From 122845134cfc9947ab071cde55c8079af5757e01 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 3 Mar 2021 14:11:12 +0100 Subject: [PATCH 01/12] Add hasPaid(agent) function to ACL check --- lib/acl-checker.js | 8 +++++--- lib/handlers/allow.js | 7 ++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index fe5ab7a34..f79d5b886 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -37,6 +37,7 @@ class ACLChecker { this.messagesCached = {} this.requests = {} this.slug = options.slug + this.hasPaid = options.hasPaid } // Returns a fulfilled promise when the user can access the resource @@ -85,14 +86,14 @@ class ACLChecker { // FIXME: https://github.com/solid/acl-check/issues/23 // console.error(e.message) } - let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes) + let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, this.hasPaid) // For create and update HTTP methods if ((method === 'PUT' || method === 'PATCH' || method === 'COPY') && directory) { // if resource and acl have same parent container, // and resource does not exist, then accessTo Append from parent is required if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) { - const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes) + const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes, this.hasPaid) const accessResult = !accessDenied && !accessDeniedAccessTo accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo // debugCache('accessDenied result ' + accessDenied) @@ -182,7 +183,7 @@ class ACLChecker { return resource.endsWith(this.suffix) } - static createFromLDPAndRequest (resource, ldp, req) { + static createFromLDPAndRequest (resource, ldp, req, hasPaid) { const trustedOrigins = ldp.getTrustedOrigins(req) return new ACLChecker(resource, { agentOrigin: req.get('origin'), @@ -197,6 +198,7 @@ class ACLChecker { suffix: ldp.suffixAcl, strictOrigin: ldp.strictOrigin, trustedOrigins, + hasPaid, slug: decodeURIComponent(req.headers.slug) }) } diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index 2c31cb628..272ab7c05 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -5,6 +5,11 @@ const ACL = require('../acl-checker') const debug = require('../debug.js').ACL // const error = require('../http-error') +function hasPaid (agent) { + console.log(`Call to hasPaid(${agent.value})`) + return false +} + function allow (mode) { return async function allowHandler (req, res, next) { const ldp = req.app.locals.ldp || {} @@ -41,7 +46,7 @@ function allow (mode) { } // Obtain and store the ACL of the requested resource const resourceUrl = rootUrl + resourcePath - req.acl = ACL.createFromLDPAndRequest(resourceUrl, ldp, req) + req.acl = ACL.createFromLDPAndRequest(resourceUrl, ldp, req, hasPaid) // Ensure the user has the required permission const userId = req.session.userId From 196ad7791c1e12aca529fb30eebeb0aba467be1e Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Mon, 8 Mar 2021 13:20:00 +0100 Subject: [PATCH 02/12] Try without node v14 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d105152a6..7274d5376 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: - node-version: [10.x, 12.x, 14.x] + node-version: [10.x, 12.x] os: [ubuntu-latest] steps: From 9595224738b880ce79d3f7bf0ddb9a88361564e5 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Mon, 8 Mar 2021 13:49:53 +0100 Subject: [PATCH 03/12] Approximation --- lib/acl-checker.js | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index f79d5b886..8b10c931b 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -77,6 +77,7 @@ class ACLChecker { const agentOrigin = this.agentOrigin const trustedOrigins = this.trustedOrigins let originTrustedModes = [] + let payingWouldHelp = false try { this.fetch(aclFile.doc().value) originTrustedModes = await aclCheck.getTrustedModesForOrigin(acl.graph, resource, directory, aclFile, agentOrigin, (uriNode) => { @@ -86,20 +87,34 @@ class ACLChecker { // FIXME: https://github.com/solid/acl-check/issues/23 // console.error(e.message) } - let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, this.hasPaid) + let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, () => { + const currentPaid = this.hasPaid() + if (!currentPaid) { + payingWouldHelp = true + } + return currentPaid + }) // For create and update HTTP methods if ((method === 'PUT' || method === 'PATCH' || method === 'COPY') && directory) { // if resource and acl have same parent container, // and resource does not exist, then accessTo Append from parent is required if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) { - const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes, this.hasPaid) + const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes, () => { + const currentPaid = this.hasPaid() + if (!currentPaid) { + payingWouldHelp = true + } + return currentPaid + }) const accessResult = !accessDenied && !accessDeniedAccessTo accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo // debugCache('accessDenied result ' + accessDenied) } } - if (accessDenied && user) { + if (accessDenied && payingWouldHelp) { + this.messagesCached[cacheKey].push(HTTPError(402, 'Payment Required')) + } else if (accessDenied && user) { this.messagesCached[cacheKey].push(HTTPError(403, accessDenied)) } else if (accessDenied) { this.messagesCached[cacheKey].push(HTTPError(401, 'Unauthenticated')) From a8a78d449f3da640004659b6d218485f3089bd5b Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Mon, 8 Mar 2021 15:59:04 +0100 Subject: [PATCH 04/12] Green --- lib/handlers/allow.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index 272ab7c05..803ae9720 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -3,10 +3,12 @@ module.exports = allow // const path = require('path') const ACL = require('../acl-checker') const debug = require('../debug.js').ACL +const { getIlpStreamPayParams } = require('../services/interledger-service') + // const error = require('../http-error') function hasPaid (agent) { - console.log(`Call to hasPaid(${agent.value})`) + console.log('Call to hasPaid(agent)', agent) return false } @@ -74,6 +76,10 @@ function allow (mode) { } } const error = req.authError || await req.acl.getError(userId, mode) + if (error.status === 402) { + const { destinationAccount, sharedSecretBase64 } = getIlpStreamPayParams() + res.set('Pay', `interledger-stream ${destinationAccount} ${sharedSecretBase64}`) + } debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`) next(error) } From 96dc39b7eccdd101948df87155ecabe47985673a Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Tue, 9 Mar 2021 09:54:49 +0100 Subject: [PATCH 05/12] lib/services/interledger-service.js --- lib/services/interledger-service.js | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 lib/services/interledger-service.js diff --git a/lib/services/interledger-service.js b/lib/services/interledger-service.js new file mode 100644 index 000000000..cac115b72 --- /dev/null +++ b/lib/services/interledger-service.js @@ -0,0 +1,10 @@ +function getIlpStreamPayParams () { + return { + destinationAccount: 'some.destination.account.', + sharedSecretBase64: 'Some+Shared+Secret+in+Base64==' + } +} + +module.exports = { + getIlpStreamPayParams +} From d86eee6192348f0fed058345915eda729746d5e2 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Mon, 16 Aug 2021 16:42:31 +0200 Subject: [PATCH 06/12] Fix merge conflict --- .github/workflows/ci.