Web-Solid-Auth-0.91000755000765000024 014135011116 16413 5ustar00patrickhochstenbachstaff000000000000README100644000765000024 1247714135011116 17407 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91NAME Web::Solid::Auth - A Perl Solid Web Client SYNOPSIS # On the command line # Set your default webid export SOLID_WEBID=https://timbl.inrupt.net/profile/card#me # Authentication to a pod solid_auth.pl authenticate # Get the http headers for a authenticated request solid_auth.pl headers GET https://timbl.inrupt.net/inbox/ # Act like a curl command and fetch authenticated content solid_auth.pl curl -X GET https://timbl.inrupt.net/inbox/ # Add some data solid_auth.pl curl -X POST \ -H "Content-Type: text/plain" \ -d "abc" \ https://timbl.inrupt.net/public/ # Add a file solid_auth.pl curl -X PUT \ -H "Content-Type: application/ld+json" \ -d "@myfile.jsonld" \ https://timbl.inrupt.net/public/myfile.jsonld # Set a solid base url export SOLID_REMOTE_BASE=https://timbl.inrupt.net # List all resources on some Pod path solid_auth.pl list /public/ # Get some data solid_auth.pl get /inbox/ # Post some data solid_auth.pl post /inbox/ myfile.jsonld # Put some data solid_auth.pl put /public/myfile.txt myfile.txt # Create a folder solid_auth.pl put /public/mytestfolder/ # Delete some data solid_auth.pl delete /public/myfile.txt # Mirror a resource, container or tree solid_auth.pl mirror /public/ ./my_copy # Upload a directory to the pod # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r upload /data/my_copy /public/ # Clean all files in a container # Add the -x option to do it for real (only a test without this option) solid_auth.pl --keep clean /demo/ # Clean a complete container # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r clean /demo/ # In a perl program use Web::Solid::Auth; use Web::Solid::Auth::Listener; # Create a new authenticator for a pod my $auth = Web::Solid::Auth->new(webid => $webid); # Or tune a listerner my $auth = Web::Solid::Auth->new( webid => $webid , listener => Web::Solid::Auth::Listener->new( scheme => 'https' host => 'my.server.org' port => '443' , path => '/mycallback' ) ); # Or, in case you have your own callback server my $auth = Web::Solid::Auth->new( webid => $webid, redirect_uri => 'https://my.server.org/mycallback' ); # Generate a url for the user to authenticate my $auth_url = $auth->make_authorization_request; # Listen for the oauth server to return tokens # the built-in listener for feedback from the openid provider # Check the code of Web::Solid::Auth::Listener how to # do this inside your own Plack application $auth->listen; #### # If you already have access_tokens from previous step if ($auth->has_access_token) { # Fetch the Authentication and DPoP HTTP headers for a # request to an authorized resource my $headers = $auth->make_authentication_headers($resource_url,$http_method); #..do you curl..lwp::agent..or what ever with the headers } INSTALLATION See the https://metacpan.org/dist/Web-Solid-Auth/source/INSTALL file in the distribution. DESCRIPTION This is a Solid-OIDC implementation of a connection class for the Solid server. Use the bin/solid_auth.pl command as a command line implementation. Check out the example directory for a demo web application. CONFIGURATION webid The Solid Webid to authenticate. cache The location of the cache directory with connection parameters. METHODS has_access_token() Returns a true value when a cache contains an access token for the webid. make_clean() Clear the cache directory. make_authorization_request() Return an authorization URL that the use should open to authenticate this application. make_access_token($code) When on the redirect url you get a code from the authentication server you can use this method to get an access_token for the code. listen() Create a small built-in web server to listen for token responses from the authentication server. get_access_token() Return the cached access_token. SEE ALSO solid_auth.pl INSPIRATION This was very much inspired by the Python solid-flask code by Rai http://agentydragon.com at https://gitlab.com/agentydragon/solid-flask, and Jeff Zucker's Solid-Shell at https://www.npmjs.com/package/solid-shell. COPYRIGHT AND LICENSE This software is copyright (c) 2021 by Patrick Hochstenbach. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Changes100644000765000024 346614135011116 20000 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91Revision history for Web::Solid::Auth 0.91 2021-10-23 15:46:27 CEST - Adding patch command - Fixing directory listing for Pod that don't provide resource types in the main container listing response - Fixing shebang #9 - Adding a rel=type when creating containers #6 - Fixing bug in `list` command showing double relative paths - Adding a --force option to overwrite existing resources when PUT or PATCH - Adding an --etag option to prevent updating resources when it changed PUT or PATCH 0.9 2021-10-17 17:51:15 CEST - Fixing relative/absolute URL bug - Adding support -- support to stop interpreting solid_auth.pl options - Adding documentation for the sold_auth.pl commands - Adding -H option for get,post,head,delete,options - Adding --delete option for deleting local files when doing a mirror - Support adding a client_id 0.8 2021-10-14 09:10:19 CEST - Adding INSTALL instructions - Making the log4perl configuration file optional 0.71 2021-10-13 19:46:21 CEST - Fixing missing ldf:RDFSource 0.7 2021-10-12 11:34:40 CEST - Add a mirror Solid option - Add an upload to Solid option - Add a clean container option 0.6 2021-10-11 11:29:30 CEST - Adding support for head, options in the command line and Agent - Fixing the remote client 0.5 2021-10-11 09:45:37 CEST - Adding Solid::Web::Auth::Agent as Authenticated DPoP enabled agent - Adding more tools in bin/solid_auth.pl to actually do something with the pods - Adding folder listing on pod 0.4 2021-10-10 13:46:32 CEST - Supporting the newest ESS pods 0.3 2021-02-28 08:36:51 CET - Updating documentation and code comments - Adding support for inspecting access_token and id_token 0.2 2021-02-26 19:47:05 CET - Ading an example web (Plack) application 0.1 2021-02-26 16:14:42 CET - Initial version INSTALL100644000765000024 310614135011116 17525 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91# INSTALL ## libmagic library For mime type guessing we need the `libmagic` library. On Debian/Ubuntu run: ``` sudo apt-get install libmagic-dev ``` On Red Hat run: ``` sudo yum install file-devel file-libs ``` On Mac you can use homebrew (https://brew.sh/): ``` brew install libmagic ``` See also: https://metacpan.org/pod/File::LibMagic ## CPANM CPANM is the Perl package manager On Debian/Ubuntu run: ``` sudo apt-get apt-get install cpanminus ``` On Red Hat run: ``` sudo yum install perl-App-cpanminus ``` On Mac you can use homebrew: ``` brew install cpanminus ``` ## Install this package from the official release Run ``` cpanm Web::Solid::Auth ``` Add your favorite Solid Pod to your `.bashrc` or `.zshrc` (depending on your shell) ``` # Your WebId export SOLID_WEBID=https://hochstenbach.inrupt.net/profile/card#me # The baseUrl used for relative urls (without the slash at the end!) export SOLID_REMOTE_BASE=https://hochstenbach.inrupt.net ``` Reread your shell configuratation file: ``` source ~/.bashrc ``` ## Hello World Authenticate to your own pod. The program below will ask you to open a link in a webbrowser and authenticate at your identity provider (IDP). When you are authenticated you can close the program ``` solid_auth.pl authenticate ``` Now you can check private data ``` # List the root container solid_auth.pl list / ``` ## PLENV If you happen to happen to run [plenv](https://github.com/tokuhirom/plenv) , a Perl binary manager, don't forget to run `plenv rehash` after you ran `cpanm`. This will put the `solid_auth.pl` script in your path. LICENSE100644000765000024 4370014135011116 17525 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91This software is copyright (c) 2021 by Patrick Hochstenbach. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2021 by Patrick Hochstenbach. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2021 by Patrick Hochstenbach. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End cpanfile100644000765000024 126014135011116 20177 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91requires 'perl', '>= 5.10.1'; on 'test', sub { requires 'Test::Simple', '1.001003'; requires 'Test::More', '1.001003'; requires 'Test::Exception','0.32'; requires 'Test::Pod','0'; requires 'Dist::Zilla::Plugin::ExecDir','0'; }; requires 'Attean',0; requires 'Crypt::JWT',0; requires 'Crypt::PK::ECC',0; requires 'Data::UUID',0; requires 'Digest::SHA',0; requires 'File::LibMagic',0; requires 'HTTP::Link',0; requires 'JSON',0; requires 'LWP::Protocol::https',0; requires 'LWP::UserAgent',0; requires 'Log::Any',0; requires 'Log::Any::Adapter::Log4perl',0; requires 'Log::Log4perl',0; requires 'Moo',0; requires 'Path::Tiny',0; requires 'Plack',0; requires 'String::Escape',0; dist.ini100644000765000024 12014135011116 20111 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91author=Patrick Hochstenbach [@Milla] installer = ModuleBuild [ExecDir] dir = binBuild.PL100644000765000024 326214135011116 17773 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91 # This file was automatically generated by Dist::Zilla::Plugin::ModuleBuild v6.024. use strict; use warnings; use Module::Build 0.28; my %module_build_args = ( "build_requires" => { "Module::Build" => "0.28" }, "configure_requires" => { "Module::Build" => "0.28" }, "dist_abstract" => "A Perl Solid Web Client", "dist_author" => [ "Patrick Hochstenbach" ], "dist_name" => "Web-Solid-Auth", "dist_version" => "0.91", "license" => "perl", "module_name" => "Web::Solid::Auth", "recursive_test_files" => 1, "requires" => { "Attean" => 0, "Crypt::JWT" => 0, "Crypt::PK::ECC" => 0, "Data::UUID" => 0, "Digest::SHA" => 0, "File::LibMagic" => 0, "HTTP::Link" => 0, "JSON" => 0, "LWP::Protocol::https" => 0, "LWP::UserAgent" => 0, "Log::Any" => 0, "Log::Any::Adapter::Log4perl" => 0, "Log::Log4perl" => 0, "Moo" => 0, "Path::Tiny" => 0, "Plack" => 0, "String::Escape" => 0, "perl" => "v5.10.1" }, "script_files" => [ "bin/solid_auth.pl" ], "test_requires" => { "Dist::Zilla::Plugin::ExecDir" => 0, "Test::Exception" => "0.32", "Test::More" => "1.001003", "Test::Pod" => 0, "Test::Simple" => "1.001003" } ); my %fallback_build_requires = ( "Dist::Zilla::Plugin::ExecDir" => 0, "Module::Build" => "0.28", "Test::Exception" => "0.32", "Test::More" => "1.001003", "Test::Pod" => 0, "Test::Simple" => "1.001003" ); unless ( eval { Module::Build->VERSION(0.4004) } ) { delete $module_build_args{test_requires}; $module_build_args{build_requires} = \%fallback_build_requires; } my $build = Module::Build->new(%module_build_args); $build->create_build_script; META.yml100644000765000024 262314135011116 17750 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91--- abstract: 'A Perl Solid Web Client' author: - 'Patrick Hochstenbach' build_requires: Dist::Zilla::Plugin::ExecDir: '0' Module::Build: '0.28' Test::Exception: '0.32' Test::More: '1.001003' Test::Pod: '0' Test::Simple: '1.001003' configure_requires: Module::Build: '0.28' dynamic_config: 0 generated_by: 'Dist::Milla version v1.0.20, Dist::Zilla version 6.024, CPAN::Meta::Converter version 2.150005' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Web-Solid-Auth no_index: directory: - eg - examples - inc - share - t - xt requires: Attean: '0' Crypt::JWT: '0' Crypt::PK::ECC: '0' Data::UUID: '0' Digest::SHA: '0' File::LibMagic: '0' HTTP::Link: '0' JSON: '0' LWP::Protocol::https: '0' LWP::UserAgent: '0' Log::Any: '0' Log::Any::Adapter::Log4perl: '0' Log::Log4perl: '0' Moo: '0' Path::Tiny: '0' Plack: '0' String::Escape: '0' perl: v5.10.1 resources: bugtracker: https://github.com/phochste/Web-Solid-Auth/issues homepage: https://github.com/phochste/Web-Solid-Auth repository: https://github.com/phochste/Web-Solid-Auth.git version: '0.91' x_contributors: - 'Patrick Hochstenbach ' x_generated_by_perl: v5.24.0 x_serialization_backend: 'YAML::Tiny version 1.73' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' x_static_install: 0 MANIFEST100644000765000024 102614135011116 17624 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.024. Build.PL Changes INSTALL LICENSE MANIFEST META.json META.yml README bin/solid_auth.pl cpanfile dist.ini etc/web-solid-auth.jsonld example/bin/app.pl example/config.yml example/environments/development.yml example/environments/production.yml example/lib/solid.pm lib/Web/Solid/Auth.pm lib/Web/Solid/Auth/Agent.pm lib/Web/Solid/Auth/Listener.pm lib/Web/Solid/Auth/Util.pm log4perl.conf t/Web-Solid-Auth-Listener.t t/Web-Solid-Auth.t t/author-pod-syntax.t META.json100644000765000024 501314135011116 20114 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91{ "abstract" : "A Perl Solid Web Client", "author" : [ "Patrick Hochstenbach" ], "dynamic_config" : 0, "generated_by" : "Dist::Milla version v1.0.20, Dist::Zilla version 6.024, CPAN::Meta::Converter version 2.150005", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Web-Solid-Auth", "no_index" : { "directory" : [ "eg", "examples", "inc", "share", "t", "xt" ] }, "prereqs" : { "build" : { "requires" : { "Module::Build" : "0.28" } }, "configure" : { "requires" : { "Module::Build" : "0.28" } }, "develop" : { "requires" : { "Dist::Milla" : "v1.0.20", "Test::Pod" : "1.41" } }, "runtime" : { "requires" : { "Attean" : "0", "Crypt::JWT" : "0", "Crypt::PK::ECC" : "0", "Data::UUID" : "0", "Digest::SHA" : "0", "File::LibMagic" : "0", "HTTP::Link" : "0", "JSON" : "0", "LWP::Protocol::https" : "0", "LWP::UserAgent" : "0", "Log::Any" : "0", "Log::Any::Adapter::Log4perl" : "0", "Log::Log4perl" : "0", "Moo" : "0", "Path::Tiny" : "0", "Plack" : "0", "String::Escape" : "0", "perl" : "v5.10.1" } }, "test" : { "requires" : { "Dist::Zilla::Plugin::ExecDir" : "0", "Test::Exception" : "0.32", "Test::More" : "1.001003", "Test::Pod" : "0", "Test::Simple" : "1.001003" } } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/phochste/Web-Solid-Auth/issues" }, "homepage" : "https://github.com/phochste/Web-Solid-Auth", "repository" : { "type" : "git", "url" : "https://github.com/phochste/Web-Solid-Auth.git", "web" : "https://github.com/phochste/Web-Solid-Auth" } }, "version" : "0.91", "x_contributors" : [ "Patrick Hochstenbach " ], "x_generated_by_perl" : "v5.24.0", "x_serialization_backend" : "Cpanel::JSON::XS version 4.26", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later", "x_static_install" : 0 } log4perl.conf100644000765000024 42514135011116 21054 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91log4perl.rootLogger=FATAL,STDERR log4perl.appender.STDERR=Log::Log4perl::Appender::Screen log4perl.appender.STDERR.stderr=1 log4perl.appender.STDERR.utf8=1 log4perl.appender.STDERR.layout=PatternLayout log4perl.appender.STDERR.