@dwk/microsub 0.1.0-beta.0

package/dist/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAA2B,KAAK,MAAM,EAAE,KAAK,OAAO,EAAE,MAAM,UAAU,CAAC;AAE9E,OAAO,EAAkB,KAAK,SAAS,EAAE,MAAM,SAAS,CAAC;AAEzD,OAAO,EAAa,KAAK,QAAQ,EAAE,MAAM,OAAO,CAAC;AAGjD,sDAAsD;AACtD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,oFAAoF;AACpF,MAAM,WAAW,cAAc;IAC7B,6EAA6E;IAC7E,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,mDAAmD;IACnD,QAAQ,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,CAAC;CACvC;AAED,8BAA8B;AAC9B,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,QAAQ,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,CAAC;IACtC,0DAA0D;IAC1D,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAoGD;;;;GAIG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAmDhC;AAaD;;;;GAIG;AACH,wBAAsB,SAAS,CAC7B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,gBAAgB,EAC1B,KAAK,CAAC,EAAE;IAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GAC3D,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAuC7B"}

package/dist/discovery.js

@@ -0,0 +1,190 @@
+/**
+ * `@dwk/microsub` — feed discovery and fetching.
+ *
+ * `follow` and `preview` take a URL the user typed; the server must work out
+ * what to actually poll. {@link discoverFeed} fetches that URL (through the
+ * SSRF-safe wrapper), and:
+ *
+ * - if it is already a syndication feed (Atom / RSS / JSON Feed), parses it;
+ * - if it is HTML, looks for a `<link rel="alternate">` feed and follows the
+ *   first one; failing that, parses the page's own `h-feed` microformats.
+ *
+ * {@link fetchFeed} re-fetches an already-resolved feed URL on each poll,
+ * sending the cached `ETag` / `Last-Modified` so an unchanged feed returns `304`
+ * and is skipped. Every outbound request goes through {@link safeFetch}, and the
+ * body is read with a hard size cap.
+ *
+ * @packageDocumentation
+ */
+import { noopLogger, noopMetrics } from "@dwk/log";
+import { readTextCapped } from "./fetch";
+import { parseHFeed } from "./hfeed";
+import { parseFeed } from "./jf2";
+import { safeFetch } from "./safe-fetch";
+const FEED_ACCEPT = "application/atom+xml, application/rss+xml, application/feed+json, " +
+    "application/json, text/xml, application/xml, text/html;q=0.9, */*;q=0.8";
+/** Feed media types we recognise on a `Content-Type` or a `<link type>`. */
+function isFeedType(contentType) {
+    const essence = contentType.split(";")[0]?.trim().toLowerCase() ?? "";
+    return (essence === "application/atom+xml" ||
+        essence === "application/rss+xml" ||
+        essence === "application/feed+json" ||
+        essence === "application/json" ||
+        essence === "text/xml" ||
+        essence === "application/xml" ||
+        essence === "application/rdf+xml");
+}
+function isHtmlType(contentType) {
+    const essence = contentType.split(";")[0]?.trim().toLowerCase() ?? "";
+    return essence === "text/html" || essence === "application/xhtml+xml";
+}
+/** Collect `<link>` elements (rel/type/href) from an HTML document. */
+async function findFeedLinks(html, baseUrl) {
+    const links = [];
+    const rewriter = new HTMLRewriter().on("link", {
+        element(el) {
+            const href = el.getAttribute("href");
+            if (href === null || href === "")
+                return;
+            const rels = (el.getAttribute("rel") ?? "")
+                .toLowerCase()
+                .split(/\s+/)
+                .filter(Boolean);
+            const type = (el.getAttribute("type") ?? "").toLowerCase();
+            let resolved;
+            try {
+                resolved = new URL(href, baseUrl).toString();
+            }
+            catch {
+                return;
+            }
+            links.push({ rels, type, href: resolved });
+        },
+    });
+    await rewriter.transform(new Response(html)).text();
+    return links;
+}
+/** The first alternate feed `<link>` in document order, if any. */
+function pickFeedLink(links) {
+    for (const link of links) {
+        if (!link.rels.includes("alternate") && link.rels.length > 0)
+            continue;
+        if (link.type === "application/atom+xml" ||
+            link.type === "application/rss+xml" ||
+            link.type === "application/feed+json" ||
+            link.type === "application/json") {
