javascript-solid-server 0.0.86 → 0.0.88

package/.claude/settings.local.json

@@ -324,7 +324,8 @@
       "Bash(npm link)",
       "Bash(npm link:*)",
       "Bash(git push)",
-      "Bash(ulimit:*)"
+      "Bash(ulimit:*)",
+      "Bash(gh label:*)"
     ]
   }
 }

package/README.md

@@ -1,13 +1,18 @@
 # JavaScript Solid Server
 
+[![npm version](https://img.shields.io/npm/v/javascript-solid-server)](https://www.npmjs.com/package/javascript-solid-server)
+
 A minimal, fast, JSON-LD native Solid server.
 
 **[Documentation](https://javascriptsolidserver.github.io/docs/)** | **[GitHub](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer)**
 
 ## Features
 
-### Implemented (v0.0.79)
+### Implemented
 
+- **Live Reload** - Auto-refresh browser on file changes (`--live-reload`)
+- **Read-Only Mode** - Disable write operations for static hosting (`--read-only`)
+- **Public Mode** - Skip WAC for open read/write access (`--public`)
 - **Schnorr SSO** - Passwordless login via BIP-340 Schnorr signatures using NIP-07 browser extensions (Podkey, nos2x, Alby)
 - **Passkey Authentication** - WebAuthn/FIDO2 passwordless login with Touch ID, Face ID, or security keys
 - **HTTP Range Requests** - Partial content delivery for large files and media streaming
@@ -35,7 +40,7 @@ A minimal, fast, JSON-LD native Solid server.
 - **Content Negotiation** - Turtle <-> JSON-LD conversion, including HTML data islands
 - **CORS Support** - Full cross-origin resource sharing
 - **Git HTTP Backend** - Clone and push to containers via `git` protocol
-- **Nostr Relay** - Integrated NIP-01 relay on the same port (`wss://your.pod/relay`)
+- **Nostr Relay** - Integrated NIP-01/NIP-11/NIP-16 relay on the same port (`wss://your.pod/relay`)
 - **Invite-Only Registration** - CLI-managed invite codes for controlled signups
 - **Storage Quotas** - Per-user storage limits with CLI management
 - **Security** - Blocks access to dotfiles (`.git/`, `.env`, etc.) except Solid-specific ones
@@ -139,6 +144,9 @@ jss --help             # Show help
 | `--ap-display-name <name>` | ActivityPub display name | (username) |
 | `--ap-summary <text>` | ActivityPub bio/summary | - |
 | `--ap-nostr-pubkey <hex>` | Nostr pubkey for identity linking | - |
+| `--public` | Allow unauthenticated access (skip WAC) | false |
+| `--read-only` | Disable PUT/DELETE/PATCH methods | false |
+| `--live-reload` | Auto-refresh browser on file changes | false |
 | `-q, --quiet` | Suppress logs | false |
 
 ### Environment Variables
@@ -159,6 +167,10 @@ export JSS_WEBID_TLS=true
 export JSS_DEFAULT_QUOTA=100MB
 export JSS_ACTIVITYPUB=true
 export JSS_AP_USERNAME=alice
+export JSS_PUBLIC=true
+export JSS_READ_ONLY=true
+export JSS_LIVE_RELOAD=true
+export JSS_SOLIDOS_UI=true
 jss start
 ```
 
@@ -868,7 +880,7 @@ curl -X POST https://example.com/.pods \
 
 | Server | Size | Deps | Notes |
 |--------|------|------|-------|
-| [JSS](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer) | 432 KB | 10 | Minimal, JSON-LD native |
+| [JSS](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer) | ~14K LoC | 14 | Minimal, JSON-LD native |
 | [NSS](https://github.com/nodeSolidServer/node-solid-server) | 777 KB | 58 | Original Solid server |
 | [CSS](https://github.com/CommunitySolidServer/CommunitySolidServer) | 5.8 MB | 70 | Modular, configurable |
 | [Pivot](https://github.com/solid-contrib/pivot) | ~6 MB | 70+ | Built on CSS |
@@ -941,7 +953,7 @@ npm run benchmark
 npm test
 ```
 
