-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.rb
91 lines (73 loc) · 2.15 KB
/
app.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# app.rb
require 'builder'
require 'logger'
set :haml, :format => :html5
get "/" do
haml :index
end
# the consumer keys/secrets
$oauth_creds = {"test" => "secret", "testing" => "supersecret"}
def show_error(message)
@message = message
end
def authorize!
if key = params['oauth_consumer_key']
if secret = $oauth_creds[key]
@tp = IMS::LTI::ToolProvider.new(key, secret, params)
else
@tp = IMS::LTI::ToolProvider.new(nil, nil, params)
@tp.lti_msg = "Your consumer didn't use a recognized key."
@tp.lti_errorlog = "You did it wrong!"
show_error "Consumer key wasn't recognized"
return false
end
else
show_error "No consumer key"
return false
end
if [email protected]_request?(request)
show_error "The OAuth signature was invalid"
return false
end
if Time.now.utc.to_i - @tp.request_oauth_timestamp.to_i > 60*60
show_error "Your request is too old."
return false
end
# this isn't actually checking anything like it should, just want people
# implementing real tools to be aware they need to check the nonce
if was_nonce_used_in_last_x_minutes?(@tp.request_oauth_nonce, 60)
show_error "Why are you reusing the nonce?"
return false
end
@username = @tp.username("Dude")
return true
end
def was_nonce_used_in_last_x_minutes?(nonce, minutes=60)
# some kind of caching solution or something to keep a short-term memory of used nonces
false
end
def get_video_list
end
get '/tool_config' do
erb :tool_config
end
# The url for launching the tool
# It will verify the OAuth signature
post '/lti_tool' do
return haml :index, :locals => {:launch_url => params[:launch_presentation_return_url]}
# return haml :unauthorized unless authorize!
#
# if @tp.outcome_service?
# # It's a launch for grading
# return haml :index
# else
# # normal tool launch without grade write-back
# signature = OAuth::Signature.build(request, :consumer_secret => @tp.consumer_secret)
#
# @signature_base_string = signature.signature_base_string
# @secret = signature.send(:secret)
#
# @tp.lti_msg = "Sorry that tool was so boring"
# return haml :index
# end
end