solid-server 5.6.9-beta

package/lib/models/user-account.js

@@ -0,0 +1,112 @@
+'use strict'
+/* eslint-disable node/no-deprecated-api */
+
+const url = require('url')
+
+/**
+ * Represents a Solid user account (created as a result of Signup, etc).
+ */
+class UserAccount {
+  /**
+   * @constructor
+   * @param [options={}] {Object}
+   * @param [options.username] {string}
+   * @param [options.webId] {string}
+   * @param [options.name] {string}
+   * @param [options.email] {string}
+   * @param [options.externalWebId] {string}
+   * @param [options.localAccountId] {string}
+   */
+  constructor (options = {}) {
+    this.username = options.username
+    this.webId = options.webId
+    this.name = options.name
+    this.email = options.email
+    this.externalWebId = options.externalWebId
+    this.localAccountId = options.localAccountId
+  }
+
+  /**
+   * Factory method, returns an instance of `UserAccount`.
+   *
+   * @param [options={}] {Object} See `contructor()` docstring.
+   *
+   * @return {UserAccount}
+   */
+  static from (options = {}) {
+    return new UserAccount(options)
+  }
+
+  /**
+   * Returns the display name for the account.
+   *
+   * @return {string}
+   */
+  get displayName () {
+    return this.name || this.username || this.email || 'Solid account'
+  }
+
+  /**
+   * Returns the id key for the user account (for use with the user store, for
+   * example), consisting of the WebID URI minus the protocol and slashes.
+   * Usage:
+   *
+   *   ```
+   *   userAccount.webId = 'https://alice.example.com/profile/card#me'
+   *   userAccount.id  // -> 'alice.example.com/profile/card#me'
+   *   ```
+   *
+   * @return {string}
+   */
+  get id () {
+    if (!this.webId) { return null }
+
+    const parsed = url.parse(this.webId)
+    let id = parsed.host + parsed.pathname
+    if (parsed.hash) {
+      id += parsed.hash
+    }
+    return id
+  }
+
+  get accountUri () {
+    if (!this.webId) { return null }
+
+    const parsed = url.parse(this.webId)
+
+    return parsed.protocol + '//' + parsed.host
+  }
+
+  /**
+   * Returns the Uri to the account's Pod
+   *
+   * @return {string}
+   */
+  get podUri () {
+    const webIdUrl = url.parse(this.webId)
+    const podUrl = `${webIdUrl.protocol}//${webIdUrl.host}`
+    return url.format(podUrl)
+  }
+
+  /**
+   * Returns the URI of the WebID Profile for this account.
+   * Usage:
+   *
+   *   ```
+   *   // userAccount.webId === 'https://alice.example.com/profile/card#me'
+   *
+   *   userAccount.profileUri  // -> 'https://alice.example.com/profile/card'
+   *   ```
+   *
+   * @return {string|null}
+   */
+  get profileUri () {
+    if (!this.webId) { return null }
+
+    const parsed = url.parse(this.webId)
+    // Note that the hash fragment gets dropped
+    return parsed.protocol + '//' + parsed.host + parsed.pathname
+  }
+}
+
+module.exports = UserAccount

