solid-server 5.8.7 → 5.8.8-5fdbfa12

package/eslint.config.mjs

@@ -0,0 +1,102 @@
+import js from '@eslint/js'
+import globals from 'globals'
+
+export default [
+  js.configs.recommended,
+  {
+    languageOptions: {
+      ecmaVersion: 2022,
+      sourceType: 'module',
+      globals: {
+        ...globals.node,
+        ...globals.mocha,
+        fetch: 'readonly',
+        AbortController: 'readonly',
+        Headers: 'readonly',
+        Request: 'readonly',
+        Response: 'readonly',
+        URL: 'readonly',
+        URLSearchParams: 'readonly'
+      }
+    },
+    rules: {
+      // StandardJS-like rules
+      'no-unused-vars': ['error', {
+        args: 'none',
+        caughtErrors: 'none',
+        ignoreRestSiblings: true,
+        vars: 'all'
+      }],
+      'no-empty': ['error', { allowEmptyCatch: true }],
+      'no-var': 'error',
+      'prefer-const': ['error', { destructuring: 'all' }],
+      'quote-props': ['error', 'as-needed'],
+      semi: ['error', 'never'],
+      quotes: ['error', 'single', { avoidEscape: true, allowTemplateLiterals: true }],
+      'comma-dangle': ['error', 'never'],
+      'space-before-function-paren': ['error', 'always'],
+      indent: ['error', 2, {
+        SwitchCase: 1,
+        VariableDeclarator: 1,
+        outerIIFEBody: 1,
+        MemberExpression: 1,
+        FunctionDeclaration: { parameters: 1, body: 1 },
+        FunctionExpression: { parameters: 1, body: 1 },
+        CallExpression: { arguments: 1 },
+        ArrayExpression: 1,
+        ObjectExpression: 1,
+        ImportDeclaration: 1,
+        flatTernaryExpressions: false,
+        ignoreComments: false,
+        ignoredNodes: ['TemplateLiteral *', 'JSXElement', 'JSXElement > *', 'JSXAttribute', 'JSXIdentifier', 'JSXNamespacedName', 'JSXMemberExpression', 'JSXSpreadAttribute', 'JSXExpressionContainer', 'JSXOpeningElement', 'JSXClosingElement', 'JSXFragment', 'JSXOpeningFragment', 'JSXClosingFragment', 'JSXText', 'JSXEmptyExpression', 'JSXSpreadChild'],
+        offsetTernaryExpressions: true
+      }],
+      'key-spacing': ['error', { beforeColon: false, afterColon: true }],
+      'keyword-spacing': ['error', { before: true, after: true }],
+      'object-curly-spacing': ['error', 'always'],
+      'array-bracket-spacing': ['error', 'never'],
+      'space-in-parens': ['error', 'never'],
+      'space-before-blocks': ['error', 'always'],
+      'space-infix-ops': 'error',
+      'eol-last': 'error',
+      'no-multiple-empty-lines': ['error', { max: 1, maxBOF: 0, maxEOF: 0 }],
+      'no-trailing-spaces': 'error',
+      'comma-spacing': ['error', { before: false, after: true }],
+      'no-multi-spaces': 'error',
+      'no-mixed-operators': ['error', {
+        groups: [
+          ['==', '!=', '===', '!==', '>', '>=', '<', '<='],
+          ['&&', '||'],
+          ['in', 'instanceof']
+        ],
+        allowSamePrecedence: true
+      }],
+      'operator-linebreak': ['error', 'after', { overrides: { '?': 'before', ':': 'before', '|>': 'before' } }],
+      'brace-style': ['error', '1tbs', { allowSingleLine: true }],
+      'arrow-spacing': ['error', { before: true, after: true }],
+      'padded-blocks': ['error', { blocks: 'never', switches: 'never', classes: 'never' }],
+      'no-use-before-define': ['error', { functions: false, classes: false, variables: false }]
+    }
+  },
+  {
+    // Browser files (client-side code)
+    files: ['common/**/*.mjs'],
+    languageOptions: {
+      globals: {
+        ...globals.browser,
+        solid: 'readonly',
+        UI: 'readonly',
+        owaspPasswordStrengthTest: 'readonly'
+      }
+    }
+  },
+  {
+    ignores: [
+      'node_modules/**',
+      'coverage/**',
+      '.db/**',
+      'data/**',
+      'resources/**'
+    ]
+  }
+]

