Skip to content

Releases: FastPix/moodle-local_fastpix

v1.1.0

Choose a tag to compare

@tharunbudidha27 tharunbudidha27 released this 16 Jun 12:52
c2167d1

version - [1.1.0]

Course-aware uploads and a course-context permission fix.

Added

  • courseid is recorded on each upload session (new column on
    local_fastpix_upload_session), stamped when the upload starts, so the
    editor video picker can list a teacher's videos scoped to the current
    course. upload_service::list_ready_for_course() returns a user's ready,
    non-DRM videos for a course.

Changed

  • The upload web services — create_upload_session,
    create_url_pull_session, and get_upload_status — now take a required
    contextid and authorise mod/fastpix:uploadmedia against the course
    context (validate_context() plus require_capability() on the course
    context resolved with get_course_context()) instead of the system
    context.

Fixed

  • Editing teachers were wrongly denied upload: the capability was checked at
    the system context, where the course-level mod/fastpix:uploadmedia never
    grants, so only site administrators succeeded (by bypassing capability
    checks). Permission is now evaluated at the course context — enrolled
    editing teachers can upload, and enrolled students are correctly blocked
    from uploading or embedding while still able to view.
  • URL-pulled videos now honour the activity's Media settings. The
    create_url_pull_session web service and upload_service method accept and
    forward title, accesspolicy, captionsmode and languagecode (parity
    with create_upload_session) instead of falling back to defaults. Access
    policy and the DRM gate behave as for direct uploads. The new web-service
    parameters are optional (VALUE_DEFAULT), so existing callers remain
    compatible.
  • URL-pulled videos are now titled correctly. Because FastPix does not reliably
    echo the title on the URL-pull create-media webhook, the projector now falls
    back to the title local_fastpix recorded on the matching upload session
    (a local lookup, no gateway call) instead of naming the asset "Asset <id>".
  • A media that FAILS before any "created" event (e.g. a bad URL pull) is now
    recorded as errored instead of being dropped as an "unknown asset". The
    projector treats video.media.failed as a row-insert trigger, so the upload no
    longer stays stuck on "Preparing" forever. (The user-facing "failed" message is
    rendered by mod_fastpix.)

v1.0.0 — initial release

Choose a tag to compare

@tharunbudidha27 tharunbudidha27 released this 22 May 14:03
1e4981f

Initial release. FastPix video integration foundation plugin for Moodle 4.5 LTS+.

Added

  • HTTP gateway as the single boundary to the FastPix API, with retry, circuit breaker, idempotency keys, and structured logging.
  • Direct upload and URL-pull workflows, with a 60-second dedup window and an SSRF guard on URL-pull sources.
  • Webhook ingestion: signature verification with hash_equals, idempotent ledger, per-asset locking with total ordering, and a 30-minute dual-secret rotation window.
  • Local RS256 JWT signing for private and DRM-protected playback (media: and drm: audiences). Signing key bootstraps automatically and re-mints when API credentials change.
  • Public assets resolve tokenless: playback_service::resolve() skips JWT minting for access_policy=public.
  • Asset metadata cache with dual-key MUC invalidation and read-path lazy fetch.
  • Optional DRM, gated on both a feature flag and a configuration ID.
  • Scheduled cleanup tasks: orphan sweeper, webhook ledger pruning (90-day retention), soft-delete purge (7-day grace), and GDPR delete retry.
  • Full Moodle Privacy API provider with GDPR per-asset deletion; raw user IDs are never sent to FastPix (a site-specific HMAC is used).
  • Admin settings page (credentials, DRM, webhook secret) and a rate-limited health endpoint for monitoring.

Security

  • Seven non-negotiables enforced: RS256-only signing, no remote token minting, gateway-only HTTP, hash_equals signature checks, no cross-plugin imports, no _or_fetch on write paths, no Composer dependencies.

Compatibility: Moodle 4.5 LTS or later · PHP 8.1+
License: GNU GPL v3 or later