@character-foundry/character-foundry 0.4.3-dev.1766103111 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/charx.cjs +52 -85
- package/dist/charx.cjs.map +1 -1
- package/dist/charx.d.cts +22 -22
- package/dist/charx.d.ts +22 -22
- package/dist/charx.js +52 -85
- package/dist/charx.js.map +1 -1
- package/dist/exporter.cjs +54 -104
- package/dist/exporter.cjs.map +1 -1
- package/dist/exporter.d.cts +19 -19
- package/dist/exporter.d.ts +19 -19
- package/dist/exporter.js +54 -104
- package/dist/exporter.js.map +1 -1
- package/dist/federation.cjs +36 -104
- package/dist/federation.cjs.map +1 -1
- package/dist/federation.d.cts +19 -54
- package/dist/federation.d.ts +19 -54
- package/dist/federation.js +36 -104
- package/dist/federation.js.map +1 -1
- package/dist/index.cjs +54 -104
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +29 -29
- package/dist/index.d.ts +29 -29
- package/dist/index.js +54 -104
- package/dist/index.js.map +1 -1
- package/dist/loader.cjs +31 -171
- package/dist/loader.cjs.map +1 -1
- package/dist/loader.d.cts +23 -37
- package/dist/loader.d.ts +23 -37
- package/dist/loader.js +31 -171
- package/dist/loader.js.map +1 -1
- package/dist/lorebook.d.cts +23 -23
- package/dist/lorebook.d.ts +23 -23
- package/dist/normalizer.cjs +18 -72
- package/dist/normalizer.cjs.map +1 -1
- package/dist/normalizer.d.cts +37 -37
- package/dist/normalizer.d.ts +37 -37
- package/dist/normalizer.js +18 -72
- package/dist/normalizer.js.map +1 -1
- package/dist/png.cjs +18 -72
- package/dist/png.cjs.map +1 -1
- package/dist/png.d.cts +25 -25
- package/dist/png.d.ts +25 -25
- package/dist/png.js +18 -72
- package/dist/png.js.map +1 -1
- package/dist/schemas.cjs +23 -80
- package/dist/schemas.cjs.map +1 -1
- package/dist/schemas.d.cts +67 -85
- package/dist/schemas.d.ts +67 -85
- package/dist/schemas.js +23 -80
- package/dist/schemas.js.map +1 -1
- package/dist/voxta.cjs +20 -91
- package/dist/voxta.cjs.map +1 -1
- package/dist/voxta.d.cts +23 -23
- package/dist/voxta.d.ts +23 -23
- package/dist/voxta.js +20 -91
- package/dist/voxta.js.map +1 -1
- package/package.json +5 -5
package/dist/federation.cjs
CHANGED
|
@@ -50,7 +50,6 @@ __export(federation_exports, {
|
|
|
50
50
|
createAnnounceActivity: () => createAnnounceActivity,
|
|
51
51
|
createArchiveAdapter: () => createArchiveAdapter,
|
|
52
52
|
createBlockActivity: () => createBlockActivity,
|
|
53
|
-
createConsoleLogger: () => createConsoleLogger,
|
|
54
53
|
createCreateActivity: () => createCreateActivity,
|
|
55
54
|
createDeleteActivity: () => createDeleteActivity,
|
|
56
55
|
createFlagActivity: () => createFlagActivity,
|
|
@@ -65,7 +64,6 @@ __export(federation_exports, {
|
|
|
65
64
|
enableFederation: () => enableFederation,
|
|
66
65
|
generateActivityId: () => generateActivityId,
|
|
67
66
|
generateCardId: () => generateCardId,
|
|
68
|
-
getFederationLogger: () => getLogger,
|
|
69
67
|
handleActor: () => handleActor,
|
|
70
68
|
handleInbox: () => handleInbox,
|
|
71
69
|
handleNodeInfo: () => handleNodeInfo,
|
|
@@ -78,8 +76,6 @@ __export(federation_exports, {
|
|
|
78
76
|
parseForkActivity: () => parseForkActivity,
|
|
79
77
|
parseInstallActivity: () => parseInstallActivity,
|
|
80
78
|
