solid-server 5.7.0 → 5.7.3

package/.github/workflows/ci.yml

@@ -17,7 +17,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.x, 14.x]
+        node-version: [12.x, 14.x, 16.x]
         os: [ubuntu-latest]
 
     steps:

package/.nvmrc

@@ -1 +1 @@
-13.14.0
+16.14.0

package/README.md

@@ -371,7 +371,8 @@ In order to really get a feel for the Solid platform, and to test out `solid`,
 you will need the following:
 
 1. A WebID profile and browser certificate from one of the Solid-compliant
-    identity providers, such as [solidcommunity.net](https://solidcommunity.net).
+    identity providers, such as [solidcommunity.net](bourgeoa
+    community.net).
 
 2. A server-side SSL certificate for `solid` to use (see the section below
     on creating a self-signed certificate for testing).
@@ -453,7 +454,7 @@ You can receive or provide help too:
 - [NSS Gitter channel](https://gitter.im/solid/node-solid-server) for specific (installation) advice about this code base
 - [Create a new issue](https://github.com/solid/node-solid-server/issues/new) to report bugs
 - [Fix an issue](https://github.com/solid/node-solid-server/issues)
-- Reach out to Jackson at jacksonm@inrupt.com to become more involved in maintaining Node Solid Server
+- Reach out to @bourgeoa at alain.bourgeois10@gmail.com to become more involved in maintaining Node Solid Server
 
 Have a look at [CONTRIBUTING.md](https://github.com/solid/node-solid-server/blob/master/CONTRIBUTING.md).
 

package/index.html

@@ -38,7 +38,7 @@
       <dt>Name</dt>
       <dd>localhost</dd>
       <dt>Details</dt>
-      <dd>Running on <a href="https://github.com/solid/node-solid-server/releases/tag/v5.6.6">Solid 5.6.6</a></dd>
+      <dd>Running on <a href="https://github.com/solid/node-solid-server/releases/tag/v5.7.3">Solid 5.7.3</a></dd>
     </dl>
   </section>
 </div>

package/lib/create-app.js

@@ -32,7 +32,7 @@ const corsSettings = cors({
   methods: [
     'OPTIONS', 'HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE'
   ],
-  exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, X-Powered-By',
+  exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via, X-Powered-By',
   credentials: true,
   maxAge: 1728000,
   origin: true,

package/lib/handlers/cors-proxy.js

@@ -13,7 +13,7 @@ const validUrl = require('valid-url')
 
 const CORS_SETTINGS = {
   methods: 'GET',
-  exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, Content-Length, Content-Location, X-Powered-By',
+  exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, Content-Length, Content-Location, MS-Author-Via, X-Powered-By',
   maxAge: 1728000,
   origin: true
 }

package/lib/handlers/get.js

@@ -27,6 +27,8 @@ async function handler (req, res, next) {
   const requestedType = negotiator.mediaType()
   const possibleRDFType = negotiator.mediaType(RDFs)
 
+  res.header('MS-Author-Via', 'SPARQL')
+
   // Set live updates
   if (ldp.live) {
     res.header('Updates-Via', ldp.resourceMapper.resolveUrl(req.hostname).replace(/^http/, 'ws'))

package/lib/handlers/patch.js

@@ -18,11 +18,28 @@ const PATCH_PARSERS = {
   'text/n3': require('./patch/n3-patch-parser.js')
 }
 
+// use media-type as contentType for new RDF resource
 const DEFAULT_FOR_NEW_CONTENT_TYPE = 'text/turtle'
 
+function contentTypeForNew (req) {
+  let contentTypeForNew = DEFAULT_FOR_NEW_CONTENT_TYPE
+  if (req.path.endsWith('.jsonld')) contentTypeForNew = 'application/ld+json'
+  else if (req.path.endsWith('.n3')) contentTypeForNew = 'text/n3'
+  else if (req.path.endsWith('.rdf')) contentTypeForNew = 'application/rdf+xml'
+  return contentTypeForNew
+}
+
+function contentForNew (contentType) {
+  let contentForNew = ''
+  if (contentType.includes('ld+json')) contentForNew = JSON.stringify('{}')
+  else if (contentType.includes('rdf+xml')) contentForNew = '<rdf:RDF\n xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">\n\n</rdf:RDF>'
+  return contentForNew
+}
+
 // Handles a PATCH request
 async function patchHandler (req, res, next) {
   debug(`PATCH -- ${req.originalUrl}`)
+  res.header('MS-Author-Via', 'SPARQL')
   try {
     // Obtain details of the target resource
     const ldp = req.app.locals.ldp
@@ -32,9 +49,9 @@ async function patchHandler (req, res, next) {
       // First check if the file already exists
       ({ path, contentType } = await ldp.resourceMapper.mapUrlToFile({ url: req }))
     } catch (err) {
-      // If the file doesn't exist, request one to be created with the default content type
+      // If the file doesn't exist, request to create one with the file media type as contentType
       ({ path, contentType } = await ldp.resourceMapper.mapUrlToFile(
-        { url: req, createIfNotExists: true, contentType: DEFAULT_FOR_NEW_CONTENT_TYPE }))
+        { url: req, createIfNotExists: true, contentType: contentTypeForNew(req) }))
       // check if a folder with same name exists
       await ldp.checkItemName(req)
       resourceExists = false
@@ -92,13 +109,14 @@ function readGraph (resource) {
         // If the file does not exist, assume empty contents
         // (it will be created after a successful patch)
         if (err.code === 'ENOENT') {
-          fileContents = ''
+          fileContents = contentForNew(resource.contentType)
           // Fail on all other errors
         } else {
           return reject(error(500, `Original file read error: ${err}`))
         }
       }
       debug('PATCH -- Read target file (%d bytes)', fileContents.length)
+      fileContents = resource.contentType.includes('json') ? JSON.parse(fileContents) : fileContents
       resolve(fileContents)
     })
   )
@@ -176,23 +194,34 @@ function writeGraph (graph, resource, root, serverUri) {
   debug('PATCH -- Writing patched file')
   return new Promise((resolve, reject) => {
     const resourceSym = graph.sym(resource.url)
-    const serialized = $rdf.serialize(resourceSym, graph, resource.url, resource.contentType)
-
-    // First check if we are above quota
-    overQuota(root, serverUri).then((isOverQuota) => {
-      if (isOverQuota) {
-        return reject(error(413,
-          'User has exceeded their storage quota'))
-      }
 