-Currently passing: **223 tests** (including 27 conformance tests)
+Currently passing: **229 tests** (including 27 conformance tests)
 
 ### Conformance Test Harness (CTH)
 
@@ -988,12 +1000,12 @@ src/
 │   ├── filesystem.js     # File operations
 │   └── quota.js          # Storage quota management
 ├── auth/
-│   ├── middleware.js     # Auth hook
-│   ├── token.js          # Simple token auth
-│   ├── solid-oidc.js     # DPoP verification
-│   ├── nostr.js          # NIP-98 Nostr authentication
-│   ├── did-nostr.js      # did:nostr → WebID resolution
-│   └── webid-tls.js      # WebID-TLS client certificate auth
+│   ├── middleware.js      # Auth hook
+│   ├── token.js           # Simple token auth
+│   ├── solid-oidc.js      # DPoP verification
+│   ├── nostr.js           # NIP-98 Nostr authentication
+│   ├── did-nostr.js       # did:nostr → WebID resolution
+│   └── webid-tls.js       # WebID-TLS client certificate auth
 ├── wac/
 │   ├── parser.js         # ACL parsing
 │   └── checker.js        # Permission checking
@@ -1010,14 +1022,16 @@ src/
 │   ├── events.js         # Event emitter
 │   └── websocket.js      # solid-0.1 protocol
 ├── idp/
-│   ├── index.js          # Identity Provider plugin
-│   ├── provider.js       # oidc-provider config
-│   ├── adapter.js        # Filesystem adapter
-│   ├── accounts.js       # User account management
-│   ├── keys.js           # JWKS key management
-│   ├── interactions.js   # Login/consent handlers
-│   ├── views.js          # HTML templates
-│   └── invites.js        # Invite code management
+│   ├── index.js           # Identity Provider plugin
+│   ├── provider.js        # oidc-provider config
+│   ├── adapter.js         # Filesystem adapter
+│   ├── accounts.js        # User account management
+│   ├── credentials.js     # Credentials endpoint
+│   ├── keys.js            # JWKS key management
+│   ├── interactions.js    # Login/consent handlers
+│   ├── passkey.js         # WebAuthn/FIDO2 passkey support
+│   ├── views.js           # HTML templates
+│   └── invites.js         # Invite code management
 ├── ap/
 │   ├── index.js          # ActivityPub plugin
 │   ├── keys.js           # RSA keypair management
@@ -1030,23 +1044,31 @@ src/
 ├── rdf/
 │   ├── turtle.js         # Turtle <-> JSON-LD
 │   └── conneg.js         # Content negotiation
+├── mashlib/
+│   └── index.js           # Mashlib data browser plugin
 └── utils/
-    ├── url.js            # URL utilities
-    └── conditional.js    # If-Match/If-None-Match
+    ├── url.js             # URL utilities
+    ├── conditional.js     # If-Match/If-None-Match
+    └── ssrf.js            # SSRF protection
 ```
 
 ## Dependencies
 
-Minimal dependencies for a fast, secure server:
+14 direct dependencies for a fast, secure server:
 
 - **fastify** - High-performance HTTP server
+- **@fastify/middie** - Express/Connect middleware bridge (for IdP)
+- **@fastify/rate-limit** - Rate limiting for API endpoints
 - **@fastify/websocket** - WebSocket support for notifications
+- **@simplewebauthn/server** - Passkey/WebAuthn authentication
+- **bcryptjs** - Password hashing (pure JS, works on Termux/Android)
+- **commander** - CLI command parsing
 - **fs-extra** - Enhanced file operations
 - **jose** - JWT/JWK handling for Solid-OIDC
+- **microfed** - ActivityPub primitives (only when activitypub enabled)
 - **n3** - Turtle parsing (only used when conneg enabled)
+- **nostr-tools** - Nostr protocol and Schnorr signature verification
 - **oidc-provider** - OpenID Connect Identity Provider (only when IdP enabled)
-- **bcryptjs** - Password hashing (only when IdP enabled)
-- **microfed** - ActivityPub primitives (only when activitypub enabled)