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9274d57da..f778d1603 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,11 +16,7 @@ jobs: strategy: matrix: -<<<<<<< HEAD - node-version: [10.x, 12.x] -======= node-version: [12.x, 14.x] ->>>>>>> origin/main os: [ubuntu-latest] steps: From 464d4741661b367bdc09fd2c73ee1db4b597e4cd Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 12:22:33 +0200 Subject: [PATCH 07/12] Make call to payment oracle, if configured --- config/defaults.js | 3 ++- lib/acl-checker.js | 37 ++++++++++++++++++++++++++++++++----- lib/handlers/allow.js | 7 +------ lib/server-config.js | 1 + 4 files changed, 36 insertions(+), 12 deletions(-) diff --git a/config/defaults.js b/config/defaults.js index 6382305f4..22b9e3d1e 100644 --- a/config/defaults.js +++ b/config/defaults.js @@ -13,7 +13,8 @@ module.exports = { webid: true, strictOrigin: true, trustedOrigins: [], - dataBrowserPath: 'default' + dataBrowserPath: 'default', + // paymentOracle: 'http://localhost:8402' // For use in Enterprises to configure a HTTP proxy for all outbound HTTP requests from the SOLID server (we use // https://www.npmjs.com/package/global-tunnel-ng). diff --git a/lib/acl-checker.js b/lib/acl-checker.js index 5e714d23b..7e53caf9e 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -23,6 +23,25 @@ const ACL = rdf.Namespace('http://www.w3.org/ns/auth/acl#') const EXPIRY_MS = parseInt(process.env.ACL_CACHE_TIME) || 10000 // 10 seconds let temporaryCache = {} +class PaymentOracleClient { + // oracleEndpoint // defaults to http://localhost:8402 + + constructor (oracleEndpoint) { + this.oracleEndpoint = oracleEndpoint + } + + async hasPaid (agent, resource) { + if (!this.oracleEndpoint) { + return false + } + console.log('Call to hasPaid(agent, auth)', agent, resource, this.oracleEndpoint) + const url = `${this.oracleEndpoint}/?agent=${encodeURIComponent(agent.value)}&resource=${encodeURIComponent(resource.value)}` + const response = await httpFetch(url) + const body = await response.text() + return (body === 'OK') + } +} + // An ACLChecker exposes the permissions on a specific resource class ACLChecker { constructor (resource, options = {}) { @@ -37,12 +56,14 @@ class ACLChecker { this.messagesCached = {} this.requests = {} this.slug = options.slug - this.hasPaid = options.hasPaid + this.paymentOracleClient = options.paymentOracleClient + console.log('ACLChecker', this) } // Returns a fulfilled promise when the user can access the resource // in the given mode; otherwise, rejects with an HTTP error async can (user, mode, method = 'GET', resourceExists = true) { + console.log('can', user, mode, method, resourceExists) const cacheKey = `${mode}-${user}` if (this.aclCached[cacheKey]) { return this.aclCached[cacheKey] @@ -73,6 +94,8 @@ class ACLChecker { const directory = acl.isContainer ? rdf.sym(ACLChecker.getDirectory(acl.acl)) : null const aclFile = rdf.sym(acl.acl) const agent = user ? rdf.sym(user) : null + const currentPaid = await this.paymentOracleClient.hasPaid(agent, rdf.sym(this.resource)) + const modes = [ACL(mode)] const agentOrigin = this.agentOrigin const trustedOrigins = this.trustedOrigins @@ -87,11 +110,15 @@ class ACLChecker { // FIXME: https://github.com/solid/acl-check/issues/23 // console.error(e.message) } - let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, () => { - const currentPaid = this.hasPaid() + console.log('NSS calling aclCheck.accessDenied', agent) + // function accessDenied(kb, doc, directory, aclDoc, agent, modesRequired, origin, trustedOrigins, originTrustedModes = [], oracle) { + + let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, (agent) => { if (!currentPaid) { + console.log('PAYING WOULD HELP!') payingWouldHelp = true } + console.log('RETURNING currentPaid', currentPaid) return currentPaid }) @@ -200,7 +227,7 @@ class ACLChecker { return resource.endsWith(this.suffix) } - static createFromLDPAndRequest (resource, ldp, req, hasPaid) { + static createFromLDPAndRequest (resource, ldp, req) { const trustedOrigins = ldp.getTrustedOrigins(req) return new ACLChecker(resource, { agentOrigin: req.get('origin'), @@ -215,7 +242,7 @@ class ACLChecker { suffix: ldp.suffixAcl, strictOrigin: ldp.strictOrigin, trustedOrigins, - hasPaid, + paymentOracleClient: new PaymentOracleClient(ldp.paymentOracle), slug: decodeURIComponent(req.headers.slug) }) } diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index