javascript-solid-server 0.0.16 → 0.0.18

package/data/demo/public/.acl

@@ -0,0 +1,50 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:4000/demo/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:4000/demo/public/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:4000/demo/public/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ]
+    },
+    {
+      "@id": "#public",
+      "@type": "acl:Authorization",
+      "acl:agentClass": {
+        "@id": "foaf:Agent"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:4000/demo/public/"
+      },
+      "acl:default": {
+        "@id": "http://localhost:4000/demo/public/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        }
+      ]
+    }
+  ]
+}

package/data/demo/public/card.ttl

@@ -0,0 +1,8 @@
+@prefix foaf: <http://xmlns.com/foaf/0.1/> .
+@prefix solid: <http://www.w3.org/ns/solid/terms#> .
+@prefix schema: <http://schema.org/> .
+
+<#me> a foaf:Person ;
+    foaf:name "Demo User" ;
+    foaf:mbox <mailto:demo@example.com> ;
+    schema:knows <https://melvincarvalho.com/#me> .

package/data/demo/settings/.acl

@@ -0,0 +1,32 @@
+{
+  "@context": {
+    "acl": "http://www.w3.org/ns/auth/acl#",
+    "foaf": "http://xmlns.com/foaf/0.1/"
+  },
+  "@graph": [
+    {
+      "@id": "#owner",
+      "@type": "acl:Authorization",
+      "acl:agent": {
+        "@id": "http://localhost:4000/demo/#me"
+      },
+      "acl:accessTo": {
+        "@id": "http://localhost:4000/demo/settings/"
+      },
+      "acl:mode": [
+        {
+          "@id": "acl:Read"
+        },
+        {
+          "@id": "acl:Write"
+        },
+        {
+          "@id": "acl:Control"
+        }
+      ],
+      "acl:default": {
+        "@id": "http://localhost:4000/demo/settings/"
+      }
+    }
+  ]
+}

package/data/demo/settings/prefs

@@ -0,0 +1,17 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#",
+    "pim": "http://www.w3.org/ns/pim/space#",
+    "publicTypeIndex": {
+      "@id": "solid:publicTypeIndex",
+      "@type": "@id"
+    },
+    "privateTypeIndex": {
+      "@id": "solid:privateTypeIndex",
+      "@type": "@id"
+    }
+  },
+  "@id": "http://localhost:4000/demo/settings/prefs",
+  "publicTypeIndex": "http://localhost:4000/demo/settings/publicTypeIndex",
+  "privateTypeIndex": "http://localhost:4000/demo/settings/privateTypeIndex"
+}

package/data/demo/settings/privateTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:4000/demo/settings/privateTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/data/demo/settings/publicTypeIndex

@@ -0,0 +1,7 @@
+{
+  "@context": {
+    "solid": "http://www.w3.org/ns/solid/terms#"
+  },
+  "@id": "http://localhost:4000/demo/settings/publicTypeIndex",
+  "@type": "solid:TypeIndex"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.16",
+  "version": "0.0.18",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -42,7 +42,7 @@
     "linked-data",
     "decentralized"
   ],
-  "license": "MIT",
+  "license": "AGPL-3.0-only",
   "devDependencies": {
     "autocannon": "^8.0.0"
   }

package/src/config.js

@@ -37,6 +37,10 @@ export const defaults = {
   subdomains: false,
   baseDomain: null,
 
+  // Mashlib data browser
+  mashlib: false,
+  mashlibVersion: '2.0.0',
+
   // Logging
   logger: true,
   quiet: false,
@@ -63,6 +67,8 @@ const envMap = {
   JSS_IDP_ISSUER: 'idpIssuer',
   JSS_SUBDOMAINS: 'subdomains',
   JSS_BASE_DOMAIN: 'baseDomain',
+  JSS_MASHLIB: 'mashlib',
+  JSS_MASHLIB_VERSION: 'mashlibVersion',
 };
 
 /**
@@ -195,5 +201,6 @@ export function printConfig(config) {
   console.log(`  Notifications: ${config.notifications}`);
   console.log(`  IdP:           ${config.idp ? (config.idpIssuer || 'enabled') : 'disabled'}`);
   console.log(`  Subdomains:    ${config.subdomains ? (config.baseDomain || 'enabled') : 'disabled'}`);
+  console.log(`  Mashlib:       ${config.mashlib ? `v${config.mashlibVersion}` : 'disabled'}`);
   console.log('─'.repeat(40));
 }

package/src/handlers/resource.js

@@ -14,6 +14,7 @@ import {
 } from '../rdf/conneg.js';
 import { emitChange } from '../notifications/events.js';
 import { checkIfMatch, checkIfNoneMatchForGet, checkIfNoneMatchForWrite } from '../utils/conditional.js';
+import { generateDatabrowserHtml, shouldServeMashlib } from '../mashlib/index.js';
 
