Merge branch 'rv/patch/n3' into dz_oidc

* rv/patch/n3:
  Migrate to Solid vocabulary.
  Refactor PATCH tests with helper method.
  Verify read and write permissions for patches.
  Expose ACL and user ID on request.
  Refactor patch handler to perform everything but parsing.
  Add WHERE support to N3 patches.
  Test PATCH combined deletion and insertion.
  Test PATCH deletion.
  Use single-user setup for PATCH tests.
  Enable and test PATCH appending.
  Syntactically and structurally validate patches.
  Set up new PATCH tests.
  Clean up SPARQL UPDATE PATCH tests.
  Construct the patch URI through a hash of its contents.
  Add preliminary N3 patch support.
  Refactor SPARQL update patcher with promises.

Author: RubenVerborgh

lib/handlers/patch.js

@@ -9,44 +9,50 @@ const debug = require('../debug').handlers
 const utils = require('../utils.js')
 const error = require('../http-error')
 const $rdf = require('rdflib')
+const crypto = require('crypto')
 
 const DEFAULT_TARGET_TYPE = 'text/turtle'
 
-// Patch handlers by request body content type
-const PATCHERS = {
-  'application/sparql-update': require('./patch/sparql-update-patcher.js')
+// Patch parsers by request body content type
+const PATCH_PARSERS = {
+  'application/sparql-update': require('./patch/sparql-update-parser.js'),
+  'text/n3': require('./patch/n3-patch-parser.js')
 }
 
 // Handles a PATCH request
 function patchHandler (req, res, next) {
-  debug('PATCH -- ' + req.originalUrl)
+  debug(`PATCH -- ${req.originalUrl}`)
   res.header('MS-Author-Via', 'SPARQL')
 
-  // Obtain details of the patch document
-  const patch = {
-    text: req.body ? req.body.toString() : '',
-    contentType: (req.get('content-type') || '').match(/^[^;\s]*/)[0]
-  }
-  const patchGraph = PATCHERS[patch.contentType]
-  if (!patchGraph) {
-    return next(error(415, 'Unknown patch content type: ' + patch.contentType))
-  }
-  debug('PATCH -- Received patch (%d bytes, %s)', patch.text.length, patch.contentType)
-
   // Obtain details of the target resource
   const ldp = req.app.locals.ldp
-  const root = !ldp.idp ? ldp.root : ldp.root + req.hostname + '/'
-  const target = {
-    file: utils.uriToFilename(req.path, root),
-    uri: utils.uriAbs(req) + req.originalUrl
-  }
+  const root = !ldp.idp ? ldp.root : `${ldp.root}${req.hostname}/`
+  const target = {}
+  target.file = utils.uriToFilename(req.path, root)
+  target.uri = utils.uriAbs(req) + req.originalUrl
   target.contentType = mime.lookup(target.file) || DEFAULT_TARGET_TYPE
   debug('PATCH -- Target <%s> (%s)', target.uri, target.contentType)
 
-  // Read the RDF graph to be patched from the file
-  readGraph(target)
+  // Obtain details of the patch document
+  const patch = {}
+  patch.text = req.body ? req.body.toString() : ''
+  patch.uri = `${target.uri}#patch-${hash(patch.text)}`
+  patch.contentType = (req.get('content-type') || '').match(/^[^;\s]*/)[0]
+  debug('PATCH -- Received patch (%d bytes, %s)', patch.text.length, patch.contentType)
+  const parsePatch = PATCH_PARSERS[patch.contentType]
+  if (!parsePatch) {
+    return next(error(415, `Unsupported patch content type: ${patch.contentType}`))
+  }
+
+  // Parse the target graph and the patch document,
+  // and verify permission for performing this specific patch
+  Promise.all([
+    readGraph(target),
+    parsePatch(target.uri, patch.uri, patch.text)
+      .then(patchObject => checkPermission(target, req, patchObject))
+  ])
   // Patch the graph and write it back to the file
-  .then(graph => patchGraph(graph, target.uri, patch.text))
+  .then(([graph, patchObject]) => applyPatch(patchObject, graph, target))
   .then(graph => writeGraph(graph, target))
   // Send the result to the client
   .then(result => { res.send(result) })
@@ -71,7 +77,7 @@ function readGraph (resource) {
           fileContents = ''
         // Fail on all other errors
         } else {
-          return reject(error(500, 'Patch: Original file read error:' + err))
+          return reject(error(500, `Original file read error: ${err}`))
         }
       }
       debug('PATCH -- Read target file (%d bytes)', fileContents.length)
@@ -85,25 +91,69 @@ function readGraph (resource) {
     try {
       $rdf.parse(fileContents, graph, resource.uri, resource.contentType)
     } catch (err) {
-      throw error(500, 'Patch: Target ' + resource.contentType + ' file syntax error:' + err)
+      throw error(500, `Patch: Target ${resource.contentType} file syntax error: ${err}`)
     }
     debug('PATCH -- Parsed target file')
     return graph
   })
 }
 
