@kkuffour/solid-moderation-plugin 0.1.0

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@kkuffour/solid-moderation-plugin",
+  "version": "0.1.0",
+  "description": "Content moderation plugin for Community Solid Server",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "lsd:module": "https://linkedsoftwaredependencies.org/bundles/npm/@kkuffour/solid-moderation-plugin",
+  "lsd:components": "components/components.jsonld",
+  "lsd:contexts": {
+    "https://linkedsoftwaredependencies.org/bundles/npm/@kkuffour/solid-moderation-plugin/^0.1.0/components/context.jsonld": "components/context.jsonld",
+    "https://linkedsoftwaredependencies.org/bundles/npm/@kkuffour/solid-moderation-plugin/^0.1.0/config/context.jsonld": "config/context.jsonld"
+  },
+  "lsd:importPaths": {
+    "https://linkedsoftwaredependencies.org/bundles/npm/@solid/moderation-plugin/^1.0.0/components/": "dist/",
+    "https://linkedsoftwaredependencies.org/bundles/npm/@solid/moderation-plugin/^1.0.0/config/": "config/",
+    "https://linkedsoftwaredependencies.org/bundles/npm/@solid/moderation-plugin/^1.0.0/dist/": "dist/"
+  },
+  "scripts": {
+    "build": "npm run build:ts && npm run build:components",
+    "build:ts": "tsc",
+    "build:components": "componentsjs-generator",
+    "build:copy": "mkdir -p dist/components && cp components/*.jsonld dist/components/",
+    "test": "jest"
+  },
+  "keywords": ["solid", "moderation", "content-moderation", "community-solid-server"],
+  "author": "",
+  "license": "MIT",
+  "peerDependencies": {
+    "@solid/community-server": "^7.0.0"
+  },
+  "dependencies": {
+    "form-data": "^4.0.0"
+  },
+  "devDependencies": {
+    "@solid/community-server": "^7.0.0",
+    "componentsjs-generator": "^3.1.0",
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  }
+}

package/simple-test.json

@@ -0,0 +1,7 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^7.0.0/components/context.jsonld",
+  "import": [
+    "css:config/file.json",
+    "file:///Users/opendata/solid-moderation/config/default.json"
+  ]
+}

package/src/ModerationConfig.ts

@@ -0,0 +1,29 @@
+export interface ModerationConfig {
+  enabled: boolean;
+  auditLoggingEnabled: boolean;
+  auditLoggingStorePath: string;
+  sightEngineApiUser: string;
+  sightEngineApiSecret: string;
+  imagesEnabled: boolean;
+  textEnabled: boolean;
+  videoEnabled: boolean;
+  imageNudityThreshold: number;
+  textSexualThreshold: number;
+  textToxicThreshold: number;
+  videoNudityThreshold: number;
+}
+
+export const DEFAULT_MODERATION_CONFIG: ModerationConfig = {
+  enabled: true,
+  auditLoggingEnabled: true,
+  auditLoggingStorePath: './data/moderation-logs',
+  sightEngineApiUser: '',
+  sightEngineApiSecret: '',
+  imagesEnabled: true,
+  textEnabled: true,
+  videoEnabled: true,
+  imageNudityThreshold: 0.5,
+  textSexualThreshold: 0.5,
+  textToxicThreshold: 0.5,
+  videoNudityThreshold: 0.5,
+};

