@evanp/activitypub-bot 0.38.1 → 0.38.3

package/lib/activitydeliverer.js

@@ -130,43 +130,43 @@ export class ActivityDeliverer {
     const recipients = this.getRecipients(activity)
 
     for (const recipient of recipients) {
-      this.#logger.debug(`Checking recipient ${recipient.id}`)
+      this.#logger.debug({ recipient: recipient.id }, 'Checking recipient')
       if (this.#isPublic(recipient)) {
-        this.#logger.debug(`Public recipient for ${activity.id}`)
+        this.#logger.debug({ activity: activity.id }, 'Public recipient')
         await this.deliverPublic(activity, bots)
       } else if (this.#isLocal(recipient)) {
-        this.#logger.debug(`Local recipient for ${activity.id}`)
+        this.#logger.debug({ activity: activity.id }, 'Local recipient')
         const parts = this.#formatter.unformat(recipient.id)
         if (this.#isLocalActor(parts)) {
-          this.#logger.debug(`Local actor ${recipient.id} for ${activity.id}`)
+          this.#logger.debug({ recipient: recipient.id, activity: activity.id }, 'Local actor recipient')
           await this.#deliverLocalActor(activity, recipient, bots, deliveredTo)
         } else if (this.#isLocalFollowersCollection(parts)) {
-          this.#logger.debug(`Local followers for ${parts.username} for ${activity.id}`)
+          this.#logger.debug({ username: parts.username, activity: activity.id }, 'Local followers recipient')
           await this.#deliverLocalFollowersCollection(activity, parts.username, bots, deliveredTo)
         } else if (this.#isLocalFollowingCollection(parts)) {
-          this.#logger.debug(`Local following for ${parts.username} for ${activity.id}`)
+          this.#logger.debug({ username: parts.username, activity: activity.id }, 'Local following recipient')
           await this.#deliverLocalFollowingCollection(activity, parts.username, bots, deliveredTo)
         } else {
           this.#logger.warn(
-            `Unrecognized recipient for remote delivery: ${recipient.id}`
+            { recipient: recipient.id }, 'Unrecognized recipient for remote delivery'
           )
         }
       } else {
         const fullActor = await this.#client.get(actor.id)
         const fullRecipient = await this.#client.get(recipient.id)
         if (await this.#isRemoteActor(fullRecipient)) {
-          this.#logger.warn(`Skipping remote actor ${recipient.id}`)
+          this.#logger.warn({ recipient: recipient.id }, 'Skipping remote actor')
         } else if (await this.#isRemoteFollowersCollection(fullActor, fullRecipient)) {
-          this.#logger.debug(`Remote followers for ${fullActor.id} for ${activity.id}`)
+          this.#logger.debug({ actor: fullActor.id, activity: activity.id }, 'Remote followers recipient')
           await this.#deliverRemoteFollowersCollection(activity, fullRecipient, fullActor, deliveredTo, bots)
         } else if (await this.#isRemoteFollowingCollection(fullActor, fullRecipient)) {
-          this.#logger.debug(`Remote following for ${fullActor.id} for ${activity.id}`)
+          this.#logger.debug({ actor: fullActor.id, activity: activity.id }, 'Remote following recipient')
           await this.#deliverRemoteFollowingCollection(activity, fullRecipient, fullActor, deliveredTo, bots)
         } else if (await this.#isRemoteCollection(fullRecipient)) {
-          this.#logger.debug(`Remote collection ${fullRecipient.id} for ${activity.id}`)
+          this.#logger.debug({ recipient: fullRecipient.id, activity: activity.id }, 'Remote collection recipient')
           await this.#deliverRemoteCollection(activity, fullRecipient, deliveredTo, bots)
         } else {
-          this.#logger.warn(`Unrecognized recipient: ${recipient.id}`)
+          this.#logger.warn({ recipient: recipient.id }, 'Unrecognized recipient')
         }
       }
     }
@@ -217,7 +217,7 @@ export class ActivityDeliverer {
     if (!deliveredTo.has(username)) {
       const bot = await BotMaker.makeBot(bots, username)
       if (!bot) {
-        this.#logger.warn(`sharedInbox direct delivery for unknown bot ${username}`)
+        this.#logger.warn({ username }, 'sharedInbox direct delivery for unknown bot')
       }
       await this.deliverTo(activity, bot)
       deliveredTo.add(username)
@@ -230,7 +230,7 @@ export class ActivityDeliverer {
       if (!deliveredTo.has(username)) {
         const bot = await BotMaker.makeBot(bots, username)
         if (!bot) {
-          this.#logger.warn(`sharedInbox direct delivery for unknown bot ${username}`)
+          this.#logger.warn({ username }, 'sharedInbox direct delivery for unknown bot')
           continue
         }
         await this.deliverTo(activity, bot)
@@ -245,7 +245,7 @@ export class ActivityDeliverer {
       if (!deliveredTo.has(username)) {
         const bot = await BotMaker.makeBot(bots, username)
         if (!bot) {
-          this.#logger.warn(`sharedInbox direct delivery for unknown bot ${username}`)
+          this.#logger.warn({ username }, 'sharedInbox direct delivery for unknown bot')
           continue
         }
         await this.deliverTo(activity, bot)
@@ -298,7 +298,7 @@ export class ActivityDeliverer {
       if (!deliveredTo.has(follower)) {
         const bot = await BotMaker.makeBot(bots, follower)
         if (!bot) {
-          this.#logger.warn(`sharedInbox delivery for unknown bot ${follower}`)
+          this.#logger.warn({ username: follower }, 'sharedInbox delivery for unknown bot')
           continue
         }
         await this.deliverTo(activity, bot)
@@ -315,7 +315,7 @@ export class ActivityDeliverer {
       if (!deliveredTo.has(followed)) {
         const bot = await BotMaker.makeBot(bots, followed)
         if (!bot) {
-          this.#logger.warn(`sharedInbox delivery for unknown bot ${followed}`)
+          this.#logger.warn({ username: followed }, 'sharedInbox delivery for unknown bot')
           continue
         }
         await this.deliverTo(activity, bot)
@@ -326,13 +326,13 @@ export class ActivityDeliverer {
 
