javascript-solid-server 0.0.3 → 0.0.5

package/test/helpers.js

@@ -11,6 +11,9 @@ const TEST_DATA_DIR = './data';
 let server = null;
 let baseUrl = null;
 
+// Store tokens for pods by name
+const podTokens = new Map();
+
 /**
  * Start a test server on a random available port
  * @returns {Promise<{server: object, baseUrl: string}>}
@@ -39,6 +42,8 @@ export async function stopTestServer() {
   }
   // Clean up test data
   await fs.emptyDir(TEST_DATA_DIR);
+  // Clear tokens
+  podTokens.clear();
 }
 
 /**
@@ -51,7 +56,7 @@ export function getBaseUrl() {
 /**
  * Create a pod for testing
  * @param {string} name - Pod name
- * @returns {Promise<{webId: string, podUri: string}>}
+ * @returns {Promise<{webId: string, podUri: string, token: string}>}
  */
 export async function createTestPod(name) {
   const res = await fetch(`${baseUrl}/.pods`, {
@@ -64,18 +69,47 @@ export async function createTestPod(name) {
     throw new Error(`Failed to create pod: ${res.status}`);
   }
 
-  return res.json();
+  const result = await res.json();
+
+  // Store the token for this pod
+  if (result.token) {
+    podTokens.set(name, result.token);
+  }
+
+  return result;
+}
+
+/**
+ * Get token for a pod
+ * @param {string} name - Pod name
+ * @returns {string|null}
+ */
+export function getPodToken(name) {
+  return podTokens.get(name) || null;
 }
 
 /**
  * Make a request to the test server
  * @param {string} path - URL path
- * @param {object} options - fetch options
+ * @param {object} options - fetch options (can include `auth: 'podname'` for authenticated requests)
  * @returns {Promise<Response>}
  */
 export async function request(urlPath, options = {}) {
   const url = urlPath.startsWith('http') ? urlPath : `${baseUrl}${urlPath}`;
-  return fetch(url, options);
+
+  // Handle authentication
+  const { auth, ...fetchOptions } = options;
+  if (auth) {
+    const token = podTokens.get(auth);
+    if (token) {
+      fetchOptions.headers = {
+        ...fetchOptions.headers,
+        'Authorization': `Bearer ${token}`
+      };
+    }
+  }
+
+  return fetch(url, fetchOptions);
 }
 
 /**

package/test/ldp.test.js

@@ -41,11 +41,12 @@ describe('LDP CRUD Operations', () => {
     });
 
     it('should return resource content', async () => {
-      // Create resource first
+      // Create resource first (authenticated)
       await request('/ldptest/public/test.json', {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ hello: 'world' })
+        body: JSON.stringify({ hello: 'world' }),
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/test.json');
@@ -58,7 +59,8 @@ describe('LDP CRUD Operations', () => {
     it('should return ETag header', async () => {
       await request('/ldptest/public/etag-test.txt', {
         method: 'PUT',
-        body: 'test content'
+        body: 'test content',
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/etag-test.txt');
@@ -72,7 +74,8 @@ describe('LDP CRUD Operations', () => {
     it('should return headers without body', async () => {
       await request('/ldptest/public/head-test.txt', {
         method: 'PUT',
-        body: 'test content'
+        body: 'test content',
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/head-test.txt', {
@@ -101,7 +104,8 @@ describe('LDP CRUD Operations', () => {
       const res = await request('/ldptest/public/new-resource.json', {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ created: true })
+        body: JSON.stringify({ created: true }),
+        auth: 'ldptest'
       });
 
       assertStatus(res, 201);
@@ -112,13 +116,15 @@ describe('LDP CRUD Operations', () => {
       // Create
       await request('/ldptest/public/update-me.txt', {
         method: 'PUT',
-        body: 'original'
+        body: 'original',
+        auth: 'ldptest'
       });
 
       // Update
       const res = await request('/ldptest/public/update-me.txt', {
         method: 'PUT',
-        body: 'updated'
+        body: 'updated',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 204);
@@ -132,7 +138,8 @@ describe('LDP CRUD Operations', () => {
     it('should create parent containers', async () => {
       const res = await request('/ldptest/public/nested/deep/file.txt', {
         method: 'PUT',
-        body: 'nested content'
+        body: 'nested content',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 201);
@@ -145,7 +152,8 @@ describe('LDP CRUD Operations', () => {
     it('should reject PUT to container path', async () => {
       const res = await request('/ldptest/public/invalid/', {
         method: 'PUT',
-        body: 'cannot put to container'
+        body: 'cannot put to container',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 409);
@@ -160,7 +168,8 @@ describe('LDP CRUD Operations', () => {
           'Content-Type': 'application/json',
           'Slug': 'posted-resource'
         },
-        body: JSON.stringify({ posted: true })
+        body: JSON.stringify({ posted: true }),
+        auth: 'ldptest'
       });
 