package/examples/custom-error-handling.mjs

@@ -0,0 +1,29 @@
+import solid from '../index.mjs'
+import path from 'path'
+
+solid
+  .createServer({
+    webid: true,
+    sslCert: path.resolve('../test/keys/cert.pem'),
+    sslKey: path.resolve('../test/keys/key.pem'),
+    errorHandler: function (err, req, res, next) {
+      if (err.status !== 200) {
+        console.log('Oh no! There is an error:' + err.message)
+        res.status(err.status)
+        // Now you can send the error how you want
+        // Maybe you want to render an error page
+        // res.render('errorPage.ejs', {
+        //   title: err.status + ": This is an error!",
+        //   message: err.message
+        // })
+        // Or you want to respond in JSON?
+        res.json({
+          title: err.status + ': This is an error!',
+          message: err.message
+        })
+      }
+    }
+  })
+  .listen(3456, function () {
+    console.log('started ldp with webid on port ' + 3456)
+  })

package/examples/ldp-with-webid.mjs

@@ -0,0 +1,12 @@
+import solid from '../index.mjs'
+import path from 'path'
+
+solid
+  .createServer({
+    webid: true,
+    sslCert: path.resolve('../test/keys/cert.pem'),
+    sslKey: path.resolve('../test/keys/key.pem')
+  })
+  .listen(3456, function () {
+    console.log('started ldp with webid on port ' + 3456)
+  })

package/examples/simple-express-app.mjs

@@ -0,0 +1,20 @@
+import express from 'express'
+import solid from '../index.mjs'
+
+// Starting our express app
+const app = express()
+
+// My routes
+app.get('/', function (req, res) {
+  console.log(req)
+  res.send('Welcome to my server!')
+})
+
+// Mounting solid on /ldp
+const ldp = solid()
+app.use('/ldp', ldp)
+
+// Starting server
+app.listen(3000, function () {
+  console.log('Server started on port 3000!')
+})

package/examples/simple-ldp-server.mjs

@@ -0,0 +1,8 @@
+import solid from '../index.mjs'
+
+// Starting solid server
+const ldp = solid.createServer()
+ldp.listen(3456, function () {
+  console.log('Starting server on port ' + 3456)
+  console.log('LDP will run on /')
+})

package/index.cjs

@@ -0,0 +1,4 @@
+// Main entry point - provides both CommonJS (for tests) and ESM (for modern usage)
+module.exports = require('./lib/create-app-cjs')
+module.exports.createServer = require('./lib/create-server-cjs')
+module.exports.startCli = require('./bin/lib/cli.cjs')

package/index.mjs

@@ -0,0 +1,23 @@
+import createServer from './lib/create-server.mjs'
+import ldnode from './lib/create-app.mjs'
+import startCli from './bin/lib/cli.mjs'
+
+// Preserve the CommonJS-style shape where the default export has
+// `createServer` and `startCli` attached as properties so existing
+// tests that call `ldnode.createServer()` continue to work.
+let exported
+const canAttach = (ldnode && (typeof ldnode === 'object' || typeof ldnode === 'function'))
+if (canAttach) {
+  try {
+    if (!ldnode.createServer) ldnode.createServer = createServer
+    if (!ldnode.startCli) ldnode.startCli = startCli
+    exported = ldnode
+  } catch (e) {
+    exported = { default: ldnode, createServer, startCli }
+  }
+} else {
+  exported = { default: ldnode, createServer, startCli }
+}
+
+export default exported
+export { createServer, startCli }

package/lib/{acl-checker.js → acl-checker.mjs}

@@ -1,19 +1,16 @@
 'use strict'
-/* eslint-disable node/no-deprecated-api */
 
-const { dirname } = require('path')
-const rdf = require('rdflib')
-const debug = require('./debug').ACL
-// const debugCache = require('./debug').cache
-const HTTPError = require('./http-error')
-const aclCheck = require('@solid/acl-check')
-const { URL } = require('url')
-const { promisify } = require('util')
-const fs = require('fs')
-const Url = require('url')
-const httpFetch = require('node-fetch')
+import { dirname } from 'path'
+import rdf from 'rdflib'
+import { ACL as debug } from './debug.mjs'
+// import { cache as debugCache } from './debug.mjs'
+import HTTPError from './http-error.mjs'
+import aclCheck from '@solid/acl-check'
+import Url, { URL } from 'url'
+import { promisify } from 'util'
+import fs from 'fs'
 
