SolidLabResearch · woutslabbinck · Aug 4, 2025 · Jul 4, 2025 · Jul 4, 2025 · Jul 4, 2025
diff --git a/packages/ucp/src/storage/DirectoryUCRulesStorage.ts b/packages/ucp/src/storage/DirectoryUCRulesStorage.ts
@@ -1,11 +1,13 @@
 import { UCRulesStorage } from "./UCRulesStorage";
 import * as path from 'path'
 import * as fs from 'fs'
-import { Store } from "n3";
+import { Store, Writer } from "n3";
 import { parseAsN3Store } from "koreografeye";
 
 export class DirectoryUCRulesStorage implements UCRulesStorage {
     private directoryPath: string;
+    private addedRulesPath: string;
+
     /**
      * 
      * @param directoryPath The absolute path to a directory
@@ -16,6 +18,8 @@ export class DirectoryUCRulesStorage implements UCRulesStorage {
         if (!fs.lstatSync(directoryPath).isDirectory()) {
             throw Error(`${directoryPath} does not resolve to a directory`)
         }
+
+        this.addedRulesPath = path.join(this.directoryPath, 'addedRules.ttl');
     }
 
     public async getStore(): Promise<Store> {
@@ -30,8 +34,31 @@ export class DirectoryUCRulesStorage implements UCRulesStorage {
     }
 
 
+    /**
+     * TEST IMPLEMENTATION - This is just to test the POST :uma/policies endpoint
+     * 
+     * @param rule The quads to be added
+     */
     public async addRule(rule: Store): Promise<void> {
-        throw Error('not implemented');
+        const writer = new Writer({ format: 'Turtle' });
+
+        writer.addQuads(rule.getQuads(null, null, null, null));
+
+        const serializedTurtle: string = await new Promise((resolve, reject) => {
+            writer.end((error, result) => {
+                if (error) reject(error);
+                else resolve(result);
+            });
+        });
+
+        // Append or create the file
+        if (!fs.existsSync(this.addedRulesPath)) {
+            fs.writeFileSync(this.addedRulesPath, serializedTurtle);
+        } else {
+            fs.appendFileSync(this.addedRulesPath, '\n' + serializedTurtle);
+        }
+
+        console.log(`[${new Date().toISOString()}] - Added new rule to ${this.addedRulesPath}`);
     }
     public async getRule(identifier: string): Promise<Store> {
         throw Error('not implemented');

diff --git a/packages/uma/config/default.json b/packages/uma/config/default.json
@@ -89,28 +89,44 @@
         "@id": "urm:uma:default:JsonHttpErrorHandler",
         "@type": "JsonHttpErrorHandler",
         "handler": {
-          "@id": "urm:uma:default:JsonFormHttpHandler",
-          "@type": "JsonFormHttpHandler",
-          "handler": {
-            "@id": "urn:uma:default:RoutedHttpRequestHandler",
-            "@type": "RoutedHttpRequestHandler",
-            "routes": [
-              { "@id": "urn:uma:default:UmaConfigRoute" },
-              { "@id": "urn:uma:default:JwksRoute" },
-              { "@id": "urn:uma:default:TokenRoute" },
-              { "@id": "urn:uma:default:PolicyRoute" },
-              { "@id": "urn:uma:default:PermissionRegistrationRoute" },
-              { "@id": "urn:uma:default:ResourceRegistrationRoute" },
-              { "@id": "urn:uma:default:ResourceRegistrationOpsRoute" },
-              { "@id": "urn:uma:default:IntrospectionRoute" },
-              { "@id": "urn:uma:default:LogRoute" },
-              { "@id": "urn:uma:default:VCRoute" },
-              { "@id": "urn:uma:default:ContractRoute" }
-            ],
-            "defaultHandler": {
-              "@type": "DefaultRequestHandler"
+          "@id": "urm:uma:default:RouteHandler",
+          "@type": "WaterfallHandler",
+          "handlers": [
+            {
+              "comment": "Handles all JSON and form encoded input/output.",
+              "@id": "urm:uma:default:JsonFormHttpHandler",
+              "@type": "JsonFormHttpHandler",
+              "handler": {
+                "@id": "urn:uma:default:JsonRoutedHttpRequestHandler",
+                "@type": "RoutedHttpRequestHandler",
+                "routes": [
+                  { "@id": "urn:uma:default:UmaConfigRoute" },
+                  { "@id": "urn:uma:default:JwksRoute" },
+                  { "@id": "urn:uma:default:TokenRoute" },
+                  { "@id": "urn:uma:default:PermissionRegistrationRoute" },
+                  { "@id": "urn:uma:default:ResourceRegistrationRoute" },
+                  { "@id": "urn:uma:default:ResourceRegistrationOpsRoute" },
+                  { "@id": "urn:uma:default:IntrospectionRoute" },
+                  { "@id": "urn:uma:default:GetOnePolicyRoute"}
+                ]
+              }
+            },
+            {
+              "comment": "Handles all remaining output. These handlers have to handle input/output parsing themselves. TODO: At some point we want more generic conneg.",
+              "@id": "urn:uma:default:RawRoutedHttpRequestHandler",
+              "@type": "RoutedHttpRequestHandler",
+              "routes": [
+                { "@id": "urn:uma:default:ContractRoute" },
+                { "@id": "urn:uma:default:LogRoute" },
+                { "@id": "urn:uma:default:VCRoute" },
+                { "@id": "urn:uma:default:PolicyRoute" }
+              ]
+            },
+            {
+              "@type": "StaticThrowHandler",
+              "error": { "@type": "NotFoundHttpError" }
             }
-          }
+          ]
         }
       }
     },

