javascript-solid-server 0.0.12 → 0.0.15

package/.claude/settings.local.json

@@ -25,7 +25,33 @@
       "Bash(timeout 5 node:*)",
       "Bash(npm view:*)",
       "Bash(npm ls:*)",
-      "Bash(timeout 10 node:*)"
+      "Bash(timeout 10 node:*)",
+      "Bash(npm run test:cth:*)",
+      "Bash(__NEW_LINE__ curl -s -X POST http://localhost:4000/.pods )",
+      "Bash(lsof:*)",
+      "Bash(xargs kill -9)",
+      "Bash(docker:*)",
+      "Bash(solidproject/conformance-test-harness )",
+      "Bash(timeout 30 node:*)",
+      "Bash(timeout 20 node:*)",
+      "Bash(timeout 25 node:*)",
+      "Bash(JSS_PORT=4000 JSS_CONNEG=true timeout 5 node:*)",
+      "Bash(pgrep:*)",
+      "Bash(python3:*)",
+      "Bash(ls:*)",
+      "Bash(timeout 15 node:*)",
+      "Bash(echo 'No .idp folder' echo find /home/melvin/remote/github.com/JavaScriptSolidServer/JavaScriptSolidServer/data/.idp/ -name *.json)",
+      "Bash(echo '=== Interactions ===' ls -la /home/melvin/remote/github.com/JavaScriptSolidServer/JavaScriptSolidServer/data/.idp/interaction/ echo echo '=== Latest interaction ===' cat /home/melvin/remote/github.com/JavaScriptSolidServer/JavaScriptSolidServer/data/.idp/interaction/*.json)",
+      "Bash(1 echo \"\" echo \"=== Server errors ===\" grep -E \"(error|Error)\" /tmp/jss.log)",
+      "Bash(echo 'Server not ready' curl -s -X POST http://localhost:4000/.pods -H 'Content-Type: application/json' -d {\"\"name\"\":\"\"alice\"\",\"\"email\"\":\"\"alice@example.com\"\",\"\"password\"\":\"\"alicepassword123\"\"})",
+      "Bash(head -1 curl -s -X POST http://localhost:4000/.pods -H \"Content-Type: application/json\" -d '{\"\"\"\"name\"\"\"\":\"\"\"\"bob\"\"\"\",\"\"\"\"email\"\"\"\":\"\"\"\"bob@example.com\"\"\"\",\"\"\"\"password\"\"\"\":\"\"\"\"bobpassword123\"\"\"\"}')",
+      "Bash(xargs:*)",
+      "Bash(fuser:*)",
+      "Bash(kill:*)",
+      "Bash(ACCESS_TOKEN=\"eyJhbGciOiJFUzI1NiIsImtpZCI6IjQwY2U0YzIzLWY2OWQtNDU4NS05ODg2LTE4MDQzZWIyZjU2ZCJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAvIiwic3ViIjoiYjhlZjY5YWUtODc0ZS00MDg5LThiMDktOGQwY2QyM2VlZWY3IiwiYXVkIjoic29saWQiLCJ3ZWJpZCI6Imh0dHA6Ly9sb2NhbGhvc3Q0MDAwL2FsaWNlLyNtZSIsImlhdCI6MTc2NjgyOTQ5MiwiZXhwIjoxNzY2ODMzMDkyLCJqdGkiOiIwMWY4ODVlZS05ZjY2LTQ3M2MtYmZkNC05MWM4ZGU3NGJhZjYiLCJjbGllbnRfaWQiOiJjcmVkZW50aWFsc19jbGllbnQiLCJzY29wZSI6Im9wZW5pZCB3ZWJpZCJ9.DYTlSRkORyDN28XtXk-zbR7xNLViD97KkPqUKb6chV860BaIgwa1suif4TxHQDnK_ejvbvmZ46_n5WwwRnf_Zw\" curl -sI -X PUT http://localhost:4000/alice/cth-test/ -H \"Content-Type: text/turtle\" -H \"Authorization: Bearer $ACCESS_TOKEN\")",
+      "Bash(timeout 60 docker run:*)",
+      "Bash(rm:*)",
+      "Bash(mkdir:*)"
     ]
   }
 }

