From 4f89cf9757bff745a9b1101a5e67c27431fdd936 Mon Sep 17 00:00:00 2001
From: Christian Klinger
Date: Wed, 8 Jun 2016 14:51:29 +0200
Subject: first version of the dozmod proxy (without caching).

---
 modules-available/dozmod/api.inc.php | 79 ++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 modules-available/dozmod/api.inc.php

diff --git a/modules-available/dozmod/api.inc.php b/modules-available/dozmod/api.inc.php
new file mode 100644
index 00000000..f5525ef8
--- /dev/null
+++ b/modules-available/dozmod/api.inc.php
@@ -0,0 +1,79 @@
+<?php 
+/* Hier kommt der Dozmod proxy hin */
+require 'modules/locations/inc/location.inc.php';
+
+define('LIST_URL', CONFIG_DOZMOD . '/vmchooser/list');
+define('VMX_URL', CONFIG_DOZMOD . '/vmchooser/lecture');
+$availableRessources = ['vmx', 'test', 'netrules'];
+
+
+/* this script requires 2 (3 with implicit client ip) parameters 
+ *
+ * ressource    = vmx,...
+ * lecture_uuid = client can choose
+ **/
+
+
+function println($str) { echo "$str\n"; }
+
+/* return an array of lecutre uuids.
+ * Parameter: an array with location Ids
+ * Cacheable
+ * */
+function getLecturesForLocations($locationIds) {
+    $ids = implode('%20', $locationIds);
+    $url = LIST_URL . "?locations=$ids";
+    $responseXML = Download::asString($url, 60, $code);
+    $xml = new SimpleXMLElement($responseXML);
+
+    $uuids = [];
+    foreach ($xml->eintrag as $e) {
+        $uuids[] = strval($e->uuid['param'][0]);
+    }
+    return $uuids;
+} 
+
+function getVMX($lecture_uuid) {
+    $url = VMX_URL . '/' . $lecture_uuid;
+    $response = Download::asString($url, 60, $code);
+    return $response;
+}
+
+
+// -----------------------------------------------------------------------------// 
+$ip = $_SERVER['REMOTE_ADDR'];
+if (substr($ip, 0, 7) === '::ffff:') {
+	$ip = substr($ip, 7);
+}
+
+/* request data, don't trust */
+$request = [ 'ressource' => filter_var(strtolower(trim($_REQUEST['ressource'])), FILTER_SANITIZE_STRING),
+             'lecture'   => filter_var(strtolower(trim($_REQUEST['lecture'])), FILTER_SANITIZE_STRING),
+             'ip'        => $ip ]; 
+
+
+/* lookup location id(s) */
+$location_ids = Location::getFromIP($request['ip']);
+
+/* lookup lecture uuids */
+$lectures = getLecturesForLocations(array($location_ids));
+
+
+/* validate request -------------------------------------------- */
+/* check ressources */
+if (!in_array($request['ressource'], $availableRessources)) {
+    Util::traceError("unknown ressource: {$request['ressource']}");
+}
+
+/* check that the user requests a lecture that he is allowed to have */
+if (!in_array($request['lecture'], $lectures)) {
+    Util::traceError("client is not allowed to access this lecture: ${request['lecture']}");
+}
+
+if ($request['ressource'] === 'vmx') {
+    echo getVMX($request['lecture']);
+} else if ($request['ressource'] === 'test') {
+    echo "Here's your special test data!";
+} else {
+    echo "I don't know how to give you that ressource";
+}
-- 
cgit v1.2.3-55-g7522


From 506fe169abcd603d6e0804e90b16c5c30b1ee20e Mon Sep 17 00:00:00 2001
From: Christian Klinger
Date: Wed, 8 Jun 2016 15:47:33 +0200
Subject: added a caching api proxy (that also validates the client IPs) for
 dozmod.