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n bin000755000765000024 014135011116 17104 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91solid_auth.pl100755000765000024 6744014135011116 21772 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/bin#!perl $|++; use lib qw(./lib); use Getopt::Long qw(:config pass_through); use Web::Solid::Auth; use Web::Solid::Auth::Agent; use Web::Solid::Auth::Util; use HTTP::Date; use File::LibMagic; use File::Basename; use MIME::Base64; use JSON; use Path::Tiny; use String::Escape; use Log::Any::Adapter; Log::Any::Adapter->set('Log4perl'); my $webid = $ENV{SOLID_WEBID}; my $webbase = $ENV{SOLID_REMOTE_BASE}; my $clientid = $ENV{SOLID_CLIENT_ID}; my $opt_recursive = undef; my $opt_skip = undef; my $opt_real = undef; my $opt_keep = undef; my $opt_delete = undef; my $opt_force = undef; my $opt_etag = undef; my $opt_log = 'log4perl.conf'; my $opt_header = []; GetOptions( "clientid|c=s" => \$clientid , "webid|w=s" => \$webid , "base|b=s" => \$webbase , "skip" => \$opt_skip , "keep" => \$opt_keep , "delete" => \$opt_delete , "etag=s" => \$opt_etag , "force|f" => \$opt_force , "r" => \$opt_recursive , "x" => \$opt_real , "H=s@" => \$opt_header , "log=s" => \$opt_log , ); my $cmd = shift; if (-e $opt_log) { Log::Log4perl::init($opt_log); } my $auth = Web::Solid::Auth->new(webid => $webid, client_id => $clientid); my $agent = Web::Solid::Auth::Agent->new(auth => $auth); if ($webbase) { # Remove the trailing slash $webbase =~ s{\/$}{}; } my $ret; if (0) {} elsif ($cmd eq 'list') { $ret = cmd_list(@ARGV); } elsif ($cmd eq 'get') { $ret = cmd_get(@ARGV); } elsif ($cmd eq 'put') { $ret = cmd_put(@ARGV); } elsif ($cmd eq 'post') { $ret = cmd_post(@ARGV); } elsif ($cmd eq 'patch') { $ret = cmd_patch(@ARGV); } elsif ($cmd eq 'delete') { $ret = cmd_delete(@ARGV); } elsif ($cmd eq 'head') { $ret = cmd_head(@ARGV); } elsif ($cmd eq 'options') { $ret = cmd_options(@ARGV); } elsif ($cmd eq 'mirror') { $ret = cmd_mirror(@ARGV); } elsif ($cmd eq 'upload') { $ret = cmd_upload(@ARGV); } elsif ($cmd eq 'clean') { $ret = cmd_clean(@ARGV); } elsif ($cmd eq 'authenticate') { $ret = cmd_authenticate(@ARGV); } elsif ($cmd eq 'headers') { $ret = cmd_headers(@ARGV); } elsif ($cmd eq 'curl') { $ret = cmd_curl(@ARGV); } elsif ($cmd eq 'id_token') { $ret = cmd_id_token(@ARGV); } elsif ($cmd eq 'access_token') { $ret = cmd_access_token(@ARGV); } else { usage(); } exit($ret); sub usage { print STDERR <{$file}; printf "%s $file\n" , $type eq 'container' ? "d" : "-"; } return 0; } sub _cmd_list { my ($url) = @_; unless ($url) { print STDERR "Need a url\n"; return 1; } unless ($url =~ /\/$/) { print STDERR "$url doesn't look like a container\n"; return 1; } my $iri = _make_url($url); my $response = $agent->get($iri); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } my $util = Web::Solid::Auth::Util->new; my $model = $util->parse_turtle($response->decoded_content); my $sparql =< SELECT ?resource ?type { ?base ldp:contains ?resource . OPTIONAL { ?resource a ?type . FILTER (?type IN ( ldp:Resource, ldp:RDFSource, ldp:Container, ldp:BasicContainer, ldp:IndirectContainer, ldp:NonRDFSource ) ) } } EOF my %FILES = (); $util->sparql($model, $sparql, sub { my $res = shift; my $name = $res->value('resource')->as_string; # clean absolute urls into relative ones ... if ($name =~ /^http/) { $name = substr($name,length($iri)); } $name =~ s/^\///; # Read the type from type or guess ..based on the name :P my $type; if ($res->value('type')) { $type = $res->value('type')->as_string; } else { $type = ($name =~ /\/$/) ? 'Container' : 'Resource'; } my $key = $url . $name; if (exists $FILES{$key} && $FILES{$key} eq 'container') { # Containers are more interesting than resources } else { $FILES{$key} = $type =~ /Container/ ? "container" : "resource"; } }); return \%FILES; } sub cmd_get { my ($url) = @_; my %headers = _make_headers(); my $response = _cmd_get($url,%headers); return $response if $response && ref($response) eq ''; print $response->decoded_content; return 0; } sub _cmd_get { my ($url,%headers) = @_; unless ($url) { print STDERR "Need a url\n"; return 1; } my $iri = _make_url($url); my $response = $agent->get($iri,%headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } $response; } sub cmd_head { my ($url) = @_; unless ($url) { print STDERR "Need a url\n"; return 1; } my $iri = _make_url($url); my %headers = _make_headers(); my $response = $agent->head($iri,%headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } for my $header ($response->header_field_names) { printf "%s: %s\n" , $header , $response->header($header); } return 0; } sub cmd_options { my ($url) = @_; unless ($url) { print STDERR "Need a url\n"; return 1; } my $iri = _make_url($url); my %headers = _make_headers(); my $response = $agent->options($iri,%headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } for my $header ($response->header_field_names) { printf "%s: %s\n" , $header , $response->header($header); } return 0; } sub cmd_put { my ($url, $file, $mimeType) = @_; $mimeType //= _guess_mimetype($file) if $file; unless ($url) { print STDERR "Need a url\n"; return 1; } if ($url =~ /\/$/ && ($file || $mimeType)) { print STDERR "Folder names can't have file uploads\n\n"; return 1; } elsif ($url !~ /\/$/ && ! ($file || $mimeType)) { print STDERR "Need url file and mimeType\n"; return 1; } my $data; if ($file) { $data = path($file)->slurp_raw; } my $iri = _make_url($url); my %headers = _make_headers(); if ($mimeType) { $headers{'Content-Type'} = $mimeType unless $headers{'Content-Type'}; } # Prevent overwriting exiting resources unless ($opt_force) { $headers{'If-None-Match'} = '*'; } # Prevent overwriting changed resources if ($opt_etag) { $headers{'If-Match'} = $opt_etag; } my $response; if ($file) { $response = $agent->put($iri, $data, %headers); } else { %headers = _link_header('; rel="type"', %headers); $response = $agent->put($iri,undef,%headers); } unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } print STDERR $response->decoded_content , "\n"; return 0; } sub cmd_post { my ($url, $file, $mimeType) = @_; $mimeType //= _guess_mimetype($file) if $file; unless ($url && $file && -r $file && $mimeType) { print STDERR "Need url file and mimeType\n"; return 1; } my $data = path($file)->slurp_raw; my $iri = _make_url($url); my %headers = _make_headers(); $headers{'Content-Type'} = $mimeType unless $headers{'Content-Type'}; my $response = $agent->post($iri, $data, %headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } print STDERR $response->decoded_content , "\n"; print $response->header('Location') , "\n"; return 0; } sub cmd_patch { my ($url,$file_or_string) = @_; unless ($url && $file_or_string) { print STDERR "Need a url and a file or string\n"; return 1; } my $sparql; $file_or_string = '/dev/stdin' if $file_or_string eq '-'; if (-r $file_or_string) { $sparql = path($file_or_string)->slurp_utf8; } else { $sparql = $file_or_string; } my $iri = _make_url($url); my %headers = _make_headers(); $headers{'Content-Type'} = 'application/sparql-update' unless $headers{'Content-Type'}; # Prevent overwriting exiting resources unless ($opt_force) { $headers{'If-None-Match'} = '*'; } # Prevent overwriting changed resources if ($opt_etag) { $headers{'If-Match'} = $opt_etag; } my $response = $agent->patch($iri, $sparql, %headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } print STDERR $response->decoded_content , "\n"; return 0; } sub cmd_delete { my ($url) = @_; unless ($url) { print STDERR "Need a url\n"; return 1; } my $iri = _make_url($url); my %headers = _make_headers(); my $response = $agent->delete($iri, %headers); unless ($response->is_success) { printf STDERR "%s - failed to $url\n" , $response->code; printf STDERR "%s\n" , $response->message; return 2; } print STDERR $response->decoded_content , "\n"; return 0; } sub cmd_mirror { my ($url,$directory) = @_; unless ($url) { print STDERR "Need a url\n"; return 2; } unless ($directory && -d $directory) { print STDERR "Need a directory\n"; return 2; } if ($url =~ /\/$/) { # ok we are a container } else { return _cmd_mirror($url,$directory); } my $files = _cmd_list($url); return $files if $files && ref($files) eq ''; for my $file (sort keys %$files) { my $type = $files->{$file}; my $base = substr($file,length($url)); $base =~ s{\/$}{}; if ($type eq 'container') { if ($file ne $url && $base !