javascript-solid-server 0.0.10 → 0.0.12

package/src/idp/views.js

@@ -0,0 +1,295 @@
+/**
+ * HTML templates for IdP login/consent pages
+ * Minimal, functional design
+ */
+
+const styles = `
+  * { box-sizing: border-box; }
+  body {
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+    background: #f5f5f5;
+    margin: 0;
+    padding: 40px 20px;
+    min-height: 100vh;
+  }
+  .container {
+    max-width: 400px;
+    margin: 0 auto;
+    background: white;
+    border-radius: 12px;
+    box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+    padding: 40px;
+  }
+  h1 {
+    margin: 0 0 8px 0;
+    font-size: 24px;
+    color: #333;
+  }
+  .subtitle {
+    color: #666;
+    margin: 0 0 30px 0;
+    font-size: 14px;
+  }
+  .client-info {
+    background: #f8f9fa;
+    border-radius: 8px;
+    padding: 16px;
+    margin-bottom: 24px;
+  }
+  .client-name {
+    font-weight: 600;
+    color: #333;
+  }
+  .client-uri {
+    font-size: 12px;
+    color: #666;
+    word-break: break-all;
+  }
+  label {
+    display: block;
+    font-size: 14px;
+    font-weight: 500;
+    color: #333;
+    margin-bottom: 6px;
+  }
+  input[type="email"],
+  input[type="password"] {
+    width: 100%;
+    padding: 12px;
+    border: 1px solid #ddd;
+    border-radius: 8px;
+    font-size: 16px;
+    margin-bottom: 16px;
+    transition: border-color 0.2s;
+  }
+  input:focus {
+    outline: none;
+    border-color: #0066cc;
+  }
+  .error {
+    background: #fee;
+    border: 1px solid #fcc;
+    color: #c00;
+    padding: 12px;
+    border-radius: 8px;
+    margin-bottom: 20px;
+    font-size: 14px;
+  }
+  .btn {
+    display: inline-block;
+    padding: 12px 24px;
+    border-radius: 8px;
+    font-size: 16px;
+    font-weight: 500;
+    cursor: pointer;
+    border: none;
+    text-decoration: none;
+    text-align: center;
+    transition: background-color 0.2s;
+  }
+  .btn-primary {
+    background: #0066cc;
+    color: white;
+    width: 100%;
+  }
+  .btn-primary:hover {
+    background: #0052a3;
+  }
+  .btn-secondary {
+    background: #f0f0f0;
+    color: #333;
+    margin-top: 12px;
+    width: 100%;
+  }
+  .btn-secondary:hover {
+    background: #e0e0e0;
+  }
+  .scopes {
+    margin: 20px 0;
+  }
+  .scope {
+    display: flex;
+    align-items: center;
+    padding: 12px;
+    background: #f8f9fa;
+    border-radius: 8px;
+    margin-bottom: 8px;
+  }
+  .scope-icon {
+    width: 24px;
+    height: 24px;
+    margin-right: 12px;
+    opacity: 0.6;
+  }
+  .scope-name {
+    font-weight: 500;
+  }
+  .scope-desc {
+    font-size: 12px;
+    color: #666;
+  }
+  .actions {
+    margin-top: 24px;
+  }
+  .logo {
+    text-align: center;
+    margin-bottom: 24px;
+  }
+  .logo svg {
+    width: 48px;
+    height: 48px;
+  }
+`;
+
+const solidLogo = `
+<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+  <circle cx="50" cy="50" r="45" fill="#7C4DFF" />
+  <path d="M30 50 L45 65 L70 40" stroke="white" stroke-width="8" fill="none" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
+`;
+
+const scopeDescriptions = {
+  openid: 'Access your identity',
+  webid: 'Access your WebID',
+  profile: 'Access your name',
+  email: 'Access your email address',
+  offline_access: 'Stay logged in',
+};
+
+/**
+ * Login page HTML
+ */
+export function loginPage(uid, clientId, error = null) {
