Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Allow custom root ACL.

Browse Source
This commit is contained in:
Ruben Verborgh 2021-01-15 12:38:22 +01:00 committed by Joachim Van Herwegen
parent 87f1450d0d
commit e544e6dc11
6 changed files with 61 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
config/presets/init.json
View File

@ -15,24 +15,24 @@
{ {
"@id": "urn:solid-server:default:RootContainerInitializer", "@id": "urn:solid-server:default:RootContainerInitializer",
"@type": "RootContainerInitializer", "@type": "RootContainerInitializer",
"RootContainerInitializer:_baseUrl": { "RootContainerInitializer:_settings_store": {
"@id": "urn:solid-server:default:variable:baseUrl"
},
"RootContainerInitializer:_store": {
"@id": "urn:solid-server:default:ResourceStore" "@id": "urn:solid-server:default:ResourceStore"
},
"RootContainerInitializer:_settings_baseUrl": {
"@id": "urn:solid-server:default:variable:baseUrl"
} }
}, },
{ {
"@id": "urn:solid-server:default:AclInitializer", "@id": "urn:solid-server:default:AclInitializer",
"@type": "AclInitializer", "@type": "AclInitializer",
"AclInitializer:_baseUrl": { "AclInitializer:_settings_store": {
"@id": "urn:solid-server:default:variable:baseUrl"
},
"AclInitializer:_store": {
"@id": "urn:solid-server:default:ResourceStore" "@id": "urn:solid-server:default:ResourceStore"
}, },
"AclInitializer:_aclManager": { "AclInitializer:_settings_aclManager": {
"@id": "urn:solid-server:default:AclManager" "@id": "urn:solid-server:default:AclManager"
},
"AclInitializer:_settings_baseUrl": {
"@id": "urn:solid-server:default:variable:baseUrl"
} }
}, },
{ {

22
src/init/AclInitializer.ts
View File

@ -9,6 +9,7 @@ import { TEXT_TURTLE } from '../util/ContentTypes';
import { ensureTrailingSlash, joinFilePath } from '../util/PathUtil'; import { ensureTrailingSlash, joinFilePath } from '../util/PathUtil';
import { Initializer } from './Initializer'; import { Initializer } from './Initializer';
const DEFAULT_ACL_PATH = joinFilePath(__dirname, '../../templates/root/.acl');
/** /**
* Ensures that a root ACL is present. * Ensures that a root ACL is present.
*/ */
@ -17,16 +18,19 @@ export class AclInitializer extends Initializer {
private readonly store: ResourceStore; private readonly store: ResourceStore;
private readonly aclManager: AclManager; private readonly aclManager: AclManager;
private readonly root: ResourceIdentifier; private readonly root: ResourceIdentifier;
private readonly aclPath: string;
public constructor( public constructor(settings: {
baseUrl: string, store: ResourceStore;
store: ResourceStore, aclManager: AclManager;
aclManager: AclManager, baseUrl: string;
) { aclPath?: string;
}) {
super(); super();
this.store = store; this.store = settings.store;
this.aclManager = aclManager; this.aclManager = settings.aclManager;
this.root = { path: ensureTrailingSlash(baseUrl) }; this.root = { path: ensureTrailingSlash(settings.baseUrl) };
this.aclPath = settings.aclPath ?? DEFAULT_ACL_PATH;
} }
public async handle(): Promise<void> { public async handle(): Promise<void> {
@ -42,7 +46,7 @@ export class AclInitializer extends Initializer {
// The associated ACL document MUST include an authorization policy with acl:Control access privilege." // The associated ACL document MUST include an authorization policy with acl:Control access privilege."
// https://solid.github.io/specification/protocol#storage // https://solid.github.io/specification/protocol#storage
protected async setRootAclDocument(rootAcl: ResourceIdentifier): Promise<void> { protected async setRootAclDocument(rootAcl: ResourceIdentifier): Promise<void> {
const acl = await fsPromises.readFile(joinFilePath(__dirname, '../../templates/root/.acl'), 'utf8'); const acl = await fsPromises.readFile(this.aclPath, 'utf8');
this.logger.debug(`Installing root ACL document at ${rootAcl.path}`); this.logger.debug(`Installing root ACL document at ${rootAcl.path}`);
await this.store.setRepresentation(rootAcl, new BasicRepresentation(acl, rootAcl, TEXT_TURTLE)); await this.store.setRepresentation(rootAcl, new BasicRepresentation(acl, rootAcl, TEXT_TURTLE));
} }

