Merge pull request #1146 from UniversityRadioYork/mg-stuffs

fun fact: this has been running in prod for a while

Dockerfile

@@ -2,7 +2,7 @@ FROM php:8.2-apache
 
 RUN apt-get update && apt-get install -y libpq-dev libpng-dev libjpeg-dev libldap-dev unzip \
                                          libcurl4-openssl-dev libxslt-dev git libz-dev libzip-dev libmemcached-dev \
-                                         postgresql-client jq msmtp-mta
+                                         postgresql-client jq msmtp-mta ffmpeg
 
 RUN docker-php-ext-install pgsql pdo_pgsql gd ldap curl xsl zip
 
@@ -18,6 +18,10 @@ RUN pecl install xdebug-3.3.1 && docker-php-ext-enable xdebug \
 
 RUN echo 'error_reporting=E_ALL' >> /usr/local/etc/php/conf.d/error-reporting.ini
 
+RUN echo "memory_limit=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+RUN echo "upload_max_filesize=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+RUN echo "post_max_size=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+
 RUN echo sendmail_path = "/usr/bin/msmtp -t --host mail --port 1025 --from [email protected]" > /usr/local/etc/php/conf.d/sendmail.ini
 
 # Self-signed certificate

Dockerfile.prod

@@ -0,0 +1,55 @@
+FROM php:8.2-apache
+
+RUN apt-get update && apt-get install -y libpq-dev libpng-dev libjpeg-dev libldap-dev unzip \
+                                         libcurl4-openssl-dev libxslt-dev git libz-dev libzip-dev libmemcached-dev \
+                                         postgresql-client jq msmtp-mta ffmpeg
+
+RUN docker-php-ext-install pgsql pdo_pgsql gd ldap curl xsl zip
+
+RUN pecl install memcached && \
+    echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini
+
+RUN pecl install xdebug-3.3.1 && docker-php-ext-enable xdebug \
+ && echo 'zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20220829/xdebug.so"' >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+ && echo 'xdebug.client_port=9003' >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+ && echo 'xdebug.mode=develop,debug' >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+ && echo 'xdebug.start_with_request=yes' >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
+ && echo 'xdebug.client_host=localhost' >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
+
+RUN echo 'error_reporting=E_ALL' >> /usr/local/etc/php/conf.d/error-reporting.ini
+
+RUN echo "memory_limit=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+RUN echo "upload_max_filesize=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+RUN echo "post_max_size=512M" >> /usr/local/etc/php/conf.d/uploads.ini
+
+RUN echo sendmail_path = "/usr/bin/msmtp -t --host ury.york.ac.uk --port 587 --from [email protected]" > /usr/local/etc/php/conf.d/sendmail.ini
+
+# Self-signed certificate
+RUN openssl req -nodes -new -subj "/C=GB/ST=North Yorkshire/L=York/O=University Radio York/OU=Localhost/CN=localhost" > myradio.csr && \
+    openssl rsa -in privkey.pem -out myradio.key && \
+    openssl x509 -in myradio.csr -out myradio.crt -req -signkey myradio.key -days 999 && \
+    cp myradio.crt /etc/apache2/myradio.crt && \
+    cp myradio.key /etc/apache2/myradio.key
+
+RUN a2enmod rewrite ssl
+
+COPY sample_configs/apache.conf /etc/apache2/sites-available/myradio.conf
+RUN a2dissite 000-default && a2ensite myradio && \
+    service apache2 restart && apachectl -S
+
+COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer
+
+RUN mkdir -p /var/www/myradio && chown -R www-data:www-data /var/www/myradio && \
+    mkdir -p /var/log/myradio && chown -R www-data:www-data /var/log/myradio
+
+WORKDIR /var/www/myradio
+COPY composer.* /var/www/myradio/
+RUN COMPOSER_VENDOR_DIR=/var/www/myradio/src/vendor composer install
+
+COPY schema schema
+COPY src src
+
+COPY sample_configs/docker-config.php src/MyRadio_Config.local.php
+RUN chown www-data:www-data /var/www/myradio/src/MyRadio_Config.local.php && chmod 664 /var/www/myradio/src/MyRadio_Config.local.php
+
+CMD ["apache2-foreground"]

