javascript-solid-server 0.0.11 → 0.0.13

package/data/bob/private/.acl

@@ -0,0 +1,32 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/bob/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/private/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/private/"
+      }
+    }
+  ]
+}

package/data/bob/settings/.acl

@@ -0,0 +1,32 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:3457/bob/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:3457/bob/settings/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:3457/bob/settings/"
+      }
+    }
+  ]
+}

package/data/bob/settings/prefs

@@ -0,0 +1,17 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#",
+    "pim": "http://www.w3.org/ns/pim/space#",
+    "publicTypeIndex": {
+      "@id": "solid:publicTypeIndex",
+      "@type": "@id"
+    },
+    "privateTypeIndex": {
+      "@id": "solid:privateTypeIndex",
+      "@type": "@id"
+    }
+  },
+  "@id": "http://localhost:3457/bob/settings/prefs",
+  "publicTypeIndex": "http://localhost:3457/bob/settings/publicTypeIndex",
+  "privateTypeIndex": "http://localhost:3457/bob/settings/privateTypeIndex"
+}

package/data/bob/settings/privateTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:3457/bob/settings/privateTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/data/bob/settings/publicTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:3457/bob/settings/publicTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.11",
+  "version": "0.0.13",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -19,15 +19,19 @@
     "start": "node bin/jss.js start",
     "dev": "node --watch bin/jss.js start",
     "test": "node --test --test-concurrency=1",
+    "test:cth": "node scripts/test-cth-compat.js",
     "benchmark": "node benchmark.js"
   },
   "dependencies": {
+    "@fastify/middie": "^8.3.3",
     "@fastify/websocket": "^8.3.1",
+    "bcrypt": "^6.0.0",
     "commander": "^14.0.2",
     "fastify": "^4.25.2",
     "fs-extra": "^11.2.0",
     "jose": "^6.1.3",
-    "n3": "^1.26.0"
+    "n3": "^1.26.0",
+    "oidc-provider": "^9.6.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/scripts/test-cth-compat.js

