javascript-solid-server 0.0.144 → 0.0.146

package/.claude/settings.local.json

@@ -350,7 +350,8 @@
       "Bash(\\\\\"git config:*)",
       "Read(//usr/local/lib/node_modules/gitmark-test/**)",
       "WebFetch(domain:nip98.com)",
-      "WebFetch(domain:htmlpreview.github.io)"
+      "WebFetch(domain:htmlpreview.github.io)",
+      "WebFetch(domain:timbl.solidcommunity.net)"
     ]
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.144",
+  "version": "0.0.146",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/handlers/container.js

@@ -197,10 +197,14 @@ export async function createPodStructure(name, webId, podUri, issuer, defaultQuo
   const privateAcl = generatePrivateAcl(`${podUri}private/`, webId);
   await storage.write(`${podPath}private/.acl`, serializeAcl(privateAcl));
 
-  // settings folder: owner only
+  // settings folder: owner only (contains private preferences)
   const settingsAcl = generatePrivateAcl(`${podUri}settings/`, webId);
   await storage.write(`${podPath}settings/.acl`, serializeAcl(settingsAcl));
 
+  // publicTypeIndex: public read, overrides the private default inherited from /settings/
+  const publicTypeIndexAcl = generateOwnerAcl(`${podUri}settings/publicTypeIndex.jsonld`, webId, false);
+  await storage.write(`${podPath}settings/publicTypeIndex.jsonld.acl`, serializeAcl(publicTypeIndexAcl));
+
   // Inbox: owner full, public append
   const inboxAcl = generateInboxAcl(`${podUri}inbox/`, webId);
   await storage.write(`${podPath}inbox/.acl`, serializeAcl(inboxAcl));

package/src/server.js

@@ -622,6 +622,10 @@ export function createServer(options = {}) {
     const settingsAcl = generatePrivateAcl(`${podUri}settings/`, webId);
     await storage.write('/settings/.acl', serializeAcl(settingsAcl));
 
+    // publicTypeIndex: public read, overrides the private default inherited from /settings/
+    const publicTypeIndexAcl = generateOwnerAcl(`${podUri}settings/publicTypeIndex.jsonld`, webId, false);
+    await storage.write('/settings/publicTypeIndex.jsonld.acl', serializeAcl(publicTypeIndexAcl));
+
     const inboxAcl = generateInboxAcl(`${podUri}inbox/`, webId);
     await storage.write('/inbox/.acl', serializeAcl(inboxAcl));
 

package/src/utils/url.js

@@ -237,8 +237,21 @@ export function getContentType(filePath) {
     '.md': 'text/markdown',
     '.m3u': 'audio/mpegurl',
     '.m3u8': 'application/vnd.apple.mpegurl',
-    '.pls': 'audio/x-scpls'
+    '.pls': 'audio/x-scpls',
+    // Solid ACL/meta as extensions (e.g. publicTypeIndex.jsonld.acl)
+    '.acl': 'application/ld+json',
+    '.meta': 'application/ld+json'
   };
+
+  // Solid convention dotfiles (.acl, .meta) are RDF resources. path.extname
+  // returns '' for leading-dot names, so the map lookup above misses them;
+  // fall back to a basename check and tag them as JSON-LD — the format JSS
+  // writes them in via serializeAcl() / createPodStructure(). Content
+  // negotiation then handles Turtle-native clients (umai, Soukai-based apps,
+  // older Solid tooling) via handleGet's conneg branch.
+  const base = path.basename(filePath);
+  if (base === '.acl' || base === '.meta') return 'application/ld+json';
+
   return types[ext] || 'application/octet-stream';
 }
 

