Skip to content

Instantly share code, notes, and snippets.

@zimeon zimeon/
Created Aug 30, 2017

What would you like to do?
How does the `node-solid-server` handle WAC ACLs?

The node-solid-server implements WAC ACLs using simple append of .acl to the resource URI. It seems to consistently return a URI with .acl appended to in Link: <...>; rel="acl" even if the resource being requested does not exist or is already and ACL!

Easy download and run:

mkdir solid
cd solid
npm install -g solid-server
# generate key for local use
openssl genrsa 2048 > localhost.key
openssl req -new -x509 -nodes -sha256 -days 3650 -key localhost.key -subj '/CN=*.localhost' > localhost.cert
# clear all state (if any previous run) and restart
rm -rf data; mkdir data
solid start --root data --port 8443 --ssl-key localhost.key --ssl-cert localhost.cert 
# can then access on web at https://localhost:8443/

Test cases after creating an account via web UI:

> curl --insecure -I https://localhost:8443/profile/card
HTTP/1.1 200 OK
Link: <card.acl>; rel="acl", <card.meta>; rel="describedBy", <>; rel="type"

> curl --insecure -I https://localhost:8443/profile/card.acl
HTTP/1.1 200 OK
Link: <card.acl.acl>; rel="acl", <card.acl.meta>; rel="describedBy", <>; rel="type"

> curl --insecure -I https://localhost:8443/whatever.acl.acl.acl
HTTP/1.1 401 Unauthorized
Link: <whatever.acl.acl.acl.acl>; rel="acl", <whatever.acl.acl.acl.meta>; rel="describedBy", <>; rel="type"

(One can mess about with the data by editing files under data while the server is running. The server doesn't seem to cache any resource state.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.