8
src/init/RootContainerInitializer.ts
View File

@ -21,13 +21,13 @@ import namedNode = DataFactory.namedNode;
*/ */
export class RootContainerInitializer extends Initializer { export class RootContainerInitializer extends Initializer {
protected readonly logger = getLoggerFor(this); protected readonly logger = getLoggerFor(this);
private readonly baseId: ResourceIdentifier;
private readonly store: ResourceStore; private readonly store: ResourceStore;
private readonly baseId: ResourceIdentifier;
public constructor(baseUrl: string, store: ResourceStore) { public constructor(settings: { store: ResourceStore; baseUrl: string }) {
super(); super();
this.baseId = { path: ensureTrailingSlash(baseUrl) }; this.store = settings.store;
this.store = store; this.baseId = { path: ensureTrailingSlash(settings.baseUrl) };
} }
public async handle(): Promise<void> { public async handle(): Promise<void> {

2
test/integration/LockingResourceStore.test.ts
View File

@ -29,7 +29,7 @@ describe('A LockingResourceStore', (): void => {
source = new DataAccessorBasedStore(new InMemoryDataAccessor(base), new SingleRootIdentifierStrategy(base)); source = new DataAccessorBasedStore(new InMemoryDataAccessor(base), new SingleRootIdentifierStrategy(base));
// Initialize store // Initialize store
const initializer = new RootContainerInitializer(BASE, source); const initializer = new RootContainerInitializer({ store: source, baseUrl: BASE });
await initializer.handleSafe(); await initializer.handleSafe();
locker = new SingleThreadedResourceLocker(); locker = new SingleThreadedResourceLocker();

