Release version 5.3.0

Author: namedgraph

CHANGELOG.md

@@ -1,3 +1,31 @@
+## [5.3.0] - 2026-03-05
+### Added
+- Class-based navigation (#270)
+- `VARNISH_*_BACKEND_PORT` env params for configurable Varnish backend ports
+- Bearer auth token support in entrypoint; service credentials moved to `secrets/credentials.trig`
+- `gsp_append_quads` function in the entrypoint
+- New ACL HTTP tests for system endpoints
+- Ignored paths in `OntologyFilter` (#269)
+
+### Changed
+- Renamed `DirectGraphStoreImpl` to `DocumentHierarchyGraphStoreImpl`
+- Dataspace nav list now visible for unauthenticated agents
+- Client-side SPARQL query execution uses `POST` instead of `GET`
+- Full context dataset now passed to XSLT
+- Introduced `ServiceContext` to decouple HTTP infrastructure from `Service`
+- Split dataspace metadata from service metadata in configuration
+- Moved types to `system.trig`; `lapp:endUserApplication`/`lapp:adminApplication` now inferred on the fly
+- Refactored CSV/RDF import scripts
+
+### Fixed
+- UTF-8 charset handling for text-based media types in uploaded files
+- Fixed links to the admin app
+- URI resolution fix in `AuthorizationFilter`
+- Left sidebar CSS fixes
+
+### Removed
+- Removed system endpoint resources from default RDF datasets
+
 ## [5.2.1] - 2026-01-20
 ### Changed
 - Package view rendering refactored to use type-driven discovery with `ldh:view`/`ldh:inverseView` properties matching resource types against `rdfs:domain`/`rdfs:range` constraints

CLAUDE.md

@@ -17,6 +17,8 @@ LinkedDataHub uses Maven as the primary build system with Docker for containeriz
 docker-compose up --build
 ```
 
+Service credentials (used by the entrypoint for Bearer auth) are stored in `secrets/credentials.trig`.
+
 ### Core Build Commands
 ```bash
 # Maven build (Java 17 required)
@@ -74,6 +76,10 @@ find ./document-hierarchy/ -name '*.sh' -exec bash {} \;
 - File upload and content-addressed storage
 - Transformation and generation utilities
 
+#### Service Layer
+- `ServiceContext` decouples HTTP infrastructure from `Service`, holding dataspace and service metadata separately
+- Dataspace metadata and service metadata are split in configuration; types for `lapp:endUserApplication`/`lapp:adminApplication` are inferred on the fly from `system.trig`
+
 ### Service Architecture
 The application runs as a multi-container setup:
 - **nginx**: Reverse proxy and SSL termination

Dockerfile

@@ -89,7 +89,9 @@ ENV SIGN_UP_CERT_VALIDITY=
 
 ENV LOAD_DATASETS=
 
-ENV CONTEXT_DATASET_URL=file:///var/linkeddatahub/datasets/system.trig
+ENV CONTEXT_DATASET_URL=file:///var/linkeddatahub/datasets/dataspaces.trig
+
+ENV SERVICES_DATASET_URL=file:///var/linkeddatahub/datasets/system.trig
 
 ENV ADMIN_DATASET_URL=file:///var/linkeddatahub/datasets/admin.trig
 

Makefile

@@ -0,0 +1,17 @@
+.PHONY: sef drop cert release
+
+# Generate Saxon-JS SEF files for client-side XSLT transformations
+sef:
+	./generate-sef.sh
+
+# Wipe local data directories (datasets, Fuseki, SSL certs, uploads) — irreversible!
+drop:
+	@read -p "Are you sure? [y/N] " ans && [ "$$ans" = "y" ] && sudo rm -rf datasets fuseki ssl uploads || echo "Aborted."
+
+# Generate server SSL certificate using the .env config
+cert:
+	./bin/server-cert-gen.sh .env nginx ssl
+
+# Run the full Maven release process (prepare, deploy to Sonatype, merge to master/develop)
+release:
+	./release.sh

bin/imports/create-query.sh bin/add-construct.shbin/imports/create-query.sh renamed to bin/add-construct.sh

@@ -5,28 +5,24 @@ print_usage()
 {
     printf "Creates a SPARQL CONSTRUCT query.\n"
     printf "\n"
-    printf "Usage:  %s options\n" "$0"
+    printf "Usage:  %s options TARGET_URI\n" "$0"
     printf "\n"
     printf "Options:\n"
     printf "  -f, --cert-pem-file CERT_FILE        .pem file with the WebID certificate of the agent\n"
     printf "  -p, --cert-password CERT_PASSWORD    Password of the WebID certificate\n"
     printf "  -b, --base BASE_URI                  Base URI of the application\n"
     printf "  --proxy PROXY_URL                    The host this request will be proxied through (optional)\n"
     printf "\n"
-    printf "  --title TITLE                        Title of the chart\n"
-    printf "  --description DESCRIPTION            Description of the chart (optional)\n"
-    printf "  --slug STRING                        String that will be used as URI path segment (optional)\n"
+    printf "  --title TITLE                        Title of the query\n"
+    printf "  --description DESCRIPTION            Description of the query (optional)\n"
+    printf "  --uri URI                            URI of the query (optional)\n"
     printf "\n"
     printf "  --query-file ABS_PATH                Absolute path to the text file with the SPARQL query string\n"
+    printf "  --service SERVICE_URI                URI of the SPARQL service specific to this query (optional)\n"
 }
 
 hash turtle 2>/dev/null || { echo >&2 "turtle not on \$PATH.  Aborting."; exit 1; }
 
