feat: Introduce get All policies endpoint

Introducing a read only endpoint in the AS `baseURL:port/policies`
Very basic (insecure) authentication added via Authorization token with a string (representing an URL, more specific a WebID)

Only policies are retrieved to which the requesting party (via the Authz string) match the `odrl:assignee`

Author: woutslabbinck

package.json

@@ -65,6 +65,7 @@
     "script:registration": "yarn exec ts-node ./scripts/test-registration.ts",
     "script:uma-ucp": "yarn exec ts-node ./scripts/test-uma-ucp.ts",
     "script:uma-odrl": "yarn exec ts-node ./scripts/test-uma-ODRL.ts",
+    "script:uma-odrl-policy": "yarn exec ts-node ./scripts/test-uma-ODRL-policy.ts",
     "script:flow": "yarn run script:public && yarn run script:private && yarn run script:uma-ucp && yarn run script:registration",
     "sync:list": "syncpack list-mismatches",
     "sync:fix": "syncpack fix-mismatches"
@@ -169,4 +170,4 @@
     "jsonld": "^8.3.3",
     "tsx": "^4.19.2"
   }
-}
+}

packages/ucp/src/util/Vocabularies.ts

@@ -114,6 +114,8 @@ export const ODRL = createVocabulary(
     'Agreement',
     'Offer',
     'Permission',
+    'Prohibition',
+    'Duty',
     'Request',
     'action',
     'target',
@@ -122,6 +124,8 @@ export const ODRL = createVocabulary(
     'constraint',
     'operator',
     'permission',
+    'prohibition',
+    'duty',
     'dateTime',
     'purpose',
     'leftOperand',
@@ -137,4 +141,4 @@ export const XSD = createVocabulary(
     'duration',
     'integer',
     'string',
-  );
+  );

packages/uma/config/default.json

@@ -16,6 +16,7 @@
     "sai-uma:config/routes/tokens.json",
     "sai-uma:config/routes/log.json",
     "sai-uma:config/routes/vc.json",
+    "sai-uma:config/routes/policies.json",
     "sai-uma:config/routes/contract.json",
     "sai-uma:config/tickets/storage/default.json",
     "sai-uma:config/tickets/strategy/immediate-authorizer.json",
@@ -97,6 +98,7 @@
               { "@id": "urn:uma:default:UmaConfigRoute" },
               { "@id": "urn:uma:default:JwksRoute" },
               { "@id": "urn:uma:default:TokenRoute" },
+              { "@id": "urn:uma:default:PolicyRoute" },
               { "@id": "urn:uma:default:PermissionRegistrationRoute" },
               { "@id": "urn:uma:default:ResourceRegistrationRoute" },
               { "@id": "urn:uma:default:ResourceRegistrationOpsRoute" },

packages/uma/config/routes/policies.json

@@ -0,0 +1,21 @@
+{
+    "@context": [
+        "https://linkedsoftwaredependencies.org/bundles/npm/@solidlab/uma/^0.0.0/components/context.jsonld"
+    ],
+    "@graph": [
+        {
+            "@id": "urn:uma:default:PolicyRoute",
+            "@type": "HttpHandlerRoute",
+            "methods": [
+                "GET"
+            ],
+            "handler": {
+                "@type": "PolicyRequestHandler",
+                "storage": {
+                    "@id": "urn:uma:default:RulesStorage"
+                }
+            },
+            "path": "/uma/policies"
+        }
+    ]
+}