 /**
  * Get the storage path and resource URL for a request
@@ -134,14 +135,32 @@ export async function handleGet(request, reply) {
   }
 
   // Handle resource
+  const storedContentType = getContentType(storagePath);
+  const connegEnabled = request.connegEnabled || false;
+
+  // Check if we should serve Mashlib data browser
+  // Only for RDF resources when Accept: text/html is requested
+  if (shouldServeMashlib(request, request.mashlibEnabled, storedContentType)) {
+    const html = generateDatabrowserHtml(resourceUrl, request.mashlibVersion);
+    const headers = getAllHeaders({
+      isContainer: false,
+      etag: stats.etag,
+      contentType: 'text/html',
+      origin,
+      resourceUrl,
+      connegEnabled
+    });
+    headers['Vary'] = 'Accept';
+
+    Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
+    return reply.type('text/html').send(html);
+  }
+
   const content = await storage.read(storagePath);
   if (content === null) {
     return reply.code(500).send({ error: 'Read error' });
   }
 
-  const storedContentType = getContentType(storagePath);
-  const connegEnabled = request.connegEnabled || false;
-
   // Content negotiation for RDF resources
   if (connegEnabled && isRdfContentType(storedContentType)) {
     try {

package/src/idp/interactions.js

@@ -118,20 +118,22 @@ export async function handleLogin(request, reply, provider) {
 
     request.log.info({ accountId: account.id, uid }, 'Login successful');
 
-    // For CTH compatibility, we need to return a response that CTH can handle.
-    // CTH expects either:
-    // 1. A redirect it can follow (but Java HttpClient follows to final destination which fails)
-    // 2. A 200 response with "location" in body (CSS v3+ style)
-    //
-    // We use interactionResult to get the redirect URL, then save it and return JSON
-
-    // Save the login result to the interaction for programmatic clients
-    // This allows the auth endpoint to continue the flow when resumed
+    // Detect if this is a browser (wants HTML/redirect) or programmatic client (wants JSON)
+    const acceptHeader = request.headers.accept || '';
+    const wantsBrowserRedirect = acceptHeader.includes('text/html') && !acceptHeader.includes('application/json');
+
+    // Save the login result to the interaction
     interaction.result = result;
     await interaction.save(interaction.exp - Math.floor(Date.now() / 1000));
 
-    // For CTH and programmatic clients: use interactionFinished with hijacked response
-    // to properly complete the interaction while returning JSON
+    // For browsers (mashlib, etc): do a proper HTTP redirect
+    if (wantsBrowserRedirect) {
+      reply.hijack();
+      return provider.interactionFinished(request.raw, reply.raw, result, { mergeWithLastSubmission: false });
+    }
+
+    // For CTH and programmatic clients: return JSON with location
+    // CTH expects a 200 response with "location" in body (CSS v3+ style)
     try {
       reply.hijack();
 
@@ -188,7 +190,6 @@ export async function handleLogin(request, reply, provider) {
       request.log.warn({ err: err.message, errName: err.name, uid }, 'interactionFinished failed, using fallback');
 
       // Fallback: return the redirect URL for manual following
-      // The interaction result is already saved above
       const redirectTo = `/idp/auth/${uid}`;
       return reply
         .code(200)