   async #deliverRemoteCollection (activity, recipient, deliveredTo, bots) {
     for await (const item of this.#client.items(recipient.id)) {
-      this.#logger.debug(`item: ${JSON.stringify(item)}`)
+      this.#logger.debug({ item: item.id }, 'Remote collection item')
       if (this.#isLocal(item)) {
         const parts = this.#formatter.unformat(item.id)
         if (this.#isLocalActor(parts)) {
           const bot = await BotMaker.makeBot(bots, parts.username)
           if (!bot) {
-            this.#logger.warn(`sharedInbox delivery for unknown bot ${parts.username}`)
+            this.#logger.warn({ username: parts.username }, 'sharedInbox delivery for unknown bot')
             continue
           }
           await this.deliverTo(activity, bot)

package/lib/activityhandler.js

@@ -74,7 +74,7 @@ export class ActivityHandler {
       case AS2 + 'Block': await this.#handleBlock(bot, activity); break
       case AS2 + 'Flag': await this.#handleFlag(bot, activity); break
       default:
-        this.#logger.warn(`Unhandled activity type: ${activity.type}`)
+        this.#logger.warn({ type: activity.type }, 'Unhandled activity type')
     }
   }
 
@@ -655,7 +655,7 @@ export class ActivityHandler {
   async #handleFlag (bot, activity) {
     const actor = this.#getActor(activity)
     const object = this.#getObject(activity)
-    this.#logger.warn(`Actor ${actor.id} flagged object ${object.id} for review.`)
+    this.#logger.warn({ actor: actor.id, object: object.id }, 'Actor flagged object for review')
   }
 