       assertStatus(res, 201);
@@ -179,7 +188,8 @@ describe('LDP CRUD Operations', () => {
           'Content-Type': 'text/plain',
           'Slug': 'my-custom-name.txt'
         },
-        body: 'slug test'
+        body: 'slug test',
+        auth: 'ldptest'
       });
 
       const location = res.headers.get('Location');
@@ -192,7 +202,8 @@ describe('LDP CRUD Operations', () => {
         headers: {
           'Slug': 'new-container',
           'Link': '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"'
-        }
+        },
+        auth: 'ldptest'
       });
 
       assertStatus(res, 201);
@@ -208,12 +219,14 @@ describe('LDP CRUD Operations', () => {
     it('should reject POST to non-container', async () => {
       await request('/ldptest/public/file-not-container.txt', {
         method: 'PUT',
-        body: 'just a file'
+        body: 'just a file',
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/file-not-container.txt', {
         method: 'POST',
-        body: 'trying to post'
+        body: 'trying to post',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 405);
@@ -224,11 +237,13 @@ describe('LDP CRUD Operations', () => {
     it('should delete resource', async () => {
       await request('/ldptest/public/to-delete.txt', {
         method: 'PUT',
-        body: 'delete me'
+        body: 'delete me',
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/to-delete.txt', {
-        method: 'DELETE'
+        method: 'DELETE',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 204);
@@ -240,7 +255,8 @@ describe('LDP CRUD Operations', () => {
 
     it('should return 404 for non-existent', async () => {
       const res = await request('/ldptest/public/never-existed.txt', {
-        method: 'DELETE'
+        method: 'DELETE',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 404);
@@ -253,11 +269,13 @@ describe('LDP CRUD Operations', () => {
         headers: {
           'Slug': 'container-to-delete',
           'Link': '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"'
-        }
+        },
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/container-to-delete/', {
-        method: 'DELETE'
+        method: 'DELETE',
+        auth: 'ldptest'
       });
 
       assertStatus(res, 204);
@@ -291,7 +309,8 @@ describe('LDP CRUD Operations', () => {
     it('should return Link type header for resource', async () => {
       await request('/ldptest/public/resource-link.txt', {
         method: 'PUT',
-        body: 'test'
+        body: 'test',
+        auth: 'ldptest'
       });
 
       const res = await request('/ldptest/public/resource-link.txt');
@@ -318,5 +337,27 @@ describe('LDP CRUD Operations', () => {
 
       assertHeader(res, 'Accept-Post');
     });
+
+    it('should return acl Link header for resource', async () => {
+      await request('/ldptest/public/acl-test.txt', {
+        method: 'PUT',
+        body: 'test',
+        auth: 'ldptest'
+      });
+
+      const res = await request('/ldptest/public/acl-test.txt');
+      const link = res.headers.get('Link');
+
+      assert.ok(link.includes('rel="acl"'), 'Should have acl link relation');
+      assert.ok(link.includes('acl-test.txt.acl'), 'ACL should be resource.acl');
+    });
+
+    it('should return acl Link header for container', async () => {
+      const res = await request('/ldptest/public/');
+      const link = res.headers.get('Link');
+
+      assert.ok(link.includes('rel="acl"'), 'Should have acl link relation');
+      assert.ok(link.includes('.acl'), 'Should link to .acl');
+    });
   });
 });

package/test/pod.test.js

@@ -8,6 +8,7 @@ import {
   startTestServer,
   stopTestServer,
   request,
+  createTestPod,
   assertStatus,
   assertHeader,
   assertHeaderContains
@@ -80,46 +81,38 @@ describe('Pod Lifecycle', () => {
 
   describe('Pod Structure', () => {
     it('should create standard folders', async () => {
-      await request('/.pods', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ name: 'carol' })
-      });
+      await createTestPod('carol');
 
-      // Check inbox exists
-      const inbox = await request('/carol/inbox/');
+      // Check inbox exists (needs auth - inbox only allows public append, not read)
+      const inbox = await request('/carol/inbox/', { auth: 'carol' });
       assertStatus(inbox, 200);
 
-      // Check public exists
+      // Check public exists (public read via root ACL default)
       const pub = await request('/carol/public/');
       assertStatus(pub, 200);
 
-      // Check private exists
-      const priv = await request('/carol/private/');
+      // Check private exists (needs auth)
+      const priv = await request('/carol/private/', { auth: 'carol' });
       assertStatus(priv, 200);
 
