npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

webid-pubkey-credentials-module

v1.0.1

Published

A Solid Community Server module to provide Mastodon like webid-pubkey credentials

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hochstenbachhochstenbach

Keywords

Readme

Webid-Pubkey-Credentials component

This repository contains an external component that can be injected into the Community Solid Server (CSS). The component allows extraction of credentials based on Mastodon style HTTP Signatures.

HTTP GET requests should contain the following headers:

  • host : the hostname (+ optional port) of the Pod
  • date : a UTC date string
  • signature : a comma delimited pair of name/value pairs:
    • keyId : a WebID
    • signature : a base64 encoded signature value (see below)

HTTP POST/PUT/PATCH requests should also contain the followig headers:

  • digest : a base64 encoded RSA-SHA256 hash of the request body

The signature string is constructed using the values of the HTTP headers defined in headers, joined by newlines. See https://docs.joinmastodon.org/spec/security/#ld and https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/ for a procedure.

Configuration

See: config/ldp/authentication/webid-pubkey.json for an example configuration file. The urlMatch limits resources for which this module is applicable. In the example, the /inbox/ resources uses the webid-pubkey-credentials method.

Example

Create a private/public key pair

# .test is an output directory
node bin/generate_keys.js .test

Write the public key in your webid profile

@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@prefix solid: <http://www.w3.org/ns/solid/terms#>.

<>
    a foaf:PersonalProfileDocument;
    foaf:maker <http://localhost:3000/test/profile/card#me>;
    foaf:primaryTopic <http://localhost:3000/test/profile/card#me>.

<http://localhost:3000/test/profile/card#me>
    a foaf:Person;
    solid:oidcIssuer <http://localhost:3000/>;
    <https://w3id.org/security#publicKey> <http://localhost:3000/test/profile/card#main-key> .

<http://localhost:3000/test/profile/card#main-key> <https://w3id.org/security#publicKeyPem> '''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6y7IELZ63Up0bb+mxby
1wILqb5QtuUvALUQxk41dEJloj6Krrvf7s+77B0shNKplnwlvNXCnTexdLBjbs3f
7GELp7h4Dp46bIutUPfBizf71VyqO8eFX94Hur3uaPSr2uLpu1IKXpX/SIwXjcqg
7s+1b2LrOLla344TcnHokoDN3mhUznif0GOcQxksU1UKcDKF3aM2ug6h8xSLh1pv
wFCiZyXi7HHMxaJD1b5CC7a8+kMWDsNDjDYMKNl4jk9HTNrcvzgUDHbNzi9NdUis
7qdZFBsjs0LwWv+J6Kh4/p6YpDndefQupNsI7ziZR6r+fpHPJwhc6wpjFLetvbOh
4wIDAQAB
-----END PUBLIC KEY-----
''' .

Provide access the the webid

Provide in the ACL/ACP configuration of the Pod access for the webid containing the public keys.

Execute a request against the /inbox/

./demo.sh

Running the server

Clone this repository, the install the packages

npm i

To run the server with use :

npm run start

Feedback and questions

Ask Patrick Hochstenbach.