cee358d79..dc42a81d5 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -7,11 +7,6 @@ const { getIlpStreamPayParams } = require('../services/interledger-service') // const error = require('../http-error') -function hasPaid (agent) { - console.log('Call to hasPaid(agent)', agent) - return false -} - function allow (mode) { return async function allowHandler (req, res, next) { const ldp = req.app.locals.ldp || {} @@ -52,7 +47,7 @@ function allow (mode) { // Ensure the user has the required permission const userId = req.session.userId try { - req.acl = ACL.createFromLDPAndRequest(resourceUrl, ldp, req, hasPaid) + req.acl = ACL.createFromLDPAndRequest(resourceUrl, ldp, req) // if (resourceUrl.endsWith('.acl')) mode = 'Control' const isAllowed = await req.acl.can(userId, mode, req.method, stat) diff --git a/lib/server-config.js b/lib/server-config.js index 11299881f..801777e82 100644 --- a/lib/server-config.js +++ b/lib/server-config.js @@ -25,6 +25,7 @@ function printDebugInfo (options) { debug.settings('Multi-user: ' + !!options.multiuser) debug.settings('Suppress default data browser app: ' + options.suppressDataBrowser) debug.settings('Default data browser app file path: ' + options.dataBrowserPath) + debug.settings('Payment Oracle for web monetization: ' + options.paymentOracle) } /** From 2e7d7ebd10fb4a69ebaf31e8f00ed4cdfcbc8709 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 12:46:26 +0200 Subject: [PATCH 08/12] Fix call to oracle --- lib/acl-checker.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index 7e53caf9e..eb62474ab 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -34,8 +34,10 @@ class PaymentOracleClient { if (!this.oracleEndpoint) { return false } - console.log('Call to hasPaid(agent, auth)', agent, resource, this.oracleEndpoint) - const url = `${this.oracleEndpoint}/?agent=${encodeURIComponent(agent.value)}&resource=${encodeURIComponent(resource.value)}` + console.log('Call to hasPaid(agent)', agent, resource, this.oracleEndpoint) + const agentStr = (agent ? encodeURIComponent(agent.value) : '') + const resourceStr = (resource ? encodeURIComponent(resource.value) : '') + const url = `${this.oracleEndpoint}/?agent=${agentStr}&resource=${resourceStr}` const response = await httpFetch(url) const body = await response.text() return (body === 'OK') @@ -128,7 +130,6 @@ class ACLChecker { // and resource does not exist, then accessTo Append from parent is required if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) { const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes, () => { - const currentPaid = this.hasPaid() if (!currentPaid) { payingWouldHelp = true } From de2a51fa34fddcf3d37dbdca3eda29127d7b309b Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 13:29:52 +0200 Subject: [PATCH 09/12] Pass payment details from Oracle --- lib/acl-checker.js | 32 ++++++++++++++++++----------- lib/handlers/allow.js | 4 +--- lib/services/interledger-service.js | 10 --------- 3 files changed, 21 insertions(+), 25 deletions(-) delete mode 100644 lib/services/interledger-service.js diff --git a/lib/acl-checker.js b/lib/acl-checker.js index eb62474ab..4c9f5a645 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -34,13 +34,18 @@ class PaymentOracleClient { if (!this.oracleEndpoint) { return false } - console.log('Call to hasPaid(agent)', agent, resource, this.oracleEndpoint) - const agentStr = (agent ? encodeURIComponent(agent.value) : '') - const resourceStr = (resource ? encodeURIComponent(resource.value) : '') - const url = `${this.oracleEndpoint}/?agent=${agentStr}&resource=${resourceStr}` - const response = await httpFetch(url) - const body = await response.text() - return (body === 'OK') + try { + console.log('Call to hasPaid(agent)', agent, resource, this.oracleEndpoint) + const agentStr = (agent ? encodeURIComponent(agent.value) : '') + const resourceStr = (resource ? encodeURIComponent(resource.value) : '') + const url = `${this.oracleEndpoint}/?agent=${agentStr}&resource=${resourceStr}` + const response = await httpFetch(url) + const body = await response.text() + return JSON.parse(body) + } catch (e) { + console.error('Oracle failure', e.message) + return { ok: false } + } } } @@ -116,12 +121,12 @@ class ACLChecker { // function accessDenied(kb, doc, directory, aclDoc, agent, modesRequired, origin, trustedOrigins, originTrustedModes = [], oracle) { let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, (agent) => { - if (!currentPaid) { + if (!currentPaid.ok) { console.log('PAYING WOULD HELP!') - payingWouldHelp = true + payingWouldHelp = currentPaid } - console.log('RETURNING currentPaid', currentPaid) - return currentPaid + console.log('RETURNING currentPaid.ok', currentPaid.ok) + return currentPaid.ok }) // For create and update HTTP methods @@ -141,7 +146,10 @@ class ACLChecker { } } if (accessDenied && payingWouldHelp) { - this.messagesCached[cacheKey].push(HTTPError(402, 'Payment Required')) + const err = HTTPError(402, 'Payment Required') + err.destinationAccount = currentPaid.destinationAccount + err.sharedSecretBase64 = currentPaid.sharedSecretBase64 + this.messagesCached[cacheKey].push(err) } else if (accessDenied && user) { this.messagesCached[cacheKey].push(HTTPError(403, accessDenied)) } else if (accessDenied) { diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index dc42a81d5..509daaacd 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -3,7 +3,6 @@ module.exports = allow // const path = require('path') const ACL = require('../acl-checker') const debug = require('../debug.js').ACL -const { getIlpStreamPayParams } = require('../services/interledger-service') // const error = require('../http-error') @@ -80,8 +79,7 @@ function allow (mode) { const error = req.authError || await req.acl.getError(userId, mode) if (error.status === 402) { - const { destinationAccount, sharedSecretBase64 } = getIlpStreamPayParams() - res.set('Pay', `interledger-stream ${destinationAccount} ${sharedSecretBase64}`) + res.set('Pay', `interledger-stream ${error.destinationAccount} ${error.sharedSecretBase64}`) } debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`) next(error) diff --git a/lib/services/interledger-service.js b/lib/services/interledger-service.js deleted file mode 100644 index cac115b72..000000000 --- a/lib/services/interledger-service.js +++ /dev/null @@ -1,10 +0,0 @@ -function getIlpStreamPayParams () { - return { - destinationAccount: 'some.destination.account.', - sharedSecretBase64: 'Some+Shared+Secret+in+Base64==' - } -} - -module.exports = { - getIlpStreamPayParams -} From ca140829b623601d2e12e5da502a3bba5de5649f Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 13:32:34 +0200 Subject: [PATCH 10/12] Pass multiple payment headers from Oracle --- lib/acl-checker.js | 3 +-- lib/handlers/allow.js | 6 +++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index 4c9f5a645..ed9b8c090 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -147,8 +147,7 @@ class ACLChecker { } if (accessDenied && payingWouldHelp) { const err = HTTPError(402, 'Payment Required') - err.destinationAccount = currentPaid.destinationAccount - err.sharedSecretBase64 = currentPaid.sharedSecretBase64 + err.payHeaders = currentPaid.payHeaders this.messagesCached[cacheKey].push(err) } else if (accessDenied && user) { this.messagesCached[cacheKey].push(HTTPError(403, accessDenied)) diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index 509daaacd..4e35d3d57 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -79,7 +79,11 @@ function allow (mode) { const error = req.authError || await req.acl.getError(userId, mode) if (error.status === 402) { - res.set('Pay', `interledger-stream ${error.destinationAccount} ${error.sharedSecretBase64}`) + if (Array.isArray(error.payHeaders)) { + error.payHeaders.forEach(str => { + res.set('Pay', str) + }) + } } debug(`${mode} access denied to ${userId || '(none)'}: ${error.status} - ${error.message}`) next(error) From e689cedd57c929193d018ae913310405473553d6 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 13:43:38 +0200 Subject: [PATCH 11/12] remove some console.log statements --- lib/acl-checker.js | 7 ------- 1 file changed, 7 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index ed9b8c090..7091fe909 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -35,7 +35,6 @@ class PaymentOracleClient { return false } try { - console.log('Call to hasPaid(agent)', agent, resource, this.oracleEndpoint) const agentStr = (agent ? encodeURIComponent(agent.value) : '') const resourceStr = (resource ? encodeURIComponent(resource.value) : '') const url = `${this.oracleEndpoint}/?agent=${agentStr}&resource=${resourceStr}` @@ -64,13 +63,11 @@ class ACLChecker { this.requests = {} this.slug = options.slug this.paymentOracleClient = options.paymentOracleClient - console.log('ACLChecker', this) } // Returns a fulfilled promise when the user can access the resource // in the given mode; otherwise, rejects with an HTTP error async can (user, mode, method = 'GET', resourceExists = true) { - console.log('can', user, mode, method, resourceExists) const cacheKey = `${mode}-${user}` if (this.aclCached[cacheKey]) { return this.aclCached[cacheKey] @@ -117,15 +114,11 @@ class ACLChecker { // FIXME: https://github.com/solid/acl-check/issues/23 // console.error(e.message) } - console.log('NSS calling aclCheck.accessDenied', agent) - // function accessDenied(kb, doc, directory, aclDoc, agent, modesRequired, origin, trustedOrigins, originTrustedModes = [], oracle) { let accessDenied = aclCheck.accessDenied(acl.graph, resource, directory, aclFile, agent, modes, agentOrigin, trustedOrigins, originTrustedModes, (agent) => { if (!currentPaid.ok) { - console.log('PAYING WOULD HELP!') payingWouldHelp = currentPaid } - console.log('RETURNING currentPaid.ok', currentPaid.ok) return currentPaid.ok }) From 61e3ac9492a98fe401137d284eee0ac31d46843a Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Thu, 2 Sep 2021 13:46:18 +0200 Subject: [PATCH 12/12] code cleanup --- lib/acl-checker.js | 6 ++---- lib/handlers/allow.js | 2 -- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/acl-checker.js b/lib/acl-checker.js index 7091fe909..0755fc7c8 100644 --- a/lib/acl-checker.js +++ b/lib/acl-checker.js @@ -24,8 +24,6 @@ const EXPIRY_MS = parseInt(process.env.ACL_CACHE_TIME) || 10000 // 10 seconds let temporaryCache = {} class PaymentOracleClient { - // oracleEndpoint // defaults to http://localhost:8402 - constructor (oracleEndpoint) { this.oracleEndpoint = oracleEndpoint } @@ -42,7 +40,7 @@ class PaymentOracleClient { const body = await response.text() return JSON.parse(body) } catch (e) { - console.error('Oracle failure', e.message) + // console.error('Oracle failure', e.message) return { ok: false } } } @@ -129,7 +127,7 @@ class ACLChecker { if (directory.value === dirname(aclFile.value) + '/' && !resourceExists) { const accessDeniedAccessTo = aclCheck.accessDenied(acl.graph, directory, null, aclFile, agent, [ACL('Append')], agentOrigin, trustedOrigins, originTrustedModes, () => { if (!currentPaid) { - payingWouldHelp = true + payingWouldHelp = currentPaid } return currentPaid }) diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js index 4e35d3d57..7f22cfc3b 100644 --- a/lib/handlers/allow.js +++ b/lib/handlers/allow.js @@ -3,7 +3,6 @@ module.exports = allow // const path = require('path') const ACL = require('../acl-checker') const debug = require('../debug.js').ACL - // const error = require('../http-error') function allow (mode) { @@ -42,7 +41,6 @@ function allow (mode) { } // Obtain and store the ACL of the requested resource const resourceUrl = rootUrl + resourcePath - // Ensure the user has the required permission const userId = req.session.userId try {