package/src/ModerationMixin.ts

@@ -0,0 +1,153 @@
+import { Readable } from 'node:stream';
+import { promises as fs } from 'node:fs';
+import type { Operation } from '@solid/community-server';
+import { getLoggerFor, ForbiddenHttpError, guardStream } from '@solid/community-server';
+import type { ModerationConfig } from './ModerationConfig';
+import { SightEngineProvider } from './providers/SightEngineProvider';
+import { ModerationStore } from './ModerationStore';
+
+export class ModerationMixin {
+  protected readonly logger = getLoggerFor(this);
+  private readonly moderationConfig: ModerationConfig;
+  private readonly moderationStore?: ModerationStore;
+
+  public constructor(moderationConfig: ModerationConfig) {
+    this.moderationConfig = moderationConfig;
+    this.moderationStore = moderationConfig.auditLoggingEnabled ?
+      new ModerationStore(moderationConfig.auditLoggingStorePath) :
+      undefined;
+  }
+
+  public async moderateContent(operation: Operation): Promise<void> {
+    if (!this.moderationConfig.enabled || !operation.body?.data) {
+      return;
+    }
+
+    const contentType = operation.body.metadata.contentType;
+    if (contentType?.startsWith('image/') && this.moderationConfig.imagesEnabled) {
+      await this.moderateImageContent(operation);
+    } else if (contentType?.startsWith('text/') && this.moderationConfig.textEnabled) {
+      await this.moderateTextContent(operation);
+    } else if (contentType?.startsWith('video/') && this.moderationConfig.videoEnabled) {
+      await this.moderateVideoContent(operation);
+    }
+  }
+
+  private async moderateImageContent(operation: Operation): Promise<void> {
+    const chunks: Buffer[] = [];
+    for await (const chunk of operation.body.data) {
+      chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk as Uint8Array));
+    }
+    const buffer = Buffer.concat(chunks);
+    operation.body.data = guardStream(Readable.from(buffer));
+
+    const tempFile = `/tmp/moderation_${Date.now()}.jpg`;
+    await fs.writeFile(tempFile, buffer);
+
+    try {
+      const client = new SightEngineProvider(
+        this.moderationConfig.sightEngineApiUser,
+        this.moderationConfig.sightEngineApiSecret,
+      );
+      const result = await client.analyzeImage(tempFile);
+      this.logger.info(`MODERATION: Image analysis result - nudity score: ${result.nudity?.raw}, threshold: ${this.moderationConfig.imageNudityThreshold}`);
+
+      if (result.nudity?.raw && result.nudity.raw > this.moderationConfig.imageNudityThreshold) {
+        if (this.moderationStore) {
+          await this.moderationStore.recordViolation({
+            contentType: 'image',
+            resourcePath: operation.target.path,
+            violations: [{ model: 'nudity', score: result.nudity.raw, threshold: this.moderationConfig.imageNudityThreshold }],
+            contentSize: buffer.length,
+          });
+        }
+        throw new ForbiddenHttpError('Upload blocked: Content violates community guidelines');
+      }
+    } catch (error: unknown) {
+      if (error instanceof ForbiddenHttpError) {
+        throw error;
+      }
+      this.logger.warn(`MODERATION: Image check failed (fail-open): ${error}`);
+    } finally {
+      await fs.unlink(tempFile).catch(() => {});
+    }
+  }
+
+  private async moderateTextContent(operation: Operation): Promise<void> {
+    const chunks: Buffer[] = [];
+    for await (const chunk of operation.body.data) {
+      chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk as Uint8Array));
+    }
+    const buffer = Buffer.concat(chunks);
+    const text = buffer.toString('utf8');
+    operation.body.data = guardStream(Readable.from(buffer));
+
+    if (!text?.trim()) {
+      return;
+    }
+
+    try {
+      const client = new SightEngineProvider(
+        this.moderationConfig.sightEngineApiUser,
+        this.moderationConfig.sightEngineApiSecret,
+      );
+      const result = await client.analyzeText(text);
+
+      if (result.sexual > this.moderationConfig.textSexualThreshold || result.toxic > this.moderationConfig.textToxicThreshold) {
+        if (this.moderationStore) {
+          await this.moderationStore.recordViolation({
+            contentType: 'text',
+            resourcePath: operation.target.path,
+            violations: [{ model: 'text', score: Math.max(result.sexual, result.toxic), threshold: Math.min(this.moderationConfig.textSexualThreshold, this.moderationConfig.textToxicThreshold) }],
+            contentSize: buffer.length,
+          });
+        }
+        throw new ForbiddenHttpError('Upload blocked: Content violates community guidelines');
+      }
+    } catch (error: unknown) {
+      if (error instanceof ForbiddenHttpError) {
+        throw error;
+      }
+      this.logger.warn(`MODERATION: Text check failed (fail-open): ${error}`);
+    }
+  }
+
+  private async moderateVideoContent(operation: Operation): Promise<void> {
+    const chunks: Buffer[] = [];
+    for await (const chunk of operation.body.data) {
+      chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk as Uint8Array));
+    }
+    const buffer = Buffer.concat(chunks);
+    operation.body.data = guardStream(Readable.from(buffer));
+
+    const tempFile = `/tmp/moderation_${Date.now()}.mp4`;
+    await fs.writeFile(tempFile, buffer);
+
+    try {
+      const client = new SightEngineProvider(
+        this.moderationConfig.sightEngineApiUser,
+        this.moderationConfig.sightEngineApiSecret,
+      );
+      const result = await client.analyzeVideo(tempFile);
+
+      if (result.nudity?.raw && result.nudity.raw > this.moderationConfig.videoNudityThreshold) {
+        if (this.moderationStore) {
+          await this.moderationStore.recordViolation({
+            contentType: 'video',
+            resourcePath: operation.target.path,
+            violations: [{ model: 'nudity', score: result.nudity.raw, threshold: this.moderationConfig.videoNudityThreshold }],
+            contentSize: buffer.length,
+          });
+        }
+        throw new ForbiddenHttpError('Upload blocked: Content violates community guidelines');
+      }
+    } catch (error: unknown) {
+      if (error instanceof ForbiddenHttpError) {
+        throw error;
+      }
+      this.logger.warn(`MODERATION: Video check failed (fail-open): ${error}`);
+    } finally {
+      await fs.unlink(tempFile).catch(() => {});
+    }
+  }
+}

