Better error handling. Fixed https options

Miel Vander Sande · Miel Vander Sande · commit 364ef0623891 · 2016-09-26T16:55:10.000+02:00
diff --git a/lib/LinkedDataFragmentsServer.js b/lib/LinkedDataFragmentsServer.js
@@ -15,11 +15,11 @@ function LinkedDataFragmentsServer(options) {
     server = require('http').createServer();
     break;
   case 'https':
-    var ssl = options.ssl || {};
+    var ssl = options.ssl || {}, authentication = options.authentication || {};
     // WebID authentication requires a client certificate
-    if (ssl.webid)
+    if (authentication.webid)
       ssl.requestCert = ssl.rejectUnauthorized = true;
-    server = require('https').createServer(_.mapValues(ssl.keys, readHttpsOption));
+    server = require('https').createServer(_.assign(ssl, _.mapValues(ssl.keys, readHttpsOption)));
     break;
   default:
     throw new Error('The configured protocol ' + options.protocol + ' is invalid.');
diff --git a/lib/controllers/WebIDControllerExtension.js b/lib/controllers/WebIDControllerExtension.js
@@ -5,7 +5,7 @@ var http = require('http'),
     lru = require('lru-cache'),
     parseCacheControl = require('parse-cache-control'),
     N3 = require('n3'),
-    N3Parser = N3.Parser,
+    n3parser = N3.Parser,
     N3Util = N3.Util,
     Util = require('../Util');
 
@@ -17,7 +17,7 @@ function WebIDControllerExtension(settings) {
     return new WebIDControllerExtension(settings);
 
   this._cache = lru(50);
-  this._protocol = settings.protocol || 'http';
+  this._protocol = settings.protocol;
 }
 
 // Add WebID Link headers
@@ -30,15 +30,13 @@ WebIDControllerExtension.prototype._handleRequest = function (request, response,
       certificate = request.connection.getPeerCertificate();
 
   if (!(certificate.subject && certificate.subject.subjectAltName))
-    return this._handleForbidden(request, response);
+    return this._handleForbidden(request, response, { reason: 'No WebID found in client certificate.' });
 
   var webID = certificate.subject.subjectAltName.replace('uniformResourceIdentifier:', '');
   this._verifyWebID(webID, certificate.modulus, parseInt(certificate.exponent, 16),
-  function (verified) {
-    console.log('WebID ' + webID + ' verified: ', verified);
-
+  function (error, verified, reason) {
     if (!verified)
-      return self._handleForbidden(request, response, webID);
+      return self._handleForbidden(request, response, { webID: webID, reason: reason });
 
     next();
   });
@@ -48,81 +46,64 @@ WebIDControllerExtension.prototype._handleRequest = function (request, response,
 WebIDControllerExtension.prototype._verifyWebID = function (webID, modulus, exponent, callback) {
   // request & parse
   var parser = n3parser(),
-      candidates = {}, verified = false;
-
-  parser.parse(processTriple);
+      id = {};
 
-  function processTriple(error, triple, prefixes) {
+  // parse webID
+  function parseTriple(error, triple, prefixes) {
     if (error)
-      console.error('Cannot parse WebID: ' + error);
+      callback('Cannot parse WebID: ' + error);
     else if (triple) {
       switch (triple.predicate) {
       case CERT_NS + 'modulus':
-        var webidModulus = N3Util.getLiteralValue(triple.object);
+        // Add modulus
+        var literalValue = N3Util.getLiteralValue(triple.object);
         // Apply parsing method by nodejs
-        webidModulus = webidModulus.slice(webidModulus.indexOf('00:') === 0 ? 3 : 0).replace(/:/g, '').toUpperCase();
-
-        if (modulus === webidModulus) {
-          console.log('WebID modulus verified');
-          if (candidates[triple.subject] && candidates[triple.subject] === exponent)
-            verified = true;
-          else
-            candidates[triple.subject] = webidModulus;
-        }
-        else console.log('WebID modulus mismatch: %s (webid) <> %s (cert)', webidModulus, modulus);
+        id.modulus = literalValue.slice(literalValue.indexOf('00:') === 0 ? 3 : 0).replace(/:/g, '').toUpperCase();
         break;
       case CERT_NS + 'exponent':
-        var webidExponent = parseInt(N3Util.getLiteralValue(triple.object), 16);
-
-        if (webidExponent === exponent) {
-          console.log('WebID exponent verified');
-          if (candidates[triple.subject] && candidates[triple.subject] === modulus)
-            verified = true;
-          else
-            candidates[triple.subject] = webidExponent;
-        }
-        else console.log('WebID exponent mismatch: %s (webid) <> %s (cert)', webidExponent, exponent);
+        // Add exponent
+        id.exponent = parseInt(N3Util.getLiteralValue(triple.object), 10);
         break;
       }
     }
-    else callback(verified);
+  }
+
+  function verify(m, e) {
+    if (m && m === modulus && e && e === exponent)
+      callback(null, true);
+    else
+      callback(null, false, 'WebID does not match certificate: ' + m + ' - ' + e + ' (webid) <> ' + modulus + ' - ' + exponent + ' (cert)');
   }
 
   // Try to get WebID from cache
-  var webIDFile = this._cache.get(webID);
+  var cachedId = this._cache.get(webID), self = this;
 
-  if (webIDFile) {
-    parser.addChunk(webIDFile);
-    parser.end();
-  } else {
-    var req = http.request(webID, function(res) {
+  if (cachedId)
+    verify(cachedId.modulus, cachedId.exponent);
+  else {
+    var req = http.request(webID, function (res) {
       res.setEncoding('utf8');
-      var response = "";
 
-      res.on('data', function (data) {
-        parser.addChunk(data);
-        response += data;
-      });
+      parser.parse(res, parseTriple);
 
       res.on('end', function () {
-        parser.end();
-        var cacheControl = parseCacheControl(res.getHeader("Cache-Control"));
-        this._cache.set(webID, response, cacheControl['max-age']);
+        var cacheControl = parseCacheControl(res.headers['Cache-Control'] || '');
+        self._cache.set(webID, id, cacheControl['max-age'] || 0);
+        verify(id.modulus, id.exponent);
       });
     });
 
-    req.on('error', function(e) {
-      console.log('Problem with request: ' + e.message);
-      callback(false);
+    req.on('error', function (e) {
+      callback(null, false, 'Unabled to download' + webID + '. Details: ' + e.message);
     });
 
     req.end();
   }
 };
 
-WebIDControllerExtension.prototype._handleForbidden = function (request, response, webID) {
+WebIDControllerExtension.prototype._handleForbidden = function (request, response, options) {
   response.writeHead(401, { 'Content-Type': Util.MIME_PLAINTEXT });
-  response.end('Access to ' + request.url + ' is not allowed, verification for WebID ' + (webID || '') + '  failed.');
+  response.end('Access to ' + request.url + ' is not allowed, verification for WebID ' + (options.webID || '') + ' failed. Reason: ' + (options.reason || ''));
 };
 
 module.exports = WebIDControllerExtension;
