nodeSolidServer
diff --git a/‎lib/handlers/auth-proxy.mjs‎
Lines changed: 1 addition & 3 deletions b/‎lib/handlers/auth-proxy.mjs‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎lib/handlers/cors-proxy.mjs‎
Lines changed: 5 additions & 7 deletions b/‎lib/handlers/cors-proxy.mjs‎
Lines changed: 5 additions & 7 deletions
diff --git a/‎lib/handlers/error-pages.mjs‎
Lines changed: 147 additions & 217 deletions b/‎lib/handlers/error-pages.mjs‎
Lines changed: 147 additions & 217 deletions
@@ -1,9 +1,7 @@
 // An authentication proxy is a reverse proxy
 // that sends a logged-in Solid user's details to a backend
 
-import { createRequire } from 'module'
-const require = createRequire(import.meta.url)
-const { createProxyMiddleware } = require('http-proxy-middleware')
+import { createProxyMiddleware } from 'http-proxy-middleware'
 import debug from '../debug.mjs'
 import allow from './allow.mjs'
 
 
@@ -1,15 +1,13 @@
 /* eslint-disable node/no-deprecated-api */
 
-import { createRequire } from 'module'
-const require = createRequire(import.meta.url)
-const { createProxyMiddleware } = require('http-proxy-middleware')
-const cors = require('cors')
+import { createProxyMiddleware } from 'http-proxy-middleware'
+import cors from 'cors'
 import debug from '../debug.mjs'
 import url from 'url'
 import dns from 'dns'
-const isIp = require('is-ip')
-const ipRange = require('ip-range-check')
-const validUrl = require('valid-url')
+import isIp from 'is-ip'
+import ipRange from 'ip-range-check'
+import validUrl from 'valid-url'
 