diff --git a/packages/uma/config/policies/authorizers/default.json b/packages/uma/config/policies/authorizers/default.json
@@ -54,10 +54,7 @@
         "eyePath": { "@id": "urn:uma:variables:eyePath" },
         "policies": {
           "@id": "urn:uma:default:RulesStorage",
-          "@type": "DirectoryUCRulesStorage",
-          "directoryPath": {
-            "@id": "urn:uma:variables:policyDir"
-          }
+          "@type": "MemoryUCRulesStorage"
         }
       }
     }

diff --git a/packages/uma/config/routes/policies.json b/packages/uma/config/routes/policies.json
@@ -7,7 +7,8 @@
             "@id": "urn:uma:default:PolicyRoute",
             "@type": "HttpHandlerRoute",
             "methods": [
-                "GET"
+                "GET", 
+                "POST"
             ],
             "handler": {
                 "@type": "PolicyRequestHandler",
@@ -16,6 +17,20 @@
                 }
             },
             "path": "/uma/policies"
+        },
+        {
+            "@id": "urn:uma:default:GetOnePolicyRoute",
+            "@type": "HttpHandlerRoute",
+            "methods": [
+                "GET"
+            ],
+            "handler": {
+                "@type": "PolicyRequestHandler",
+                "storage": {
+                    "@id": "urn:uma:default:RulesStorage"
+                }
+            },
+            "path": "/uma/policies/{id}"
         }
     ]
 }
diff --git a/packages/uma/config/rules/odrl/addedRules.ttl b/packages/uma/config/rules/odrl/addedRules.ttl
@@ -0,0 +1,7 @@
+<http://example.org/usagePolicy4> a <http://www.w3.org/ns/odrl/2/Agreement>;
+    <http://www.w3.org/ns/odrl/2/permission> <http://example.org/permission4>.
+<http://example.org/permission4> a <http://www.w3.org/ns/odrl/2/Permission>;
+    <http://www.w3.org/ns/odrl/2/action> <http://www.w3.org/ns/odrl/2/read>;
+    <http://www.w3.org/ns/odrl/2/target> <http://localhost:3000/alice/other/resource.txt>;
+    <http://www.w3.org/ns/odrl/2/assignee> <https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me>;
+    <http://www.w3.org/ns/odrl/2/assigner> <https://pod.example.com/profile/card#me>.
diff --git a/packages/uma/src/routes/Policy.ts b/packages/uma/src/routes/Policy.ts
@@ -1,7 +1,8 @@
 import { BadRequestHttpError, getLoggerFor, MethodNotAllowedHttpError } from "@solid/community-server";
 import { UCRulesStorage } from "@solidlab/ucp";
 import { HttpHandlerContext, HttpHandlerResponse, HttpHandler, HttpHandlerRequest } from "../util/http/models/HttpHandler";
-import { getPolicies as getPolicies } from "../util/routeSpecific/policies/GetPolicies";
+import { getPolicies } from "../util/routeSpecific/policies/GetPolicies";
+import { addPolicies } from "../util/routeSpecific/policies/CreatePolicies";
 
