feat: set up WebID server

.github/workflows/ci.yml

@@ -14,6 +14,7 @@ jobs:
       image_semcom_components: ${{ steps.vars.outputs.image_semcom_components }}
       image_pods: ${{ steps.vars.outputs.image_pods }}
       image_id_proxy: ${{ steps.vars.outputs.image_id_proxy }}
+      image_webid: ${{ steps.vars.outputs.image_webid }}
     steps:
       - name: Set variables
         id: vars
@@ -25,6 +26,7 @@ jobs:
           echo "::set-output name=image_semcom_components::ghcr.io/netwerk-digitaal-erfgoed/solid-crs-semcom-components"
           echo "::set-output name=image_pods::ghcr.io/netwerk-digitaal-erfgoed/solid-crs-pods"
           echo "::set-output name=image_id_proxy::ghcr.io/netwerk-digitaal-erfgoed/solid-crs-id-proxy"
+          echo "::set-output name=image_webid::ghcr.io/netwerk-digitaal-erfgoed/solid-crs-webid"
 
   test:
     name: Run tests
@@ -208,6 +210,17 @@ jobs:
           build-args: |
             NPM_TOKEN=${{secrets.DIGITA_PACKAGES}}
 
+      - name: Build and push webid
+        uses: docker/build-push-action@v2
+        with:
+          context: packages/solid-crs-webid/
+          push: true
+          tags: |
+            ${{ needs.variables.outputs.image_webid }}:latest
+            ${{ needs.variables.outputs.image_webid }}:${{ needs.variables.outputs.tag }}
+          build-args: |
+            NPM_TOKEN=${{secrets.DIGITA_PACKAGES}}
+
       - uses: digitalocean/action-doctl@v2
         with:
           token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
@@ -224,6 +237,7 @@ jobs:
           kubectl set image deployment/solid-crs-semcom-components app=${{ needs.variables.outputs.image_semcom_components }}:${{ needs.variables.outputs.tag }} --record
           kubectl set image statefulset/solid-crs-pods app=${{ needs.variables.outputs.image_pods }}:${{ needs.variables.outputs.tag }} --record
           kubectl set image statefulset/solid-crs-id-proxy app=${{ needs.variables.outputs.image_id_proxy }}:${{ needs.variables.outputs.tag }} --record
+          kubectl set image statefulset/solid-crs-webid app=${{ needs.variables.outputs.image_webid }}:${{ needs.variables.outputs.tag }} --record
 
       - name: Verify deployment
         run: |
@@ -233,3 +247,4 @@ jobs:
           kubectl rollout status deployment/solid-crs-semcom-components
           kubectl rollout status statefulset/solid-crs-pods
           kubectl rollout status statefulset/solid-crs-id-proxy
+          kubectl rollout status statefulset/solid-crs-webid

nde-erfgoed.code-workspace

@@ -36,6 +36,10 @@
       "name": "pods",
       "path": "packages/solid-crs-pods"
     },
+    {
+      "name": "webid",
+      "path": "packages/solid-crs-webid"
+    },
     {
       "name": "semcom-node",
       "path": "packages/solid-crs-semcom-node"