 const CORS_SETTINGS = {
   methods: 'GET',
 
@@ -1,217 +1,147 @@
-import debug from '../debug.mjs'
-const debugServer = debug.server
-import fs from 'fs'
-import util from '../utils.mjs'
-import * as Auth from '../api/authn/index.mjs'
-import { createRequire } from 'module'
-const require = createRequire(import.meta.url)
-
-/**
- * Serves as a last-stop error handler for all other middleware.
- *
- * @param err {Error}
- * @param req {IncomingRequest}
- * @param res {ServerResponse}
- * @param next {Function}
- */
-export function handler (err, req, res, next) {
-  debugServer('Error page because of:', err)
-
-  const locals = req.app.locals
-  const authMethod = locals.authMethod
-  const ldp = locals.ldp
-
-  // If the user specifies this function,
-  // they can customize the error programmatically
-  if (ldp.errorHandler) {
-    debugServer('Using custom error handler')
-    return ldp.errorHandler(err, req, res, next)
-  }
-
-  const statusCode = statusCodeFor(err, req, authMethod)
-  switch (statusCode) {
-    case 401:
-      setAuthenticateHeader(req, res, err)
-      renderLoginRequired(req, res, err)
-      break
-    case 403:
-      renderNoPermission(req, res, err)
-      break
-    default:
-      if (ldp.noErrorPages) {
-        sendErrorResponse(statusCode, res, err)
-      } else {
-        sendErrorPage(statusCode, res, err, ldp)
-      }
-  }
-}
-
-/**
- * Returns the HTTP status code for a given request error.
- *
- * @param err {Error}
- * @param req {IncomingRequest}
- * @param authMethod {string}
- *
- * @returns {number}
- */
-function statusCodeFor (err, req, authMethod) {
-  let statusCode = err.status || err.statusCode || 500
-
-  if (authMethod === 'oidc') {
-    statusCode = Auth.oidc.statusCodeOverride(statusCode, req)
-  }
-
-  return statusCode
-}
-
-/**
- * Dispatches the writing of the `WWW-Authenticate` response header (used for
- * 401 Unauthorized responses).
- *
- * @param req {IncomingRequest}
- * @param res {ServerResponse}
- * @param err {Error}
- */
-export function setAuthenticateHeader (req, res, err) {
-  const locals = req.app.locals
-  const authMethod = locals.authMethod
-
-  switch (authMethod) {
-    case 'oidc':
-      Auth.oidc.setAuthenticateHeader(req, res, err)
-      break
-    case 'tls':
-      Auth.tls.setAuthenticateHeader(req, res)
-      break
-    default:
-      break
-  }
-}
-
-/**
- * Sends the HTTP status code and error message in the response.
- *
- * @param statusCode {number}
- * @param res {ServerResponse}
- * @param err {Error}
- */
-export function sendErrorResponse (statusCode, res, err) {
-  res.status(statusCode)
-  res.header('Content-Type', 'text/plain;charset=utf-8')
-  res.send(err.message + '\n')
-}
-
-/**
- * Sends the HTTP status code and error message as a custom error page.
- *
- * @param statusCode {number}
- * @param res {ServerResponse}
- * @param err {Error}
- * @param ldp {LDP}
- */
-export function sendErrorPage (statusCode, res, err, ldp) {
-  const errorPage = ldp.errorPages + statusCode.toString() + '.html'
-
-  return new Promise((resolve) => {
-    fs.readFile(errorPage, 'utf8', (readErr, text) => {
-      if (readErr) {
-        // Fall back on plain error response
-        return resolve(sendErrorResponse(statusCode, res, err))
-      }
-
-      res.status(statusCode)
-      res.header('Content-Type', 'text/html')
-      res.send(text)
-      resolve()
-    })
-  })
-}
-
-/**
- * Renders the databrowser
- *
- * @param req {IncomingRequest}
- * @param res {ServerResponse}
- */
-function renderDataBrowser (req, res) {
-  res.set('Content-Type', 'text/html')
-  const ldp = req.app.locals.ldp
-  
-  const defaultDataBrowser = require.resolve('mashlib/dist/databrowser.html')
-  
-  const dataBrowserPath = ldp.dataBrowserPath === 'default' ? defaultDataBrowser : ldp.dataBrowserPath
-  debugServer('   sending data browser file: ' + dataBrowserPath)
-  const dataBrowserHtml = fs.readFileSync(dataBrowserPath, 'utf8')
-  // Note: This must be done instead of sendFile because the test suite doesn't accept 412 responses
-  res.set('content-type', 'text/html')
-  res.send(dataBrowserHtml)
-}
-
-/**
- * Renders a 401 response explaining that a login is required.
- *
- * @param req {IncomingRequest}
- * @param res {ServerResponse}
- */
-function renderLoginRequired (req, res, err) {
-  const currentUrl = util.fullUrlForReq(req)
-  debugServer(`Display login-required for ${currentUrl}`)
-  res.statusMessage = err.message
-  res.status(401)
-  if (req.accepts('html')) {
-    renderDataBrowser(req, res)
-  } else {
-    res.send('Not Authenticated')
-  }
-}
-
-/**
- * Renders a 403 response explaining that the user has no permission.
- *
- * @param req {IncomingRequest}
- * @param res {ServerResponse}
- */
-function renderNoPermission (req, res, err) {
-  const currentUrl = util.fullUrlForReq(req)
-  debugServer(`Display no-permission for ${currentUrl}`)
-  res.statusMessage = err.message
-  res.status(403)
-  if (req.accepts('html')) {
