javascript-solid-server 0.0.126 → 0.0.128
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -338,7 +338,11 @@
|
|
|
338
338
|
"Bash(sed -i 's|// Settings folder|// settings folder|' src/handlers/container.js)",
|
|
339
339
|
"WebFetch(domain:www.x402.org)",
|
|
340
340
|
"Bash(jss start:*)",
|
|
341
|
-
"Read(//tmp/**)"
|
|
341
|
+
"Read(//tmp/**)",
|
|
342
|
+
"Bash(sed -i 's/\"currency\": \"sats\"/\"currency\": \"tbtc4\"/g' /home/melvin/articles/solid-402.html /home/melvin/articles/solid-pay.html /home/melvin/articles/solid-balance.html)",
|
|
343
|
+
"Bash(sed -i 's/\"currency\":\"sats\"/\"currency\":\"tbtc4\"/g' /home/melvin/articles/solid-402.html /home/melvin/articles/solid-pay.html /home/melvin/articles/solid-balance.html)",
|
|
344
|
+
"WebFetch(domain:lists.w3.org)",
|
|
345
|
+
"Bash(git:*)"
|
|
342
346
|
]
|
|
343
347
|
}
|
|
344
348
|
}
|
package/package.json
CHANGED
package/src/ap/routes/oauth.js
CHANGED
|
@@ -123,7 +123,7 @@ export function createAuthorizePostHandler () {
|
|
|
123
123
|
// Implicit grant (response_type=token) — return token directly in fragment (RFC 6749 §4.2.2)
|
|
124
124
|
// Used by remoteStorage clients
|
|
125
125
|
if (response_type === 'token') {
|
|
126
|
-
const accessToken = createToken(account.webId)
|
|
126
|
+
const accessToken = createToken(account.webId, 3600)
|
|
127
127
|
|
|
128
128
|
// Handle OOB — display token
|
|
129
129
|
if (redirect_uri === OOB_REDIRECT) {
|
|
@@ -208,7 +208,7 @@ export function createTokenHandler () {
|
|
|
208
208
|
}
|
|
209
209
|
|
|
210
210
|
// Generate Bearer token using existing token infrastructure
|
|
211
|
-
const accessToken = createToken(authCode.webId)
|
|
211
|
+
const accessToken = createToken(authCode.webId, 3600)
|
|
212
212
|
|
|
213
213
|
return reply.send({
|
|
214
214
|
access_token: accessToken,
|
package/src/auth/token.js
CHANGED
|
@@ -39,15 +39,17 @@ const SECRET = getSecret();
|
|
|
39
39
|
/**
|
|
40
40
|
* Create a simple token for a WebID
|
|
41
41
|
* @param {string} webId - The WebID to create token for
|
|
42
|
-
* @param {number} expiresIn - Expiration time in seconds (default
|
|
42
|
+
* @param {number} [expiresIn] - Expiration time in seconds (default: no expiry)
|
|
43
43
|
* @returns {string} Token string
|
|
44
44
|
*/
|
|
45
|
-
export function createToken(webId, expiresIn
|
|
45
|
+
export function createToken(webId, expiresIn) {
|
|
46
46
|
const payload = {
|
|
47
47
|
webId,
|
|
48
48
|
iat: Math.floor(Date.now() / 1000),
|
|
49
|
-
exp: Math.floor(Date.now() / 1000) + expiresIn
|
|
50
49
|
};
|
|
50
|
+
if (expiresIn !== undefined && expiresIn > 0) {
|
|
51
|
+
payload.exp = Math.floor(Date.now() / 1000) + expiresIn;
|
|
52
|
+
}
|
|
51
53
|
|
|
52
54
|
const data = Buffer.from(JSON.stringify(payload)).toString('base64url');
|
|
53
55
|
const signature = crypto
|
|
@@ -65,7 +67,7 @@ export function createToken(webId, expiresIn = 3600) {
|
|
|
65
67
|
* JWT tokens (3-part) require async verification via verifyTokenAsync().
|
|
66
68
|
*
|
|
67
69
|
* @param {string} token - The token to verify
|
|
68
|
-
* @returns {{webId: string, iat: number, exp
|
|
70
|
+
* @returns {{webId: string, iat: number, exp?: number} | null} Decoded payload or null
|
|
69
71
|
*/
|
|
70
72
|
export function verifyToken(token) {
|
|
71
73
|
if (!token || typeof token !== 'string') {
|
|
@@ -310,16 +310,18 @@ export async function handleCreatePod(request, reply) {
|
|
|
310
310
|
|
|
311
311
|
Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
|
|
312
312
|
|
|
313
|
-
// If IdP is enabled, create account
|
|
313
|
+
// If IdP is enabled, create account and return token + login URL
|
|
314
314
|
if (idpEnabled) {
|
|
315
315
|
try {
|
|
316
316
|
const { createAccount } = await import('../idp/accounts.js');
|
|
317
317
|
await createAccount({ username: name, email, password, webId, podName: name });
|
|
318
318
|
|
|
319
|
+
const token = createToken(webId);
|
|
319
320
|
return reply.code(201).send({
|
|
320
321
|
name,
|
|
321
322
|
webId,
|
|
322
323
|
podUri,
|
|
324
|
+
token,
|
|
323
325
|
idpIssuer: issuer,
|
|
324
326
|
loginUrl: `${baseUri}/idp/auth`,
|
|
325
327
|
});
|
package/src/wac/checker.js
CHANGED
|
@@ -181,9 +181,9 @@ async function checkAuthorizations(authorizations, targetUrl, agentWebId, requir
|
|
|
181
181
|
}
|
|
182
182
|
|
|
183
183
|
// Paid access: check balance and deduct
|
|
184
|
-
const balance = getBalance(ledger, agentWebId);
|
|
184
|
+
const balance = getBalance(ledger, agentWebId, currency);
|
|
185
185
|
if (cost > 0 && balance >= cost) {
|
|
186
|
-
debit(ledger, agentWebId, cost, currency
|
|
186
|
+
debit(ledger, agentWebId, cost, currency);
|
|
187
187
|
const { writeLedger } = await import('../webledger.js');
|
|
188
188
|
await writeLedger(ledger);
|
|
189
189
|
return { allowed: true, paid: cost };
|
package/test/idp.test.js
CHANGED
|
@@ -130,8 +130,14 @@ describe('Identity Provider', () => {
|
|
|
130
130
|
assert.ok(body.podUri.includes(`idpuser${uniqueId}`));
|
|
131
131
|
assert.ok(body.idpIssuer, 'should include IdP issuer');
|
|
132
132
|
assert.ok(body.loginUrl, 'should include login URL');
|
|
133
|
-
// Should
|
|
134
|
-
assert.ok(
|
|
133
|
+
// Should also return a token for curl-based workflows
|
|
134
|
+
assert.ok(body.token, 'should include token');
|
|
135
|
+
|
|
136
|
+
// Token should work for authenticated requests
|
|
137
|
+
const privateRes = await fetch(`${baseUrl}/${body.name}/private/`, {
|
|
138
|
+
headers: { 'Authorization': `Bearer ${body.token}` },
|
|
139
|
+
});
|
|
140
|
+
assert.strictEqual(privateRes.status, 200, 'token should authenticate to private folder');
|
|
135
141
|
});
|
|
136
142
|
|
|
137
143
|
it('should reject duplicate email', async () => {
|