solid-server 5.6.9-beta

package/bin/lib/invalidUsernames.js

@@ -0,0 +1,148 @@
+const fs = require('fs-extra')
+const Handlebars = require('handlebars')
+const path = require('path')
+
+const { getAccountManager, loadConfig, loadUsernames } = require('./cli-utils')
+const { isValidUsername } = require('../../lib/common/user-utils')
+const blacklistService = require('../../lib/services/blacklist-service')
+const { initConfigDir, initTemplateDirs } = require('../../lib/server-config')
+const { fromServerConfig } = require('../../lib/models/oidc-manager')
+
+const EmailService = require('../../lib/services/email-service')
+const SolidHost = require('../../lib/models/solid-host')
+
+module.exports = function (program) {
+  program
+    .command('invalidusernames')
+    .option('--notify', 'Will notify users with usernames that are invalid')
+    .option('--delete', 'Will delete users with usernames that are invalid')
+    .description('Manage usernames that are invalid')
+    .action(async (options) => {
+      const config = loadConfig(program, options)
+      if (!config.multiuser) {
+        return console.error('You are running a single user server, no need to check for invalid usernames')
+      }
+
+      const invalidUsernames = getInvalidUsernames(config)
+      const host = SolidHost.from({ port: config.port, serverUri: config.serverUri })
+      const accountManager = getAccountManager(config, { host })
+
+      if (options.notify) {
+        return notifyUsers(invalidUsernames, accountManager, config)
+      }
+
+      if (options.delete) {
+        return deleteUsers(invalidUsernames, accountManager, config, host)
+      }
+
+      listUsernames(invalidUsernames)
+    })
+}
+
+function backupIndexFile (username, accountManager, invalidUsernameTemplate, dateOfRemoval, supportEmail) {
+  const userDirectory = accountManager.accountDirFor(username)
+  const currentIndex = path.join(userDirectory, 'index.html')
+  const currentIndexExists = fs.existsSync(currentIndex)
+  const backupIndex = path.join(userDirectory, 'index.backup.html')
+  const backupIndexExists = fs.existsSync(backupIndex)
+  if (currentIndexExists && !backupIndexExists) {
+    fs.renameSync(currentIndex, backupIndex)
+    createNewIndexAcl(userDirectory)
+    createNewIndex(username, invalidUsernameTemplate, dateOfRemoval, supportEmail, currentIndex)
+    console.info(`index.html updated for user ${username}`)
+  }
+}
+
+function createNewIndex (username, invalidUsernameTemplate, dateOfRemoval, supportEmail, currentIndex) {
+  const newIndexSource = invalidUsernameTemplate({
+    username,
+    dateOfRemoval,
+    supportEmail
+  })
+  fs.writeFileSync(currentIndex, newIndexSource, 'utf-8')
+}
+
+function createNewIndexAcl (userDirectory) {
+  const currentIndexAcl = path.join(userDirectory, 'index.html.acl')
+  const backupIndexAcl = path.join(userDirectory, 'index.backup.html.acl')
+  const currentIndexSource = fs.readFileSync(currentIndexAcl, 'utf-8')
+  const backupIndexSource = currentIndexSource.replace(/index.html/g, 'index.backup.html')
+  fs.writeFileSync(backupIndexAcl, backupIndexSource, 'utf-8')
+}
+
+async function deleteUsers (usernames, accountManager, config, host) {
+  const oidcManager = fromServerConfig({
+    ...config,
+    host
+  })
+  const deletingUsers = usernames
+    .map(async username => {
+      try {
+        const user = accountManager.userAccountFrom({ username })
