solid-server 5.6.9-beta

package/lib/server-config.js

@@ -0,0 +1,167 @@
+'use strict'
+
+/**
+ * Server config initialization utilities
+ */
+
+const fs = require('fs-extra')
+const path = require('path')
+const templateUtils = require('./common/template-utils')
+const fsUtils = require('./common/fs-utils')
+
+const debug = require('./debug')
+
+function printDebugInfo (options) {
+  debug.settings('Server URI: ' + options.serverUri)
+  debug.settings('Auth method: ' + options.auth)
+  debug.settings('Strict origins: ' + options.strictOrigin)
+  debug.settings('Allowed origins: ' + options.trustedOrigins)
+  debug.settings('Db path: ' + options.dbPath)
+  debug.settings('Config path: ' + options.configPath)
+  debug.settings('Suffix Acl: ' + options.suffixAcl)
+  debug.settings('Suffix Meta: ' + options.suffixMeta)
+  debug.settings('Allow WebID authentication: ' + !!options.webid)
+  debug.settings('Live-updates: ' + !!options.live)
+  debug.settings('Multi-user: ' + !!options.multiuser)
+  debug.settings('Suppress default data browser app: ' + options.suppressDataBrowser)
+  debug.settings('Default data browser app file path: ' + options.dataBrowserPath)
+}
+
+/**
+ * Ensures that a directory has been copied / initialized. Used to ensure that
+ * account templates, email templates and default apps have been copied from
+ * their defaults to the customizable config directory, at server startup.
+ *
+ * @param fromDir {string} Path to copy from (defaults)
+ *
+ * @param toDir {string} Path to copy to (customizable config)
+ *
+ * @return {string} Returns the absolute path for `toDir`
+ */
+function ensureDirCopyExists (fromDir, toDir) {
+  fromDir = path.resolve(fromDir)
+  toDir = path.resolve(toDir)
+
+  if (!fs.existsSync(toDir)) {
+    fs.copySync(fromDir, toDir)
+  }
+
+  return toDir
+}
+
+/**
+ * Creates (copies from the server templates dir) a Welcome index page for the
+ * server root web directory, if one does not already exist. This page
+ * typically has links to account signup and login, and can be overridden by
+ * the server operator.
+ *
+ * @param argv {Object} Express.js app object
+ */
+async function ensureWelcomePage (argv) {
+  const { resourceMapper, templates, server, host } = argv
+  const serverRootDir = resourceMapper.resolveFilePath(host.hostname)
+  const existingIndexPage = path.join(serverRootDir, 'index.html')
+  const packageData = require('../package.json')
+
+  if (!fs.existsSync(existingIndexPage)) {
+    fs.mkdirp(serverRootDir)
+    await fsUtils.copyTemplateDir(templates.server, serverRootDir)
+    await templateUtils.processHandlebarFile(existingIndexPage, {
+      serverName: server ? server.name : host.hostname,
+      serverDescription: server ? server.description : '',
+      serverLogo: server ? server.logo : '',
+      serverVersion: packageData.version
+    })
+  }
+
+  // Ensure that the root .acl file exists,
+  // because this was not mandatory in before 5.0.0
+  const existingRootAcl = path.join(serverRootDir, '.acl')
+  if (!fs.existsSync(existingRootAcl)) {
+    await fsUtils.copyTemplateDir(path.join(templates.server, '.acl'), existingRootAcl)
+  }
+}
+
+/**
+ * Ensures that the server config directory (something like '/etc/solid-server'
+ * or './config', taken from the `configPath` config.json file) exists, and
+ * creates it if not.
+ *
+ * @param argv
+ *
+ * @return {string} Path to the server config dir
+ */
+function initConfigDir (argv) {
+  const configPath = path.resolve(argv.configPath)
+  fs.mkdirp(configPath)
+
+  return configPath
+}
+
+/**
+ * Ensures that the customizable 'views' folder exists for this installation
+ * (copies it from default views if not).
+ *
+ * @param configPath {string} Location of configuration directory (from the
+ *   local config.json file or passed in as cli parameter)
+ *
+ * @return {string} Path to the views dir
+ */
+function initDefaultViews (configPath) {
+  const defaultViewsPath = path.join(__dirname, '../default-views')
+  const viewsPath = path.join(configPath, 'views')
+
+  ensureDirCopyExists(defaultViewsPath, viewsPath)
+
+  return viewsPath
+}
+
+/**
+ * Makes sure that the various template directories (email templates, new
+ * account templates, etc) have been copied from the default directories to
+ * this server's own config directory.
+ *
+ * @param configPath {string} Location of configuration directory (from the
+ *   local config.json file or passed in as cli parameter)
+ *
+ * @return {Object} Returns a hashmap of template directories by type
+ *   (new account, email, server)
+ */
+function initTemplateDirs (configPath) {
+  const accountTemplatePath = ensureDirCopyExists(
+    path.join(__dirname, '../default-templates/new-account'),
+    path.join(configPath, 'templates', 'new-account')
+  )
+
+  const emailTemplatesPath = ensureDirCopyExists(
+    path.join(__dirname, '../default-templates/emails'),
+    path.join(configPath, 'templates', 'emails')
+  )
+
+  const serverTemplatePath = ensureDirCopyExists(
+    path.join(__dirname, '../default-templates/server'),
+    path.join(configPath, 'templates', 'server')
+  )
+
+  // Ensure that the root .acl file exists,
+  // because this was not mandatory in before 5.0.0
+  ensureDirCopyExists(
+    path.join(__dirname, '../default-templates/server/.acl'),
+    path.join(configPath, 'templates', 'server', '.acl')
+  )
+
+  return {
+    account: accountTemplatePath,
+    email: emailTemplatesPath,
+    server: serverTemplatePath
+  }
+}
+
+module.exports = {
+  ensureDirCopyExists,
+  ensureWelcomePage,
+  initConfigDir,
+  initDefaultViews,
+  initTemplateDirs,
+  printDebugInfo
+}

