javascript-solid-server 0.0.31 → 0.0.33

package/README.md

@@ -4,7 +4,7 @@ A minimal, fast, JSON-LD native Solid server.
 
 ## Features
 
-### Implemented (v0.0.23)
+### Implemented (v0.0.31)
 
 - **LDP CRUD Operations** - GET, PUT, POST, DELETE, HEAD
 - **N3 Patch** - Solid's native patch format for RDF updates
@@ -17,14 +17,14 @@ A minimal, fast, JSON-LD native Solid server.
 - **Multi-user Pods** - Path-based (`/alice/`) or subdomain-based (`alice.example.com`)
 - **Subdomain Mode** - XSS protection via origin isolation
 - **Mashlib Data Browser** - Optional SolidOS UI (CDN or local hosting)
-- **WebID Profiles** - JSON-LD structured data in HTML at pod root
+- **WebID Profiles** - HTML with JSON-LD data islands, rendered with mashlib-jss + solidos-lite
 - **Web Access Control (WAC)** - `.acl` file-based authorization
 - **Solid-OIDC Identity Provider** - Built-in IdP with DPoP, dynamic registration
 - **Solid-OIDC Resource Server** - Accept DPoP-bound access tokens from external IdPs
 - **NSS-style Registration** - Username/password auth compatible with Solid apps
 - **Nostr Authentication** - NIP-98 HTTP Auth with Schnorr signatures
 - **Simple Auth Tokens** - Built-in token authentication for development
-- **Content Negotiation** - Optional Turtle <-> JSON-LD conversion
+- **Content Negotiation** - Turtle <-> JSON-LD conversion, including HTML data islands
 - **CORS Support** - Full cross-origin resource sharing
 
 ### HTTP Methods
@@ -36,7 +36,7 @@ A minimal, fast, JSON-LD native Solid server.
 | PUT | Full - Create/update resources |
 | POST | Full - Create in containers |
 | DELETE | Full |
-| PATCH | N3 Patch format |
+| PATCH | N3 Patch + SPARQL Update |
 | OPTIONS | Full with CORS |
 
 ## Getting Started
@@ -285,7 +285,15 @@ npm install && npm run build
 3. Mashlib fetches the actual data via content negotiation
 4. Mashlib renders an interactive, editable view
 
-**Note:** Mashlib works best with `--conneg` enabled for Turtle support. Pod profiles (`/alice/`) continue to serve our JSON-LD-in-HTML format.
+**Note:** Mashlib works best with `--conneg` enabled for Turtle support.
+
+### Profile Pages
+
+Pod profiles (`/alice/`) use HTML with embedded JSON-LD data islands and are rendered using:
+- [mashlib-jss](https://github.com/JavaScriptSolidServer/mashlib-jss) - A fork of mashlib with `getPod()` fix for path-based pods
+- [solidos-lite](https://github.com/SolidOS/solidos-lite) - Parses JSON-LD data islands into the RDF store
+
+This allows profiles to work without server-side content negotiation while still providing full SolidOS editing capabilities.
 