package/CTH.md

@@ -0,0 +1,222 @@
+# Running Solid Conformance Test Harness (CTH)
+
+Step-by-step instructions for running the Solid Conformance Test Harness against this server.
+
+## Prerequisites
+
+- Node.js 18+
+- Docker
+- Port 4000 available
+
+## Quick Start
+
+```bash
+# 1. Kill any existing server on port 4000
+fuser -k 4000/tcp 2>/dev/null || true
+
+# 2. Clean data directory
+rm -rf data && mkdir data
+
+# 3. Start server with IdP and content negotiation
+JSS_PORT=4000 JSS_CONNEG=true JSS_IDP=true node bin/jss.js start &
+
+# 4. Wait for server to be ready
+sleep 3
+curl -s http://localhost:4000/ > /dev/null && echo "Server ready"
+
+# 5. Create test users
+curl -s -X POST http://localhost:4000/.pods \
+  -H "Content-Type: application/json" \
+  -d '{"name": "alice", "email": "alice@example.com", "password": "alicepassword123"}'
+
+curl -s -X POST http://localhost:4000/.pods \
+  -H "Content-Type: application/json" \
+  -d '{"name": "bob", "email": "bob@example.com", "password": "bobpassword123"}'
+
+# 6. Create test container (required by CTH)
+mkdir -p data/alice/cth-test
+
+# 7. Run authentication tests (assumes test-subjects.ttl and cth.env exist - see Configuration Files below)
+docker run --rm --network=host \
+  -v $(pwd)/test-subjects.ttl:/app/test-subjects.ttl \
+  --env-file cth.env \
+  -e SUBJECTS=/app/test-subjects.ttl \
+  solidproject/conformance-test-harness:latest \
+  --target="https://github.com/solid/conformance-test-harness/jss" \
+  --filter="authentication"
+```
+
+## Configuration Files
+
+### Test Subjects File (test-subjects.ttl)
+
+Create `test-subjects.ttl`:
+
+```turtle
+@base <https://github.com/solid/conformance-test-harness/> .
+@prefix solid-test: <https://github.com/solid/conformance-test-harness/vocab#> .
+@prefix doap: <http://usefulinc.com/ns/doap#> .
+@prefix earl: <http://www.w3.org/ns/earl#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+
+<jss>
+    a earl:Software, earl:TestSubject ;
+    doap:name "JavaScript Solid Server"@en ;
+    doap:release <jss#test-subject-release> ;
+    doap:developer <https://github.com/JavaScriptSolidServer> ;
+    doap:homepage <https://github.com/JavaScriptSolidServer/JavaScriptSolidServer> ;
+    doap:description "A minimal, fast, JSON-LD native Solid server."@en ;
+    doap:programming-language "JavaScript"@en ;
+    solid-test:skip "acp", "wac", "wac-allow-public" .
+
+<jss#test-subject-release>
+    doap:revision "0.0.14"@en ;
+    doap:created "2025-12-27"^^xsd:date .
+```
+
+### Environment File (cth.env)
+
+Create `cth.env`:
+
+```bash
+SERVER_ROOT=http://localhost:4000
+TEST_CONTAINER=/alice/cth-test/
+RESOURCE_SERVER_ROOT=http://localhost:4000
+LOGIN_ENDPOINT=http://localhost:4000/idp/credentials
+SOLID_IDENTITY_PROVIDER=http://localhost:4000/
+USERS_ALICE_IDP=http://localhost:4000/
+USERS_BOB_IDP=http://localhost:4000/
+USERS_ALICE_WEBID=http://localhost:4000/alice/#me
+USERS_BOB_WEBID=http://localhost:4000/bob/#me
+USERS_ALICE_USERNAME=alice@example.com
+USERS_ALICE_PASSWORD=alicepassword123
+USERS_BOB_USERNAME=bob@example.com
+USERS_BOB_PASSWORD=bobpassword123
+```
+
+### Environment Variables Reference
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `SERVER_ROOT` | Server base URL | `http://localhost:4000` |
+| `TEST_CONTAINER` | Path to test container | `/alice/cth-test/` |
+| `SOLID_IDENTITY_PROVIDER` | IdP issuer URL (with trailing slash) | `http://localhost:4000/` |
+| `USERS_ALICE_IDP` | Alice's IdP | `http://localhost:4000/` |