~ /^\./ && $opt_recursive) { path("$directory/$base")->mkpath; cmd_mirror($file,"$directory/$base"); } } else { _cmd_mirror($file,$directory); } } _cmd_mirror_delete($url,$files,$directory) if $opt_delete; } sub _cmd_mirror_delete { my ($base,$files,$directory) = @_; my $path_names; for my $file (sort keys %$files) { my $path = substr($file,length($base)); $path =~ s{^\/}{}; $path =~ s{\/$}{}; next unless length($path); $path_names->{$path} = 1; } for my $path (glob("$directory/*")) { my $basename = basename($path); next if -d $path; # we always keep directories next if $path =~ /^[\.~]/; if ($path_names->{$basename}) { # ok , known path } else { if ($opt_real) { print STDERR "deleting: $path\n"; unlink $path; } else { print STDERR "deleting: $path [test : use -x for real delete]\n"; } } } } sub _cmd_mirror { my ($url,$directory) = @_; my $path = $url; $path =~ s{.*\/}{}; my %headers = (); if ($opt_skip && -e "$directory/$path" ) { print STDERR "skipping $directory/$path - already exists\n"; return 0; } if (-e "$directory/$path") { my ($mtime) = ( stat("$directory/$path") )[9]; $headers{'If-Modified-Since'} = HTTP::Date::time2str($mtime); } if ($opt_real) { print "$url -> $directory/$path\n"; my $response = _cmd_get($url,%headers); return $response unless $response && ref($response) ne ''; path("$directory/$path")->spew_raw($response->decoded_content); } else { print "$url -> $directory/$path [test : use -x for real mirror]\n"; } return 0; } sub cmd_upload { my ($directory,$url) = @_; unless ($directory && -d $directory) { print STDERR "Need a directory"; return 2; } unless ($url =~ /\/$/) { print STDERR "Url doesn't look like a container"; return 2; } for my $file (glob("$directory/*")) { my $upload_url; my $upload_file = substr($file,length($directory) + 1); if (-d $file) { $upload_url = "$url$upload_file/"; } else { $upload_url = "$url$upload_file"; } if ($opt_real) { print "$file -> $upload_url\n"; if (-d $file) { cmd_put($upload_url); } else { cmd_put($upload_url,$file); } } else { print "$file -> $upload_url [test : use -x for real upload]\n"; } if ($opt_recursive && -d $file) { cmd_upload($file,$upload_url); } } } sub _crawl_container_url { my ($url,$result) = @_; $result //= {}; unless ($url && $url =~ /^\//) { print STDERR "Need a container url\n"; return 2; } my $files = _cmd_list($url); # return on error return $files if $files && ref($files) eq ''; for my $file (sort { $b cmp $a } keys %$files) { my $type = $files->{$file}; next if $file eq $url; $result->{$file} = $type; if ($type eq 'container') { _crawl_container_url($file,$result); } } return $result; } sub cmd_clean { my ($url) = @_; unless ($url && $url =~ /^\//) { print STDERR "Need a container url\n"; return 2; } my $files; if ($opt_recursive) { $files = _crawl_container_url($url); } else { $files = _cmd_list($url); } for my $file (sort { $b cmp $a } keys %$files) { my $type = $files->{$file}; next if $file eq $url; if ($opt_keep && $type eq 'container') { print "skipping: $file\n"; next; } if ($opt_real) { print "deleting: $file\n"; cmd_delete($file); } else { print "deleting: $file [test : use -x for real upload]\n"; } } } sub cmd_authenticate { unless ($webid) { print STDERR "Need a WebId or SOLID_WEBID environment variable\n"; return 2; } $auth->make_clean; my $auth_url = $auth->make_authorization_request; print "Please visit this URL and login:\n\n$auth_url\n\n"; print "Starting callback server...\n"; $auth->listen; return 0; } sub cmd_headers { my ($method,$url) = @_; usage() unless $method && $url; my $headers = _authentication_headers($method,$url); print "$headers\n"; return 0; } sub cmd_curl { my (@rest) = @_; usage() unless @rest; my $method = 'GET'; my $url = $rest[-1]; shift @rest if @rest[0] eq '--'; if (@rest) { for (my $i = 0 ; $i < @rest ; $i++) { if ($rest[$i] eq '-X') { $method = $rest[$i+1]; } } @rest = map { String::Escape::quote($_) } @rest; } my $headers = _authentication_headers($method,$url); my $opts = join(" ",@rest); system("curl $headers $opts") == 0; } sub cmd_access_token { my $access = $auth->get_access_token; unless ($webid) { print STDERR "Need a WebId or SOLID_WEBID environment variable\n"; return 2; } unless ($access && $access->{access_token}) { print STDERR "No access_token found. You are not logged in yet?\n"; return 2; } my $token = $access->{access_token}; my ($header,$payload,$signature) = split(/\./,$token,3); unless ($header && $payload, $signature) { printf STDERR "Token is not a jwt token\n"; } my $json = JSON->new->pretty; $header = JSON::decode_json(MIME::Base64::decode_base64url($header)); $payload = JSON::decode_json(MIME::Base64::decode_base64url($payload)); printf "Header: %s\n" , $json->encode($header); printf "Payload: %s\n" , $json->encode($payload); printf "Signature: (binary data)\n", MIME::Base64::decode_base64url($signature); return 0; } sub cmd_id_token { my $access = $auth->get_access_token; unless ($access && $access->{id_token}) { print STDERR "No access_token found. You are not logged in yet?\n"; return 2; } my $token = $access->{id_token}; my ($header,$payload,$signature) = split(/\./,$token,3); unless ($header && $payload, $signature) { printf STDERR "Token is not a jwt token\n"; } my $json = JSON->new->pretty; $header = JSON::decode_json(MIME::Base64::decode_base64url($header)); $payload = JSON::decode_json(MIME::Base64::decode_base64url($payload)); printf "Header: %s\n" , $json->encode($header); printf "Payload: %s\n" , $json->encode($payload); printf "Signature: (binary data)\n", MIME::Base64::decode_base64url($signature); return 0; } # Parse the optional provided headers into a hash sub _make_headers { my %headers = (); for my $h (@$opt_header) { my ($n,$v) = split(/\s*:\s*/,$h,2); $headers{$n} = $v; } return %headers; } # Add a Link header sub _link_header { my ($link,%headers) = @_; if (exists $headers{Link}) { $headers{Link} .= ", $link"; } else { $headers{Link} = $link; } %headers; } # Expand a relative url to a full url with SOLID_REMOTE_BASE sub _make_url { my $url = shift; return $url if $url =~ /^http.*/; return $url unless defined($webbase); return $url unless $url =~ /^\.?(\/.*)?/; return "$webbase$1"; } # Expand the CURL header with authentication and DPop headers sub _authentication_headers { my ($method,$url) = @_; $webid //= $url; my $headers = $auth->make_authentication_headers($url,$method); unless ($headers) { print STDERR "No access tokens found for $webid. Maybe you need to authenticate first?\n"; } my @headers = (); for (keys %$headers) { push @headers , "-H \"" . $_ . ":" . $headers->{$_} ."