cwresdev 0.1.1 → 0.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cwresdev",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "",
   "license": "MIT",
   "private": false,
@@ -13,6 +13,7 @@
     "bin",
     "src",
     "vendor/php/windows",
+    "stubs",
     "README.md",
     "LICENSE",
     "THIRD_PARTY_NOTICES.md"

package/stubs/OAuth.php

@@ -0,0 +1,146 @@
+<?php
+/**
+ * Mock OAuth library for local development (cwrespro).
+ * Stubs out OAuth classes used by LTI so courses run without Canvas.
+ * All classes guarded with class_exists() to avoid redeclaration errors.
+ */
+
+// Inject LTI launch params so is_lti_request() returns true and BLTI validates
+if (empty($_REQUEST['lti_message_type'])) {
+    $ltiParams = array(
+        'lti_message_type' => 'basic-lti-launch-request',
+        'lti_version' => 'LTI-1p0',
+        'resource_link_id' => 'dev_resource_001',
+        'oauth_consumer_key' => 'dev_consumer_key',
+        'user_id' => 'dev_user_001',
+        'lis_person_name_given' => 'Dev',
+        'lis_person_name_family' => 'User',
+        'lis_person_name_full' => 'Dev User',
+        'lis_person_contact_email_primary' => 'dev@localhost',
+        'lis_result_sourcedid' => '',
+        'lis_outcome_service_url' => '',
+        'roles' => 'Instructor',
+        'context_id' => 'dev_context_001',
+        'context_title' => 'Local Development',
+    );
+    foreach ($ltiParams as $k => $v) {
+        if (!isset($_REQUEST[$k])) $_REQUEST[$k] = $v;
+        if (!isset($_POST[$k])) $_POST[$k] = $v;
+    }
+}
+
+if (!class_exists('OAuthException')) {
+class OAuthException extends Exception {}
+}
+
+if (!class_exists('OAuthConsumer')) {
+class OAuthConsumer {
+    public $key;
+    public $secret;
+    public $callback_url;
+
+    function __construct($key, $secret, $callback_url = NULL) {
+        $this->key = $key;
+        $this->secret = $secret;
+        $this->callback_url = $callback_url;
+    }
+}
+}
+
+if (!class_exists('OAuthToken')) {
+class OAuthToken {
+    public $key;
+    public $secret;
+
+    function __construct($key, $secret) {
+        $this->key = $key;
+        $this->secret = $secret;
+    }
+}
+}
+
+if (!class_exists('OAuthSignatureMethod')) {
+class OAuthSignatureMethod {
+    public function check_signature($request, $consumer, $token, $signature) {
+        return true;
+    }
+}
+}
+
+if (!class_exists('OAuthSignatureMethod_HMAC_SHA1')) {
+class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
+    function get_name() {
+        return "HMAC-SHA1";
+    }
+
+    public function check_signature($request, $consumer, $token, $signature) {
+        return true;
+    }
+
+    public function build_signature($request, $consumer, $token) {
+        return "mock_signature";
+    }
+}
+}
+
+if (!class_exists('OAuthRequest')) {
+class OAuthRequest {
+    private $parameters;
+    private $http_method;
+    private $http_url;
+
+    function __construct($http_method, $http_url, $parameters = NULL) {
+        $this->parameters = $parameters ?? array();
+        $this->http_method = $http_method;
+        $this->http_url = $http_url;
+    }
+
+    public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL) {
+        $http_method = $http_method ?? $_SERVER['REQUEST_METHOD'];
+        $http_url = $http_url ?? ('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+        $params = $parameters ?? array_merge($_GET, $_POST);
+        return new OAuthRequest($http_method, $http_url, $params);
+    }
+
+    public function get_parameter($name) {
+        return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
+    }
+
+    public function get_parameters() {
+        return $this->parameters;
+    }
+
+    public function get_signature_base_string() {
+        return "mock_base_string";
+    }
+}
+}
+
+if (!class_exists('OAuthServer')) {
+class OAuthServer {
+    private $data_store;
+    private $signature_methods = array();
+
+    function __construct($data_store) {
+        $this->data_store = $data_store;
+    }
+
+    public function add_signature_method($signature_method) {
+        $this->signature_methods[$signature_method->get_name()] = $signature_method;
+    }
+
+    public function verify_request($request) {
+        return true;
+    }
+}
+}
+
+if (!class_exists('OAuthDataStore')) {
+class OAuthDataStore {
+    function lookup_consumer($consumer_key) { return NULL; }
+    function lookup_token($consumer, $token_type, $token) { return NULL; }
+    function lookup_nonce($consumer, $token, $nonce, $timestamp) { return NULL; }
+    function new_request_token($consumer) { return NULL; }
+    function new_access_token($token, $consumer) { return NULL; }
+}
+}