package/lib/models/webid-tls-certificate.js

@@ -0,0 +1,184 @@
+'use strict'
+/* eslint-disable node/no-deprecated-api */
+
+const webidTls = require('../webid')('tls')
+const forge = require('node-forge')
+const utils = require('../utils')
+
+/**
+ * Models a WebID-TLS crypto certificate, as generated at signup from a browser's
+ * `<keygen>` element.
+ *
+ * @class WebIdTlsCertificate
+ */
+class WebIdTlsCertificate {
+  /**
+   * @param [options={}] {Object}
+   * @param [options.spkac] {Buffer<string>}
+   * @param [options.date] {Date}
+   * @param [options.webId] {string}
+   * @param [options.commonName] {string} Certificate name
+   * @param [options.issuerName] {string}
+   */
+  constructor (options = {}) {
+    this.spkac = options.spkac
+    this.date = options.date || new Date()
+    this.webId = options.webId
+    this.commonName = options.commonName
+    this.issuer = { commonName: options.issuerName }
+
+    this.certificate = null // gets initialized in `generateCertificate()`
+  }
+
+  /**
+   * Factory method, used to construct a certificate instance from a browser-
+   * based signup.
+   *
+   * @param spkac {string} Signed Public Key and Challenge from a browser's
+   *   `<keygen>` element.
+   * @param userAccount {UserAccount}
+   * @param host {SolidHost}
+   *
+   * @throws {TypeError} If no `spkac` param provided (http 400)
+   *
+   * @return {WebIdTlsCertificate}
+   */
+  static fromSpkacPost (spkac, userAccount, host) {
+    if (!spkac) {
+      const error = new TypeError('Missing spkac parameter')
+      error.status = 400
+      throw error
+    }
+
+    const date = new Date()
+    const commonName = `${userAccount.displayName} [on ${host.serverUri}, created ${date}]`
+
+    const options = {
+      spkac: WebIdTlsCertificate.prepPublicKey(spkac),
+      webId: userAccount.webId,
+      date,
+      commonName,
+      issuerName: host.serverUri
+    }
+
+    return new WebIdTlsCertificate(options)
+  }
+
+  /**
+   * Formats a `<keygen>`-generated public key and converts it into a Buffer,
+   * to use in TLS certificate generation.
+   *
+   * @param spkac {string} Signed Public Key and Challenge from a browser's
+   *   `<keygen>` element.
+   *
+   * @return {Buffer<string>|null} UTF-8 string buffer of the public key, if one
+   *   was passed in.
+   */
+  static prepPublicKey (spkac) {
+    if (!spkac) { return null }
+
+    spkac = utils.stripLineEndings(spkac)
+    spkac = new Buffer(spkac, 'utf-8')
+    return spkac
+  }
+
+  /**
+   * Generates an X509Certificate from the passed-in `spkac` value.
+   *
+   * @throws {Error} See `webid` module's `generate()` function.
+   *
+   * @return {Promise<WebIdTlsCertificate>} Resolves to self (chainable), with
+   *   the `.certificate` property initialized.
+   */
+  generateCertificate () {
+    const certOptions = {
+      spkac: this.spkac,
+      agent: this.webId,
+      commonName: this.commonName,
+      issuer: this.issuer
+    }
+
+    return new Promise((resolve, reject) => {
+      webidTls.generate(certOptions, (err, certificate) => {
+        if (err) {
+          reject(err)
+        } else {
+          this.certificate = certificate
+          resolve(this)
+        }
+      })
+    })
+  }
+
+  /**
+   * Returns the URI (with hash fragment) for this certificate's public key,
+   * to be used as a subject of RDF triples in a user's WebID Profile.
+   *
+   * @throws {TypeError} HTTP 400 error if no `webId` has been set.
+   *
+   * @return {string}
+   */
+  get keyUri () {
+    if (!this.webId) {
+      const error = new TypeError('Cannot construct key URI, WebID is missing')
+      error.status = 400
+      throw error
+    }
+
+    const profileUri = this.webId.split('#')[0]
+    return profileUri + '#key-' + this.date.getTime()
+  }
+
+  /**
+   * Returns the public key exponent (for adding to a user's WebID Profile)
+   *
+   * @throws {TypeError} HTTP 400 error if no certificate has been generated.
+   *
+   * @return {string}
+   */
+  get exponent () {
+    if (!this.certificate) {
+      const error = new TypeError('Cannot return exponent, certificate has not been generated')
+      error.status = 400
+      throw error
+    }
+
+    return this.certificate.publicKey.e.toString()
+  }
+
+  /**
+   * Returns the public key modulus (for adding to a user's WebID Profile)
+   *
+   * @throws {TypeError} HTTP 400 error if no certificate has been generated.
+   *
+   * @return {string}
+   */
+  get modulus () {
+    if (!this.certificate) {
+      const error = new TypeError('Cannot return modulus, certificate has not been generated')
+      error.status = 400
+      throw error
+    }
+
+    return this.certificate.publicKey.n.toString(16).toUpperCase()
+  }
+
+  /**
+   * Converts the generated cert to DER format and returns it.
+   *
+   * @return {X509Certificate|null} In DER format
+   */
+  toDER () {
+    if (!this.certificate) {
+      return null
+    }
+
+    const certificateAsn = forge.pki.certificateToAsn1(this.certificate)
+    // Convert to DER
+    const certificateDer = forge.asn1.toDer(certificateAsn).getBytes()
+    // new Buffer(der, 'binary')
+    return certificateDer
+  }
+}
+
+module.exports = WebIdTlsCertificate