-    renderDataBrowser(req, res)
-  } else {
-    res.send('Not Authorized')
-  }
-}
-
-/**
- * Returns a response body for redirecting browsers to a Select Provider /
- * login workflow page. Uses either a JS location.href redirect or an
- * http-equiv type html redirect for no-script conditions.
- *
- * @param url {string}
- *
- * @returns {string} Response body
- */
-export function redirectBody (url) {
-  return `<!DOCTYPE HTML>
-<meta charset="UTF-8">
-<script>
-  window.location.href = "${url}" + encodeURIComponent(window.location.hash)
-</script>
-<noscript>
-  <meta http-equiv="refresh" content="0; url=${url}">
-</noscript>
-<title>Redirecting...</title>
-If you are not redirected automatically,
-follow the <a href='${url}'>link to login</a>
-`
-}
-
-export default {
-  handler,
-  redirectBody,
-  sendErrorPage,
-  sendErrorResponse,
-  setAuthenticateHeader
-}
+import { server as debug } from '../debug.mjs'
+import fs from 'fs'
+import { fileURLToPath } from 'url'
+import * as util from '../utils.mjs'
+import Auth from '../api/authn/index.mjs'
+
+function statusCodeFor (err, req, authMethod) {
+  let statusCode = err.status || err.statusCode || 500
+
+  if (authMethod === 'oidc') {
+    statusCode = Auth.oidc.statusCodeOverride(statusCode, req)
+  }
+
+  return statusCode
+}
+
+export function setAuthenticateHeader (req, res, err) {
+  const locals = req.app.locals
+  const authMethod = locals.authMethod
+
+  switch (authMethod) {
+    case 'oidc':
+      Auth.oidc.setAuthenticateHeader(req, res, err)
+      break
+    case 'tls':
+      Auth.tls.setAuthenticateHeader(req, res)
+      break
+    default:
+      break
+  }
+}
+
+export function sendErrorResponse (statusCode, res, err) {
+  res.status(statusCode)
+  res.header('Content-Type', 'text/plain;charset=utf-8')
+  res.send(err.message + '\n')
+}
+
+export function sendErrorPage (statusCode, res, err, ldp) {
+  const errorPage = ldp.errorPages + statusCode.toString() + '.html'
+
+  return new Promise((resolve) => {
+    fs.readFile(errorPage, 'utf8', (readErr, text) => {
+      if (readErr) {
+        return resolve(sendErrorResponse(statusCode, res, err))
+      }
+
+      res.status(statusCode)
+      res.header('Content-Type', 'text/html')
+      res.send(text)
+      resolve()
+    })
+  })
+}
+
+function renderDataBrowser (req, res) {
+  res.set('Content-Type', 'text/html')
+  const ldp = req.app.locals.ldp
+  const defaultDataBrowser = import.meta.resolve('mashlib/dist/databrowser.html')
+  let dataBrowserPath = ldp.dataBrowserPath === 'default' ? defaultDataBrowser : ldp.dataBrowserPath
+  debug('   sending data browser file: ' + dataBrowserPath)
+  // `import.meta.resolve` returns a file:// URL string; convert it to a
+  // filesystem path for `fs.readFileSync` when necessary.
+  if (typeof dataBrowserPath === 'string' && dataBrowserPath.startsWith('file://')) {
+    dataBrowserPath = fileURLToPath(dataBrowserPath)
+  }
+  const dataBrowserHtml = fs.readFileSync(dataBrowserPath, 'utf8')
+  res.set('content-type', 'text/html')
+  res.send(dataBrowserHtml)
+}
+
+export function handler (err, req, res, next) {
+  debug('Error page because of:', err)
+
+  const locals = req.app.locals
+  const authMethod = locals.authMethod
+  const ldp = locals.ldp
+
+  if (ldp.errorHandler) {
+    debug('Using custom error handler')
+    return ldp.errorHandler(err, req, res, next)
+  }
+
+  const statusCode = statusCodeFor(err, req, authMethod)
+  switch (statusCode) {
+    case 401:
+      setAuthenticateHeader(req, res, err)
+      renderLoginRequired(req, res, err)
+      break
+    case 403:
+      renderNoPermission(req, res, err)
+      break
+    default:
+      if (ldp.noErrorPages) {
+        sendErrorResponse(statusCode, res, err)
+      } else {
+        sendErrorPage(statusCode, res, err, ldp)
+      }
+  }
+}
+
+function renderLoginRequired (req, res, err) {
+  const currentUrl = util.fullUrlForReq(req)
+  debug(`Display login-required for ${currentUrl}`)
+  res.statusMessage = err.message
+  res.status(401)
+  if (req.accepts('html')) {
+    renderDataBrowser(req, res)
+  } else {
+    res.send('Not Authenticated')
+  }
+}
+
+function renderNoPermission (req, res, err) {
+  const currentUrl = util.fullUrlForReq(req)
+  debug(`Display no-permission for ${currentUrl}`)
+  res.statusMessage = err.message
+  res.status(403)
+  if (req.accepts('html')) {
+    renderDataBrowser(req, res)
+  } else {
+    res.send('Not Authorized')
+  }
+}
+
+export function redirectBody (url) {
+  return `<!DOCTYPE HTML>
+<meta charset="UTF-8">
+<script>
+  window.location.href = "${url}" + encodeURIComponent(window.location.hash)
+</script>
+<noscript>
+  <meta http-equiv="refresh" content="0; url=${url}">
+</noscript>
+<title>Redirecting...</title>
+If you are not redirected automatically,
+follow the <a href='${url}'>link to login</a>
+`
+}
+
+export default {
+  handler,
+  redirectBody,
+  sendErrorPage,
+  sendErrorResponse,
+  setAuthenticateHeader
+}