   async #handleUndo (bot, undoActivity) {

package/lib/activitypubclient.js

@@ -128,7 +128,7 @@ export class ActivityPubClient {
     }
     this.#logger.debug({ headers }, 'Sending headers')
     const method = 'GET'
-    this.#logger.debug(`Signing GET request for ${baseUrl}`)
+    this.#logger.debug({ url: baseUrl }, 'Signing GET request')
     if (sign) {
       headers.signature =
         await this.#sign({ username, url: baseUrl, method, headers })
@@ -136,7 +136,7 @@ export class ActivityPubClient {
     const hostname = parsed.hostname
     this.#logger.debug({ url: baseUrl, hostname }, 'Waiting for rate limiter')
     await this.#limiter.limit(hostname)
-    this.#logger.debug(`Fetching ${baseUrl} with GET`)
+    this.#logger.debug({ url: baseUrl }, 'Fetching with GET')
     const res = await fetch(baseUrl,
       {
         method,
@@ -145,7 +145,7 @@ export class ActivityPubClient {
     )
     this.#logger.debug({ hostname, status: res.status }, 'response received')
     await this.#limiter.update(hostname, res.headers)
-    this.#logger.debug(`Finished getting ${url}`)
+    this.#logger.debug({ url }, 'Finished GET')
     if (useCache && res.status === 304) {
       this.#logger.debug({ baseUrl }, '304 Not Modified, returning cached object')
       return cached.object
@@ -217,12 +217,12 @@ export class ActivityPubClient {
     }
     const method = 'POST'
     assert.ok(headers)
-    this.#logger.debug(`Signing POST for ${url}`)
+    this.#logger.debug({ url }, 'Signing POST')
     headers.signature = await this.#sign({ username, url, method, headers })
     const hostname = (new URL(url)).hostname
     this.#logger.debug({ url, hostname }, 'Waiting for rate limiter')
     await this.#limiter.limit(hostname)
-    this.#logger.debug(`Fetching POST for ${url}`)
+    this.#logger.debug({ url }, 'Fetching POST')
     const res = await fetch(url,
       {
         method,
@@ -232,7 +232,7 @@ export class ActivityPubClient {
     )
     this.#logger.debug({ hostname }, 'updating limiter')
     await this.#limiter.update(hostname, res.headers)
-    this.#logger.debug(`Done fetching POST for ${url}`)
+    this.#logger.debug({ url }, 'Done fetching POST')
     if (res.status < 200 || res.status > 299) {
       throw createHttpError(
         res.status,
@@ -267,7 +267,7 @@ export class ActivityPubClient {
 
     const coll = await this.get(id, username)
 
-    this.#logger.debug(`Got object ${id}`)
+    this.#logger.debug({ id }, 'Got object')
 
     if (!this.#isCollection(coll)) {
       throw new Error(`Can only iterate over a collection: ${id}`)
@@ -277,17 +277,17 @@ export class ActivityPubClient {
 
     if (items) {
       for (const item of items) {
-        this.#logger.debug(`Yielding ${item.id}`)
+        this.#logger.debug({ id: item.id }, 'Yielding item')
         yield item
       }
     } else if (coll.first) {
       for (let page = coll.first; page; page = page.next) {
-        this.#logger.debug(`Getting page ${page.id}`)
+        this.#logger.debug({ id: page.id }, 'Getting page')
         page = await this.get(page.id)
         const items = (page.items) ? page.items : page.orderedItems
         if (items) {
           for (const item of items) {
-            this.#logger.debug(`Yielding ${item.id}`)
+            this.#logger.debug({ id: item.id }, 'Yielding item')
             yield item
           }
         }
@@ -321,14 +321,32 @@ export class ActivityPubClient {
     }
   }
 
-  #resolveObject (obj, url, visited = new Set()) {
+  #resolveObject (obj, url) {
+    const objects = this.#resolveAllObjects(obj, url)
+    assert.ok(objects)
+    switch (objects.length) {
+      case 0:
+        return null
+      case 1:
+        return objects[0]
+      default: {
+        // hack to prefer `CryptographicKey` if available
+        const key = objects.find(
+          obj => obj.type === 'https://w3id.org/security#Key'
+        )
+        return (key) || objects[0]
+      }
+    }
+  }
+
+  #resolveAllObjects (obj, url, visited = new Set(), results = []) {
     if (obj.id && obj.id === url) {
-      return obj
+      results.push(obj)
     }
 
