@evanp/activitypub-bot 0.12.1 → 0.13.1

package/tests/fixtures/provincebotfactory.js

@@ -1,53 +0,0 @@
-import BotFactory from '../../lib/botfactory.js'
-import Bot from '../../lib/bot.js'
-
-class ProvinceBot extends Bot {
-  #name
-  #type
-
-  constructor (username, name, type) {
-    super(username)
-    this.#name = name
-    this.#type = type
-  }
-
-  get fullname () {
-    return this.#name
-  }
-
-  get description () {
-    return `The ${this.#type} of ${this.#name}`
-  }
-}
-
-export default class ProvinceBotFactory extends BotFactory {
-  static #provinces = {
-    ab: ['Alberta', 'province'],
-    on: ['Ontario', 'province'],
-    qc: ['Quebec', 'province'],
-    bc: ['British Columbia', 'province'],
-    mb: ['Manitoba', 'province'],
-    sk: ['Saskatchewan', 'province'],
-    nb: ['New Brunswick', 'province'],
-    ns: ['Nova Scotia', 'province'],
-    pe: ['Prince Edward Island', 'province'],
-    nl: ['Newfoundland and Labrador', 'province'],
-    nu: ['Nunavut', 'territory'],
-    nt: ['Northwest Territories', 'territory'],
-    yt: ['Yukon', 'territory']
-  }
-
-  async canCreate (username) {
-    return (username in ProvinceBotFactory.#provinces)
-  }
-
-  async create (username) {
-    if (!(username in ProvinceBotFactory.#provinces)) {
-      throw new Error(`cannot create a bot with username ${username}`)
-    }
-    const [name, type] = ProvinceBotFactory.#provinces[username]
-    const bot = new ProvinceBot(username, name, type)
-    await bot.initialize(await this._context.duplicate(username))
-    return bot
-  }
-}

package/tests/httpsignature.test.js

@@ -1,199 +0,0 @@
-import { describe, before, after, it } from 'node:test'
-import assert from 'node:assert'
-import { Sequelize } from 'sequelize'
-import { nockSetup, nockSignature, nockKeyRotate, getPublicKey, getPrivateKey, nockFormat } from './utils/nock.js'
-import { HTTPSignature } from '../lib/httpsignature.js'
-import Logger from 'pino'
-import { Digester } from '../lib/digester.js'
-import { runMigrations } from '../lib/migrations/index.js'
-
-describe('HTTPSignature', async () => {
-  const domain = 'activitypubbot.example'
-  const origin = `https://${domain}`
-  let connection = null
-  let httpSignature = null
-  let logger = null
-  let digester = null
-  before(async () => {
-    logger = Logger({
-      level: 'silent'
-    })
-    connection = new Sequelize({ dialect: 'sqlite', storage: ':memory:', logging: false })
-    await connection.authenticate()
-    await runMigrations(connection)
-    nockSetup('social.example')
-    digester = new Digester(logger)
-  })
-
-  after(async () => {
-    await connection.close()
-    digester = null
-  })
-
-  it('can initialize', async () => {
-    httpSignature = new HTTPSignature(logger)
-    assert.ok(httpSignature)
-  })
-
-  it('can validate a signature', async () => {
-    const username = 'test'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const publicKeyPem = await getPublicKey(username)
-    const method = 'GET'
-    const path = '/user/ok/outbox'
-    const result = await httpSignature.validate(publicKeyPem, signature, method, path, headers)
-    assert.ok(result)
-  })
-
-  it('can validate a signature on an URL with parameters', async () => {
-    const username = 'test'
-    const lname = 'ok'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/.well-known/webfinger?resource=acct:${lname}@${domain}`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const publicKeyPem = await getPublicKey(username)
-    const method = 'GET'
-    const path = `/.well-known/webfinger?resource=acct:${lname}@${domain}`
-    const result = await httpSignature.validate(publicKeyPem, signature, method, path, headers)
-    assert.ok(result)
-  })
-
-  it('can handle key rotation', async () => {
-    const username = 'rotate'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const publicKeyPem = await getPublicKey(username)
-    const method = 'GET'
-    const path = '/user/ok/outbox'
-    await httpSignature.validate(publicKeyPem, signature, method, path, headers)