-      // Check settings exists
-      const settings = await request('/carol/settings/');
+      // Check settings exists (needs auth)
+      const settings = await request('/carol/settings/', { auth: 'carol' });
       assertStatus(settings, 200);
     });
 
     it('should create settings files', async () => {
-      await request('/.pods', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ name: 'dan' })
-      });
+      await createTestPod('dan');
 
-      // Check prefs
-      const prefs = await request('/dan/settings/prefs');
+      // Check prefs (needs auth - settings is private)
+      const prefs = await request('/dan/settings/prefs', { auth: 'dan' });
       assertStatus(prefs, 200);
 
-      // Check public type index
-      const pubIndex = await request('/dan/settings/publicTypeIndex');
+      // Check public type index (needs auth)
+      const pubIndex = await request('/dan/settings/publicTypeIndex', { auth: 'dan' });
       assertStatus(pubIndex, 200);
 
-      // Check private type index
-      const privIndex = await request('/dan/settings/privateTypeIndex');
+      // Check private type index (needs auth)
+      const privIndex = await request('/dan/settings/privateTypeIndex', { auth: 'dan' });
       assertStatus(privIndex, 200);
     });
   });

package/test/wac.test.js

@@ -0,0 +1,189 @@
+/**
+ * WAC (Web Access Control) tests
+ */
+
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import {
+  startTestServer,
+  stopTestServer,
+  request,
+  createTestPod,
+  assertStatus,
+  assertHeader,
+  getBaseUrl
+} from './helpers.js';
+import { parseAcl, AccessMode, generateOwnerAcl, serializeAcl } from '../src/wac/parser.js';
+import { checkAccess, getRequiredMode } from '../src/wac/checker.js';
+
+describe('WAC Parser', () => {
+  describe('parseAcl', () => {
+    it('should parse a simple ACL', () => {
+      const acl = {
+        '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },
+        '@graph': [{
+          '@id': '#owner',
+          '@type': 'acl:Authorization',
+          'acl:agent': { '@id': 'https://alice.example/#me' },
+          'acl:accessTo': { '@id': 'https://alice.example/resource' },
+          'acl:mode': [{ '@id': 'acl:Read' }, { '@id': 'acl:Write' }]
+        }]
+      };
+
+      const auths = parseAcl(JSON.stringify(acl), 'https://alice.example/.acl');
+
+      assert.strictEqual(auths.length, 1);
+      assert.ok(auths[0].agents.includes('https://alice.example/#me'));
+      assert.ok(auths[0].modes.includes(AccessMode.READ));
+      assert.ok(auths[0].modes.includes(AccessMode.WRITE));
+    });
+
+    it('should parse public access', () => {
+      const acl = {
+        '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#', 'foaf': 'http://xmlns.com/foaf/0.1/' },
+        '@graph': [{
+          '@id': '#public',
+          '@type': 'acl:Authorization',
+          'acl:agentClass': { '@id': 'foaf:Agent' },
+          'acl:accessTo': { '@id': 'https://alice.example/public/' },
+          'acl:mode': [{ '@id': 'acl:Read' }]
+        }]
+      };
+
+      const auths = parseAcl(JSON.stringify(acl), 'https://alice.example/public/.acl');
+
+      assert.strictEqual(auths.length, 1);
+      assert.ok(auths[0].agentClasses.includes('foaf:Agent'));
+      assert.ok(auths[0].modes.includes(AccessMode.READ));
+    });
+
+    it('should parse default authorizations for containers', () => {
+      const acl = {
+        '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },
+        '@graph': [{
+          '@id': '#default',
+          '@type': 'acl:Authorization',
+          'acl:agent': { '@id': 'https://alice.example/#me' },
+          'acl:default': { '@id': 'https://alice.example/folder/' },
+          'acl:mode': [{ '@id': 'acl:Read' }]
+        }]
+      };
+
+      const auths = parseAcl(JSON.stringify(acl), 'https://alice.example/folder/.acl');
+
+      assert.strictEqual(auths.length, 1);
+      assert.ok(auths[0].default.includes('https://alice.example/folder/'));
+    });
+
+    it('should handle invalid JSON gracefully', () => {
+      const auths = parseAcl('not valid json', 'https://example.com/.acl');
+      assert.strictEqual(auths.length, 0);
+    });
+  });
+
+  describe('generateOwnerAcl', () => {
+    it('should generate owner ACL with public read', () => {
+      const acl = generateOwnerAcl('https://alice.example/', 'https://alice.example/#me', true);
+
+      assert.ok(acl['@graph'].length >= 2);
+
+      // Find owner auth
+      const ownerAuth = acl['@graph'].find(a => a['@id'] === '#owner');
+      assert.ok(ownerAuth);
+      assert.strictEqual(ownerAuth['acl:agent']['@id'], 'https://alice.example/#me');
+
+      // Find public auth
+      const publicAuth = acl['@graph'].find(a => a['@id'] === '#public');
+      assert.ok(publicAuth);
+    });
+  });
+});
+
+describe('WAC Checker', () => {
+  describe('getRequiredMode', () => {
+    it('should return READ for GET', () => {
+      assert.strictEqual(getRequiredMode('GET'), AccessMode.READ);
+    });
+
+    it('should return READ for HEAD', () => {
+      assert.strictEqual(getRequiredMode('HEAD'), AccessMode.READ);
+    });
+
+    it('should return APPEND for POST', () => {
+      assert.strictEqual(getRequiredMode('POST'), AccessMode.APPEND);
+    });
+
+    it('should return WRITE for PUT', () => {
+      assert.strictEqual(getRequiredMode('PUT'), AccessMode.WRITE);
+    });
+
+    it('should return WRITE for DELETE', () => {
+      assert.strictEqual(getRequiredMode('DELETE'), AccessMode.WRITE);
+    });
+  });
+});
+
+describe('WAC Integration', () => {
+  let baseUrl;
+
+  before(async () => {
+    const result = await startTestServer();
+    baseUrl = result.baseUrl;
+    await createTestPod('wactest');
+  });
+
+  after(async () => {
+    await stopTestServer();
+  });
+
+  describe('ACL Files', () => {
+    it('should create root .acl on pod creation', async () => {
+      const res = await request('/wactest/.acl');
+
+      assertStatus(res, 200);
+      const content = await res.json();
+      assert.ok(content['@graph'], 'Should be JSON-LD');
+    });
+
+    it('should create private folder .acl', async () => {
+      const res = await request('/wactest/private/.acl');
+
+      assertStatus(res, 200);
+      const content = await res.json();
+      assert.ok(content['@graph']);
+
+      // Should only have owner, no public
+      const hasPublic = content['@graph'].some(a =>
+        a['acl:agentClass'] && a['acl:agentClass']['@id'] === 'foaf:Agent'
+      );
+      assert.ok(!hasPublic, 'Private folder should not have public access');
+    });
+
+    it('should create inbox .acl with public append', async () => {
+      const res = await request('/wactest/inbox/.acl');
+
+      assertStatus(res, 200);
+      const content = await res.json();
+
+      // Should have public append
+      const publicAuth = content['@graph'].find(a =>
+        a['acl:agentClass'] && a['acl:agentClass']['@id'] === 'foaf:Agent'
+      );
+      assert.ok(publicAuth, 'Inbox should have public access');
+
+      const modes = publicAuth['acl:mode'].map(m => m['@id']);
+      assert.ok(modes.includes('acl:Append'), 'Public should have Append');
+      assert.ok(!modes.includes('acl:Read'), 'Public should not have Read');
+    });
+  });
+
+  describe('WAC-Allow Header', () => {
+    it('should return WAC-Allow header for public container', async () => {
+      const res = await request('/wactest/public/');
+
+      assertHeader(res, 'WAC-Allow');
+      const wacAllow = res.headers.get('WAC-Allow');
+      assert.ok(wacAllow.includes('public='), 'Should have public permissions');
+    });
+  });
+});