 - **sql.js** - SQLite storage for federation data (WASM, cross-platform)
 
 ## License

package/bin/jss.js

@@ -80,6 +80,7 @@ program
   .option('--read-only', 'Disable PUT/DELETE/PATCH methods (read-only mode)')
   .option('--live-reload', 'Inject live reload script into HTML (auto-refresh on changes)')
   .option('-q, --quiet', 'Suppress log output')
+  .option('--log-level <level>', 'Log level: error, warn, info, debug (default: info)')
   .option('--print-config', 'Print configuration and exit')
   .action(async (options) => {
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.86",
+  "version": "0.0.88",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/auth/did-nostr.js

@@ -13,6 +13,28 @@ const DEFAULT_DID_RESOLVER = 'https://nostr.social/.well-known/did/nostr';
 // Cache for resolved DIDs (pubkey -> webId or null)
 const cache = new Map();
 const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
+const FAILURE_CACHE_TTL = 60 * 1000; // 1 minute for failed lookups
+
+// Rate-limit repeated error logs (key -> { count, lastLogged })
+const errorLogTracker = new Map();
+const ERROR_LOG_INTERVAL = 60_000;
+
+function rateLimitedError(key, message) {
+  const now = Date.now();
+  const entry = errorLogTracker.get(key);
+  if (entry && now - entry.lastLogged < ERROR_LOG_INTERVAL) {
+    entry.count++;
+    return;
+  }
+  // Clean up stale entries while we're here
+  for (const [k, v] of errorLogTracker) {
+    if (now - v.lastLogged > ERROR_LOG_INTERVAL) errorLogTracker.delete(k);
+  }
+  const suppressed = entry ? entry.count : 0;
+  const suffix = suppressed > 0 ? ` (${suppressed} similar suppressed)` : '';
+  console.error(`${message}${suffix}`);
+  errorLogTracker.set(key, { count: 0, lastLogged: now });
+}
 
 /**
  * Fetch with timeout
@@ -41,11 +63,15 @@ export async function resolveDidNostrToWebId(pubkey, resolverUrl = DEFAULT_DID_R
     return null;
   }
 
-  // Check cache
+  // Check cache (lazy eviction of expired entries)
   const cacheKey = pubkey.toLowerCase();
   const cached = cache.get(cacheKey);
-  if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
-    return cached.webId;
+  if (cached) {
+    const ttl = cached.failureTtl ? FAILURE_CACHE_TTL : CACHE_TTL;
+    if (Date.now() - cached.timestamp < ttl) {
+      return cached.webId;
+    }
+    cache.delete(cacheKey);
   }
 
   try {
@@ -93,8 +119,9 @@ export async function resolveDidNostrToWebId(pubkey, resolverUrl = DEFAULT_DID_R
     return null;
 
   } catch (err) {
-    // Network error or timeout - don't cache failures
-    console.error(`DID resolution error for ${pubkey}:`, err.message);
+    // Cache failures with short TTL to avoid hammering a down service
+    cache.set(cacheKey, { webId: null, timestamp: Date.now(), failureTtl: true });
+    rateLimitedError(`did:${pubkey.substring(0, 8)}`, `DID resolution error for ${pubkey}: ${err.message}`);
     return null;
   }
 }
@@ -148,7 +175,7 @@ async function verifyWebIdBacklink(webId, pubkey) {
     return false;
 
   } catch (err) {
-    console.error(`WebID backlink verification error for ${webId}:`, err.message);
+    rateLimitedError(`backlink:${webId}`, `WebID backlink verification error for ${webId}: ${err.message}`);
     return false;
   }
 }

package/src/config.js

@@ -85,6 +85,7 @@ export const defaults = {
   // Logging
   logger: true,
   quiet: false,
+  logLevel: 'info',
 
   // Paths
   configPath: './.jss',
@@ -103,6 +104,7 @@ const envMap = {
   JSS_CONNEG: 'conneg',
   JSS_NOTIFICATIONS: 'notifications',
   JSS_QUIET: 'quiet',
+  JSS_LOG_LEVEL: 'logLevel',
   JSS_CONFIG_PATH: 'configPath',
   JSS_IDP: 'idp',
   JSS_IDP_ISSUER: 'idpIssuer',