+            return link;
+        }
+    }
+    return null;
+}
+/** Parse a fetched body into entries, choosing the parser by content type. */
+async function parseBody(body, contentType, url) {
+    if (isHtmlType(contentType)) {
+        return parseHFeed(body, url);
+    }
+    return parseFeed(body, contentType, url);
+}
+function resolveDeps(options) {
+    return {
+        doFetch: options?.fetch ?? ((input, init) => fetch(input, init)),
+        logger: options?.logger ?? noopLogger,
+        metrics: options?.metrics ?? noopMetrics,
+    };
+}
+/**
+ * Discover the feed at `target`. Returns the URL to poll plus the entries from
+ * this first fetch, or `null` when the target is unreachable, blocked, or has no
+ * feed and no `h-entry` content.
+ */
+export async function discoverFeed(target, options) {
+    const { doFetch, logger, metrics } = resolveDeps(options);
+    let response;
+    let finalUrl;
+    try {
+        const result = await safeFetch(doFetch, target, { method: "GET", headers: { accept: FEED_ACCEPT } }, { logger, metrics });
+        response = result.response;
+        finalUrl = result.url;
+    }
+    catch {
+        return null;
+    }
+    if (!response.ok)
+        return null;
+    const contentType = response.headers.get("content-type") ?? "";
+    const body = await readTextCapped(response);
+    if (body === null)
+        return null;
+    // A syndication feed: parse it directly.
+    if (isFeedType(contentType) ||
+        (!isHtmlType(contentType) && looksLikeFeedBody(body))) {
+        return {
+            feedUrl: finalUrl,
+            entries: parseFeed(body, contentType, finalUrl),
+        };
+    }
+    // HTML: prefer a declared alternate feed, else fall back to h-feed.
+    if (isHtmlType(contentType) || body.trimStart().startsWith("<")) {
+        const links = await findFeedLinks(body, finalUrl);
+        const feedLink = pickFeedLink(links);
+        if (feedLink !== null) {
+            const fetched = await fetchFeed(feedLink.href, options);
+            if (fetched !== null) {
+                return { feedUrl: feedLink.href, entries: fetched.entries };
+            }
+        }
+        const entries = await parseHFeed(body, finalUrl);
+        if (entries.length > 0) {
+            return { feedUrl: finalUrl, entries };
+        }
+    }
+    return null;
+}
+/** Cheap sniff for a feed root when the content type is unhelpful. */
+function looksLikeFeedBody(body) {
+    const head = body.trimStart().slice(0, 512).toLowerCase();
+    return (head.includes("<rss") ||
+        head.includes("<feed") ||
+        head.includes("<rdf:rdf") ||
+        (head.startsWith("{") && head.includes("jsonfeed.org")));
+}
+/**
+ * Fetch and parse an already-resolved feed URL, sending conditional-request
+ * validators when supplied. Returns `notModified` on a `304`, the parsed
+ * entries otherwise, or `null` when the fetch fails or is blocked.
+ */
+export async function fetchFeed(feedUrl, options, cache) {
+    const { doFetch, logger, metrics } = resolveDeps(options);
+    const headers = { accept: FEED_ACCEPT };
+    if (cache?.etag)
+        headers["if-none-match"] = cache.etag;
+    if (cache?.lastModified)
+        headers["if-modified-since"] = cache.lastModified;
+    let response;
+    let finalUrl;
+    try {
+        const result = await safeFetch(doFetch, feedUrl, { method: "GET", headers }, { logger, metrics });
+        response = result.response;
+        finalUrl = result.url;
+    }
+    catch {
+        return null;
+    }
+    const etag = response.headers.get("etag");
+    const lastModified = response.headers.get("last-modified");
+    if (response.status === 304) {
+        await response.body?.cancel().catch(() => undefined);
+        return { entries: [], notModified: true, etag, lastModified };
+    }
+    if (!response.ok) {
+        await response.body?.cancel().catch(() => undefined);
+        return null;
+    }
+    const contentType = response.headers.get("content-type") ?? "";
+    const body = await readTextCapped(response);
+    if (body === null)
+        return null;
+    const entries = await parseBody(body, contentType, finalUrl);
+    return { entries, notModified: false, etag, lastModified };
+}
+//# sourceMappingURL=discovery.js.map

