javascript-solid-server 0.0.143 → 0.0.145

package/bin/jss.js

@@ -13,6 +13,7 @@ import { Command } from 'commander';
 import { createServer } from '../src/server.js';
 import { loadConfig, saveConfig, printConfig, defaults } from '../src/config.js';
 import { createInvite, listInvites, revokeInvite } from '../src/idp/invites.js';
+import { findByUsername, updatePassword, deleteAccount } from '../src/idp/accounts.js';
 import { setQuotaLimit, getQuotaInfo, reconcileQuota, formatBytes } from '../src/storage/quota.js';
 import { parseSize } from '../src/config.js';
 import crypto from 'crypto';
@@ -637,32 +638,12 @@ program
         process.env.DATA_ROOT = path.resolve(options.root);
       }
 
-      // Load account by username
-      const dataRoot = process.env.DATA_ROOT || './data';
-      const accountsDir = path.join(dataRoot, '.idp', 'accounts');
-      const indexPath = path.join(accountsDir, '_username_index.json');
-
-      let usernameIndex;
-      try {
-        usernameIndex = await fs.readJson(indexPath);
-      } catch (err) {
-        if (err.code === 'ENOENT') {
-          console.error(`Error: No accounts found (missing ${indexPath})`);
-          process.exit(1);
-        }
-        throw err;
-      }
-
-      const normalizedUsername = username.toLowerCase().trim();
-      const accountId = usernameIndex[normalizedUsername];
-      if (!accountId) {
+      const account = await findByUsername(username);
+      if (!account) {
         console.error(`Error: User not found: ${username}`);
         process.exit(1);
       }
 
-      const accountPath = path.join(accountsDir, `${accountId}.json`);
-      const account = await fs.readJson(accountPath);
-
       // Determine new password
       let newPassword;
 
@@ -673,8 +654,8 @@ program
       } else {
         // Interactive prompt
         newPassword = await promptPassword('New password: ');
-        const confirm = await promptPassword('Confirm password: ');
-        if (newPassword !== confirm) {
+        const confirmation = await promptPassword('Confirm password: ');
+        if (newPassword !== confirmation) {
           console.error('Error: Passwords do not match');
           process.exit(1);
         }
@@ -685,17 +666,63 @@ program
         process.exit(1);
       }
 
-      // Hash and save
-      const bcrypt = await import('bcryptjs').then(m => m.default);
-      account.passwordHash = await bcrypt.hash(newPassword, 10);
-      account.passwordChangedAt = new Date().toISOString();
-      await fs.writeJson(accountPath, account, { spaces: 2 });
+      await updatePassword(account.id, newPassword);
 
       if (options.generate) {
-        console.log(`\nPassword updated for ${normalizedUsername}`);
+        console.log(`\nPassword updated for ${account.username}`);
         console.log(`Generated password: ${newPassword}\n`);
       } else {
-        console.log(`\nPassword updated for ${normalizedUsername}\n`);
+        console.log(`\nPassword updated for ${account.username}\n`);
+      }
+    } catch (err) {
+      console.error(`Error: ${err.message}`);
+      process.exit(1);
+    }
+  });
+
+/**
+ * Account commands - manage user accounts
+ */
+const accountCmd = program
+  .command('account')
+  .description('Manage user accounts');
+
+accountCmd
+  .command('delete <username>')
+  .description('Delete a user account from the IdP')
+  .option('-r, --root <path>',  'Data directory')
+  .option('-y, --yes',          'Skip the confirmation prompt')
+  .option('--purge',            'Also delete pod data at <dataRoot>/<username>/')
+  .action(async (username, options) => {
+    try {
+      if (options.root) {
+        process.env.DATA_ROOT = path.resolve(options.root);
+      }
+
+      const account = await findByUsername(username);
+      if (!account) {
+        console.error(`Error: User not found: ${username}`);
+        process.exit(1);
+      }
+
+      if (!options.yes) {
+        const summary = `Delete account '${account.username}' (${account.webId})${options.purge ? ' AND purge pod data' : ''}?`;
+        const ok = await confirm(summary, false);
+        if (!ok) {
+          console.log('Cancelled.');
+          process.exit(0);
+        }
+      }
+
+      await deleteAccount(account.id);
+
+      if (options.purge) {
+        const dataRoot = process.env.DATA_ROOT || './data';
+        const podPath = path.join(dataRoot, account.username);
+        await fs.remove(podPath);
+        console.log(`\nDeleted account ${account.username}. Pod data removed from ${podPath}.\n`);
+      } else {
+        console.log(`\nDeleted account ${account.username}. Pod data preserved at <dataRoot>/${account.username}/ (use --purge to remove).\n`);
       }
     } catch (err) {
       console.error(`Error: ${err.message}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.143",
+  "version": "0.0.145",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/utils/url.js

