From 10a14c849ef353ba381a3f8b9e111571cd562768 Mon Sep 17 00:00:00 2001
From: prlanzarin <4529051+prlanzarin@users.noreply.github.com>
Date: Thu, 6 Jun 2024 10:09:16 -0300
Subject: [PATCH 1/3] build: express@v4.19.2

---
 CHANGELOG.md      |  4 ++++
 package-lock.json | 57 ++++++++---------------------------------------
 package.json      |  2 +-
 3 files changed, 14 insertions(+), 49 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a410060..db7f5dd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+### UNRELEASED
+
+* build: express@4.19.2
+
 ### v3.1.0
 
 * feat(events): add guest field to user-joined/user-left
diff --git a/package-lock.json b/package-lock.json
index 9d4f589..4efe72a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "dependencies": {
         "bullmq": "4.17.0",
         "config": "^3.3.7",
-        "express": "^4.18.2",
+        "express": "^4.19.2",
         "js-yaml": "^4.1.0",
         "luxon": "^3.4.3",
         "node-fetch": "^3.3.2",
@@ -771,7 +771,6 @@
       "version": "1.20.2",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
       "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
-      "dev": true,
       "dependencies": {
         "bytes": "3.1.2",
         "content-type": "~1.0.5",
@@ -1089,9 +1088,9 @@
       }
     },
     "node_modules/cookie": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
-      "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==",
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
+      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
       "engines": {
         "node": ">= 0.6"
       }
@@ -1783,16 +1782,16 @@
       }
     },
     "node_modules/express": {
-      "version": "4.18.2",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
-      "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
+      "version": "4.19.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz",
+      "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.1",
+        "body-parser": "1.20.2",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.5.0",
+        "cookie": "0.6.0",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
@@ -1823,43 +1822,6 @@
         "node": ">= 0.10.0"
       }
     },
-    "node_modules/express/node_modules/body-parser": {
-      "version": "1.20.1",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
-      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
-      "dependencies": {
-        "bytes": "3.1.2",
-        "content-type": "~1.0.4",
-        "debug": "2.6.9",
-        "depd": "2.0.0",
-        "destroy": "1.2.0",
-        "http-errors": "2.0.0",
-        "iconv-lite": "0.4.24",
-        "on-finished": "2.4.1",
-        "qs": "6.11.0",
-        "raw-body": "2.5.1",
-        "type-is": "~1.6.18",
-        "unpipe": "1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8",
-        "npm": "1.2.8000 || >= 1.4.16"
-      }
-    },
-    "node_modules/express/node_modules/raw-body": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
-      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
-      "dependencies": {
-        "bytes": "3.1.2",
-        "http-errors": "2.0.0",
-        "iconv-lite": "0.4.24",
-        "unpipe": "1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/extend": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
@@ -4043,7 +4005,6 @@
       "version": "2.5.2",
       "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
       "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
-      "dev": true,
       "dependencies": {
         "bytes": "3.1.2",
         "http-errors": "2.0.0",
diff --git a/package.json b/package.json
index 25dcc66..2f6ad3a 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
   "dependencies": {
     "bullmq": "4.17.0",
     "config": "^3.3.7",
-    "express": "^4.18.2",
+    "express": "^4.19.2",
     "js-yaml": "^4.1.0",
     "luxon": "^3.4.3",
     "node-fetch": "^3.3.2",

From 148b6c4dd8bff3df96963ee50ebd29ad40ab3f91 Mon Sep 17 00:00:00 2001
From: prlanzarin <4529051+prlanzarin@users.noreply.github.com>
Date: Thu, 6 Jun 2024 10:51:40 -0300
Subject: [PATCH 2/3] feat(xapi): add support for Basic auth via
 meta_secret-lrs-payload

Add support for Basic auth via meta_secret-lrs-payload.
The new supported payload format is:
  ```json
    {
      "lrs_endpoint": "https://lrs1.example.com",
      "lrs_username": "user",
      "lrs_password": "pass"
    }
  ```
Check the xAPI module's README for more information.
---
 CHANGELOG.md           |  1 +
 src/out/xapi/README.md | 30 ++++++++++++++++++++++--------
 src/out/xapi/xapi.js   | 32 +++++++++++++++++++++++---------
 3 files changed, 46 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db7f5dd..1089b43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.
 
 ### UNRELEASED
 
+* feat(xapi): add support for Basic auth via meta_secret-lrs-payload
 * build: express@4.19.2
 
 ### v3.1.0
diff --git a/src/out/xapi/README.md b/src/out/xapi/README.md
index 6572c67..91e9406 100644
--- a/src/out/xapi/README.md
+++ b/src/out/xapi/README.md
@@ -64,14 +64,28 @@ If you set `meta_xapi-enabled` to false, no xAPI events will be generated or sen
 
