| 1 | efrain | 1 | <?php
 | 
        
           |  |  | 2 | // This file is part of Moodle - http://moodle.org/
 | 
        
           |  |  | 3 | //
 | 
        
           |  |  | 4 | // Moodle is free software: you can redistribute it and/or modify
 | 
        
           |  |  | 5 | // it under the terms of the GNU General Public License as published by
 | 
        
           |  |  | 6 | // the Free Software Foundation, either version 3 of the License, or
 | 
        
           |  |  | 7 | // (at your option) any later version.
 | 
        
           |  |  | 8 | //
 | 
        
           |  |  | 9 | // Moodle is distributed in the hope that it will be useful,
 | 
        
           |  |  | 10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
 | 
        
           |  |  | 11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | 
        
           |  |  | 12 | // GNU General Public License for more details.
 | 
        
           |  |  | 13 | //
 | 
        
           |  |  | 14 | // You should have received a copy of the GNU General Public License
 | 
        
           |  |  | 15 | // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
 | 
        
           |  |  | 16 |   | 
        
           |  |  | 17 | namespace mod_bigbluebuttonbn;
 | 
        
           |  |  | 18 |   | 
        
           |  |  | 19 | use Exception;
 | 
        
           |  |  | 20 | use Firebase\JWT\JWT;
 | 
        
           |  |  | 21 | use Firebase\JWT\Key;
 | 
        
           |  |  | 22 | use mod_bigbluebuttonbn\local\config;
 | 
        
           |  |  | 23 |   | 
        
           |  |  | 24 | /**
 | 
        
           |  |  | 25 |  * The broker routines
 | 
        
           |  |  | 26 |  *
 | 
        
           |  |  | 27 |  * @package   mod_bigbluebuttonbn
 | 
        
           |  |  | 28 |  * @copyright 2010 onwards, Blindside Networks Inc
 | 
        
           |  |  | 29 |  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 | 
        
           |  |  | 30 |  * @author    Jesus Federico  (jesus [at] blindsidenetworks [dt] com)
 | 
        
           |  |  | 31 |  */
 | 
        
           |  |  | 32 | class broker {
 | 
        
           |  |  | 33 |     /**
 | 
        
           |  |  | 34 |      * Validate the supplied list of parameters, providing feedback about any missing or incorrect values.
 | 
        
           |  |  | 35 |      *
 | 
        
           |  |  | 36 |      * @param array $params
 | 
        
           |  |  | 37 |      * @return null|string
 | 
        
           |  |  | 38 |      */
 | 
        
           | 1441 | ariadna | 39 |     public static function validate_parameters(array $params): ?string {
 | 
        
           |  |  | 40 |         $requiredparams = [
 | 
        
           |  |  | 41 |             'recording_ready' => [
 | 
        
           |  |  | 42 |                 'bigbluebuttonbn' => 'The BigBlueButtonBN instance ID must be specified.',
 | 
        
           |  |  | 43 |                 'signed_parameters' => 'A JWT encoded string must be included as [signed_parameters].',
 | 
        
           |  |  | 44 |             ],
 | 
        
           |  |  | 45 |             'meeting_events' => [
 | 
        
           |  |  | 46 |                 'bigbluebuttonbn' => 'The BigBlueButtonBN instance ID must be specified.',
 | 
        
           |  |  | 47 |             ],
 | 
        
           |  |  | 48 |         ];
 | 
        
           |  |  | 49 |         if (!isset($params['action']) || empty($params['action'])) {
 | 
        
           |  |  | 50 |             return 'Parameter [' . $params['action'] . '] was not included';
 | 
        
           | 1 | efrain | 51 |         }
 | 
        
           |  |  | 52 |   | 
        
           |  |  | 53 |         $action = strtolower($params['action']);
 | 
        
           | 1441 | ariadna | 54 |         if (!array_key_exists($action, $requiredparams)) {
 | 
        
           | 1 | efrain | 55 |             return "Action {$params['action']} can not be performed.";
 | 
        
           |  |  | 56 |         }
 | 
        
           | 1441 | ariadna | 57 |         return self::validate_parameters_message($params, $requiredparams[$action]);
 | 
        
           | 1 | efrain | 58 |     }
 | 
        
           |  |  | 59 |   | 
        
           |  |  | 60 |     /**
 | 
        
           |  |  | 61 |      * Check whether the specified parameter is valid.
 | 
        
           |  |  | 62 |      *
 | 
        
           |  |  | 63 |      * @param array $params
 | 
        
           |  |  | 64 |      * @param array $requiredparams
 | 
        
           |  |  | 65 |      * @return null|string
 | 
        
           |  |  | 66 |      */
 | 
        
           |  |  | 67 |     protected static function validate_parameters_message(array $params, array $requiredparams): ?string {
 | 
        
           |  |  | 68 |         foreach ($requiredparams as $param => $message) {
 | 
        
           |  |  | 69 |             if (!array_key_exists($param, $params) || $params[$param] == '') {
 | 
        