package/test/conneg.test.js

@@ -194,6 +194,73 @@ describe('Content Negotiation (conneg enabled)', () => {
         'Accept-Post should include text/turtle');
     });
   });
+
+  // Regression coverage for #294 — Solid convention dotfiles (.acl, .meta)
+  // were excluded from conneg because getContentType() returned
+  // application/octet-stream for them. Turtle-native clients (umai etc.)
+  // fetching <container>/.meta got JSON-LD back and errored on parse.
+  describe('Solid convention dotfiles (#294)', () => {
+    const metaData = {
+      '@context': { 'ldp': 'http://www.w3.org/ns/ldp#' },
+      '@id': '',
+      '@type': 'ldp:BasicContainer'
+    };
+
+    before(async () => {
+      // Write a JSON-LD .meta file (the format JSS writes internally).
+      await request('/connegtest/public/.meta', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/ld+json' },
+        body: JSON.stringify(metaData),
+        auth: 'connegtest'
+      });
+    });
+
+    it('serves .meta as JSON-LD by default', async () => {
+      const res = await request('/connegtest/public/.meta', { auth: 'connegtest' });
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Content-Type', 'application/ld+json');
+    });
+
+    it('serves .meta as Turtle when Accept: text/turtle (the umai case)', async () => {
+      const res = await request('/connegtest/public/.meta', {
+        headers: { 'Accept': 'text/turtle' },
+        auth: 'connegtest'
+      });
+      assertStatus(res, 200);
+      assertHeaderContains(res, 'Content-Type', 'text/turtle');
+      const turtle = await res.text();
+      // First byte after the `@prefix` block must parse as Turtle,
+      // not '{' (the bug signature umai hit).
+      assert.ok(!turtle.trimStart().startsWith('{'),
+        `response looks like JSON, not Turtle: ${turtle.slice(0, 60)}`);
+    });
+
+    it('accepts Turtle PUT to .meta and round-trips to JSON-LD', async () => {
+      const turtle = `
+        @prefix ldp: <http://www.w3.org/ns/ldp#>.
+        <> a ldp:BasicContainer.
+      `;
+      const putRes = await request('/connegtest/public/.meta', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'text/turtle' },
+        body: turtle,
+        auth: 'connegtest'
+      });
+      assert.ok(putRes.status < 300, `PUT turtle should succeed, got ${putRes.status}`);
+
+      // Default GET now serves the converted-and-stored JSON-LD.
+      const getRes = await request('/connegtest/public/.meta', {
+        headers: { 'Accept': 'application/ld+json' },
+        auth: 'connegtest'
+      });
+      assertStatus(getRes, 200);
+      assertHeaderContains(getRes, 'Content-Type', 'application/ld+json');
+      const body = await getRes.json();
+      assert.ok(body['@context'] || body['@graph'] || body['@type'] || body['@id'],
+        'round-tripped JSON-LD should have at least one @-keyword');
+    });
+  });
 });
 
 describe('Content Negotiation (conneg disabled - default)', () => {

package/test/idp.test.js

@@ -409,6 +409,55 @@ describe('Identity Provider - Single-user mode landing', () => {
   });
 });
 
+// Root-level pod (singleUserName: '/') — verifies createRootPodStructure wires
+// publicTypeIndex as public-read and privateTypeIndex as owner-only.
+// Regression coverage for #297.
+describe('Identity Provider - Root pod type index ACLs', () => {
+  let server;
+  let baseUrl;
+  const ROOT_POD_DATA_DIR = './test-data-idp-root-pod';
+
+  before(async () => {
+    await fs.remove(ROOT_POD_DATA_DIR);
+    await fs.ensureDir(ROOT_POD_DATA_DIR);
+
+    const port = await getAvailablePort();
+    baseUrl = `http://${TEST_HOST}:${port}`;
+
+    server = createServer({
+      logger: false,
+      root: ROOT_POD_DATA_DIR,
+      idp: true,
+      idpIssuer: baseUrl,
+      singleUser: true,
+      singleUserName: '/',
+      forceCloseConnections: true,
+    });
+
+    await server.listen({ port, host: TEST_HOST });
+  });
+
+  after(async () => {
+    await server.close();
+    await fs.remove(ROOT_POD_DATA_DIR);
+  });
+
+  it('publicTypeIndex is readable without auth', async () => {
+    const res = await fetch(`${baseUrl}/settings/publicTypeIndex.jsonld`);
+    assert.strictEqual(res.status, 200);
+  });
+
+  it('privateTypeIndex requires auth', async () => {
+    const res = await fetch(`${baseUrl}/settings/privateTypeIndex.jsonld`);
+    assert.strictEqual(res.status, 401);
+  });
+
+  it('prefs requires auth', async () => {
+    const res = await fetch(`${baseUrl}/settings/prefs.jsonld`);
+    assert.strictEqual(res.status, 401);
+  });
+});
+
 describe('Identity Provider - Accounts', () => {
   let server;
   let accountsUrl;