parseSignatureHeader: () => parseSignatureHeader,
|
|
81
|
-
setFederationLogLevel: () => setLogLevel,
|
|
82
|
-
setFederationLogger: () => setLogger,
|
|
83
79
|
signRequest: () => signRequest,
|
|
84
80
|
stCharacterToCCv3: () => stCharacterToCCv3,
|
|
85
81
|
validateBlockActivityFields: () => validateBlockActivity,
|
|
@@ -137,50 +133,6 @@ function generateUUID() {
|
|
|
137
133
|
}
|
|
138
134
|
|
|
139
135
|
// ../federation/dist/index.js
|
|
140
|
-
var LEVELS = {
|
|
141
|
-
silent: 0,
|
|
142
|
-
error: 1,
|
|
143
|
-
warn: 2,
|
|
144
|
-
info: 3,
|
|
145
|
-
debug: 4
|
|
146
|
-
};
|
|
147
|
-
var noop = () => {
|
|
148
|
-
};
|
|
149
|
-
function createConsoleLogger(level = "warn") {
|
|
150
|
-
const severity = LEVELS[level] ?? LEVELS.warn;
|
|
151
|
-
const hasConsole = typeof console !== "undefined";
|
|
152
|
-
const c = hasConsole ? console : void 0;
|
|
153
|
-
const debugImpl = c?.debug ? c.debug.bind(c) : c?.log ? c.log.bind(c) : noop;
|
|
154
|
-
const infoImpl = c?.info ? c.info.bind(c) : c?.log ? c.log.bind(c) : noop;
|
|
155
|
-
const warnImpl = c?.warn ? c.warn.bind(c) : c?.log ? c.log.bind(c) : noop;
|
|
156
|
-
const errorImpl = c?.error ? c.error.bind(c) : c?.log ? c.log.bind(c) : noop;
|
|
157
|
-
return {
|
|
158
|
-
debug: severity >= LEVELS.debug ? debugImpl : noop,
|
|
159
|
-
info: severity >= LEVELS.info ? infoImpl : noop,
|
|
160
|
-
warn: severity >= LEVELS.warn ? warnImpl : noop,
|
|
161
|
-
error: severity >= LEVELS.error ? errorImpl : noop
|
|
162
|
-
};
|
|
163
|
-
}
|
|
164
|
-
var federationLogger = createConsoleLogger("warn");
|
|
165
|
-
function getLogger() {
|
|
166
|
-
return federationLogger;
|
|
167
|
-
}
|
|
168
|
-
function setLogger(logger) {
|
|
169
|
-
federationLogger = logger;
|
|
170
|
-
}
|
|
171
|
-
function setLogLevel(level) {
|
|
172
|
-
federationLogger = createConsoleLogger(level);
|
|
173
|
-
}
|
|
174
|
-
function configureLogger(options) {
|
|
175
|
-
if (!options) return;
|
|
176
|
-
if (options.logger) {
|
|
177
|
-
setLogger(options.logger);
|
|
178
|
-
return;
|
|
179
|
-
}
|
|
180
|
-
if (options.logLevel) {
|
|
181
|
-
setLogLevel(options.logLevel);
|
|
182
|
-
}
|
|
183
|
-
}
|
|
184
136
|
var ACTIVITY_CONTEXT = [
|
|
185
137
|
"https://www.w3.org/ns/activitystreams",
|
|
186
138
|
{
|
|
@@ -539,7 +491,7 @@ var SyncEngine = class {
|
|
|
539
491
|
try {
|
|
540
492
|
listener(event);
|
|
541
493
|
} catch (err) {
|
|
542
|
-
|
|
494
|
+
console.error(`Event listener error:`, err);
|
|
543
495
|
}
|
|
544
496
|
}
|
|
545
497
|
}
|
|
@@ -1668,7 +1620,7 @@ var HttpPlatformAdapter = class extends BasePlatformAdapter {
|
|
|
1668
1620
|
const data = await response.json();
|
|
1669
1621
|
return this.config.transformers?.get ? this.config.transformers.get(data) : data;
|
|
1670
1622
|
} catch (err) {
|
|
1671
|
-
|
|
1623
|
+
console.error(`Failed to get card ${localId}:`, err);
|
|
1672
1624
|
return null;
|
|
1673
1625
|
}
|
|
1674
1626
|
}
|
|
@@ -2220,14 +2172,27 @@ function parseSignatureHeader(header) {
|
|
|
2220
2172
|
return {
|
|
2221
2173
|
keyId: params.keyId,
|
|
2222
2174
|
algorithm: params.algorithm || "rsa-sha256",
|
|
2223
|
-
headers: (params.headers || "(request-target) host date").