+  return `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Sign In - Solid IdP</title>
+  <style>${styles}</style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">${solidLogo}</div>
+    <h1>Sign In</h1>
+    <p class="subtitle">Sign in to your Solid Pod</p>
+
+    ${error ? `<div class="error">${escapeHtml(error)}</div>` : ''}
+
+    <form method="POST" action="/idp/interaction/${uid}/login">
+      <label for="email">Email</label>
+      <input type="email" id="email" name="email" required autofocus placeholder="you@example.com">
+
+      <label for="password">Password</label>
+      <input type="password" id="password" name="password" required placeholder="Your password">
+
+      <button type="submit" class="btn btn-primary">Sign In</button>
+    </form>
+
+    <form method="POST" action="/idp/interaction/${uid}/abort">
+      <button type="submit" class="btn btn-secondary">Cancel</button>
+    </form>
+  </div>
+</body>
+</html>
+  `;
+}
+
+/**
+ * Consent page HTML
+ */
+export function consentPage(uid, client, params, account) {
+  const scopes = (params.scope || 'openid').split(' ').filter(Boolean);
+  const clientName = client?.clientName || client?.client_id || 'Unknown App';
+  const clientUri = client?.clientUri || client?.redirect_uris?.[0] || '';
+
+  const scopeItems = scopes.map(scope => `
+    <div class="scope">
+      <div class="scope-icon">✓</div>
+      <div>
+        <div class="scope-name">${escapeHtml(scope)}</div>
+        <div class="scope-desc">${escapeHtml(scopeDescriptions[scope] || 'Access requested')}</div>
+      </div>
+    </div>
+  `).join('');
+
+  return `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Authorize - Solid IdP</title>
+  <style>${styles}</style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">${solidLogo}</div>
+    <h1>Authorize Access</h1>
+    <p class="subtitle">Allow this app to access your data?</p>
+
+    <div class="client-info">
+      <div class="client-name">${escapeHtml(clientName)}</div>
+      ${clientUri ? `<div class="client-uri">${escapeHtml(clientUri)}</div>` : ''}
+    </div>
+
+    ${account ? `<p>Signed in as <strong>${escapeHtml(account.email)}</strong></p>` : ''}
+
+    <div class="scopes">
+      <label>This app is requesting access to:</label>
+      ${scopeItems}
+    </div>
+
+    <div class="actions">
+      <form method="POST" action="/idp/interaction/${uid}/confirm">
+        <button type="submit" class="btn btn-primary">Allow Access</button>
+      </form>
+
+      <form method="POST" action="/idp/interaction/${uid}/abort">
+        <button type="submit" class="btn btn-secondary">Deny</button>
+      </form>
+    </div>
+  </div>
+</body>
+</html>
+  `;
+}
+
+/**
+ * Error page HTML
+ */
+export function errorPage(title, message) {
+  return `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Error - Solid IdP</title>
+  <style>${styles}</style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">${solidLogo}</div>
+    <h1 style="color: #c00;">${escapeHtml(title)}</h1>
+    <p>${escapeHtml(message)}</p>
+    <a href="/" class="btn btn-secondary">Go Home</a>
+  </div>
+</body>
+</html>
+  `;
+}
+
+/**
+ * Escape HTML to prevent XSS
+ */
+function escapeHtml(text) {
+  if (!text) return '';
+  return String(text)
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#039;');
+}

