@undefineds.co/xpod 0.3.29 → 0.3.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/PodAuthorizationResources.d.ts +1 -0
- package/dist/authorization/PodAuthorizationResources.js +36 -4
- package/dist/authorization/PodAuthorizationResources.js.map +1 -1
- package/dist/provision/LocalPodProvisioningService.js +2 -0
- package/dist/provision/LocalPodProvisioningService.js.map +1 -1
- package/dist/provision/ProvisionPodCreator.js +16 -0
- package/dist/provision/ProvisionPodCreator.js.map +1 -1
- package/dist/storage/accessors/MixDataAccessor.js.map +1 -1
- package/dist/storage/rdf/PostgresRdfEngine.d.ts +12 -15
- package/dist/storage/rdf/PostgresRdfEngine.js +1040 -150
- package/dist/storage/rdf/PostgresRdfEngine.js.map +1 -1
- package/dist/storage/rdf/PostgresRdfEngine.jsonld +40 -52
- package/dist/storage/rdf/{RdfLocalQueryEngine.d.ts → RdfQueryExecutor.d.ts} +3 -3
- package/dist/storage/rdf/{RdfLocalQueryEngine.js → RdfQueryExecutor.js} +9 -9
- package/dist/storage/rdf/RdfQueryExecutor.js.map +1 -0
- package/dist/storage/rdf/RdfSparqlAdapter.d.ts +5 -5
- package/dist/storage/rdf/RdfSparqlAdapter.js +27 -27
- package/dist/storage/rdf/RdfSparqlAdapter.js.map +1 -1
- package/dist/storage/rdf/SolidRdfEngine.d.ts +2 -5
- package/dist/storage/rdf/SolidRdfEngine.js +6 -38
- package/dist/storage/rdf/SolidRdfEngine.js.map +1 -1
- package/dist/storage/rdf/SolidRdfEngine.jsonld +0 -12
- package/dist/storage/rdf/SolidRdfSparqlEngine.js.map +1 -1
- package/dist/storage/rdf/index.d.ts +3 -3
- package/dist/storage/rdf/index.js +6 -6
- package/dist/storage/rdf/index.js.map +1 -1
- package/dist/storage/rdf/models-benchmark.d.ts +9 -9
- package/dist/storage/rdf/models-benchmark.js +23 -23
- package/dist/storage/rdf/models-benchmark.js.map +1 -1
- package/dist/storage/rdf/types.d.ts +5 -5
- package/dist/storage/rdf/types.js.map +1 -1
- package/package.json +1 -1
- package/templates/pod/acp/profile/.acr +21 -0
- package/templates/pod/wac/profile/.acl.hbs +18 -0
- package/dist/storage/rdf/RdfLocalQueryEngine.js.map +0 -1
|
@@ -15,19 +15,22 @@ function buildPodAuthorizationResources(input) {
|
|
|
15
15
|
const authMode = (0, AuthMode_1.normalizeAuthMode)(input.authMode);
|
|
16
16
|
const kind = resourceKindForAuthMode(authMode);
|
|
17
17
|
const rootResourceUrl = input.iri(input.podUrl, kind === 'acl' ? '.acl' : '.acr');
|
|
18
|
+
const profileResourceUrl = input.iri(input.podUrl, kind === 'acl' ? 'profile/.acl' : 'profile/.acr');
|
|
18
19
|
const cardResourceUrl = input.iri(input.podUrl, kind === 'acl' ? 'profile/card.acl' : 'profile/card.acr');
|
|
19
20
|
const quads = kind === 'acl'
|
|
20
|
-
? buildWebAclQuads(input, rootResourceUrl, cardResourceUrl)
|
|
21
|
-
: buildAcpQuads(input, rootResourceUrl, cardResourceUrl);
|
|
21
|
+
? buildWebAclQuads(input, rootResourceUrl, profileResourceUrl, cardResourceUrl)
|
|
22
|
+
: buildAcpQuads(input, rootResourceUrl, profileResourceUrl, cardResourceUrl);
|
|
22
23
|
return {
|
|
23
24
|
kind,
|
|
24
25
|
rootResourceUrl,
|
|
26
|
+
profileResourceUrl,
|
|
25
27
|
cardResourceUrl,
|
|
26
28
|
quads,
|
|
27
29
|
};
|
|
28
30
|
}
|
|
29
|
-
function buildAcpQuads(input, rootAcrUrl, cardAcrUrl) {
|
|
31
|
+
function buildAcpQuads(input, rootAcrUrl, profileAcrUrl, cardAcrUrl) {
|
|
30
32
|
const rootGraph = namedNode(rootAcrUrl);
|
|
33
|
+
const profileGraph = namedNode(profileAcrUrl);
|
|
31
34
|
const cardGraph = namedNode(cardAcrUrl);
|
|
32
35
|
const root = namedNode(`${rootAcrUrl}#root`);
|
|
33
36
|
const rootPublicRead = namedNode(`${rootAcrUrl}#publicReadAccess`);
|
|
@@ -36,10 +39,15 @@ function buildAcpQuads(input, rootAcrUrl, cardAcrUrl) {
|
|
|
36
39
|
const rootPublicMatcher = blankNode(`public-matcher-${input.stableId(rootAcrUrl)}`);
|
|
37
40
|
const rootOwnerPolicy = blankNode(`owner-policy-${input.stableId(rootAcrUrl)}`);
|
|
38
41
|
const rootOwnerMatcher = blankNode(`owner-matcher-${input.stableId(rootAcrUrl)}`);
|
|
42
|
+
const profile = namedNode(`${profileAcrUrl}#profile`);
|
|
43
|
+
const profilePublicRead = namedNode(`${profileAcrUrl}#publicReadAccess`);
|
|
44
|
+
const profilePolicy = blankNode(`profile-policy-${input.stableId(profileAcrUrl)}`);
|
|
45
|
+
const profileMatcher = blankNode(`profile-matcher-${input.stableId(profileAcrUrl)}`);
|
|
39
46
|
const card = namedNode(`${cardAcrUrl}#card`);
|
|
40
47
|
const cardPublicRead = namedNode(`${cardAcrUrl}#publicReadAccess`);
|
|
41
48
|
const cardPolicy = blankNode(`card-policy-${input.stableId(cardAcrUrl)}`);
|
|
42
49
|
const cardMatcher = blankNode(`card-matcher-${input.stableId(cardAcrUrl)}`);
|
|
50
|
+
const profileUrl = input.iri(input.podUrl, 'profile/');
|
|
43
51
|
return [
|
|
44
52
|
quad(root, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), rootGraph),
|
|
45
53
|
quad(root, namedNode(`${ACP}resource`), namedNode(input.podUrl), rootGraph),
|
|
@@ -62,6 +70,16 @@ function buildAcpQuads(input, rootAcrUrl, cardAcrUrl) {
|
|
|
62
70
|
quad(rootOwnerPolicy, namedNode(`${ACP}anyOf`), rootOwnerMatcher, rootGraph),
|
|
63
71
|
quad(rootOwnerMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), rootGraph),
|
|
64
72
|
quad(rootOwnerMatcher, namedNode(`${ACP}agent`), namedNode(input.webId), rootGraph),
|
|
73
|
+
quad(profile, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), profileGraph),
|
|
74
|
+
quad(profile, namedNode(`${ACP}resource`), namedNode(profileUrl), profileGraph),
|
|
75
|
+
quad(profile, namedNode(`${ACP}accessControl`), profilePublicRead, profileGraph),
|
|
76
|
+
quad(profilePublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), profileGraph),
|
|
77
|
+
quad(profilePublicRead, namedNode(`${ACP}apply`), profilePolicy, profileGraph),
|
|
78
|
+
quad(profilePolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), profileGraph),
|
|
79
|
+
quad(profilePolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), profileGraph),
|
|
80
|
+
quad(profilePolicy, namedNode(`${ACP}anyOf`), profileMatcher, profileGraph),
|
|
81
|
+
quad(profileMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), profileGraph),
|
|
82
|
+
quad(profileMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), profileGraph),
|
|
65
83
|
quad(card, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), cardGraph),
|
|
66
84
|
quad(card, namedNode(`${ACP}resource`), namedNode(input.cardUrl), cardGraph),
|
|
67
85
|
quad(card, namedNode(`${ACP}accessControl`), cardPublicRead, cardGraph),
|
|
@@ -74,13 +92,17 @@ function buildAcpQuads(input, rootAcrUrl, cardAcrUrl) {
|
|
|
74
92
|
quad(cardMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), cardGraph),
|
|
75
93
|
];
|
|
76
94
|
}
|
|
77
|
-
function buildWebAclQuads(input, rootAclUrl, cardAclUrl) {
|
|
95
|
+
function buildWebAclQuads(input, rootAclUrl, profileAclUrl, cardAclUrl) {
|
|
78
96
|
const rootGraph = namedNode(rootAclUrl);
|
|
97
|
+
const profileGraph = namedNode(profileAclUrl);
|
|
79
98
|
const cardGraph = namedNode(cardAclUrl);
|
|
80
99
|
const rootPublic = namedNode(`${rootAclUrl}#public`);
|
|
81
100
|
const rootOwner = namedNode(`${rootAclUrl}#owner`);
|
|
101
|
+
const profilePublic = namedNode(`${profileAclUrl}#public`);
|
|
102
|
+
const profileOwner = namedNode(`${profileAclUrl}#owner`);
|
|
82
103
|
const cardPublic = namedNode(`${cardAclUrl}#public`);
|
|
83
104
|
const cardOwner = namedNode(`${cardAclUrl}#owner`);
|
|
105
|
+
const profileUrl = input.iri(input.podUrl, 'profile/');
|
|
84
106
|
return [
|
|
85
107
|
quad(rootPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), rootGraph),
|
|
86
108
|
quad(rootPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), rootGraph),
|
|
@@ -93,6 +115,16 @@ function buildWebAclQuads(input, rootAclUrl, cardAclUrl) {
|
|
|
93
115
|
quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), rootGraph),
|
|
94
116
|
quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), rootGraph),
|
|
95
117
|
quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), rootGraph),
|
|
118
|
+
quad(profilePublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), profileGraph),
|
|
119
|
+
quad(profilePublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), profileGraph),
|
|
120
|
+
quad(profilePublic, namedNode(`${ACL}accessTo`), namedNode(profileUrl), profileGraph),
|
|
121
|
+
quad(profilePublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), profileGraph),
|
|
122
|
+
quad(profileOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), profileGraph),
|
|
123
|
+
quad(profileOwner, namedNode(`${ACL}agent`), namedNode(input.webId), profileGraph),
|
|
124
|
+
quad(profileOwner, namedNode(`${ACL}accessTo`), namedNode(profileUrl), profileGraph),
|
|
125
|
+
quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), profileGraph),
|
|
126
|
+
quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), profileGraph),
|
|
127
|
+
quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), profileGraph),
|
|
96
128
|
quad(cardPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), cardGraph),
|
|
97
129
|
quad(cardPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), cardGraph),
|
|
98
130
|
quad(cardPublic, namedNode(`${ACL}accessTo`), namedNode(input.cardUrl), cardGraph),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PodAuthorizationResources.js","sourceRoot":"","sources":["../../src/authorization/PodAuthorizationResources.ts"],"names":[],"mappings":";;AAkCA,wEAeC;AAjDD,2BAAiC;AAGjC,yCAA+C;AAE/C,MAAM,GAAG,GAAG,6CAA6C,CAAC;AAC1D,MAAM,IAAI,GAAG,4BAA4B,CAAC;AAC1C,MAAM,GAAG,GAAG,gCAAgC,CAAC;AAC7C,MAAM,GAAG,GAAG,iCAAiC,CAAC;AAE9C,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,gBAAW,CAAC;AAoBnD,SAAS,uBAAuB,CAAC,QAAkB;IACjD,OAAO,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5C,CAAC;AAED,SAAgB,8BAA8B,CAAC,KAAoC;IACjF,MAAM,QAAQ,GAAG,IAAA,4BAAiB,EAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAC1G,MAAM,KAAK,GAAG,IAAI,KAAK,KAAK;QAC1B,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,eAAe,EAAE,eAAe,CAAC;QAC3D,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;IAE3D,OAAO;QACL,IAAI;QACJ,eAAe;QACf,eAAe;QACf,KAAK;KACN,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAoC,EAAE,UAAkB,EAAE,UAAkB;IACjG,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,UAAU,OAAO,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,UAAU,mBAAmB,CAAC,CAAC;IACnE,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,UAAU,kBAAkB,CAAC,CAAC;IACjE,MAAM,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAClF,MAAM,iBAAiB,GAAG,SAAS,CAAC,kBAAkB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACpF,MAAM,eAAe,GAAG,SAAS,CAAC,gBAAgB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAChF,MAAM,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAClF,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,UAAU,OAAO,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,UAAU,mBAAmB,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,SAAS,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,SAAS,CAAC,gBAAgB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAE5E,OAAO;QACL,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,uBAAuB,CAAC,EAAE,SAAS,CAAC;QACxF,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAC3E,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,cAAc,EAAE,SAAS,CAAC;QACvE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC;QACtE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,qBAAqB,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QAC1F,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,iBAAiB,EAAE,SAAS,CAAC;QAC9E,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACvF,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,SAAS,CAAC;QAC5F,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACzF,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,eAAe,EAAE,SAAS,CAAC;QACzE,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QACnF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAEnF,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,uBAAuB,CAAC,EAAE,SAAS,CAAC;QACxF,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,cAAc,EAAE,SAAS,CAAC;QACvE,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QAC1F,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,SAAS,CAAC;QACrE,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QAC/E,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC9E,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,WAAW,EAAE,SAAS,CAAC;QAClE,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAoC,EAAE,UAAkB,EAAE,UAAkB;IACpG,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,UAAU,SAAS,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,UAAU,QAAQ,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,UAAU,SAAS,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,UAAU,QAAQ,CAAC,CAAC;IAEnD,OAAO;QACL,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAChF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAC/E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QAE/E,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QAClF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;KAChF,CAAC;AACJ,CAAC","sourcesContent":["import { DataFactory } from 'n3';\nimport type { Quad } from '@rdfjs/types';\nimport type { AuthMode } from './AuthMode';\nimport { normalizeAuthMode } from './AuthMode';\n\nconst RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';\nconst FOAF = 'http://xmlns.com/foaf/0.1/';\nconst ACL = 'http://www.w3.org/ns/auth/acl#';\nconst ACP = 'http://www.w3.org/ns/solid/acp#';\n\nconst { blankNode, namedNode, quad } = DataFactory;\n\nexport type PodAuthorizationResourceKind = 'acp' | 'acl';\n\nexport interface PodAuthorizationResourceInput {\n authMode: AuthMode | string | undefined;\n podUrl: string;\n cardUrl: string;\n webId: string;\n stableId: (input: string) => string;\n iri: (base: string, relative: string) => string;\n}\n\nexport interface PodAuthorizationResourceOutput {\n kind: PodAuthorizationResourceKind;\n rootResourceUrl: string;\n cardResourceUrl: string;\n quads: Quad[];\n}\n\nfunction resourceKindForAuthMode(authMode: AuthMode): PodAuthorizationResourceKind {\n return authMode === 'acl' ? 