     if (obj.id) {
       if (visited.has(obj.id)) {
-        return null
+        return results
       }
       visited.add(obj.id)
     }
@@ -344,13 +362,10 @@ export class ActivityPubClient {
 
       for (const item of val) {
         if (item instanceof as2.models.Base) {
-          const found = this.#resolveObject(item, url, visited)
-          if (found) {
-            return found
-          }
+          this.#resolveAllObjects(item, url, visited, results)
         }
       }
     }
-    return null
+    return results
   }
 }

package/lib/activitystreams.js

@@ -40,18 +40,254 @@ as2.registerContext('https://w3id.org/fep/5711', {
 
 as2.registerContext('https://w3id.org/security/v1', {
   '@context': {
+    id: '@id',
+    type: '@type',
+
+    dc: 'http://purl.org/dc/terms/',
     sec: 'https://w3id.org/security#',
+    xsd: 'http://www.w3.org/2001/XMLSchema#',
+
+    EcdsaKoblitzSignature2016: 'sec:EcdsaKoblitzSignature2016',
+    Ed25519Signature2018: 'sec:Ed25519Signature2018',
+    EncryptedMessage: 'sec:EncryptedMessage',
+    GraphSignature2012: 'sec:GraphSignature2012',
+    LinkedDataSignature2015: 'sec:LinkedDataSignature2015',
+    LinkedDataSignature2016: 'sec:LinkedDataSignature2016',
+    CryptographicKey: 'sec:Key',
+
+    authenticationTag: 'sec:authenticationTag',
+    canonicalizationAlgorithm: 'sec:canonicalizationAlgorithm',
+    cipherAlgorithm: 'sec:cipherAlgorithm',
+    cipherData: 'sec:cipherData',
+    cipherKey: 'sec:cipherKey',
+    created: { '@id': 'dc:created', '@type': 'xsd:dateTime' },
+    creator: { '@id': 'dc:creator', '@type': '@id' },
+    digestAlgorithm: 'sec:digestAlgorithm',
+    digestValue: 'sec:digestValue',
+    domain: 'sec:domain',
+    encryptionKey: 'sec:encryptionKey',
+    expiration: { '@id': 'sec:expiration', '@type': 'xsd:dateTime' },
+    expires: { '@id': 'sec:expiration', '@type': 'xsd:dateTime' },
+    initializationVector: 'sec:initializationVector',
+    iterationCount: 'sec:iterationCount',
+    nonce: 'sec:nonce',
+    normalizationAlgorithm: 'sec:normalizationAlgorithm',
+    owner: { '@id': 'sec:owner', '@type': '@id' },
+    password: 'sec:password',
+    privateKey: { '@id': 'sec:privateKey', '@type': '@id' },
+    privateKeyPem: 'sec:privateKeyPem',
+    publicKey: { '@id': 'sec:publicKey', '@type': '@id' },
+    publicKeyBase58: 'sec:publicKeyBase58',
+    publicKeyPem: 'sec:publicKeyPem',
+    publicKeyWif: 'sec:publicKeyWif',
+    publicKeyService: { '@id': 'sec:publicKeyService', '@type': '@id' },
+    revoked: { '@id': 'sec:revoked', '@type': 'xsd:dateTime' },
+    salt: 'sec:salt',
+    signature: 'sec:signature',
+    signatureAlgorithm: 'sec:signingAlgorithm',
+    signatureValue: 'sec:signatureValue'
+  }
+})
+
+as2.registerContext('https://w3id.org/security/data-integrity/v1', {
+  '@context': {
     id: '@id',
     type: '@type',
-    owner: {
-      '@id': 'sec:owner',
+    '@protected': true,
+    proof: {
+      '@id': 'https://w3id.org/security#proof',
+      '@type': '@id',
+      '@container': '@graph'
+    },
+    DataIntegrityProof: {
+      '@id': 'https://w3id.org/security#DataIntegrityProof',
+      '@context': {
+        '@protected': true,
+        id: '@id',
+        type: '@type',
+        challenge: 'https://w3id.org/security#challenge',