package/src/mashlib/index.js

@@ -0,0 +1,98 @@
+/**
+ * Mashlib Data Browser Integration
+ *
+ * Generates HTML wrapper that loads SolidOS Mashlib from CDN.
+ * When a browser requests an RDF resource with Accept: text/html,
+ * we return this wrapper which then fetches and renders the data.
+ */
+
+const CDN_BASE = 'https://unpkg.com/mashlib';
+
+/**
+ * Generate Mashlib databrowser HTML
+ * @param {string} resourceUrl - The URL of the resource being viewed
+ * @param {string} version - Mashlib version (default: '2.0.0')
+ * @returns {string} HTML content
+ */
+export function generateDatabrowserHtml(resourceUrl, version = '2.0.0') {
+  const cdnUrl = `${CDN_BASE}@${version}/dist`;
+
+  return `<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>SolidOS - ${escapeHtml(resourceUrl)}</title>
+  <script defer src="${cdnUrl}/mashlib.min.js"></script>
+  <link href="${cdnUrl}/mash.css" rel="stylesheet">
+  <script>
+    document.addEventListener('DOMContentLoaded', function() {
+      // runDataBrowser uses window.location to determine what to fetch
+      panes.runDataBrowser();
+    });
+  </script>
+  <style>
+    /* Loading indicator */
+    body:not(.loaded) #PageBody::before {
+      content: 'Loading SolidOS...';
+      display: block;
+      padding: 2em;
+      text-align: center;
+      color: #666;
+    }
+  </style>
+</head>
+<body id="PageBody">
+  <header id="PageHeader"></header>
+  <div class="TabulatorOutline" id="DummyUUID" role="main">
+    <table id="outline"></table>
+    <div id="GlobalDashboard"></div>
+  </div>
+  <footer id="PageFooter"></footer>
+</body>
+</html>`;
+}
+
+/**
+ * Check if request wants HTML and mashlib should handle it
+ * @param {object} request - Fastify request
+ * @param {boolean} mashlibEnabled - Whether mashlib is enabled
+ * @param {string} contentType - Content type of the resource
+ * @returns {boolean}
+ */
+export function shouldServeMashlib(request, mashlibEnabled, contentType) {
+  if (!mashlibEnabled) {
+    return false;
+  }
+
+  const accept = request.headers.accept || '';
+
+  // Must explicitly accept HTML
+  if (!accept.includes('text/html')) {
+    return false;
+  }
+
+  // Only serve mashlib for RDF content types
+  const rdfTypes = [
+    'text/turtle',
+    'application/ld+json',
+    'application/json',
+    'text/n3',
+    'application/n-triples',
+    'application/rdf+xml'
+  ];
+
+  const baseType = contentType.split(';')[0].trim().toLowerCase();
+  return rdfTypes.includes(baseType);
+}
+
+/**
+ * Escape HTML special characters
+ */
+function escapeHtml(str) {
+  return str
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;');
+}

package/src/server.js

@@ -30,6 +30,9 @@ export function createServer(options = {}) {
   // Subdomain mode is OFF by default - use path-based pods
   const subdomainsEnabled = options.subdomains ?? false;
   const baseDomain = options.baseDomain || null;
+  // Mashlib data browser is OFF by default
+  const mashlibEnabled = options.mashlib ?? false;
+  const mashlibVersion = options.mashlibVersion ?? '2.0.0';
 
   // Set data root via environment variable if provided
   if (options.root) {
@@ -66,12 +69,16 @@ export function createServer(options = {}) {
   fastify.decorateRequest('subdomainsEnabled', null);
   fastify.decorateRequest('baseDomain', null);
   fastify.decorateRequest('podName', null);
+  fastify.decorateRequest('mashlibEnabled', null);
+  fastify.decorateRequest('mashlibVersion', null);
   fastify.addHook('onRequest', async (request) => {
     request.connegEnabled = connegEnabled;
     request.notificationsEnabled = notificationsEnabled;
     request.idpEnabled = idpEnabled;
     request.subdomainsEnabled = subdomainsEnabled;
     request.baseDomain = baseDomain;
+    request.mashlibEnabled = mashlibEnabled;
+    request.mashlibVersion = mashlibVersion;
 
     // Extract pod name from subdomain if enabled
     if (subdomainsEnabled && baseDomain) {

package/src/utils/url.js

@@ -120,7 +120,13 @@ export function getContentType(filePath) {
     '.jpeg': 'image/jpeg',
     '.gif': 'image/gif',
     '.svg': 'image/svg+xml',
-    '.pdf': 'application/pdf'
+    '.pdf': 'application/pdf',
+    '.ttl': 'text/turtle',
+    '.n3': 'text/n3',
+    '.nt': 'application/n-triples',
+    '.rdf': 'application/rdf+xml',
+    '.nq': 'application/n-quads',
+    '.trig': 'application/trig'
   };
   return types[ext] || 'application/octet-stream';
 }
@@ -131,5 +137,15 @@ export function getContentType(filePath) {
  * @returns {boolean}
  */
 export function isRdfContentType(contentType) {
-  return contentType === 'application/ld+json' || contentType === 'application/json';
+  const rdfTypes = [
+    'application/ld+json',
+    'application/json',
+    'text/turtle',
+    'text/n3',
+    'application/n-triples',
+    'application/rdf+xml',
+    'application/n-quads',
+    'application/trig'
+  ];
+  return rdfTypes.includes(contentType);
 }