'acl' : 'acp';\n}\n\nexport function buildPodAuthorizationResources(input: PodAuthorizationResourceInput): PodAuthorizationResourceOutput {\n const authMode = normalizeAuthMode(input.authMode);\n const kind = resourceKindForAuthMode(authMode);\n const rootResourceUrl = input.iri(input.podUrl, kind === 'acl' ? '.acl' : '.acr');\n const cardResourceUrl = input.iri(input.podUrl, kind === 'acl' ? 'profile/card.acl' : 'profile/card.acr');\n const quads = kind === 'acl'\n ? buildWebAclQuads(input, rootResourceUrl, cardResourceUrl)\n : buildAcpQuads(input, rootResourceUrl, cardResourceUrl);\n\n return {\n kind,\n rootResourceUrl,\n cardResourceUrl,\n quads,\n };\n}\n\nfunction buildAcpQuads(input: PodAuthorizationResourceInput, rootAcrUrl: string, cardAcrUrl: string): Quad[] {\n const rootGraph = namedNode(rootAcrUrl);\n const cardGraph = namedNode(cardAcrUrl);\n const root = namedNode(`${rootAcrUrl}#root`);\n const rootPublicRead = namedNode(`${rootAcrUrl}#publicReadAccess`);\n const rootFullOwner = namedNode(`${rootAcrUrl}#fullOwnerAccess`);\n const rootPublicPolicy = blankNode(`public-policy-${input.stableId(rootAcrUrl)}`);\n const rootPublicMatcher = blankNode(`public-matcher-${input.stableId(rootAcrUrl)}`);\n const rootOwnerPolicy = blankNode(`owner-policy-${input.stableId(rootAcrUrl)}`);\n const rootOwnerMatcher = blankNode(`owner-matcher-${input.stableId(rootAcrUrl)}`);\n const card = namedNode(`${cardAcrUrl}#card`);\n const cardPublicRead = namedNode(`${cardAcrUrl}#publicReadAccess`);\n const cardPolicy = blankNode(`card-policy-${input.stableId(cardAcrUrl)}`);\n const cardMatcher = blankNode(`card-matcher-${input.stableId(cardAcrUrl)}`);\n\n return [\n quad(root, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), rootGraph),\n quad(root, namedNode(`${ACP}resource`), namedNode(input.podUrl), rootGraph),\n quad(root, namedNode(`${ACP}accessControl`), rootPublicRead, rootGraph),\n quad(root, namedNode(`${ACP}accessControl`), rootFullOwner, rootGraph),\n quad(root, namedNode(`${ACP}memberAccessControl`), rootFullOwner, rootGraph),\n quad(rootPublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), rootGraph),\n quad(rootPublicRead, namedNode(`${ACP}apply`), rootPublicPolicy, rootGraph),\n quad(rootPublicPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), rootGraph),\n quad(rootPublicPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootPublicPolicy, namedNode(`${ACP}anyOf`), rootPublicMatcher, rootGraph),\n quad(rootPublicMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), rootGraph),\n quad(rootPublicMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), rootGraph),\n quad(rootFullOwner, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), rootGraph),\n quad(rootFullOwner, namedNode(`${ACP}apply`), rootOwnerPolicy, rootGraph),\n quad(rootOwnerPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Write`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Control`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}anyOf`), rootOwnerMatcher, rootGraph),\n quad(rootOwnerMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), rootGraph),\n quad(rootOwnerMatcher, namedNode(`${ACP}agent`), namedNode(input.webId), rootGraph),\n\n quad(card, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), cardGraph),\n quad(card, namedNode(`${ACP}resource`), namedNode(input.cardUrl), cardGraph),\n quad(card, namedNode(`${ACP}accessControl`), cardPublicRead, cardGraph),\n quad(cardPublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), cardGraph),\n quad(cardPublicRead, namedNode(`${ACP}apply`), cardPolicy, cardGraph),\n quad(cardPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), cardGraph),\n quad(cardPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardPolicy, namedNode(`${ACP}anyOf`), cardMatcher, cardGraph),\n quad(cardMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), cardGraph),\n quad(cardMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), cardGraph),\n ];\n}\n\nfunction buildWebAclQuads(input: PodAuthorizationResourceInput, rootAclUrl: string, cardAclUrl: string): Quad[] {\n const rootGraph = namedNode(rootAclUrl);\n const cardGraph = namedNode(cardAclUrl);\n const rootPublic = namedNode(`${rootAclUrl}#public`);\n const rootOwner = namedNode(`${rootAclUrl}#owner`);\n const cardPublic = namedNode(`${cardAclUrl}#public`);\n const cardOwner = namedNode(`${cardAclUrl}#owner`);\n\n return [\n quad(rootPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), rootGraph),\n quad(rootPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), rootGraph),\n quad(rootPublic, namedNode(`${ACL}accessTo`), namedNode(input.podUrl), rootGraph),\n quad(rootPublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}agent`), namedNode(input.webId), rootGraph),\n quad(rootOwner, namedNode(`${ACL}accessTo`), namedNode(input.podUrl), rootGraph),\n quad(rootOwner, namedNode(`${ACL}default`), namedNode(input.podUrl), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), rootGraph),\n\n quad(cardPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), cardGraph),\n quad(cardPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), cardGraph),\n quad(cardPublic, namedNode(`${ACL}accessTo`), namedNode(input.cardUrl), cardGraph),\n quad(cardPublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}agent`), namedNode(input.webId), cardGraph),\n quad(cardOwner, namedNode(`${ACL}accessTo`), namedNode(input.cardUrl), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), cardGraph),\n ];\n}\n"]}
|
|
1
|
+
{"version":3,"file":"PodAuthorizationResources.js","sourceRoot":"","sources":["../../src/authorization/PodAuthorizationResources.ts"],"names":[],"mappings":";;AAmCA,wEAiBC;AApDD,2BAAiC;AAGjC,yCAA+C;AAE/C,MAAM,GAAG,GAAG,6CAA6C,CAAC;AAC1D,MAAM,IAAI,GAAG,4BAA4B,CAAC;AAC1C,MAAM,GAAG,GAAG,gCAAgC,CAAC;AAC7C,MAAM,GAAG,GAAG,iCAAiC,CAAC;AAE9C,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,gBAAW,CAAC;AAqBnD,SAAS,uBAAuB,CAAC,QAAkB;IACjD,OAAO,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5C,CAAC;AAED,SAAgB,8BAA8B,CAAC,KAAoC;IACjF,MAAM,QAAQ,GAAG,IAAA,4BAAiB,EAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,kBAAkB,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;IACrG,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAC1G,MAAM,KAAK,GAAG,IAAI,KAAK,KAAK;QAC1B,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,eAAe,CAAC;QAC/E,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,eAAe,CAAC,CAAC;IAE/E,OAAO;QACL,IAAI;QACJ,eAAe;QACf,kBAAkB;QAClB,eAAe;QACf,KAAK;KACN,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CACpB,KAAoC,EACpC,UAAkB,EAClB,aAAqB,EACrB,UAAkB;IAElB,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,UAAU,OAAO,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,UAAU,mBAAmB,CAAC,CAAC;IACnE,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,UAAU,kBAAkB,CAAC,CAAC;IACjE,MAAM,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAClF,MAAM,iBAAiB,GAAG,SAAS,CAAC,kBAAkB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACpF,MAAM,eAAe,GAAG,SAAS,CAAC,gBAAgB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAChF,MAAM,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAClF,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,aAAa,UAAU,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,SAAS,CAAC,GAAG,aAAa,mBAAmB,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,SAAS,CAAC,kBAAkB,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACnF,MAAM,cAAc,GAAG,SAAS,CAAC,mBAAmB,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACrF,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,UAAU,OAAO,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,UAAU,mBAAmB,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,SAAS,CAAC,eAAe,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,SAAS,CAAC,gBAAgB,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAEvD,OAAO;QACL,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,uBAAuB,CAAC,EAAE,SAAS,CAAC;QACxF,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAC3E,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,cAAc,EAAE,SAAS,CAAC;QACvE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC;QACtE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,qBAAqB,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QAC1F,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,iBAAiB,EAAE,SAAS,CAAC;QAC9E,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACvF,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,SAAS,CAAC;QAC5F,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACzF,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,eAAe,EAAE,SAAS,CAAC;QACzE,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QACnF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QACpF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAEnF,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,uBAAuB,CAAC,EAAE,YAAY,CAAC;QAC9F,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC;QAC/E,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,iBAAiB,EAAE,YAAY,CAAC;QAChF,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,YAAY,CAAC;QAChG,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,aAAa,EAAE,YAAY,CAAC;QAC9E,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,YAAY,CAAC;QACrF,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,YAAY,CAAC;QACpF,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,cAAc,EAAE,YAAY,CAAC;QAC3E,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,YAAY,CAAC;QACvF,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,YAAY,CAAC;QAE5F,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,uBAAuB,CAAC,EAAE,SAAS,CAAC;QACxF,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,cAAc,EAAE,SAAS,CAAC;QACvE,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QAC1F,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,UAAU,EAAE,SAAS,CAAC;QACrE,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,QAAQ,CAAC,EAAE,SAAS,CAAC;QAC/E,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC9E,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,WAAW,EAAE,SAAS,CAAC;QAClE,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAoC,EACpC,UAAkB,EAClB,aAAqB,EACrB,UAAkB;IAElB,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,UAAU,SAAS,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,UAAU,QAAQ,CAAC,CAAC;IACnD,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,aAAa,SAAS,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,aAAa,QAAQ,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,UAAU,SAAS,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,UAAU,QAAQ,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAEvD,OAAO;QACL,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAChF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC;QAC/E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;QAE/E,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,YAAY,CAAC;QAC5F,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,YAAY,CAAC;QAC3F,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC;QACrF,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,YAAY,CAAC;QACnF,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,YAAY,CAAC;QAC3F,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,YAAY,CAAC;QAClF,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC;QACpF,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,YAAY,CAAC;QAClF,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,YAAY,CAAC;QACnF,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,YAAY,CAAC;QAErF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACtF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QAClF,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,eAAe,CAAC,EAAE,SAAS,CAAC;QACrF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;QACjF,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,SAAS,CAAC;QAC7E,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,SAAS,CAAC;KAChF,CAAC;AACJ,CAAC","sourcesContent":["import { DataFactory } from 'n3';\nimport type { Quad } from '@rdfjs/types';\nimport type { AuthMode } from './AuthMode';\nimport { normalizeAuthMode } from './AuthMode';\n\nconst RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';\nconst FOAF = 'http://xmlns.com/foaf/0.1/';\nconst ACL = 'http://www.w3.org/ns/auth/acl#';\nconst ACP = 'http://www.w3.org/ns/solid/acp#';\n\nconst { blankNode, namedNode, quad } = DataFactory;\n\nexport type PodAuthorizationResourceKind = 'acp' | 'acl';\n\nexport interface PodAuthorizationResourceInput {\n authMode: AuthMode | string | undefined;\n podUrl: string;\n cardUrl: string;\n webId: string;\n stableId: (input: string) => string;\n iri: (base: string, relative: string) => string;\n}\n\nexport interface PodAuthorizationResourceOutput {\n kind: PodAuthorizationResourceKind;\n rootResourceUrl: string;\n profileResourceUrl: string;\n cardResourceUrl: string;\n quads: Quad[];\n}\n\nfunction resourceKindForAuthMode(authMode: AuthMode): PodAuthorizationResourceKind {\n return authMode === 'acl' ? 'acl' : 'acp';\n}\n\nexport function buildPodAuthorizationResources(input: PodAuthorizationResourceInput): PodAuthorizationResourceOutput {\n const authMode = normalizeAuthMode(input.authMode);\n const kind = resourceKindForAuthMode(authMode);\n const rootResourceUrl = input.iri(input.podUrl, kind === 'acl' ? '.acl' : '.acr');\n const profileResourceUrl = input.iri(input.podUrl, kind === 'acl' ? 'profile/.acl' : 'profile/.acr');\n const cardResourceUrl = input.iri(input.podUrl, kind === 'acl' ? 'profile/card.acl' : 'profile/card.acr');\n const quads = kind === 'acl'\n ? buildWebAclQuads(input, rootResourceUrl, profileResourceUrl, cardResourceUrl)\n : buildAcpQuads(input, rootResourceUrl, profileResourceUrl, cardResourceUrl);\n\n return {\n kind,\n rootResourceUrl,\n profileResourceUrl,\n cardResourceUrl,\n quads,\n };\n}\n\nfunction buildAcpQuads(\n input: PodAuthorizationResourceInput,\n rootAcrUrl: string,\n profileAcrUrl: string,\n cardAcrUrl: string,\n): Quad[] {\n const rootGraph = namedNode(rootAcrUrl);\n const profileGraph = namedNode(profileAcrUrl);\n const cardGraph = namedNode(cardAcrUrl);\n const root = namedNode(`${rootAcrUrl}#root`);\n const rootPublicRead = namedNode(`${rootAcrUrl}#publicReadAccess`);\n const rootFullOwner = namedNode(`${rootAcrUrl}#fullOwnerAccess`);\n const rootPublicPolicy = blankNode(`public-policy-${input.stableId(rootAcrUrl)}`);\n const rootPublicMatcher = blankNode(`public-matcher-${input.stableId(rootAcrUrl)}`);\n const rootOwnerPolicy = blankNode(`owner-policy-${input.stableId(rootAcrUrl)}`);\n const rootOwnerMatcher = blankNode(`owner-matcher-${input.stableId(rootAcrUrl)}`);\n const profile = namedNode(`${profileAcrUrl}#profile`);\n const profilePublicRead = namedNode(`${profileAcrUrl}#publicReadAccess`);\n const profilePolicy = blankNode(`profile-policy-${input.stableId(profileAcrUrl)}`);\n const profileMatcher = blankNode(`profile-matcher-${input.stableId(profileAcrUrl)}`);\n const card = namedNode(`${cardAcrUrl}#card`);\n const cardPublicRead = namedNode(`${cardAcrUrl}#publicReadAccess`);\n const cardPolicy = blankNode(`card-policy-${input.stableId(cardAcrUrl)}`);\n const cardMatcher = blankNode(`card-matcher-${input.stableId(cardAcrUrl)}`);\n const profileUrl = input.iri(input.podUrl, 'profile/');\n\n return [\n quad(root, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), rootGraph),\n quad(root, namedNode(`${ACP}resource`), namedNode(input.podUrl), rootGraph),\n quad(root, namedNode(`${ACP}accessControl`), rootPublicRead, rootGraph),\n quad(root, namedNode(`${ACP}accessControl`), rootFullOwner, rootGraph),\n quad(root, namedNode(`${ACP}memberAccessControl`), rootFullOwner, rootGraph),\n quad(rootPublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), rootGraph),\n quad(rootPublicRead, namedNode(`${ACP}apply`), rootPublicPolicy, rootGraph),\n quad(rootPublicPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), rootGraph),\n quad(rootPublicPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootPublicPolicy, namedNode(`${ACP}anyOf`), rootPublicMatcher, rootGraph),\n quad(rootPublicMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), rootGraph),\n quad(rootPublicMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), rootGraph),\n quad(rootFullOwner, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), rootGraph),\n quad(rootFullOwner, namedNode(`${ACP}apply`), rootOwnerPolicy, rootGraph),\n quad(rootOwnerPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Write`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Control`), rootGraph),\n quad(rootOwnerPolicy, namedNode(`${ACP}anyOf`), rootOwnerMatcher, rootGraph),\n quad(rootOwnerMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), rootGraph),\n quad(rootOwnerMatcher, namedNode(`${ACP}agent`), namedNode(input.webId), rootGraph),\n\n quad(profile, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), profileGraph),\n quad(profile, namedNode(`${ACP}resource`), namedNode(profileUrl), profileGraph),\n quad(profile, namedNode(`${ACP}accessControl`), profilePublicRead, profileGraph),\n quad(profilePublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), profileGraph),\n quad(profilePublicRead, namedNode(`${ACP}apply`), profilePolicy, profileGraph),\n quad(profilePolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), profileGraph),\n quad(profilePolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), profileGraph),\n quad(profilePolicy, namedNode(`${ACP}anyOf`), profileMatcher, profileGraph),\n quad(profileMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), profileGraph),\n quad(profileMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), profileGraph),\n\n quad(card, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControlResource`), cardGraph),\n quad(card, namedNode(`${ACP}resource`), namedNode(input.cardUrl), cardGraph),\n quad(card, namedNode(`${ACP}accessControl`), cardPublicRead, cardGraph),\n quad(cardPublicRead, namedNode(`${RDF}type`), namedNode(`${ACP}AccessControl`), cardGraph),\n quad(cardPublicRead, namedNode(`${ACP}apply`), cardPolicy, cardGraph),\n quad(cardPolicy, namedNode(`${RDF}type`), namedNode(`${ACP}Policy`), cardGraph),\n quad(cardPolicy, namedNode(`${ACP}allow`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardPolicy, namedNode(`${ACP}anyOf`), cardMatcher, cardGraph),\n quad(cardMatcher, namedNode(`${RDF}type`), namedNode(`${ACP}Matcher`), cardGraph),\n quad(cardMatcher, namedNode(`${ACP}agent`), namedNode(`${ACP}PublicAgent`), cardGraph),\n ];\n}\n\nfunction buildWebAclQuads(\n input: PodAuthorizationResourceInput,\n rootAclUrl: string,\n profileAclUrl: string,\n cardAclUrl: string,\n): Quad[] {\n const rootGraph = namedNode(rootAclUrl);\n const profileGraph = namedNode(profileAclUrl);\n const cardGraph = namedNode(cardAclUrl);\n const rootPublic = namedNode(`${rootAclUrl}#public`);\n const rootOwner = namedNode(`${rootAclUrl}#owner`);\n const profilePublic = namedNode(`${profileAclUrl}#public`);\n const profileOwner = namedNode(`${profileAclUrl}#owner`);\n const cardPublic = namedNode(`${cardAclUrl}#public`);\n const cardOwner = namedNode(`${cardAclUrl}#owner`);\n const profileUrl = input.iri(input.podUrl, 'profile/');\n\n return [\n quad(rootPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), rootGraph),\n quad(rootPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), rootGraph),\n quad(rootPublic, namedNode(`${ACL}accessTo`), namedNode(input.podUrl), rootGraph),\n quad(rootPublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}agent`), namedNode(input.webId), rootGraph),\n quad(rootOwner, namedNode(`${ACL}accessTo`), namedNode(input.podUrl), rootGraph),\n quad(rootOwner, namedNode(`${ACL}default`), namedNode(input.podUrl), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), rootGraph),\n quad(rootOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), rootGraph),\n\n quad(profilePublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), profileGraph),\n quad(profilePublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), profileGraph),\n quad(profilePublic, namedNode(`${ACL}accessTo`), namedNode(profileUrl), profileGraph),\n quad(profilePublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), profileGraph),\n quad(profileOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), profileGraph),\n quad(profileOwner, namedNode(`${ACL}agent`), namedNode(input.webId), profileGraph),\n quad(profileOwner, namedNode(`${ACL}accessTo`), namedNode(profileUrl), profileGraph),\n quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), profileGraph),\n quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), profileGraph),\n quad(profileOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), profileGraph),\n\n quad(cardPublic, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), cardGraph),\n quad(cardPublic, namedNode(`${ACL}agentClass`), namedNode(`${FOAF}Agent`), cardGraph),\n quad(cardPublic, namedNode(`${ACL}accessTo`), namedNode(input.cardUrl), cardGraph),\n quad(cardPublic, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardOwner, namedNode(`${RDF}type`), namedNode(`${ACL}Authorization`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}agent`), namedNode(input.webId), cardGraph),\n quad(cardOwner, namedNode(`${ACL}accessTo`), namedNode(input.cardUrl), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Read`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Write`), cardGraph),\n quad(cardOwner, namedNode(`${ACL}mode`), namedNode(`${ACL}Control`), cardGraph),\n ];\n}\n"]}
|
|
@@ -223,12 +223,14 @@ class LocalPodProvisioningService {
|
|
|
223
223
|
out.push(quad(namedNode(root), namedNode(`${LDP}contains`), namedNode(podUrl), rootGraph));
|
|
224
224
|
out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.rootResourceUrl), podGraph));
|
|
225
225
|
out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(profileUrl), podGraph));
|
|
226
|
+
out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.profileResourceUrl), profileGraph));
|
|
226
227
|
out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(cardUrl), profileGraph));
|
|
227
228
|
out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.cardResourceUrl), profileGraph));
|
|
228
229
|
addContainerMeta(root);
|
|
229
230
|
addContainerMeta(podUrl, true);
|
|
230
231
|
addContainerMeta(profileUrl);
|
|
231
232
|
addDocumentMeta(authorizationResources.rootResourceUrl);
|
|
233
|
+
addDocumentMeta(authorizationResources.profileResourceUrl);
|
|
232
234
|
addDocumentMeta(cardUrl);
|
|
233
235
|
addDocumentMeta(authorizationResources.cardResourceUrl);
|
|
234
236
|
