npm - solid-server - Versions diffs - 5.8.6 → 5.8.8-22f4cfec - Mend

solid-server 5.8.6 → 5.8.8-22f4cfec

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (686) hide show

package/lib/models/account-template.js DELETED Viewed

@@ -1,156 +0,0 @@
-'use strict'
-const path = require('path')
-const mime = require('mime-types')
-const recursiveRead = require('recursive-readdir')
-const fsUtils = require('../common/fs-utils')
-const templateUtils = require('../common/template-utils')
-const LDP = require('../ldp')
-const { URL } = require('url')
-const TEMPLATE_EXTENSIONS = ['.acl', '.meta', '.json', '.hbs', '.handlebars']
-const TEMPLATE_FILES = ['card']
-/**
- * Performs account folder initialization from an account template
- * (see `./default-templates/new-account/`, for example).
- *
- * @class AccountTemplate
- */
-class AccountTemplate {
-  /**
-   * @constructor
-   * @param [options={}] {Object}
-   * @param [options.substitutions={}] {Object} Hashmap of key/value Handlebars
-   *   template substitutions.
-   * @param [options.rdfMimeTypes] {Array<string>} List of MIME types that are
-   *   likely to contain RDF templates.
-   * @param [options.templateExtensions] {Array<string>} List of extensions likely
-   *   to contain templates.
-   * @param [options.templateFiles] {Array<string>} List of reserved file names
-   *   (such as the profile `card`) likely to contain templates.
-   */
-  constructor (options = {}) {
-    this.substitutions = options.substitutions || {}
-    this.templateExtensions = options.templateExtensions || TEMPLATE_EXTENSIONS
-    this.templateFiles = options.templateFiles || TEMPLATE_FILES
-  }
-  /**
-   * Factory method, returns an AccountTemplate for a given user account.
-   *
-   * @param userAccount {UserAccount}
-   * @param [options={}] {Object}
-   *
-   * @return {AccountTemplate}
-   */
-  static for (userAccount, options = {}) {
-    const substitutions = AccountTemplate.templateSubstitutionsFor(userAccount)
-    options = Object.assign({ substitutions }, options)
-    return new AccountTemplate(options)
-  }
-  /**
-   * Creates a new account directory by copying the account template to a new
-   * destination (the account dir path).
-   *
-   * @param templatePath {string}
-   * @param accountPath {string}
-   *
-   * @return {Promise}
-   */
-  static copyTemplateDir (templatePath, accountPath) {
-    return fsUtils.copyTemplateDir(templatePath, accountPath)
-  }
-  /**
-   * Returns a template substitutions key/value object for a given user account.
-   *
-   * @param userAccount {UserAccount}
-   *
-   * @return {Object}
-   */
-  static templateSubstitutionsFor (userAccount) {
-    const webUri = new URL(userAccount.webId)
-    const podRelWebId = userAccount.webId.replace(webUri.origin, '')
-    const substitutions = {
-      name: userAccount.displayName,
-      webId: userAccount.externalWebId ? userAccount.webId : podRelWebId,
-      email: userAccount.email,
-      idp: userAccount.idp
-    }
-    return substitutions
-  }
-  /**
-   * Returns a flat list of all the files in an account dir (and all its subdirs).
-   *
-   * @param accountPath {string}
-   *
-   * @return {Promise<Array<string>>}
-   */
-  readAccountFiles (accountPath) {
-    return new Promise((resolve, reject) => {
-      recursiveRead(accountPath, (error, files) => {
-        if (error) { return reject(error) }
-        resolve(files)
-      })
-    })
-  }
-  /**
-   * Returns a list of all of the files in an account dir that are likely to
-   * contain Handlebars templates (and which need to be processed).
-   *
-   * @param accountPath {string}
-   *
-   * @return {Promise<Array<string>>}
-   */
-  readTemplateFiles (accountPath) {
-    return this.readAccountFiles(accountPath)
-      .then(files => {
-        return files.filter((file) => { return this.isTemplate(file) })
-      })
-  }
-  /**
-   * Reads and processes each file in a user account that is likely to contain
-   * Handlebars templates. Performs template substitutions on each one.
-   *
-   * @param accountPath {string}
-   *
-   * @return {Promise}
-   */
-  processAccount (accountPath) {
-    return this.readTemplateFiles(accountPath)
-      .then(files => Promise.all(files.map(path => templateUtils.processHandlebarFile(path, this.substitutions))))
-  }
-  /**
-   * Tests whether a given file path is a template file (and so should be
-   * processed by Handlebars).
-   *
-   * @param filePath {string}
-   *
-   * @return {boolean}
-   */
-  isTemplate (filePath) {
-    const parsed = path.parse(filePath)
-    const mimeType = mime.lookup(filePath)
-    const isRdf = LDP.mimeTypeIsRdf(mimeType)
-    const isTemplateExtension = this.templateExtensions.includes(parsed.ext)
-    const isTemplateFile = this.templateFiles.includes(parsed.base) ||
-        this.templateExtensions.includes(parsed.base) // the '/.acl' case
-    return isRdf || isTemplateExtension || isTemplateFile
-  }
-}
-module.exports = AccountTemplate
-module.exports.TEMPLATE_EXTENSIONS = TEMPLATE_EXTENSIONS
-module.exports.TEMPLATE_FILES = TEMPLATE_FILES