+        await oidcManager.users.deleteUser(user)
+      } catch (error) {
+        if (error.message !== 'No email given') {
+          // 'No email given' is an expected error that we want to ignore
+          throw error
+        }
+      }
+      const userDirectory = accountManager.accountDirFor(username)
+      await fs.remove(userDirectory)
+    })
+  await Promise.all(deletingUsers)
+  console.info(`Deleted ${deletingUsers.length} users succeeded`)
+}
+
+function getInvalidUsernames (config) {
+  const usernames = loadUsernames(config)
+  return usernames.filter(username => !isValidUsername(username) || !blacklistService.validate(username))
+}
+
+function listUsernames (usernames) {
+  if (usernames.length === 0) {
+    return console.info('No invalid usernames was found')
+  }
+  console.info(`${usernames.length} invalid usernames were found:${usernames.map(username => `\n- ${username}`)}`)
+}
+
+async function notifyUsers (usernames, accountManager, config) {
+  const twoWeeksFromNow = Date.now() + 14 * 24 * 60 * 60 * 1000
+  const dateOfRemoval = (new Date(twoWeeksFromNow)).toLocaleDateString()
+  const { supportEmail } = config
+
+  updateIndexFiles(usernames, accountManager, dateOfRemoval, supportEmail)
+  await sendEmails(config, usernames, accountManager, dateOfRemoval, supportEmail)
+}
+
+async function sendEmails (config, usernames, accountManager, dateOfRemoval, supportEmail) {
+  if (config.email && config.email.host) {
+    const configPath = initConfigDir(config)
+    const templates = initTemplateDirs(configPath)
+    const users = await Promise.all(await usernames.map(async username => {
+      const emailAddress = await accountManager.loadAccountRecoveryEmail({ username })
+      const accountUri = accountManager.accountUriFor(username)
+      return { username, emailAddress, accountUri }
+    }))
+    const emailService = new EmailService(templates.email, config.email)
+    const sendingEmails = users
+      .filter(user => !!user.emailAddress)
+      .map(user => emailService.sendWithTemplate('invalid-username', {
+        to: user.emailAddress,
+        accountUri: user.accountUri,
+        dateOfRemoval,
+        supportEmail
+      }))
+    const emailsSent = await Promise.all(sendingEmails)
+    console.info(`${emailsSent.length} emails sent to users with invalid usernames`)
+    return
+  }
+  console.info('You have not configured an email service.')
+  console.info('Please set it up to send users email about their accounts')
+}
+
+function updateIndexFiles (usernames, accountManager, dateOfRemoval, supportEmail) {
+  const invalidUsernameFilePath = path.join(process.cwd(), 'default-views', 'account', 'invalid-username.hbs')
+  const source = fs.readFileSync(invalidUsernameFilePath, 'utf-8')
+  const invalidUsernameTemplate = Handlebars.compile(source)
+  usernames.forEach(username => backupIndexFile(username, accountManager, invalidUsernameTemplate, dateOfRemoval, supportEmail))
+}

package/bin/lib/migrateLegacyResources.js

@@ -0,0 +1,69 @@
+const fs = require('fs')
+const Path = require('path')
+const promisify = require('util').promisify
+const readdir = promisify(fs.readdir)
+const lstat = promisify(fs.lstat)
+const rename = promisify(fs.rename)
+
+/* Converts the old (pre-5.0.0) extensionless files to $-based files _with_ extensions
+ * to make them work in the new resource mapper (post-5.0.0).