---
 config.php.example                   |  5 ++-
 modules-available/dozmod/api.inc.php | 84 +++++++++++++++++++++++++++++++++---
 2 files changed, 83 insertions(+), 6 deletions(-)

diff --git a/config.php.example b/config.php.example
index 6674ef61..14978897 100644
--- a/config.php.example
+++ b/config.php.example
@@ -26,10 +26,13 @@ define('CONFIG_VMSTORE_DIR', '/srv/openslx/nfs');
 
 define('CONFIG_PROXY_CONF', '/opt/openslx/proxy/config');
 
+/* for the dozmod API proxy cache */ 
+define('CONFIG_DOZMOD_EXPIRE', 60*60); // 1 Minute
+
 // Sort order for menu - optional, if missing, order will be alphabetically
 $MENU_CAT_SORT_ORDER = array('main.content' => 0, 'main.settings-client' => 1, 'main.settings-server' => 2, 'main.status' => 3, 'main.users' => 4);
 $MENU_SETTING_SORT_ORDER = array(
 	'news' => 0, 'sysconfig' => 1, 'baseconfig' => 2, 'locations' => 3, // main.content
 	'serversetup' => 0, 'internetaccess' => 1, 'vmstore' => 2, 'webinterface' => 3, 'backup' => 4, // main.settings
 	'systemstatus' => 0, 'eventlog' => 1, 'syslog' => 2, 'statistics' => 3 // main.status
-);
\ No newline at end of file
+);
diff --git a/modules-available/dozmod/api.inc.php b/modules-available/dozmod/api.inc.php
index f5525ef8..569b60a8 100644
--- a/modules-available/dozmod/api.inc.php
+++ b/modules-available/dozmod/api.inc.php
@@ -1,11 +1,64 @@
 <?php 
-/* Hier kommt der Dozmod proxy hin */
+/* small API server that acts as a proxy to the dozmod server.
+ * To reduce the number of requests and connections to dozmod-server, results
+ * gets cached into a file cache.
+ *
+ * Required Configuration:
+ * CONFIG_DOZMOD_EXPIRE: Expiration time in seconds for the cache
+ * CONFIG_DOZMOD: URL to the dozmod server
+ * 
+ **/
+
 require 'modules/locations/inc/location.inc.php';
 
+
 define('LIST_URL', CONFIG_DOZMOD . '/vmchooser/list');
 define('VMX_URL', CONFIG_DOZMOD . '/vmchooser/lecture');
 $availableRessources = ['vmx', 'test', 'netrules'];
 
+/* BEGIN: A simple caching mechanism ---------------------------- */
+
+function cache_hash($obj) {
+    return md5(serialize($obj)); 
+}
+
+function cache_key_to_filename($key) {
+    return "/tmp/bwlp-slxadmin-cache-$key"; // TODO: hash
+}
+
+function cache_put($key, $value) {
+    $filename = cache_key_to_filename($key);
+    file_put_contents($filename, $value);
+}
+
+function cache_has($key) {
+    $filename = cache_key_to_filename($key);
+    $mtime = filemtime($filename);
+
+    if (!$mtime) {
+        return false; // cache miss
+    }
+    if ( time() - $mtime  > CONFIG_DOZMOD_EXPIRE) {
+        return false;
+    } else {
+        return true;
+    }
+}
+
+
+function cache_get($key) {
+    $filename = cache_key_to_filename($key);
+    return file_get_contents($filename); 
+}
+
+/* good for large binary files */
+function cache_get_passthru($key) {
+    $filename = cache_key_to_filename($key);
+    $fp = fopen($filename, "r");
+    fpassthru($fp);
+}
+/* END: Cache ---------------------------------------------------- */
+
 
 /* this script requires 2 (3 with implicit client ip) parameters 
  *
@@ -18,9 +71,8 @@ function println($str) { echo "$str\n"; }
 
 /* return an array of lecutre uuids.
  * Parameter: an array with location Ids
- * Cacheable
  * */
-function getLecturesForLocations($locationIds) {
+function _getLecturesForLocations($locationIds) {
     $ids = implode('%20', $locationIds);
     $url = LIST_URL . "?locations=$ids";
     $responseXML = Download::asString($url, 60, $code);
@@ -32,13 +84,36 @@ function getLecturesForLocations($locationIds) {
     }
     return $uuids;
 } 
+/** Caching wrapper around _getLecturesForLocations() *//
+function getLecturesForLocations($locationIds) {
+    $key = 'lectures_' . cache_hash($locationIds);
+    if (cache_has($key)) {
+        return unserialize(cache_get($key));
+    } else {
+        $value = _getLecturesForLocations($locationIds);
+        cache_put($key, serialize($value));
+        return $value;
+    }
+}
 