@@ -0,0 +1,369 @@
+#!/usr/bin/env node
+/**
+ * CTH Compatibility Test Script
+ *
+ * Tests that JSS is configured correctly for the Solid Conformance Test Harness.
+ *
+ * Usage:
+ *   node scripts/test-cth-compat.js [--port 3000] [--run-cth]
+ */
+
+import { createServer } from '../src/server.js';
+import fs from 'fs-extra';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// Configuration
+const PORT = parseInt(process.argv.find(a => a.startsWith('--port='))?.split('=')[1] || '3456');
+const RUN_CTH = process.argv.includes('--run-cth');
+const BASE_URL = `http://localhost:${PORT}`;
+const DATA_DIR = path.join(__dirname, '../.test-cth-data');
+
+// Test users
+const ALICE = {
+  name: 'alice',
+  email: 'alice@test.local',
+  password: 'alicepassword123',
+};
+
+const BOB = {
+  name: 'bob',
+  email: 'bob@test.local',
+  password: 'bobpassword123',
+};
+
+// Colors for output
+const GREEN = '\x1b[32m';
+const RED = '\x1b[31m';
+const YELLOW = '\x1b[33m';
+const CYAN = '\x1b[36m';
+const RESET = '\x1b[0m';
+
+function log(msg, color = RESET) {
+  console.log(`${color}${msg}${RESET}`);
+}
+
+function pass(msg) {
+  log(`  ✓ ${msg}`, GREEN);
+}
+
+function fail(msg) {
+  log(`  ✗ ${msg}`, RED);
+}
+
+function info(msg) {
+  log(`  ℹ ${msg}`, CYAN);
+}
+
+async function main() {
+  log('\n=== JSS CTH Compatibility Test ===\n', CYAN);
+
+  let server;
+  let passed = 0;
+  let failed = 0;
+
+  try {
+    // Clean up and prepare
+    await fs.remove(DATA_DIR);
+    await fs.ensureDir(DATA_DIR);
+
+    // Start server with IdP
+    log('Starting server with IdP enabled...', YELLOW);
+    server = createServer({
+      logger: false,
+      root: DATA_DIR,
+      idp: true,
+      idpIssuer: BASE_URL,
+    });
+
+    await server.listen({ port: PORT, host: 'localhost' });
+    pass(`Server running at ${BASE_URL}`);
+    passed++;
+
+    // Test 1: OIDC Discovery
+    log('\n1. OIDC Discovery', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/.well-known/openid-configuration`);
+      if (res.status === 200) {
+        const config = await res.json();
+        if (config.issuer === BASE_URL) {
+          pass('/.well-known/openid-configuration returns valid config');
+          passed++;
+        } else {
+          fail(`Issuer mismatch: expected ${BASE_URL}, got ${config.issuer}`);
+          failed++;
+        }
+      } else {
+        fail(`OIDC discovery returned ${res.status}`);
+        failed++;
+      }
+    }
+
+    // Test 2: JWKS
+    log('\n2. JWKS Endpoint', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/.well-known/jwks.json`);
+      if (res.status === 200) {
+        const jwks = await res.json();
+        if (jwks.keys?.length > 0) {
+          pass('/.well-known/jwks.json returns keys');
+          passed++;
+        } else {
+          fail('JWKS has no keys');
+          failed++;
+        }
+      } else {
+        fail(`JWKS returned ${res.status}`);
+        failed++;
+      }
+    }
+
+    // Test 3: Create Alice
+    log('\n3. Create Test User: Alice', YELLOW);
+    let aliceWebId, aliceToken;
+    {
+      const res = await fetch(`${BASE_URL}/.pods`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(ALICE),
+      });
+
+      if (res.status === 201) {
+        const data = await res.json();
+        aliceWebId = data.webId;
+        pass(`Created Alice: ${aliceWebId}`);
+        passed++;
+      } else {
+        const err = await res.text();
+        fail(`Failed to create Alice: ${res.status} - ${err}`);
+        failed++;
+      }
+    }
+
+    // Test 4: Create Bob
+    log('\n4. Create Test User: Bob', YELLOW);
+    let bobWebId;
+    {
+      const res = await fetch(`${BASE_URL}/.pods`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(BOB),
+      });
+
+      if (res.status === 201) {
+        const data = await res.json();
+        bobWebId = data.webId;
+        pass(`Created Bob: ${bobWebId}`);
+        passed++;
+      } else {
+        const err = await res.text();
+        fail(`Failed to create Bob: ${res.status} - ${err}`);
+        failed++;
+      }
+    }
+
+    // Test 5: Credentials endpoint - JSON
+    log('\n5. Credentials Endpoint (JSON)', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/idp/credentials`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email: ALICE.email, password: ALICE.password }),
+      });
+
+      if (res.status === 200) {
+        const data = await res.json();
+        if (data.access_token && data.webid) {
+          aliceToken = data.access_token;
+          pass(`Got token for Alice (type: ${data.token_type})`);
+          passed++;
+        } else {
+          fail('Missing access_token or webid in response');
+          failed++;
+        }
+      } else {
+        const err = await res.text();
+        fail(`Credentials endpoint failed: ${res.status} - ${err}`);
