-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserver.js
142 lines (118 loc) · 3.78 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
'use strict';
const exphbs = require('express-handlebars');
const express = require('express');
const handlebars = require('handlebars');
const lti = require('@dinoboff/ims-lti');
const _HmacSha1 = require('@dinoboff/ims-lti/lib/hmac-sha1');
const database = require('./database');
const launchURL = '/lti/launch';
const LTI_CONTENT_TYPES = {
'application/x-www-form-urlencoded': true
};
/**
* Create a LTI request handler.
*
* @param {function(express.Application)} setup Function to register extra middleware
* @returns {express.Application}
*/
exports.create = function (setup = app => app) {
const app = setup(express());
app.engine('handlebars', exphbs({
defaultLayout: 'main',
helpers: {
json: data => new handlebars.SafeString(JSON.stringify(data))
}
}));
app.set('view engine', 'handlebars');
app.get(['/', '/lti/'], (req, res) => res.render('index'));
app.post('/lti/credentials', (req, res, next) => {
database.newCredentials()
.then(credentials => res.render(
'credentials',
Object.assign(credentials, {launchURL})
))
.catch(next);
});
app.post(launchURL, (req, res, next) => {
parseLTIReq(req)
.then(ltiReq => database.launches.getOrCreate(ltiReq).then(snapshot => ({ltiReq, launch: snapshot.val()})))
.then(({ltiReq, launch}) => database.launches.authenticate(ltiReq).then(token => ({ltiReq, launch, token})))
.then(({ltiReq, launch, token}) => res.render('launch', {token, launch, presentation: presentation(ltiReq)}))
.catch(next);
});
return app;
};
class HmacSha1 extends _HmacSha1 {
protocol(req) {
if (req.headers['x-appengine-https'] === 'on') {
return 'https';
}
return super.protocol(req);
}
}
/**
* Validate a request oauth1 credentials and resolve to a LTI provider.
*
* Note that
*
* @param {express.Request} req Request
* @returns {Promise<ims-lti.Provider>}
*/
function parseLTIReq(req) {
return supportedReq(req)
.then(domain => {
const key = domain.startsWith('lti') ? domain.slice(3) : domain;
return database.getCredentials(key);
})
.then(({key, secret}) => validateSignature(req, key, secret));
}
function supportedReq(req) {
return new Promise((resolve, reject) => {
const {
headers: {'content-type': enc},
body: {
oauth_signature_method: proto,
oauth_consumer_key: domain
}
} = req;
if (LTI_CONTENT_TYPES[enc] !== true) {
reject(new Error(`"${enc}" is not a support content type for this application.`));
}
if (proto !== 'HMAC-SHA1') {
reject(new Error(`"${proto}" oauth signature method is not a supported.`));
}
resolve(domain);
});
}
function validateSignature(req, key, secret) {
return new Promise((resolve, reject) => {
const provider = new lti.Provider(key, secret, {
// Firebase functions is accessed via a reverse proxy. The lti signature
// validation needs to use the original hostname and not the functions
// server one.
signer: new HmacSha1({trustProxy: true}),
// Save nonces in datastore and ensure the request oauth1 nonce cannot be
// used twice.
nonceStore: database.nonceStore(key)
});
provider.valid_request(req, (err, isValid) => {
if (err != null) {
return reject(err);
}
if (!isValid) {
return reject(new Error());
}
resolve(provider);
});
});
}
function presentation(req) {
return {
target: req.body.launch_presentation_target || null,
local: req.body.launch_presentation_local || null,
cssURL: req.body.launch_presentation_css_url || null,
width: req.body.launch_presentation_width || null,
height: req.body.launch_presentation_height || null,
returnURL: req.body.launch_presentation_return_url || null
};
}