           |  |  | 70 |                 return $message;
 | 
        
           |  |  | 71 |             }
 | 
        
           |  |  | 72 |         }
 | 
        
           |  |  | 73 |   | 
        
           |  |  | 74 |         // Everything is valid.
 | 
        
           |  |  | 75 |         return null;
 | 
        
           |  |  | 76 |     }
 | 
        
           |  |  | 77 |   | 
        
           |  |  | 78 |     /**
 | 
        
           |  |  | 79 |      * Helper for responding when recording ready is performed.
 | 
        
           |  |  | 80 |      *
 | 
        
           |  |  | 81 |      * @param instance $instance
 | 
        
           |  |  | 82 |      * @param array $params
 | 
        
           |  |  | 83 |      */
 | 
        
           |  |  | 84 |     public static function process_recording_ready(instance $instance, array $params): void {
 | 
        
           |  |  | 85 |         // Decodes the received JWT string.
 | 
        
           |  |  | 86 |         try {
 | 
        
           |  |  | 87 |             $decodedparameters = JWT::decode(
 | 
        
           |  |  | 88 |                 $params['signed_parameters'],
 | 
        
           |  |  | 89 |                 new Key(config::get('shared_secret'), 'HS256')
 | 
        
           |  |  | 90 |             );
 | 
        
           |  |  | 91 |         } catch (Exception $e) {
 | 
        
           |  |  | 92 |             $error = 'Caught exception: ' . $e->getMessage();
 | 
        
           |  |  | 93 |             header('HTTP/1.0 400 Bad Request. ' . $error);
 | 
        
           |  |  | 94 |             return;
 | 
        
           |  |  | 95 |         }
 | 
        
           |  |  | 96 |   | 
        
           |  |  | 97 |         // Validations.
 | 
        
           |  |  | 98 |         if (!isset($decodedparameters->record_id)) {
 | 
        
           |  |  | 99 |             header('HTTP/1.0 400 Bad request. Missing record_id parameter');
 | 
        
           |  |  | 100 |             return;
 | 
        
           |  |  | 101 |         }
 | 
        
           |  |  | 102 |   | 
        
           |  |  | 103 |         $recording = recording::get_record(['recordingid' => $decodedparameters->record_id]);
 | 
        
           |  |  | 104 |         if (!isset($recording)) {
 | 
        
           |  |  | 105 |             header('HTTP/1.0 400 Bad request. Invalid record_id');
 | 
        
           |  |  | 106 |             return;
 | 
        
           |  |  | 107 |         }
 | 
        
           |  |  | 108 |   | 
        
           |  |  | 109 |         // Sends the messages.
 | 
        
           |  |  | 110 |         try {
 | 
        
           |  |  | 111 |             // We make sure messages are sent only once.
 | 
        
           |  |  | 112 |             if ($recording->get('status') != recording::RECORDING_STATUS_NOTIFIED) {
 | 
        
           |  |  | 113 |                 $task = new \mod_bigbluebuttonbn\task\send_recording_ready_notification();
 | 
        
           |  |  | 114 |                 $task->set_instance_id($instance->get_instance_id());
 | 
        
           |  |  | 115 |   | 
        
           |  |  | 116 |                 \core\task\manager::queue_adhoc_task($task);
 | 
        
           |  |  | 117 |   | 
        
           |  |  | 118 |                 $recording->set('status', recording::RECORDING_STATUS_NOTIFIED);
 | 
        
           |  |  | 119 |                 $recording->update();
 | 
        
           |  |  | 120 |             }
 | 
        
           |  |  | 121 |             header('HTTP/1.0 202 Accepted');
 | 
        
           |  |  | 122 |         } catch (Exception $e) {
 | 
        
           |  |  | 123 |             $error = 'Caught exception: ' . $e->getMessage();
 | 
        
           |  |  | 124 |             header('HTTP/1.0 503 Service Unavailable. ' . $error);
 | 
        
           |  |  | 125 |         }
 | 
        
           |  |  | 126 |     }
 | 
        
           |  |  | 127 |   | 
        
           |  |  | 128 |     /**
 | 
        
           |  |  | 129 |      * Process meeting events for instance with provided HTTP headers.
 | 
        
           |  |  | 130 |      *
 | 
        
           |  |  | 131 |      * @param instance $instance
 | 
        
           |  |  | 132 |      * @return void
 | 
        
           |  |  | 133 |      */
 | 
        
           |  |  | 134 |     public static function process_meeting_events(instance $instance) {
 | 
        