-const DEFAULT_ACL_SUFFIX = '.acl'
+export const DEFAULT_ACL_SUFFIX = '.acl'
 const ACL = rdf.Namespace('http://www.w3.org/ns/auth/acl#')
 
 // TODO: expunge-on-write so that we can increase the caching time
@@ -310,7 +307,7 @@ function fetchLocalOrRemote (mapper, serverUri) {
       body = await promisify(fs.readFile)(path, { encoding: 'utf8' })
     } else {
       // Fetch the acl from the internet
-      const response = await httpFetch(url)
+      const response = await fetch(url)
       body = await response.text()
       contentType = response.headers.get('content-type')
     }
@@ -344,11 +341,10 @@ function lastSlash (string, pos = string.length) {
   return string.lastIndexOf('/', pos)
 }
 
-module.exports = ACLChecker
-module.exports.DEFAULT_ACL_SUFFIX = DEFAULT_ACL_SUFFIX
+export default ACLChecker
 
 // Used in ldp and the unit tests:
-module.exports.clearAclCache = function (url) {
+export function clearAclCache (url) {
   if (url) delete temporaryCache[url]
   else temporaryCache = {}
 }

package/lib/api/accounts/{user-accounts.js → user-accounts.mjs}

@@ -1,15 +1,16 @@
-'use strict'
+import express from 'express'
+import bodyParserPkg from 'body-parser'
+import debug from '../../debug.mjs'
 
-const express = require('express')
-const bodyParser = require('body-parser').urlencoded({ extended: false })
-const debug = require('../../debug').accounts
+import restrictToTopDomain from '../../handlers/restrict-to-top-domain.mjs'
 
-const restrictToTopDomain = require('../../handlers/restrict-to-top-domain')
-
-const CreateAccountRequest = require('../../requests/create-account-request')
-const AddCertificateRequest = require('../../requests/add-cert-request')
-const DeleteAccountRequest = require('../../requests/delete-account-request')
-const DeleteAccountConfirmRequest = require('../../requests/delete-account-confirm-request')
+import { CreateAccountRequest } from '../../requests/create-account-request.mjs'
+import AddCertificateRequest from '../../requests/add-cert-request.mjs'
+import DeleteAccountRequest from '../../requests/delete-account-request.mjs'
+import DeleteAccountConfirmRequest from '../../requests/delete-account-confirm-request.mjs'
+const { urlencoded } = bodyParserPkg
+const bodyParser = urlencoded({ extended: false })
+const debugAccounts = debug.accounts
 
 /**
  * Returns an Express middleware handler for checking if a particular account
@@ -19,17 +20,17 @@ const DeleteAccountConfirmRequest = require('../../requests/delete-account-confi
  *
  * @return {Function}
  */
-function checkAccountExists (accountManager) {
+export function checkAccountExists (accountManager) {
   return (req, res, next) => {
     const accountUri = req.hostname
 
     accountManager.accountUriExists(accountUri)
       .then(found => {
         if (!found) {
-          debug(`Account ${accountUri} is available (for ${req.originalUrl})`)
+          debugAccounts(`Account ${accountUri} is available (for ${req.originalUrl})`)
           return res.sendStatus(404)
         }
-        debug(`Account ${accountUri} is not available (for ${req.originalUrl})`)
+        debugAccounts(`Account ${accountUri} is not available (for ${req.originalUrl})`)
         next()
       })
       .catch(next)
@@ -44,7 +45,7 @@ function checkAccountExists (accountManager) {
  *
  * @return {Function}
  */
-function newCertificate (accountManager) {
+export function newCertificate (accountManager) {
   return (req, res, next) => {
     return AddCertificateRequest.handle(req, res, accountManager)
       .catch(err => {
@@ -62,7 +63,7 @@ function newCertificate (accountManager) {
  *
  * @return {Router}
  */
-function middleware (accountManager) {
+export function middleware (accountManager) {
   const router = express.Router('/')
 
   router.get('/', checkAccountExists(accountManager))
@@ -81,7 +82,7 @@ function middleware (accountManager) {
   return router
 }
 