composer.json

@@ -9,9 +9,12 @@
         "ext-xmlwriter": "*",
         "webonyx/graphql-php": "^0.13.8",
         "ext-json": "*",
+        "spatie/icalendar-generator": "^2.1",
+        "simshaun/recurr": "^4.0",
         "geoip2/geoip2": "^2.10.0",
         "spatie/icalendar-generator": "^2.1",
-        "ext-pgsql": "*"
+        "ext-pgsql": "*",
+	"rbdwllr/reallysimplejwt": "4.0.3"
     },
     "require-dev": {
         "squizlabs/php_codesniffer": "~3.5",

src/Classes/Config.php

@@ -543,6 +543,7 @@ final class Config
      */
     public static $recaptcha_public_key = 'YOUR_API_KEY';
     public static $recaptcha_private_key = 'YOUR_PRIVATE_KEY';
+    public static $jwt_signing_secret = 'SECRET_HERE';
 
     public static $autoviz_clips_path = '';
     public static $autoviz_public_clips_base = '/media/autoviz-clips';

src/Classes/ServiceAPI/MyRadio_Demo.php

@@ -326,7 +326,8 @@ public static function listDemos()
         $demos = [];
         foreach ($result as $demo) {
             $demo['demo_time'] = date('D d M H:i', strtotime($demo['demo_time']));
-            $demo['memberid'] = MyRadio_User::getInstance($demo['memberid'])->getName();
+            $demo['member'] = MyRadio_User::getInstance($demo['memberid'])->getName();
+            $demo['memberid'] = (int)$demo['memberid'];
             $demo['presenterstatusid'] = MyRadio_TrainingStatus::getInstance($demo['presenterstatusid'])->getTitle();
             $demos[] = $demo;
         }

src/Classes/ServiceAPI/MyRadio_User.php

@@ -556,7 +556,7 @@ public function getEmail()
             //Return the local mailbox, or, failing that, eduroam
             $local = $this->getLocalName();
             if (!empty($local)) {
-                return $local;
+                return $local.'@'.Config::$email_domain;
             } else {
                 //ffs, some people don't have an eduroam either.
                 $eduroam = $this->getEduroam();

src/Controllers/MyRadio/jwt.php

@@ -0,0 +1,25 @@
+<?php
+
+use ReallySimpleJWT\Token;
+
+use \MyRadio\Config;
+use \MyRadio\MyRadioException;
+use \MyRadio\ServiceAPI\MyRadio_User;
+
+if (isset($_GET['redirectto'])) {
+	// would be nice to replace this with an RSA based
+	// one, so a consumer can't be a producer
+
+	$payload = [
+		'iat' => time(),
+		'uid' => $_SESSION['memberid'],
+		'name' => MyRadio_User::getCurrentUser()->getName(),
+		'exp' => time() + 3600 * 3,
+		'iss' => Config::$base_url
+	];
+
+	header("Location: " . $_GET["redirectto"] . "?jwt=" . Token::customPayload($payload, Config::$jwt_signing_secret));
+
+} else {
+	throw new MyRadioException('redirectto must be provided', 400);
+}

src/Controllers/root.php

@@ -119,7 +119,7 @@ function ($e) {
     // Changing the serialize handler to the general serialize/unserialize methods lets us
     // read sessions without actually having to activate them and read them into $_SESSION
     ini_set('session.serialize_handler', 'php_serialize');
-
+    
     session_set_save_handler($session_handler, true);
     session_start();
 }

src/Menus/menu.json

@@ -61,7 +61,7 @@
                         },
                         {
                             "title": "Book an off-air studio",
-                            "url": "https://docs.google.com/spreadsheets/d/1tJ9E0laOPX-_nkWiPT9amDaliCWFRZENWDW51gLhTOM/edit?usp=sharing",
+                            "url": "https://booking.ury.org.uk",
                             "description": "Need an off-air studio? Book here now!"
                         },
                         {

src/MyRadio_Config.local.php.dist

@@ -69,10 +69,11 @@ Config::$api_uri = '/api/';
 Config::$api_url = '//ury.org.uk/api';
 
 /**
- * Recaptcha Settings
+ * Auth Settings
  */
 Config::$recaptcha_public_key = 'YOUR KEY HERE';
 Config::$recaptcha_private_key = 'YOUR KEY HERE';
+Config::$jwt_signing_secret = 'SECRET_HERE';
 
 /**
  * Feature enable

src/Public/js/myradio.training.demolist.js

@@ -17,6 +17,10 @@ $(".twig-datatable").dataTable({
     {
       "sTitle": "Time"
     },
+    //memberid
+    {
+      "bVisible": false
+    },
     //member
     {
       "sTitle": "Trainer"