Difference between revisions of "Module 2"

From CSE330 Wiki
Jump to navigationJump to search
Line 17: Line 17:
 
* [[VS Code]]
 
* [[VS Code]]
 
* [[Web Application Security, Part 1]]
 
* [[Web Application Security, Part 1]]
 +
* [[FAQ - Mod 2]]
  
 
== Individual Assignments ==
 
== Individual Assignments ==

Revision as of 22:40, 20 December 2020

Module 2 introduces you to Linux, a command-line environment, the Apache web server, and PHP. You will create and configure your own cloud instance, install Apache and related software, and then form groups to make a simple file sharing site.

DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE! The most common reason students perform poorly in this class is procrastination. You have been warned.

Reading

The following articles on the online class wiki textbook contain information that will help you complete the assignments.

Individual Assignments

There are a lot of wiki pages that you need to read in order to complete the individual portion of Module 2. The wiki pages contain an assortment of required steps, optional steps, and information. To make things easier, we have highlighted the required steps with a red bar, like you see on the left of this message. Do not skip anything marked with a red bar, or else you will not have a perfectly configured instance.

Learn About Linux

Linux is an open-source operating system based on UNIX. Linux is highly versatile and is used in a wide range of applications.

If you are not a Linux guru, read the Linux guide to get started: Linux

Windows Users Only: Enable Windows Subsystem for Linux (WSL) or Install Cygwin

You will need WSL or Cygwin in order to log into and configure your EC2 instance. Cygwin is already installed on the CEC machines. If you're using Windows 10, you can use WSL, which is an officially-supported way of accessing a Linux terminal on Windows. If not, you'll have to use Cygwin. Instructions for installing either on your personal machine are located in the Workflow guide.

Mac OS X users should located the "Terminal" application, which is installed by default; you will need this in the coming steps.

Create an AWS EC2 Instance

Once you understand Linux, you need to set up your Amazon EC2 Instance. Use the AWS article to guide you through the process: Amazon Web Services

Configure SSH

Follow the instructions in the SSH guide to do the following:

  1. Create your own SSH key pair
  2. Log in as the default user to your EC2 instance
  3. Create a new user
  4. Give the new user your SSH public key

From now on, when you need to log into your EC2 instance as an administrator, just pop up a terminal and run:

$ ssh your-username@ec2-xx-xx-xx-xx.compute-1.amazonaws.com


To save from typing this command in every time you want to access your server, you can set an alias in your terminal.

In the Mac terminal, vim ~/.bash_profile and input the following command:

$ alias aws='ssh your-username@ec2.xx-xx-xx-xx.compute-1.amazonaws.com'

Now, whenever you type aws in your terminal, it will type your ssh command.

In Cygwin, vim ~/.bash_profile and input the following:

export aws="ssh your-username@ec2.xx-xx-xx-xx.compute-1.amazonaws.com"

And you run this command by typing $aws Also note that you may have to restart your terminal for this to take effect, or put the command in your ~/.bashrc file

Install Essential Packages

Recall that software installation in Linux instances is usually handled through a package manager, like yum. For more information, refer to the Linux guide.

To make sure everything is working properly, install your first package(s) according to the Essential Packages subsection in the Linux guide.

Set the Timezone

Set your server to use US Central time (America/Chicago). Instructions are in the Linux guide: Linux#Synchronizing Date and Time

Set Up the Apache Web Server

You need to install the Apache web server on your EC2 instance. Refer to the Apache guide.

In order for your web server to be accessible, you need to open up Port 80 on your EC2 instance. Instructions are in the AWS guide: Amazon Web Services#Enabling Web Access to your EC2 Instance

Enable the UserDir module in Apache. Instructions are in the Apache guide: Apache#The UserDir Module

Install PHP

You need to install PHP on your EC2 server. Instructions are at the top of the PHP guide: PHP

You need to configure PHP to show errors. Instructions are immediately below installation in the PHP guide.

Learn about the PHP Language

Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: PHP#PHP Language Components

Set Up your Workspace

You are now ready to set up the workspace that you will be using for the rest of the semester. Follow the instructions in Workflow to:

  1. Make an account on GitHub
  2. Setup a repo using GitHub Classroom
  3. Clone your CSE 330 repo from GitHub
  4. Install a text editor such as VSCode to write your assignments with
  5. Either install an FTP client, or use SFTP through command line, to transfer files from your local machine to your instance

Calculator

Make a calculator using PHP and an HTML form. The form should have two inputs. The form should submit a GET request either back to the same page or to a different results page. The calculator should support addition, subtraction, multiplication, and division by means of a radio button group on the page. (Consider edge cases!)

Git Tutorial

Complete all of the levels of the Main and Remote sections of this Git tutorial. After you finish the tutorial, take two screenshots showing completion of all of the levels of the Main and Remote sections. Place these two screenshots in your Module 2 Individual repo.

Group Project

You will work in pairs (that means you and one other person) on this project.

In this module, and all future modules, the group portion builds off of material you learn in the individual portion. You should therefore complete the individual portions prior to working on the group portions. (Trust us: it will make your life easier!)

Important Reminder: frequently commit your work to your repository as a backup!

