add lb option

2018-05-11 15:57:31 -04:00 · 2018-05-11 15:57:31 -04:00 · 0f8a4734b2
parent b452932767
commit 0f8a4734b2
13 changed files with 183 additions and 41 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -20,10 +20,21 @@ class ApplicationController < ActionController::Base

  # Determines if the BigBlueButton endpoint is configured (or set to default).
  def bigbluebutton_endpoint_default?
+    return false if loadbalanced_configuration?
    Rails.configuration.bigbluebutton_endpoint_default == Rails.configuration.bigbluebutton_endpoint
  end
  helper_method :bigbluebutton_endpoint_default?

+  def loadbalanced_configuration?
+    Rails.configuration.loadbalanced_configuration
+  end
+  helper_method :loadbalanced_configuration?
+
+  def allow_greenlight_users?
+    Rails.configuration.greenlight_accounts
+  end
+  helper_method :allow_greenlight_users?
+
  private

  # Ensure the user is logged into the room they are accessing.
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -6,8 +6,8 @@ class SessionsController < ApplicationController

  # GET /logout
  def destroy
-    logout if current_user
-    head :no_content
+    logout
+    redirect_to root_path
  end

  # POST /login
@ -22,6 +22,18 @@ class SessionsController < ApplicationController
    end
  end

+  # POST /launch
+  def launch
+    # This will recieve a encoded POST from a launcher that
+    # contains the provider, and all user information. The
+    # launcher is what does the authentication, so we know
+    # that the user is who they say they are. We just need
+    # to use our secret to decode it and then log them in
+    # to GreenLight (or sign them up).
+
+    # User.from_launch()
+  end
+
  # GET/POST /auth/:provider/callback
  def omniauth
    user = User.from_omniauth(request.env['omniauth.auth'])
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -8,7 +8,6 @@ module SessionsHelper
  # Logs current user out of GreenLight.
  def logout
    session.delete(:user_id) if current_user
-    redirect_to root_path
  end

  # Retrieves the current user.
--- a/app/models/meeting.rb
+++ b/app/models/meeting.rb
@ -6,6 +6,8 @@ class Meeting < ApplicationRecord

  belongs_to :room

+  RETURNCODE_SUCCESS = "SUCCESS"
+
  # Creates a meeting on the BigBlueButton server.
  def create(options = {})
    create_options = {
@ -86,9 +88,59 @@ class Meeting < ApplicationRecord
    Rails.configuration.bigbluebutton_secret
  end

-  # Use one common instance of the BigBlueButton API for all meetings.
+  # Sets a BigBlueButtonApi object for interacting with the API.
  def bbb
-    @@bbb ||= BigBlueButton::BigBlueButtonApi.new(bbb_endpoint + "api", bbb_secret, "0.8")
+    @bbb ||= if Rails.configuration.loadbalanced_configuration
+      lb_user = retrieve_loadbalanced_credentials(self.room.user.provider)
+      BigBlueButton::BigBlueButtonApi.new(remove_slash(lb_user["apiURL"]), lb_user["secret"], "0.8")
+    else
+      BigBlueButton::BigBlueButtonApi.new(remove_slash(bbb_endpoint), bbb_secret, "0.8")
+    end
+  end
+
+  # Rereives the loadbalanced BigBlueButton credentials for a user.
+  def retrieve_loadbalanced_credentials(provider)
+    # Include Omniauth accounts under the Greenlight provider.
+    provider = "greenlight" if Rails.configuration.providers.include?(provider.to_sym)
+
+    # Build the URI.
+    uri = encode_bbb_url(
+      Rails.configuration.loadbalancer_endpoint,
+      Rails.configuration.loadbalancer_secret,
+      {name: provider}
+    )
+
+    # Make the request.
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = (uri.scheme == 'https')
+    response = http.get(uri.request_uri)
+
+    unless response.kind_of?(Net::HTTPSuccess)
+      raise "Error retrieving provider credentials: #{response.code} #{response.message}"
+    end
+
+    # Parse XML.
+    doc = XmlSimple.xml_in(response.body, 'ForceArray' => false)
+
+    # Return the user credentials if the request succeeded on the loadbalancer.
+    return doc['user'] if doc['returncode'] == RETURNCODE_SUCCESS
+
+    raise "User with provider #{provider} does not exist." if doc['messageKey'] == "noSuchUser"
+    raise "API call #{url} failed with #{doc['messageKey']}."
+  end
+
+  # Builds a request to retrieve credentials from the load balancer.
+  def encode_bbb_url(base_url, secret, params)
+    encoded_params = OAuth::Helper.normalize(params)
+    string = "getUser" + encoded_params + secret
+    checksum = OpenSSL::Digest.digest('sha1', string).unpack("H*").first
+
+    URI.parse("#{base_url}?#{encoded_params}&checksum=#{checksum}")
+  end
+
+  # Removes trailing forward slash from BigBlueButton URL.
+  def remove_slash(s)
+    s.nil? ? nil : s.chomp("/")
  end