-    await nockKeyRotate(username)
-    const signature2 = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers2 = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const publicKeyPem2 = await getPublicKey(username)
-    assert.notStrictEqual(publicKeyPem, publicKeyPem2)
-    const result2 = await httpSignature.validate(publicKeyPem2, signature2, method, path, headers2)
-    assert.ok(result2)
-  })
-
-  it('can sign a GET request', async () => {
-    const date = new Date().toUTCString()
-    const headers = {
-      Date: date,
-      Host: URL.parse(origin).host,
-      'X-Unused-Header': 'test',
-      Accept: 'application/activity+json',
-      'User-Agent': 'activitypubbot-test/0.0.1'
-    }
-    const privateKey = await getPrivateKey('test')
-    const method = 'GET'
-    const url = nockFormat({ username: 'test', obj: 'outbox' })
-    const keyId = nockFormat({ username: 'test', key: true })
-    const signature = await httpSignature.sign({ privateKey, keyId, url, method, headers })
-    assert.ok(signature)
-    assert.match(signature, /^keyId="https:\/\/social\.example\/user\/test\/publickey",headers="\(request-target\) host date user-agent accept",signature=".*",algorithm="rsa-sha256"$/)
-  })
-
-  it('can sign a POST request', async () => {
-    const body = JSON.stringify({
-      '@context': 'https://www.w3.org/ns/activitystreams',
-      type: 'Create',
-      actor: nockFormat({ username: 'test' }),
-      object: nockFormat({ username: 'test', obj: 'note', num: 1 })
-    })
-    const headers = {
-      date: new Date().toUTCString(),
-      host: URL.parse(origin).host,
-      digest: await digester.digest(body),
-      'content-type': 'application/activity+json',
-      'User-Agent': 'activitypubbot-test/0.0.1'
-    }
-    const privateKey = await getPrivateKey('test')
-    const method = 'POST'
-    const url = nockFormat({ username: 'test', obj: 'outbox' })
-    const keyId = nockFormat({ username: 'test', key: true })
-    const signature = await httpSignature.sign({ privateKey, keyId, url, method, headers })
-    assert.ok(signature)
-    assert.match(signature, /^keyId="https:\/\/social\.example\/user\/test\/publickey",headers="\(request-target\) host date user-agent content-type digest",signature=".*",algorithm="rsa-sha256"$/)
-  })
-
-  it('errors if required GET headers not present', async () => {
-    const date = new Date().toUTCString()
-    const headers = {
-      Date: date,
-      Host: URL.parse(origin).host,
-      'User-Agent': 'activitypubbot-test/0.0.1'
-    }
-    const privateKey = await getPrivateKey('test')
-    const method = 'GET'
-    const url = nockFormat({ username: 'test', obj: 'outbox' })
-    const keyId = nockFormat({ username: 'test', key: true })
-    try {
-      await httpSignature.sign({ privateKey, keyId, url, method, headers })
-      assert.fail('Expected error not thrown')
-    } catch (err) {
-      assert.equal(err.name, 'Error')
-      assert.equal(err.message, 'Missing header: accept')
-    }
-  })
-
-  it('errors if required POST headers not present', async () => {
-    const body = JSON.stringify({
-      '@context': 'https://www.w3.org/ns/activitystreams',
-      type: 'Create',
-      actor: nockFormat({ username: 'test' }),
-      object: nockFormat({ username: 'test', obj: 'note', num: 1 })
-    })
-    const headers = {
-      date: new Date().toUTCString(),
-      host: URL.parse(origin).host,
-      digest: await digester.digest(body),
-      'User-Agent': 'activitypubbot-test/0.0.1'
-    }
-    const privateKey = await getPrivateKey('test')
-    const method = 'POST'
-    const url = nockFormat({ username: 'test', obj: 'outbox' })
-    const keyId = nockFormat({ username: 'test', key: true })
-    try {
-      await httpSignature.sign({ privateKey, keyId, url, method, headers })
-      assert.fail('Expected error not thrown')
-    } catch (err) {
-      assert.equal(err.name, 'Error')
-      assert.equal(err.message, 'Missing header: content-type')
-    }
-  })
-})