+| `USERS_ALICE_WEBID` | Alice's WebID | `http://localhost:4000/alice/#me` |
+| `USERS_ALICE_USERNAME` | Alice's email | `alice@example.com` |
+| `USERS_ALICE_PASSWORD` | Alice's password | `alicepassword123` |
+| `USERS_BOB_IDP` | Bob's IdP | `http://localhost:4000/` |
+| `USERS_BOB_WEBID` | Bob's WebID | `http://localhost:4000/bob/#me` |
+| `USERS_BOB_USERNAME` | Bob's email | `bob@example.com` |
+| `USERS_BOB_PASSWORD` | Bob's password | `bobpassword123` |
+| `SUBJECTS` | Path to test-subjects.ttl inside container | `/app/test-subjects.ttl` |
+
+## Running Specific Test Suites
+
+### Authentication Tests (6 scenarios)
+
+```bash
+docker run --rm --network=host \
+  --env-file cth.env \
+  -v $(pwd)/test-subjects.ttl:/app/test-subjects.ttl \
+  -e SUBJECTS=/app/test-subjects.ttl \
+  solidproject/conformance-test-harness:latest \
+  --target="https://github.com/solid/conformance-test-harness/jss" \
+  --filter="authentication"
+```
+
+**Expected result:** 6/6 scenarios passing
+
+### All Protocol Tests
+
+```bash
+docker run --rm --network=host \
+  --env-file cth.env \
+  -v $(pwd)/test-subjects.ttl:/app/test-subjects.ttl \
+  -e SUBJECTS=/app/test-subjects.ttl \
+  solidproject/conformance-test-harness:latest \
+  --target="https://github.com/solid/conformance-test-harness/jss"
+```
+
+## Interpreting Results
+
+### Success Output
+
+```
+scenarios:  6 | passed:  6 | failed:  0 | time: 0.6349
+  MustFeatures  passed: 1, failed: 0
+  MustScenarios passed: 6, failed: 0
+```
+
+### Failure Output
+
+```
+scenarios:  6 | passed:  4 | failed:  2 | time: 0.7952
+Then status 401
+status code was: 200, expected: 401, response time in milliseconds: 15
+```
+
+## Troubleshooting
+
+### "Cannot get ACL url for root test container"
+
+The test container doesn't exist. Create it:
+
+```bash
+mkdir -p data/alice/cth-test
+```
+
+### "Failed to read WebID Document" (401)
+
+The WebID profile is not publicly readable. Check that the pod's ACL allows public read on the container itself (but not necessarily on children).
+
+### "NullPointerException" during authentication
+
+Usually means the IdP isn't returning proper responses. Check:
+1. Server is running with `--idp` flag
+2. Issuer URL has trailing slash
+3. Users were created with email and password
+
+### "DPoP htu mismatch"
+
+URL mismatch in DPoP proof validation. Check that issuer URL doesn't have double slashes.
+
+### Token format errors
+
+Ensure the server returns JWT access tokens with:
+- `aud: "solid"` claim
+- 3-part JWT format (header.payload.signature)
+- `webid` claim
+
+## Server Requirements for CTH
+
+The server must support:
+
+1. **Solid-OIDC Identity Provider**
+   - OIDC discovery at `/.well-known/openid-configuration`
+   - JWKS at `/.well-known/jwks.json`
+   - Dynamic client registration at `/idp/reg`
+   - Credentials endpoint at `/idp/credentials` (for programmatic login)
+
+2. **DPoP Token Binding**
+   - RS256 and ES256 algorithms
+   - Proper `cnf.jkt` claim in tokens
+
+3. **WWW-Authenticate Header**
+   - 401 responses must include `WWW-Authenticate: DPoP realm="..."`
+
+4. **Container Creation via PUT**
+   - PUT to path ending with `/` creates container
+
+5. **ACL Inheritance**
+   - Children should NOT inherit public read by default
+   - Only owner permissions should have `acl:default`
+
+## Current CTH Status (v0.0.14)
+
+| Test Suite | Status |
+|------------|--------|
+| Authentication | 6/6 passing |
+| Protocol (other) | Not yet tested |
+| WAC | Skipped |
+| ACP | Skipped |