package/dist/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAA6B,MAAM,UAAU,CAAC;AAE9E,OAAO,EAAE,cAAc,EAAkB,MAAM,SAAS,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,SAAS,EAAiB,MAAM,OAAO,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AA2BzC,MAAM,WAAW,GACf,oEAAoE;IACpE,yEAAyE,CAAC;AAE5E,4EAA4E;AAC5E,SAAS,UAAU,CAAC,WAAmB;IACrC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACtE,OAAO,CACL,OAAO,KAAK,sBAAsB;QAClC,OAAO,KAAK,qBAAqB;QACjC,OAAO,KAAK,uBAAuB;QACnC,OAAO,KAAK,kBAAkB;QAC9B,OAAO,KAAK,UAAU;QACtB,OAAO,KAAK,iBAAiB;QAC7B,OAAO,KAAK,qBAAqB,CAClC,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,WAAmB;IACrC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACtE,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,uBAAuB,CAAC;AACxE,CAAC;AASD,uEAAuE;AACvE,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,OAAe;IAEf,MAAM,KAAK,GAAe,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE;QAC7C,OAAO,CAAC,EAAE;YACR,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE;gBAAE,OAAO;YACzC,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;iBACxC,WAAW,EAAE;iBACb,KAAK,CAAC,KAAK,CAAC;iBACZ,MAAM,CAAC,OAAO,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3D,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7C,CAAC;KACF,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,mEAAmE;AACnE,SAAS,YAAY,CAAC,KAA0B;IAC9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QACvE,IACE,IAAI,CAAC,IAAI,KAAK,sBAAsB;YACpC,IAAI,CAAC,IAAI,KAAK,qBAAqB;YACnC,IAAI,CAAC,IAAI,KAAK,uBAAuB;YACrC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAChC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,KAAK,UAAU,SAAS,CACtB,IAAY,EACZ,WAAmB,EACnB,GAAW;IAEX,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,SAAS,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,WAAW,CAAC,OAA0B;IAK7C,OAAO;QACL,OAAO,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAChE,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,UAAU;QACrC,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,WAAW;KACzC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAc,EACd,OAA0B;IAE1B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAE1D,IAAI,QAAkB,CAAC;IACvB,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,OAAO,EACP,MAAM,EACN,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EACnD,EAAE,MAAM,EAAE,OAAO,EAAE,CACpB,CAAC;QACF,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC3B,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAE/B,yCAAyC;IACzC,IACE,UAAU,CAAC,WAAW,CAAC;QACvB,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,EACrD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,OAAO,EAAE,SAAS,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC;SAChD,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,IAAI,UAAU,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,OAAO,CACL,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QACzB,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CACxD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAe,EACf,OAA0B,EAC1B,KAA4D;IAE5D,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,OAAO,GAA2B,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAChE,IAAI,KAAK,EAAE,IAAI;QAAE,OAAO,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;IACvD,IAAI,KAAK,EAAE,YAAY;QAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC;IAE3E,IAAI,QAAkB,CAAC;IACvB,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,OAAO,EACP,OAAO,EACP,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,EAC1B,EAAE,MAAM,EAAE,OAAO,EAAE,CACpB,CAAC;QACF,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC3B,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAE3D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACrD,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC7D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;AAC7D,CAAC"}

package/dist/fetch.d.ts

@@ -0,0 +1,28 @@
+/**
+ * `@dwk/microsub` — injectable `fetch` type and a body-size-capped text reader.
+ *
+ * Discovery, polling, preview, and search all perform HTTP I/O against
+ * attacker-influenced URLs. They accept a {@link FetchLike} so callers can
+ * inject a stub in tests (no network) and so the package never reaches for a
+ * global it did not receive.
+ *
+ * @packageDocumentation
+ */
+/** A minimal, injectable `fetch` signature. */
+export type FetchLike = (input: string, init?: RequestInit) => Promise<Response>;
+/**
+ * Default cap on a fetched feed body (4 MB). A feed is modest; a larger body is
+ * almost certainly hostile or irrelevant, and buffering it would risk an OOM
+ * (the Worker memory limit is 128 MB). See `spec/non-functional-requirements.md`.
+ */
+export declare const MAX_BODY_BYTES: number;
+/**
+ * Read a response body as text, refusing bodies larger than `maxBytes`.
+ *
+ * A declared `Content-Length` over the cap is rejected up front; the stream is
+ * then read incrementally and aborted the moment the cap is exceeded, so a
+ * missing or lying `Content-Length` cannot force the whole body into memory.
+ * Returns `null` when the body is too large or cannot be read.
+ */
+export declare function readTextCapped(response: Response, maxBytes?: number): Promise<string | null>;
+//# sourceMappingURL=fetch.d.ts.map

package/dist/fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,+CAA+C;AAC/C,MAAM,MAAM,SAAS,GAAG,CACtB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,WAAW,KACf,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEvB;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAkB,CAAC;AAE9C;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,QAAQ,EAClB,QAAQ,SAAiB,GACxB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA8CxB"}

