Expand description
§solid-pod-rs-server
Drop-in Solid Pod server binary wrapping
solid-pod-rs with
actix-web. This crate is both a
library (for integration-test reuse) and a binary.
§Public types
AppState— Shared actix-web application state (storage, dotfile policy, body cap).build_app— Builds the fully-configuredactix_web::Appwith all routes and middleware.NodeInfoMeta— NodeInfo 2.1 metadata inputs.PathTraversalGuard— Middleware that rejects..path-traversal attempts.DotfileGuard— Middleware that enforces the dotfile allowlist.ErrorLoggingMiddleware— Middleware that logs 5xx responses with full error chains.body_cap_from_env— ReadsJSS_MAX_REQUEST_BODYfrom the environment.cli— CLI argument definitions (clap derive).
§Route table
| Method | Path | Handler |
|---|---|---|
| GET/HEAD | /{tail:.*} | handle_get |
| GET | /{folder}/* | Glob merged Turtle |
| PUT | /{tail:.*} | handle_put |
| PUT | /{tail:.*}/ + Link: BasicContainer | Container creation |
| POST | /{tail:.*}/ | handle_post |
| PATCH | /{tail:.*} | handle_patch |
| DELETE | /{tail:.*} | handle_delete |
| COPY | /{tail:.*} + Source header | handle_copy |
| OPTIONS | /{tail:.*} | handle_options |
| POST | /api/accounts/new | Pod provisioning |
| GET | /pods/check/{name} | Pod existence check |
| POST | /login/password | Credentials login |
| POST | /account/password/reset | Password reset |
| POST | /account/password/change | Password change |
| GET | /.well-known/solid | Solid discovery |
| GET | /.well-known/webfinger | WebFinger JRD |
| GET | /.well-known/nodeinfo | NodeInfo discovery |
| GET | /.well-known/nodeinfo/2.1 | NodeInfo 2.1 |
| GET | /.well-known/did/nostr/{pubkey}.json | DID:nostr document |
§Middleware stack (applied in order)
NormalizePath– collapse//and decode %-encoded segments.PathTraversalGuard– defence-in-depth..re-check.DotfileGuard– rejects.envetc unless on the allowlist.PayloadConfig– enforcesJSS_MAX_REQUEST_BODYbody cap.ErrorLoggingMiddleware– structured 5xx logging.- WAC-on-write – PUT/POST/PATCH/DELETE require a write/append grant.
§solid-pod-rs-server
Binary distribution of solid-pod-rs — a drop-in
JSS replacement that runs as a single static-ish Rust binary.
§Install
Once published to crates.io (target: v0.4.0):
cargo install solid-pod-rs-server
solid-pod-rs-server --config config.jsonUntil then, build from source:
cargo build --release -p solid-pod-rs-server
./target/release/solid-pod-rs-server --help§Architecture
This crate is a thin binary shell over solid-pod-rs.
Per ADR-056 §D3 (F7 library-server split):
solid-pod-rs— pure library. No#[tokio::main], noactix-web::HttpServer. Framework-agnostic.solid-pod-rs-server(this crate) — owns the actix-web HTTP server, the tokio runtime, clap CLI, the F6 layered config loader, and signal handling. Depends on the library and wires itsPodService-style primitives into concrete HTTP routes.
§Configuration
Configuration is loaded by solid_pod_rs::config::ConfigLoader
(F6, PRD §F6). Precedence (later overrides earlier):
Defaults < File < EnvVars < CLI flagsSee crates/solid-pod-rs/src/config/sources.rs
for the full JSS_* environment variable table.
§Feature flags
This binary enables the following solid-pod-rs features by default:
| Feature | Purpose |
|---|---|
fs-backend | Filesystem storage (JSS default) |
memory-backend | In-memory storage (test / dev) |
config-loader | F6 layered config loader |
legacy-notifications | F3 solid-0.1 WS notifications adapter |
Other feature flags (oidc, dpop-replay-cache, nip98-schnorr,
s3-backend) can be opted into by the operator via a custom build.
§Licence
AGPL-3.0-only. See LICENSE. Operating this binary as a
network service triggers AGPL §13 source-disclosure obligations.
§Sibling crates (all functional)
solid-pod-rs-activitypub— ActivityPub federation (4,453 LOC)solid-pod-rs-git— Git HTTP backend (1,685 LOC)solid-pod-rs-idp— Solid-OIDC identity provider (6,160 LOC)solid-pod-rs-nostr— did:nostr + embedded Nostr relay (2,177 LOC)solid-pod-rs-didkey— did:key (Ed25519/P-256/secp256k1) + JWT (1,167 LOC)
Modules§
- cli
- CLI argument definitions (clap derive structs). Operator CLI subcommands — Sprint 11 rows 138, 163, 168.
Structs§
- AppState
- Actix-web shared state.
- Dotfile
Guard - Actix middleware that blocks dotfile paths unless they appear on the allowlist.
- Dotfile
Guard Middleware - Per-request service instance produced by
DotfileGuard. - Error
Logging Middleware - Observes outbound responses and logs 5xx results with the full
error chain. Pass-through on 2xx/3xx/4xx. Shaped as an actix
Transformso it slots into the middleware stack inbuild_app. - Error
Logging Middleware Service - Per-request service instance produced by
ErrorLoggingMiddleware. - Node
Info Meta - NodeInfo 2.1 body inputs. Kept here so tests can override them.
- Path
Traversal Guard - Actix middleware that rejects requests containing
..path-traversal sequences. - Path
Traversal Guard Middleware - Per-request service instance produced by
PathTraversalGuard.
Constants§
- DEFAULT_
BODY_ CAP - Discover the body cap from the environment. Accepts values like
50MB,1.5GB, or a bare integer (bytes). Falls back to 50 MiB.
Functions§
- body_
cap_ from_ env - Read
JSS_MAX_REQUEST_BODYand parse viaparse_size. On any failure, returnsDEFAULT_BODY_CAP. - build_
app - Build the complete actix
Appfor the Solid Pod server. Both the binary (main.rs) and the workspace integration tests call this.