out.push(quad(namedNode(cardUrl), namedNode(`${RDF}type`), namedNode(`${FOAF}PersonalProfileDocument`), cardGraph));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LocalPodProvisioningService.js","sourceRoot":"","sources":["../../src/provision/LocalPodProvisioningService.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AACzC,qCAAyC;AACzC,0DAA6B;AAC7B,2BAAiC;AAEjC,iEAAqD;AACrD,kEAA2D;AAC3D,4DAAiF;AAEjF,0FAA4F;AAC5F,8DAA2D;AAE3D,MAAM,GAAG,GAAG,6CAA6C,CAAC;AAC1D,MAAM,GAAG,GAAG,2BAA2B,CAAC;AACxC,MAAM,GAAG,GAAG,2BAA2B,CAAC;AACxC,MAAM,EAAE,GAAG,8BAA8B,CAAC;AAC1C,MAAM,GAAG,GAAG,iCAAiC,CAAC;AAC9C,MAAM,IAAI,GAAG,4BAA4B,CAAC;AAC1C,MAAM,KAAK,GAAG,mCAAmC,CAAC;AAElD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,gBAAW,CAAC;AAwBjD,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa,EAAE,KAAa;IACrD,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qDAAqD,KAAK,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,GAAG,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1E,OAAO;QACL,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE;QACvB,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE;QAC/G,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KAClB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAyB;IACrD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,UAA8B,EAAE,OAAe;IAC3E,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,OAAO,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/G,CAAC;AAED,SAAS,iBAAiB,CAAC,EAAkB;IAC3C,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;GAgBP,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,EAAkB;IAC/C,EAAE,CAAC,IAAI,CAAC;;;;;;GAMP,CAAC,CAAC;AACL,CAAC;AAED,SAAS,IAAI,CAAC,QAAgB;IAC5B,OAAO,QAAQ,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,GAAG,CAAC,IAAY,EAAE,QAAgB;IACzC,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,MAAa,2BAA2B;IAWtC,YAAmB,OAA2C;QAV7C,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAQ5B,kBAAa,GAAG,IAAA,gCAAgB,GAAE,CAAC;QAGlD,IAAI,CAAC,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC,OAAO,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QAChF,IAAI,CAAC,cAAc,GAAG,iBAAiB,CAAC,OAAO,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;QAChF,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3F,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,KAAgC;QACrD,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9G,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,iBAAiB,CAAC;QAChH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC;QAClF,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,KAAK,IAAI,KAAK,EAAE,CAAC,CAAC;QACtD,MAAM,WAAW,GAAG,UAAU,CAAC,aAAa,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC;QAElE,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAErF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,MAAM,QAAQ,KAAK,EAAE,CAAC,CAAC;QACjE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,gBAAyC;QACrF,MAAM,OAAO,GAAG,mBAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,kBAAE,CAAC,KAAK,CAAC,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnE,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,UAAU,GAAG,mBAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,mBAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAChD,MAAM,kBAAE,CAAC,KAAK,CAAC,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,kBAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,KAAa;QAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9D,IAAI,CAAC;YACH,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAA,yBAAS,EAAC,KAAK,CAAC,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAU,CAAC;YAClF,CAAC,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;OAGzB,CAAC,CAAC;YAEH,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;gBAClB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,KAAa;QACjC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,2BAAY,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,KAAK,CAAC,IAAI,EAAE,CAAC;YACb,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;gBAAS,CAAC;YACT,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAyD;QACxG,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC;QAC1B,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAC5C,MAAM,sBAAsB,GAAG,IAAA,0DAA8B,EAAC;YAC5D,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM;YACN,OAAO;YACP,KAAK;YACL,QAAQ,EAAE,UAAU;YACpB,GAAG;SACJ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,GAAG,GAAW,EAAE,CAAC;QAEvB,MAAM,GAAG,GAAG,CAAC,KAAa,EAAE,OAAe,EAAE,SAAiB,EAAE,MAAc,EAAQ,EAAE;YACtF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChG,CAAC,CAAC;QACF,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,OAAe,EAAE,SAAiB,EAAE,KAAa,EAAQ,EAAE;YAC5F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7F,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,KAAa,EAAE,OAAe,EAAQ,EAAE;YACvD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,2CAA2C,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1J,CAAC,CAAC;QACF,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAE,OAAO,GAAG,KAAK,EAAQ,EAAE;YACnE,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACzB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,UAAU,CAAC,CAAC;YACrD,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,WAAW,CAAC,CAAC;YACtD,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,gBAAgB,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC;YACtD,CAAC;YACD,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC/D,CAAC,CAAC;QACF,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAQ,EAAE;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACzB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,UAAU,CAAC,CAAC;QACvD,CAAC,CAAC;QAEF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC5H,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QACrG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QAEpI,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACvB,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC/B,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,eAAe,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;QACxD,eAAe,CAAC,OAAO,CAAC,CAAC;QACzB,eAAe,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;QAExD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,yBAAyB,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QACpH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAClG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QACjG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,YAAY,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpG,GAAG,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE1C,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,oBAAoB,CAAC,KAO5B;QACC,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,qBAAqB,CAAC,EAAE,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG;gBACd,iBAAiB,EAAE,CAAC;gBACpB,EAAE,EAAE,KAAK,CAAC,SAAS;gBACnB,SAAS,EAAE;oBACT,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;wBACb,OAAO,EAAE,KAAK,CAAC,MAAM;wBACrB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,EAAE,EAAE,KAAK,CAAC,KAAK;wBACf,WAAW,EAAE;4BACX,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;gCACf,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAE,KAAK;gCACd,EAAE,EAAE,KAAK,CAAC,OAAO;6BAClB;yBACF;qBACF;iBACF;gBACD,eAAe,EAAE;oBACf,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;wBACnB,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,EAAE,EAAE,KAAK,CAAC,WAAW;qBACtB;iBACF;aACF,CAAC;YAEF,MAAM,IAAI,GAA4B;gBACpC,CAAC,iBAAiB,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC7D,CAAC,sBAAsB,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxE,CAAC,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACrG,CAAC,wBAAwB,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC5E,CAAC,4BAA4B,KAAK,CAAC,WAAW,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACpF,CAAC,kCAAkC,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;aACzG,CAAC;YACF,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;;OAIzB,CAAC,CAAC;YAEH,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;gBAClB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;CACF;AAlOD,kEAkOC","sourcesContent":["import { createHash } from 'node:crypto';\nimport { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { DataFactory } from 'n3';\nimport type { Quad } from '@rdfjs/types';\nimport { getLoggerFor } from 'global-logger-factory';\nimport { quadToRow } from '../storage/quint/serialization';\nimport { getSqliteRuntime, type SqliteDatabase } from '../storage/SqliteRuntime';\nimport type { AuthMode } from '../authorization/AuthMode';\nimport { buildPodAuthorizationResources } from '../authorization/PodAuthorizationResources';\nimport { RdfQuadIndex } from '../storage/rdf/RdfQuadIndex';\n\nconst RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';\nconst LDP = 'http://www.w3.org/ns/ldp#';\nconst DCT = 'http://purl.org/dc/terms/';\nconst MA = 'http://www.w3.org/ns/ma-ont#';\nconst PIM = 'http://www.w3.org/ns/pim/space#';\nconst FOAF = 'http://xmlns.com/foaf/0.1/';\nconst SOLID = 'http://www.w3.org/ns/solid/terms#';\n\nconst { literal, namedNode, quad } = DataFactory;\n\nexport interface LocalPodProvisioningInput {\n podName: string;\n webId?: string;\n initialResources?: Record<string, string>;\n}\n\nexport interface LocalPodProvisioningResult {\n podUrl: string;\n accountId: string;\n podId: string;\n}\n\nexport interface LocalPodProvisioningServiceOptions {\n baseUrl: string;\n rootDir: string;\n sparqlEndpoint: string;\n identityDbUrl: string;\n rdfIndexPath?: string;\n oidcIssuer?: string;\n authMode?: AuthMode | string;\n}\n\nfunction ensureTrailingSlash(url: string): string {\n return url.endsWith('/') ? url : `${url}/`;\n}\n\nfunction stripSqlitePrefix(value: string, label: string): string {\n if (value.startsWith('sqlite:')) {\n return value.slice('sqlite:'.length);\n }\n if (value === ':memory:') {\n return value;\n }\n if (/^[a-z][a-z0-9+.-]*:/iu.test(value)) {\n throw new Error(`${label} must be a sqlite URL for local Pod provisioning: ${value}`);\n }\n return value;\n}\n\nfunction stableUuid(input: string): string {\n const hex = createHash('sha256').update(input).digest('hex').slice(0, 32);\n return [\n hex.slice(0, 8),\n hex.slice(8, 12),\n `4${hex.slice(13, 16)}`,\n `${((Number.parseInt(hex.slice(16, 18), 16) & 0x3f) | 0x80).toString(16).padStart(2, '0')}${hex.slice(18, 20)}`,\n hex.slice(20, 32),\n ].join('-');\n}\n\nfunction inferIssuerFromWebId(webId: string | undefined): string | undefined {\n if (!webId) {\n return undefined;\n }\n try {\n const url = new URL(webId);\n return `${url.origin}/`;\n } catch {\n return undefined;\n }\n}\n\nfunction buildWebIdFromIssuer(oidcIssuer: string | undefined, podName: string): string | undefined {\n if (!oidcIssuer) {\n return undefined;\n }\n return new URL(`${encodeURIComponent(podName)}/profile/card#me`, ensureTrailingSlash(oidcIssuer)).toString();\n}\n\nfunction createQuintsTable(db: SqliteDatabase): void {\n db.exec(`\n CREATE TABLE IF NOT EXISTS quints (\n graph TEXT NOT NULL,\n subject TEXT NOT NULL,\n predicate TEXT NOT NULL,\n object TEXT NOT NULL,\n vector TEXT,\n PRIMARY KEY (graph, subject, predicate, object)\n );\n\n CREATE INDEX IF NOT EXISTS idx_spog ON quints (subject, predicate, object, graph);\n CREATE INDEX IF NOT EXISTS idx_ogsp ON quints (object, graph, subject, predicate);\n CREATE INDEX IF NOT EXISTS idx_gspo ON quints (graph, subject, predicate, object);\n CREATE INDEX IF NOT EXISTS idx_sopg ON quints (subject, object, predicate, graph);\n CREATE INDEX IF NOT EXISTS idx_pogs ON quints (predicate, object, graph, subject);\n CREATE INDEX IF NOT EXISTS idx_gpos ON quints (graph, predicate, object, subject);\n `);\n}\n\nfunction createInternalKvTable(db: SqliteDatabase): void {\n db.exec(`\n CREATE TABLE IF NOT EXISTS internal_kv (\n key TEXT PRIMARY KEY,\n value TEXT NOT NULL,\n updated_at TEXT NOT NULL DEFAULT (datetime('now'))\n );\n `);\n}\n\nfunction meta(resource: string): string {\n return `meta:${resource}`;\n}\n\nfunction iri(base: string, relative: string): string {\n return new URL(relative, base).toString();\n}\n\nexport class LocalPodProvisioningService {\n private readonly logger = getLoggerFor(this);\n private readonly baseUrl: string;\n private readonly rootDir: string;\n private readonly sparqlDbPath: string;\n private readonly identityDbPath: string;\n private readonly rdfIndexPath?: string;\n private readonly oidcIssuer?: string;\n private readonly authMode?: AuthMode | string;\n private readonly sqliteRuntime = getSqliteRuntime();\n\n public constructor(options: LocalPodProvisioningServiceOptions) {\n this.baseUrl = ensureTrailingSlash(options.baseUrl);\n this.rootDir = options.rootDir;\n this.sparqlDbPath = stripSqlitePrefix(options.sparqlEndpoint, 'sparqlEndpoint');\n this.identityDbPath = stripSqlitePrefix(options.identityDbUrl, 'identityDbUrl');\n this.rdfIndexPath = options.rdfIndexPath;\n this.oidcIssuer = options.oidcIssuer ? ensureTrailingSlash(options.oidcIssuer) : undefined;\n this.authMode = options.authMode;\n }\n\n public async createPod(input: LocalPodProvisioningInput): Promise<LocalPodProvisioningResult> {\n const podUrl = ensureTrailingSlash(new