package/lib/models/authenticator.js DELETED Viewed

@@ -1,337 +0,0 @@
-'use strict'
-const debug = require('./../debug').authentication
-const validUrl = require('valid-url')
-const webid = require('../webid/tls')
-const provider = require('@solid/oidc-auth-manager/src/preferred-provider')
-const { domainMatches } = require('@solid/oidc-auth-manager/src/oidc-manager')
-/**
- * Abstract Authenticator class, representing a local login strategy.
- * To subclass, implement `fromParams()` and `findValidUser()`.
- * Used by the `LoginRequest` handler class.
- *
- * @abstract
- * @class Authenticator
- */
-class Authenticator {
-  constructor (options) {
-    this.accountManager = options.accountManager
-  }
-  /**
-   * @param req {IncomingRequest}
-   * @param options {Object}
-   */
-  static fromParams (req, options) {
-    throw new Error('Must override method')
-  }
-  /**
-   * @returns {Promise<UserAccount>}
-   */
-  findValidUser () {
-    throw new Error('Must override method')
-  }
-}
-/**
- * Authenticates user via Username+Password.
- */
-class PasswordAuthenticator extends Authenticator {
-  /**
-   * @constructor
-   * @param options {Object}
-   *
-   * @param [options.username] {string} Unique identifier submitted by user
-   *   from the Login form. Can be one of:
-   *   - An account name (e.g. 'alice'), if server is in Multi-User mode
-   *   - A WebID URI (e.g. 'https://alice.example.com/#me')
-   *
-   * @param [options.password] {string} Plaintext password as submitted by user
-   *
-   * @param [options.userStore] {UserStore}
-   *
-   * @param [options.accountManager] {AccountManager}
-   */
-  constructor (options) {
-    super(options)
-    this.userStore = options.userStore
-    this.username = options.username
-    this.password = options.password
-  }
-  /**
-   * Factory method, returns an initialized instance of PasswordAuthenticator
-   * from an incoming http request.
-   *
-   * @param req {IncomingRequest}
-   * @param [req.body={}] {Object}
-   * @param [req.body.username] {string}
-   * @param [req.body.password] {string}
-   *
-   * @param options {Object}
-   *
-   * @param [options.accountManager] {AccountManager}
-   * @param [options.userStore] {UserStore}
-   *
-   * @return {PasswordAuthenticator}
-   */
-  static fromParams (req, options) {
-    const body = req.body || {}
-    options.username = body.username
-    options.password = body.password
-    return new PasswordAuthenticator(options)
-  }
-  /**
-   * Ensures required parameters are present,
-   * and throws an error if not.
-   *
-   * @throws {Error} If missing required params
-   */
-  validate () {
-    let error
-    if (!this.username) {
-      error = new Error('Username required')
-      error.statusCode = 400
-      throw error
-    }
-    if (!this.password) {
-      error = new Error('Password required')
-      error.statusCode = 400
-      throw error
-    }
-  }
-  /**
-   * Loads a user from the user store, and if one is found and the
-   * password matches, returns a `UserAccount` instance for that user.
-   *
-   * @throws {Error} If failures to load user are encountered
-   *
-   * @return {Promise<UserAccount>}
-   */
-  findValidUser () {
-    let error
-    let userOptions
-    return Promise.resolve()
-      .then(() => this.validate())
-      .then(() => {
-        if (validUrl.isUri(this.username)) {
-          // A WebID URI was entered into the username field
-          userOptions = { webId: this.username }
-        } else {
-          // A regular username
-          userOptions = { username: this.username }
-        }
-        const user = this.accountManager.userAccountFrom(userOptions)
-        debug(`Attempting to login user: ${user.id}`)
-        return this.userStore.findUser(user.id)
-      })
-      .then(foundUser => {
-        if (!foundUser) {
-          // CWE - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor (4.13)
-          // https://cwe.mitre.org/data/definitions/200.html
-          error = new Error('Invalid username/password combination.') // no detail for security 'No user found for that username')
-          error.statusCode = 400
-          throw error
-        }
-        if (foundUser.link) {
-          throw new Error('Linked users not currently supported, sorry (external WebID without TLS?)')
-        }
-        return this.userStore.matchPassword(foundUser, this.password)
-      })
-      .then(validUser => {
-        if (!validUser) {
-          // CWE - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor (4.13)
-          // https://cwe.mitre.org/data/definitions/200.html
-          error = new Error('Invalid username/password combination.') // no detail for security 'User found but no password match')
