Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2022-Q1 Work Package: NPLD Player v1.0.0 #3

Open
8 of 14 tasks
anjackson opened this issue Jan 12, 2022 · 3 comments
Open
8 of 14 tasks

2022-Q1 Work Package: NPLD Player v1.0.0 #3

anjackson opened this issue Jan 12, 2022 · 3 comments
Assignees
@ikreymer
Milestone
NPLD Player v1.0.0

Comments

@anjackson
Copy link
Contributor

anjackson commented Jan 12, 2022
edited
Loading

This app must be an ElectronJS (https://www.electronjs.org/) desktop application that wraps a WebView to provide a limited web browser. https://github.com/ukwa/npld-player/milestone/1

The browser should: 

  • Be restricted to viewing a limited set of web sites in each LDL, routing all traffic via the dedicated web proxy over a TLS connection. 
  • Be restricted to viewing the content as-is. No devtools, no file-save-as, no downloads, limited access to printing (no printing, or allow printing, to be configured per institutional deployment). 
  • Pass a secure token with every request (so the server can authenticate the client application). For example, the token could take the form of a Basic authenticated connection to the proxy, or could be a Bearer token header on every request – whichever method is the most reliable and easy to maintain.
  • The secure token must be obfuscated within the application, so that it can’t be easily extracted.
  • Support a custom API scheme (of the form npld-viewer://bl.ldls.org.uk/?url=https://bl.ldls.org.uk/{itemId}) so we can hand users to the NPLD Player application. 
  • Present an ‘open in your web browser’ link for any page we end up at that is out of scope for the viewer (i.e. not on ldls.org.uk). 
  • Minimise the local caching of content so items cannot be easily downloaded or extracted. 
  • NPLD Player v1.0.0 UI #5
  • Be fully internationalised, supporting British English and Welsh at a minimum (we will supply translations).
  • Provide self-contained deployment packages for Windows and Linux, such that the systems administrator can configure whether printing is enabled and specify the value of the secure token.  These should be generated by Actions on the private https://github.com/ukwa/npld-player-builds respository.
  • The package should be accompanied with appropriate documentation on how to install it and how upgrades should work. 
  • The documentation should also include how to set up the Secure Web Proxy to authenticate the client secret. The Web Proxy must be either NGINX, Apache or Squid (NGINX preferred).
  • The npld-player repository should include a Docker Compose file that can be used to run the Secure Web Proxy and an instance of ukwa-pywb for local testing.
  • The documentation should also include secret key management and rotation, across both the Player client and the authenticating proxy. 
@anjackson anjackson added this to the NPLD Player v1.0.0 milestone Jan 12, 2022
@anjackson anjackson mentioned this issue Feb 17, 2022
Closed
3 tasks
@anjackson
Copy link
Contributor Author

Question: Does the package need to be modified to ensure the protocol handler is there?

@anjackson
Copy link
Contributor Author

I've lost track of the proxy setup documentation. Where was it @ikreymer ?

Also, note printing is not yet working, see #5 (comment)

@anjackson
Copy link
Contributor Author

I think the documentation is at https://github.com/ukwa/ukwa-pywb/blob/2.7.x/docs/npld_access_controls.md#header-based-only-filtering i.e. on the newer branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikreymer ikreymer

Labels
None yet
Projects
None yet
Milestone
NPLD Player v1.0.0
Development

No branches or pull requests
2 participants
@anjackson @ikreymer