URL(`${encodeURIComponent(input.podName)}/`, this.baseUrl).toString());\n const webId = input.webId ?? buildWebIdFromIssuer(this.oidcIssuer, input.podName) ?? `${podUrl}profile/card#me`;\n const oidcIssuer = this.oidcIssuer ?? inferIssuerFromWebId(webId) ?? this.baseUrl;\n const accountId = stableUuid(`account:${podUrl}:${webId}`);\n const podId = stableUuid(`pod:${podUrl}:${webId}`);\n const ownerId = stableUuid(`owner:${podId}:${webId}`);\n const webIdLinkId = stableUuid(`webIdLink:${accountId}:${webId}`);\n\n await this.createPodFiles(input.podName, input.initialResources);\n const quads = this.buildPodQuads({ podUrl, webId, oidcIssuer });\n this.writeQuints(quads);\n this.writeRdfIndex(quads);\n this.writeIdentityIndexes({ accountId, podId, ownerId, webIdLinkId, podUrl, webId });\n\n this.logger.info(`Provisioned local pod ${podUrl} for ${webId}`);\n return { podUrl, accountId, podId };\n }\n\n private async createPodFiles(podName: string, initialResources?: Record<string, string>): Promise<void> {\n const podPath = path.join(this.rootDir, podName);\n await fs.mkdir(path.join(podPath, 'profile'), { recursive: true });\n\n if (!initialResources) {\n return;\n }\n\n for (const [filename, content] of Object.entries(initialResources)) {\n const normalized = path.normalize(filename);\n if (normalized.startsWith('..') || path.isAbsolute(normalized)) {\n throw new Error(`Invalid initial resource path: ${filename}`);\n }\n const filePath = path.join(podPath, normalized);\n await fs.mkdir(path.dirname(filePath), { recursive: true });\n await fs.writeFile(filePath, content, 'utf8');\n }\n }\n\n private writeQuints(quads: Quad[]): void {\n const db = this.sqliteRuntime.openDatabase(this.sparqlDbPath);\n try {\n createQuintsTable(db);\n const rows = quads.map((entry) => {\n const row = quadToRow(entry);\n return [row.graph, row.subject, row.predicate, row.object, row.vector] as const;\n });\n const insert = db.prepare(`\n INSERT OR IGNORE INTO quints (graph, subject, predicate, object, vector)\n VALUES (?, ?, ?, ?, ?)\n `);\n\n db.transaction(() => {\n for (const row of rows) {\n insert.run(...row);\n }\n })();\n } finally {\n db.close();\n }\n }\n\n private writeRdfIndex(quads: Quad[]): void {\n if (!this.rdfIndexPath) {\n return;\n }\n\n const index = new RdfQuadIndex({ path: this.rdfIndexPath });\n try {\n index.open();\n index.multiPut(quads);\n } finally {\n index.close();\n }\n }\n\n private buildPodQuads({ podUrl, webId, oidcIssuer }: { podUrl: string; webId: string; oidcIssuer: string }): Quad[] {\n const now = new Date().toISOString();\n const root = this.baseUrl;\n const profileUrl = iri(podUrl, 'profile/');\n const cardUrl = iri(podUrl, 'profile/card');\n const authorizationResources = buildPodAuthorizationResources({\n authMode: this.authMode,\n podUrl,\n cardUrl,\n webId,\n stableId: stableUuid,\n iri,\n });\n const rootGraph = namedNode(root);\n const podGraph = namedNode(podUrl);\n const profileGraph = namedNode(profileUrl);\n const cardGraph = namedNode(cardUrl);\n const out: Quad[] = [];\n\n const add = (graph: string, subject: string, predicate: string, object: string): void => {\n out.push(quad(namedNode(subject), namedNode(predicate), namedNode(object), namedNode(graph)));\n };\n const addLiteral = (graph: string, subject: string, predicate: string, value: string): void => {\n out.push(quad(namedNode(subject), namedNode(predicate), literal(value), namedNode(graph)));\n };\n const addDate = (graph: string, subject: string): void => {\n out.push(quad(namedNode(subject), namedNode(`${DCT}modified`), literal(now, namedNode('http://www.w3.org/2001/XMLSchema#dateTime')), namedNode(graph)));\n };\n const addContainerMeta = (resource: string, storage = false): void => {\n const graph = meta(resource);\n addDate(graph, resource);\n add(graph, resource, `${RDF}type`, `${LDP}Resource`);\n add(graph, resource, `${RDF}type`, `${LDP}Container`);\n add(graph, resource, `${RDF}type`, `${LDP}BasicContainer`);\n if (storage) {\n add(graph, resource, `${RDF}type`, `${PIM}Storage`);\n }\n addLiteral(graph, resource, `${MA}format`, 'internal/quads');\n };\n const addDocumentMeta = (resource: string): void => {\n const graph = meta(resource);\n addDate(graph, resource);\n add(graph, resource, `${RDF}type`, `${LDP}Resource`);\n };\n\n out.push(quad(namedNode(root), namedNode(`${LDP}contains`), namedNode(podUrl), rootGraph));\n out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.rootResourceUrl), podGraph));\n out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(profileUrl), podGraph));\n out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(cardUrl), profileGraph));\n out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.cardResourceUrl), profileGraph));\n\n addContainerMeta(root);\n addContainerMeta(podUrl, true);\n addContainerMeta(profileUrl);\n addDocumentMeta(authorizationResources.rootResourceUrl);\n addDocumentMeta(cardUrl);\n addDocumentMeta(authorizationResources.cardResourceUrl);\n\n out.push(quad(namedNode(cardUrl), namedNode(`${RDF}type`), namedNode(`${FOAF}PersonalProfileDocument`), cardGraph));\n out.push(quad(namedNode(cardUrl), namedNode(`${FOAF}maker`), namedNode(webId), cardGraph));\n out.push(quad(namedNode(cardUrl), namedNode(`${FOAF}primaryTopic`), namedNode(webId), cardGraph));\n out.push(quad(namedNode(webId), namedNode(`${RDF}type`), namedNode(`${FOAF}Person`), cardGraph));\n out.push(quad(namedNode(webId), namedNode(`${SOLID}oidcIssuer`), namedNode(oidcIssuer), cardGraph));\n\n out.push(...authorizationResources.quads);\n\n return out;\n }\n\n private writeIdentityIndexes(input: {\n accountId: string;\n podId: string;\n ownerId: string;\n webIdLinkId: string;\n podUrl: string;\n webId: string;\n }): void {\n const db = this.sqliteRuntime.openDatabase(this.identityDbPath);\n try {\n createInternalKvTable(db);\n const account = {\n linkedLoginsCount: 1,\n id: input.accountId,\n '**pod**': {\n [input.podId]: {\n baseUrl: input.podUrl,\n accountId: input.accountId,\n id: input.podId,\n '**owner**': {\n [input.ownerId]: {\n podId: input.podId,\n webId: input.webId,\n visible: false,\n id: input.ownerId,\n },\n },\n },\n },\n '**webIdLink**': {\n [input.webIdLinkId]: {\n webId: input.webId,\n accountId: input.accountId,\n id: input.webIdLinkId,\n },\n },\n };\n\n const rows: Array<[string, string]> = [\n [`accounts/data/${input.accountId}`, JSON.stringify(account)],\n [`accounts/index/pod/${input.podId}`, JSON.stringify([input.accountId])],\n [`accounts/index/pod/baseUrl/${encodeURIComponent(input.podUrl)}`, JSON.stringify([input.accountId])],\n [`accounts/index/owner/${input.ownerId}`, JSON.stringify([input.accountId])],\n [`accounts/index/webIdLink/${input.webIdLinkId}`, JSON.stringify([input.accountId])],\n [`accounts/index/webIdLink/webId/${encodeURIComponent(input.webId)}`, JSON.stringify([input.accountId])],\n ];\n const insert = db.prepare(`\n INSERT INTO internal_kv (key, value, updated_at)\n VALUES (?, ?, datetime('now'))\n ON CONFLICT (key) DO UPDATE SET value = excluded.value, updated_at = datetime('now')\n `);\n\n db.transaction(() => {\n for (const row of rows) {\n insert.run(...row);\n }\n })();\n } finally {\n db.close();\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"LocalPodProvisioningService.js","sourceRoot":"","sources":["../../src/provision/LocalPodProvisioningService.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAyC;AACzC,qCAAyC;AACzC,0DAA6B;AAC7B,2BAAiC;AAEjC,iEAAqD;AACrD,kEAA2D;AAC3D,4DAAiF;AAEjF,0FAA4F;AAC5F,8DAA2D;AAE3D,MAAM,GAAG,GAAG,6CAA6C,CAAC;AAC1D,MAAM,GAAG,GAAG,2BAA2B,CAAC;AACxC,MAAM,GAAG,GAAG,2BAA2B,CAAC;AACxC,MAAM,EAAE,GAAG,8BAA8B,CAAC;AAC1C,MAAM,GAAG,GAAG,iCAAiC,CAAC;AAC9C,MAAM,IAAI,GAAG,4BAA4B,CAAC;AAC1C,MAAM,KAAK,GAAG,mCAAmC,CAAC;AAElD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,gBAAW,CAAC;AAwBjD,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAC7C,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa,EAAE,KAAa;IACrD,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qDAAqD,KAAK,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,GAAG,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1E,OAAO;QACL,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAChB,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE;QACvB,GAAG,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE;QAC/G,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;KAClB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAyB;IACrD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,UAA8B,EAAE,OAAe;IAC3E,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,OAAO,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/G,CAAC;AAED,SAAS,iBAAiB,CAAC,EAAkB;IAC3C,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;GAgBP,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,EAAkB;IAC/C,EAAE,CAAC,IAAI,CAAC;;;;;;GAMP,CAAC,CAAC;AACL,CAAC;AAED,SAAS,IAAI,CAAC,QAAgB;IAC5B,OAAO,QAAQ,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,GAAG,CAAC,IAAY,EAAE,QAAgB;IACzC,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,MAAa,2BAA2B;IAWtC,YAAmB,OAA2C;QAV7C,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAQ5B,kBAAa,GAAG,IAAA,gCAAgB,GAAE,CAAC;QAGlD,IAAI,CAAC,OAAO,GAAG,mBAAmB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC,OAAO,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QAChF,IAAI,CAAC,cAAc,GAAG,iBAAiB,CAAC,OAAO,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;QAChF,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3F,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACnC,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,KAAgC;QACrD,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9G,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,iBAAiB,CAAC;QAChH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC;QAClF,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,KAAK,IAAI,KAAK,EAAE,CAAC,CAAC;QACtD,MAAM,WAAW,GAAG,UAAU,CAAC,aAAa,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC;QAElE,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACxB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAErF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,MAAM,QAAQ,KAAK,EAAE,CAAC,CAAC;QACjE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,gBAAyC;QACrF,MAAM,OAAO,GAAG,mBAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,kBAAE,CAAC,KAAK,CAAC,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnE,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACnE,MAAM,UAAU,GAAG,mBAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,mBAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAChD,MAAM,kBAAE,CAAC,KAAK,CAAC,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5D,MAAM,kBAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,KAAa;QAC/B,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9D,IAAI,CAAC;YACH,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAG,IAAA,yBAAS,EAAC,KAAK,CAAC,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAU,CAAC;YAClF,CAAC,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;OAGzB,CAAC,CAAC;YAEH,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;gBAClB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,KAAa;QACjC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,2BAAY,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,KAAK,CAAC,IAAI,EAAE,CAAC;YACb,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;gBAAS,CAAC;YACT,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAyD;QACxG,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC;QAC1B,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAC5C,MAAM,sBAAsB,GAAG,IAAA,0DAA8B,EAAC;YAC5D,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM;YACN,OAAO;YACP,KAAK;YACL,QAAQ,EAAE,UAAU;YACpB,GAAG;SACJ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,GAAG,GAAW,EAAE,CAAC;QAEvB,MAAM,GAAG,GAAG,CAAC,KAAa,EAAE,OAAe,EAAE,SAAiB,EAAE,MAAc,EAAQ,EAAE;YACtF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChG,CAAC,CAAC;QACF,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,OAAe,EAAE,SAAiB,EAAE,KAAa,EAAQ,EAAE;YAC5F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7F,CAAC,CAAC;QACF,MAAM,OAAO,GAAG,CAAC,KAAa,EAAE,OAAe,EAAQ,EAAE;YACvD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,2CAA2C,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1J,CAAC,CAAC;QACF,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAE,OAAO,GAAG,KAAK,EAAQ,EAAE;YACnE,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACzB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,UAAU,CAAC,CAAC;YACrD,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,WAAW,CAAC,CAAC;YACtD,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,gBAAgB,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC;YACtD,CAAC;YACD,UAAU,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC/D,CAAC,CAAC;QACF,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAQ,EAAE;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACzB,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,MAAM,EAAE,GAAG,GAAG,UAAU,CAAC,CAAC;QACvD,CAAC,CAAC;QAEF,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC5H,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,sBAAsB,CAAC,kBAAkB,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QACvI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QACrG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,UAAU,CAAC,EAAE,SAAS,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QAEpI,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACvB,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC/B,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,eAAe,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;QACxD,eAAe,CAAC,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;QAC3D,eAAe,CAAC,OAAO,CAAC,CAAC;QACzB,eAAe,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;QAExD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,yBAAyB,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QACpH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAC3F,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAClG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QACjG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,GAAG,KAAK,YAAY,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;QAEpG,GAAG,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE1C,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,oBAAoB,CAAC,KAO5B;QACC,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,qBAAqB,CAAC,EAAE,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG;gBACd,iBAAiB,EAAE,CAAC;gBACpB,EAAE,EAAE,KAAK,CAAC,SAAS;gBACnB,SAAS,EAAE;oBACT,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;wBACb,OAAO,EAAE,KAAK,CAAC,MAAM;wBACrB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,EAAE,EAAE,KAAK,CAAC,KAAK;wBACf,WAAW,EAAE;4BACX,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;gCACf,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,KAAK,EAAE,KAAK,CAAC,KAAK;gCAClB,OAAO,EAAE,KAAK;gCACd,EAAE,EAAE,KAAK,CAAC,OAAO;6BAClB;yBACF;qBACF;iBACF;gBACD,eAAe,EAAE;oBACf,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;wBACnB,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,SAAS,EAAE,KAAK,CAAC,SAAS;wBAC1B,EAAE,EAAE,KAAK,CAAC,WAAW;qBACtB;iBACF;aACF,CAAC;YAEF,MAAM,IAAI,GAA4B;gBACpC,CAAC,iBAAiB,KAAK,CAAC,SAAS,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC7D,CAAC,sBAAsB,KAAK,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxE,CAAC,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACrG,CAAC,wBAAwB,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC5E,CAAC,4BAA4B,KAAK,CAAC,WAAW,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;gBACpF,CAAC,kCAAkC,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;aACzG,CAAC;YACF,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;;;;OAIzB,CAAC,CAAC;YAEH,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;gBAClB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;CACF;AApOD,kEAoOC","sourcesContent":["import { createHash } from 'node:crypto';\nimport { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { DataFactory } from 'n3';\nimport type { Quad } from '@rdfjs/types';\nimport { getLoggerFor } from 'global-logger-factory';\nimport { quadToRow } from '../storage/quint/serialization';\nimport { getSqliteRuntime, type SqliteDatabase } from '../storage/SqliteRuntime';\nimport type { AuthMode } from '../authorization/AuthMode';\nimport { buildPodAuthorizationResources } from '../authorization/PodAuthorizationResources';\nimport { RdfQuadIndex } from '../storage/rdf/RdfQuadIndex';\n\nconst RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';\nconst LDP = 'http://www.w3.org/ns/ldp#';\nconst DCT = 'http://purl.org/dc/terms/';\nconst MA = 'http://www.w3.org/ns/ma-ont#';\nconst PIM = 'http://www.w3.org/ns/pim/space#';\nconst FOAF = 'http://xmlns.com/foaf/0.1/';\nconst SOLID = 'http://www.w3.org/ns/solid/terms#';\n\nconst { literal, namedNode, quad } = DataFactory;\n\nexport interface LocalPodProvisioningInput {\n podName: string;\n webId?: string;\n initialResources?: Record<string, string>;\n}\n\nexport interface LocalPodProvisioningResult {\n podUrl: string;\n accountId: string;\n podId: string;\n}\n\nexport interface LocalPodProvisioningServiceOptions {\n baseUrl: string;\n rootDir: string;\n sparqlEndpoint: string;\n identityDbUrl: string;\n rdfIndexPath?: string;\n oidcIssuer?: string;\n authMode?: AuthMode | string;\n}\n\nfunction ensureTrailingSlash(url: string): string {\n return url.endsWith('/') ? url : `${url}/`;\n}\n\nfunction stripSqlitePrefix(value: string, label: string): string {\n if (value.startsWith('sqlite:')) {\n return value.slice('sqlite:'.length);\n }\n if (value === ':memory:') {\n return value;\n }\n if (/^[a-z][a-z0-9+.-]*:/iu.test(value)) {\n throw new Error(`${label} must be a sqlite URL for local Pod provisioning: ${value}`);\n }\n return value;\n}\n\nfunction stableUuid(input: string): string {\n const hex = createHash('sha256').update(input).digest('hex').slice(0, 32);\n return [\n hex.slice(0, 8),\n hex.slice(8, 12),\n `4${hex.slice(13, 16)}`,\n `${((Number.parseInt(hex.slice(16, 18), 16) & 0x3f) | 0x80).toString(16).padStart(2, '0')}${hex.slice(18, 20)}`,\n hex.slice(20, 32),\n ].join('-');\n}\n\nfunction inferIssuerFromWebId(webId: string | undefined): string | undefined {\n if (!webId) {\n return undefined;\n }\n try {\n const url = new URL(webId);\n return `${url.origin}/`;\n } catch {\n return undefined;\n }\n}\n\nfunction buildWebIdFromIssuer(oidcIssuer: string | undefined, podName: string): string | undefined {\n if (!oidcIssuer) {\n return undefined;\n }\n return new URL(`${encodeURIComponent(podName)}/profile/card#me`, ensureTrailingSlash(oidcIssuer)).toString();\n}\n\nfunction createQuintsTable(db: SqliteDatabase): void {\n db.exec(`\n CREATE TABLE IF NOT EXISTS quints (\n graph TEXT NOT NULL,\n subject TEXT NOT NULL,\n predicate TEXT NOT NULL,\n object TEXT NOT NULL,\n vector TEXT,\n PRIMARY KEY (graph, subject, predicate, object)\n );\n\n CREATE INDEX IF NOT EXISTS idx_spog ON quints (subject, predicate, object, graph);\n CREATE INDEX IF NOT EXISTS idx_ogsp ON quints (object, graph, subject, predicate);\n CREATE INDEX IF NOT EXISTS idx_gspo ON quints (graph, subject, predicate, object);\n CREATE INDEX IF NOT EXISTS idx_sopg ON quints (subject, object, predicate, graph);\n CREATE INDEX IF NOT EXISTS idx_pogs ON quints (predicate, object, graph, subject);\n CREATE INDEX IF NOT EXISTS idx_gpos ON quints (graph, predicate, object, subject);\n `);\n}\n\nfunction createInternalKvTable(db: SqliteDatabase): void {\n db.exec(`\n CREATE TABLE IF NOT EXISTS internal_kv (\n key TEXT PRIMARY KEY,\n value TEXT NOT NULL,\n updated_at TEXT NOT NULL DEFAULT (datetime('now'))\n );\n `);\n}\n\nfunction meta(resource: string): string {\n return `meta:${resource}`;\n}\n\nfunction iri(base: string, relative: string): string {\n return new URL(relative, base).toString();\n}\n\nexport class LocalPodProvisioningService {\n private readonly logger = getLoggerFor(this);\n private readonly baseUrl: string;\n private readonly rootDir: string;\n private readonly sparqlDbPath: string;\n private readonly identityDbPath: string;\n private readonly rdfIndexPath?: string;\n private readonly oidcIssuer?: string;\n private readonly authMode?: AuthMode | string;\n private readonly sqliteRuntime = getSqliteRuntime();\n\n public constructor(options: LocalPodProvisioningServiceOptions) {\n this.baseUrl = ensureTrailingSlash(options.baseUrl);\n this.rootDir = options.rootDir;\n this.sparqlDbPath = stripSqlitePrefix(options.sparqlEndpoint, 'sparqlEndpoint');\n this.identityDbPath = stripSqlitePrefix(options.identityDbUrl, 'identityDbUrl');\n this.rdfIndexPath = options.rdfIndexPath;\n this.oidcIssuer = options.oidcIssuer ? ensureTrailingSlash(options.oidcIssuer) : undefined;\n this.authMode = options.authMode;\n }\n\n public async createPod(input: LocalPodProvisioningInput): Promise<LocalPodProvisioningResult> {\n const podUrl = ensureTrailingSlash(new URL(`${encodeURIComponent(input.podName)}/`, this.baseUrl).toString());\n const webId = input.webId ?? buildWebIdFromIssuer(this.oidcIssuer, input.podName) ?? `${podUrl}profile/card#me`;\n const oidcIssuer = this.oidcIssuer ?? inferIssuerFromWebId(webId) ?? this.baseUrl;\n const accountId = stableUuid(`account:${podUrl}:${webId}`);\n const podId = stableUuid(`pod:${podUrl}:${webId}`);\n const ownerId = stableUuid(`owner:${podId}:${webId}`);\n const webIdLinkId = stableUuid(`webIdLink:${accountId}:${webId}`);\n\n await this.createPodFiles(input.podName, input.initialResources);\n const quads = this.buildPodQuads({ podUrl, webId, oidcIssuer });\n this.writeQuints(quads);\n this.writeRdfIndex(quads);\n this.writeIdentityIndexes({ accountId, podId, ownerId, webIdLinkId, podUrl, webId });\n\n this.logger.info(`Provisioned local pod ${podUrl} for ${webId}`);\n return { podUrl, accountId, podId };\n }\n\n private async createPodFiles(podName: string, initialResources?: Record<string, string>): Promise<void> {\n const podPath = path.join(this.rootDir, podName);\n await fs.mkdir(path.join(podPath, 'profile'), { recursive: true });\n\n if (!initialResources) {\n return;\n }\n\n for (const [filename, content] of Object.entries(initialResources)) {\n const normalized = path.normalize(filename);\n if (normalized.startsWith('..') || path.isAbsolute(normalized)) {\n throw new Error(`Invalid initial resource path: ${filename}`);\n }\n const filePath = path.join(podPath, normalized);\n await fs.mkdir(path.dirname(filePath), { recursive: true });\n await fs.writeFile(filePath, content, 'utf8');\n }\n }\n\n private writeQuints(quads: Quad[]): void {\n const db = this.sqliteRuntime.openDatabase(this.sparqlDbPath);\n try {\n createQuintsTable(db);\n const rows = quads.map((entry) => {\n const row = quadToRow(entry);\n return [row.graph, row.subject, row.predicate, row.object, row.vector] as const;\n });\n const insert = db.prepare(`\n INSERT OR IGNORE INTO quints (graph, subject, predicate, object, vector)\n VALUES (?, ?, ?, ?, ?)\n `);\n\n db.transaction(() => {\n for (const row of rows) {\n insert.run(...row);\n }\n })();\n } finally {\n db.close();\n }\n }\n\n private writeRdfIndex(quads: Quad[]): void {\n if (!this.rdfIndexPath) {\n return;\n }\n\n const index = new RdfQuadIndex({ path: this.rdfIndexPath });\n try {\n index.open();\n index.multiPut(quads);\n } finally {\n index.close();\n }\n }\n\n private buildPodQuads({ podUrl, webId, oidcIssuer }: { podUrl: string; webId: string; oidcIssuer: string }): Quad[] {\n const now = new Date().toISOString();\n const root = this.baseUrl;\n const profileUrl = iri(podUrl, 'profile/');\n const cardUrl = iri(podUrl, 'profile/card');\n const authorizationResources = buildPodAuthorizationResources({\n authMode: this.authMode,\n podUrl,\n cardUrl,\n webId,\n stableId: stableUuid,\n iri,\n });\n const rootGraph = namedNode(root);\n const podGraph = namedNode(podUrl);\n const profileGraph = namedNode(profileUrl);\n const cardGraph = namedNode(cardUrl);\n const out: Quad[] = [];\n\n const add = (graph: string, subject: string, predicate: string, object: string): void => {\n out.push(quad(namedNode(subject), namedNode(predicate), namedNode(object), namedNode(graph)));\n };\n const addLiteral = (graph: string, subject: string, predicate: string, value: string): void => {\n out.push(quad(namedNode(subject), namedNode(predicate), literal(value), namedNode(graph)));\n };\n const addDate = (graph: string, subject: string): void => {\n out.push(quad(namedNode(subject), namedNode(`${DCT}modified`), literal(now, namedNode('http://www.w3.org/2001/XMLSchema#dateTime')), namedNode(graph)));\n };\n const addContainerMeta = (resource: string, storage = false): void => {\n const graph = meta(resource);\n addDate(graph, resource);\n add(graph, resource, `${RDF}type`, `${LDP}Resource`);\n add(graph, resource, `${RDF}type`, `${LDP}Container`);\n add(graph, resource, `${RDF}type`, `${LDP}BasicContainer`);\n