@evanp/activitypub-bot 0.28.4 → 0.28.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/activitypubclient.js +20 -2
  2. package/lib/httpsignature.js +5 -3
  3. package/lib/httpsignatureauthenticator.js +2 -0
  4. package/package.json +1 -1
package/lib/activitypubclient.js CHANGED
@@ -103,8 +103,26 @@ export class ActivityPubClient {
103
103
  if (res.status < 200 || res.status > 299) {
104
104
  throw createHttpError(res.status, `Could not fetch ${url}`)
105
105
  }
106
- const json = await res.json()
107
- const obj = await as2.import(json)
106
+ const contentType = res.headers.get('content-type')
107
+ const mimeType = contentType?.split(';')[0].trim()
108
+ if (mimeType !== 'application/json' && !mimeType.endsWith('+json')) {
109
+ this.#logger.warn({ mimeType, url }, 'Unexpected mime type')
110
+ throw new Error(`Got unexpected mime type ${mimeType} for URL ${url}`)
111
+ }
112
+ let json
113
+ try {
114
+ json = await res.json()
115
+ } catch (err) {
116
+ this.#logger.warn({ url }, 'Error parsing fetch results')
117
+ throw err
118
+ }
119
+ let obj
120
+ try {
121
+ obj = await as2.import(json)
122
+ } catch (err) {
123
+ this.#logger.warn({ url, json }, 'Error importing JSON as AS2')
124
+ throw err
125
+ }
108
126
  const resolved = (URL.parse(url).hash)
109
127
  ? this.#resolveObject(obj, url)
110
128
  : obj
package/lib/httpsignature.js CHANGED
@@ -176,11 +176,13 @@ export class HTTPSignature {
176
176
  }
177
177
 
178
178
  #parseSignatureHeader (signature) {
179
- const parts = signature.split(',')
179
+ const parts = signature.match(/\w+="[^"]*"/g)
180
180
  const params = {}
181
181
  for (const part of parts) {
182
- const [key, value] = part.split('=')
183
- params[key] = value.replace(/"/g, '')
182
+ const eq = part.indexOf('=')
183
+ const key = part.slice(0, eq)
184
+ const value = part.slice(eq + 2, -1)
185
+ params[key] = value
184
186
  }
185
187
  return params
186
188
  }
package/lib/httpsignatureauthenticator.js CHANGED
@@ -19,6 +19,7 @@ export class HTTPSignatureAuthenticator {
19
19
  // Just continue
20
20
  return next()
21
21
  }
22
+ this.#logger.debug({ signature }, 'Got signed request')
22
23
  const date = req.get('Date')
23
24
  if (!date) {
24
25
  return next(createHttpError(400, 'No date provided'))
@@ -48,6 +49,7 @@ export class HTTPSignatureAuthenticator {
48
49
  this.#logger.debug({ originalUrl }, 'original URL')
49
50
  try {
50
51
  const keyId = this.#signer.keyId(signature)
52
+ this.#logger.debug({ keyId }, 'Signed with keyId')
51
53
  const ok = await this.#remoteKeyStorage.getPublicKey(keyId)
52
54
  if (!ok) {
53
55
  throw createHttpError(400, 'public key not found')
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@evanp/activitypub-bot",
3
- "version": "0.28.4",
3
+ "version": "0.28.6",
4
4
  "description": "server-side ActivityPub bot framework",
5
5
  "type": "module",
6
6
  "main": "lib/index.js",