-      fs.writeFile(resource.path, serialized, { encoding: 'utf8' }, function (err) {
-        if (err) {
-          return reject(error(500, `Failed to write file after patch: ${err}`))
+    function doWrite (serialized) {
+      // First check if we are above quota
+      overQuota(root, serverUri).then((isOverQuota) => {
+        if (isOverQuota) {
+          return reject(error(413,
+            'User has exceeded their storage quota'))
         }
-        debug('PATCH -- applied successfully')
-        resolve('Patch applied successfully.\n')
+
+        fs.writeFile(resource.path, serialized, { encoding: 'utf8' }, function (err) {
+          if (err) {
+            return reject(error(500, `Failed to write file after patch: ${err}`))
+          }
+          debug('PATCH -- applied successfully')
+          resolve('Patch applied successfully.\n')
+        })
+      }).catch(() => reject(error(500, 'Error finding user quota')))
+    }
+
+    if (resource.contentType === 'application/ld+json') {
+      $rdf.serialize(resourceSym, graph, resource.url, resource.contentType, function (err, result) {
+        if (err) return reject(error(500, `Failed to serialize after patch: ${err}`))
+        doWrite(result)
       })
-    }).catch(() => reject(error(500, 'Error finding user quota')))
+    } else {
+      const serialized = $rdf.serialize(resourceSym, graph, resource.url, resource.contentType)
+      doWrite(serialized)
+    }
   })
 }
 

package/lib/handlers/put.js

@@ -8,6 +8,7 @@ const { stringToStream } = require('../utils')
 
 async function handler (req, res, next) {
   debug(req.originalUrl)
+  res.header('MS-Author-Via', 'SPARQL')
 
   const contentType = req.get('content-type')
   if (isAuxiliary(req)) {

package/lib/resource-mapper.js

@@ -82,9 +82,7 @@ class ResourceMapper {
 
     // Determine the URL by chopping off everything after the dollar sign
     const pathname = this._removeDollarExtension(path)
-    const url = `${this.resolveUrl(hostname)}${
-      pathname.split('/').map((component) => encodeURIComponent(component)).join('/')
-    }`
+    const url = `${this.resolveUrl(hostname)}${this._encodePath(pathname)}`
     return { url, contentType: this._getContentTypeFromExtension(path) }
   }
 
@@ -95,7 +93,7 @@ class ResourceMapper {
     contentType = contentType ? contentType.replace(/\s*;.*/, '') : ''
     // Parse the URL and find the base file path
     const { pathname, hostname } = this._parseUrl(url)
-    const filePath = this.resolveFilePath(hostname, decodeURIComponent(pathname))
+    const filePath = this.resolveFilePath(hostname, this._decodePath(pathname))
     if (filePath.indexOf('/..') >= 0) {
       throw new Error('Disallowed /.. segment in URL')
     }
@@ -149,6 +147,31 @@ class ResourceMapper {
     return { path, contentType: contentType || this._defaultContentType }
   }
 
+  // encode/decode path except slash (/), %encodedSlash (%2F|%2f), or ntimes%encodedSlash (%2525...2F|%2525...2f)
+  // see https://github.com/solid/node-solid-server/issues/1666
+  _exceptSlash () { return /(\/|%(?:25)*(?:2f))/gi }
+
+  _encodePath (pathname) {
+    return pathname.split(this._exceptSlash())
+      .map((el, i) => i % 2 === 0 ? encodeURIComponent(el) : el)
+      .join('')
+    /* pathArray.forEach((el, i) => {
+      if (i % 2 === 0) pathArray[i] = encodeURIComponent(el)
+    }) */
+    // return pathArray.join('')
+  }
+
+  _decodePath (pathname) {
+    return pathname.split(this._exceptSlash())
+      .map((el, i) => i % 2 === 0 ? decodeURIComponent(el) : el)
+      .join('')
+    /* const pathArray = pathname.split(this._exceptSlash())
+    pathArray.forEach((el, i) => {
+      if (i % 2 === 0) pathArray[i] = decodeURIComponent(el)
+    })
+    return pathArray.join('') */
+  }
+
   // Parses a URL into hostname and pathname
   _parseUrl (url) {
     // URL specified as string