if (storage) {\n add(graph, resource, `${RDF}type`, `${PIM}Storage`);\n }\n addLiteral(graph, resource, `${MA}format`, 'internal/quads');\n };\n const addDocumentMeta = (resource: string): void => {\n const graph = meta(resource);\n addDate(graph, resource);\n add(graph, resource, `${RDF}type`, `${LDP}Resource`);\n };\n\n out.push(quad(namedNode(root), namedNode(`${LDP}contains`), namedNode(podUrl), rootGraph));\n out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.rootResourceUrl), podGraph));\n out.push(quad(namedNode(podUrl), namedNode(`${LDP}contains`), namedNode(profileUrl), podGraph));\n out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.profileResourceUrl), profileGraph));\n out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(cardUrl), profileGraph));\n out.push(quad(namedNode(profileUrl), namedNode(`${LDP}contains`), namedNode(authorizationResources.cardResourceUrl), profileGraph));\n\n addContainerMeta(root);\n addContainerMeta(podUrl, true);\n addContainerMeta(profileUrl);\n addDocumentMeta(authorizationResources.rootResourceUrl);\n addDocumentMeta(authorizationResources.profileResourceUrl);\n addDocumentMeta(cardUrl);\n addDocumentMeta(authorizationResources.cardResourceUrl);\n\n out.push(quad(namedNode(cardUrl), namedNode(`${RDF}type`), namedNode(`${FOAF}PersonalProfileDocument`), cardGraph));\n out.push(quad(namedNode(cardUrl), namedNode(`${FOAF}maker`), namedNode(webId), cardGraph));\n out.push(quad(namedNode(cardUrl), namedNode(`${FOAF}primaryTopic`), namedNode(webId), cardGraph));\n out.push(quad(namedNode(webId), namedNode(`${RDF}type`), namedNode(`${FOAF}Person`), cardGraph));\n out.push(quad(namedNode(webId), namedNode(`${SOLID}oidcIssuer`), namedNode(oidcIssuer), cardGraph));\n\n out.push(...authorizationResources.quads);\n\n return out;\n }\n\n private writeIdentityIndexes(input: {\n accountId: string;\n podId: string;\n ownerId: string;\n webIdLinkId: string;\n podUrl: string;\n webId: string;\n }): void {\n const db = this.sqliteRuntime.openDatabase(this.identityDbPath);\n try {\n createInternalKvTable(db);\n const account = {\n linkedLoginsCount: 1,\n id: input.accountId,\n '**pod**': {\n [input.podId]: {\n baseUrl: input.podUrl,\n accountId: input.accountId,\n id: input.podId,\n '**owner**': {\n [input.ownerId]: {\n podId: input.podId,\n webId: input.webId,\n visible: false,\n id: input.ownerId,\n },\n },\n },\n },\n '**webIdLink**': {\n [input.webIdLinkId]: {\n webId: input.webId,\n accountId: input.accountId,\n id: input.webIdLinkId,\n },\n },\n };\n\n const rows: Array<[string, string]> = [\n [`accounts/data/${input.accountId}`, JSON.stringify(account)],\n [`accounts/index/pod/${input.podId}`, JSON.stringify([input.accountId])],\n [`accounts/index/pod/baseUrl/${encodeURIComponent(input.podUrl)}`, JSON.stringify([input.accountId])],\n [`accounts/index/owner/${input.ownerId}`, JSON.stringify([input.accountId])],\n [`accounts/index/webIdLink/${input.webIdLinkId}`, JSON.stringify([input.accountId])],\n [`accounts/index/webIdLink/webId/${encodeURIComponent(input.webId)}`, JSON.stringify([input.accountId])],\n ];\n const insert = db.prepare(`\n INSERT INTO internal_kv (key, value, updated_at)\n VALUES (?, ?, datetime('now'))\n ON CONFLICT (key) DO UPDATE SET value = excluded.value, updated_at = datetime('now')\n `);\n\n db.transaction(() => {\n for (const row of rows) {\n insert.run(...row);\n }\n })();\n } finally {\n db.close();\n }\n }\n}\n"]}
|
|
@@ -66,6 +66,9 @@ class ProvisionPodCreator extends community_server_1.BasePodCreator {
|
|
|
66
66
|
if (!spResponse.ok) {
|
|
67
67
|
const errBody = await spResponse.text();
|
|
68
68
|
this.provisionLogger.error(`SP callback failed: ${spResponse.status} ${errBody}`);
|
|
69
|
+
if (spResponse.status === 409) {
|
|
70
|
+
throw new community_server_1.ConflictHttpError(parseSpErrorMessage(errBody) ?? `Pod name "${podName}" is already taken for this storage target.`);
|
|
71
|
+
}
|
|
69
72
|
throw new Error(`Failed to create pod on SP: ${spResponse.status}`);
|
|
70
73
|
}
|
|
71
74
|
const spResult = await spResponse.json();
|
|
@@ -137,4 +140,17 @@ class ProvisionPodCreator extends community_server_1.BasePodCreator {
|
|
|
137
140
|
}
|
|
138
141
|
}
|
|
139
142
|
exports.ProvisionPodCreator = ProvisionPodCreator;
|
|
143
|
+
function parseSpErrorMessage(body) {
|
|
144
|
+
try {
|
|
145
|
+
const parsed = JSON.parse(body);
|
|
146
|
+
return typeof parsed.message === 'string'
|
|
147
|
+
? parsed.message
|
|
148
|
+
: typeof parsed.error === 'string'
|
|
149
|
+
? parsed.error
|
|
150
|
+
: undefined;
|
|
151
|
+
}
|
|
152
|
+
catch {
|
|
153
|
+
return body.trim() || undefined;
|
|
154
|
+
}
|
|
155
|
+
}
|
|
140
156
|
//# sourceMappingURL=ProvisionPodCreator.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProvisionPodCreator.js","sourceRoot":"","sources":["../../src/provision/ProvisionPodCreator.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,iEAAqD;AACrD,8DAMiC;AACjC,6DAA0D;AAC1D,iFAA8E;AAC9E,+CAA6D;AAE7D,SAAS,WAAW,CAAC,OAAe,EAAE,YAAoB;IACxD,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvD,MAAM,sBAAsB,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACjE,OAAO,GAAG,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;AAC1D,CAAC;AASD,SAAS,gBAAgB,CAAC,KAAc,EAAE,OAAe;IACvD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,IAAI,iCAAiC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,oCAAiB,CAAC,aAAa,OAAO,6CAA6C,EAAE;YAC7F,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SAClD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,CAAC;AACd,CAAC;AAED,MAAa,mBAAoB,SAAQ,iCAAc;IAKrD,YAAmB,IAA6B;QAC9C,KAAK,CAAC,IAAI,CAAC,CAAC;QALG,oBAAe,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAMpD,IAAI,CAAC,KAAK,GAAG,IAAI,uCAAkB,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,yCAAmB,CAAC,IAAA,wBAAmB,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzH,CAAC;IAEe,KAAK,CAAC,MAAM,CAAC,KAAsB;QACjD,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,EAAE,aAAmC,CAAC;QAE1E,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,iCAAiC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,kCAAkC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAE7E,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,GAAG,IAAI,CAAC,OAAO,GAAG,OAAO,kBAAkB,CAAC;QAEzE,kBAAkB;QAClB,MAAM,WAAW,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC;QACzE,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,OAAO,CAAC,YAAY,EAAE;aAClD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;SACzC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,uBAAuB,UAAU,CAAC,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;YAClF,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,IAAI,EAAyB,CAAC;QAEhE,uCAAuC;QACvC,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ;YAClC,CAAC,CAAC,WAAW,OAAO,CAAC,QAAQ,EAAE;YAC/B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,mBAAmB,GAAG,GAAG,WAAW,IAAI,OAAO,GAAG,CAAC;QACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,mBAAmB,CAAC;QAEtD,oCAAoC;QACpC,8DAA8D;QAC9D,kDAAkD;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QACjF,MAAM,WAAW,GAAG;YAClB,GAAG,aAAa;YAChB,IAAI,EAAE,SAAS;YACf,KAAK;YACL,UAAU,EAAE,IAAI,CAAC,OAAO;YACxB,OAAO,EAAE,mBAAmB;SAC7B,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC5F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACzF,MAAM,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QAErF,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,OAAO,UAAU,OAAO,CAAC,KAAK,aAAa,MAAM,EAAE,CAAC,CAAC;QAElG,OAAO;YACL,MAAM;YACN,KAAK;YACL,KAAK;YACL,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAsB;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACtF,MAAM,aAAa,GAAG,KAAK,CAAC,QAA+C,CAAC;QAC5E,MAAM,UAAU,GAAG,OAAO,aAAa,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QAC3G,MAAM,WAAW,GAAG;YAClB,GAAG,aAAa;YAChB,IAAI,EAAE,cAAc;YACpB,KAAK;YACL,UAAU;YACV,OAAO,EAAE,cAAc,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;QAE/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9B,IAAI,KAAa,CAAC;QAClB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;QAE/C,IAAI,CAAC,eAAe,CAAC,IAAI,CACvB,iDAAiD,KAAK,CAAC,SAAS,QAAQ,cAAc,CAAC,IAAI,gBAAgB,YAAY,gBAAgB,UAAU,YAAY,YAAY,IAAI,CAC9K,CAAC;QAEF,OAAO;YACL,MAAM,EAAE,cAAc,CAAC,IAAI;YAC3B,KAAK;YACL,KAAK;YACL,SAAS;SACV,CAAC;IACJ,CAAC;CACF;AAhID,kDAgIC","sourcesContent":["/**\n * ProvisionPodCreator\n *\n * 等位替换 CSS 的 BasePodCreator。\n *\n * 检查 settings 里有没有 provisionCode:\n * - 有 → 解码 JWT,回调远端 SP 的 /provision/pods 创建 Pod\n * - 没有 → 委托给原始 BasePodCreator(标准本地创建)\n */\n\nimport { getLoggerFor } from 'global-logger-factory';\nimport {\n BasePodCreator,\n type PodCreatorInput,\n type PodCreatorOutput,\n type BasePodCreatorArgs,\n ConflictHttpError,\n} from '@solid/community-server';\nimport { ProvisionCodeCodec } from './ProvisionCodeCodec';\nimport { PodLookupRepository } from '../identity/drizzle/PodLookupRepository';\nimport { getIdentityDatabase } from '../identity/drizzle/db';\n\nfunction joinUrlPath(baseUrl: string, relativePath: string): string {\n const normalizedBaseUrl = baseUrl.replace(/\\/+$/u, '');\n const normalizedRelativePath = relativePath.replace(/^\\/+/u, '');\n return `${normalizedBaseUrl}/${normalizedRelativePath}`;\n}\n\nexport interface ProvisionPodCreatorArgs extends BasePodCreatorArgs {\n /** 与 ProvisionHandler 使用相同的 baseUrl 派生签名密钥 */\n provisionBaseUrl?: string;\n /** Optional identity database connection string used to persist Pod-side storage facts. */\n identityDbUrl?: string;\n}\n\nfunction remapPodConflict(error: unknown, podName: string): never {\n const message = error instanceof Error ? error.message : String(error);\n if (/There already is a resource at/i.test(message)) {\n throw new ConflictHttpError(`Pod name \"${podName}\" is already taken for this storage target.`, {\n cause: error instanceof Error ? error : undefined,\n });\n }\n\n throw error;\n}\n\nexport class ProvisionPodCreator extends BasePodCreator {\n private readonly provisionLogger = getLoggerFor(this);\n private readonly codec: ProvisionCodeCodec;\n private readonly podLookupRepo?: PodLookupRepository;\n\n public constructor(args: ProvisionPodCreatorArgs) {\n super(args);\n this.codec = new ProvisionCodeCodec(args.provisionBaseUrl ?? args.baseUrl);\n this.podLookupRepo = args.identityDbUrl ? new PodLookupRepository(getIdentityDatabase(args.identityDbUrl)) : undefined;\n }\n\n public override async handle(input: PodCreatorInput): Promise<PodCreatorOutput> {\n const provisionCode = input.settings?.provisionCode as string | undefined;\n\n if (!provisionCode) {\n return this.handleStandardPodCreate(input);\n }\n\n // SP 模式:解码 provisionCode,回调远端 SP\n const payload = this.codec.decode(provisionCode);\n if (!payload) {\n throw new Error('Invalid or expired provisionCode');\n }\n\n this.provisionLogger.info(`Provisioning pod on remote SP: ${payload.spUrl}`);\n\n // 1. 确定 podName\n const podName = input.name;\n if (!podName) {\n throw new Error('Pod name is required for remote provisioning');\n }\n const webId = input.webId ?? `${this.baseUrl}${podName}/profile/card#me`;\n\n // 2. 回调 SP 创建 Pod\n const callbackUrl = `${payload.spUrl.replace(/\\/$/, '')}/provision/pods`;\n const spResponse = await fetch(callbackUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${payload.serviceToken}`,\n },\n body: JSON.stringify({ podName, webId }),\n });\n\n if (!spResponse.ok) {\n const errBody = await spResponse.text();\n this.provisionLogger.error(`SP callback failed: ${spResponse.status} ${errBody}`);\n throw new Error(`Failed to create pod on SP: ${spResponse.status}`);\n }\n\n const spResult = await spResponse.json() as { podUrl?: string };\n\n // storage URL 优先用 Cloud 分配的子域名,回调用实际地址\n const storageBase = payload.spDomain\n ? `https://${payload.spDomain}`\n : payload.spUrl.replace(/\\/$/, '');\n const canonicalStorageUrl = `${storageBase}/${podName}/`;\n const podUrl = spResult.podUrl || canonicalStorageUrl;\n\n // 3. 链接 WebID 到账户 + 在本地 PodStore 记录\n // base.path 必须在 Cloud 的 identifier space 内(CSS PodStore 会检查),\n // 所以用 Cloud 本地路径;真实的 SP storage URL 通过 podUrl 返回。