packages/solid-crs-id-proxy/config/local-config.json

@@ -121,7 +121,7 @@
       "@id": "urn:dgt-id-proxy:default:ClientIdStaticAuthRequestHandler",
       "@type": "ClientIdStaticAuthRequestHandler",
       "clientId": "VUXJUOJG4ubzsNtPMXFADjCQ1jpK5EPx",
-      "redirectUri": "http://localhost:3003/redirect",
+      "redirectUri": "http://localhost:3006/redirect",
       "keyValueStore": {
         "@id": "urn:dgt-id-proxy:default:StaticAuthStore"
       }
@@ -141,7 +141,7 @@
       },
       "clientId": "VUXJUOJG4ubzsNtPMXFADjCQ1jpK5EPx",
       "clientSecret": "fBV0486gO-fytTNe-4QeQGv4QabENuZkTyO7T6ugOK-xpMnGzVazVHN6RMlSsioo",
-      "redirectUri": "http://localhost:3003/redirect"
+      "redirectUri": "http://localhost:3006/redirect"
     },
     {
       "@id": "urn:dgt-id-proxy:default:StateStore",
@@ -215,7 +215,7 @@
       "keyValueStore": {
         "@type": "InMemoryStore"
       },
-      "proxyTokenUrl": "http://localhost:3003/oauth/token",
+      "proxyTokenUrl": "http://localhost:3006/oauth/token",
       "clockTolerance": 15,
       "maxDpopProofTokenAge": 90
     },
@@ -386,7 +386,7 @@
             "@id": "urn:dgt-id-proxy:default:WebIdProfileHandler",
             "@type": "WebIdProfileHandler",
             "webId": "http://localhost:3000/clientapp/card#me",
-            "idp": "http://localhost:3003",
+            "idp": "http://localhost:3006",
             "pathToJwks": {
               "@id": "urn:dgt-id-proxy:variables:jwksFilePath"
             },
@@ -470,4 +470,4 @@
       "path": "/u/signup"
     }
   ]
-}
+}

packages/solid-crs-id-proxy/config/proxy-config.json

@@ -110,7 +110,7 @@
       {
         "@id": "urn:dgt-id-proxy:default:SingleClaimWebIdFactory",
         "@type": "SingleClaimWebIdFactory",
-        "webIdPattern": "https://pods.netwerkdigitaalerfgoed.nl/:customclaim",
+        "webIdPattern": "https://webid.netwerkdigitaalerfgoed.nl/:customclaim",
         "claim": "https://netwerkdigitaalerfgoed.nl/username"
       },
       {
@@ -385,12 +385,12 @@
             {
               "@id": "urn:dgt-id-proxy:default:WebIdProfileHandler",
               "@type": "WebIdProfileHandler",
-              "webId": "https://pods.netwerkdigitaalerfgoed.nl/id-proxy/profile/card#me",
+              "webId": "https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me",
               "idp": "https://auth.netwerkdigitaalerfgoed.nl/",
               "pathToJwks": {
                 "@id": "urn:dgt-id-proxy:variables:jwksFilePath"
               },
-              "webIdPattern": "https://pods.netwerkdigitaalerfgoed.nl/:customclaim/profile/card#me",
+              "webIdPattern": "https://webid.netwerkdigitaalerfgoed.nl/:customclaim",
               "predicates": [
                 [ "urn:example:sub", [ "sub" ] ]
               ]
@@ -470,4 +470,4 @@
         "path": "/u/signup"
       }
     ]
-  }
+  }

packages/solid-crs-id-proxy/package.json

@@ -5,10 +5,10 @@
   "author": "digita.ai",
   "scripts": {
     "start": "dgt-id-proxy",
-    "start:watch": "npm run start -- -u http://localhost:3003/ -U https://nde.eu.auth0.com/ -m . -c config/local-config.json -o assets/openid-configuration.json -j assets/jwks.json",
+    "start:watch": "npm run start -- -u http://localhost:3006/ -U https://nde.eu.auth0.com/ -m . -c config/local-config.json -o assets/openid-configuration.json -j assets/jwks.json",
     "build": "shx rm -rf assets && shx mkdir assets && npm run generate:oidc && npm run generate:keys",
     "lint:staged": "lint-staged",
-    "generate:oidc": "node scripts/generate-openid-configuration.js https://nde.eu.auth0.com/ http://localhost:3003/ assets/openid-configuration.json local",
+    "generate:oidc": "node scripts/generate-openid-configuration.js https://nde.eu.auth0.com/ http://localhost:3006/ assets/openid-configuration.json local",
     "generate:keys": "node scripts/generate-keys.js assets/jwks.json"
   },
   "main": "./dist/index.js",

packages/solid-crs-webid/.dockerignore

@@ -0,0 +1,37 @@
+# compiled output
+/dist
+/node_modules
+!/node_modules/community-server
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# OS
+.DS_Store
+
+# Tests
+/coverage
+/.nyc_output
+
+# IDEs and editors
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+yarn-error.log
+yarn.lock