package/src/ModerationOperationHandler.ts

@@ -0,0 +1,64 @@
+import { getLoggerFor } from '@solid/community-server';
+import type { ModerationConfig } from './ModerationConfig';
+import type { ResponseDescription, OperationHandlerInput, OperationHandler } from '@solid/community-server';
+import { ModerationMixin } from './ModerationMixin';
+
+/**
+ * Wraps an OperationHandler to add content moderation for operations with body data.
+ * Checks PUT, POST, and PATCH operations before passing them to the wrapped handler.
+ *
+ * @module
+ */
+export class ModerationOperationHandler {
+  protected readonly logger = getLoggerFor(this);
+  private readonly source: OperationHandler;
+  private readonly moderationMixin: ModerationMixin;
+
+  public constructor(
+    source: OperationHandler,
+    enabled: boolean,
+    auditLoggingEnabled: boolean,
+    auditLoggingStorePath: string,
+    sightEngineApiUser: string,
+    sightEngineApiSecret: string,
+    imagesEnabled: boolean,
+    textEnabled: boolean,
+    videoEnabled: boolean,
+    imageNudityThreshold: number,
+    textSexualThreshold: number,
+    textToxicThreshold: number,
+    videoNudityThreshold: number,
+  ) {
+    this.source = source;
+    this.moderationMixin = new ModerationMixin({
+      enabled,
+      auditLoggingEnabled,
+      auditLoggingStorePath,
+      sightEngineApiUser,
+      sightEngineApiSecret,
+      imagesEnabled,
+      textEnabled,
+      videoEnabled,
+      imageNudityThreshold,
+      textSexualThreshold,
+      textToxicThreshold,
+      videoNudityThreshold,
+    });
+  }
+
+  public async canHandle(input: OperationHandlerInput): Promise<void> {
+    return this.source.canHandle(input);
+  }
+
+  public async handle(input: OperationHandlerInput): Promise<ResponseDescription> {
+    const { operation } = input;
+
+    // Only moderate operations with body data
+    if (operation.body?.data && [ 'PUT', 'POST', 'PATCH' ].includes(operation.method)) {
+      this.logger.info(`MODERATION: Checking ${operation.method} request to ${operation.target.path}`);
+      await this.moderationMixin.moderateContent(operation);
+    }
+
+    return this.source.handle(input);
+  }
+}

package/src/ModerationRecord.ts

@@ -0,0 +1,19 @@
+/**
+ * Record of a content moderation violation for admin review.
+ */
+export interface ModerationRecord {
+  id: string;
+  timestamp: Date;
+  contentType: 'image' | 'text' | 'video';
+  resourcePath: string;
+  userWebId?: string;
+  userAgent?: string;
+  clientIp?: string;
+  violations: {
+    model: string;
+    score: number;
+    threshold: number;
+  }[];
+  contentSize: number;
+  contentHash?: string;
+}

package/src/ModerationStore.ts

@@ -0,0 +1,41 @@
+import { promises as fs } from 'node:fs';
+import { join } from 'node:path';
+import { getLoggerFor } from '@solid/community-server';
+import type { ModerationRecord } from './ModerationRecord';
+
+/**
+ * Service for storing moderation violation records.
+ */
+export class ModerationStore {
+  protected readonly logger = getLoggerFor(this);
+
+  private readonly storePath: string;
+
+  public constructor(storePath = './data/moderation-logs') {
+    this.storePath = storePath;
+  }
+
+  public async recordViolation(record: Omit<ModerationRecord, 'id' | 'timestamp'>): Promise<void> {
+    try {
+      await fs.mkdir(this.storePath, { recursive: true });
+
+      const fullRecord: ModerationRecord = {
+        ...record,
+        id: this.generateId(),
+        timestamp: new Date(),
+      };
+
+      const filename = `${new Date().toISOString().split('T')[0]}.jsonl`;
+      const filepath = join(this.storePath, filename);
+      const logEntry = `${JSON.stringify(fullRecord)}\n`;
+
+      await fs.appendFile(filepath, logEntry);
+    } catch (error: unknown) {
+      this.logger.error(`Failed to record moderation violation: ${String(error)}`);
+    }
+  }
+
+  private generateId(): string {
+    return Date.now().toString(36) + Math.random().toString(36).slice(2);
+  }
+}

package/src/index.ts

@@ -0,0 +1,6 @@
+export * from './ModerationOperationHandler';
+export * from './ModerationConfig';
+export * from './ModerationStore';
+export * from './ModerationRecord';
+export * from './ModerationMixin';
+export * from './providers/SightEngineProvider';