  # Generates a BigBlueButton meeting id from a meeting token.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,14 +1,14 @@
 class User < ApplicationRecord

  after_create :initialize_room
-  before_save { email.downcase! }
+  before_save { email.downcase! unless email.nil? }

  has_one :room

  validates :name, length: { maximum: 24 }, presence: true
  validates :username, presence: true
  validates :provider, presence: true
-  validates :email, length: { maximum: 60 }, presence: true,
+  validates :email, length: { maximum: 60 }, allow_nil: true,
                    uniqueness: { case_sensitive: false },
                    format: {with: /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i }

@ -31,6 +31,11 @@ class User < ApplicationRecord
      user
    end

+    # Generates a user from a trusted launcher.
+    def from_launch(auth)
+
+    end
+
    private

    # Provider attributes.
@ -57,7 +62,6 @@ class User < ApplicationRecord
    def google_email(auth)
      auth['info']['email']
    end
-
  end

  private
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@ -24,20 +24,22 @@
            <% end %>
          <% end %>

-          <center><p>or...<br><br></p></center>
+          <% if allow_greenlight_users? %>
+            <center><p>or...<br><br></p></center>

-          <%= form_for(:session, url: login_path) do |f| %>
-            <div class="input-field col s12">
-              <%= f.label :email, "Email Address" %>
-              <%= f.text_field :email %>
-            </div>
-            <div class="input-field col s12">
-              <%= f.label :password %>
-              <%= f.password_field :password %>
-            </div>
-            <br>
-            <%= f.submit "Login", class: "btn white-text light-green" %>
-            <%= link_to "Don't have an account? Sign up!", signup_path %>
+            <%= form_for(:session, url: login_path) do |f| %>
+              <div class="input-field col s12">
+                <%= f.label :email, "Email Address" %>
+                <%= f.text_field :email %>
+              </div>
+              <div class="input-field col s12">
+                <%= f.label :password %>
+                <%= f.password_field :password %>
+              </div>
+              <br>
+              <%= f.submit "Login", class: "btn white-text light-green" %>
+              <%= link_to "Don't have an account? Sign up!", signup_path %>
+            <% end %>
          <% end %>
        </div>
      <% end %>
--- a/config/application.rb
+++ b/config/application.rb
@ -12,12 +12,25 @@ module Greenlight20
    # Application configuration should go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded.

-    # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
-    config.bigbluebutton_endpoint_default = 'http://test-install.blindsidenetworks.com/bigbluebutton/'
-    config.bigbluebutton_secret_default = '8cd8ef52e8e101574e400365b55e11a6'
+    config.loadbalanced_configuration = (ENV["USE_LOADBALANCED_CONFIGURATION"] == "true")

-    # BigBlueButton configuration.
-    config.bigbluebutton_endpoint = ENV['BIGBLUEBUTTON_ENDPOINT']  || config.bigbluebutton_endpoint_default
-    config.bigbluebutton_secret = ENV['BIGBLUEBUTTON_SECRET'] || config.bigbluebutton_secret_default
+    # Setup BigBlueButton configuration.
+    unless config.loadbalanced_configuration
+      # Default credentials (test-install.blindsidenetworks.com/bigbluebutton).
+      config.bigbluebutton_endpoint_default = "http://test-install.blindsidenetworks.com/bigbluebutton/"
+      config.bigbluebutton_secret_default = "8cd8ef52e8e101574e400365b55e11a6"
+
+      # Use standalone BigBlueButton server.
+      config.bigbluebutton_endpoint = ENV["BIGBLUEBUTTON_ENDPOINT"] || config.bigbluebutton_endpoint_default
+      config.bigbluebutton_endpoint += "api/" unless config.bigbluebutton_endpoint.ends_with?('api/')
+      config.bigbluebutton_secret = ENV["BIGBLUEBUTTON_SECRET"] || config.bigbluebutton_secret_default
+    else
+      # Fetch credentials from a loadbalancer based on provider.
+      config.loadbalancer_endpoint = ENV["LOADBALANCER_ENDPOINT"]
+      config.loadbalancer_secret = ENV["LOADBALANCER_SECRET"]
+    end
+
+    # Determine if GreenLight should allow non-omniauth signup/login.
+    config.greenlight_accounts = (ENV['ALLOW_GREENLIGHT_ACCOUNTS'] == "true")
  end
-end
+end
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -1,4 +1,4 @@
-# List of supported providers.
+# List of supported Omniauth providers.
 Rails.application.config.providers = [:google, :twitter]