-urlencode() {
-  python -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], sys.argv[2]))' \
-    "$1" "$urlencode_safe"
-}
-
 args=()
 while [[ $# -gt 0 ]]
 do
@@ -63,8 +59,8 @@ do
         shift # past argument
         shift # past value
         ;;
-        --slug)
-        slug="$2"
+        --uri)
+        uri="$2"
         shift # past argument
         shift # past value
         ;;
@@ -73,6 +69,11 @@ do
         shift # past argument
         shift # past value
         ;;
+        --service)
+        service="$2"
+        shift # past argument
+        shift # past value
+        ;;
         *)    # unknown arguments
         args+=("$1") # save it in an array for later
         shift # past argument
@@ -81,6 +82,8 @@ do
 done
 set -- "${args[@]}" # restore args
 
+target="$1"
+
 if [ -z "$cert_pem_file" ] ; then
     print_usage
     exit 1
@@ -102,43 +105,38 @@ if [ -z "$query_file" ] ; then
     exit 1
 fi
 
-if [ -z "$slug" ] ; then
-    slug=$(uuidgen | tr '[:upper:]' '[:lower:]') # lowercase
-fi
-encoded_slug=$(urlencode "$slug")
-
-container="${base}queries/"
 query=$(<"$query_file") # read query string from file
 
-target="${container}${encoded_slug}/"
-
 args+=("-f")
 args+=("$cert_pem_file")
 args+=("-p")
 args+=("$cert_password")
 args+=("-t")
 args+=("text/turtle") # content type
-args+=("$target")
 if [ -n "$proxy" ]; then
     args+=("--proxy")
     args+=("$proxy")
 fi
 
+if [ -n "$uri" ] ; then
+    subject="<${uri}>"
+else
+    subject="_:subject"
+fi
+
 turtle+="@prefix ldh:	<https://w3id.org/atomgraph/linkeddatahub#> .\n"
-turtle+="@prefix dh:	<https://www.w3.org/ns/ldt/document-hierarchy#> .\n"
 turtle+="@prefix dct:	<http://purl.org/dc/terms/> .\n"
-turtle+="@prefix foaf:	<http://xmlns.com/foaf/0.1/> .\n"
 turtle+="@prefix sp:	<http://spinrdf.org/sp#> .\n"
-turtle+="_:query a sp:Construct .\n"
-turtle+="_:query dct:title \"${title}\" .\n"
-turtle+="_:query sp:text \"\"\"${query}\"\"\" .\n"
-turtle+="<${target}> a dh:Item .\n"
-turtle+="<${target}> foaf:primaryTopic _:query .\n"
-turtle+="<${target}> dct:title \"${title}\" .\n"
+turtle+="${subject} a sp:Construct .\n"
+turtle+="${subject} dct:title \"${title}\" .\n"
+turtle+="${subject} sp:text \"\"\"${query}\"\"\" .\n"
 
+if [ -n "$service" ] ; then
+    turtle+="${subject} ldh:service <${service}> .\n"
+fi
 if [ -n "$description" ] ; then
-    turtle+="_:query dct:description \"${description}\" .\n"
+    turtle+="${subject} dct:description \"${description}\" .\n"
 fi
 
 # submit Turtle doc to the server
-echo -e "$turtle" | turtle --base="$target" | put.sh "${args[@]}"
+echo -e "$turtle" | turtle --base="$target" | post.sh "${args[@]}"

bin/imports/create-file.sh bin/add-file.shbin/imports/create-file.sh renamed to bin/add-file.sh

@@ -5,7 +5,7 @@ print_usage()
 {
     printf "Uploads a file.\n"
     printf "\n"
-    printf "Usage:  %s options\n" "$0"
+    printf "Usage:  %s options TARGET_URI\n" "$0"
     printf "\n"
     printf "Options:\n"
     printf "  -f, --cert-pem-file CERT_FILE        .pem file with the WebID certificate of the agent\n"
@@ -14,22 +14,14 @@ print_usage()
     printf "  --proxy PROXY_URL                    The host this request will be proxied through (optional)\n"
     printf "\n"
     printf "  --title TITLE                        Title of the file\n"
-    printf "  --container CONTAINER_URI            URI of the parent container (optional)\n"
     printf "  --description DESCRIPTION            Description of the file (optional)\n"
-    printf "  --slug STRING                        String that will be used as URI path segment (optional)\n"
     printf "\n"
     printf "  --file ABS_PATH                      Absolute path to the file\n"
-    printf "  --file-content-type MEDIA_TYPE       Media type of the file (optional)\n"
-    #printf "  --file-slug STRING                   String that will be used as the file's URI path segment (optional)\n"
+    printf "  --content-type MEDIA_TYPE            Media type of the file (optional)\n"
 }
 