+        created: {
+          '@id': 'http://purl.org/dc/terms/created',
+          '@type': 'http://www.w3.org/2001/XMLSchema#dateTime'
+        },
+        domain: 'https://w3id.org/security#domain',
+        expires: {
+          '@id': 'https://w3id.org/security#expiration',
+          '@type': 'http://www.w3.org/2001/XMLSchema#dateTime'
+        },
+        nonce: 'https://w3id.org/security#nonce',
+        proofPurpose: {
+          '@id': 'https://w3id.org/security#proofPurpose',
+          '@type': '@vocab',
+          '@context': {
+            '@protected': true,
+            id: '@id',
+            type: '@type',
+            assertionMethod: {
+              '@id': 'https://w3id.org/security#assertionMethod',
+              '@type': '@id',
+              '@container': '@set'
+            },
+            authentication: {
+              '@id': 'https://w3id.org/security#authenticationMethod',
+              '@type': '@id',
+              '@container': '@set'
+            },
+            capabilityInvocation: {
+              '@id': 'https://w3id.org/security#capabilityInvocationMethod',
+              '@type': '@id',
+              '@container': '@set'
+            },
+            capabilityDelegation: {
+              '@id': 'https://w3id.org/security#capabilityDelegationMethod',
+              '@type': '@id',
+              '@container': '@set'
+            },
+            keyAgreement: {
+              '@id': 'https://w3id.org/security#keyAgreementMethod',
+              '@type': '@id',
+              '@container': '@set'
+            }
+          }
+        },
+        cryptosuite: 'https://w3id.org/security#cryptosuite',
+        proofValue: {
+          '@id': 'https://w3id.org/security#proofValue',
+          '@type': 'https://w3id.org/security#multibase'
+        },
+        verificationMethod: {
+          '@id': 'https://w3id.org/security#verificationMethod',
+          '@type': '@id'
+        }
+      }
+    }
+  }
+})
+
+as2.registerContext('https://www.w3.org/ns/did/v1', {
+  '@context': {
+    '@protected': true,
+    id: '@id',
+    type: '@type',
+    alsoKnownAs: {
+      '@id': 'https://www.w3.org/ns/activitystreams#alsoKnownAs',
       '@type': '@id'
     },
-    publicKey: {
-      '@id': 'sec:publicKey',
+    assertionMethod: {
+      '@id': 'https://w3id.org/security#assertionMethod',
+      '@type': '@id',
+      '@container': '@set'
+    },
+    authentication: {
+      '@id': 'https://w3id.org/security#authenticationMethod',
+      '@type': '@id',
+      '@container': '@set'
+    },
+    capabilityDelegation: {
+      '@id': 'https://w3id.org/security#capabilityDelegationMethod',
+      '@type': '@id',
+      '@container': '@set'
+    },
+    capabilityInvocation: {
+      '@id': 'https://w3id.org/security#capabilityInvocationMethod',
+      '@type': '@id',
+      '@container': '@set'
+    },
+    controller: {
+      '@id': 'https://w3id.org/security#controller',
       '@type': '@id'
     },
-    publicKeyPem: 'sec:publicKeyPem'
+    keyAgreement: {
+      '@id': 'https://w3id.org/security#keyAgreementMethod',
+      '@type': '@id',
+      '@container': '@set'
+    },
+    service: {
+      '@id': 'https://www.w3.org/ns/did#service',
+      '@type': '@id',
+      '@context': {