+        failed++;
+      }
+    }
+
+    // Test 6: Credentials endpoint - Form encoded
+    log('\n6. Credentials Endpoint (Form-encoded)', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/idp/credentials`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: `email=${encodeURIComponent(BOB.email)}&password=${encodeURIComponent(BOB.password)}`,
+      });
+
+      if (res.status === 200) {
+        const data = await res.json();
+        if (data.access_token) {
+          pass('Form-encoded credentials work');
+          passed++;
+        } else {
+          fail('Missing access_token in response');
+          failed++;
+        }
+      } else {
+        const err = await res.text();
+        fail(`Form-encoded credentials failed: ${res.status} - ${err}`);
+        failed++;
+      }
+    }
+
+    // Test 7: Invalid credentials
+    log('\n7. Invalid Credentials Handling', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/idp/credentials`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email: ALICE.email, password: 'wrongpassword' }),
+      });
+
+      if (res.status === 401) {
+        pass('Returns 401 for invalid password');
+        passed++;
+      } else {
+        fail(`Expected 401, got ${res.status}`);
+        failed++;
+      }
+    }
+
+    // Test 8: Token authentication
+    log('\n8. Token Authentication', YELLOW);
+    {
+      if (aliceToken) {
+        const res = await fetch(`${BASE_URL}/alice/`, {
+          headers: { 'Authorization': `Bearer ${aliceToken}` },
+        });
+
+        if (res.status === 200) {
+          pass('Token grants access to own pod');
+          passed++;
+        } else {
+          fail(`Token auth failed: ${res.status}`);
+          failed++;
+        }
+      } else {
+        fail('No token available to test');
+        failed++;
+      }
+    }
+
+    // Test 9: Write with token
+    log('\n9. Write with Token', YELLOW);
+    {
+      if (aliceToken) {
+        const res = await fetch(`${BASE_URL}/alice/public/test.json`, {
+          method: 'PUT',
+          headers: {
+            'Authorization': `Bearer ${aliceToken}`,
+            'Content-Type': 'application/ld+json',
+          },
+          body: JSON.stringify({ '@id': '#test', 'http://example.org/value': 42 }),
+        });
+
+        if ([200, 201, 204].includes(res.status)) {
+          pass('Can write to pod with token');
+          passed++;
+        } else {
+          fail(`Write failed: ${res.status}`);
+          failed++;
+        }
+      } else {
+        fail('No token available to test');
+        failed++;
+      }
+    }
+
+    // Test 10: Public read
+    log('\n10. Public Read Access', YELLOW);
+    {
+      const res = await fetch(`${BASE_URL}/alice/public/test.json`);
+
+      if (res.status === 200) {
+        pass('Public resources are readable');
+        passed++;
+      } else {
+        fail(`Public read failed: ${res.status}`);
+        failed++;
+      }
+    }
+
+    // Summary
+    log('\n=== Summary ===\n', CYAN);
+    log(`Passed: ${passed}`, GREEN);
+    if (failed > 0) {
+      log(`Failed: ${failed}`, RED);
+    }
+
+    // Generate CTH env file
+    log('\n=== CTH Configuration ===\n', CYAN);
+
+    const envContent = `# CTH Environment for JSS
+# Generated by test-cth-compat.js
+
+SOLID_IDENTITY_PROVIDER=${BASE_URL}
+RESOURCE_SERVER_ROOT=${BASE_URL}
+TEST_CONTAINER=alice/public/
+
+USERS_ALICE_WEBID=${aliceWebId || `${BASE_URL}/alice/#me`}
+USERS_ALICE_USERNAME=${ALICE.email}
+USERS_ALICE_PASSWORD=${ALICE.password}
+
+USERS_BOB_WEBID=${bobWebId || `${BASE_URL}/bob/#me`}
+USERS_BOB_USERNAME=${BOB.email}
+USERS_BOB_PASSWORD=${BOB.password}
+
+LOGIN_ENDPOINT=${BASE_URL}/idp/credentials
+
+# For self-signed certs
+ALLOW_SELF_SIGNED_CERTS=true
+`;
+
+    const envPath = path.join(__dirname, '../cth.env');
+    await fs.writeFile(envPath, envContent);
+    info(`CTH env file written to: ${envPath}`);
+
+    log('\nTo run CTH:', YELLOW);
+    log(`
+  # Keep JSS running with IdP:
+  JSS_PORT=${PORT} jss start --idp
+
+  # In another terminal, run CTH:
+  docker run -i --rm \\
+    --network host \\
+    -v "$(pwd)"/reports:/reports \\
+    --env-file=cth.env \\
+    solidproject/conformance-test-harness \\
+    --output=/reports \\
+    --target=jss
+`);
+
+    if (RUN_CTH) {
+      log('\nRunning CTH (this may take a while)...', YELLOW);
+      // Would spawn docker here, but keeping server running is complex
+      info('CTH auto-run not implemented yet. Run manually with commands above.');
+    }
+
+  } catch (err) {
+    fail(`Error: ${err.message}`);
+    console.error(err);
+    failed++;
+  } finally {
+    // Cleanup
+    if (server) {
+      await server.close();
+    }
+    await fs.remove(DATA_DIR);
+  }
+
+  // Exit with error code if any tests failed
+  process.exit(failed > 0 ? 1 : 0);
+}
+
+main();

