Fisheye: Diff - lams-github/lams_build/conf/whiteboard/scripts/server-backend.js

Tree
Options

More

d1b5adf

LDEV-5204 Initiate canvas copy on tool content copy on back-end
In previous version canvas was copied when an user opened it. Sometimes
in LAMS we copy content without opening a canvas. For example when using
Save As or Copy buttons in Authoring. We had to make sure that canvas is
always either copied on back-end or it gets opened and copied via
front-end.

02 May 21 Marcin Cieslak d1b5adfc103345fa2525236c53313dcda1cfb7c0

6583579

LDEV-5204 Introduce improved security using hashing
In vanilla Whiteboard a global access token is configured on server and
must be present in all requests made to Whiteboard. It means that anyone
can modify any whiteboard ID (wid).
In LAMS we introduce a hash of wid + accesstoken. Users do not know
access token, so they can not generate the hash for another wid.
The hash is simple Java hashCode() function, sufficient for this
situation.
The hash does not include author name as it is not present in many use
cases.
The hash optionally has a different form: source wid + wid +
accesstoken. It is when copyfromwid parameter is present. In this case
the target canvas is using standard wid and hash, but for the extra call
to source canvas we use source wid and the modified hash. This modified
hash is only usable to copy content from this particular source wid to
this particular target wid, so users can not use the hash to draw on the
source canvas.

01 May 21 Marcin Cieslak 6583579862c8623515c9861dd8edec09b6d1898f

Loading ...

Atlassian Fisheye Git analysis (Version:4.8.10 Build:20220620091927 2022-06-20 09:21) - Administration - Page generated 2025-05-18 04:25 +0800

Fisheye (Server) Unlimited Users: Open Source License License registered to Learning Activity Management System (LAMS).

Version 4.8.13 is available.