Week 10: Serving Up Our Server

This week our goal was to get simple code to run on our web server.  Because I have a different version of Mac OSX (10.8), Web Sharing was no longer an option.  Instead we used apachectl in the terminal to get the server running.

From there, we enabled Virtual Hosts and created a simple html script to print out a result message.  We accessed these files in /private/etc. The only files we needed to modify were httpd.conf, httpd-vhosts.conf, and hosts:

In httpd.conf, we just uncommented the Virtual hosts line, "Include /private/etc/apache2/extra/httpd-vhosts.conf"

Unfortunately, it seems we can access the default data in local host or the data in our test website, but not both (i.e. we can't have both available to choose between them).  We think it is some problem in httpd.conf, but we're not quite sure how to fix it quite yet. 

But progress!!

Goals for next week:

1. Get both localhost data and test-website.local data to display when we want
2. Enable CGI on our Apache server in order to link data to where we want it and run different apps

Week 9: Blazing the Trail....that was already tread

Ultimately we were not able to make any progress with the libraries.  It is time to admit defeat. We decided instead to implement our own version of a "library" just to deal with simple verification of a base string of variables sent from Canvas.  This was something that everyone else on the Internet forums seemed to be doing, but we thought that was the "hard way." Lesson 1 learned.

We found some helpful files already written here but, being the total newb that I am, didn't know how to mount those files onto our local server.  Lesson 2 learned: ask the mentor before posting stupid questions on the Internet....

In order to check given signatures, I wrote some simple code in Java to complete the following steps in creating and verifying an OAuth signature:

The 4 Steps to Generating an OAuth Signature

1. Collect all request parameters:

All parameters related to OAuth which start with oauth_ except for
oauth_signature should be collected. If parameters are used in the POST
body, they also should be collected. For us, this means we need all the
LTI parameters, e.g. lti_message_type, user_id, etc.

2. Normalize the parameters:

First, sort all parameters in alphabetical order and apply URL encoding
(rfc3986) to each key and value. Second, list the results of the URL
encoding in <key>=<value> format, and insert "&" between each pair.
Finally, apply URL encoding to the entire result.

NOTE: URL encoding is also called percent-encoding. Long story short, it
involves replacing certain non-ASCII characters with escape sequences
which begin with a percent symbol. For example, the ampersand "&" is
replaced with the escape code "%26". Check out the wikipedia entry for
more information:

http://en.wikipedia.org/wiki/Percent-encoding

3. Create a Signature Base String:

Combine the HTTP method name (GET or POST), the HTTP URL address called by
the Consumer (except for parameters), and the normalized parameter by
using "&". The combination becomes "[GET|POST] + & + [URL string except
for parameters] + & + [Normalized Parameter]".

4. Generate a Key

Encrypt the string generated at stage 3 using the Consumer Secret Key.
This Consumer Secret Key is obtained when the Consumer has registered in
Service Provider. Using the encryption method such as HMAC-SHA1, generate
the final oauth_signature.

That's it!

The code currently just reads from a file of parameters and encrypts them.  Our step is to us HMAC-SHA1 to generate the final signature and validate it. 

We also discovered that linking our Canvas server (http://0.0.0.0:3000/) was generating an error message, not a proper list of parameters (so we were cheating).  Instead to properly pass through the modules, we need to have a working app on our local server that processes the data in a logical way.

Goals for next week:

1. Get local server running
2. Construct app to process parameters from Canvas

Week 8: No News is Not Good News

Still working on the OAuth library.... This is the first time both my mentor and I have been completely out of our element, but it's been an interesting challenge.

I posted a more detailed question about our problems here and we've gotten what looks like a helpful response.  Hopefully we can make some progress with it by next week.