package/stubs/dev_prepend.php

@@ -0,0 +1,67 @@
+<?php
+/**
+ * cwrespro dev prepend: mocks LTI context for local development.
+ * Auto-prepended via PHP -d auto_prepend_file.
+ * No source files under virtual_env are modified.
+ */
+
+// Polyfill functions removed in PHP 8.0+ that legacy courses still use
+if (!function_exists('get_magic_quotes_gpc')) {
+    function get_magic_quotes_gpc() { return false; }
+}
+if (!function_exists('get_magic_quotes_runtime')) {
+    function get_magic_quotes_runtime() { return false; }
+}
+
+// Add stubs directory to include_path so OAuth.php is found by lti_util.php
+$stubsDir = __DIR__;
+set_include_path(get_include_path() . PATH_SEPARATOR . $stubsDir);
+
+// Start session, seed LTI vars, then close so the course can call session_start() without notice
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+// Mock LTI session context if not already set (simulates a valid LTI launch)
+if (!isset($_SESSION['_lti_context'])) {
+    $_SESSION['_lti_context'] = array(
+        'lis_person_name_given' => 'Dev',
+        'lis_person_name_family' => 'User',
+        'lis_person_name_full' => 'Dev User',
+        'lis_person_contact_email_primary' => 'dev@localhost',
+        'user_id' => 'dev_user_001',
+        'roles' => 'Instructor',
+        'resource_link_id' => 'dev_resource_001',
+        'context_id' => 'dev_context_001',
+        'context_title' => 'Local Development',
+        'oauth_consumer_key' => 'dev_consumer_key',
+    );
+    $_SESSION['_lti_row'] = null;
+    $_SESSION['_lti_context_id'] = 'dev_context_001';
+}
+
+// Close session so course code can call session_start() without "already active" notice
+session_write_close();
+
+// Fake LTI launch request params for courses that check $_REQUEST directly
+// (e.g. BLTI constructor with $usesession=false)
+if (empty($_REQUEST['lti_message_type'])) {
+    $ltiParams = array(
+        'lti_message_type' => 'basic-lti-launch-request',
+        'lti_version' => 'LTI-1p0',
+        'resource_link_id' => 'dev_resource_001',
+        'oauth_consumer_key' => 'dev_consumer_key',
+        'user_id' => 'dev_user_001',
+        'lis_person_name_given' => 'Dev',
+        'lis_person_name_family' => 'User',
+        'lis_person_name_full' => 'Dev User',
+        'lis_person_contact_email_primary' => 'dev@localhost',
+        'roles' => 'Instructor',
+        'context_id' => 'dev_context_001',
+        'context_title' => 'Local Development',
+    );
+    foreach ($ltiParams as $k => $v) {
+        $_REQUEST[$k] = $v;
+        $_POST[$k] = $v;
+    }
+}

package/stubs/router.php

@@ -0,0 +1,61 @@
+<?php
+/**
+ * cwrespro PHP router script.
+ * Runs before every request on PHP's built-in server.
+ * For PHP files: injects LTI mocks then includes the file in the same context.
+ * For static files: returns false to let PHP serve them normally.
+ */
+
+$requestUri = $_SERVER['REQUEST_URI'];
+$path = parse_url($requestUri, PHP_URL_PATH);
+$docRoot = $_SERVER['DOCUMENT_ROOT'];
+$file = realpath($docRoot . $path);
+
+// Security: ensure file is within doc root
+if ($file && strpos($file, realpath($docRoot)) !== 0) {
+    http_response_code(403);
+    echo "Forbidden";
+    return true;
+}
+
+// For non-PHP files (CSS, JS, images, etc.) let the built-in server handle them
+if (!$file || !preg_match('/\.php$/i', $file)) {
+    return false;
+}
+
+// --- PHP file: set up dev environment then include it ---
+
+// Add stubs directory to include_path so OAuth.php mock is found
+$stubsDir = __DIR__;
+set_include_path(get_include_path() . PATH_SEPARATOR . $stubsDir);
+
+// Inject LTI launch params so is_lti_request() returns true and BLTI validates
+if (empty($_REQUEST['lti_message_type'])) {
+    $ltiParams = array(
+        'lti_message_type' => 'basic-lti-launch-request',
+        'lti_version' => 'LTI-1p0',
+        'resource_link_id' => 'dev_resource_001',
+        'oauth_consumer_key' => 'dev_consumer_key',
+        'user_id' => 'dev_user_001',
+        'lis_person_name_given' => 'Dev',
+        'lis_person_name_family' => 'User',
+        'lis_person_name_full' => 'Dev User',
+        'lis_person_contact_email_primary' => 'dev@localhost',
+        'lis_result_sourcedid' => '',
+        'lis_outcome_service_url' => '',
+        'roles' => 'Instructor',
+        'context_id' => 'dev_context_001',
+        'context_title' => 'Local Development',
+    );
+    foreach ($ltiParams as $k => $v) {
+        if (!isset($_REQUEST[$k])) $_REQUEST[$k] = $v;
+        if (!isset($_POST[$k])) $_POST[$k] = $v;
+    }
+}
+
+// Change to the directory of the requested file so relative paths work
+chdir(dirname($file));
+
+// Include the PHP file in this context (where $_REQUEST is modified)
+include $file;
+return true;