39
test/unit/init/AclInitializer.test.ts
View File

@ -1,9 +1,15 @@
import type { AclManager } from '../../../src/authorization/AclManager'; import type { AclManager } from '../../../src/authorization/AclManager';
import { AclInitializer } from '../../../src/init/AclInitializer'; import { AclInitializer } from '../../../src/init/AclInitializer';
import { BasicRepresentation } from '../../../src/ldp/representation/BasicRepresentation';
import type { ResourceIdentifier } from '../../../src/ldp/representation/ResourceIdentifier'; import type { ResourceIdentifier } from '../../../src/ldp/representation/ResourceIdentifier';
import type { ResourceStore } from '../../../src/storage/ResourceStore'; import type { ResourceStore } from '../../../src/storage/ResourceStore';
import { NotFoundHttpError } from '../../../src/util/errors/NotFoundHttpError'; import { NotFoundHttpError } from '../../../src/util/errors/NotFoundHttpError';
jest.mock('../../../src/ldp/representation/BasicRepresentation');
// eslint-disable-next-line @typescript-eslint/naming-convention
const RepresentationMock: jest.Mock<BasicRepresentation> = BasicRepresentation as any;
describe('AclInitializer', (): void => { describe('AclInitializer', (): void => {
const store: jest.Mocked<ResourceStore> = { const store: jest.Mocked<ResourceStore> = {
getRepresentation: jest.fn().mockRejectedValue(new NotFoundHttpError()), getRepresentation: jest.fn().mockRejectedValue(new NotFoundHttpError()),
@ -14,22 +20,40 @@ describe('AclInitializer', (): void => {
} as any; } as any;
const baseUrl = 'http://localhost:3000/'; const baseUrl = 'http://localhost:3000/';
let initializer: AclInitializer;
beforeEach(async(): Promise<void> => {
initializer = new AclInitializer(baseUrl, store, aclManager);
});
afterEach((): void => { afterEach((): void => {
jest.clearAllMocks(); jest.clearAllMocks();
}); });
it('invokes ACL initialization.', async(): Promise<void> => { it('sets the default ACL when none exists already.', async(): Promise<void> => {
const initializer = new AclInitializer({ baseUrl, store, aclManager });
await initializer.handle(); await initializer.handle();
expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' }); expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' });
expect(store.getRepresentation).toHaveBeenCalledTimes(1); expect(store.getRepresentation).toHaveBeenCalledTimes(1);
expect(store.getRepresentation).toHaveBeenCalledWith({ path: 'http://test.com/.acl' }, {}); expect(store.getRepresentation).toHaveBeenCalledWith({ path: 'http://test.com/.acl' }, {});
expect(store.setRepresentation).toHaveBeenCalledTimes(1); expect(store.setRepresentation).toHaveBeenCalledTimes(1);
expect(store.setRepresentation).toHaveBeenCalledWith(
{ path: 'http://test.com/.acl' }, RepresentationMock.mock.instances[0],
);
expect(RepresentationMock).toHaveBeenCalledWith(
expect.stringMatching('<#authorization>'), { path: 'http://test.com/.acl' }, 'text/turtle',
);
});
it('sets the specific ACL when one was specified.', async(): Promise<void> => {
const initializer = new AclInitializer({ baseUrl, store, aclManager, aclPath: __filename });
await initializer.handle();
expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' });
expect(store.getRepresentation).toHaveBeenCalledTimes(1);
expect(store.getRepresentation).toHaveBeenCalledWith({ path: 'http://test.com/.acl' }, {});
expect(store.setRepresentation).toHaveBeenCalledTimes(1);
expect(store.setRepresentation).toHaveBeenCalledWith(
{ path: 'http://test.com/.acl' }, RepresentationMock.mock.instances[0],
);
expect(RepresentationMock).toHaveBeenCalledWith(
expect.stringMatching('Joachim'), { path: 'http://test.com/.acl' }, 'text/turtle',
);
}); });
it('does not invoke ACL initialization when a root ACL already exists.', async(): Promise<void> => { it('does not invoke ACL initialization when a root ACL already exists.', async(): Promise<void> => {
@ -37,6 +61,7 @@ describe('AclInitializer', (): void => {
data: { destroy: jest.fn() }, data: { destroy: jest.fn() },
} as any)); } as any));
const initializer = new AclInitializer({ baseUrl, store, aclManager });
await initializer.handle(); await initializer.handle();
expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' }); expect(aclManager.getAclDocument).toHaveBeenCalledWith({ path: 'http://localhost:3000/' });
@ -47,6 +72,8 @@ describe('AclInitializer', (): void => {
it('errors when the root ACL check errors.', async(): Promise<void> => { it('errors when the root ACL check errors.', async(): Promise<void> => {
store.getRepresentation.mockRejectedValueOnce(new Error('Fatal')); store.getRepresentation.mockRejectedValueOnce(new Error('Fatal'));
const initializer = new AclInitializer({ baseUrl, store, aclManager });
await expect(initializer.handle()).rejects.toThrow('Fatal'); await expect(initializer.handle()).rejects.toThrow('Fatal');
}); });
}); });

2
test/unit/init/RootContainerInitializer.test.ts
View File

@ -8,7 +8,7 @@ describe('A RootContainerInitializer', (): void => {
getRepresentation: jest.fn().mockRejectedValue(new NotFoundHttpError()), getRepresentation: jest.fn().mockRejectedValue(new NotFoundHttpError()),
setRepresentation: jest.fn(), setRepresentation: jest.fn(),
} as any; } as any;
const initializer = new RootContainerInitializer(baseUrl, store); const initializer = new RootContainerInitializer({ store, baseUrl });
afterEach((): void => { afterEach((): void => {
jest.clearAllMocks(); jest.clearAllMocks();