-          error.statusCode = 400
-          throw error
-        }
-        debug('User found, password matches')
-        return this.accountManager.userAccountFrom(validUser)
-      })
-  }
-}
-/**
- * Authenticates a user via a WebID-TLS client side certificate.
- */
-class TlsAuthenticator extends Authenticator {
-  /**
-   * @constructor
-   * @param options {Object}
-   *
-   * @param [options.accountManager] {AccountManager}
-   *
-   * @param [options.connection] {Socket} req.connection
-   */
-  constructor (options) {
-    super(options)
-    this.connection = options.connection
-  }
-  /**
-   * Factory method, returns an initialized instance of TlsAuthenticator
-   * from an incoming http request.
-   *
-   * @param req {IncomingRequest}
-   * @param req.connection {Socket}
-   *
-   * @param options {Object}
-   * @param [options.accountManager] {AccountManager}
-   *
-   * @return {TlsAuthenticator}
-   */
-  static fromParams (req, options) {
-    options.connection = req.connection
-    return new TlsAuthenticator(options)
-  }
-  /**
-   * Requests a client certificate from the current TLS connection via
-   * renegotiation, extracts and verifies the user's WebID URI,
-   * and makes sure that WebID is hosted on this server.
-   *
-   * @throws {Error} If error is encountered extracting the WebID URI from
-   *   certificate, or if the user's account is hosted by a remote system.
-   *
-   * @return {Promise<UserAccount>}
-   */
-  findValidUser () {
-    return this.renegotiateTls()
-      .then(() => this.getCertificate())
-      .then(cert => this.extractWebId(cert))
-      .then(webId => this.loadUser(webId))
-  }
-  /**
-   * Renegotiates the current TLS connection to ask for a client certificate.
-   *
-   * @throws {Error}
-   *
-   * @returns {Promise}
-   */
-  renegotiateTls () {
-    const connection = this.connection
-    return new Promise((resolve, reject) => {
-      // Typically, certificates for WebID-TLS are not signed or self-signed,
-      // and would hence be rejected by Node.js for security reasons.
-      // However, since WebID-TLS instead dereferences the profile URL to validate ownership,
-      // we can safely skip the security check.
-      connection.renegotiate({ requestCert: true, rejectUnauthorized: false }, (error) => {
-        if (error) {
-          debug('Error renegotiating TLS:', error)
-          return reject(error)
-        }
-        resolve()
-      })
-    })
-  }
-  /**
-   * Requests and returns a client TLS certificate from the current connection.
-   *
-   * @throws {Error} If no certificate is presented, or if it is empty.
-   *
-   * @return {Promise<X509Certificate|null>}
-   */
-  getCertificate () {
-    const certificate = this.connection.getPeerCertificate()
-    if (!certificate || !Object.keys(certificate).length) {
-      debug('No client certificate detected')
-      throw new Error('No client certificate detected. ' +
-        '(You may need to restart your browser to retry.)')
-    }
-    return certificate
-  }
-  /**
-   * Extracts (and verifies) the WebID URI from a client certificate.
-   *
-   * @param certificate {X509Certificate}
-   *
-   * @return {Promise<string>} WebID URI
-   */
-  extractWebId (certificate) {
-    return new Promise((resolve, reject) => {
-      this.verifyWebId(certificate, (error, webId) => {
-        if (error) {
-          debug('Error processing certificate:', error)
-          return reject(error)
-        }
-        resolve(webId)
-      })
-    })
-  }
-  /**
-   * Performs WebID-TLS verification (requests the WebID Profile from the
-   * WebID URI extracted from certificate, and makes sure the public key
-   * from the profile matches the key from certificate).
-   *
-   * @param certificate {X509Certificate}
-   * @param callback {Function} Gets invoked with signature `callback(error, webId)`
-   */
-  verifyWebId (certificate, callback) {
-    debug('Verifying WebID URI')
-    webid.verify(certificate, callback)
-  }
-  discoverProviderFor (webId) {
-    return provider.discoverProviderFor(webId)
-  }
-  /**
-   * Returns a user account instance for a given Web ID.
-   *
-   * @param webId {string}
-   *
-   * @return {UserAccount}
-   */
-  loadUser (webId) {
-    const serverUri = this.accountManager.host.serverUri
-    if (domainMatches(serverUri, webId)) {
-      // This is a locally hosted Web ID
-      return this.accountManager.userAccountFrom({ webId })
-    } else {
-      debug(`WebID URI ${JSON.stringify(webId)} is not a local account, using it as an external WebID`)
-      return this.accountManager.userAccountFrom({ webId, username: webId, externalWebId: true })
-    }
-  }
-}
-module.exports = {
-  Authenticator,
-  PasswordAuthenticator,
-  TlsAuthenticator
-}