-module.exports = {
+export default {
   middleware,
   checkAccountExists,
   newCertificate

package/lib/api/authn/{force-user.js → force-user.mjs}

@@ -1,13 +1,14 @@
-const debug = require('../../debug').authentication
+import debug from '../../debug.mjs'
+const debugAuth = debug.authentication
 
 /**
  * Enforces the `--force-user` server flag, hardcoding a webid for all requests,
  * for testing purposes.
  */
-function initialize (app, argv) {
+export function initialize (app, argv) {
   const forceUserId = argv.forceUser
   app.use('/', (req, res, next) => {
-    debug(`Identified user (override): ${forceUserId}`)
+    debugAuth(`Identified user (override): ${forceUserId}`)
     req.session.userId = forceUserId
     if (argv.auth === 'tls') {
       res.set('User', forceUserId)
@@ -16,6 +17,6 @@ function initialize (app, argv) {
   })
 }
 
-module.exports = {
+export default {
   initialize
 }

package/lib/api/authn/index.mjs

@@ -0,0 +1,8 @@
+import oidc from './webid-oidc.mjs'
+import tls from './webid-tls.mjs'
+import forceUser from './force-user.mjs'
+
+export { oidc, tls, forceUser }
+
+// Provide a default export so callers can `import Auth from './lib/api/authn/index.mjs'`
+export default { oidc, tls, forceUser }

package/lib/api/authn/{webid-oidc.js → webid-oidc.mjs}

@@ -1,21 +1,25 @@
-'use strict'
 /**
  * OIDC Relying Party API handler module.
  */
 
-const express = require('express')
-const { routeResolvedFile } = require('../../utils')
-const bodyParser = require('body-parser').urlencoded({ extended: false })
-const OidcManager = require('../../models/oidc-manager')
-const { LoginRequest } = require('../../requests/login-request')
-const { SharingRequest } = require('../../requests/sharing-request')
+import express from 'express'
+import { routeResolvedFile } from '../../utils.mjs'
+import bodyParserPkg from 'body-parser'
+import { fromServerConfig } from '../../models/oidc-manager.mjs'
+import { LoginRequest } from '../../requests/login-request.mjs'
+import { SharingRequest } from '../../requests/sharing-request.mjs'
 
-const restrictToTopDomain = require('../../handlers/restrict-to-top-domain')
+import restrictToTopDomain from '../../handlers/restrict-to-top-domain.mjs'
 
-const PasswordResetEmailRequest = require('../../requests/password-reset-email-request')
-const PasswordChangeRequest = require('../../requests/password-change-request')
+import PasswordResetEmailRequest from '../../requests/password-reset-email-request.mjs'
+import PasswordChangeRequest from '../../requests/password-change-request.mjs'
 
-const { AuthCallbackRequest } = require('@solid/oidc-auth-manager').handlers
+import oidcOpExpress from 'oidc-op-express'
+
+import oidcAuthManager from '@solid/oidc-auth-manager'
+const { urlencoded } = bodyParserPkg
+const bodyParser = urlencoded({ extended: false })
+const { AuthCallbackRequest } = oidcAuthManager.handlers
 
 /**
  * Sets up OIDC authentication for the given app.
@@ -23,10 +27,13 @@ const { AuthCallbackRequest } = require('@solid/oidc-auth-manager').handlers
  * @param app {Object} Express.js app instance
  * @param argv {Object} Config options hashmap
  */
-function initialize (app, argv) {
-  const oidc = OidcManager.fromServerConfig(argv)
+export function initialize (app, argv) {
+  const oidc = fromServerConfig(argv)
   app.locals.oidc = oidc
-  oidc.initialize()
+
+  // Store initialization function to be called after server starts listening
+  // (OIDC client registration needs the server to be up to fetch openid-configuration)
+  app.locals.initFunction = () => oidc.initialize()
 
   // Attach the OIDC API
   app.use('/', middleware(oidc))
@@ -76,7 +83,7 @@ function initialize (app, argv) {
  *
  * @return {Router} Express router
  */
-function middleware (oidc) {
+export function middleware (oidc) {
   const router = express.Router('/')
 