\""; } return join(" ",@headers); } # Guess the mime type of a file sub _guess_mimetype { my ($path) = @_; my $magic = File::LibMagic->new; # My own MIME magic return "text/turtle" if ($path =~ /\.ttl$/); return "text/turtle" if ($path =~ /\.acl$/); return "application/ld+json" if ($path =~ /\.jsonld$/); return "text/n3" if ($path =~ /\.n3$/); return "application/rdf+xml" if ($path =~ /\.rdf$/); # If the file is empty if (! -e $path || -s $path) { my $info = $magic->info_from_filename($path); return $info->{mime_type}; } else { # Open the file and do magic guessing open my $fh, '<', $path or die $!; my $info = $magic->info_from_handle($fh); close($fh); return $info->{mime_type}; } } __END__ =head1 NAME solid_auth.pl - A Solid management tool =head1 SYNOPSIS # Set your default webid export SOLID_WEBID=https://timbl.inrupt.net/profile/card#me # Authentication to a pod solid_auth.pl authenticate # Get the http headers for a authenticated request solid_auth.pl headers GET https://timbl.inrupt.net/inbox/ # Act like a curl command and fetch authenticated content solid_auth.pl curl -- -X GET https://timbl.inrupt.net/inbox/ # Add some data solid_auth.pl curl -- -X POST \ -H "Content-Type: text/plain" \ -d "abc" \ https://timbl.inrupt.net/public/ # Add a file solid_auth.pl curl -- -X PUT \ -H "Content-Type: application/ld+json" \ -d "@myfile.jsonld" \ https://timbl.inrupt.net/public/myfile.jsonld # Set a solid base url export SOLID_REMOTE_BASE=https://timbl.inrupt.net # List all resources on some Pod path solid_auth.pl list /public/ # Get some data solid_auth.pl get /inbox/ # Post some data solid_auth.pl post /inbox/ myfile.jsonld # Put some data solid_auth.pl -f put /public/myfile.txt myfile.txt # Patch data solid_auth.pl -f patch /public/myfile.txt.meta - < 1234 } EOF # Create a folder solid_auth.pl -f put /public/mytestfolder/ # Delete some data solid_auth.pl delete /public/myfile.txt # Mirror a resource, container or tree mkdir /data/my_copy solid_auth.pl -r mirror /public/ /data/my_copy # Upload a directory to the pod # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r upload /data/my_copy /public/ # Clean all files in a container # Add the -x option to do it for real (only a test without this option) solid_auth.pl --keep clean /demo/ # Clean a complete container # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r clean /demo/ =head1 ENVIRONMENT =over =item SOLID_WEBID Your WebId. =item SOLID_REMOTE_BASE The Base URL that is used for all delete, get, head, options post, put, patch requests. =item SOLID_CLIENT_ID The URL to a static client configuration. See C for an example. This file, edited for your own environment, needs to be published on some public accessible webserver. =back =head1 CONFIGURATION =over =item --webid Your WebId. =item --base The Base URL that is used for all delete, get, head, options post, put, patch requests. =item --clientid The URL to a static client configuration. See C for an example. This file, edited for your own environment, needs to be published on some public accessible webserver. =item --skip Skip resources that already exist (mirror). =item --delete Delete local files that are not in the remote container (mirror). =item --keep Keep containers when cleaning data (clean). =item --etag=STRING Only update the data when the 'Etag' header matches the given string (put,patch). E.g. use the C command to find the ETag of a resource : $ solid_auth.pl head /demo/LICENSE ... ETag: "189aa19989dc47eab46c9f2e8c47d0836bb08cb09f7863cbf3cd3bb9a751be27" ... Now update the resource with ETag protection $ solid_auth.pl \ --etag=189aa19989dc47eab46c9f2e8c47d0836bb08cb09f7863cbf3cd3bb9a751be27 \ put /demo/LICENSE LICENSE =item --force | -f Force overwriting existing resources (put, patch). =item -r Recursive (clean, mirror, upload). =item -x Do it for real. The commands C and C will run by default in safe mode. =item -H name=value Add a header to a request (repeatable) for C, C, C, C and C. =back =head1 COMMAND =over =item authenticate Start an authentication process for your WebId. You will be presented with a URL that you need to open in a webbrowser. After a successfull login the command can be closed. The webbrowser needs to be opened on the same host as the where you where you run the solid_auth.pl command. =item headers METHOD URL Return the Authentication and DPoP headers for a HTTP C request to C. =item curl CURL-OPTS Execute a curl command with Authentication and DPoP headers added. Add a C<--> option to the C to stop solid_auth.pl from interpreting Curl options. =item list URL List the resources in a LDP container at URL. =item mirror [-rx] [--skip] [--delete] URL DIRECTORY Mirror the contents of a container to a local directory. Optional provide C<-r> option for recursive mirror. =item upload [-rx] DIRECTORY URL Upload a directorty to a container. Optional provide C<-r> option for recursive upload. With the C<-x> option, the command will run in demo mode. =item clean [-rx] [--keep] URL Clean all resources in a directory. Optional provide C<-r> option for recursive clean. With the C<-x> option, the command will run in demo mode. With the C<--keep> options all container will be kept. =item get URL Return the response of a HTTP GET request to URL. =item post URL FILE [MIMETYPE] Return the HTTP Message of a HTTP POST request of the FILE with MIMETYPE. Uses libmagic to guess the mimetype. =item put URL [FILE] [MIMETYPE] Return the HTTP Message of a HTTP PUT request of the FILE with MIMETYPE. Uses libmagic to guess the mimetype. When the URL ends with a slash (/), then a new container will be created. =item patch URL FILE|SPARQL Send the contents of a SPARQL patch file or string to a URL. Return the HTTP Message of the HTTP PATCH request to the URL. =item head URL Return the HTTP Header of a HTTP HEAD request to URL. =item head OPTIONS Return the HTTP Header of a HTTP OPTIONS request to URL. =item delete URL Return the HTTP Message of a HTTP DELETE request to URL. =item id_token Show the contents of the JWT id token. =item access_token Show the contents of the JWT access token. =back =head1 INSPIRATION This was very much inspired by the Python solid-flask code by Rai L at L, and Jeff Zucker's Solid-Shell at L. =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2021 by Patrick Hochstenbach. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =encoding utf8 =cut bin000755000765000024 014135011116 20537 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/exampleapp.pl100755000765000024 6214135011116 21755 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/example/bin#!/usr/bin/env perl use Dancer; use solid; dance; example000755000765000024 014135011116 17767 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91config.yml100644000765000024 34414135011116 22100 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/example# This is the main configuration file of your Dancer app # env-related settings should go to environments/$env.yml. # All the settings in this file will be loaded at Dancer's startup. # Your application's name appname: "solid" t000755000765000024 014135011116 16577 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91Web-Solid-Auth.t100644000765000024 41214135011116 21565 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/t#!perl use strict; use warnings; use Test::More; # use Log::Any::Adapter; # use Log::Log4perl; # Log::Any::Adapter->set('Log4perl'); # Log::Log4perl::init('./log4perl.conf'); BEGIN { use_ok 'Web::Solid::Auth'; } require_ok 'Web::Solid::Auth'; done_testing; lib000755000765000024 014135011116 20535 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/examplesolid.pm100644000765000024 267714135011116 22361 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/example/libpackage solid; use v5.10; use Dancer ':syntax'; use Web::Solid::Auth; sub session { state $state = {}; $state; } get '/' => sub { my $auth = session()->{auth}; if ($auth && $auth->has_access_token) { my $webid = $auth->webid; my $inbox = $webid; $inbox =~ s{(https://[^/]+).*}{$1/inbox/}; my $headers = $auth->make_authentication_headers($inbox,'GET'); my $response = $auth->get($inbox,%$headers); return <

You are logged in :)

$webid

Here is your private $inbox 

  $response
EOF } else { return <

Demo Login

Please provide your webid.