package/dist/fetch.js

@@ -0,0 +1,72 @@
+/**
+ * `@dwk/microsub` — injectable `fetch` type and a body-size-capped text reader.
+ *
+ * Discovery, polling, preview, and search all perform HTTP I/O against
+ * attacker-influenced URLs. They accept a {@link FetchLike} so callers can
+ * inject a stub in tests (no network) and so the package never reaches for a
+ * global it did not receive.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Default cap on a fetched feed body (4 MB). A feed is modest; a larger body is
+ * almost certainly hostile or irrelevant, and buffering it would risk an OOM
+ * (the Worker memory limit is 128 MB). See `spec/non-functional-requirements.md`.
+ */
+export const MAX_BODY_BYTES = 4 * 1024 * 1024;
+/**
+ * Read a response body as text, refusing bodies larger than `maxBytes`.
+ *
+ * A declared `Content-Length` over the cap is rejected up front; the stream is
+ * then read incrementally and aborted the moment the cap is exceeded, so a
+ * missing or lying `Content-Length` cannot force the whole body into memory.
+ * Returns `null` when the body is too large or cannot be read.
+ */
+export async function readTextCapped(response, maxBytes = MAX_BODY_BYTES) {
+    const declared = response.headers.get("content-length");
+    if (declared !== null) {
+        const length = Number.parseInt(declared, 10);
+        if (Number.isFinite(length) && length > maxBytes) {
+            return null;
+        }
+    }
+    const body = response.body;
+    if (body === null) {
+        try {
+            const text = await response.text();
+            return text.length > maxBytes ? null : text;
+        }
+        catch {
+            return null;
+        }
+    }
+    const reader = body.getReader();
+    const chunks = [];
+    let total = 0;
+    try {
+        for (;;) {
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            if (value !== undefined) {
+                total += value.byteLength;
+                if (total > maxBytes) {
+                    await reader.cancel();
+                    return null;
+                }
+                chunks.push(value);
+            }
+        }
+    }
+    catch {
+        return null;
+    }
+    const merged = new Uint8Array(total);
+    let offset = 0;
+    for (const chunk of chunks) {
+        merged.set(chunk, offset);
+        offset += chunk.byteLength;
+    }
+    return new TextDecoder("utf-8").decode(merged);
+}
+//# sourceMappingURL=fetch.js.map

package/dist/fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAE9C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAkB,EAClB,QAAQ,GAAG,cAAc;IAEzB,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACxD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC3B,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IAChC,MAAM,MAAM,GAAiB,EAAE,CAAC;IAChC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC;QACH,SAAS,CAAC;YACR,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI;gBAAE,MAAM;YAChB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC;gBAC1B,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;oBACrB,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC;IAC7B,CAAC;IACD,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC"}

package/dist/handler.d.ts

@@ -0,0 +1,24 @@
+/**
+ * The Microsub fetch handler: a single endpoint whose `action` (and `method`)
+ * parameters select the operation — channel management, following, the JF2
+ * timeline, search, and preview — wired to the D1 store and `@dwk/indieauth`
+ * token validation. Routing matches the request pathname against the configured
+ * endpoint path, so the handler is mountable under any prefix.
+ *
+ * The read path serves stored entries only; it never fetches a source inline.
+ * Following a feed discovers it, populates the timeline from the discovery
+ * fetch, and enqueues a poll job so the feed's poll cache is primed.
+ *
+ * @packageDocumentation
+ */
+import type { ExecutionContext } from "@cloudflare/workers-types";
+import { type MicrosubConfig, type MicrosubEnv } from "./config";
+/** A `fetch`-compatible Worker handler. */
+export type MicrosubHandler = (request: Request, env: MicrosubEnv, ctx: ExecutionContext) => Promise<Response>;
+/**
+ * Create the Microsub handler. The returned handler routes by pathname against
+ * the configured endpoint URL, so it is mountable under any path prefix, then
+ * dispatches on the `action` (and `method`) parameters.
+ */
+export declare function createMicrosub(config: MicrosubConfig): MicrosubHandler;
+//# sourceMappingURL=handler.d.ts.map

package/dist/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../src/handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAQlE,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,WAAW,EAEjB,MAAM,UAAU,CAAC;AAUlB,2CAA2C;AAC3C,MAAM,MAAM,eAAe,GAAG,CAC5B,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,WAAW,EAChB,GAAG,EAAE,gBAAgB,KAClB,OAAO,CAAC,QAAQ,CAAC,CAAC;AAyevB;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,eAAe,CAyDtE"}