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "solid-server",
   "description": "Solid server on top of the file-system",
-  "version": "5.7.0",
+  "version": "5.7.3",
   "author": {
     "name": "Tim Berners-Lee",
     "email": "timbl@w3.org"
@@ -59,46 +59,46 @@
   "homepage": "https://github.com/solid/node-solid-server",
   "bugs": "https://github.com/solid/node-solid-server/issues",
   "dependencies": {
-    "@fastify/busboy": "^1.0.0",
+    "@fastify/busboy": "^1.1.0",
     "@solid/acl-check": "^0.4.5",
-    "@solid/oidc-auth-manager": "^0.24.2",
+    "@solid/oidc-auth-manager": "^0.24.3",
     "@solid/oidc-op": "^0.11.6",
-    "async-lock": "^1.3.0",
-    "body-parser": "^1.19.1",
+    "async-lock": "^1.3.2",
+    "body-parser": "^1.20.0",
     "bootstrap": "^3.4.1",
-    "cached-path-relative": "^1.0.2",
+    "cached-path-relative": "^1.1.0",
     "camelize": "^1.0.0",
-    "cheerio": "^1.0.0-rc.10",
-    "colorette": "^2.0.16",
+    "cheerio": "^1.0.0-rc.12",
+    "colorette": "^2.0.19",
     "commander": "^8.3.0",
     "cors": "^2.8.5",
-    "debug": "^4.3.3",
-    "express": "^4.17.2",
-    "express-handlebars": "^5.3.4",
-    "express-session": "^1.17.2",
+    "debug": "^4.3.4",
+    "express": "^4.18.1",
+    "express-handlebars": "^5.3.5",
+    "express-session": "^1.17.3",
     "extend": "^3.0.2",
     "from2": "^2.3.0",
-    "fs-extra": "^10.0.0",
+    "fs-extra": "^10.1.0",
     "get-folder-size": "^2.0.1",
-    "glob": "^7.2.0",
+    "glob": "^7.2.3",
     "global-tunnel-ng": "^2.7.1",
     "handlebars": "^4.7.7",
-    "http-proxy-middleware": "^2.0.1",
-    "inquirer": "^8.2.0",
+    "http-proxy-middleware": "^2.0.6",
+    "inquirer": "^8.2.4",
     "into-stream": "^6.0.0",
     "ip-range-check": "0.2.0",
     "is-ip": "^3.1.0",
     "li": "^1.3.0",
-    "mashlib": "^1.8.0",
-    "mime-types": "^2.1.34",
-    "negotiator": "^0.6.2",
+    "mashlib": "^1.8.4",
+    "mime-types": "^2.1.35",
+    "negotiator": "^0.6.3",
     "node-fetch": "^2.6.7",
-    "node-forge": "^1.2.1",
+    "node-forge": "^1.3.1",
     "node-mailer": "^0.1.1",
-    "nodemailer": "^6.7.2",
+    "nodemailer": "^6.7.8",
     "oidc-op-express": "^0.0.3",
     "owasp-password-strength-test": "^1.3.0",
-    "rdflib": "^2.2.17",
+    "rdflib": "^2.2.20",
     "recursive-readdir": "^2.2.2",
     "request": "^2.88.2",
     "rimraf": "^3.0.2",
@@ -108,7 +108,7 @@
     "text-encoder-lite": "^2.0.0",
     "the-big-username-blacklist": "^1.5.2",
     "ulid": "^2.3.0",
-    "urijs": "^1.19.10",
+    "urijs": "^1.19.11",
     "uuid": "^8.3.2",
     "valid-url": "^1.0.9",
     "validator": "^13.7.0",
@@ -116,23 +116,23 @@
   },
   "devDependencies": {
     "@solid/solid-auth-oidc": "^0.3.0",
-    "chai": "4.3.4",
+    "chai": "^4.3.6",
     "chai-as-promised": "7.1.1",
     "cross-env": "7.0.3",
     "dirty-chai": "2.0.1",
     "eslint": "^7.32.0",
     "localstorage-memory": "1.0.3",
-    "mocha": "9.1.3",
-    "nock": "^13.2.1",
+    "mocha": "^9.2.2",
+    "nock": "^13.2.9",
     "node-mocks-http": "1.11.0",
     "nyc": "15.1.0",
     "pre-commit": "1.2.2",
     "randombytes": "2.1.0",
     "sinon": "12.0.1",
     "sinon-chai": "3.7.0",
-    "snyk": "^1.809.0",
+    "snyk": "^1.997.0",
     "standard": "16.0.4",
-    "supertest": "6.1.6",
+    "supertest": "^6.2.4",
     "turtle-validator": "1.1.1",
     "whatwg-url": "11.0.0"
   },