package/lib/services/blacklist-service.js

@@ -0,0 +1,33 @@
+const blacklistConfig = require('../../config/usernames-blacklist.json')
+const blacklist = require('the-big-username-blacklist').list
+
+class BlacklistService {
+  constructor () {
+    this.reset()
+  }
+
+  addWord (word) {
+    this.list.push(BlacklistService._prepareWord(word))
+  }
+
+  reset (config) {
+    this.list = BlacklistService._initList(config)
+  }
+
+  validate (word) {
+    return this.list.indexOf(BlacklistService._prepareWord(word)) === -1
+  }
+
+  static _initList (config = blacklistConfig) {
+    return [
+      ...(config.useTheBigUsernameBlacklist ? blacklist : []),
+      ...config.customBlacklistedUsernames
+    ]
+  }
+
+  static _prepareWord (word) {
+    return word.trim().toLocaleLowerCase()
+  }
+}
+
+module.exports = new BlacklistService()

package/lib/services/email-service.js

@@ -0,0 +1,162 @@
+'use strict'
+
+const nodemailer = require('nodemailer')
+const path = require('path')
+const debug = require('../debug').email
+
+/**
+ * Models a Nodemailer-based email sending service.
+ *
+ * @see https://nodemailer.com/about/
+ */
+class EmailService {
+  /**
+   * @constructor
+   *
+   * @param templatePath {string} Path to the email templates directory
+   *
+   * @param config {Object} Nodemailer configuration object
+   * @see https://nodemailer.com/smtp/
+   *
+   * Transport SMTP config options:
+   * @param config.host {string} e.g. 'smtp.gmail.com'
+   * @param config.port {string} e.g. '465'
+   * @param config.secure {boolean} Whether to use TLS when connecting to server
+   *
+   * Transport authentication config options:
+   * @param config.auth {Object}
+   * @param config.auth.user {string} Smtp username (e.g. 'alice@gmail.com')
+   * @param config.auth.pass {string} Smtp password
+   *
+   * Optional default Sender / `from:` address:
+   * @param [config.sender] {string} e.g. 'Solid Server <no-reply@databox.me>'
+   */
+  constructor (templatePath, config) {
+    this.mailer = nodemailer.createTransport(config)
+
+    this.sender = this.initSender(config)
+
+    this.templatePath = templatePath
+  }
+
+  /**
+   * Returns the default Sender address based on config.
+   *
+   * Note that if using Gmail for SMTP transport, Gmail ignores the sender
+   * `from:` address and uses the SMTP username instead (`auth.user`).
+   *
+   * @param config {Object}
+   *
+   * The sender is derived from either:
+   * @param [config.sender] {string} e.g. 'Solid Server <no-reply@databox.me>'
+   *
+   * or, if explicit sender is not passed in, uses:
+   * @param [config.host] {string} SMTP host from transport config
+   *
+   * @return {string} Sender `from:` address
+   */
+  initSender (config) {
+    let sender
+
+    if (config.sender) {
+      sender = config.sender
+    } else {
+      sender = `no-reply@${config.host}`
+    }
+
+    return sender
+  }
+
+  /**
+   * Sends an email (passes it through to nodemailer).
+   *
+   * @param email {Object}
+   *
+   * @return {Promise<EmailResponse>}
+   */
+  sendMail (email) {
+    email.from = email.from || this.sender
+
+    debug('Sending email to ' + email.to)