package/lib/payment-pointer-discovery.js

@@ -0,0 +1,83 @@
+'use strict'
+/**
+ * @module payment-pointer-discovery
+ */
+const express = require('express')
+const { promisify } = require('util')
+const fs = require('fs')
+const rdf = require('rdflib')
+
+module.exports = paymentPointerDiscovery
+
+const PROFILE_PATH = '/profile/card'
+
+/**
+ * Returns a set of routes to deal with server payment pointer discovery
+ * @method paymentPointerDiscovery
+ * @return {Router} Express router
+ */
+function paymentPointerDiscovery () {
+  const router = express.Router('/')
+
+  // Advertise the server payment pointer discover endpoint
+  router.get('/.well-known/pay', paymentPointerDocument())
+  return router
+}
+
+/**
+ * Serves the service payment pointer document (containing server root URL, including
+ * any base path the user specified in config, server API endpoints, etc).
+ * @method paymentPointerDocument
+ * @param req
+ * @param res
+ * @param next
+ */
+function paymentPointerDocument () {
+  return async (req, res) => {
+    try {
+      const ldp = req.app.locals.ldp
+      const url = ldp.resourceMapper.resolveUrl(req.hostname, PROFILE_PATH)
+      const contentType = 'text/turtle'
+      const createIfNotExists = false
+      const { path } = await ldp.resourceMapper.mapUrlToFile({ url, contentType, createIfNotExists })
+      let body
+      try {
+        // Read the file from disk
+        body = await promisify(fs.readFile)(path, { encoding: 'utf8' })
+      } catch (e) {
+        if (e.message.startsWith('ENOENT: no such file or directory,')) {
+          res.json({
+            error: `Please create ${PROFILE_PATH} on your pod`
+          })
+        }
+      }
+      const webid = rdf.Namespace(`${url}#`)('me')
+      const pp = rdf.Namespace('http://paymentpointers.org/ns#')('PaymentPointer')
+      let paymentPointer
+      try {
+        const graph = rdf.graph()
+        // Parse the file as Turtle
+        rdf.parse(body, graph, url, contentType)
+        paymentPointer = graph.any(webid, pp)
+      } catch (e) {
+        console.error(e)
+        res.json({
+          error: `Please make sure ${PROFILE_PATH} contains valid Turtle`
+        })
+      }
+      if (paymentPointer === null) {
+        res.json({ fail: 'Add triple', subject: `<${webid.value}>`, predicate: `<${pp.value}>`, object: '$alice.example' })
+      }
+      if (paymentPointer.value.startsWith('$')) {
+        let suffix = ''
+        if (paymentPointer.value.indexOf('/') === -1) {
+          suffix = '/.well-known/pay'
+        }
+        paymentPointer.value = `https://${paymentPointer.value.substring(1)}${suffix}`
+      }
+      res.redirect(paymentPointer.value)
+    } catch (e) {
+      res.json({ fail: e.message })
+    }
+  }
+}

