ucfopen · ljoks · Feb 21, 2022 · Feb 21, 2022 · Feb 25, 2022 · Mar 21, 2022
diff --git a/.env b/.env
@@ -33,6 +33,7 @@ BOOL_SEND_EMAILS=false
 
 #URLS_STATIC=
 #URLS_ENGINES=
+#URLS_H5P=
 #BOOL_ADMIN_UPLOADER_ENABLE=true
 #ASSET_STORAGE_DRIVER=file
 #ASSET_STORAGE_S3_REGION=us-east-1
@@ -88,3 +89,8 @@ LTI_KEY="materia-production-lti-key"
 #BOOL_LTI_USE_LAUNCH_ROLES=true
 #BOOL_LTI_GRACEFUL_CONFIG_FALLBACK=true
 #BOOL_LTI_LOG_FOR_DEBUGGING=false
+
+# THIRD PARTY OAUTH ===================
+
+OAUTH_KEY="materia-third-party-oauth-key"
+OAUTH_SECRET="third-party-oauth-secret"
diff --git a/docker/config/nginx/nginx-dev.conf b/docker/config/nginx/nginx-dev.conf
@@ -164,4 +164,17 @@ http {
 
     }
 
+    upstream h5p {
+        server h5p:3333;
+    }
+
+    server {
+        listen *:3000 ssl;
+        listen [::]:3000 ssl;
+
+        location / {
+            proxy_pass https://h5p$request_uri;
+        }
+    }
+
 }
diff --git a/docker/docker-compose.override.yml b/docker/docker-compose.override.yml
@@ -30,6 +30,11 @@ services:
   fakes3:
     volumes:
       - uploaded_media:/s3mnt/fakes3_root/fakes3_uploads/media/
+
+  h5p:
+    volumes:
+      - ./config/nginx/key.pem:/etc/nginx/conf.d/key.pem:ro
+      - ./config/nginx/cert.pem:/etc/nginx/conf.d/cert.pem:ro
 
 volumes:
   # static_files: {} # compiled js/css and uploaded widgets

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '3.5'
+version: "3.5"
 
 services:
   webserver:
@@ -10,6 +10,7 @@ services:
       - "80:80" # main materia
       - "443:443" # main materia
       - "8008:8008" # static files (simulates a different domain sandbox & cdn)
+      - "3000:3000" # h5p
     networks:
       - frontend
     depends_on:
@@ -45,6 +46,7 @@ services:
       - THEME_PACKAGE=materia-theme-ucf
       - URLS_ENGINES=https://localhost:8008/widget/
       - URLS_STATIC=https://localhost:8008/
+      - URLS_H5P=https://localhost:3000
       - USER_INSTRUCTOR_PASSWORD=${DEV_ONLY_USER_PASSWORD}
       - USER_STUDENT_PASSWORD=${DEV_ONLY_USER_PASSWORD}
       - USER_SYSTEM_PASSWORD=${DEV_ONLY_USER_PASSWORD}
@@ -81,9 +83,22 @@ services:
       - frontend
       - backend
 
+  h5p:
+    build:
+      context: ../
+      dockerfile: ./h5p-server/materia-h5p.Dockerfile
+      args:
+        ENVIRONMENT: dev
+    ports:
+      - "3333:3333" # port should match what's being provided in URLS_H5P above
+    networks:
+      - frontend
+    environment:
+      - MATERIA_WEBSERVER_NETWORK=webserver
+      - MATERIA_URL=https://localhost:8008 # should be same as static URL above
+
 networks:
   frontend:
     name: materia_frontend
   backend:
     name: materia_backend
-
diff --git a/docker/run_first.sh b/docker/run_first.sh
@@ -44,6 +44,10 @@ source run_build_assets.sh
 # create a dev user based on your current shell user (password will be 'kogneato') MATERIA_DEV_PASS=whatever can be used to set a custom pw
 source run_create_me.sh
 
+# run setup for the h5p server
+cd ../h5p-server/
+source setup.sh
+
 echo -e "Materia will be hosted on \033[32m$DOCKER_IP\033[0m"
 echo -e "\033[1mRun an oil comand:\033[0m ./run.sh php oil r  widget:show_engines"
 echo -e "\033[1mRun the web app:\033[0m docker-compose up"
diff --git a/fuel/app/classes/controller/media.php b/fuel/app/classes/controller/media.php
@@ -5,6 +5,7 @@
  */
 use \Materia\Widget_Asset_Manager;
 use \Materia\Widget_Asset;
+use \Thirdparty\Oauth;
 
 class Controller_Media extends Controller
 {
@@ -64,8 +65,11 @@ public function get_import()
 	// This currently assumes a single uploaded file at a time
 	public function action_upload()
 	{
-		// Validate Logged in
-		if (\Service_User::verify_session() !== true) throw new HttpNotFoundException;
+		// Either Validate Logged in
+		// or validate a third party server thru Oauth
+		if (\Service_User::verify_session() !== true)
+			if (Oauth::validate_post() !== true) 
+				throw new HttpNotFoundException;
 