           |  |  | 135 |         try {
 | 
        
           |  |  | 136 |             // Get the HTTP headers.
 | 
        
           |  |  | 137 |             $authorization = self::get_authorization_token();
 | 
        
           |  |  | 138 |   | 
        
           |  |  | 139 |             // Pull the Bearer from the headers.
 | 
        
           |  |  | 140 |             if (empty($authorization)) {
 | 
        
           |  |  | 141 |                 $msg = 'Authorization failed';
 | 
        
           |  |  | 142 |                 header('HTTP/1.0 400 Bad Request. ' . $msg);
 | 
        
           |  |  | 143 |                 return;
 | 
        
           |  |  | 144 |             }
 | 
        
           |  |  | 145 |             // Verify the authenticity of the request.
 | 
        
           |  |  | 146 |             $token = \Firebase\JWT\JWT::decode(
 | 
        
           |  |  | 147 |                 $authorization[1],
 | 
        
           |  |  | 148 |                 new Key(config::get('shared_secret'), 'HS512')
 | 
        
           |  |  | 149 |             );
 | 
        
           |  |  | 150 |   | 
        
           |  |  | 151 |             // Get JSON string from the body.
 | 
        
           |  |  | 152 |             $jsonstr = file_get_contents('php://input');
 | 
        
           |  |  | 153 |   | 
        
           |  |  | 154 |             // Convert JSON string to a JSON object.
 | 
        
           |  |  | 155 |             $jsonobj = json_decode($jsonstr);
 | 
        
           |  |  | 156 |             $headermsg = meeting::meeting_events($instance, $jsonobj);
 | 
        
           | 1441 | ariadna | 157 |             self::process_extension_actions($instance, $jsonstr);
 | 
        
           | 1 | efrain | 158 |         } catch (Exception $e) {
 | 
        
           |  |  | 159 |             $msg = 'Caught exception: ' . $e->getMessage();
 | 
        
           | 1441 | ariadna | 160 |             debugging($msg, DEBUG_DEVELOPER);
 | 
        
           |  |  | 161 |             $headermsg = 'HTTP/1.0 400 Bad Request. ' . $msg;
 | 
        
           | 1 | efrain | 162 |         }
 | 
        
           | 1441 | ariadna | 163 |   | 
        
           |  |  | 164 |         header($headermsg);
 | 
        
           | 1 | efrain | 165 |     }
 | 
        
           |  |  | 166 |   | 
        
           | 1441 | ariadna | 167 |     /**
 | 
        
           |  |  | 168 |      * Process meeting events extension actions.
 | 
        
           |  |  | 169 |      *
 | 
        
           |  |  | 170 |      * @param instance $instance
 | 
        
           |  |  | 171 |      * @param string $jsonstr
 | 
        
           |  |  | 172 |      * @return void
 | 
        
           |  |  | 173 |      */
 | 
        
           |  |  | 174 |     protected static function process_extension_actions(instance $instance, string $jsonstr) {
 | 
        
           |  |  | 175 |         // Hooks for extensions.
 | 
        
           |  |  | 176 |         $extensions = extension::broker_meeting_events_addons_instances($instance, $jsonstr);
 | 
        
           |  |  | 177 |         foreach ($extensions as $extension) {
 | 
        
           |  |  | 178 |             $extension->process_action();
 | 
        
           |  |  | 179 |         }
 | 
        
           |  |  | 180 |     }
 | 
        
           | 1 | efrain | 181 |   | 
        
           |  |  | 182 |     /**
 | 
        
           |  |  | 183 |      * Get authorisation token
 | 
        
           |  |  | 184 |      *
 | 
        
           |  |  | 185 |      * We could use getallheaders but this is only compatible with apache types of servers
 | 
        
           |  |  | 186 |      * some explanations and examples here: https://www.php.net/manual/en/function.getallheaders.php#127190
 | 
        
           |  |  | 187 |      *
 | 
        
           |  |  | 188 |      * @return array|null an array composed of the Authorization token provided in the header.
 | 
        
           |  |  | 189 |      */
 | 
        
           |  |  | 190 |     private static function get_authorization_token(): ?array {
 | 
        
           |  |  | 191 |         $autorization = null;
 | 
        
           |  |  | 192 |         if (isset($_SERVER['Authorization'])) {
 | 
        
           |  |  | 193 |             $autorization = trim($_SERVER["Authorization"]);
 | 
        
           |  |  | 194 |         } else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
 | 
        
           |  |  | 195 |             $autorization = trim($_SERVER["HTTP_AUTHORIZATION"]);
 | 
        
           |  |  | 196 |         } else if (function_exists('apache_request_headers')) {
 | 
        
           |  |  | 197 |             $requestheaders = apache_request_headers();
 | 
        
           |  |  | 198 |             $requestheaders = array_combine(array_map('ucwords',
 | 
        
           |  |  | 199 |                     array_keys($requestheaders)), array_values($requestheaders));
 | 
        
           |  |  | 200 |   | 
        
           |  |  | 201 |             if (isset($requestheaders['Authorization'])) {
 | 
        
           |  |  | 202 |                 $autorization = trim($requestheaders['Authorization']);
 | 
        
           |  |  | 203 |             }
 | 
        
           |  |  | 204 |         }
 | 
        
           |  |  | 205 |         return empty($autorization) ? null : explode(" ", $autorization);
 | 
        
           |  |  | 206 |     }
 | 
        
           |  |  | 207 | }
 |