 # Set which providers are configured.
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,5 +1,6 @@
 Rails.application.routes.draw do

+  # Room and Meeting routes.
  scope '/rooms' do
    scope '/:room_uid' do
      get '/', to: 'rooms#index', as: :room
@ -9,18 +10,22 @@ Rails.application.routes.draw do
    end
  end

+  # Signup routes.
  get '/signup', to: 'users#new'
  post '/signup', to: 'users#create'

-  # Login to Greenlight.
-  get '/login', to: 'sessions#new'
-
  # Handles login of :greenlight provider account.
  post '/login',  to: 'sessions#create', as: :create_session

+  # Login to Greenlight.
+  get '/login', to: 'sessions#new'
+
  # Log the user out of the session.
  get '/logout', to: 'sessions#destroy'

+  # Handles launches from a trusted launcher.
+  post '/launch', to: 'sessions#launch'
+
  # Handles Omniauth authentication.
  match '/auth/:provider/callback', to: 'sessions#omniauth', via: [:get, :post], as: :omniauth_session
  get '/auth/failure', to: 'sessions#fail'
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -12,6 +12,6 @@ User.create(
  uid: "someuid",
  username: "testuser",
  email: "test@user.com",
-  password: "test",
-  password_confirmation: "test",
+  password: "password",
+  password_confirmation: "password",
 )
--- a/sample.env
+++ b/sample.env
@ -0,0 +1,49 @@
+# If set to true, GreenLight will attempt to fetch the endpoint and secret from the credentials
+# endpoint by passing it the users provider. This is useful when launching into GreenLight from
+# and external service with a customer provider (who may have different credentials).
+
+# It is also worth noting that ALL Omniauth providers resolve to "greenlight" before being sent.
+# If you are configuring GreenLight for use with a single BigBlueButton server, set this to false.
+USE_LOADBALANCED_CONFIGURATION=false
+
+# The endpoint and secret for your BigBlueButton server.
+# Set these if you are running GreenLight on a single BigBlueButton server.
+# You can retrive these by running the following command on your BigBlueButton server:
+#
+#   bbb-conf --secret
+#
+BIGBLUEBUTTON_ENDPOINT=
+BIGBLUEBUTTON_SECRET=
+
+# The endpoint and secret for your Loadbalancer server.
+# Set these ONLY IF you are running BigBlueButton under a loadbalanced configuration.
+# GreenLight will use these credentials to retrieve provider based server credentials.
+LOADBALANCER_ENDPOINT=
+LOADBALANCER_SECRET=
+
+# Google Login Provider (optional)
+#
+# For in-depth steps on setting up a Google Login Provider, see:
+#
+#   http://docs.bigbluebutton.org/install/green-light.html#google-oauth
+#
+# The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted
+# domain. This can be a string such as, 'domain.com'. If left blank, GreenLight will allow
+# sign-in from all Google Apps hosted domains.
+GOOGLE_OAUTH2_ID=
+GOOGLE_OAUTH2_SECRET=
+GOOGLE_OAUTH2_HD=
+
+# Twitter Login Provider (optional)
+#
+# For in-depth steps on setting up a Twitter Login Provider, see:
+#
+#   http://docs.bigbluebutton.org/install/green-light.html#twitter-oauth
+#
+TWITTER_ID=
+TWITTER_SECRET=
+
+# Set this to true if you want GreenLight to support user signup and login without
+# Omniauth. This will allow users to create an account at www.hostname.com/signup
+# and use that account to fully interact with GreenLight.
+ALLOW_GREENLIGHT_ACCOUNTS=false
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@ -9,11 +9,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
    @steve.room = @kitchen
  end

-  test 'can get login page.' do
-    get login_path
-    assert_response :success
-  end
-
  test 'can signin with greenlight account.' do
    post create_session_path, params: {session: {email: @steve.email, password: "steve12345"}}
    
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@ -15,9 +15,9 @@ class UserTest < ActiveSupport::TestCase
    assert_not @steve.valid?
  end

-  test "email should be present." do
+  test "should allow nil email." do
    @steve.email = nil
-    assert_not @steve.valid?
+    assert @steve.valid?
  end

  test "username should be present." do