The Solid Shop is a user-powered shopping ecosystem by use of SOLID PODs. This brings all parts together.
- Extra steps related to the payment service provider Mollie for the mollie-payment-service.
- Install ngrok
ngrok http 4200
to start ngrok so Mollie can reach your dev setup of frontend-solid-shop.- Change the
MOLLIE_REDIRECT_URL
andMOLLIE_BASE_WEBHOOK_URL
in thedocker-compose.yml
to match the ngrok urls - Change the
ESS_CLIENT_ID
,ESS_CLIENT_SECRET
andESS_IDP
in thedocker-compose.yml
, see "Setup ESS" below for more information - # at Mollie and get your API key
- (At the end, fill in your API key via the profile page and/or the
MOLLIE_API_KEY
environment variable, see "Mollie API Key" below for more information)
docker-compose up -d
to start the related services
When developing, you might want to directly have the changes in the services available in your local stack.
To do this, you can create a docker-compose.override.yml
file and put the changes in there.
An example on how to do this is shown below.
# This will automatically detect changes and restart the service
order:
image: semtech/mu-javascript-template
volumes:
- ../solid-shop-order-service/:/app/:cached
# This will build the image from the local source, use `docker-compose build` together with `docker-compose up -d` to restart the service
payments:
build:
context: ../mollie-payment-service
dockerfile: Dockerfile
- frontend-solid-shop: The frontend of the Solid Shop
- solid-shop-order-service: The order service of the Solid Shop, functions quite like the backend of the Solid Shop
- solid-sync-service: Synchronize data between the user's Solid PODs and the triple store
- mollie-payment-service: Handles the payments of the Solid Shop via Mollie
- mu-search: Provides fuzzy search for the offerings in the Solid Shop
- mu-search-elastic-backend: The Elasticsearch backend of the mu-search service
- delta-notifier: Notifies the Solid Shop about changes in the triple store, used for e.g. the tasks and the search
- file-service: Handles the image uploads on product creation and update
- docker-virtuoso: The virtuoso service for the triple store, where the Solid Shop data is stored
- mu-authorization: Provides authorization for the Solid Shop, so not everyone can e.g. access the secret keys and other information
- mu-identifier: Handles session identification
- mu-dispatcher: Dispatches requests to the right microservices
We make use of Conventional Commits.
When making changes to a pull request, we prefer to update the existing commits with a rebase instead of appending new commits.
The project board of this project can be found here.
Questions? Join our Matrix room #solid-shop.
Below, the payments flow and communication between the frontend and the different services is specified.
- frontend ---> order
- initiate order, send back
orderId
- initiate order, send back
- order ---> sync
- via task
- send
orderId
asext:order
triple - query triple store and accordingly update user PODs
- frontend ---> payment
- location rewrite: user goes to payment service
- send
orderId
, initiate payment, save payment info to triple store
- payment ---> mollie
- location rewrite: user goes to Mollie checkout page to pay
- handle payment
- mollie ---> frontend
- location rewrite: user goes back to application frontend
- go to redirect url
- mollie ---> payment
- call callback url (sends
orderId
), update payment info in triple store (addpaymentId
, updateorderStatus
) by querying Mollie API
- call callback url (sends
- payment ---> order
- gives the chance to do extra stuff, and sends a task to the sync service to update the user PODs
- order ---> sync
- via task
- send
orderId
asext:order
triple - query triple store and accordingly update buyer and seller PODs
You can specify the application's Mollie API key via the MOLLIE_API_KEY
environment variable in the docker-compose.yml
file.
It will use this API key to handle payments if there is no Mollie API key specified for the seller in the triple store.
However, specifying a Mollie API key for the seller in the triple store (?sellerWebId ext:mollieApiKey ?mollieApiKey
) will override the default API key, letting the buyer directly pay to the seller.
The Solid Shop uses the solid-sync-service to update the user PODs. To let the Solid Sync Service know what and when to update, it sends a task via the delta-notifier.
The used tasks in the Solid Shop are described as follows:
?task a ext:Task;
ext:taskType ?taskType;
ext:dataFlow ?dataFlow;
ext:taskStatus "pending".
OPTIONAL { ?task ext:order ?orderId. } # in case the task is related to an order creation or update, ?dataFlow = "DbToPod"
OPTIONAL { ?task ext:pod ?pod; ext:webId ?webId. } # in case the task is related to a DB update, ?dataFlow = "PodToDb"
VALUES ?taskType { ext:SavedOrderTask ext:UpdatedOrderTask ext:SyncOfferingsTask }
To be able to read and write to the specific resources in the user's POD, authentication and permissions to those resources are required. As there is no Solid spec for this yet at the time of writing, non-spec behavior is used from the supported servers.
To authenticate once:
- user ---> frontend
- enters
email
,password
andIDP URL
- enters
- frontend ---> CSS IDP
- sends
email
,password
andname='solid-shop'
to the CSS IDP at${IDPURL}/idp/credentials
- generates a token
- sends back the client id and client secret
- sends
- frontend ---> sync
- sends
clientWebId
,clientId
,clientSecret
,idpUrl
andidpType='css'
to the solid-sync-service at/auth/credentials
- saves the credentials to the triple store
- sends
On reading from or writing to the user's POD:
- sync ---> CSS IDP
- sends
clientId
,clientSecret
to the CSS IDP at${IDPURL}/.oidc/token
- requests access token
- sends
- sync ---> user's POD
- uses the access token to send authenticated requests to the user's POD
Uses Access Policies: Universal API in the frontend and Authenticate with Statically Registered Client Credentials in the backend.
To authenticate once:
- user ---> frontend
- clicks the
Login
button
- clicks the
- frontend ---> sync
- GET /auth/ess/webId
- gets the application's ESS WebId which is needed in the next step
- frontend ---> ESS IDP
- sends access requests using the
@inrupt/solid-client
library for the needed resources
- sends access requests using the
- frontend ---> sync
- sends
clientWebId
andidpType='ess'
to the solid-sync-service at/auth/credentials
- saves the credentials (just
idpType
for ESS) to the triple store
- sends
On reading from or writing to the user's POD:
- sync ---> user's POD
- on startup of the solid-sync-service, it will log in and create an authenticated session using the
ESS_CLIENT_ID
andESS_CLIENT_SECRET
environment variables which will then be used to send authenticated requests to the user's POD - uses the authenticated session to send authenticated requests to the user's POD
- on startup of the solid-sync-service, it will log in and create an authenticated session using the
To be able to support ESS POD users, you have to register your application with the ESS IDP. You can do this at Inrupt Application Registration.
Then, you should fill in the ESS_CLIENT_ID
and ESS_CLIENT_SECRET
environment variables in the docker-compose.yml
file. Also change the ESS_IDP
environment variable if you had used another ESS IDP.