package/test-data-idp-accounts/.idp/accounts/_email_index.json

@@ -1,3 +1,3 @@
 {
-  "credtest@example.com": "3c1cd503-1d7f-4ba0-a3af-ebedf519594d"
+  "credtest@example.com": "b49949d9-6d61-45a1-bcee-07295aa07579"
 }

package/test-data-idp-accounts/.idp/accounts/_webid_index.json

@@ -1,3 +1,3 @@
 {
-  "http://localhost:3101/credtest/#me": "3c1cd503-1d7f-4ba0-a3af-ebedf519594d"
+  "http://localhost:3101/credtest/#me": "b49949d9-6d61-45a1-bcee-07295aa07579"
 }

package/test-data-idp-accounts/.idp/accounts/b49949d9-6d61-45a1-bcee-07295aa07579.json

@@ -0,0 +1,9 @@
+{
+  "id": "b49949d9-6d61-45a1-bcee-07295aa07579",
+  "email": "credtest@example.com",
+  "passwordHash": "$2b$10$mVzAvASfYaz/wtb7ENo.D..AKd5CWHnOqAeL3RRPGfH20AbZG.ZEm",
+  "webId": "http://localhost:3101/credtest/#me",
+  "podName": "credtest",
+  "createdAt": "2025-12-27T13:40:23.165Z",
+  "lastLogin": "2025-12-27T13:40:23.500Z"
+}

package/test-data-idp-accounts/.idp/keys/jwks.json

@@ -3,20 +3,20 @@
     "keys": [
       {
         "kty": "EC",
-        "x": "NzQ-skj7cwbmI4Q_-vlQzoPYoQLWq_u34ln95VMcpnU",
-        "y": "H6gMaardV77boCWD4OTix1DsxdY-clIBw7I5xvvDDe8",
+        "x": "LAyVHoAoNTkPv1-7GonFPGYWWh2Oo8W1bxWFGdX8fW8",
+        "y": "bntHv0EpOcvKrzlGujXkBID_7iHmp9wFte4heIrzf3Y",
         "crv": "P-256",
-        "d": "WrlpdJo_JidHFldBjU4Q6Wv_ULhAk1j-DTU6YlHxDAQ",
-        "kid": "4e655460-7c94-479c-9ed8-923aa8bfd77f",
+        "d": "V6umt-paD0-Uk9SA-0NYZHZSOz0h9OZppYwopeZXedo",
+        "kid": "1c8e0740-f688-4a68-8231-8d2388dcd810",
         "use": "sig",
         "alg": "ES256",
-        "iat": 1766839680
+        "iat": 1766842823
       }
     ]
   },
   "cookieKeys": [
-    "CQXN03oU_rUqugGhwZgoiI7eZMgKJaPE_kyrT9lmTu4",
-    "jsJGLtKzYy-RJPZaAMZDpUcfY4-EtdqNOFS-Uiowk9w"
+    "pq7a_Nu9u72ZeHdklGCnSocY9z4nyAkk0ZuUBU8YH7U",
+    "RzXV-DugE1lvl331HZ5Fo04A5UY2GLJn4MjAqcAZ8Ts"
   ],
-  "createdAt": "2025-12-27T12:48:00.136Z"
+  "createdAt": "2025-12-27T13:40:23.081Z"
 }

package/test-data-idp-accounts/.idp/accounts/3c1cd503-1d7f-4ba0-a3af-ebedf519594d.json

@@ -1,9 +0,0 @@
-{
-  "id": "3c1cd503-1d7f-4ba0-a3af-ebedf519594d",
-  "email": "credtest@example.com",
-  "passwordHash": "$2b$10$h3cRwsgAo/4wEOyip6ckyOf6J.reHOzJzyZrM.LDfQdIWa3e/MkAu",
-  "webId": "http://localhost:3101/credtest/#me",
-  "podName": "credtest",
-  "createdAt": "2025-12-27T12:48:00.226Z",
-  "lastLogin": "2025-12-27T12:48:00.567Z"
-}