+    return this.mailer.sendMail(email)
+  }
+
+  /**
+   * Sends an email using a saved email template.
+   * Usage:
+   *
+   *    ```
+   *    let data = { webid: 'https://example.com/alice#me', ... }
+   *
+   *    emailService.sendWithTemplate('welcome', data)
+   *      .then(response => {
+   *        // email sent using the 'welcome' template
+   *      })
+   *    ```
+   *
+   * @param templateName {string} Name of a template file in the email-templates
+   *   dir, no extension necessary.
+   *
+   * @param data {Object} Key/value hashmap of data for an email template.
+   *
+   * @return {Promise<EmailResponse>}
+   */
+  sendWithTemplate (templateName, data) {
+    return Promise.resolve()
+      .then(() => {
+        const renderedEmail = this.emailFromTemplate(templateName, data)
+
+        return this.sendMail(renderedEmail)
+      })
+  }
+
+  /**
+   * Returns an email from a rendered template.
+   *
+   * @param templateName {string}
+   * @param data {Object} Key/value hashmap of data for an email template.
+   *
+   * @return {Object} Rendered email object from template
+   */
+  emailFromTemplate (templateName, data) {
+    const template = this.readTemplate(templateName)
+
+    return Object.assign({}, template.render(data), data)
+  }
+
+  /**
+   * Reads (requires) and returns the contents of an email template file, for
+   * a given template name.
+   *
+   * @param templateName {string}
+   *
+   * @throws {Error} If the template could not be found
+   *
+   * @return {Object}
+   */
+  readTemplate (templateName) {
+    const templateFile = this.templatePathFor(templateName)
+    let template
+
+    try {
+      template = require(templateFile)
+    } catch (error) {
+      throw new Error('Cannot find email template: ' + templateFile)
+    }
+
+    return template
+  }
+
+  /**
+   * Returns a template file path for a given template name.
+   *
+   * @param templateName {string}
+   *
+   * @return {string}
+   */
+  templatePathFor (templateName) {
+    return path.join(this.templatePath, templateName)
+  }
+}
+
+module.exports = EmailService

package/lib/services/token-service.js

@@ -0,0 +1,47 @@
+'use strict'
+
+const { ulid } = require('ulid')
+
+class TokenService {
+  constructor () {
+    this.tokens = {}
+  }
+
+  generate (domain, data = {}) {
+    const token = ulid()
+    this.tokens[domain] = this.tokens[domain] || {}
+
+    const value = {
+      exp: new Date(Date.now() + 20 * 60 * 1000)
+    }
+    this.tokens[domain][token] = Object.assign({}, value, data)
+
+    return token
+  }
+
+  verify (domain, token) {
+    const now = new Date()
+
+    if (!this.tokens[domain]) {
+      throw new Error(`Invalid domain for tokens: ${domain}`)
+    }
+
+    const tokenValue = this.tokens[domain][token]
+
+    if (tokenValue && now < tokenValue.exp) {
+      return tokenValue
+    } else {
+      return false
+    }
+  }
+
+  remove (domain, token) {
+    if (!this.tokens[domain]) {
+      throw new Error(`Invalid domain for tokens: ${domain}`)
+    }
+
+    delete this.tokens[domain][token]
+  }
+}
+
+module.exports = TokenService