   // User-facing Authentication API
@@ -118,7 +125,7 @@ function middleware (oidc) {
   // router.post('/token', token.bind(provider))
   // router.get('/userinfo', userinfo.bind(provider))
   // router.get('/logout', logout.bind(provider))
-  const oidcProviderApi = require('oidc-op-express')(oidc.provider)
+  const oidcProviderApi = oidcOpExpress(oidc.provider)
   router.use('/', oidcProviderApi)
 
   return router
@@ -132,7 +139,7 @@ function middleware (oidc) {
  * @param res {ServerResponse}
  * @param err {Error}
  */
-function setAuthenticateHeader (req, res, err) {
+export function setAuthenticateHeader (req, res, err) {
   const locals = req.app.locals
 
   const errorParams = {
@@ -159,7 +166,7 @@ function setAuthenticateHeader (req, res, err) {
  *
  * @returns {number}
  */
-function statusCodeOverride (statusCode, req) {
+export function statusCodeOverride (statusCode, req) {
   if (isEmptyToken(req)) {
     return 400
   } else {
@@ -175,7 +182,7 @@ function statusCodeOverride (statusCode, req) {
  *
  * @returns {boolean}
  */
-function isEmptyToken (req) {
+export function isEmptyToken (req) {
   const header = req.get('Authorization')
 
   if (!header) { return false }
@@ -193,7 +200,7 @@ function isEmptyToken (req) {
   return false
 }
 
-module.exports = {
+export default {
   initialize,
   isEmptyToken,
   middleware,

package/lib/api/authn/{webid-tls.js → webid-tls.mjs}

@@ -1,14 +1,15 @@
-const webid = require('../../webid/tls')
-const debug = require('../../debug').authentication
+import * as webid from '../../webid/tls/index.mjs'
+import debug from '../../debug.mjs'
+const debugAuth = debug.authentication
 
-function initialize (app, argv) {
+export function initialize (app, argv) {
   app.use('/', handler)
 }
 
-function handler (req, res, next) {
+export function handler (req, res, next) {
   // User already logged in? skip
   if (req.session.userId) {
-    debug('User: ' + req.session.userId)
+    debugAuth('User: ' + req.session.userId)
     res.set('User', req.session.userId)
     return next()
   }
@@ -23,12 +24,12 @@ function handler (req, res, next) {
   // Verify webid
   webid.verify(certificate, function (err, result) {
     if (err) {
-      debug('Error processing certificate: ' + err.message)
+      debugAuth('Error processing certificate: ' + err.message)
       setEmptySession(req)
       return next()
     }
     req.session.userId = result
-    debug('Identified user: ' + req.session.userId)
+    debugAuth('Identified user: ' + req.session.userId)
     res.set('User', req.session.userId)
     return next()
   })
@@ -41,10 +42,10 @@ function getCertificateViaTLS (req) {
   if (certificate && Object.keys(certificate).length > 0) {
     return certificate
   }
-  debug('No peer certificate received during TLS handshake.')
+  debugAuth('No peer certificate received during TLS handshake.')
 }
 
-function setEmptySession (req) {
+export function setEmptySession (req) {
   req.session.userId = ''
 }
 
@@ -55,13 +56,13 @@ function setEmptySession (req) {
  * @param req {IncomingRequest}
  * @param res {ServerResponse}
  */
-function setAuthenticateHeader (req, res) {
+export function setAuthenticateHeader (req, res) {
   const locals = req.app.locals
 
   res.set('WWW-Authenticate', `WebID-TLS realm="${locals.host.serverUri}"`)
 }
 
-module.exports = {
+export default {
   initialize,
   handler,
   setAuthenticateHeader,

package/lib/api/index.mjs

@@ -0,0 +1,7 @@
+import authn from './authn/index.mjs'
+import accounts from './accounts/user-accounts.mjs'
+
+export { authn, accounts }
+
+// Provide a default export so callers can `import API from './lib/api/index.mjs'`
+export default { authn, accounts }

package/lib/{capability-discovery.js → capability-discovery.mjs}

@@ -1,18 +1,15 @@
-'use strict'
 /**
  * @module capability-discovery
  */
-const express = require('express')
-const { URL } = require('url')
-
-module.exports = capabilityDiscovery
+import express from 'express'
+import { URL } from 'url'
 
 /**
  * Returns a set of routes to deal with server capability discovery
  * @method capabilityDiscovery
  * @return {Router} Express router
  */
-function capabilityDiscovery () {
+export default function capabilityDiscovery () {
   const router = express.Router('/')
 
   // Advertise the server capability discover endpoint