packages/solid-crs-webid/.gitignore

@@ -0,0 +1 @@
+tmp

packages/solid-crs-webid/Dockerfile

@@ -0,0 +1,31 @@
+FROM node:14-alpine
+
+LABEL org.opencontainers.image.source https://github.com/netwerk-digitaal-erfgoed/solid-crs
+
+# Install git as it is needed to pull from solid/community-server
+RUN apk update && apk upgrade && \
+    apk add --no-cache bash git openssh
+
+ENV BASE_URL=http://localhost
+ENV PORT=80
+ENV CONFIG=config/file.json
+ENV ENVIRONMENT=production
+
+# Create app directory
+RUN mkdir -p /community-server
+WORKDIR /community-server
+
+# Install app dependencies
+ARG NPM_TOKEN
+COPY package.json /community-server/
+RUN npm install  --unsafe-perm
+
+# Bundle app source
+COPY . /community-server
+
+# Copy initial data
+COPY ./config/ /config
+
+# Expose ports.
+EXPOSE 80
+CMD node ./node_modules/.bin/community-solid-server -b ${BASE_URL} -p ${PORT} -c ${CONFIG} --rootFilePath /tmp/css

packages/solid-crs-webid/config/file.json

@@ -0,0 +1,39 @@
+{
+  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^2.0.0/components/context.jsonld",
+  "import": [
+    "files-scs:config/app/main/default.json",
+    "files-scs:config/app/init/default.json",
+    "files-scs:config/app/setup/required.json",
+    "files-scs:config/http/handler/default.json",
+    "files-scs:config/http/middleware/websockets.json",
+    "files-scs:config/http/server-factory/websockets.json",
+    "files-scs:config/http/static/default.json",
+    "files-scs:config/identity/access/public.json",
+    "files-scs:config/identity/email/default.json",
+    "files-scs:config/identity/handler/default.json",
+    "files-scs:config/identity/ownership/token.json",
+    "files-scs:config/identity/pod/static.json",
+    "files-scs:config/identity/registration/disabled.json",
+    "files-scs:config/ldp/authentication/dpop-bearer.json",
+    "files-scs:config/ldp/authorization/webacl.json",
+    "files-scs:config/ldp/handler/default.json",
+    "files-scs:config/ldp/metadata-parser/default.json",
+    "files-scs:config/ldp/metadata-writer/default.json",
+    "files-scs:config/ldp/modes/default.json",
+    "files-scs:config/storage/backend/file.json",
+    "files-scs:config/storage/key-value/resource-store.json",
+    "files-scs:config/storage/middleware/default.json",
+    "files-scs:config/util/auxiliary/acl.json",
+    "files-scs:config/util/identifiers/suffix.json",
+    "files-scs:config/util/index/default.json",
+    "files-scs:config/util/logging/winston.json",
+    "files-scs:config/util/representation-conversion/default.json",
+    "files-scs:config/util/resource-locker/memory.json",
+    "files-scs:config/util/variables/default.json"
+  ],
+  "@graph": [
+    {
+      "comment": "A single-pod server that stores its resources on disk, with account registration disabled."
+    }
+  ]
+}

packages/solid-crs-webid/data/development/.acl

@@ -0,0 +1,27 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#authorization>
+    a               acl:Authorization;
+    acl:agentClass  foaf:Agent;
+    acl:mode        acl:Read;
+    acl:mode        acl:Write;
+    acl:mode        acl:Append;
+    acl:mode        acl:Delete;
+    acl:mode        acl:Control;
+    acl:accessTo    <./>;
+    acl:default     <./>.
+
+<#minter-append-webids>
+    a acl:Authorization;
+    acl:agent <http://localhost:3007/dgt-id-proxy/card#me>;
+    acl:accessTo <./>;
+    acl:mode
+        acl:Read, acl:Append.
+
+<#minter-control-webids>
+    a acl:Authorization;
+    acl:agent <http://localhost:3007/dgt-id-proxy/card#me>;
+    acl:default <./>;
+    acl:mode
+        acl:Read, acl:Write, acl:Control.