 /**
  * Endpoint to handle policies, this implementation gives all policies that have the
@@ -22,7 +23,7 @@ export class PolicyRequestHandler extends HttpHandler {
      * (To be altered with actual Solid-OIDC)
      * 
      * @param request the request with the client 'id' as body
-     * @returns the client id
+     * @returns the client webID
      */
     protected getCredentials(request: HttpHandlerRequest): string {
         const header = request.headers['authorization'];
@@ -44,6 +45,7 @@ export class PolicyRequestHandler extends HttpHandler {
 
         switch (request.method) {
             case 'GET': return getPolicies(request, store, client);
+            case 'POST': return addPolicies(request, store, this.storage, client);
             // TODO: add other endpoints
             default: throw new MethodNotAllowedHttpError();
         }

diff --git a/packages/uma/src/util/http/server/RoutedHttpRequestHandler.ts b/packages/uma/src/util/http/server/RoutedHttpRequestHandler.ts
@@ -1,8 +1,15 @@
-import { getLoggerFor } from '@solid/community-server';
+import {
+  getLoggerFor,
+  InternalServerError,
+  MethodNotAllowedHttpError,
+  NotImplementedHttpError
+} from '@solid/community-server';
 import Template from 'uri-template-lite';
 import { HttpHandler, HttpHandlerContext, HttpHandlerResponse } from '../models/HttpHandler';
 import { HttpHandlerRoute } from '../models/HttpHandlerRoute';
 
+type RouteMatch = { parameters: Record<string, string>, route: HttpHandlerRoute };
+
 /**
  * A {@link HttpHandler} handling requests based on routes in a given list of {@link HttpHandlerRoute}s.
  * Route paths can contain variables as described in RFC 6570.
@@ -18,16 +25,17 @@ import { HttpHandlerRoute } from '../models/HttpHandlerRoute';
  * E.g., `http://example.com/foo/bar` will match the route template `/bar`.
  */
 export class RoutedHttpRequestHandler extends HttpHandler {
+  protected readonly logger = getLoggerFor(this);
 
   protected readonly routeMap: Map<Template, HttpHandlerRoute>;
-  protected readonly logger = getLoggerFor(this);
+  protected readonly handledRequests: WeakMap<HttpHandlerContext, RouteMatch>;
+
 
   /**
    * Creates a RoutedHttpRequestHandler, super calls the HttpHandler class and expects a list of HttpHandlerControllers.
    */
   constructor(
     routes: HttpHandlerRoute[],
-    protected readonly defaultHandler?: HttpHandler,
     onlyMatchTail = false,
   ) {
     super();
@@ -37,9 +45,10 @@ export class RoutedHttpRequestHandler extends HttpHandler {
       // Add a catchall variable to the front if only the URL tail needs to be matched.
       this.routeMap.set(new Template(onlyMatchTail ? `{_prefix}${route.path}` : route.path), route);
     }
+    this.handledRequests = new WeakMap();
   }
 
-  async handle(context: HttpHandlerContext): Promise<HttpHandlerResponse> {
+  public async canHandle(context: HttpHandlerContext): Promise<void> {
     const request = context.request;
     const path = request.url.pathname;
 