package/benchmark-report-2025-03-31T14-25-24.234Z.json

@@ -1,44 +0,0 @@
-{
-  "timestamp": "2025-03-31T14:25:24.234Z",
-  "server": "http://nostr.social:3000",
-  "testDuration": 30000,
-  "averageResponseTimes": {
-    "register": 49.28774029878249,
-    "login": 49.07647125548627,
-    "read": 145.50252931779679,
-    "write": 143.20483738812226,
-    "delete": 145.5004399698014
-  },
-  "throughputResults": [
-    {
-      "concurrentUsers": 1,
-      "operations": 300,
-      "duration": 629.3636230230331,
-      "throughput": 476.67197312581374
-    },
-    {
-      "concurrentUsers": 5,
-      "operations": 1500,
-      "duration": 3072.7389999628067,
-      "throughput": 488.16381736885444
-    },
-    {
-      "concurrentUsers": 10,
-      "operations": 3000,
-      "duration": 6042.516402959824,
-      "throughput": 496.4818959416479
-    },
-    {
-      "concurrentUsers": 50,
-      "operations": 14000,
-      "duration": 30000,
-      "throughput": 466.6666666666667
-    },
-    {
-      "concurrentUsers": 100,
-      "operations": 13900,
-      "duration": 30000,
-      "throughput": 463.3333333333333
-    }
-  ]
-}