package/lib/requests/add-cert-request.js

@@ -0,0 +1,138 @@
+'use strict'
+
+const WebIdTlsCertificate = require('../models/webid-tls-certificate')
+const debug = require('./../debug').accounts
+
+/**
+ * Represents an 'add new certificate to account' request
+ * (a POST to `/api/accounts/cert` endpoint).
+ *
+ * Note: The account has to exist, and the user must be already logged in,
+ * for this to succeed.
+ */
+class AddCertificateRequest {
+  /**
+   * @param [options={}] {Object}
+   * @param [options.accountManager] {AccountManager}
+   * @param [options.userAccount] {UserAccount}
+   * @param [options.certificate] {WebIdTlsCertificate}
+   * @param [options.response] {HttpResponse}
+   */
+  constructor (options) {
+    this.accountManager = options.accountManager
+    this.userAccount = options.userAccount
+    this.certificate = options.certificate
+    this.response = options.response
+  }
+
+  /**
+   * Handles the HTTP request (from an Express route handler).
+   *
+   * @param req
+   * @param res
+   * @param accountManager {AccountManager}
+   *
+   * @throws {TypeError}
+   * @throws {Error} HTTP 401 if the user is not logged in (`req.session.userId`
+   *   does not match the intended account to which the cert is being added).
+   *
+   * @return {Promise}
+   */
+  static handle (req, res, accountManager) {
+    let request
+    try {
+      request = AddCertificateRequest.fromParams(req, res, accountManager)
+    } catch (error) {
+      return Promise.reject(error)
+    }
+
+    return AddCertificateRequest.addCertificate(request)
+  }
+
+  /**
+   * Factory method, returns an initialized instance of `AddCertificateRequest`.
+   *
+   * @param req
+   * @param res
+   * @param accountManager {AccountManager}
+   *
+   * @throws {TypeError} If required parameters missing
+   * @throws {Error} HTTP 401 if the user is not logged in (`req.session.userId`
+   *   does not match the intended account to which the cert is being added).
+   *
+   * @return {AddCertificateRequest}
+   */
+  static fromParams (req, res, accountManager) {
+    const userAccount = accountManager.userAccountFrom(req.body)
+    const certificate = WebIdTlsCertificate.fromSpkacPost(
+      req.body.spkac,
+      userAccount,
+      accountManager.host)
+
+    debug(`Adding a new certificate for ${userAccount.webId}`)
+
+    if (req.session.userId !== userAccount.webId) {
+      debug(`Cannot add new certificate: signed in user is "${req.session.userId}"`)
+      const error = new Error("You are not logged in, so you can't create a certificate")
+      error.status = 401
+      throw error
+    }
+
+    const options = {
+      accountManager,
+      userAccount,
+      certificate,
+      response: res
+    }
+
+    return new AddCertificateRequest(options)
+  }
+
+  /**
+   * Generates a new certificate for a given user account, and adds it to that
+   * account's WebID Profile graph.
+   *
+   * @param request {AddCertificateRequest}
+   *
+   * @throws {Error} HTTP 400 if there were errors during certificate generation
+   *
+   * @returns {Promise}
+   */
+  static addCertificate (request) {
+    const { certificate, userAccount, accountManager } = request
+
+    return certificate.generateCertificate()
+      .catch(err => {
+        err.status = 400
+        err.message = 'Error generating a certificate: ' + err.message
+        throw err
+      })
+      .then(() => {
+        return accountManager.addCertKeyToProfile(certificate, userAccount)
+      })
+      .catch(err => {
+        err.status = 400
+        err.message = 'Error adding certificate to profile: ' + err.message
+        throw err
+      })
+      .then(() => {
+        request.sendResponse(certificate)
+      })
+  }
+
+  /**
+   * Sends the generated certificate in the response object.
+   *
+   * @param certificate {WebIdTlsCertificate}
+   */
+  sendResponse (certificate) {
+    const { response, userAccount } = this
+    response.set('User', userAccount.webId)
+    response.status(200)
+
+    response.set('Content-Type', 'application/x-x509-user-cert')
+    response.send(certificate.toDER())
+  }
+}
+
+module.exports = AddCertificateRequest