+        '@protected': true,
+        id: '@id',
+        type: '@type',
+        serviceEndpoint: {
+          '@id': 'https://www.w3.org/ns/did#serviceEndpoint',
+          '@type': '@id'
+        }
+      }
+    },
+    verificationMethod: {
+      '@id': 'https://w3id.org/security#verificationMethod',
+      '@type': '@id'
+    }
+  }
+})
+
+as2.registerContext('https://w3id.org/security/multikey/v1', {
+  '@context': {
+    id: '@id',
+    type: '@type',
+    '@protected': true,
+    Multikey: {
+      '@id': 'https://w3id.org/security#Multikey',
+      '@context': {
+        '@protected': true,
+        id: '@id',
+        type: '@type',
+        controller: {
+          '@id': 'https://w3id.org/security#controller',
+          '@type': '@id'
+        },
+        revoked: {
+          '@id': 'https://w3id.org/security#revoked',
+          '@type': 'http://www.w3.org/2001/XMLSchema#dateTime'
+        },
+        expires: {
+          '@id': 'https://w3id.org/security#expiration',
+          '@type': 'http://www.w3.org/2001/XMLSchema#dateTime'
+        },
+        publicKeyMultibase: {
+          '@id': 'https://w3id.org/security#publicKeyMultibase',
+          '@type': 'https://w3id.org/security#multibase'
+        },
+        secretKeyMultibase: {
+          '@id': 'https://w3id.org/security#secretKeyMultibase',
+          '@type': 'https://w3id.org/security#multibase'
+        }
+      }
+    }
+  }
+})
+
+as2.registerContext('https://gotosocial.org/ns', {
+  '@context': {
+    xsd: 'http://www.w3.org/2001/XMLSchema#',
+    gts: 'https://gotosocial.org/ns#',
+    LikeRequest: 'gts:LikeRequest',
+    ReplyRequest: 'gts:ReplyRequest',
+    AnnounceRequest: 'gts:AnnounceRequest',
+    QuoteRequest: 'gts:QuoteRequest',
+    LikeAuthorization: 'gts:LikeApproval',
+    ReplyAuthorization: 'gts:ReplyAuthorization',
+    AnnounceAuthorization: 'gts:AnnounceAuthorization',
+    QuoteAuthorization: 'gts:QuoteAuthorization',
+    likeAuthorization: { '@id': 'gts:likeAuthorization', '@type': '@id' },
+    replyAuthorization: { '@id': 'gts:replyAuthorization', '@type': '@id' },
+    announceAuthorization: { '@id': 'gts:announceAuthorization', '@type': '@id' },
+    quoteAuthorization: { '@id': 'gts:quoteAuthorization', '@type': '@id' },
+    interactingObject: { '@id': 'gts:interactingObject', '@type': '@id' },
+    interactionTarget: { '@id': 'gts:interactionTarget', '@type': '@id' },
+    interactionPolicy: { '@id': 'gts:interactionPolicy', '@type': '@id' },
+    canLike: { '@id': 'gts:canLike', '@type': '@id' },
+    canReply: { '@id': 'gts:canReply', '@type': '@id' },
+    canAnnounce: { '@id': 'gts:canAnnounce', '@type': '@id' },
+    canQuote: { '@id': 'gts:canQuote', '@type': '@id' },
+    automaticApproval: { '@id': 'gts:automaticApproval', '@type': '@id' },
+    manualApproval: { '@id': 'gts:manualApproval', '@type': '@id' },
+    hidesToPublicFromUnauthedWeb: { '@id': 'gts:hidesToPublicFromUnauthedWeb', '@type': 'xsd:boolean' },
+    hidesCcPublicFromUnauthedWeb: { '@id': 'gts:hidesCcPublicFromUnauthedWeb', '@type': 'xsd:boolean' },
+    always: { '@id': 'gts:always', '@type': '@id' },
+    approvalRequired: { '@id': 'gts:approvalRequired', '@type': '@id' },
+    approvedBy: { '@id': 'gts:approvedBy', '@type': '@id' }
   }
 })
 