package/test/pod.test.js

@@ -115,5 +115,21 @@ describe('Pod Lifecycle', () => {
       const privIndex = await request('/dan/settings/privateTypeIndex.jsonld', { auth: 'dan' });
       assertStatus(privIndex, 200);
     });
+
+    it('should make publicTypeIndex publicly readable but keep privateTypeIndex private', async () => {
+      await createTestPod('elsa');
+
+      // publicTypeIndex: no auth required (per Solid Type Indexes spec)
+      const pubIndex = await request('/elsa/settings/publicTypeIndex.jsonld');
+      assertStatus(pubIndex, 200);
+
+      // privateTypeIndex: auth required
+      const privIndex = await request('/elsa/settings/privateTypeIndex.jsonld');
+      assertStatus(privIndex, 401);
+
+      // prefs: auth required (private by inheritance from /settings/)
+      const prefs = await request('/elsa/settings/prefs.jsonld');
+      assertStatus(prefs, 401);
+    });
   });
 });

package/test/url.test.js

@@ -7,7 +7,7 @@
 
 import { describe, it } from 'node:test';
 import assert from 'node:assert';
-import { getPodName } from '../src/utils/url.js';
+import { getPodName, getContentType } from '../src/utils/url.js';
 
 describe('getPodName', () => {
   describe('subdomain mode', () => {
@@ -73,3 +73,48 @@ describe('getPodName', () => {
     });
   });
 });
+
+// Regression coverage for #294 — .acl and .meta must be recognised as RDF
+// resources so content negotiation kicks in for Turtle-native clients.
+describe('getContentType', () => {
+  describe('extension-based mapping (existing)', () => {
+    it('maps .jsonld → application/ld+json', () => {
+      assert.strictEqual(getContentType('/x/card.jsonld'), 'application/ld+json');
+    });
+    it('maps .ttl → text/turtle', () => {
+      assert.strictEqual(getContentType('/x/card.ttl'), 'text/turtle');
+    });
+    it('falls back to application/octet-stream for unknown extensions', () => {
+      assert.strictEqual(getContentType('/x/file.xyz'), 'application/octet-stream');
+    });
+  });
+
+  describe('Solid convention dotfiles (#294)', () => {
+    it('treats .acl as application/ld+json (the format JSS writes it in)', () => {
+      assert.strictEqual(getContentType('/alice/public/.acl'), 'application/ld+json');
+      assert.strictEqual(getContentType('.acl'), 'application/ld+json');
+    });
+
+    it('treats .meta as application/ld+json', () => {
+      assert.strictEqual(getContentType('/alice/public/.meta'), 'application/ld+json');
+      assert.strictEqual(getContentType('.meta'), 'application/ld+json');
+    });
+
+    it('does not mistake non-dotfile paths containing .acl for ACL files', () => {
+      // A regular file that happens to have "acl" in its name/path stays
+      // classified by extension, not by coincidence.
+      assert.strictEqual(getContentType('/alice/notes/my-acl-plan.md'), 'text/markdown');
+    });
+  });
+
+  describe('.acl / .meta as extensions (#297)', () => {
+    it('treats *.acl (extension) as application/ld+json', () => {
+      assert.strictEqual(getContentType('/settings/publicTypeIndex.jsonld.acl'), 'application/ld+json');
+      assert.strictEqual(getContentType('/alice/private/secret.json.acl'), 'application/ld+json');
+    });
+
+    it('treats *.meta (extension) as application/ld+json', () => {
+      assert.strictEqual(getContentType('/alice/resource.meta'), 'application/ld+json');
+    });
+  });
+});