packages/uma/config/rules/test/test.ttl

@@ -0,0 +1,55 @@
+############################################
+# File for Policy endpoint Testing Purposes
+#  this will serve to test some edge cases
+############################################
+
+
+@prefix ex: <http://example.org/>.
+@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+
+ex:usagePolicy1 a odrl:Agreement .
+ex:usagePolicy1 odrl:permission ex:permission1 .
+ex:usagePolicy1 odrl:permission ex:permission1b .
+ex:permission1 a odrl:Permission .
+ex:permission1 odrl:action odrl:modify .
+ex:permission1 odrl:target <http://localhost:3000/alice/other/resource.txt> .
+ex:permission1 odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission1 odrl:assigner <https://pod.a.com/profile/card#me> .
+ex:permission1b a odrl:Permission .
+ex:permission1b odrl:action odrl:modify .
+ex:permission1b odrl:target <http://localhost:3000/alice/other/resource.txt> .
+ex:permission1b odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission1b odrl:assigner <https://pod.b.com/profile/card#me> .
+
+ex:usagePolicy1a a odrl:Agreement .
+ex:usagePolicy1a odrl:permission ex:permission1a .
+ex:permission1a a odrl:Permission .
+ex:permission1a odrl:action odrl:create .
+ex:permission1a odrl:target <http://localhost:3000/alice/other/resource.txt> .
+ex:permission1a odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission1a odrl:assigner <https://pod.example.com/profile/card#me> .
+
+ex:usagePolicy2 a odrl:Agreement .
+ex:usagePolicy2 odrl:permission ex:permission2a .
+ex:permission2 a odrl:Permission .
+ex:permission2 odrl:action odrl:modify .
+ex:permission2 odrl:target <http://localhost:3000/alice/other/> .
+ex:permission2 odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission2 odrl:assigner <https://pod.woutslabbinck.com/profile/card#me> .
+
+ex:usagePolicy2a a odrl:Agreement .
+ex:usagePolicy2a odrl:permission ex:permission2 .
+ex:permission2a a odrl:Permission .
+ex:permission2a odrl:action odrl:create .
+ex:permission2a odrl:target <http://localhost:3000/alice/other/> .
+ex:permission2a odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission2a odrl:assigner <https://pod.example.com/profile/card#me> .
+
+
+ex:usagePolicy3 a odrl:Agreement .
+ex:usagePolicy3 odrl:permission ex:permission3 .
+ex:permission3 a odrl:Permission .
+ex:permission3 odrl:action odrl:read .
+ex:permission3 odrl:target <http://localhost:3000/alice/other/resource.txt> .
+ex:permission3 odrl:assignee <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me> .
+ex:permission3 odrl:assigner <https://pod.woutslabbinck.com/profile/card#me> .

packages/uma/src/index.ts

@@ -41,6 +41,7 @@ export * from './routes/Config';
 export * from './routes/Log';
 export * from './routes/VC';
 export * from './routes/Contract';
+export * from './routes/Policy';
 
 // Tickets
 export * from './ticketing/Ticket';
@@ -73,3 +74,5 @@ export * from './util/ConvertUtil';
 export * from './util/HttpMessageSignatures';
 export * from './util/Result';
 export * from './util/ReType';
+export * from './util/routeSpecific/policies/GetPolicies';
+export * from './util/routeSpecific/policies/PolicyUtil';

packages/uma/src/routes/Policy.ts

@@ -0,0 +1,51 @@
+import { BadRequestHttpError, getLoggerFor, MethodNotAllowedHttpError } from "@solid/community-server";
+import { UCRulesStorage } from "@solidlab/ucp";
+import { HttpHandlerContext, HttpHandlerResponse, HttpHandler, HttpHandlerRequest } from "../util/http/models/HttpHandler";
+import { getPolicies as getPolicies } from "../util/routeSpecific/policies/GetPolicies";
+
+/**
+ * Endpoint to handle policies, this implementation gives all policies that have the
+ * client as assigner.
+ */
+export class PolicyRequestHandler extends HttpHandler {
+
+    protected readonly logger = getLoggerFor(this);
+
+    constructor(
+        private readonly storage: UCRulesStorage
+    ) {
+        super();
+    }
+
+    /**
+     * This function takes the GET-request with `Authorization: webID` and extracts the webID
+     * (To be altered with actual Solid-OIDC)
+     * 
+     * @param request the request with the client 'id' as body
+     * @returns the client id
+     */
+    protected getCredentials(request: HttpHandlerRequest): string {
+        const header = request.headers['authorization'];
+        if (typeof header !== 'string') {
+            throw new BadRequestHttpError('Missing Authorization header');
+        }
+        return header;
+    }
+
+    /**
+     * Handle every /uma/policies request.
+     */
+    public async handle({ request }: HttpHandlerContext): Promise<HttpHandlerResponse<any>> {
+        this.logger.info(`Received policy request`);
+
+        // Extract client from request
+        const client = this.getCredentials(request);
+        const store = await this.storage.getStore();
+
+        switch (request.method) {
+            case 'GET': return getPolicies(request, store, client);
+            // TODO: add other endpoints
+            default: throw new MethodNotAllowedHttpError();
+        }
+    }
+}