package/src/server.js

@@ -4,6 +4,7 @@ import { handlePost, handleCreatePod } from './handlers/container.js';
 import { getCorsHeaders } from './ldp/headers.js';
 import { authorize, handleUnauthorized } from './auth/middleware.js';
 import { notificationsPlugin } from './notifications/index.js';
+import { idpPlugin } from './idp/index.js';
 
 /**
  * Create and configure Fastify server
@@ -11,19 +12,42 @@ import { notificationsPlugin } from './notifications/index.js';
  * @param {boolean} options.logger - Enable logging (default true)
  * @param {boolean} options.conneg - Enable content negotiation for RDF (default false)
  * @param {boolean} options.notifications - Enable WebSocket notifications (default false)
+ * @param {boolean} options.idp - Enable built-in Identity Provider (default false)
+ * @param {string} options.idpIssuer - IdP issuer URL (default: server URL)
+ * @param {object} options.ssl - SSL configuration { key, cert } (default null)
+ * @param {string} options.root - Data directory path (default from env or ./data)
  */
 export function createServer(options = {}) {
   // Content negotiation is OFF by default - we're a JSON-LD native server
   const connegEnabled = options.conneg ?? false;
   // WebSocket notifications are OFF by default
   const notificationsEnabled = options.notifications ?? false;
+  // Identity Provider is OFF by default
+  const idpEnabled = options.idp ?? false;
+  const idpIssuer = options.idpIssuer;
 
-  const fastify = Fastify({
+  // Set data root via environment variable if provided
+  if (options.root) {
+    process.env.DATA_ROOT = options.root;
+  }
+
+  // Fastify options
+  const fastifyOptions = {
     logger: options.logger ?? true,
     trustProxy: true,
     // Handle raw body for non-JSON content
     bodyLimit: 10 * 1024 * 1024 // 10MB
-  });
+  };
+
+  // Add HTTPS support if SSL config provided
+  if (options.ssl && options.ssl.key && options.ssl.cert) {
+    fastifyOptions.https = {
+      key: options.ssl.key,
+      cert: options.ssl.cert,
+    };
+  }
+
+  const fastify = Fastify(fastifyOptions);
 
   // Add raw body parser for all content types
   fastify.addContentTypeParser('*', { parseAs: 'buffer' }, (req, body, done) => {
@@ -33,9 +57,11 @@ export function createServer(options = {}) {
   // Attach server config to requests
   fastify.decorateRequest('connegEnabled', null);
   fastify.decorateRequest('notificationsEnabled', null);
+  fastify.decorateRequest('idpEnabled', null);
   fastify.addHook('onRequest', async (request) => {
     request.connegEnabled = connegEnabled;
     request.notificationsEnabled = notificationsEnabled;
+    request.idpEnabled = idpEnabled;
   });
 
   // Register WebSocket notifications plugin if enabled
@@ -43,6 +69,11 @@ export function createServer(options = {}) {
     fastify.register(notificationsPlugin);
   }
 
+  // Register Identity Provider plugin if enabled
+  if (idpEnabled) {
+    fastify.register(idpPlugin, { issuer: idpIssuer });
+  }
+
   // Global CORS preflight
   fastify.addHook('onRequest', async (request, reply) => {
     // Add CORS headers to all responses
@@ -54,21 +85,17 @@ export function createServer(options = {}) {
       const wsProtocol = request.protocol === 'https' ? 'wss' : 'ws';
       reply.header('Updates-Via', `${wsProtocol}://${request.hostname}/.notifications`);
     }
-
-    // Handle preflight OPTIONS
-    if (request.method === 'OPTIONS') {
-      // Add Allow header for LDP compliance
-      reply.header('Allow', 'GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS');
-      reply.code(204).send();
-      return reply;
-    }
+    // Note: OPTIONS requests are handled by handleOptions to include Accept-* headers
   });
 
   // Authorization hook - check WAC permissions
   // Skip for pod creation endpoint (needs special handling)
   fastify.addHook('preHandler', async (request, reply) => {
-    // Skip auth for pod creation and OPTIONS
-    if (request.url === '/.pods' || request.method === 'OPTIONS') {
+    // Skip auth for pod creation, OPTIONS, IdP routes, and well-known endpoints
+    if (request.url === '/.pods' ||
+        request.method === 'OPTIONS' ||
+        request.url.startsWith('/idp/') ||
+        request.url.startsWith('/.well-known/')) {
       return;
     }