 ### WebSocket Notifications
 

package/clock-updater.mjs

@@ -0,0 +1,58 @@
+/**
+ * Clock Updater - Updates the Solid clock every second using Nostr auth
+ * Usage: node clock-updater.mjs
+ */
+
+import { getPublicKey, finalizeEvent } from 'nostr-tools';
+import { getToken } from 'nostr-tools/nip98';
+
+// Nostr keypair (in production, load from env/file)
+const SK_HEX = '3f188544fb81bd324ead7be9697fd9503d18345e233a7b0182915b0b582ddd70';
+const sk = Uint8Array.from(Buffer.from(SK_HEX, 'hex'));
+const pk = getPublicKey(sk);
+
+const CLOCK_URL = 'https://solid.social/melvin/public/clock.json';
+
+async function updateClock() {
+  const now = Math.floor(Date.now() / 1000);
+  const isoDate = new Date(now * 1000).toISOString();
+
+  const clockData = {
+    '@context': { 'schema': 'http://schema.org/' },
+    '@id': '#clock',
+    '@type': 'schema:Clock',
+    'schema:dateModified': isoDate,
+    'schema:value': now
+  };
+
+  try {
+    const token = await getToken(CLOCK_URL, 'PUT', (e) => finalizeEvent(e, sk));
+
+    const res = await fetch(CLOCK_URL, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/ld+json',
+        'Authorization': 'Nostr ' + token
+      },
+      body: JSON.stringify(clockData)
+    });
+
+    const time = isoDate.split('T')[1].replace('Z', '');
+    if (res.ok) {
+      process.stdout.write(`\r${time} - Updated`);
+    } else {
+      console.log(`\n${time} - Error: ${res.status} ${res.statusText}`);
+    }
+  } catch (err) {
+    console.log(`\nError: ${err.message}`);
+  }
+}
+
+console.log('Clock Updater started');
+console.log('did:nostr:', 'did:nostr:' + pk);
+console.log('Target:', CLOCK_URL);
+console.log('Press Ctrl+C to stop\n');
+
+// Run immediately, then every second
+updateClock();
+setInterval(updateClock, 1000);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.31",
+  "version": "0.0.33",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -27,7 +27,7 @@
     "@fastify/websocket": "^8.3.1",
     "bcrypt": "^6.0.0",
     "commander": "^14.0.2",
-    "fastify": "^4.25.2",
+    "fastify": "^4.29.1",
     "fs-extra": "^11.2.0",
     "jose": "^6.1.3",
     "n3": "^1.26.0",

package/src/handlers/container.js

@@ -125,12 +125,11 @@ export async function handlePost(request, reply) {
  * Create pod directory structure (reusable for registration)
  * @param {string} name - Pod name (username)
  * @param {string} webId - User's WebID URI
- * @param {string} baseUrl - Base URL (without trailing slash)
+ * @param {string} podUri - Pod root URI (e.g., https://alice.example.com/ or https://example.com/alice/)
+ * @param {string} issuer - OIDC issuer URI
  */
-export async function createPodStructure(name, webId, baseUrl) {
+export async function createPodStructure(name, webId, podUri, issuer) {
   const podPath = `/${name}/`;
-  const podUri = `${baseUrl}/${name}/`;
-  const issuer = baseUrl + '/';
 
   // Create pod directory structure
   await storage.createContainer(podPath);
@@ -253,7 +252,7 @@ export async function handleCreatePod(request, reply) {
 
   try {
     // Use shared pod creation function
-    await createPodStructure(name, webId, baseUri);
+    await createPodStructure(name, webId, podUri, issuer);
   } catch (err) {
     console.error('Pod creation error:', err);
     // Cleanup on failure

package/src/handlers/resource.js

@@ -146,6 +146,42 @@ export async function handleGet(request, reply) {
       return reply.type('text/html').send(html);
     }
 
+    // Check if Turtle/N3 format is requested via content negotiation
+    const acceptHeader = request.headers.accept || '';
+    const wantsTurtle = connegEnabled && (
+      acceptHeader.includes('text/turtle') ||
+      acceptHeader.includes('text/n3') ||
+      acceptHeader.includes('application/n-triples')
+    );
+
+    if (wantsTurtle) {
+      // Convert container JSON-LD to Turtle
+      try {
+        const { content: turtleContent } = await fromJsonLd(
+          jsonLd,
+          'text/turtle',
+          resourceUrl,
+          true
+        );
+
+        const headers = getAllHeaders({
+          isContainer: true,
+          etag: stats.etag,
+          contentType: 'text/turtle',
+          origin,
+          resourceUrl,
+          connegEnabled
+        });
+        headers['Vary'] = 'Accept';
+
+        Object.entries(headers).forEach(([k, v]) => reply.header(k, v));
+        return reply.send(turtleContent);
+      } catch (err) {
+        // Fall through to JSON-LD if conversion fails
+        console.error('Failed to convert container to Turtle:', err.message);
+      }
+    }
+
     const headers = getAllHeaders({
       isContainer: true,
       etag: stats.etag,
@@ -196,7 +232,9 @@ export async function handleGet(request, reply) {
   if (connegEnabled) {
     const contentStr = content.toString();
     const acceptHeader = request.headers.accept || '';
-    const wantsTurtle = acceptHeader.includes('text/turtle') ||
+    // Serve Turtle if: URL ends with .ttl OR Accept header requests it
+    const wantsTurtle = urlPath.endsWith('.ttl') ||
+                        acceptHeader.includes('text/turtle') ||
                         acceptHeader.includes('text/n3') ||
                         acceptHeader.includes('application/n-triples');
 