packages/uma/src/util/routeSpecific/policies/CreatePolicies.ts

@@ -0,0 +1 @@
+//TODO

packages/uma/src/util/routeSpecific/policies/EditPolicies.ts

@@ -0,0 +1,94 @@
+import { HttpHandlerRequest, HttpHandlerResponse } from "../../http/models/HttpHandler";
+import { Quad, Store, Writer } from "n3";
+import { odrlAssigner, relations, namedNode } from "./PolicyUtil";
+import { MethodNotAllowedHttpError } from "@solid/community-server";
+
+/**
+ * Handling of the GET /uma/policies endpoint
+ * 
+ * @param request will give all policies when no <id> is fixed in the URL, otherwise it will give the required policy (if allowed)
+ */
+export async function getPolicies(request: HttpHandlerRequest, store: Store, clientId: string): Promise<HttpHandlerResponse<any>> {
+    if (request.url.pathname === '/uma/policies')
+        return getAllPolicies(store, clientId);
+
+    // If asked for a policy, validate the policy ID
+    const args = request.url.pathname.split('/');
+    if (args.length === 4 && isPolicy(args[-1]))
+        return getOnePolicy(args[-1], store, clientId);
+
+    throw new MethodNotAllowedHttpError();
+}
+
+/**
+ * Function to determine the validity of the <id> of the GET /uma/policies/<id> endpoint (not implemented yet)
+ * 
+ * @param policyId 
+ * @returns the validity of policyId
+ */
+function isPolicy(policyId: string): boolean {
+    // TODO
+    return true;
+}
+
+/**
+ * Function to implement the GET /uma/policies/<id> endpoint, it retrieves all information about a certain
+ * policy if available. Yet to be implemented.
+ */
+function getOnePolicy(policyId: string, store: Store, clientId: string): Promise<HttpHandlerResponse<any>> {
+    // TODO
+    return getAllPolicies(store, clientId);
+}
+
+
+/**
+ * Get all policy information relevant to the client in the request.
+ * This iplementation searches for all subjects in relation with the policy with depth 1, a deeper algorithm is required.
+ * 
+ * @param param0 a request with the clients webID as authorization header.
+ * @returns all policy information (depth 1) relevant to the client
+ */
+function getAllPolicies(store: Store, clientId: string): Promise<HttpHandlerResponse<any>> {
+
+    // Keep track of all the matching policies
+    const policyDetails: Set<Quad> = new Set();
+
+    for (const relation of relations) {
+        // Collect every quad that matches with the relation (one of Permission, Prohibition or Duty)
+        const matchingRules = store.getQuads(null, relation, null, null);
+
+        // Every quad will represent a policy in relation with a rule
+        for (const quad of matchingRules) {
+            // Extract the policy and rule out the quad
+            const policy = quad.subject;
+            const rule = quad.object;
+
+            // Only go on if the rule is assigned by the client
+            if (store.getQuads(rule, odrlAssigner, namedNode(clientId), null).length > 0) {
+
+                // Because an ODRL policy may only have one assigner, we can now add all policy and rule information
+                store.getQuads(policy, null, null, null).forEach(quad => policyDetails.add(quad));
+                store.getQuads(rule, null, null, null).forEach(quad => policyDetails.add(quad));
+            }
+        }
+    }
+
+
+    // Serialize as Turtle
+    const writer = new Writer({ format: 'Turtle' });
+    writer.addQuads(Array.from(policyDetails));
+
+    return new Promise<HttpHandlerResponse<any>>((resolve, reject) => {
+        writer.end((error, result) => {
+            if (error) {
+                reject(error);
+            } else {
+                resolve({
+                    status: 200,
+                    headers: { 'content-type': 'text/turtle' },
+                    body: result
+                });
+            }
+        });
+    });
+}