@@ -228,6 +230,18 @@ export async function loadConfig(cliOptions = {}, configFile = null) {
     config.logger = false;
   }
 
+  // Validate log level
+  const validLevels = ['fatal', 'error', 'warn', 'info', 'debug', 'trace'];
+  if (!validLevels.includes(config.logLevel)) {
+    console.warn(`Invalid log level '${config.logLevel}', falling back to 'info'. Valid levels: ${validLevels.join(', ')}`);
+    config.logLevel = 'info';
+  }
+
+  // Mashlib requires content negotiation for Turtle support
+  if (config.mashlib || config.mashlibCdn) {
+    config.conneg = true;
+  }
+
   // Validate SSL config
   if ((config.sslKey && !config.sslCert) || (!config.sslKey && config.sslCert)) {
     throw new Error('Both --ssl-key and --ssl-cert must be provided together');

package/src/server.js

@@ -89,8 +89,10 @@ export function createServer(options = {}) {
   }
 
   // Fastify options
+  const loggerEnabled = options.logger ?? true;
   const fastifyOptions = {
-    logger: options.logger ?? true,
+    logger: loggerEnabled ? { level: options.logLevel || 'info' } : false,
+    disableRequestLogging: true,
     trustProxy: true,
     // Handle raw body for non-JSON content
     bodyLimit: 10 * 1024 * 1024 // 10MB
@@ -169,6 +171,19 @@ export function createServer(options = {}) {
     }
   });
 
+  // Unified access log — one line per request
+  fastify.addHook('onResponse', async (request, reply) => {
+    if (!request.log.isLevelEnabled('info')) return;
+    request.log.info({
+      req: { method: request.method, url: request.url, remoteAddress: request.ip },
+      res: { statusCode: reply.statusCode },
+      responseTime: Math.round(reply.elapsedTime * 100) / 100,
+      userAgent: request.headers['user-agent'] || undefined,
+      referrer: request.headers.referer || undefined,
+      contentLength: reply.getHeader('content-length') || undefined,
+    }, `${request.method} ${request.url} ${reply.statusCode} ${Math.round(reply.elapsedTime)}ms`);
+  });
+
   // Register WebSocket notifications plugin if enabled (or live reload needs it)
   if (notificationsEnabled || liveReloadEnabled) {
     fastify.register(notificationsPlugin);

package/src/wac/parser.js

@@ -144,8 +144,9 @@ function parseAuthorization(node, aclUrl) {
   auth.default = parseUriArray(node['acl:default'] || node['default'])
     .map(uri => resolveUri(uri, baseUrl));
 
-  // Parse agents (WebIDs can be relative too)
-  auth.agents = parseUriArray(node['acl:agent'] || node['agent']);
+  // Parse agents (WebIDs can be relative too) - resolve against ACL URL
+  auth.agents = parseUriArray(node['acl:agent'] || node['agent'])
+    .map(uri => resolveUri(uri, aclUrl));
 
   // Parse agentClass
   auth.agentClasses = parseUriArray(node['acl:agentClass'] || node['agentClass']);

package/test/wac.test.js

@@ -187,6 +187,23 @@ describe('WAC Parser', () => {
         `Expected accessTo to include 'https://alice.example/other/', got: ${auths[0].accessTo}`);
     });
 
+    it('should resolve relative agent URIs against ACL URL', async () => {
+      const acl = {
+        '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },
+        '@id': '#owner',
+        '@type': 'acl:Authorization',
+        'acl:agent': { '@id': './#me' },
+        'acl:accessTo': { '@id': './' },
+        'acl:mode': [{ '@id': 'acl:Read' }]
+      };
+
+      const auths = await parseAcl(JSON.stringify(acl), 'https://alice.example/.acl');
+
+      assert.strictEqual(auths.length, 1);
+      assert.ok(auths[0].agents.includes('https://alice.example/#me'),
+        `Expected agents to include 'https://alice.example/#me', got: ${auths[0].agents}`);
+    });
+
     it('should keep absolute URLs unchanged', async () => {
       const acl = {