package/lib/utils.js

@@ -0,0 +1,254 @@
+/* eslint-disable node/no-deprecated-api */
+
+module.exports.pathBasename = pathBasename
+module.exports.hasSuffix = hasSuffix
+module.exports.serialize = serialize
+module.exports.translate = translate
+module.exports.stringToStream = stringToStream
+module.exports.debrack = debrack
+module.exports.stripLineEndings = stripLineEndings
+module.exports.fullUrlForReq = fullUrlForReq
+module.exports.routeResolvedFile = routeResolvedFile
+module.exports.getQuota = getQuota
+module.exports.overQuota = overQuota
+module.exports.getContentType = getContentType
+module.exports.parse = parse
+
+const fs = require('fs')
+const path = require('path')
+const util = require('util')
+const $rdf = require('rdflib')
+const from = require('from2')
+const url = require('url')
+const debug = require('./debug').fs
+const getSize = require('get-folder-size')
+const ns = require('solid-namespace')($rdf)
+
+/**
+ * Returns a fully qualified URL from an Express.js Request object.
+ * (It's insane that Express does not provide this natively.)
+ *
+ * Usage:
+ *
+ *   ```
+ *   console.log(util.fullUrlForReq(req))
+ *   // -> https://example.com/path/to/resource?q1=v1
+ *   ```
+ *
+ * @param req {IncomingRequest}
+ *
+ * @return {string}
+ */
+function fullUrlForReq (req) {
+  const fullUrl = url.format({
+    protocol: req.protocol,
+    host: req.get('host'),
+    pathname: url.resolve(req.baseUrl, req.path),
+    query: req.query
+  })
+
+  return fullUrl
+}
+
+/**
+ * Removes the `<` and `>` brackets around a string and returns it.
+ * Used by the `allow` handler in `verifyDelegator()` logic.
+ * @method debrack
+ *
+ * @param s {string}
+ *
+ * @return {string}
+ */
+function debrack (s) {
+  if (!s || s.length < 2) {
+    return s
+  }
+  if (s[0] !== '<') {
+    return s
+  }
+  if (s[s.length - 1] !== '>') {
+    return s
+  }
+  return s.substring(1, s.length - 1)
+}
+
+async function parse (data, baseUri, contentType) {
+  const graph = $rdf.graph()
+  return new Promise((resolve, reject) => {
+    try {
+      return $rdf.parse(data, graph, baseUri, contentType, (err, str) => {
+        if (err) {
+          return reject(err)
+        }
+        resolve(str)
+      })
+    } catch (err) {
+      return reject(err)
+    }
+  })
+}
+
+function pathBasename (fullpath) {
+  let bname = ''
+  if (fullpath) {
+    bname = (fullpath.lastIndexOf('/') === fullpath.length - 1)
+      ? ''
+      : path.basename(fullpath)
+  }
+  return bname
+}
+
+function hasSuffix (path, suffixes) {
+  for (const i in suffixes) {
+    if (path.indexOf(suffixes[i], path.length - suffixes[i].length) !== -1) {
+      return true
+    }
+  }
+  return false
+}
+
+function serialize (graph, baseUri, contentType) {
+  return new Promise((resolve, reject) => {
+    try {
+      // target, kb, base, contentType, callback
+      $rdf.serialize(null, graph, baseUri, contentType, function (err, result) {
+        if (err) {
+          return reject(err)
+        }
+        if (result === undefined) {
+          return reject(new Error('Error serializing the graph to ' +
+            contentType))
+        }
+
+        resolve(result)
+      })
+    } catch (err) {
+      reject(err)
+    }
+  })
+}
+
+function translate (stream, baseUri, from, to) {
+  return new Promise((resolve, reject) => {
+    let data = ''
+    stream
+      .on('data', function (chunk) {
+        data += chunk
+      })
+      .on('end', function () {
+        const graph = $rdf.graph()
+        $rdf.parse(data, graph, baseUri, from, function (err) {
+          if (err) return reject(err)
+          resolve(serialize(graph, baseUri, to))
+        })
+      })
+  })
+}
+
+function stringToStream (string) {
+  return from(function (size, next) {
+    // if there's no more content
+    // left in the string, close the stream.
+    if (!string || string.length <= 0) {