packages/solid-crs-webid/data/development/.internal/setup/c2V0dXBDb21wbGV0ZWQtMi4w$.json

@@ -0,0 +1 @@
+true

packages/solid-crs-webid/data/development/.meta

@@ -0,0 +1 @@
+<http://localhost:3007/> a <http://www.w3.org/ns/pim/space#Storage>.

packages/solid-crs-webid/data/development/dgt-id-proxy/.acl

@@ -0,0 +1,9 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#public>
+    a acl:Authorization;
+    acl:agentClass foaf:Agent;
+    acl:accessTo <./>;
+    acl:default <./>;
+    acl:mode acl:Read.

packages/solid-crs-webid/data/development/dgt-id-proxy/.meta

@@ -0,0 +1 @@
+<http://localhost:3007/dgt-id-proxy/> a <http://www.w3.org/ns/pim/space#Storage>.

packages/solid-crs-webid/data/development/dgt-id-proxy/card$.ttl

@@ -0,0 +1,13 @@
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+@prefix solid: <http://www.w3.org/ns/solid/terms#>.
+
+<>
+    a foaf:PersonalProfileDocument;
+    foaf:maker <http://localhost:3007/dgt-id-proxy/card#me>;
+    foaf:primaryTopic <http://localhost:3007/dgt-id-proxy/card#me>.
+
+<http://localhost:3007/dgt-id-proxy/card#me>
+    a foaf:Person;
+    foaf:name "dgt-id-proxy";
+    solid:oidcIssuer <http://localhost:3006/> ;
+    solid:oidcIssuerRegistrationToken "" .

packages/solid-crs-webid/data/production/.acl

@@ -0,0 +1,27 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#authorization>
+    a               acl:Authorization;
+    acl:agentClass  foaf:Agent;
+    acl:mode        acl:Read;
+    acl:mode        acl:Write;
+    acl:mode        acl:Append;
+    acl:mode        acl:Delete;
+    acl:mode        acl:Control;
+    acl:accessTo    <./>;
+    acl:default     <./>.
+
+<#minter-append-webids>
+    a acl:Authorization;
+    acl:agent <https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me>;
+    acl:accessTo <./>;
+    acl:mode
+        acl:Read, acl:Append.
+
+<#minter-control-webids>
+    a acl:Authorization;
+    acl:agent <https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me>;
+    acl:default <./>;
+    acl:mode
+        acl:Read, acl:Write, acl:Control.

packages/solid-crs-webid/data/production/.meta

@@ -0,0 +1 @@
+<https://webid.netwerkdigitaalerfgoed.nl/> a <http://www.w3.org/ns/pim/space#Storage>.

packages/solid-crs-webid/data/production/dgt-id-proxy/.acl

@@ -0,0 +1,9 @@
+@prefix acl: <http://www.w3.org/ns/auth/acl#>.
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+
+<#public>
+    a acl:Authorization;
+    acl:agentClass foaf:Agent;
+    acl:accessTo <./>;
+    acl:default <./>;
+    acl:mode acl:Read.

packages/solid-crs-webid/data/production/dgt-id-proxy/.meta

@@ -0,0 +1 @@
+<https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/> a <http://www.w3.org/ns/pim/space#Storage>.

packages/solid-crs-webid/data/production/dgt-id-proxy/card$.ttl

@@ -0,0 +1,13 @@
+@prefix foaf: <http://xmlns.com/foaf/0.1/>.
+@prefix solid: <http://www.w3.org/ns/solid/terms#>.
+
+<>
+    a foaf:PersonalProfileDocument;
+    foaf:maker <https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me>;
+    foaf:primaryTopic <https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me>.
+
+<https://webid.netwerkdigitaalerfgoed.nl/dgt-id-proxy/card#me>
+    a foaf:Person;
+    foaf:name "dgt-id-proxy";
+    solid:oidcIssuer <https://auth.netwerkdigitaalerfgoed.nl/> ;
+    solid:oidcIssuerRegistrationToken "" .