@@ -55,26 +64,24 @@ export class RoutedHttpRequestHandler extends HttpHandler {
     }
 
     if (!match) {
-      if (this.defaultHandler) {
-        this.logger.info(`No matching route found, calling default handler. ${path}`);
-        return this.defaultHandler.handleSafe(context);
-      } else {
-        this.logger.error(`No matching route found. ${path}`);
-        return { body: '', headers: {}, status: 404 };
-      }
+      throw new NotImplementedHttpError();
     }
 
     this.logger.debug(`Route matched: ${JSON.stringify({ path, parameters: match.parameters })}`);
 
     if (match.route.methods && !match.route.methods.includes(request.method)) {
       this.logger.info(`Operation not supported. Supported operations: ${ match.route.methods }`);
-      return {
-        status: 405,
-        headers: { 'allow': match.route.methods.join(', ') },
-        body: '',
-      };
+      throw new MethodNotAllowedHttpError([ request.method ]);
+    }
+    this.handledRequests.set(context, match);
+  }
+
+  public async handle(context: HttpHandlerContext): Promise<HttpHandlerResponse> {
+    const match = this.handledRequests.get(context);
+    if (!match) {
+      throw new InternalServerError('Calling handle without successful canHandle');
     }
-    request.parameters = { ...request.parameters, ...match.parameters };
+    context.request.parameters = { ...context.request.parameters, ...match.parameters };
 
     return match.route.handler.handleSafe(context);
   }

diff --git a/packages/uma/src/util/routeSpecific/policies/CreatePolicies.ts b/packages/uma/src/util/routeSpecific/policies/CreatePolicies.ts
@@ -1 +1,63 @@
-//TODO
+import { Store } from "n3";
+import { HttpHandlerRequest, HttpHandlerResponse } from "../../http/models/HttpHandler";
+import { namedNode, odrlAssigner } from "./PolicyUtil";
+import { BadRequestHttpError, InternalServerError } from "@solid/community-server";
+import { parseStringAsN3Store } from "koreografeye";
+import { UCRulesStorage } from "@solidlab/ucp";
+
+export async function addPolicies(request: HttpHandlerRequest, store: Store, storage: UCRulesStorage, clientId: string): Promise<HttpHandlerResponse<any>> {
+
+    // 1. Parse the requested policy
+
+    const contentType = request.headers['content-type'] ?? 'turtle';
+    // Regex check for content type (awaiting server implementation)
+    if (!/(?:n3|trig|turtle|nquads?|ntriples?)$/i.test(contentType)) {
+        throw new BadRequestHttpError(`Content-Type ${contentType} is not supported.`);
+    }
+
+    console.log("Requested Policy:", request.body)
+    let requestedPolicy;
+    if (Buffer.isBuffer(request.body)) {
+        requestedPolicy = request.body.toString('utf-8');
+        console.log('RDF body:', requestedPolicy);
+    } else {
+        throw new Error("Expected Buffer body");
+    }
+    let parsedPolicy: Store;
+    try {
+        parsedPolicy = await parseStringAsN3Store(requestedPolicy, { format: contentType });
+    } catch (error) {
+        throw new BadRequestHttpError(`Policy string can not be parsed: ${error}`)
+    }
+
+    // 2. Check if assigner is client
+    const matchingClient = parsedPolicy.getQuads(null, odrlAssigner, namedNode(clientId), null);
+    if (matchingClient.length === 0) {
+        throw new BadRequestHttpError(`Policy is not authorized correctly`);
+    }
+
+    // Making sure there are no rules added with other assigners then yourself
+    const allAssigners = parsedPolicy.getQuads(null, odrlAssigner, null, null);
+    if (allAssigners.length !== matchingClient.length) {
+        throw new BadRequestHttpError(`Policy is incorrectly built`);
+    }
+
+    // TODO: 3. Perform other validity checks
+
+    // Check if assigner of the policy has access to the target
+    // Check if there is at least one permission/prohibition/duty
+    // Check if every rule has a target
+    // ...
+
+    // 4. Add the policy to the rule storage
+    try {
+        await storage.addRule(parsedPolicy);
+    } catch (error) {
+        throw new InternalServerError("Failed to add policy");
+    }
+
+
+    return {
+        status: 201
+    }
+}