package/README.md

@@ -54,7 +54,7 @@ npm run benchmark
 
 ## Features
 
-### Implemented (v0.0.12)
+### Implemented (v0.0.15)
 
 - **LDP CRUD Operations** - GET, PUT, POST, DELETE, HEAD
 - **N3 Patch** - Solid's native patch format for RDF updates
@@ -306,6 +306,28 @@ Response:
 
 OIDC Discovery: `/.well-known/openid-configuration`
 
+### Programmatic Login (CTH Compatible)
+
+For automated testing and scripts, use the credentials endpoint:
+
+```bash
+curl -X POST http://localhost:3000/idp/credentials \
+  -H "Content-Type: application/json" \
+  -d '{"email": "alice@example.com", "password": "secret123"}'
+```
+
+Response:
+```json
+{
+  "access_token": "...",
+  "token_type": "Bearer",
+  "expires_in": 3600,
+  "webid": "http://localhost:3000/alice/#me"
+}
+```
+
+For DPoP-bound tokens (Solid-OIDC compliant), include a DPoP proof header.
+
 ### Solid-OIDC (External IdP)
 
 The server also accepts DPoP-bound access tokens from external Solid identity providers:
@@ -355,7 +377,38 @@ Server: pub http://localhost:3000/alice/public/data.json  (on change)
 npm test
 ```
 
-Currently passing: **174 tests** (including 27 conformance tests)
+Currently passing: **182 tests** (including 27 conformance tests)
+
+### Conformance Test Harness (CTH)
+
+This server passes the Solid Conformance Test Harness authentication tests:
+
+```bash
+# Start server with IdP and content negotiation
+JSS_PORT=4000 JSS_CONNEG=true JSS_IDP=true jss start
+
+# Create test users
+curl -X POST http://localhost:4000/.pods \
+  -H "Content-Type: application/json" \
+  -d '{"name": "alice", "email": "alice@example.com", "password": "alicepassword123"}'
+
+curl -X POST http://localhost:4000/.pods \
+  -H "Content-Type: application/json" \
+  -d '{"name": "bob", "email": "bob@example.com", "password": "bobpassword123"}'
+
+# Run CTH authentication tests
+docker run --rm --network=host \
+  -e SOLID_IDENTITY_PROVIDER="http://localhost:4000/" \
+  -e USERS_ALICE_WEBID="http://localhost:4000/alice/#me" \
+  -e USERS_ALICE_PASSWORD="alicepassword123" \
+  -e USERS_BOB_WEBID="http://localhost:4000/bob/#me" \
+  -e USERS_BOB_PASSWORD="bobpassword123" \
+  solidproject/conformance-test-harness:latest \
+  --filter="authentication"
+```
+
+**CTH Status (v0.0.15):**
+- Authentication tests: 6/6 passing
 
 ## Project Structure
 

package/bin/jss.js

@@ -62,7 +62,11 @@ program
       const protocol = config.ssl ? 'https' : 'http';
       const serverHost = config.host === '0.0.0.0' ? 'localhost' : config.host;
       const baseUrl = `${protocol}://${serverHost}:${config.port}`;
-      const idpIssuer = config.idpIssuer || baseUrl;
+      // Ensure issuer has trailing slash for CTH compatibility
+      let idpIssuer = config.idpIssuer || baseUrl;
+      if (idpIssuer && !idpIssuer.endsWith('/')) {
+        idpIssuer = idpIssuer + '/';
+      }
 
       // Create and start server
       const server = createServer({

package/cth-config/application.yaml

@@ -0,0 +1,2 @@
+subjects: file:/config/test-subjects.ttl
+target: jss

package/cth-config/jss.ttl

@@ -0,0 +1,6 @@
+@prefix test-harness: <https://github.com/solid-contrib/specification-tests/> .
+@prefix solid-test: <https://github.com/solid-contrib/specification-tests/blob/main/vocab.ttl#> .
+
+<jss>
+    a solid-test:TestSubject ;
+    solid-test:serverRoot <http://localhost:4000/> .

package/cth-config/test-subjects.ttl

@@ -0,0 +1,14 @@
+@prefix doap: <http://usefulinc.com/ns/doap#> .
+@prefix earl: <http://www.w3.org/ns/earl#> .
+@prefix solid-test: <https://github.com/solid-contrib/specification-tests/blob/main/vocab.ttl#> .
+@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+
+<jss>
+    a earl:Software, earl:TestSubject ;
+    doap:name "JavaScript Solid Server" ;
+    doap:description "A minimal, fast, JSON-LD native Solid server" ;
+    doap:programming-language "JavaScript" ;
+    solid-test:serverRoot <http://localhost:4000/> ;
+    solid-test:skip "acp" ;
+    rdfs:comment "Uses WAC for access control" .

package/cth.env

@@ -0,0 +1,19 @@
+# CTH Environment for JSS
+# Generated by test-cth-compat.js
+
+SOLID_IDENTITY_PROVIDER=http://localhost:3456
+RESOURCE_SERVER_ROOT=http://localhost:3456
+TEST_CONTAINER=alice/public/
+
+USERS_ALICE_WEBID=http://localhost:3456/alice/#me
+USERS_ALICE_USERNAME=alice@test.local
+USERS_ALICE_PASSWORD=alicepassword123
+
+USERS_BOB_WEBID=http://localhost:3456/bob/#me
+USERS_BOB_USERNAME=bob@test.local
+USERS_BOB_PASSWORD=bobpassword123
+
+LOGIN_ENDPOINT=http://localhost:3456/idp/credentials
+
+# For self-signed certs
+ALLOW_SELF_SIGNED_CERTS=true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.12",
+  "version": "0.0.15",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -19,6 +19,7 @@
     "start": "node bin/jss.js start",
     "dev": "node --watch bin/jss.js start",
     "test": "node --test --test-concurrency=1",
+    "test:cth": "node scripts/test-cth-compat.js",
     "benchmark": "node benchmark.js"
   },
   "dependencies": {