|
|
2175
|
+
headers: (params.headers || "(request-target) host date").split(" "),
|
|
2224
2176
|
signature: params.signature
|
|
2225
2177
|
};
|
|
2226
2178
|
}
|
|
2227
2179
|
function buildSigningString(method, path, headers, headerNames) {
|
|
2228
2180
|
const result = buildSigningStringStrict(method, path, headers, headerNames);
|
|
2229
2181
|
if (!result.success) {
|
|
2230
|
-
|
|
2182
|
+
console.warn(`[federation] Signature verification may fail: ${result.error}`);
|
|
2183
|
+
const lines = [];
|
|
2184
|
+
for (const name of headerNames) {
|
|
2185
|
+
if (name === "(request-target)") {
|
|
2186
|
+
lines.push(`(request-target): ${method.toLowerCase()} ${path}`);
|
|
2187
|
+
} else if (name === "(created)" || name === "(expires)") {
|
|
2188
|
+
} else {
|
|
2189
|
+
const value = headers.get(name);
|
|
2190
|
+
if (value !== null) {
|
|
2191
|
+
lines.push(`${name.toLowerCase()}: ${value}`);
|
|
2192
|
+
}
|
|
2193
|
+
}
|
|
2194
|
+
}
|
|
2195
|
+
return lines.join("\n");
|
|
2231
2196
|
}
|
|
2232
2197
|
return result.signingString;
|
|
2233
2198
|
}
|
|
@@ -2236,17 +2201,16 @@ function buildSigningStringStrict(method, path, headers, headerNames) {
|
|
|
2236
2201
|
const missingHeaders = [];
|
|
2237
2202
|
const syntheticHeaders = /* @__PURE__ */ new Set(["(request-target)", "(created)", "(expires)"]);
|
|
2238
2203
|
for (const name of headerNames) {
|
|
2239
|
-
|
|
2240
|
-
if (normalizedName === "(request-target)") {
|
|
2204
|
+
if (name === "(request-target)") {
|
|
2241
2205
|
lines.push(`(request-target): ${method.toLowerCase()} ${path}`);
|
|
2242
|
-
} else if (
|
|
2243
|
-
} else if (
|
|
2206
|
+
} else if (name === "(created)") {
|
|
2207
|
+
} else if (name === "(expires)") {
|
|
2244
2208
|
} else {
|
|
2245
|
-
const value = headers.get(
|
|
2209
|
+
const value = headers.get(name);
|
|
2246
2210
|
if (value !== null) {
|
|
2247
|
-
lines.push(`${
|
|
2248
|
-
} else if (!syntheticHeaders.has(
|
|
2249
|
-
missingHeaders.push(
|
|
2211
|
+
lines.push(`${name.toLowerCase()}: ${value}`);
|
|
2212
|
+
} else if (!syntheticHeaders.has(name)) {
|
|
2213
|
+
missingHeaders.push(name);
|
|
2250
2214
|
}
|
|
2251
2215
|
}
|
|
2252
2216
|
}
|
|
@@ -2267,7 +2231,7 @@ async function verifyHttpSignature(parsed, publicKeyPem, method, path, headers,
|
|
|
2267
2231
|
if (options.strictHeaders) {
|
|
2268
2232
|
const strictResult = buildSigningStringStrict(method, path, headers, parsed.headers);
|
|
2269
2233
|
if (!strictResult.success) {
|
|
2270
|
-
|
|
2234
|
+
console.warn(`[federation] Strict header verification failed: ${strictResult.error}`);
|
|
2271
2235
|
return false;
|
|
2272
2236
|
}
|
|
2273
2237
|
}
|
|
@@ -2287,7 +2251,7 @@ async function verifyHttpSignature(parsed, publicKeyPem, method, path, headers,
|
|
|
2287
2251
|
data
|
|
2288
2252
|
);
|
|
2289
2253
|
} catch (error) {
|
|
2290
|
-
|
|
2254
|
+
console.error("Signature verification failed:", error);
|
|
2291
2255
|
return false;
|
|
2292
2256
|
}
|
|
2293
2257
|
}
|
|
@@ -2425,7 +2389,7 @@ async function importPublicKey(pem) {
|
|
|
2425
2389
|
