Fix critical and high-priority bugs

server/src/Client/OpenIDConnectClient.php

@@ -351,7 +351,15 @@ private function retrieve(string $key)
     {
         $value = Redis::get($key);
         if (Str::isJson($value)) {
-            $value = (object) json_decode($value);
+            $decoded = json_decode($value);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                Log::error('[JSON DECODE ERROR]', [
+                    'key' => $key,
+                    'error' => json_last_error_msg()
+                ]);
+                return null;
+            }
+            $value = (object) $decoded;
         }
 
         return $value;
@@ -709,6 +717,14 @@ private function loadDPoPKeyPair(): ?array
             }
 
             $keyData = json_decode(Storage::get($keyPath), true);
+
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                Log::error('[DPOP KEY JSON DECODE ERROR]', [
+                    'error' => json_last_error_msg(),
+                    'key_path' => $keyPath
+                ]);
+                return null;
+            }
 
             if (!$keyData || !isset($keyData['private_key'], $keyData['public_jwk'])) {
                 return null;

server/src/Services/PodService.php

@@ -51,7 +51,12 @@ public function createPod(SolidIdentity $identity, string $name, ?string $descri
      */
     private function getStorageUrlFromWebId(string $webId): string
     {
-        $parsed  = parse_url($webId);
+        $parsed = parse_url($webId);
+
+        if ($parsed === false || !isset($parsed['scheme'], $parsed['host'])) {
+            throw new \InvalidArgumentException("Invalid WebID format: {$webId}");
+        }
+
         $baseUrl = $parsed['scheme'] . '://' . $parsed['host'];
 
         if (isset($parsed['port'])) {
@@ -141,6 +146,11 @@ private function createPodInStorage(SolidIdentity $identity, string $storageUrl,
 
                 // Extract issuer from WebID URL
                 $parsed = parse_url($webId);
+
+                if ($parsed === false || !isset($parsed['scheme'], $parsed['host'])) {
+                    throw new \Exception("Invalid WebID format: {$webId}");
+                }
+
                 $issuer = $parsed['scheme'] . '://' . $parsed['host'];
                 if (isset($parsed['port'])) {
                     $issuer .= ':' . $parsed['port'];
@@ -352,6 +362,11 @@ public function getUserPods(SolidIdentity $identity): array
                 try {
                     // Extract issuer from WebID
                     $parsed = parse_url($webId);
+
+                    if ($parsed === false || !isset($parsed['scheme'], $parsed['host'])) {
+                        throw new \Exception("Invalid WebID format: {$webId}");
+                    }
+
                     $issuer = $parsed['scheme'] . '://' . $parsed['host'];
                     if (isset($parsed['port'])) {
                         $issuer .= ':' . $parsed['port'];
@@ -795,10 +810,14 @@ private function generatePodMetadata(string $name, ?string $description = null):
     public function getPodUrlFromWebId(string $webId): string
     {
         // Extract pod URL from WebID
-        // WebID format: http://solid:3000/test/profile/card#me
-        // Pod URL: http://solid:3000/test/
+        // WebID format: https://example-solid-server.com/username/profile/card#me
+        // Pod URL: https://example-solid-server.com/username/
 
         $parsed = parse_url($webId);
+
+        if ($parsed === false || !isset($parsed['scheme'], $parsed['host'])) {
+            throw new \InvalidArgumentException("Invalid WebID format: {$webId}");
+        }
         $path = $parsed['path'] ?? '';
 
         // Remove /profile/card from the path

server/src/Support/Utils.php

@@ -48,10 +48,22 @@ public static function searchPods(array $data = [], string $key, string $value,
     /**
      * Get the Solid server URL from configuration.
      *
+     * Constructs the URL from individual server configuration components.
+     *
      * @return string
      */
     public static function getSolidServerUrl(): string
     {
-        return config('solid.server.url', 'http://localhost:3000');
+        $host = config('solid.server.host', 'http://localhost');
+        $port = config('solid.server.port', 3000);
+        $secure = config('solid.server.secure', false);
+
+        // Remove protocol from host if present
+        $host = preg_replace('#^.*://#', '', $host);
+
+        // Construct URL with proper protocol
+        $protocol = $secure ? 'https' : 'http';
+
+        return "{$protocol}://{$host}:{$port}";
     }
 }