package/src/config.js

@@ -29,6 +29,10 @@ export const defaults = {
   conneg: false,
   notifications: false,
 
+  // Identity Provider
+  idp: false,
+  idpIssuer: null,
+
   // Logging
   logger: true,
   quiet: false,
@@ -51,6 +55,8 @@ const envMap = {
   JSS_NOTIFICATIONS: 'notifications',
   JSS_QUIET: 'quiet',
   JSS_CONFIG_PATH: 'configPath',
+  JSS_IDP: 'idp',
+  JSS_IDP_ISSUER: 'idpIssuer',
 };
 
 /**
@@ -181,5 +187,6 @@ export function printConfig(config) {
   console.log(`  Multi-user:    ${config.multiuser}`);
   console.log(`  Conneg:        ${config.conneg}`);
   console.log(`  Notifications: ${config.notifications}`);
+  console.log(`  IdP:           ${config.idp ? (config.idpIssuer || 'enabled') : 'disabled'}`);
   console.log('─'.repeat(40));
 }

package/src/handlers/container.js

@@ -110,6 +110,7 @@ export async function handlePost(request, reply) {
 /**
  * Create a pod (container) for a user
  * POST /.pods with { "name": "alice" }
+ * With IdP enabled: { "name": "alice", "email": "alice@example.com", "password": "secret" }
  *
  * Creates the following structure:
  *   /{name}/
@@ -122,12 +123,23 @@ export async function handlePost(request, reply) {
  *   /{name}/settings/privateTypeIndex
  */
 export async function handleCreatePod(request, reply) {
-  const { name } = request.body || {};
+  const { name, email, password } = request.body || {};
+  const idpEnabled = request.idpEnabled;
 
   if (!name || typeof name !== 'string') {
     return reply.code(400).send({ error: 'Pod name required' });
   }
 
+  // If IdP is enabled, require email and password
+  if (idpEnabled) {
+    if (!email || typeof email !== 'string') {
+      return reply.code(400).send({ error: 'Email required for account creation' });
+    }
+    if (!password || password.length < 8) {
+      return reply.code(400).send({ error: 'Password required (minimum 8 characters)' });
+    }
+  }
+
   // Validate pod name (alphanumeric, dash, underscore)
   if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
     return reply.code(400).send({ error: 'Invalid pod name. Use alphanumeric, dash, or underscore only.' });
@@ -200,7 +212,28 @@ export async function handleCreatePod(request, reply) {
 
   Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
 
-  // Generate token for the pod owner
+  // If IdP is enabled, create account instead of simple token
+  if (idpEnabled) {
+    try {
+      const { createAccount } = await import('../idp/accounts.js');
+      await createAccount({ email, password, webId, podName: name });
+
+      return reply.code(201).send({
+        name,
+        webId,
+        podUri,
+        idpIssuer: issuer,
+        loginUrl: `${issuer}/idp/auth`,
+      });
+    } catch (err) {
+      console.error('Account creation error:', err);
+      // Rollback pod creation on account failure
+      await storage.remove(podPath);
+      return reply.code(409).send({ error: err.message });
+    }
+  }
+
+  // Generate token for the pod owner (simple auth mode)
   const token = createToken(webId);
 
   return reply.code(201).send({