-function getVMX($lecture_uuid) {
+function _getVMX($lecture_uuid) {
     $url = VMX_URL . '/' . $lecture_uuid;
     $response = Download::asString($url, 60, $code);
     return $response;
 }
 
+/** Caching wrapper around _getVMX() **/
+function getVMX($lecture_uuid) {
+    $key = 'vmx_' . $lecture_uuid;
+    if (cache_has($key)) {
+        cache_get_passthru($key);
+    } else {
+        $value = _getVMX($lecture_uuid);
+        cache_put($key, $value);
+        return $value;
+    }
+}
+
 
 // -----------------------------------------------------------------------------// 
 $ip = $_SERVER['REMOTE_ADDR'];
@@ -58,7 +133,6 @@ $location_ids = Location::getFromIP($request['ip']);
 /* lookup lecture uuids */
 $lectures = getLecturesForLocations(array($location_ids));
 
-
 /* validate request -------------------------------------------- */
 /* check ressources */
 if (!in_array($request['ressource'], $availableRessources)) {
-- 
cgit v1.2.3-55-g7522


From e1a3c65dbbdfc52a00a1a08920f503dddc08967c Mon Sep 17 00:00:00 2001
From: Christian Klinger
Date: Wed, 8 Jun 2016 15:55:57 +0200
Subject: ressource -> resource :-)

---
 modules-available/dozmod/api.inc.php | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/modules-available/dozmod/api.inc.php b/modules-available/dozmod/api.inc.php
index 569b60a8..bc2410aa 100644
--- a/modules-available/dozmod/api.inc.php
+++ b/modules-available/dozmod/api.inc.php
@@ -55,14 +55,18 @@ function cache_get($key) {
 function cache_get_passthru($key) {
     $filename = cache_key_to_filename($key);
     $fp = fopen($filename, "r");
-    fpassthru($fp);
+    if($fp) {
+        fpassthru($fp);
+    } else {
+        Util::traceError("cannot open file");
+    }
 }
 /* END: Cache ---------------------------------------------------- */
 
 
 /* this script requires 2 (3 with implicit client ip) parameters 
  *
- * ressource    = vmx,...
+ * resource    = vmx,...
  * lecture_uuid = client can choose
  **/
 
@@ -84,7 +88,7 @@ function _getLecturesForLocations($locationIds) {
     }
     return $uuids;
 } 
-/** Caching wrapper around _getLecturesForLocations() *//
+/** Caching wrapper around _getLecturesForLocations() */
 function getLecturesForLocations($locationIds) {
     $key = 'lectures_' . cache_hash($locationIds);
     if (cache_has($key)) {
@@ -122,7 +126,7 @@ if (substr($ip, 0, 7) === '::ffff:') {
 }
 
 /* request data, don't trust */
-$request = [ 'ressource' => filter_var(strtolower(trim($_REQUEST['ressource'])), FILTER_SANITIZE_STRING),
+$request = [ 'resource' => filter_var(strtolower(trim($_REQUEST['resource'])), FILTER_SANITIZE_STRING),
              'lecture'   => filter_var(strtolower(trim($_REQUEST['lecture'])), FILTER_SANITIZE_STRING),
              'ip'        => $ip ]; 
 
@@ -134,9 +138,9 @@ $location_ids = Location::getFromIP($request['ip']);
 $lectures = getLecturesForLocations(array($location_ids));
 
 /* validate request -------------------------------------------- */
-/* check ressources */
-if (!in_array($request['ressource'], $availableRessources)) {
-    Util::traceError("unknown ressource: {$request['ressource']}");
+/* check resources */
+if (!in_array($request['resource'], $availableRessources)) {
+    Util::traceError("unknown resource: {$request['resource']}");
 }
 
 /* check that the user requests a lecture that he is allowed to have */
@@ -144,10 +148,10 @@ if (!in_array($request['lecture'], $lectures)) {
     Util::traceError("client is not allowed to access this lecture: ${request['lecture']}");
 }
 
-if ($request['ressource'] === 'vmx') {
+if ($request['resource'] === 'vmx') {
     echo getVMX($request['lecture']);
-} else if ($request['ressource'] === 'test') {
+} else if ($request['resource'] === 'test') {
     echo "Here's your special test data!";
 } else {
-    echo "I don't know how to give you that ressource";
+    echo "I don't know how to give you that resource";
 }
-- 
cgit v1.2.3-55-g7522