
Signed-off-by: Gunnar Mills

Fix issue number in TODO

The Uglifying build error is 2871 not 2781.
https://github.com/openbmc/openbmc/issues/2871

Change-Id: I84dedc50c1cc2f45a04eacd1d83cd43bd2a7230f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Move uglifyjs-webpack-plugin to ^1.1.2

Fixes uglifyJs invalid assignment.
Before we were using the uglifyjs-webpack-plugin ^0.4.6 coming
from webpack.
Took from
https://github.com/webpack-contrib/ug

Move uglifyjs-webpack-plugin to ^1.1.2

Fixes uglifyJs invalid assignment.
Before we were using the uglifyjs-webpack-plugin ^0.4.6 coming
from webpack.
Took from
https://github.com/webpack-contrib/uglifyjs-webpack-plugin/issues/187

Resolves openbmc/openbmc#3200

Change-Id: I29907caeeb49122cdddf6e6793070671a4525231
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Turn off the mangler

The javascript in this repository isn't currently compatible with
the name mangling done by the uglifier plugin (it causes unknown
provider errors).

This commit can be reverted

Turn off the mangler

The javascript in this repository isn't currently compatible with
the name mangling done by the uglifier plugin (it causes unknown
provider errors).

This commit can be reverted when it is fixed.

Change-Id: I1589e2ba392aec7b321b9816475613215836c47d
Signed-off-by: Matt Spinler <spinler@us.ibm.com>

show more ...

Add proper favicon handling

The current repo doesn't seem to produce a favicon, so having the
reference to it produces either a 404 error or a 401 error depending on
the server. Add a transparent f

Add proper favicon handling

The current repo doesn't seem to produce a favicon, so having the
reference to it produces either a 404 error or a 401 error depending on
the server. Add a transparent favicon until someone can cobble
together a proper one from the openbmc SVG files

Change-Id: I5a79be5982e164a8ae0b28a69f673129c0a959ba
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Modernize web GUI and make it installable on BMC

1. Move from gulp server to webpack. This allows the proper
compression to allow the webui to be embedded in the BMC.
2. Update js paths to use requ

Modernize web GUI and make it installable on BMC

1. Move from gulp server to webpack. This allows the proper
compression to allow the webui to be embedded in the BMC.
2. Update js paths to use requires, not hardcoded paths. This was
required to make the packaging work correctly.
3. Add babel config to do translation.
4. Update angularjs directive calls to use the angular 1.6 syntax for
promises intead of success and fail.

https://docs.angularjs.org/guide/migration#migrate1.5to1.6-ng-services-$http

5. As a consequence of using NPM/webpack, the versions of angular and
associated modules that were checked in have been updated.

Change-Id: Icb71e2eedb0d9a8943fc914f9dc4be11d0983c00
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

show more ...