package/lib/deliveryworker.js

@@ -54,8 +54,8 @@ export class DeliveryWorker extends Worker {
         'handler failed for activity'
       )
     }
-    this._logger.debug(`Adding ${activity.id} to ${bot.username} inbox`)
+    this._logger.debug({ activity: activity.id, bot: bot.username }, 'Adding to inbox')
     await this.#actorStorage.addToCollection(bot.username, 'inbox', activity)
-    this._logger.debug(`Done adding ${activity.id} to ${bot.username} inbox`)
+    this._logger.debug({ activity: activity.id, bot: bot.username }, 'Done adding to inbox')
   }
 }

package/lib/distributionworker.js

@@ -18,7 +18,7 @@ export class DistributionWorker extends Worker {
     const activityObj = await as2.import(activity)
     try {
       await this.#client.post(inbox, activityObj, username)
-      this._logger.info(`Delivered ${activity.id} to ${inbox}`)
+      this._logger.info({ activity: activity.id, inbox }, 'Delivered activity')
     } catch (error) {
       if (!error.status) {
         this._logger.warn(

package/lib/httpsignatureauthenticator.js

@@ -46,15 +46,15 @@ export class HTTPSignatureAuthenticator {
       parts = formatter.unformat(fullUrl)
     } catch (err) {
       // do nothing
-      this.#logger.debug({ fullUrl, err }, 'Could not unformat')
+      this.#logger.debug({ reqId: req.id, fullUrl, err }, 'Could not unformat')
     }
     if (parts && parts.username) {
-      this.#logger.debug({ username: parts.username }, 'Request for bot')
+      this.#logger.debug({ reqId: req.id, username: parts.username }, 'Request for bot')
       const bot = await BotMaker.makeBot(bots, parts.username)
       if (!bot) {
-        this.#logger.warn({ username: parts.username }, 'no such bot')
+        this.#logger.warn({ reqId: req.id, username: parts.username }, 'no such bot')
       } else if (!bot.checkSignature) {
-        this.#logger.debug({ username: parts.username }, 'bot says no sig')
+        this.#logger.debug({ reqId: req.id, username: parts.username }, 'bot says no sig')
         return next()
       }
     }
@@ -68,13 +68,13 @@ export class HTTPSignatureAuthenticator {
         await this.#authenticateSignature(signature, originalUrl, req, res, next)
       }
     } catch (err) {
-      this.#logger.debug({ err }, 'Error authenticating key')
+      this.#logger.debug({ reqId: req.id, err }, 'Error authenticating key')
       return next(err)
     }
   }
 
   async #authenticateSignature (signature, originalUrl, req, res, next) {
-    this.#logger.debug({ signature }, 'Got signed request')
+    this.#logger.debug({ reqId: req.id, signature }, 'Got signed request')
     const date = req.get('Date')
     if (!date) {
       throw createHttpError(400, 'No date provided')
@@ -90,14 +90,14 @@ export class HTTPSignatureAuthenticator {
       }
       const calculated = await this.#digester.digest(req.rawBodyText)
       if (!this.#digester.equals(digest, calculated)) {
-        this.#logger.debug(`calculated: ${calculated} digest: ${digest}`)
+        this.#logger.debug({ reqId: req.id, calculated, digest }, 'Digest mismatch')
         throw createHttpError(400, 'Digest mismatch')
       }
     }
     const { method, headers } = req
-    this.#logger.debug({ originalUrl }, 'original URL')
+    this.#logger.debug({ reqId: req.id, originalUrl }, 'original URL')
     const keyId = this.#signer.keyId(signature)
-    this.#logger.debug({ keyId }, 'Signed with keyId')
+    this.#logger.debug({ reqId: req.id, keyId }, 'Signed with keyId')
     const ok = await this.#remoteKeyStorage.getPublicKey(keyId)
     if (!ok) {
       throw createHttpError(400, 'public key not found')
@@ -105,22 +105,22 @@ export class HTTPSignatureAuthenticator {
     let owner = ok.owner
     let publicKeyPem = ok.publicKeyPem
     let result = await this.#signer.validate(publicKeyPem, signature, method, originalUrl, headers)
-    this.#logger.debug(`First validation result: ${result}`)
+    this.#logger.debug({ reqId: req.id, result }, 'First validation result')
     if (!result) {
       // May be key rotation. Try again with uncached key
       const ok2 = await this.#remoteKeyStorage.getPublicKey(keyId, false)
       if (ok2.publicKeyPem === ok.publicKeyPem) {
-        this.#logger.debug('same keys')
+        this.#logger.debug({ reqId: req.id }, 'same keys')
       } else {
-        this.#logger.debug('different keys')
+        this.#logger.debug({ reqId: req.id }, 'different keys')
         owner = ok2.owner
         publicKeyPem = ok2.publicKeyPem
         result = await this.#signer.validate(publicKeyPem, signature, method, originalUrl, headers)
-        this.#logger.debug(`Validation result: ${result}`)
+        this.#logger.debug({ reqId: req.id, result }, 'Validation result')
       }
     }
     if (result) {
-      this.#logger.debug(`Signature valid for ${keyId}`)
+      this.#logger.debug({ reqId: req.id, keyId }, 'Signature valid')
       req.auth = req.auth || {}
       req.auth.subject = owner
       return next()
@@ -131,7 +131,7 @@ export class HTTPSignatureAuthenticator {
 