["verify"]
|
|
2426
2390
|
);
|
|
2427
2391
|
} catch (error) {
|
|
2428
|
-
|
|
2392
|
+
console.error("Failed to import public key:", error);
|
|
2429
2393
|
return null;
|
|
2430
2394
|
}
|
|
2431
2395
|
}
|
|
@@ -2441,7 +2405,7 @@ async function importPrivateKey(pem) {
|
|
|
2441
2405
|
["sign"]
|
|
2442
2406
|
);
|
|
2443
2407
|
} catch (error) {
|
|
2444
|
-
|
|
2408
|
+
console.error("Failed to import private key:", error);
|
|
2445
2409
|
return null;
|
|
2446
2410
|
}
|
|
2447
2411
|
}
|
|
@@ -2470,31 +2434,9 @@ function extractHostFromActorId(actorId) {
|
|
|
2470
2434
|
return null;
|
|
2471
2435
|
}
|
|
2472
2436
|
}
|
|
2473
|
-
function timingSafeEqualString(a, b) {
|
|
2474
|
-
let mismatch = a.length === b.length ? 0 : 1;
|
|
2475
|
-
const maxLen = Math.max(a.length, b.length);
|
|
2476
|
-
for (let i = 0; i < maxLen; i++) {
|
|
2477
|
-
const aCode = a.charCodeAt(i) || 0;
|
|
2478
|
-
const bCode = b.charCodeAt(i) || 0;
|
|
2479
|
-
mismatch |= aCode ^ bCode;
|
|
2480
|
-
}
|
|
2481
|
-
return mismatch === 0;
|
|
2482
|
-
}
|
|
2483
2437
|
async function handleInbox(body, headers, options) {
|
|
2484
2438
|
assertFederationEnabled("handleInbox");
|
|
2485
2439
|
try {
|
|
2486
|
-
const normalizedHeaders = headers instanceof Headers ? headers : new Headers(headers);
|
|
2487
|
-
const networkKey = typeof options.networkKey === "string" ? options.networkKey : void 0;
|
|
2488
|
-
const networkKeyHeader = options.networkKeyHeader ?? "X-Foundry-Network-Key";
|
|
2489
|
-
if (networkKey && networkKey.length > 0) {
|
|
2490
|
-
const provided = normalizedHeaders.get(networkKeyHeader);
|
|
2491
|
-
if (!provided || !timingSafeEqualString(provided, networkKey)) {
|
|
2492
|
-
return {
|
|
2493
|
-
accepted: false,
|
|
2494
|
-
error: "Unauthorized: invalid or missing network key"
|
|
2495
|
-
};
|
|
2496
|
-
}
|
|
2497
|
-
}
|
|
2498
2440
|
if (options.moderationStore) {
|
|
2499
2441
|
const actorId = typeof body === "object" && body !== null && "actor" in body ? String(body.actor) : null;
|
|
2500
2442
|
if (actorId) {
|
|
@@ -2517,7 +2459,7 @@ async function handleInbox(body, headers, options) {
|
|
|
2517
2459
|
};
|
|
2518
2460
|
}
|
|
2519
2461
|
if (options.strictMode) {
|
|
2520
|
-
const signatureHeader =
|
|
2462
|
+
const signatureHeader = headers instanceof Headers ? headers.get("signature") : headers["signature"] || headers["Signature"];
|
|
2521
2463
|
if (!signatureHeader) {
|
|
2522
2464
|
return {
|
|
2523
2465
|
accepted: false,
|
|
@@ -2531,15 +2473,6 @@ async function handleInbox(body, headers, options) {
|
|
|
2531
2473
|
error: "Invalid Signature header format"
|
|
2532
2474
|
};
|
|
2533
2475
|
}
|
|
2534
|
-
if (networkKey && networkKey.length > 0) {
|
|
2535
|
-
const requiredSigned = networkKeyHeader.toLowerCase();
|
|
2536
|
-
if (!parsedSig.headers.includes(requiredSigned)) {
|
|
2537
|
-
return {
|
|
2538
|
-
accepted: false,
|
|
2539
|
-
error: `Strict mode: signature missing required header: ${requiredSigned}`
|
|
2540
|
-
};
|
|
2541
|
-
}
|
|
2542
|
-
}
|
|
2543
2476
|
const missingSignedHeaders = REQUIRED_SIGNED_HEADERS.filter(