         '@context': { 'acl': 'http://www.w3.org/ns/auth/acl#' },

package/fonstr-data/index.html

@@ -1,120 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>fonstr - Your Nostr Relay</title>
-    <style>
-        * { margin: 0; padding: 0; box-sizing: border-box; }
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
-            background: linear-gradient(135deg, #6366f1 0%, #8b5cf6 100%);
-            color: white;
-            min-height: 100vh;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            padding: 2rem;
-        }
-        .container {
-            text-align: center;
-            max-width: 600px;
-        }
-        h1 {
-            font-size: 3rem;
-            margin-bottom: 0.5rem;
-        }
-        .emoji {
-            font-size: 4rem;
-            margin-bottom: 1rem;
-        }
-        p {
-            font-size: 1.25rem;
-            opacity: 0.95;
-            margin-bottom: 2rem;
-            line-height: 1.6;
-        }
-        .relay-info {
-            background: rgba(255, 255, 255, 0.2);
-            backdrop-filter: blur(10px);
-            border-radius: 1rem;
-            padding: 2rem;
-            margin: 2rem 0;
-        }
-        code {
-            background: rgba(255, 255, 255, 0.3);
-            padding: 0.5rem 1rem;
-            border-radius: 0.5rem;
-            font-size: 1.1rem;
-            display: inline-block;
-            margin: 0.5rem 0;
-            font-family: 'Monaco', 'Menlo', monospace;
-        }
-        .stats {
-            display: grid;
-            grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
-            gap: 1rem;
-            margin-top: 2rem;
-        }
-        .stat {
-            background: rgba(255, 255, 255, 0.15);
-            padding: 1rem;
-            border-radius: 0.5rem;
-        }
-        .stat-label {
-            font-size: 0.9rem;
-            opacity: 0.8;
-        }
-        .stat-value {
-            font-size: 1.5rem;
-            font-weight: 700;
-            margin-top: 0.25rem;
-        }
-        a {
-            color: white;
-            text-decoration: none;
-            border-bottom: 2px solid rgba(255, 255, 255, 0.5);
-            transition: border-color 0.2s;
-        }
-        a:hover {
-            border-color: white;
-        }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="emoji">⚡</div>
-        <h1>fonstr</h1>
-        <p>Your Nostr relay is running!</p>
-
-        <div class="relay-info">
-            <p style="font-size: 1rem; margin-bottom: 1rem; opacity: 0.9;">Connect to your relay:</p>
-            <code>ws://localhost:4444/relay</code>
-
-            <div class="stats">
-                <div class="stat">
-                    <div class="stat-label">Status</div>
-                    <div class="stat-value">✓ Online</div>
-                </div>
-                <div class="stat">
-                    <div class="stat-label">Protocol</div>
-                    <div class="stat-value">NIP-01</div>
-                </div>
-                <div class="stat">
-                    <div class="stat-label">Port</div>
-                    <div class="stat-value">4444</div>
-                </div>
-            </div>
-        </div>
-
-        <p style="font-size: 1rem;">
-            Add this relay to your favorite Nostr client and start using it!<br>
-            <a href="https://fonstr.com" target="_blank">Learn more about fonstr</a>
-        </p>
-
-        <p style="font-size: 0.9rem; opacity: 0.7; margin-top: 2rem;">
-            Replace this page by editing <code style="font-size: 0.8rem;">index.html</code> in your data directory
-        </p>
-    </div>
-</body>
-</html>