@@ -233,7 +271,8 @@ export async function handleGet(request, reply) {
       // Plain JSON-LD file
       try {
         const jsonLd = JSON.parse(contentStr);
-        const targetType = selectContentType(acceptHeader, connegEnabled);
+        // Use Turtle if URL ends with .ttl, otherwise use Accept header preference
+        const targetType = wantsTurtle ? 'text/turtle' : selectContentType(acceptHeader, connegEnabled);
         const { content: outputContent, contentType: outputType } = await fromJsonLd(
           jsonLd,
           targetType,

package/src/idp/index.js

@@ -184,6 +184,8 @@ export async function idpPlugin(fastify, options) {
       claims_supported: ['sub', 'webid', 'name', 'email', 'email_verified'],
       code_challenge_methods_supported: ['S256'],
       dpop_signing_alg_values_supported: ['ES256', 'RS256'],
+      // RFC 9207 - OAuth 2.0 Authorization Server Issuer Identification
+      authorization_response_iss_parameter_supported: true,
       // Solid-OIDC specific
       solid_oidc_supported: 'https://solidproject.org/TR/solid-oidc',
     };

package/src/idp/interactions.js

@@ -355,9 +355,20 @@ export async function handleRegisterPost(request, reply, issuer) {
 
   try {
     // Build URLs - WebID follows standard Solid convention: /profile/card#me
+    const subdomainsEnabled = request.subdomainsEnabled;
+    const baseDomain = request.baseDomain;
     const baseUrl = issuer.endsWith('/') ? issuer.slice(0, -1) : issuer;
-    const podUri = `${baseUrl}/${username}/`;
-    const webId = `${podUri}profile/card#me`;
+
+    let podUri, webId;
+    if (subdomainsEnabled && baseDomain) {
+      // Subdomain mode: alice.example.com/profile/card#me
+      podUri = `${request.protocol}://${username}.${baseDomain}/`;
+      webId = `${podUri}profile/card#me`;
+    } else {
+      // Path mode: example.com/alice/profile/card#me
+      podUri = `${baseUrl}/${username}/`;
+      webId = `${podUri}profile/card#me`;
+    }
 
     // Check if pod already exists
     const podPath = `${username}/`;
@@ -367,7 +378,7 @@ export async function handleRegisterPost(request, reply, issuer) {
     }
 
     // Create pod structure
-    await createPodStructure(username, webId, baseUrl);
+    await createPodStructure(username, webId, podUri, issuer);
 
     // Create account
     await createAccount({

package/src/ldp/headers.js

@@ -90,7 +90,7 @@ export function getCorsHeaders(origin) {
   return {
     'Access-Control-Allow-Origin': origin || '*',
     'Access-Control-Allow-Methods': 'GET, HEAD, POST, PUT, DELETE, PATCH, OPTIONS',
-    'Access-Control-Allow-Headers': 'Accept, Authorization, Content-Type, If-Match, If-None-Match, Link, Slug, Origin',
+    'Access-Control-Allow-Headers': 'Accept, Authorization, Content-Type, DPoP, If-Match, If-None-Match, Link, Slug, Origin',
     'Access-Control-Expose-Headers': 'Accept-Patch, Accept-Post, Allow, Content-Type, ETag, Link, Location, Updates-Via, WAC-Allow',
     'Access-Control-Allow-Credentials': 'true',
     'Access-Control-Max-Age': '86400'