+ * By default, all extensionless files (that used to be interpreted as Turtle) will now receive a '$.ttl' suffix. */
+/* https://www.w3.org/DesignIssues/HTTPFilenameMapping.html */
+
+module.exports = function (program) {
+  program
+    .command('migrate-legacy-resources')
+    .option('-p, --path <path>', 'Path to the data folder, defaults to \'data/\'')
+    .option('-s, --suffix <path>', 'The suffix to add to extensionless files, defaults to \'$.ttl\'')
+    .option('-v, --verbose', 'Path to the data folder')
+    .description('Migrate the data folder from node-solid-server 4 to node-solid-server 5')
+    .action(async (opts) => {
+      const verbose = opts.verbose
+      const suffix = opts.suffix || '$.ttl'
+      let paths = opts.path ? [opts.path] : ['data', 'config/templates']
+      paths = paths.map(path => path.startsWith(Path.sep) ? path : Path.join(process.cwd(), path))
+      try {
+        for (const path of paths) {
+          if (verbose) {
+            console.log(`Migrating files in ${path}`)
+          }
+          await migrate(path, suffix, verbose)
+        }
+      } catch (err) {
+        console.error(err)
+      }
+    })
+}
+
+async function migrate (path, suffix, verbose) {
+  const files = await readdir(path)
+  for (const file of files) {
+    const fullFilePath = Path.join(path, file)
+    const stat = await lstat(fullFilePath)
+    if (stat.isFile()) {
+      if (shouldMigrateFile(file)) {
+        const newFullFilePath = getNewFileName(fullFilePath, suffix)
+        if (verbose) {
+          console.log(`${fullFilePath}\n  => ${newFullFilePath}`)
+        }
+        await rename(fullFilePath, newFullFilePath)
+      }
+    } else {
+      if (shouldMigrateFolder(file)) {
+        await migrate(fullFilePath, suffix, verbose)
+      }
+    }
+  }
+}
+
+function getNewFileName (fullFilePath, suffix) {
+  return fullFilePath + suffix
+}
+
+function shouldMigrateFile (filename) {
+  return filename.indexOf('.') < 0
+}
+
+function shouldMigrateFolder (foldername) {
+  return foldername[0] !== '.'
+}

package/bin/lib/options.js

@@ -0,0 +1,399 @@
+const fs = require('fs')
+const path = require('path')
+const validUrl = require('valid-url')
+const { URL } = require('url')
+const { isEmail } = require('validator')
+
+module.exports = [
+  // {
+  //   abbr: 'v',
+  //   flag: true,
+  //   help: 'Print the logs to console\n'
+  // },
+  {
+    name: 'root',
+    help: "Root folder to serve (default: './data')",
+    question: 'Path to the folder you want to serve. Default is',
+    default: './data',
+    prompt: true,
+    filter: (value) => path.resolve(value)
+  },
+  {
+    name: 'port',
+    help: 'SSL port to use',
+    question: 'SSL port to run on. Default is',
+    default: '8443',
+    prompt: true
+  },
+  {
+    name: 'server-uri',
+    question: 'Solid server uri (with protocol, hostname and port)',
+    help: "Solid server uri (default: 'https://localhost:8443')",
+    default: 'https://localhost:8443',
+    validate: validUri,
+    prompt: true
+  },
+  {
+    name: 'webid',
+    help: 'Enable WebID authentication and access control (uses HTTPS)',
+    flag: true,
+    default: true,
+    question: 'Enable WebID authentication',
+    prompt: true
+  },
+  {
+    name: 'mount',
+    help: "Serve on a specific URL path (default: '/')",
+    question: 'Serve Solid on URL path',
+    default: '/',
+    prompt: true
+  },
+  {
+    name: 'config-path',
+    question: 'Path to the config directory (for example: ./config)',
+    default: './config',
+    prompt: true
+  },
+  {
+    name: 'config-file',
+    question: 'Path to the config file (for example: ./config.json)',
+    default: './config.json',
+    prompt: true
+  },
+  {
+    name: 'db-path',
+    question: 'Path to the server metadata db directory (for users/apps etc)',
+    default: './.db',
+    prompt: true
+  },
+  {
+    name: 'auth',
+    help: 'Pick an authentication strategy for WebID: `tls` or `oidc`',
+    question: 'Select authentication strategy',
+    type: 'list',
+    choices: [
+      'WebID-OpenID Connect'
+    ],
+    prompt: false,
+    default: 'WebID-OpenID Connect',
+    filter: (value) => {