package/tests/httpsignatureauthenticator.test.js

@@ -1,463 +0,0 @@
-import { describe, before, after, it } from 'node:test'
-import assert from 'node:assert'
-import { Sequelize } from 'sequelize'
-import { KeyStorage } from '../lib/keystorage.js'
-import { nockSetup, nockSignature, nockKeyRotate, nockFormat } from './utils/nock.js'
-import { HTTPSignature } from '../lib/httpsignature.js'
-import { HTTPSignatureAuthenticator } from '../lib/httpsignatureauthenticator.js'
-import Logger from 'pino'
-import { Digester } from '../lib/digester.js'
-import { RemoteKeyStorage } from '../lib/remotekeystorage.js'
-import { ActivityPubClient } from '../lib/activitypubclient.js'
-import { UrlFormatter } from '../lib/urlformatter.js'
-import as2 from '../lib/activitystreams.js'
-import { runMigrations } from '../lib/migrations/index.js'
-
-describe('HTTPSignatureAuthenticator', async () => {
-  const domain = 'activitypubbot.example'
-  const origin = `https://${domain}`
-  let authenticator = null
-  let logger = null
-  let signer = null
-  let digester = null
-  let remoteKeyStorage = null
-  let connection = null
-  const next = (err) => {
-    if (err) {
-      assert.fail(`Failed to authenticate: ${err.message}`)
-    } else {
-      assert.ok(true, 'Authenticated successfully')
-    }
-  }
-  const failNext = (err) => {
-    if (err) {
-      assert.ok(true, 'Failed successfully')
-    } else {
-      assert.fail('Passed through an incorrect request')
-    }
-  }
-  before(async () => {
-    logger = Logger({
-      level: 'silent'
-    })
-    connection = new Sequelize({ dialect: 'sqlite', storage: ':memory:', logging: false })
-    await connection.authenticate()
-    await runMigrations(connection)
-    signer = new HTTPSignature(logger)
-    digester = new Digester(logger)
-    const formatter = new UrlFormatter(origin)
-    const keyStorage = new KeyStorage(connection, logger)
-    const client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)
-    remoteKeyStorage = new RemoteKeyStorage(client, connection, logger)
-    nockSetup('social.example')
-  })
-
-  after(async () => {
-    await connection.close()
-    authenticator = null
-    digester = null
-    signer = null
-    remoteKeyStorage = null
-  })
-
-  it('can initialize', async () => {
-    authenticator = new HTTPSignatureAuthenticator(
-      remoteKeyStorage,
-      signer,
-      digester,
-      logger)
-  })
-
-  it('can authenticate a valid GET request', async () => {
-    const username = 'test'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, next)
-  })
-
-  it('can authenticate a valid GET request with parameters', async () => {
-    const lname = 'ok'
-    const username = 'test'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/.well-known/webfinger?resource=acct:${lname}@${domain}`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = `/.well-known/webfinger?resource=acct:${lname}@${domain}`
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, next)
-  })
-
-  it('can authenticate a valid GET request after key rotation', async () => {
-    const username = 'test2'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, next)
-    await nockKeyRotate(username)
-    const date2 = new Date().toUTCString()
-    const signature2 = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date: date2,
-      username
-    })
-    const headers2 = {
-      date: date2,
-      signature: signature2,
-      host: URL.parse(origin).host
-    }
-    const req2 = {
-      headers: headers2,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req2, res, next)
-  })
-
-  it('can authenticate a valid POST request', async () => {
-    const username = 'test3'
-    const type = 'Activity'
-    const activity = await as2.import({
-      id: nockFormat({ username, type }),
-      type
-    })
-    const rawBodyText = await activity.write()
-    const digest = await digester.digest(rawBodyText)
-    const date = new Date().toUTCString()
-    const method = 'POST'
-    const originalUrl = '/user/ok/inbox'
-    const signature = await nockSignature({
-      username,
-      url: `${origin}${originalUrl}`,
-      date,
-      digest,
-      method
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host,
-      digest
-    }
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      },
-      rawBodyText
-    }
-    await authenticator.authenticate(req, res, next)
-  })
-
-  it('skips a request that is not signed', async () => {
-    const date = new Date().toUTCString()
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const headers = {
-      date,
-      host: URL.parse(origin).host
-    }
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, next)
-  })
-
-  it('can refuse a request signed with the wrong key', async () => {
-    const username = 'test'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, next)
-  })
-
-  it('can refuse a request with a bad digest', async () => {
-    const username = 'test3'
-    const type = 'Activity'
-    const activity = await as2.import({
-      id: nockFormat({ username, type }),
-      type
-    })
-    const rawBodyText = await activity.write()
-    const digest = await digester.digest('This does not match the rawBodyText')
-    const date = new Date().toUTCString()
-    const method = 'POST'
-    const originalUrl = '/user/ok/inbox'
-    const signature = await nockSignature({
-      username,
-      url: `${origin}${originalUrl}`,
-      date,
-      digest,
-      method
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host,
-      digest
-    }
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      },
-      rawBodyText
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-
-  it('can refuse a request with a missing digest', async () => {
-    const username = 'test3'
-    const type = 'Activity'
-    const activity = await as2.import({
-      id: nockFormat({ username, type }),
-      type
-    })
-    const rawBodyText = await activity.write()
-    const date = new Date().toUTCString()
-    const method = 'POST'
-    const originalUrl = '/user/ok/inbox'
-    const signature = await nockSignature({
-      username,
-      url: `${origin}${originalUrl}`,
-      date,
-      method
-    })
-    const headers = {
-      date,
-      signature,
-      host: URL.parse(origin).host
-    }
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      },
-      rawBodyText
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-
-  it('can refuse a request with a missing date', async () => {
-    const username = 'test'
-    const date = new Date().toUTCString()
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-
-  it('can refuse a request with a badly formatted date', async () => {
-    const username = 'test'
-    const date = '3 Prairial CCXXXIII 14:00:35'
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-
-  it('can refuse a request with a past date outside of the skew window', async () => {
-    const username = 'test'
-    // 10 days ago
-    const date = (new Date(Date.now() - 10 * 24 * 60 * 60 * 1000)).toUTCString()
-    logger.debug(date)
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-
-  it('can refuse a request with a future date outside of the skew window', async () => {
-    const username = 'test'
-    // 10 days ago
-    const date = (new Date(Date.now() + 10 * 24 * 60 * 60 * 1000)).toUTCString()
-    logger.debug(date)
-    const signature = await nockSignature({
-      url: `${origin}/user/ok/outbox`,
-      date,
-      username
-    })
-    const headers = {
-      signature,
-      host: URL.parse(origin).host
-    }
-    const method = 'GET'
-    const originalUrl = '/user/ok/outbox'
-    const res = {
-
-    }
-    const req = {
-      headers,
-      originalUrl,
-      method,
-      get: function (name) {
-        return this.headers[name.toLowerCase()]
-      }
-    }
-    await authenticator.authenticate(req, res, failNext)
-  })
-})