Simple File Sharing Site

You will be making a simple file sharing site that supports uploading, viewing, and deleting files associated with various users. Details:

  • You should have a file named users.txt stored in a secure place on your filesystem. It should have at least three usernames, with one username per line.
    Passwords add an extra layer of complexity (encryption) that we will cover in Module 3. You will not earn credit for implementing passwords as your creative portion for this module.
  • Users of the file sharing site should be able to enter their username and then log in.
    You may implement logins using session variables, or you may implement them using a GET parameter that is passed between pages. You will need to always use sessions starting in Module 3.
  • Users should see a list of all files associated with their username after the log in.
  • Users should be able to view, upload, and delete files associated with their username.
  • The URI should NOT reveal the internal file structure of your web site.
    In general, don't reveal any internal information about the site.
    Food for thought: Given that Apache processes (with the exception of the main process) do not run as root, but rather as the user apache, how can you allow both your user account and the php scripts to read and write the
    necessary files?
    Hint: You shouldn't be storing the user-uploaded files in public_html (that is only the place for your own web-page files),
    Hint number 2: you will need to use chown to change permissions to let user apache have permissions on the user-files (that are not in the public_html folder). If you don't know what this does or how to do this, look at the Apache page
  • You should customize your file sharing site by implementing an additional feature or two as part of the creative portion.

You will probably find the PHP guide on this wiki to be helpful: PHP#Other PHP Tips

Web Security and Validation

Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 1

In particular:

  • Your application needs to follow the conventions of FIEO (Filter Input and Escape Output). Things you should filter include file names, usernames, and so on.
  • Your project must pass the W3C Validator with no errors or warnings. For more information, see the HTML and CSS guide: HTML and CSS#Validation

Grading

We will be grading the following aspects of your work. There are 120 points total.


Assignments (including code) must be committed to GitHub by the end of class on the due date. Commit early and often. Failing to commit by the end of class on the due date will result in a 0.

_____________

  1. Cloud Instance and Web Server (30 Points):
    • You can SSH into your instance using your own custom username and SSH key. Put a screenshot in your repository of your terminal SSH-ing into your instance (15 points)
    • Your custom username is able to perform SUDO commands. Put a screenshot in your repository of you successfully executing a command with sudo (5 points)
    • The time zone is correct on your instance. Put a screenshot in your repository of the results of the `date` command (5 points)
    • The UserDir Apache module is working. Place a file in /home/<username>/public_html and link to the file in your README.md (5 points)
  2. PHP Calculator (15 Points):
    • The calculator is able to perform all four functions with floating point numbers (2 points each, 8 points in total)
    • Each function is given as a radio button choice (4 points)
    • The calculator page passes the W3C HTML validator (3 points)
    • Make sure you have a README.md file in your individual repo with the the link to your calculator. See the Creative Portion section for more information about .md files.
  3. Git Tutorial (20 Points):
    • Place the two screenshots displaying the completed levels of the Main and Remote sections in your Individual repo
  4. File Sharing Site (40 Points):
    • File Management (25 Points):
      • Users should not be able to see any files until they enter a username and log in (4 points)
        Remember that users.txt should be stored in a secure location on your filesystem. That is, you should not be able to type any URL into your browser and see the raw users.txt file!
      • Users can see a list of all files they have uploaded (4 points)
      • Users can open files they have previously uploaded (5 points)
        Note: Users should be able to open not only plain text files but also other file formats: images, spreadsheets, etc.
      • Users can upload files (4 points)
        Note: Like users.txt, uploaded files should be stored in a secure location on your filesystem. That is, do not keep your uploads directory underneath a directory served by Apache!
      • Users can delete files. If a file is "deleted", it should actually be removed from the filesystem (4 points)
      • The directory structure is hidden. Users should not be able to access or view files by manipulating a URL. (2 points)
      • Users can log out (2 points)
        Note: If using session variables, you must actually log out the user by destroying their session; i.e., don't just redirect them to the login screen.
    • Best Practices (10 Points):
      • Code is well formatted and easy to read, with proper commenting (4 points)
      • The site follows the FIEO philosophy (3 points)
      • All pages pass the W3C validator (3 points)
    • Usability (5 Points):
      • Site is intuitive to use and navigate (4 points)
      • Site is visually appealing (1 point)
  5. Creative Portion (15 Points) (see below)
    • Make sure you have a README.md file in your group repo with the following:
      • An .md file is a plain text file called a markdown file [1] .
        • The contents of your README.md file are shown on your repo, making it easier for us to grade
        • You may style the page with bolding, hyperlings, images, block quotes and lists
        • This online markdown editor makes it easy to learn this format
      • The link to your file sharing site. We need this to grade your work.
      • A brief description of what you did for your creative portion
      • Any additional login details needed for the TA

Creative Portion

This module and all future modules will require that you invest some time into creating additional features for your group project. Plan to invest at least 60 minutes of your time into the creative portion.

  • The creative portion is an opportunity for you to learn the material of your own interest.
  • You will not earn credit for a creative-portion feature that simply rehashes something you've already done in a previous module.

If you need ideas for a creative portion, or if you want to know whether or not your creative portion idea is "hard enough", ask a TA.