+      if (value === 'WebID-OpenID Connect') return 'oidc'
+    },
+    when: (answers) => {
+      return answers.webid
+    }
+  },
+  {
+    name: 'use-owner',
+    question: 'Do you already have a WebID?',
+    type: 'confirm',
+    default: false,
+    hide: true
+  },
+  {
+    name: 'owner',
+    help: 'Set the owner of the storage (overwrites the root ACL file)',
+    question: 'Your webid (to overwrite the root ACL with)',
+    prompt: false,
+    validate: function (value) {
+      if (value === '' || !value.startsWith('http')) {
+        return 'Enter a valid Webid'
+      }
+      return true
+    },
+    when: function (answers) {
+      return answers['use-owner']
+    }
+  },
+  {
+    name: 'ssl-key',
+    help: 'Path to the SSL private key in PEM format',
+    validate: validPath,
+    prompt: true
+  },
+  {
+    name: 'ssl-cert',
+    help: 'Path to the SSL certificate key in PEM format',
+    validate: validPath,
+    prompt: true
+  },
+  {
+    name: 'no-reject-unauthorized',
+    help: 'Accept self-signed certificates',
+    flag: true,
+    default: false,
+    prompt: false
+  },
+  {
+    name: 'multiuser',
+    help: 'Enable multi-user mode',
+    question: 'Enable multi-user mode',
+    flag: true,
+    default: false,
+    prompt: true
+  },
+  {
+    name: 'idp',
+    help: 'Obsolete; use --multiuser',
+    prompt: false
+  },
+  {
+    name: 'no-live',
+    help: 'Disable live support through WebSockets',
+    flag: true,
+    default: false
+  },
+  // {
+  //   full: 'default-app',
+  //   help: 'URI to use as a default app for resources (default: https://linkeddata.github.io/warp/#/list/)'
+  // },
+  {
+    name: 'use-cors-proxy',
+    help: 'Do you want to have a CORS proxy endpoint?',
+    flag: true,
+    default: false,
+    hide: true
+  },
+  {
+    name: 'proxy',
+    help: 'Obsolete; use --corsProxy',
+    prompt: false
+  },
+  {
+    name: 'cors-proxy',
+    help: 'Serve the CORS proxy on this path',
+    when: function (answers) {
+      return answers['use-cors-proxy']
+    },
+    default: '/proxy',
+    prompt: true
+  },
+  {
+    name: 'auth-proxy',
+    help: 'Object with path/server pairs to reverse proxy',
+    default: {},
+    prompt: false,
+    hide: true
+  },
+  {
+    name: 'suppress-data-browser',
+    help: 'Suppress provision of a data browser',
+    flag: true,
+    prompt: false,
+    default: false,
+    hide: false
+  },
+  {
+    name: 'data-browser-path',
+    help: 'An HTML file which is sent to allow users to browse the data (eg using mashlib.js)',
+    question: 'Path of data viewer page (defaults to using mashlib)',
+    validate: validPath,
+    default: 'default',
+    prompt: false
+  },
+  {
+    name: 'suffix-acl',
+    full: 'suffix-acl',
+    help: "Suffix for acl files (default: '.acl')",
+    default: '.acl',
+    prompt: false
+  },
+  {
+    name: 'suffix-meta',
+    full: 'suffix-meta',
+    help: "Suffix for metadata files (default: '.meta')",
+    default: '.meta',
+    prompt: false
+  },
+  {
+    name: 'secret',
+    help: 'Secret used to sign the session ID cookie (e.g. "your secret phrase")',
+    question: 'Session secret for cookie',
+    default: 'random',
+    prompt: false,
+    filter: function (value) {
+      if (value === '' || value === 'random') {
+        return
+      }
+      return value
+    }
+  },
+  // {
+  //   full: 'no-error-pages',
+  //   flag: true,
+  //   help: 'Disable custom error pages (use Node.js default pages instead)'
+  // },
+  {
+    name: 'error-pages',
+    help: 'Folder from which to look for custom error pages files (files must be named <error-code>.html -- eg. 500.html)',
+    validate: validPath,
+    prompt: false
+  },
+  {
+    name: 'force-user',
+    help: 'Force a WebID to always be logged in (useful when offline)'
+  },
+  {
+    name: 'strict-origin',
+    help: 'Enforce same origin policy in the ACL',
+    flag: true,
+    default: false,
+    prompt: false
+  },
+  {
+    name: 'use-email',
+    help: 'Do you want to set up an email service?',
+    flag: true,
+    prompt: true,
+    default: false
+  },
+  {
+    name: 'email-host',
+    help: 'Host of your email service',