 ### meta_secret-lrs-payload
 - **Description**: This parameter allows you to specify the credentials and endpoint of the Learning Record Store (LRS) where the xAPI events will be sent. The payload is a Base64-encoded string representing a JSON object encrypted (AES 256/PBKDF2) using the **server secret** as the **passphrase**.
-- **Value Format**: Base64-encoded JSON object encrypted with AES 256/PBKDF2 encryption
-- **JSON Payload Structure**:
-```json
-{
-  "lrs_endpoint": "https://lrs1.example.com",
-  "lrs_token": "AAF32423SDF5345"
-}
-```
+There are two supported formats for the payload:
+
+- **LRS Token (Bearer authentication)**
+  - **Value Format**: Base64-encoded JSON object encrypted with AES 256/PBKDF2 encryption
+  - **JSON Payload Structure**:
+    ```json
+    {
+      "lrs_endpoint": "https://lrs1.example.com",
+      "lrs_token": "AAF32423SDF5345"
+    }
+    ```
+- **LRS Username/Password (Basic authentication)**
+  - **Value Format**: Base64-encoded JSON object encrypted with AES 256/PBKDF2 encryption
+  - **JSON Payload Structure**:
+    ```json
+    {
+      "lrs_endpoint": "https://lrs1.example.com",
+      "lrs_username": "user",
+      "lrs_password": "pass"
+    }
+    ```
+
 - **Encrypting the Payload**: The Payload should be encrypted with the server secret using the following bash command (provided the lrs credential are in the `lrs.conf` file and server secret is `bab3fd92bcd7d464`):
 ```bash
 cat ./lrs.conf | openssl aes-256-cbc -pass "pass:bab3fd92bcd7d464" -pbkdf2 -a -A
diff --git a/src/out/xapi/xapi.js b/src/out/xapi/xapi.js
index ee161d0..0f8912d 100644
--- a/src/out/xapi/xapi.js
+++ b/src/out/xapi/xapi.js
@@ -39,10 +39,9 @@ export default class XAPI {
   }
 
   async postToLRS(statement, meeting_data) {
-    let { lrs_endpoint, lrs_username, lrs_password } = this.config.lrs;
-    if (meeting_data.lrs_endpoint !== ''){
-      lrs_endpoint = meeting_data.lrs_endpoint;
-    }
+    const lrs_username = meeting_data.lrs_username || this.config.lrs?.lrs_username;
+    const lrs_password = meeting_data.lrs_password || this.config.lrs?.lrs_password;
+    const lrs_endpoint = meeting_data.lrs_endpoint || this.config.lrs?.lrs_endpoint;
     const lrs_token = meeting_data.lrs_token;
     const headers = {
       Authorization: `Basic ${Buffer.from(
@@ -52,9 +51,7 @@ export default class XAPI {
       "X-Experience-API-Version": "1.0.0",
     };
 
-    if (lrs_token !== ''){
-      headers.Authorization = `Bearer ${lrs_token}`
-    }
+    if (lrs_token) headers.Authorization = `Bearer ${lrs_token}`
 
     const requestOptions = {
       method: "POST",
@@ -107,15 +104,32 @@ export default class XAPI {
         const lrs_payload = event.data.attributes.meeting.metadata?.["secret-lrs-payload"];
         let lrs_endpoint = '';
         let lrs_token = '';
+        let lrs_username = '';
+        let lrs_password = '';
 
         // if lrs_payload exists, decrypts with the server secret and extracts lrs_endpoint and lrs_token from it
         if (lrs_payload !== undefined){
-          const payload_text = decryptStr(lrs_payload, this.config.server.secret);
-          ({lrs_endpoint, lrs_token} = JSON.parse(payload_text));
+          try {
+            const payload_text = decryptStr(lrs_payload, this.config.server.secret);
+            ({
+              lrs_endpoint,
+              lrs_token,
+              lrs_username,
+              lrs_password,
+            } = JSON.parse(payload_text));
+          } catch (error) {
+            this.logger.error("OutXAPI.onEvent: invalid lrs_payload", {
+              error: error.stack,
+              lrs_payload
+            });
+            return reject(error);
+          }
         }
 
         meeting_data.lrs_endpoint = lrs_endpoint;
         meeting_data.lrs_token = lrs_token;
+        meeting_data.lrs_username = lrs_username;
+        meeting_data.lrs_password = lrs_password;
 
         const meeting_create_day = DateTime.fromMillis(
           meeting_data.create_time

From eafac5df579315b47fcc57999bc109371b62ead6 Mon Sep 17 00:00:00 2001
From: prlanzarin <4529051+prlanzarin@users.noreply.github.com>
Date: Thu, 6 Jun 2024 11:28:50 -0300
Subject: [PATCH 3/3] fix: remove cache-to from image push to make dockerhub
 images usable

---
 .github/workflows/docker-image.yml | 1 -
 CHANGELOG.md                       | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index b0480b2..829f6cb 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -69,7 +69,6 @@ jobs:
           context: .
           platforms: linux/amd64
           cache-from: type=registry,ref=${{ steps.tag.outputs.IMAGE }}
-          cache-to: type=registry,ref=${{ steps.tag.outputs.IMAGE }},image-manifest=true,oci-mediatypes=true,mode=max
           labels: |
             ${{ steps.meta.outputs.labels }}
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1089b43..6e710f9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 ### UNRELEASED
 
 * feat(xapi): add support for Basic auth via meta_secret-lrs-payload
+* fix: remove cache-to from image push to make dockerhub images usable
 * build: express@4.19.2
 
 ### v3.1.0