+      return next(null, null)
+    }
+
+    // Pull in a new chunk of text,
+    // removing it from the string.
+    const chunk = string.slice(0, size)
+    string = string.slice(size)
+
+    // Emit "chunk" from the stream.
+    next(null, chunk)
+  })
+}
+
+/**
+ * Removes line endings from a given string. Used for WebID TLS Certificate
+ * generation.
+ *
+ * @param obj {string}
+ *
+ * @return {string}
+ */
+function stripLineEndings (obj) {
+  if (!obj) { return obj }
+
+  return obj.replace(/(\r\n|\n|\r)/gm, '')
+}
+
+/**
+ * Adds a route that serves a static file from another Node module
+ */
+function routeResolvedFile (router, path, file, appendFileName = true) {
+  const fullPath = appendFileName ? path + file.match(/[^/]+$/) : path
+  const fullFile = require.resolve(file)
+  router.get(fullPath, (req, res) => res.sendFile(fullFile))
+}
+
+/**
+ * Returns the number of bytes that the user owning the requested POD
+ * may store or Infinity if no limit
+ */
+
+async function getQuota (root, serverUri) {
+  const filename = path.join(root, 'settings/serverSide.ttl')
+  let prefs
+  try {
+    prefs = await _asyncReadfile(filename)
+  } catch (error) {
+    debug('Setting no quota. While reading serverSide.ttl, got ' + error)
+    return Infinity
+  }
+  const graph = $rdf.graph()
+  const storageUri = serverUri + '/'
+  try {
+    $rdf.parse(prefs, graph, storageUri, 'text/turtle')
+  } catch (error) {
+    throw new Error('Failed to parse serverSide.ttl, got ' + error)
+  }
+  return Number(graph.anyValue($rdf.sym(storageUri), ns.solid('storageQuota'))) || Infinity
+}
+
+/**
+ * Returns true of the user has already exceeded their quota, i.e. it
+ * will check if new requests should be rejected, which means they
+ * could PUT a large file and get away with it.
+ */
+
+async function overQuota (root, serverUri) {
+  const quota = await getQuota(root, serverUri)
+  if (quota === Infinity) {
+    return false
+  }
+  // TODO: cache this value?
+  const size = await actualSize(root)
+  return (size > quota)
+}
+
+/**
+ * Returns the number of bytes that is occupied by the actual files in
+ * the file system. IMPORTANT NOTE: Since it traverses the directory
+ * to find the actual file sizes, this does a costly operation, but
+ * neglible for the small quotas we currently allow. If the quotas
+ * grow bigger, this will significantly reduce write performance, and
+ * so it needs to be rewritten.
+ */
+
+function actualSize (root) {
+  return util.promisify(getSize)(root)
+}
+
+function _asyncReadfile (filename) {
+  return util.promisify(fs.readFile)(filename, 'utf-8')
+}
+
+/**
+ * Get the content type from a headers object
+ * @param headers An Express or Fetch API headers object
+ * @return {string} A content type string
+ */
+function getContentType (headers) {
+  const value = headers.get ? headers.get('content-type') : headers['content-type']
+  return value ? value.replace(/;.*/, '') : ''
+}

package/lib/webid/index.js

@@ -0,0 +1,13 @@
+module.exports = webid
+
+const tls = require('./tls')
+
+function webid (type) {
+  type = type || 'tls'
+
+  if (type === 'tls') {
+    return tls
+  }
+
+  throw new Error('No other WebID supported')
+}

package/lib/webid/lib/get.js

@@ -0,0 +1,27 @@
+module.exports = get
+
+const request = require('request')
+const url = require('url')
+
+function get (webid, callback) {
+  const uri = url.URL(webid)
+  const options = {
+    url: uri,
+    method: 'GET',
+    headers: {
+      Accept: 'text/turtle, application/ld+json'
+    }
+  }
+
+  request(options, function (err, res, body) {
+    if (err) {
+      return callback(new Error('Failed to fetch profile from ' + uri.href + ': ' + err))
+    }
+
+    if (res.statusCode !== 200) {
+      return callback(new Error('Failed to retrieve WebID from ' + uri.href + ': HTTP ' + res.statusCode))
+    }
+
+    callback(null, body, res.headers['content-type'])
+  })
+}