|
|
2544
2477
|
(h) => !parsedSig.headers.includes(h)
|
|
2545
2478
|
);
|
|
@@ -2549,14 +2482,14 @@ async function handleInbox(body, headers, options) {
|
|
|
2549
2482
|
error: `Strict mode: signature missing required headers: ${missingSignedHeaders.join(", ")}`
|
|
2550
2483
|
};
|
|
2551
2484
|
}
|
|
2552
|
-
const dateHeader =
|
|
2485
|
+
const dateHeader = headers instanceof Headers ? headers.get("date") : headers["date"] || headers["Date"];
|
|
2553
2486
|
if (!dateHeader) {
|
|
2554
2487
|
return {
|
|
2555
2488
|
accepted: false,
|
|
2556
2489
|
error: "Strict mode: Date header required"
|
|
2557
2490
|
};
|
|
2558
2491
|
}
|
|
2559
|
-
const hostHeader =
|
|
2492
|
+
const hostHeader = headers instanceof Headers ? headers.get("host") : headers["host"] || headers["Host"];
|
|
2560
2493
|
if (!hostHeader) {
|
|
2561
2494
|
return {
|
|
2562
2495
|
accepted: false,
|
|
@@ -2599,7 +2532,7 @@ async function handleInbox(body, headers, options) {
|
|
|
2599
2532
|
error: `Invalid key ID or actor URL`
|
|
2600
2533
|
};
|
|
2601
2534
|
}
|
|
2602
|
-
const digestHeader =
|
|
2535
|
+
const digestHeader = headers instanceof Headers ? headers.get("digest") : headers["digest"] || headers["Digest"];
|
|
2603
2536
|
if (digestHeader) {
|
|
2604
2537
|
if (!options.rawBody) {
|
|
2605
2538
|
return {
|
|
@@ -2630,13 +2563,13 @@ async function handleInbox(body, headers, options) {
|
|
|
2630
2563
|
}
|
|
2631
2564
|
const method = options.method || "POST";
|
|
2632
2565
|
const path = options.path || "/inbox";
|
|
2566
|
+
const normalizedHeaders = headers instanceof Headers ? headers : new Headers(headers);
|
|
2633
2567
|
const isValid = await verifyHttpSignature(
|
|
2634
2568
|
parsedSig,
|
|
2635
2569
|
actor.publicKey.publicKeyPem,
|
|
2636
2570
|
method,
|
|
2637
2571
|
path,
|
|
2638
|
-
normalizedHeaders
|
|
2639
|
-
{ strictHeaders: true }
|
|
2572
|
+
normalizedHeaders
|
|
2640
2573
|
);
|
|
2641
2574
|
if (!isValid) {
|
|
2642
2575
|
return {
|
|
@@ -3715,7 +3648,7 @@ var PolicyEngine = class {
|
|
|
3715
3648
|
if (!regex) {
|
|
3716
3649
|
const safetyWarning = checkRegexSafety(rule.pattern);
|
|
3717
3650
|
if (safetyWarning) {
|
|
3718
|
-
|
|
3651
|
+
console.warn(`[moderation] Rule "${rule.name}": ${safetyWarning}`);
|
|
3719
3652
|
}
|
|
3720
3653
|
try {
|
|
3721
3654
|
regex = new RegExp(rule.pattern, "i");
|
|
@@ -3955,12 +3888,11 @@ function getEnvVar(name) {
|
|
|
3955
3888
|
return void 0;
|
|
3956
3889
|
}
|
|
3957
3890
|
function enableFederation(options) {
|
|
3958
|
-
configureLogger(options);
|
|
3959
3891
|
explicitlyEnabled = true;
|
|
3960
3892
|
envCheckSkipped = options?.skipEnvCheck ?? false;
|
|
3961
3893
|
const nodeEnv = getEnvVar("NODE_ENV");
|
|
3962
3894
|
if (nodeEnv === "development" || nodeEnv === "test") {
|
|
3963
|
-
|
|
3895
|
+
console.warn(
|
|
3964
3896
|
"[character-foundry/federation] Federation enabled. WARNING: Verify HTTP signatures in production. Do NOT use in production with untrusted inputs without signature validation."
|
|
3965
3897
|
);
|
|
3966
3898
|
}
|