 		$res = new Response();
 		// Make sure file is not cached (as it happens for example on iOS devices)

diff --git a/fuel/app/classes/thirdparty/oauth.php b/fuel/app/classes/thirdparty/oauth.php
@@ -0,0 +1,39 @@
+<?php
+namespace Thirdparty;
+// phpcs:disable FuelPHP.NamingConventions.ConciseUnderscoredVariableName
+
+class Oauth
+{
+	public static function validate_post()
+	{
+		try
+		{
+			// get signature, timestamp, nonce from body formData
+			$signature  = \Input::post('oauth_signature', '');
+			$timestamp  = (int) \Input::post('oauth_timestamp', 0);
+			$nonce      = \Input::post('oauth_nonce', false);
+
+			// check to make sure all are present
+			if (empty($signature)) throw new \Exception('Authorization signature is missing.');
+			if (empty($nonce)) throw new \Exception('Authorization fingerprint is missing.');
+			if (\Input::post('oauth_consumer_key') !== $_ENV['OAUTH_KEY']) throw new \Exception('Authorization signature failure.');
+
+			// make sure request was made in the last hour
+			if ($timestamp < (time() - 3600)) throw new \Exception('Authorization signature is too old.');
+
+			// hash key and secret to make sure token matches
+			$new_sig = hash_hmac('sha256', $_ENV['OAUTH_KEY'], $_ENV['OAUTH_SECRET'].$timestamp.$nonce, false);
+
+			if ($new_sig !== $signature) throw new \Exception('Authorization signature failure.');
+			return true;
+		}
+		catch (\Exception $e)
+		{
+			logger('DEBUG', 'ERROR: INVALID OAUTH EXCEPTION');
+			logger('DEBUG', $e);
+			// \Materia\Log::profile(['invalid-oauth-received', $e->getMessage(), \Uri::current(), print_r(\Input::post(), 1)], 'lti-error-dump');
+		}
+
+		return false;
+	}
+}
diff --git a/fuel/app/classes/trait/commoncontrollertemplate.php b/fuel/app/classes/trait/commoncontrollertemplate.php
@@ -50,6 +50,7 @@ public function inject_common_js_constants()
 			'BASE_URL'           => Uri::base(),
 			'WIDGET_URL'         => Config::get('materia.urls.engines'),
 			'MEDIA_URL'          => Config::get('materia.urls.media'),
+			'H5P_URL'            => Config::get('materia.urls.h5p'),
 			'MEDIA_UPLOAD_URL'   => Config::get('materia.urls.media_upload'),
 			'STATIC_CROSSDOMAIN' => Config::get('materia.urls.static'),
 		];

diff --git a/fuel/app/config/config.php b/fuel/app/config/config.php
@@ -333,13 +333,13 @@
 		],
 		[
 			'id' => 2,
-			'package'  => 'https://github.com/ucfopen/hangman-materia-widget/releases/latest/download/hangman.wigt',
-			'checksum' => 'https://github.com/ucfopen/hangman-materia-widget/releases/latest/download/hangman-build-info.yml',
+			'package'  => 'https://github.com/ucfopen/guess-the-phrase-materia-widget/releases/latest/download/guess-the-phrase.wigt',
+			'checksum' => 'https://github.com/ucfopen/guess-the-phrase-materia-widget/releases/latest/download/guess-the-phrase-build-info.yml',
 		],
 		[
 			'id' => 3,
-			'package'  => 'https://github.com/ucfopen/matching-materia-widget/releases/latest/download/matching.wigt',
-			'checksum' => 'https://github.com/ucfopen/matching-materia-widget/releases/latest/download/matching-build-info.yml',
+			'package'  => 'https://github.com/ucfopen/guess-the-phrase-materia-widget/releases/latest/download/guess-the-phrase.wigt',
+			'checksum' => 'https://github.com/ucfopen/guess-the-phrase-materia-widget/releases/latest/download/guess-the-phrase-build-info.yml',
 		],
 		[
 			'id' => 4,

diff --git a/fuel/app/config/materia.php b/fuel/app/config/materia.php
@@ -26,7 +26,8 @@
 		'embed'        => \Uri::create('embed/'), // game embed urls http://siteurl.com/embed/3434
 		'preview'      => \Uri::create('preview/'), // game preview urls http://siteurl.com/preview/3443
 		'static'       => $_ENV['URLS_STATIC'] ?? \Uri::create(), // allows you to host another domain for static assets http://static.siteurl.com/
-		'engines'      => $_ENV['URLS_ENGINES'] ?? \Uri::create('widget/'), // widget file locations
+		'engines'      => $_ENV['URLS_ENGINES'] ?? \Uri::create('widget/'), // widget file locations,
+		'h5p'          => $_ENV['URLS_H5P'] ?? null
 	],
 
 

diff --git a/h5p-server/.dockerignore b/h5p-server/.dockerignore
@@ -0,0 +1,2 @@
+node_modules
+npm-debug.log
diff --git a/h5p-server/.gitignore b/h5p-server/.gitignore
@@ -0,0 +1,5 @@
+node_modules
+h5p/libraries/*
+h5p/temporary_storage/*
+config/*.pem
+.env*
diff --git a/h5p-server/Dockerfile b/h5p-server/Dockerfile
@@ -0,0 +1,31 @@
+# This dockerfile is meant to spin up the h5p-server alone
+
+FROM node:12
+
+# Create app directory
+WORKDIR /usr/src/app
+
+# Install app dependencies
+# A wildcard is used to ensure both package.json AND package-lock.json are copied
+# where available (npm@5+)
+COPY package*.json ./
+
+RUN yarn install
+
+# Bundle app source
+COPY . .
+
+# for local development, don't copy existing h5p info into
+# fresh docker container
+# RUN rm -r h5p/core h5p/editor h5p/libraries h5p/temporary-storage
+# RUN mkdir h5p/core h5p/editor h5p/libraries h5p/temporary-storage
+
+RUN ./setup.sh
+
+EXPOSE 3333
+
+# connect to the localhost of our machine from inside the docker container
+# used to make requests to local materia server
+ENV MATERIA_WEBSERVER_NETWORK=host.docker.internal
+
+CMD ["yarn", "start"]