+    prompt: true,
+    default: 'smtp.gmail.com',
+    when: (answers) => {
+      return answers['use-email']
+    }
+  },
+  {
+    name: 'email-port',
+    help: 'Port of your email service',
+    prompt: true,
+    default: '465',
+    when: (answers) => {
+      return answers['use-email']
+    }
+  },
+  {
+    name: 'email-auth-user',
+    help: 'User of your email service',
+    prompt: true,
+    when: (answers) => {
+      return answers['use-email']
+    },
+    validate: (value) => {
+      if (!value) {
+        return 'You must enter this information'
+      }
+      return true
+    }
+  },
+  {
+    name: 'email-auth-pass',
+    help: 'Password of your email service',
+    type: 'password',
+    prompt: true,
+    when: (answers) => {
+      return answers['use-email']
+    }
+  },
+  {
+    name: 'use-api-apps',
+    help: 'Do you want to load your default apps on /api/apps?',
+    flag: true,
+    prompt: false,
+    default: true
+  },
+  {
+    name: 'api-apps',
+    help: 'Path to the folder to mount on /api/apps',
+    prompt: true,
+    validate: validPath,
+    when: (answers) => {
+      return answers['use-api-apps']
+    }
+  },
+  { // copied from name: 'owner'
+    name: 'redirect-http-from',
+    help: 'HTTP port or \',\'-separated ports to redirect to the solid server port (e.g. "80,8080").',
+    prompt: false,
+    validate: function (value) {
+      if (!value.match(/^[0-9]+(,[0-9]+)*$/)) {
+        return 'direct-port(s) must be a comma-separated list of integers.'
+      }
+      const list = value.split(/,/).map(v => parseInt(v))
+      const bad = list.find(v => { return v < 1 || v > 65535 })
+      if (bad.length) {
+        return 'redirect-http-from port(s) ' + bad + ' out of range'
+      }
+      return true
+    }
+  },
+  {
+    // This property is packaged into an object for the server property in config.json
+    name: 'server-info-name', // All properties with prefix server-info- will be removed from the config
+    help: 'A name for your server (not required, but will be presented on your server\'s frontpage)',
+    prompt: true,
+    default: answers => new URL(answers['server-uri']).hostname
+  },
+  {
+    // This property is packaged into an object for the server property in config.json
+    name: 'server-info-description', // All properties with prefix server-info- will be removed from the config
+    help: 'A description of your server (not required)',
+    prompt: true
+  },
+  {
+    // This property is packaged into an object for the server property in config.json
+    name: 'server-info-logo', // All properties with prefix server-info- will be removed from the config
+    help: 'A logo that represents you, your brand, or your server (not required)',
+    prompt: true
+  },
+  {
+    name: 'enforce-toc',
+    help: 'Do you want to enforce Terms & Conditions for your service?',
+    flag: true,
+    prompt: true,
+    default: false,
+    when: answers => answers.multiuser
+  },
+  {
+    name: 'toc-uri',
+    help: 'URI to your Terms & Conditions',
+    prompt: true,
+    validate: validUri,
+    when: answers => answers['enforce-toc']
+  },
+  {
+    name: 'disable-password-checks',
+    help: 'Do you want to disable password strength checking?',
+    flag: true,
+    prompt: true,
+    default: false,
+    when: answers => answers.multiuser
+  },
+  {
+    name: 'support-email',
+    help: 'The support email you provide for your users (not required)',
+    prompt: true,
+    validate: (value) => {
+      if (value && !isEmail(value)) {
+        return 'Must be a valid email'
+      }
+      return true
+    },
+    when: answers => answers.multiuser
+  }
+]
+
+function validPath (value) {
+  if (value === 'default') {
+    return Promise.resolve(true)
+  }
+  if (!value) {
+    return Promise.resolve('You must enter a valid path')
+  }
+  return new Promise((resolve) => {
+    fs.stat(value, function (err) {
+      if (err) return resolve('Nothing found at this path')
+      return resolve(true)
+    })
+  })
+}
+
+function validUri (value) {
+  if (!validUrl.isUri(value)) {
+    return 'Enter a valid uri (with protocol)'
+  }
+  return true
+}