E.g. https://hochstenbach.solidcommunity.net/profile/card#me
EOF } }; get '/login' => sub { my $webid = params->{webid}; redirect("/") unless $webid; my $auth = Web::Solid::Auth->new( webid => $webid , redirect_uri => 'http://localhost:3000/cb' ); $auth->make_clean; session()->{auth} = $auth; redirect $auth->make_authorization_request; }; get '/cb' => sub { my $code = params->{code}; my $state = params->{state}; my $data = session()->{auth}->make_access_token($code); redirect("/") }; true; Solid000755000765000024 014135011116 20671 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/WebAuth.pm100644000765000024 4664514135011116 22327 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/Web/Solidpackage Web::Solid::Auth; use Moo; use Crypt::JWT; use Data::Dumper; use Data::UUID; use Digest::SHA; use HTTP::Link; use HTTP::Request; use HTTP::Server::PSGI; use Log::Any (); use LWP::UserAgent; use JSON; use MIME::Base64; use Path::Tiny; use URI::Escape; use Plack::Request; use Plack::Response; use Web::Solid::Auth::Listener; use Web::Solid::Auth::Util; our $VERSION = "0.91"; has webid => ( is => 'ro' , required => 1 ); has redirect_uri => ( is => 'ro' ); has cache => ( is => 'ro' , default => sub { $ENV{HOME} . "/.solid"} ); has log => ( is => 'ro', default => sub { Log::Any->get_logger }, ); has agent => ( is => 'lazy' ); has listener => ( is => 'lazy' ); has issuer => ( is => 'lazy' ); has client_id => ( is => 'ro', ); sub _build_agent { my $ua = LWP::UserAgent->new(agent => "Web::Solid::Auth/$VERSION"); $ua; } sub _build_listener { Web::Solid::Auth::Listener->new; } sub _build_issuer { shift->get_openid_provider(); } sub BUILD { my $self = shift; $self->{redirect_uri} //= $self->listener->redirect_uri; } sub listen { my $self = shift; $self->listener->run($self); } sub has_access_token { my $self = shift; my $cache_dir = $self->get_cache_dir; my $access = path($cache_dir)->child("access.json"); $access->exists; } sub make_clean { my $self = shift; my $cache_dir = $self->get_cache_dir; $self->log->info("cleaning cache directory $cache_dir"); my $openid = path($cache_dir)->child("openid.json"); $openid->remove if $openid->exists; my $client = path($cache_dir)->child("client.json"); $client->remove if $client->exists; my $access = path($cache_dir)->child("access.json"); $access->remove if $access->exists; $self; } sub make_authorization_request { my $self = shift; my $redirect_uri = $self->redirect_uri; my $registration_conf = $self->get_client_configuration; my $openid_conf = $self->get_openid_configuration; my $authorization_endpoint = $openid_conf->{authorization_endpoint}; my $client_id = $registration_conf->{client_id}; my $code_verifier = $self->make_random_string; my $code_challenge = MIME::Base64::encode_base64url(Digest::SHA::sha256($code_verifier),''); $code_challenge =~ s{=}{}; my $state = $self->make_random_string; my $url = $self->make_url( $authorization_endpoint, { code_challenge => $code_challenge , code_challenge_method => 'S256' , state => $state , scope => 'openid profile offline_access' , client_id => $client_id , response_type => 'code' , redirect_uri => $redirect_uri , }); $self->{state} = $state; $self->{code_verifier} = $code_verifier; $self->log->info("generating authorization request: $url"); return $url; } sub make_access_token { my ($self,$code) = @_; die "need code" unless $code; my $redirect_uri = $self->redirect_uri; my $openid_conf = $self->get_openid_configuration; my $registration_conf = $self->get_client_configuration; my $token_endpoint = $openid_conf->{token_endpoint}; my $token_endpoint_auth_methods_supported = $openid_conf->{token_endpoint_auth_methods_supported} // []; # Make an array out of an string... $token_endpoint_auth_methods_supported = ref($token_endpoint_auth_methods_supported) eq 'ARRAY' ? $token_endpoint_auth_methods_supported : [$token_endpoint_auth_methods_supported]; my $client_id = $registration_conf->{client_id}; my $client_secret = $registration_conf->{client_secret}; my $dpop_token = $self->make_token_for($token_endpoint,'POST'); $self->log->info("requesting access token at $token_endpoint"); my $token_request = { grant_type => 'authorization_code' , client_id => $client_id , redirect_uri => $redirect_uri , code => $code , code_verifier => $self->{code_verifier} }; my %headers = ( 'Content-Type' => 'application/x-www-form-urlencoded' , DPoP => $dpop_token ); if (grep(/^client_secret_basic/, @$token_endpoint_auth_methods_supported)) { $self->log->info('using client_secret_basic'); $headers{'Authorization'} = 'Basic ' . MIME::Base64::encode_base64url("$client_id:$client_secret"); } elsif (grep(/^client_secret_post/, @$token_endpoint_auth_methods_supported)) { $self->log->info('using client_secret_post'); $token_request->{client_secret} = $client_secret; } my $data = $self->post( $token_endpoint, $token_request , %headers ); return undef unless $data; $data = decode_json($data); $self->log->infof("received: %s", $data); my $cache_dir = $self->get_cache_dir; path($cache_dir)->mkpath unless -d $cache_dir; my $cache_file = path($cache_dir)->child("access.json")->stringify; path($cache_file)->spew(encode_json($data)); return $data; } sub make_authentication_headers { my ($self, $uri, $method) = @_; my $access = $self->get_access_token; return undef unless $access; my $headers = { Authorization => 'DPoP ' . $access->{access_token} , DPoP => $self->make_token_for($uri,$method) }; return $headers; } sub get_cache_dir { my $self = shift; my $webid = $self->webid; die "No webid set" unless $webid; my $webid_sha = Digest::SHA::sha1_hex($webid); my $cache_dir = sprintf "%s/%s" , $self->cache , Digest::SHA::sha1_hex($webid); return $cache_dir; } sub get_access_token { my $self = shift; my $cache_dir = $self->get_cache_dir; return undef unless path($cache_dir)->child("access.json")->exists; my $cache_file = path($cache_dir)->child("access.json")->stringify; $self->log->debug("reading $cache_file"); my $json = path("$cache_file")->slurp; return undef unless $json; return decode_json($json); } sub get_openid_provider { my ($self, $webid) = @_; $webid //= $self->webid; my $res = $self->options($webid); return undef unless $res; my $link = $res->header('Link'); my @links = HTTP::Link->parse($link); my $issuer; for (@links) { if ($_->{relation} eq 'http://openid.net/specs/connect/1.0/issuer') { $issuer = $_->{iri}; } } if ($issuer) { return $issuer; } else { # Try the webid to find the issuer return $self->get_webid_openid_provider($webid); } } sub get_webid_openid_provider { my ($self, $webid) = @_; $webid //= $self->webid; # Lets try plain JSON parsing for fun.. my $res = $self->get($webid, 'Accept' => 'text/turtle'); return undef unless $res; my $util = Web::Solid::Auth::Util->new; my $model = $util->parse_turtle($res); my $sparql =< ?oidcIssuer . } EOF my $issuer; $util->sparql($model, $sparql, sub { my $res = shift; $issuer = $res->value('oidcIssuer')->as_string; }); return $issuer; } sub get_client_configuration { my $self = shift; my $cache_dir = $self->get_cache_dir; path($cache_dir)->mkpath unless -d $cache_dir; my $openid_conf = $self->get_openid_configuration; my $redirect_uri = $self->redirect_uri; my $registration_endpoint = $openid_conf->{registration_endpoint}; my $cache_file = path($cache_dir)->child("client.json")->stringify; unless (-f $cache_file) { if ($self->client_id) { $self->log->info("using client document at " . $self->client_id); my $data = $self->get_json($self->client_id); $self->log->debug("generating $cache_file"); path("$cache_file")->spew(encode_json($data)); } else { $self->log->info("registering client at $registration_endpoint"); # Dynamic register the client. We request the openid and profile # scopes that are default for OpenID. The offline_access is # to be able to request refresh_tokens (not yet implemented). # The only safe response type is 'code' all other options send # sensitive data over the front channel and shouldn't be used. my $data = $self->post_json($registration_endpoint, { grant_types => ["authorization_code", "refresh_token"], redirect_uris => [ $redirect_uri ] , scope => "openid profile offline_access" , response_types => ["code"] }); return undef unless $data; $self->log->infof("received %s", $data); $self->log->debug("generating $cache_file"); path("$cache_file")->spew(encode_json($data)); } } $self->log->debug("reading $cache_file"); my $json = path("$cache_file")->slurp; return undef unless $json; return decode_json($json); } sub get_openid_configuration { my ($self) = @_; my $issuer = $self->issuer; # remove trailing slash (we will add it) $issuer =~ s{\/$}{}; my $cache_dir = $self->get_cache_dir; path($cache_dir)->mkpath unless -d $cache_dir; my $cache_file = path($cache_dir)->child("openid.json")->stringify; unless (-f $cache_file) { my $url = "$issuer/.well-known/openid-configuration"; $self->log->info("reading openid configruation from $url"); # Get the well known openid my $data = $self->get_json($url); return undef unless $data; $self->log->infof("received %s", $data); $self->log->debug("generating $cache_file"); path($cache_file)->spew(encode_json($data)); } $self->log->debug("reading $cache_file"); my $json = path($cache_file)->slurp; return undef unless $json; return decode_json($json); } sub get_key_configuration { my ($self) = @_; my $cache_dir = $self->get_cache_dir; path($cache_dir)->mkpath unless -d $cache_dir; my $cache_file = path($cache_dir)->child("key.json")->stringify; unless (-f $cache_file) { # Create an P-256 elliptic curve key we will use in DPoP # headers. my $pk = Crypt::PK::ECC->new(); $pk->generate_key('secp256r1'); $self->log->debug("generating $cache_file"); path($cache_file)->spew(encode_json({ public => $pk->export_key_jwk('public') , private => $pk->export_key_jwk('private') })); } $self->log->debug("reading $cache_file"); my $json = path($cache_file)->slurp; return undef unless $json; my $pk = Crypt::PK::ECC->new(); my $priv = decode_json($json)->{private}; $pk->import_key(\$priv); return $pk; } ## Networking sub get { my ($self, $url, %opts) = @_; my $response = $self->agent->get($url, %opts); unless ($response->is_success) { $self->log->errorf("failed to GET($url): %s" , $response); return undef; } return $response->decoded_content; } sub get_json { my ($self, $url, %opts) = @_; return decode_json($self->get($url, %opts)); } sub post { my ($self, $url, $data, %opts) = @_; my $response = $self->agent->post($url, %opts, Content => $data ); unless ($response->is_success) { $self->log->errorf("failed to POST($url): %s",$response); return undef; } return $response->decoded_content; } sub post_json { my ($self, $url, $data, %opts) = @_; $opts{'Content-Type'} //= 'application/json'; my $response = $self->agent->post($url, %opts , Content => encode_json($data) ); unless ($response->is_success) { $self->log->errorf("failed to POST($url): %s",$response); return undef; } return decode_json($response->decoded_content); } sub options { my ($self, $url) = @_; my $response = $self->agent->request( HTTP::Request->new(OPTIONS => $url) ); unless ($response->is_success) { $self->log->errorf("failed to OPTIONS($url): %s" , $response); return undef; } return $response; } sub make_url { my ($self, $url,$params) = @_; my @qparam = (); for my $key (keys %{$params // {} }) { my $value = URI::Escape::uri_escape($params->{$key}); push @qparam , "$key=$value"; } if (@qparam) { $url .= "?" . join("&", @qparam); } $url; } # Crypto sub make_random_string { my $self = shift; my $str = MIME::Base64::encode_base64url( Data::UUID->new->create() . Data::UUID->new->create() . Data::UUID->new->create() ); $str; } sub make_token_for { my ($self, $uri, $method) = @_; # With DPoP headers access_tokens can be protected. When requesting # an access_token from a token_endpoint a DPoP headers is included # which contains our public key (inside the signed token header). # Our public key will then be part of the returned access_token. # # When later on you will send the access_token to a resource provider # it can check the signed DPoP header in combination with our public # key in the access_token that you are in posession of the private key # that matches the public key in the access_token. # # In this way, when some evil resource provider steals your access_token # it can't be reused without your private key. my $pk = $self->get_key_configuration; my $header = { typ => 'dpop+jwt' , alg => 'ES256' , jwk => JSON::decode_json($pk->export_key_jwk('public')) , }; $self->log->debugf("DPoP(header) %s" , $header); my $payload = { # A jti is a random string that protects the token_endpoint server # against replay attacks jti => $self->make_random_string, # Limits the DPoP token only to this method htm => $method , # Limits the DPop token only to this uri htu => $uri , # The time this token was issued iat => time , }; $self->log->debugf("DPoP(payload) %s" , $payload); my $token = Crypt::JWT::encode_jwt( payload => $payload , key => $pk , alg => 'ES256' , extra_headers => $header ); return $token; } 1; __END__ =head1 NAME Web::Solid::Auth - A Perl Solid Web Client =head1 SYNOPSIS # On the command line # Set your default webid export SOLID_WEBID=https://timbl.inrupt.net/profile/card#me # Authentication to a pod solid_auth.pl authenticate # Get the http headers for a authenticated request solid_auth.pl headers GET https://timbl.inrupt.net/inbox/ # Act like a curl command and fetch authenticated content solid_auth.pl curl -X GET https://timbl.inrupt.net/inbox/ # Add some data solid_auth.pl curl -X POST \ -H "Content-Type: text/plain" \ -d "abc" \ https://timbl.inrupt.net/public/ # Add a file solid_auth.pl curl -X PUT \ -H "Content-Type: application/ld+json" \ -d "@myfile.jsonld" \ https://timbl.inrupt.net/public/myfile.jsonld # Set a solid base url export SOLID_REMOTE_BASE=https://timbl.inrupt.net # List all resources on some Pod path solid_auth.pl list /public/ # Get some data solid_auth.pl get /inbox/ # Post some data solid_auth.pl post /inbox/ myfile.jsonld # Put some data solid_auth.pl put /public/myfile.txt myfile.txt # Create a folder solid_auth.pl put /public/mytestfolder/ # Delete some data solid_auth.pl delete /public/myfile.txt # Mirror a resource, container or tree solid_auth.pl mirror /public/ ./my_copy # Upload a directory to the pod # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r upload /data/my_copy /public/ # Clean all files in a container # Add the -x option to do it for real (only a test without this option) solid_auth.pl --keep clean /demo/ # Clean a complete container # Add the -x option to do it for real (only a test without this option) solid_auth.pl -r clean /demo/ # In a perl program use Web::Solid::Auth; use Web::Solid::Auth::Listener; # Create a new authenticator for a pod my $auth = Web::Solid::Auth->new(webid => $webid); # Or tune a listerner my $auth = Web::Solid::Auth->new( webid => $webid , listener => Web::Solid::Auth::Listener->new( scheme => 'https' host => 'my.server.org' port => '443' , path => '/mycallback' ) ); # Or, in case you have your own callback server my $auth = Web::Solid::Auth->new( webid => $webid, redirect_uri => 'https://my.server.org/mycallback' ); # Generate a url for the user to authenticate my $auth_url = $auth->make_authorization_request; # Listen for the oauth server to return tokens # the built-in listener for feedback from the openid provider # Check the code of Web::Solid::Auth::Listener how to # do this inside your own Plack application $auth->listen; #### # If you already have access_tokens from previous step if ($auth->has_access_token) { # Fetch the Authentication and DPoP HTTP headers for a # request to an authorized resource my $headers = $auth->make_authentication_headers($resource_url,$http_method); #..do you curl..lwp::agent..or what ever with the headers } =head1 INSTALLATION See the L file in the distribution. =head1 DESCRIPTION This is a Solid-OIDC implementation of a connection class for the Solid server. Use the C command as a command line implementation. Check out the C directory for a demo web application. =head1 CONFIGURATION =over =item webid The Solid Webid to authenticate. =item cache The location of the cache directory with connection parameters. =back =head1 METHODS =over =item has_access_token() Returns a true value when a cache contains an access token for the C. =item make_clean() Clear the cache directory. =item make_authorization_request() Return an authorization URL that the use should open to authenticate this application. =item make_access_token($code) When on the redirect url you get a C from the authentication server you can use this method to get an access_token for the code. =item listen() Create a small built-in web server to listen for token responses from the authentication server. =item get_access_token() Return the cached access_token. =back =head1 SEE ALSO L =head1 INSPIRATION This was very much inspired by the Python solid-flask code by Rai L at L, and Jeff Zucker's Solid-Shell at L. =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2021 by Patrick Hochstenbach. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =encoding utf8 =cut author-pod-syntax.t100644000765000024 45414135011116 22515 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/t#!perl BEGIN { unless ($ENV{AUTHOR_TESTING}) { print qq{1..0 # SKIP these tests are for testing by the author\n}; exit } } # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. use strict; use warnings; use Test::More; use Test::Pod 1.41; all_pod_files_ok(); etc000755000765000024 014135011116 17107 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91web-solid-auth.jsonld100644000765000024 120714135011116 23306 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/etc{ "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld", "client_id": "https://hochstenbach.inrupt.net/public/web-solid-auth.jsonld#this", "client_name": "Web-Solid-Auth", "redirect_uris": [ "http://localhost:3000/callback" ], "client_uri": "https://hochstenbach.inrupt.net/", "logo_uri": "https://hochstenbach.inrupt.net/public/web-solid-auth-logo.png", "tos_uri": "https://hochstenbach.inrupt.net/public/web-solid-auth-tos.html", "scope": "openid profile offline_access", "grant_types": [ "refresh_token", "authorization_code" ], "response_types": [ "code" ], "default_max_age": 3600, "require_auth_time": true }Auth000755000765000024 014135011116 21572 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/Web/SolidUtil.pm100644000765000024 152214135011116 23205 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/Web/Solid/Authpackage Web::Solid::Auth::Util; use Moo; use Attean; use Attean::RDF qw(iri); our $GNAME = 'http://graph-name/'; sub parse_turtle { my ($self, $turtle) = @_; my $store = Attean->get_store('Memory')->new(); my $parser = Attean->get_parser('Turtle')->new(); my $iter = $parser->parse_iter_from_bytes($turtle); return undef unless $iter; my $graph = iri($GNAME); my $quads = $iter->as_quads($graph); $store->add_iter($quads); my $model = Attean::QuadModel->new( store => $store ); return $model; } sub sparql { my ($self, $model, $sparql, $cb) = @_; my $s = Attean->get_parser('SPARQL')->new(); my ($algebra) = $s->parse($sparql); my $graph = iri($GNAME); my $results = $model->evaluate($algebra, $graph); while (my $r = $results->next) { $cb->($r); } } 1; Agent.pm100644000765000024 347414135011116 23336 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/Web/Solid/Authpackage Web::Solid::Auth::Agent; use Moo; extends 'LWP::UserAgent'; has auth => ( is => 'ro' , required => 1 ); sub get { my ($self, $url , %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'GET'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::get($url,%opts); } sub head { my ($self, $url , %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'HEAD'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::head($url,%opts); } sub options { require HTTP::Request::Common; my ($self, $url , %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'OPTIONS'); %opts = (%opts, %$headers) if $headers; my @parameters = ($url, %opts); my @suff = $self->_process_colonic_headers(\@parameters,1); return $self->request( HTTP::Request::Common::OPTIONS( @parameters ), @suff ); } sub delete { my ($self, $url , %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'DELETE'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::delete($url,%opts); } sub post { my ($self, $url ,$data, %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'POST'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::post($url,%opts, Content => $data); } sub put { my ($self, $url ,$data, %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'PUT'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::put($url,%opts, Content => $data); } sub patch { my ($self, $url ,$data, %opts ) = @_; my $headers = $self->auth->make_authentication_headers($url,'PATCH'); %opts = (%opts, %$headers) if $headers; return $self->SUPER::patch($url,%opts, Content => $data); } 1;Web-Solid-Auth-Listener.t100644000765000024 43614135011116 23356 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/t#!perl use strict; use warnings; use Test::More; # use Log::Any::Adapter; # use Log::Log4perl; # Log::Any::Adapter->set('Log4perl'); # Log::Log4perl::init('./log4perl.conf'); BEGIN { use_ok 'Web::Solid::Auth::Listener'; } require_ok 'Web::Solid::Auth::Listener'; done_testing; Listener.pm100644000765000024 470214135011116 24060 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/lib/Web/Solid/Authpackage Web::Solid::Auth::Listener; use Moo; use Log::Any (); use Plack::Request; use Plack::Response; use HTTP::Server::PSGI; our $VERSION = "0.91"; has host => ( is => 'ro' , default => sub { 'localhost' } ); has port => ( is => 'ro' , default => sub { '3000' } ); has scheme => ( is => 'ro' , default => sub { 'http' } ); has path => ( is => 'ro', default => sub { '/callback' } ); has log => ( is => 'ro', default => sub { Log::Any->get_logger }, ); sub redirect_uri { my $self = shift; return sprintf "%s://%s:%s%s" , $self->scheme , $self->host , $self->port , $self->path; } sub run { my ($self,$auth) = @_; $auth //= $self->auth; my $host = $self->host; my $port = $self->port; my $path = $self->path; $self->log->info("starting callback server on $host:$port$path"); my $server = HTTP::Server::PSGI->new( host => $host, port => $port, timeout => 120, ); $server->run( sub { my $env = shift; my $req = Plack::Request->new($env); my $param = $req->parameters; my $state = $auth->{state}; $self->log->debugf("received: %s (%s) -> %s", $req->method, $req->path, $req->query_string); # Check if we got the correct path unless ($req->path eq $path) { my $res = Plack::Response->new(404); $res->content_type("text/plain"); $res->body("No such path"); return $res->finalize; } # Check if we got the correct state unless ($req->method eq 'GET' && $param->{code} && $param->{state} eq $state ) { my $res = Plack::Response->new(404); $res->content_type("text/plain"); $res->body("Failed to get an access_token"); return $res->finalize; } my $data = $auth->make_access_token($param->{code}); if ($data) { print "Ok stored you can close this program\n"; my $res = Plack::Response->new(200); $res->content_type("text/plain"); $res->body("You are logged in :)"); return $res->finalize; } else { my $res = Plack::Response->new(404); $res->content_type("text/plain"); $res->body("Failed to get an access_token"); return $res->finalize; } } ); } 1; environments000755000765000024 014135011116 22516 5ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/exampleproduction.yml100644000765000024 45014135011116 25546 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/example/environments# configuration file for production environment # only log warning and error messages log: "warning" # log message to a file in logs/ logger: "file" # don't consider warnings critical warnings: 0 # hide errors show_errors: 0 # cache route resolution for maximum performance route_cache: 1 development.yml100644000765000024 103414135011116 25721 0ustar00patrickhochstenbachstaff000000000000Web-Solid-Auth-0.91/example/environments# configuration file for development environment # the logger engine to use # console: log messages to STDERR (your console where you started the # application server) # file: log message to a file in log/ logger: "console" # the log level for this environment # core is the lowest, it shows Dancer's core log messages as well as yours # (debug, info, warning and error) log: "core" # Should Dancer consider warnings as critical errors? warnings: 1 # Should Dancer show a stacktrace when an error is caught? show_errors: 1