package/lib/models/oidc-manager.js DELETED Viewed

@@ -1,53 +0,0 @@
-'use strict'
-/* eslint-disable node/no-deprecated-api */
-const url = require('url')
-const path = require('path')
-const debug = require('../debug').authentication
-const OidcManager = require('@solid/oidc-auth-manager')
-/**
- * Returns an instance of the OIDC Authentication Manager, initialized from
- * argv / config.json server parameters.
- *
- * @param argv {Object} Config hashmap
- *
- * @param argv.host {SolidHost} Initialized SolidHost instance, including
- *   `serverUri`.
- *
- * @param [argv.dbPath='./db/oidc'] {string} Path to the auth-related storage
- *   directory (users, tokens, client registrations, etc, will be stored there).
- *
- * @param argv.saltRounds {number} Number of bcrypt password salt rounds
- *
- * @param [argv.delayBeforeRegisteringInitialClient] {number} Number of
- *   milliseconds to delay before initializing a local RP client.
- *
- * @return {OidcManager} Initialized instance, includes a UserStore,
- *   OIDC Clients store, a Resource Authenticator, and an OIDC Provider.
- */
-function fromServerConfig (argv) {
-  const providerUri = argv.host.serverUri
-  const authCallbackUri = url.resolve(providerUri, '/api/oidc/rp')
-  const postLogoutUri = url.resolve(providerUri, '/goodbye')
-  const dbPath = path.join(argv.dbPath, 'oidc')
-  const options = {
-    debug,
-    providerUri,
-    dbPath,
-    authCallbackUri,
-    postLogoutUri,
-    saltRounds: argv.saltRounds,
-    delayBeforeRegisteringInitialClient: argv.delayBeforeRegisteringInitialClient,
-    host: { debug }
-  }
-  return OidcManager.from(options)
-}
-module.exports = {
-  fromServerConfig
-}