+// Verifies whether the user is allowed to perform the patch on the target
+function checkPermission (target, request, patchObject) {
+  // If no ACL object was passed down, assume permissions are okay.
+  if (!request.acl) return Promise.resolve(patchObject)
+  // At this point, we already assume append access,
+  // as this can be checked upfront before parsing the patch.
+  // Now that we know the details of the patch,
+  // we might need to perform additional checks.
+  let checks = []
+  const { acl, session: { userId } } = request
+  // Read access is required for DELETE and WHERE.
+  // If we would allows users without read access,
+  // they could use DELETE or WHERE to trigger 200 or 409,
+  // and thereby guess the existence of certain triples.
+  // DELETE additionally requires write access.
+  if (patchObject.delete) {
+    checks = [acl.can(userId, 'Read'), acl.can(userId, 'Write')]
+  } else if (patchObject.where) {
+    checks = [acl.can(userId, 'Read')]
+  }
+  return Promise.all(checks).then(() => patchObject)
+}
+
+// Applies the patch to the RDF graph
+function applyPatch (patchObject, graph, target) {
+  debug('PATCH -- Applying patch')
+  return new Promise((resolve, reject) =>
+    graph.applyPatch(patchObject, graph.sym(target.uri), (err) => {
+      if (err) {
+        const message = err.message || err // returns string at the moment
+        debug(`PATCH -- FAILED. Returning 409. Message: '${message}'`)
+        return reject(error(409, `The patch could not be applied. ${message}`))
+      }
+      resolve(graph)
+    })
+  )
+}
+
 // Writes the RDF graph to the given resource
 function writeGraph (graph, resource) {
+  debug('PATCH -- Writing patched file')
   return new Promise((resolve, reject) => {
     const resourceSym = graph.sym(resource.uri)
     const serialized = $rdf.serialize(resourceSym, graph, resource.uri, resource.contentType)
 
     fs.writeFile(resource.file, serialized, {encoding: 'utf8'}, function (err) {
       if (err) {
-        return reject(error(500, 'Failed to write file back after patch: ' + err))
+        return reject(error(500, `Failed to write file after patch: ${err}`))
       }
-      debug('PATCH -- applied OK (sync)')
-      resolve('Patch applied OK\n')
+      debug('PATCH -- applied successfully')
+      resolve('Patch applied successfully.\n')
     })
   })
 }
+
+// Creates a hash of the given text
+function hash (text) {
+  return crypto.createHash('md5').update(text).digest('hex')
+}

lib/handlers/patch/n3-patch-parser.js

@@ -0,0 +1,48 @@
+// Parses a text/n3 patch
+
+module.exports = parsePatchDocument
+
+const $rdf = require('rdflib')
+const error = require('../../http-error')
+
+const PATCH_NS = 'http://www.w3.org/ns/solid/terms#'
+const PREFIXES = `PREFIX solid: <${PATCH_NS}>\n`
+
+// Parses the given N3 patch document
+function parsePatchDocument (targetURI, patchURI, patchText) {
+  // Parse the N3 document into triples
+  return new Promise((resolve, reject) => {
+    const patchGraph = $rdf.graph()
+    $rdf.parse(patchText, patchGraph, patchURI, 'text/n3')
+    resolve(patchGraph)
+  })
+  .catch(err => { throw error(400, `Patch document syntax error: ${err}`) })
+
+  // Query the N3 document for insertions and deletions
+  .then(patchGraph => queryForFirstResult(patchGraph, `${PREFIXES}
+    SELECT ?insert ?delete ?where WHERE {
+      ?patch solid:patches <${targetURI}>.
+      OPTIONAL { ?patch solid:inserts ?insert. }
+      OPTIONAL { ?patch solid:deletes ?delete. }
+      OPTIONAL { ?patch solid:where   ?where.  }
+    }`)
+    .catch(err => { throw error(400, `No patch for ${targetURI} found.`, err) })
+  )
+
+  // Return the insertions and deletions as an rdflib patch document
+  .then(result => {
+    const {'?insert': insert, '?delete': deleted, '?where': where} = result
+    if (!insert && !deleted) {
+      throw error(400, 'Patch should at least contain inserts or deletes.')
+    }
+    return {insert, delete: deleted, where}
+  })
+}
+
+// Queries the store with the given SPARQL query and returns the first result
+function queryForFirstResult (store, sparql) {
+  return new Promise((resolve, reject) => {
+    const query = $rdf.SPARQLToQuery(sparql, false, store)
+    store.query(query, resolve, null, () => reject(new Error('No results.')))
+  })
+}

lib/handlers/patch/sparql-update-parser.js

@@ -0,0 +1,18 @@
+// Parses an application/sparql-update patch
+
+module.exports = parsePatchDocument
+
+const $rdf = require('rdflib')
+const error = require('../../http-error')
+
+// Parses the given SPARQL UPDATE document
+function parsePatchDocument (targetURI, patchURI, patchText) {
+  return new Promise((resolve, reject) => {
+    const baseURI = patchURI.replace(/#.*/, '')
+    try {
+      resolve($rdf.sparqlUpdateParser(patchText, $rdf.graph(), baseURI))
+    } catch (err) {
+      reject(error(400, `Patch document syntax error: ${err}`))
+    }
+  })
+}

lib/handlers/patch/sparql-update-patcher.js

@@ -24,7 +24,7 @@ function LdpMiddleware (corsSettings) {
   router.copy('/*', allow('Write'), copy)
   router.get('/*', index, allow('Read'), header.addPermissions, get)
   router.post('/*', allow('Append'), post)
-  router.patch('/*', allow('Write'), patch)
+  router.patch('/*', allow('Append'), patch)
   router.put('/*', allow('Write'), put)
   router.delete('/*', allow('Write'), del)