@@ -239,6 +239,16 @@ export function getContentType(filePath) {
     '.m3u8': 'application/vnd.apple.mpegurl',
     '.pls': 'audio/x-scpls'
   };
+
+  // Solid convention dotfiles (.acl, .meta) are RDF resources. path.extname
+  // returns '' for leading-dot names, so the map lookup above misses them;
+  // fall back to a basename check and tag them as JSON-LD — the format JSS
+  // writes them in via serializeAcl() / createPodStructure(). Content
+  // negotiation then handles Turtle-native clients (umai, Soukai-based apps,
+  // older Solid tooling) via handleGet's conneg branch.
+  const base = path.basename(filePath);
+  if (base === '.acl' || base === '.meta') return 'application/ld+json';
+
   return types[ext] || 'application/octet-stream';
 }
 

package/test/conneg.test.js

@@ -194,6 +194,73 @@ describe('Content Negotiation (conneg enabled)', () => {
         'Accept-Post should include text/turtle');
     });
   });
+
+  // Regression coverage for #294 — Solid convention dotfiles (.acl, .meta)
+  // were excluded from conneg because getContentType() returned
+  // application/octet-stream for them. Turtle-native clients (umai etc.)
+  // fetching <container>/.meta got JSON-LD back and errored on parse.
+  describe('Solid convention dotfiles (#294)', () => {
+    const metaData = {
+      '@context': { 'ldp': 'http://www.w3.org/ns/ldp#' },
+      '@id': '',
+      '@type': 'ldp:BasicContainer'
+    };
+
+    before(async () => {
+      // Write a JSON-LD .meta file (the format JSS writes internally).
+      await request('/connegtest/public/.meta', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/ld+json' },
+        body: JSON.stringify(metaData),
+        auth: 'connegtest'
+      });
+    });
+
+    it('serves .meta as JSON-LD by default', async () => {
+      const res = await request('/connegtest/public/.meta', { auth: 'connegtest' });
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Content-Type', 'application/ld+json');
+    });
+
+    it('serves .meta as Turtle when Accept: text/turtle (the umai case)', async () => {
+      const res = await request('/connegtest/public/.meta', {
+        headers: { 'Accept': 'text/turtle' },
+        auth: 'connegtest'
+      });
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Content-Type', 'text/turtle');
+      const turtle = await res.text();
+      // First byte after the `@prefix` block must parse as Turtle,
+      // not '{' (the bug signature umai hit).
+      assert.ok(!turtle.trimStart().startsWith('{'),
+        `response looks like JSON, not Turtle: ${turtle.slice(0, 60)}`);
+    });
+
+    it('accepts Turtle PUT to .meta and round-trips to JSON-LD', async () => {
+      const turtle = `
+        @prefix ldp: <http://www.w3.org/ns/ldp#>.
+        <> a ldp:BasicContainer.
+      `;
+      const putRes = await request('/connegtest/public/.meta', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: turtle,
+        auth: 'connegtest'
+      });
+      assert.ok(putRes.status < 300, `PUT turtle should succeed, got ${putRes.status}`);
+
+      // Default GET now serves the converted-and-stored JSON-LD.
+      const getRes = await request('/connegtest/public/.meta', {
+        headers: { 'Accept': 'application/ld+json' },
+        auth: 'connegtest'
+      });
+      assertStatus(getRes, 200);
+      assertHeaderContains(getRes, 'Content-Type', 'application/ld+json');
+      const body = await getRes.json();
+      assert.ok(body['@context'] || body['@graph'] || body['@type'] || body['@id'],
+        'round-tripped JSON-LD should have at least one @-keyword');
+    });
+  });
 });
 
 describe('Content Negotiation (conneg disabled - default)', () => {

package/test/url.test.js

@@ -7,7 +7,7 @@
 
 import { describe, it } from 'node:test';
 import assert from 'node:assert';
-import { getPodName } from '../src/utils/url.js';
+import { getPodName, getContentType } from '../src/utils/url.js';
 
 describe('getPodName', () => {
   describe('subdomain mode', () => {
@@ -73,3 +73,37 @@ describe('getPodName', () => {
     });
   });
 });
+
+// Regression coverage for #294 — .acl and .meta must be recognised as RDF
+// resources so content negotiation kicks in for Turtle-native clients.
+describe('getContentType', () => {
+  describe('extension-based mapping (existing)', () => {
+    it('maps .jsonld → application/ld+json', () => {
+      assert.strictEqual(getContentType('/x/card.jsonld'), 'application/ld+json');
+    });
+    it('maps .ttl → text/turtle', () => {
+      assert.strictEqual(getContentType('/x/card.ttl'), 'text/turtle');
+    });
+    it('falls back to application/octet-stream for unknown extensions', () => {
+      assert.strictEqual(getContentType('/x/file.xyz'), 'application/octet-stream');
+    });
+  });
+
+  describe('Solid convention dotfiles (#294)', () => {
+    it('treats .acl as application/ld+json (the format JSS writes it in)', () => {
+      assert.strictEqual(getContentType('/alice/public/.acl'), 'application/ld+json');
+      assert.strictEqual(getContentType('.acl'), 'application/ld+json');
+    });
+
+    it('treats .meta as application/ld+json', () => {
+      assert.strictEqual(getContentType('/alice/public/.meta'), 'application/ld+json');
+      assert.strictEqual(getContentType('.meta'), 'application/ld+json');
+    });
+
+    it('does not mistake non-dotfile paths containing .acl for ACL files', () => {
+      // A regular file that happens to have "acl" in its name/path stays
+      // classified by extension, not by coincidence.
+      assert.strictEqual(getContentType('/alice/notes/my-acl-plan.md'), 'text/markdown');
+    });
+  });
+});