\n const localBase = this.identifierGenerator.generate(podName);\n const { provisionCode: _provisionCode, ...inputSettings } = input.settings ?? {};\n const podSettings = {\n ...inputSettings,\n base: localBase,\n webId,\n oidcIssuer: this.baseUrl,\n storage: canonicalStorageUrl,\n };\n\n const webIdLink = await this.handleWebId(!input.webId, webId, input.accountId, podSettings);\n const podId = await this.createPod(input.accountId, podSettings, !input.name, webIdLink);\n await this.podLookupRepo?.setStorageUrl(podId, input.accountId, canonicalStorageUrl);\n\n this.provisionLogger.info(`Provisioned pod ${podName} on SP ${payload.spUrl}, podUrl: ${podUrl}`);\n\n return {\n podUrl,\n webId,\n podId,\n webIdLink,\n };\n }\n\n private async handleStandardPodCreate(input: PodCreatorInput): Promise<PodCreatorOutput> {\n const totalStarted = Date.now();\n const baseIdentifier = this.generateBaseIdentifier(input.name);\n const webId = input.webId ?? joinUrlPath(baseIdentifier.path, this.relativeWebIdPath);\n const inputSettings = input.settings as Record<string, unknown> | undefined;\n const oidcIssuer = typeof inputSettings?.oidcIssuer === 'string' ? inputSettings.oidcIssuer : this.baseUrl;\n const podSettings = {\n ...inputSettings,\n base: baseIdentifier,\n webId,\n oidcIssuer,\n storage: baseIdentifier.path,\n };\n\n const webIdStarted = Date.now();\n const webIdLink = await this.handleWebId(!input.webId, webId, input.accountId, podSettings);\n const webIdElapsed = Date.now() - webIdStarted;\n\n const podStarted = Date.now();\n let podId: string;\n try {\n podId = await this.createPod(input.accountId, podSettings, !input.name, webIdLink);\n } catch (error) {\n if (input.name) {\n remapPodConflict(error, input.name);\n }\n throw error;\n }\n const podElapsed = Date.now() - podStarted;\n const totalElapsed = Date.now() - totalStarted;\n\n this.provisionLogger.info(\n `[timing] ProvisionPodCreator.standard account=${input.accountId} pod=${baseIdentifier.path} handleWebId=${webIdElapsed}ms createPod=${podElapsed}ms total=${totalElapsed}ms`,\n );\n\n return {\n podUrl: baseIdentifier.path,\n webId,\n podId,\n webIdLink,\n };\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"ProvisionPodCreator.js","sourceRoot":"","sources":["../../src/provision/ProvisionPodCreator.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,iEAAqD;AACrD,8DAMiC;AACjC,6DAA0D;AAC1D,iFAA8E;AAC9E,+CAA6D;AAE7D,SAAS,WAAW,CAAC,OAAe,EAAE,YAAoB;IACxD,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvD,MAAM,sBAAsB,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACjE,OAAO,GAAG,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;AAC1D,CAAC;AASD,SAAS,gBAAgB,CAAC,KAAc,EAAE,OAAe;IACvD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,IAAI,iCAAiC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,oCAAiB,CAAC,aAAa,OAAO,6CAA6C,EAAE;YAC7F,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SAClD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,CAAC;AACd,CAAC;AAED,MAAa,mBAAoB,SAAQ,iCAAc;IAKrD,YAAmB,IAA6B;QAC9C,KAAK,CAAC,IAAI,CAAC,CAAC;QALG,oBAAe,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAMpD,IAAI,CAAC,KAAK,GAAG,IAAI,uCAAkB,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,yCAAmB,CAAC,IAAA,wBAAmB,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzH,CAAC;IAEe,KAAK,CAAC,MAAM,CAAC,KAAsB;QACjD,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,EAAE,aAAmC,CAAC;QAE1E,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,iCAAiC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,kCAAkC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAE7E,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,GAAG,IAAI,CAAC,OAAO,GAAG,OAAO,kBAAkB,CAAC;QAEzE,kBAAkB;QAClB,MAAM,WAAW,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC;QACzE,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,OAAO,CAAC,YAAY,EAAE;aAClD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;SACzC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,uBAAuB,UAAU,CAAC,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;YAClF,IAAI,UAAU,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC9B,MAAM,IAAI,oCAAiB,CAAC,mBAAmB,CAAC,OAAO,CAAC,IAAI,aAAa,OAAO,6CAA6C,CAAC,CAAC;YACjI,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,+BAA+B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,IAAI,EAAyB,CAAC;QAEhE,uCAAuC;QACvC,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ;YAClC,CAAC,CAAC,WAAW,OAAO,CAAC,QAAQ,EAAE;YAC/B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,mBAAmB,GAAG,GAAG,WAAW,IAAI,OAAO,GAAG,CAAC;QACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,IAAI,mBAAmB,CAAC;QAEtD,oCAAoC;QACpC,8DAA8D;QAC9D,kDAAkD;QAClD,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QACjF,MAAM,WAAW,GAAG;YAClB,GAAG,aAAa;YAChB,IAAI,EAAE,SAAS;YACf,KAAK;YACL,UAAU,EAAE,IAAI,CAAC,OAAO;YACxB,OAAO,EAAE,mBAAmB;SAC7B,CAAC;QAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC5F,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACzF,MAAM,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;QAErF,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,OAAO,UAAU,OAAO,CAAC,KAAK,aAAa,MAAM,EAAE,CAAC,CAAC;QAElG,OAAO;YACL,MAAM;YACN,KAAK;YACL,KAAK;YACL,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAsB;QAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACtF,MAAM,aAAa,GAAG,KAAK,CAAC,QAA+C,CAAC;QAC5E,MAAM,UAAU,GAAG,OAAO,aAAa,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QAC3G,MAAM,WAAW,GAAG;YAClB,GAAG,aAAa;YAChB,IAAI,EAAE,cAAc;YACpB,KAAK;YACL,UAAU;YACV,OAAO,EAAE,cAAc,CAAC,IAAI;SAC7B,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC5F,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;QAE/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9B,IAAI,KAAa,CAAC;QAClB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,CAAC;QAE/C,IAAI,CAAC,eAAe,CAAC,IAAI,CACvB,iDAAiD,KAAK,CAAC,SAAS,QAAQ,cAAc,CAAC,IAAI,gBAAgB,YAAY,gBAAgB,UAAU,YAAY,YAAY,IAAI,CAC9K,CAAC;QAEF,OAAO;YACL,MAAM,EAAE,cAAc,CAAC,IAAI;YAC3B,KAAK;YACL,KAAK;YACL,SAAS;SACV,CAAC;IACJ,CAAC;CACF;AAnID,kDAmIC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA2C,CAAC;QAC1E,OAAO,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;YACvC,CAAC,CAAC,MAAM,CAAC,OAAO;YAChB,CAAC,CAAC,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;gBAChC,CAAC,CAAC,MAAM,CAAC,KAAK;gBACd,CAAC,CAAC,SAAS,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,SAAS,CAAC;IAClC,CAAC;AACH,CAAC","sourcesContent":["/**\n * ProvisionPodCreator\n *\n * 等位替换 CSS 的 BasePodCreator。\n *\n * 检查 settings 里有没有 provisionCode:\n * - 有 → 解码 JWT,回调远端 SP 的 /provision/pods 创建 Pod\n * - 没有 → 委托给原始 BasePodCreator(标准本地创建)\n */\n\nimport { getLoggerFor } from 'global-logger-factory';\nimport {\n BasePodCreator,\n type PodCreatorInput,\n type PodCreatorOutput,\n type BasePodCreatorArgs,\n ConflictHttpError,\n} from '@solid/community-server';\nimport { ProvisionCodeCodec } from './ProvisionCodeCodec';\nimport { PodLookupRepository } from '../identity/drizzle/PodLookupRepository';\nimport { getIdentityDatabase } from '../identity/drizzle/db';\n\nfunction joinUrlPath(baseUrl: string, relativePath: string): string {\n const normalizedBaseUrl = baseUrl.replace(/\\/+$/u, '');\n const normalizedRelativePath = relativePath.replace(/^\\/+/u, '');\n return `${normalizedBaseUrl}/${normalizedRelativePath}`;\n}\n\nexport interface ProvisionPodCreatorArgs extends BasePodCreatorArgs {\n /** 与 ProvisionHandler 使用相同的 baseUrl 派生签名密钥 */\n provisionBaseUrl?: string;\n /** Optional identity database connection string used to persist Pod-side storage facts. */\n identityDbUrl?: string;\n}\n\nfunction remapPodConflict(error: unknown, podName: string): never {\n const message = error instanceof Error ? error.message : String(error);\n if (/There already is a resource at/i.test(message)) {\n throw new ConflictHttpError(`Pod name \"${podName}\" is already taken for this storage target.`, {\n cause: error instanceof Error ? error : undefined,\n });\n }\n\n throw error;\n}\n\nexport class ProvisionPodCreator extends BasePodCreator {\n private readonly provisionLogger = getLoggerFor(this);\n private readonly codec: ProvisionCodeCodec;\n private readonly podLookupRepo?: PodLookupRepository;\n\n public constructor(args: ProvisionPodCreatorArgs) {\n super(args);\n this.codec = new ProvisionCodeCodec(args.provisionBaseUrl ?? args.baseUrl);\n this.podLookupRepo = args.identityDbUrl ? new PodLookupRepository(getIdentityDatabase(args.identityDbUrl)) : undefined;\n }\n\n public override async handle(input: PodCreatorInput): Promise<PodCreatorOutput> {\n const provisionCode = input.settings?.provisionCode as string | undefined;\n\n if (!provisionCode) {\n return this.handleStandardPodCreate(input);\n }\n\n // SP 模式:解码 provisionCode,回调远端 SP\n const payload = this.codec.decode(provisionCode);\n if (!payload) {\n throw new Error('Invalid or expired provisionCode');\n }\n\n this.provisionLogger.info(`Provisioning pod on remote SP: ${payload.spUrl}`);\n\n // 1. 确定 podName\n const podName = input.name;\n if (!podName) {\n throw new Error('Pod name is required for remote provisioning');\n }\n const webId = input.webId ?? `${this.baseUrl}${podName}/profile/card#me`;\n\n // 2. 回调 SP 创建 Pod\n const callbackUrl = `${payload.spUrl.replace(/\\/$/, '')}/provision/pods`;\n const spResponse = await fetch(callbackUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${payload.serviceToken}`,\n },\n body: JSON.stringify({ podName, webId }),\n });\n\n if (!spResponse.ok) {\n const errBody = await spResponse.text();\n this.provisionLogger.error(`SP callback failed: ${spResponse.status} ${errBody}`);\n if (spResponse.status === 409) {\n throw new ConflictHttpError(parseSpErrorMessage(errBody) ?? `Pod name \"${podName}\" is already taken for this storage target.`);\n }\n throw new Error(`Failed to create pod on SP: ${spResponse.status}`);\n }\n\n const spResult = await spResponse.json() as { podUrl?: string };\n\n // storage URL 优先用 Cloud 分配的子域名,回调用实际地址\n const storageBase = payload.spDomain\n ? `https://${payload.spDomain}`\n : payload.spUrl.replace(/\\/$/, '');\n const canonicalStorageUrl = `${storageBase}/${podName}/`;\n const podUrl = spResult.podUrl || canonicalStorageUrl;\n\n // 3. 链接 WebID 到账户 + 在本地 PodStore 记录\n // base.path 必须在 Cloud 的 identifier space 内(CSS PodStore 会检查),\n // 所以用 Cloud 本地路径;真实的 SP storage URL 通过 podUrl 返回。\n const localBase = this.identifierGenerator.generate(podName);\n const { provisionCode: _provisionCode, ...inputSettings } = input.settings ?? {};\n const podSettings = {\n ...inputSettings,\n base: localBase,\n webId,\n oidcIssuer: this.baseUrl,\n storage: canonicalStorageUrl,\n };\n\n const webIdLink = await this.handleWebId(!input.webId, webId, input.accountId, podSettings);\n const podId = await this.createPod(input.accountId, podSettings, !input.name, webIdLink);\n await this.podLookupRepo?.setStorageUrl(podId, input.accountId, canonicalStorageUrl);\n\n this.provisionLogger.info(`Provisioned pod ${podName} on SP ${payload.spUrl}, podUrl: ${podUrl}`);\n\n return {\n podUrl,\n webId,\n podId,\n webIdLink,\n };\n }\n\n private async handleStandardPodCreate(input: PodCreatorInput): Promise<PodCreatorOutput> {\n const totalStarted = Date.now();\n const baseIdentifier = this.generateBaseIdentifier(input.name);\n const webId = input.webId ?? joinUrlPath(baseIdentifier.path, this.relativeWebIdPath);\n const inputSettings = input.settings as Record<string, unknown> | undefined;\n const oidcIssuer = typeof inputSettings?.oidcIssuer === 'string' ? inputSettings.oidcIssuer : this.baseUrl;\n const podSettings = {\n ...inputSettings,\n base: baseIdentifier,\n webId,\n oidcIssuer,\n storage: baseIdentifier.path,\n };\n\n const webIdStarted = Date.now();\n const webIdLink = await this.handleWebId(!input.webId, webId, input.accountId, podSettings);\n const webIdElapsed = Date.now() - webIdStarted;\n\n const podStarted = Date.now();\n let podId: string;\n try {\n podId = await this.createPod(input.accountId, podSettings, !input.name, webIdLink);\n } catch (error) {\n if (input.name) {\n remapPodConflict(error, input.name);\n }\n throw error;\n }\n const podElapsed = Date.now() - podStarted;\n const totalElapsed = Date.now() - totalStarted;\n\n this.provisionLogger.info(\n `[timing] ProvisionPodCreator.standard account=${input.accountId} pod=${baseIdentifier.path} handleWebId=${webIdElapsed}ms createPod=${podElapsed}ms total=${totalElapsed}ms`,\n );\n\n return {\n podUrl: baseIdentifier.path,\n webId,\n podId,\n webIdLink,\n };\n }\n}\n\nfunction parseSpErrorMessage(body: string): string | undefined {\n try {\n const parsed = JSON.parse(body) as { message?: unknown; error?: unknown };\n return typeof parsed.message === 'string'\n ? parsed.message\n : typeof parsed.error === 'string'\n ? parsed.error\n : undefined;\n } catch {\n return body.trim() || undefined;\n }\n}\n"]}
|