package/lib/models/solid-host.js DELETED Viewed

@@ -1,131 +0,0 @@
-'use strict'
-/* eslint-disable node/no-deprecated-api */
-const url = require('url')
-const defaults = require('../../config/defaults')
-/**
- * Represents the URI that a Solid server is installed on, and manages user
- * account URI creation.
- *
- * @class SolidHost
- */
-class SolidHost {
-  /**
-   * @constructor
-   * @param [options={}]
-   * @param [options.port] {number}
-   * @param [options.serverUri] {string} Fully qualified URI that this Solid
-   *   server is listening on, e.g. `https://solid.community`
-   * @param [options.live] {boolean} Whether to turn on WebSockets / LDP live
-   * @param [options.root] {string} Path to root data directory
-   * @param [options.multiuser] {boolean} Multiuser mode
-   * @param [options.webid] {boolean} Enable WebID-related functionality
-   *  (account creation and authentication)
-   */
-  constructor (options = {}) {
-    this.port = options.port || defaults.port
-    this.serverUri = options.serverUri || defaults.serverUri
-    this.parsedUri = url.parse(this.serverUri)
-    this.host = this.parsedUri.host
-    this.hostname = this.parsedUri.hostname
-    this.live = options.live
-    this.root = options.root
-    this.multiuser = options.multiuser
-    this.webid = options.webid
-  }
-  /**
-   * Factory method, returns an instance of `SolidHost`.
-   *
-   * @param [options={}] {Object} See `constructor()` docstring.
-   *
-   * @return {SolidHost}
-   */
-  static from (options = {}) {
-    return new SolidHost(options)
-  }
-  /**
-   * Composes and returns an account URI for a given username, in multi-user mode.
-   * Usage:
-   *
-   *   ```
-   *   // host.serverUri === 'https://example.com'
-   *
-   *   host.accountUriFor('alice')  // -> 'https://alice.example.com'
-   *   ```
-   *
-   * @param accountName {string}
-   *
-   * @throws {TypeError} If no accountName given, or if serverUri not initialized
-   * @return {string}
-   */
-  accountUriFor (accountName) {
-    if (!accountName) {
-      throw TypeError('Cannot construct uri for blank account name')
-    }
-    if (!this.parsedUri) {
-      throw TypeError('Cannot construct account, host not initialized with serverUri')
-    }
-    return this.parsedUri.protocol + '//' + accountName + '.' + this.host
-  }
-  /**
-   * Determines whether the given user is allowed to restore a session
-   * from the given origin.
-   *
-   * @param userId {?string}
-   * @param origin {?string}
-   * @return {boolean}
-   */
-  allowsSessionFor (userId, origin, trustedOrigins) {
-    // Allow no user or an empty origin
-    if (!userId || !origin) return true
-    // Allow the server and subdomains
-    const originHost = getHostName(origin)
-    const serverHost = getHostName(this.serverUri)
-    if (originHost === serverHost) return true
-    if (originHost.endsWith('.' + serverHost)) return true
-    // Allow the user's own domain
-    const userHost = getHostName(userId)
-    if (originHost === userHost) return true
-    if (trustedOrigins.includes(origin)) return true
-    return false
-  }
-  /**
-   * Returns the /authorize endpoint URL object (used in login requests, etc).
-   *
-   * @return {URL}
-   */
-  get authEndpoint () {
-    const authUrl = url.resolve(this.serverUri, '/authorize')
-    return url.parse(authUrl)
-  }
-  /**
-   * Returns a cookie domain, based on the current host's serverUri.
-   *
-   * @return {string|null}
-   */
-  get cookieDomain () {
-    let cookieDomain = null
-    if (this.hostname.split('.').length > 1) {
-      // For single-level domains like 'localhost', do not set the cookie domain
-      // See section on 'domain' attribute at https://curl.haxx.se/rfc/cookie_spec.html
-      cookieDomain = '.' + this.hostname
-    }
-    return cookieDomain
-  }
-}
-function getHostName (url) {
-  const match = url.match(/^\w+:\/*([^/]+)/)
-  return match ? match[1] : ''
-}
-module.exports = SolidHost