diff --git a/config/default.json b/config/default.json index 6a213cd474..ad353cdf5c 100644 --- a/config/default.json +++ b/config/default.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/memory.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/dynamic.json b/config/dynamic.json index eb1429a157..bdcd5e865a 100644 --- a/config/dynamic.json +++ b/config/dynamic.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/dynamic.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/example-https-file.json b/config/example-https-file.json index bb913f216c..00ecbf0ffc 100644 --- a/config/example-https-file.json +++ b/config/example-https-file.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/file.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/file.json b/config/file.json index befd58868b..d64336f23b 100644 --- a/config/file.json +++ b/config/file.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/file.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/ldp/authorization/webacl.json b/config/ldp/authorization/webacl.json index 6026d8cfa0..6554811168 100644 --- a/config/ldp/authorization/webacl.json +++ b/config/ldp/authorization/webacl.json @@ -9,6 +9,12 @@ "@id": "urn:solid-server:default:Authorizer", "@type": "WaterfallHandler", "handlers": [ + { + "comment": "This authorizer will be used to prevent external access to containers used for internal storage.", + "@id": "urn:solid-server:default:PathBasedAuthorizer", + "@type": "PathBasedAuthorizer", + "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" } + }, { "comment": "This authorizer makes sure that for auxiliary resources, the main authorizer gets called with the associated identifier.", "@type": "AuxiliaryAuthorizer", diff --git a/config/memory-subdomains.json b/config/memory-subdomains.json index 2a495e03d3..b1f35cab50 100644 --- a/config/memory-subdomains.json +++ b/config/memory-subdomains.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/memory.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/subdomain.json", diff --git a/config/path-routing.json b/config/path-routing.json index 67e3df9175..1da9fc3352 100644 --- a/config/path-routing.json +++ b/config/path-routing.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/regex.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/sparql-endpoint.json b/config/sparql-endpoint.json index 284d41bae3..5966d1c053 100644 --- a/config/sparql-endpoint.json +++ b/config/sparql-endpoint.json @@ -19,7 +19,7 @@ "files-scs:config/ldp/metadata-writer/default.json", "files-scs:config/ldp/permissions/acl.json", "files-scs:config/storage/backend/sparql.json", - "files-scs:config/storage/key-value/memory.json", + "files-scs:config/storage/key-value/resource-store.json", "files-scs:config/storage/middleware/default.json", "files-scs:config/util/auxiliary/acl.json", "files-scs:config/util/identifiers/suffix.json", diff --git a/config/storage/key-value/resource-store.json b/config/storage/key-value/resource-store.json index 3394b2d402..b522ec7afa 100644 --- a/config/storage/key-value/resource-store.json +++ b/config/storage/key-value/resource-store.json @@ -22,6 +22,20 @@ "source": { "@id": "urn:solid-server:default:ResourceStore" }, "baseUrl": { "@id": "urn:solid-server:default:variable:baseUrl" }, "container": "/idp/data/" + }, + { + "comment": "Block external access to the storage containers to avoid exposing internal data.", + "@id": "urn:solid-server:default:PathBasedAuthorizer", + "PathBasedAuthorizer:_paths": [ + { + "PathBasedAuthorizer:_paths_key": "^/locks(/.*)?$", + "PathBasedAuthorizer:_paths_value": { "@type": "DenyAllAuthorizer" } + }, + { + "PathBasedAuthorizer:_paths_key": "^/idp/data(/.*)?$", + "PathBasedAuthorizer:_paths_value": { "@type": "DenyAllAuthorizer" } + } + ] } ] }