 hash curl 2>/dev/null || { echo >&2 "curl not on \$PATH. Aborting."; exit 1; }
 
-urlencode() {
-  python -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], sys.argv[2]))' \
-    "$1" "$urlencode_safe"
-}
-
 args=()
 while [[ $# -gt 0 ]]
 do
@@ -66,28 +58,13 @@ do
         shift # past argument
         shift # past value
         ;;
-        --slug)
-        slug="$2"
-        shift # past argument
-        shift # past value
-        ;;
-        --container)
-        container="$2"
-        shift # past argument
-        shift # past value
-        ;;
         --file)
         file="$2"
         shift # past argument
         shift # past value
         ;;
-        --file-content-type)
-        file_content_type="$2"
-        shift # past argument
-        shift # past value
-        ;;
-        --file-slug)
-        file_slug="$2"
+        --content-type)
+        content_type="$2"
         shift # past argument
         shift # past value
         ;;
@@ -99,6 +76,8 @@ do
 done
 set -- "${args[@]}" # restore args
 
+target="$1"
+
 if [ -z "$cert_pem_file" ] ; then
     print_usage
     exit 1
@@ -119,50 +98,23 @@ if [ -z "$file" ] ; then
     print_usage
     exit 1
 fi
-if [ -z "$file_content_type" ] ; then
+if [ -z "$content_type" ] ; then
     # determine content-type if not provided
-    file_content_type=$(file -b --mime-type "$file")
+    content_type=$(file -b --mime-type "$file")
 fi
 
-if [ -z "$slug" ] ; then
-    slug=$(uuidgen | tr '[:upper:]' '[:lower:]') # lowercase
-fi
-encoded_slug=$(urlencode "$slug")
-
-# need to create explicit file URI since that is what this script returns (not the graph URI)
-
-#if [ -z "$file_slug" ] ; then
-#    file_slug=$(uuidgen | tr '[:upper:]' '[:lower:]') # lowercase
-#fi
-
-if [ -z "$container" ] ; then
-    container="${base}files/"
-fi
-
-target="${container}${encoded_slug}/"
-
 # https://stackoverflow.com/questions/19116016/what-is-the-right-way-to-post-multipart-form-data-using-curl
 
 rdf_post+="-F \"rdf=\"\n"
 rdf_post+="-F \"sb=file\"\n"
 rdf_post+="-F \"pu=http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#fileName\"\n"
-rdf_post+="-F \"ol=@${file};type=${file_content_type}\"\n"
+rdf_post+="-F \"ol=@${file};type=${content_type}\"\n"
 rdf_post+="-F \"pu=http://purl.org/dc/terms/title\"\n"
 rdf_post+="-F \"ol=${title}\"\n"
 rdf_post+="-F \"pu=http://www.w3.org/1999/02/22-rdf-syntax-ns#type\"\n"
 rdf_post+="-F \"ou=http://www.semanticdesktop.org/ontologies/2007/03/22/nfo#FileDataObject\"\n"
-rdf_post+="-F \"su=${target}\"\n"
-rdf_post+="-F \"pu=http://purl.org/dc/terms/title\"\n"
-rdf_post+="-F \"ol=${title}\"\n"
-rdf_post+="-F \"pu=http://www.w3.org/1999/02/22-rdf-syntax-ns#type\"\n"
-rdf_post+="-F \"ou=https://www.w3.org/ns/ldt/document-hierarchy#Item\"\n"
-rdf_post+="-F \"pu=http://xmlns.com/foaf/0.1/primaryTopic\"\n"
-rdf_post+="-F \"ob=file\"\n"
-rdf_post+="-F \"pu=http://rdfs.org/sioc/ns#has_container\"\n"
-rdf_post+="-F \"ou=${container}\"\n"
 
 if [ -n "$description" ] ; then
-    rdf_post+="-F \"sb=file\"\n"
     rdf_post+="-F \"pu=http://purl.org/dc/terms/description\"\n"
     rdf_post+="-F \"ol=${description}\"\n"
 fi
@@ -176,14 +128,5 @@ if [ -n "$proxy" ]; then
     target="${target/$target_host/$proxy_host}"
 fi
 
-# POST RDF/POST multipart form and capture the effective URL
-effective_url=$(echo -e "$rdf_post" | curl -w '%{url_effective}' -f -v -s -k -X PUT -H "Accept: text/turtle" -E "$cert_pem_file":"$cert_password" -o /dev/null --config - "$target")
-
-# If using proxy, rewrite the effective URL back to original hostname
-if [ -n "$proxy" ]; then
-    # Replace proxy host with original host in the effective URL
-    rewritten_url="${effective_url/$proxy_host/$target_host}"
-    echo "$rewritten_url"
-else
-    echo "$effective_url"
-fi
+# POST RDF/POST multipart form
+echo -e "$rdf_post" | curl -f -v -s -k -X POST -H "Accept: text/turtle" -E "$cert_pem_file":"$cert_password" -o /dev/null --config - "$target"