   async #authenticateMessageSignature (signature, signatureInput, originalUrl, req, res, next) {
     this.#logger.debug(
-      { signature, signatureInput, originalUrl },
+      { reqId: req.id, signature, signatureInput, originalUrl },
       'authenticating message signature'
     )
     const date = req.get('Date')
@@ -146,7 +146,7 @@ export class HTTPSignatureAuthenticator {
       }
       const calculated = await this.#digester.contentDigest(req.rawBodyText)
       if (!this.#digester.equals(digest, calculated)) {
-        this.#logger.debug(`calculated: ${calculated} digest: ${digest}`)
+        this.#logger.debug({ reqId: req.id, calculated, digest }, 'Digest mismatch')
         throw createHttpError(400, 'Digest mismatch')
       }
     }
@@ -165,7 +165,7 @@ export class HTTPSignatureAuthenticator {
     if (!keyId) {
       throw createHttpError(400, 'no public key provided')
     }
-    this.#logger.debug({ keyId }, 'Signed with keyId')
+    this.#logger.debug({ reqId: req.id, keyId }, 'Signed with keyId')
     const ok = await this.#remoteKeyStorage.getPublicKey(keyId)
     if (!ok) {
       throw createHttpError(400, 'public key not found')
@@ -173,22 +173,22 @@ export class HTTPSignatureAuthenticator {
     let owner = ok.owner
     let publicKeyPem = ok.publicKeyPem
     let result = await this.#messageSigner.validate(publicKeyPem, signatureInput, signature, method, url, headers)
-    this.#logger.debug(`First validation result: ${result}`)
+    this.#logger.debug({ reqId: req.id, result }, 'First validation result')
     if (!result) {
       // May be key rotation. Try again with uncached key
       const ok2 = await this.#remoteKeyStorage.getPublicKey(keyId, false)
       if (ok2.publicKeyPem === ok.publicKeyPem) {
-        this.#logger.debug('same keys')
+        this.#logger.debug({ reqId: req.id }, 'same keys')
       } else {
-        this.#logger.debug('different keys')
+        this.#logger.debug({ reqId: req.id }, 'different keys')
         owner = ok2.owner
         publicKeyPem = ok2.publicKeyPem
         result = await this.#messageSigner.validate(publicKeyPem, signatureInput, signature, method, url, headers)
-        this.#logger.debug(`Validation result: ${result}`)
+        this.#logger.debug({ reqId: req.id, result }, 'Validation result')
       }
     }
     if (result) {
-      this.#logger.debug(`Signature valid for ${keyId}`)
+      this.#logger.debug({ reqId: req.id, keyId }, 'Signature valid')
       req.auth = req.auth || {}
       req.auth.subject = owner
       return next()

package/lib/routes/inbox.js

@@ -32,8 +32,8 @@ router.post('/user/:username/inbox', async (req, res, next) => {
   try {
     activity = await as2.import(req.body)
   } catch (err) {
-    logger.warn('Failed to import activity', err)
-    logger.debug('Request body', req.body)
+    logger.warn({ reqId: req.id, err }, 'Failed to import activity')
+    logger.debug({ reqId: req.id, body: req.body }, 'Request body')
     return next(createHttpError(400, 'Invalid request body'))
   }
 
@@ -67,7 +67,10 @@ router.post('/user/:username/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'Activity already delivered'))
   }
 
-  logger.info(`Activity ${activity.id} received at ${bot.username} inbox`)
+  logger.info(
+    { reqId: req.id, activity: activity.id, bot: bot.username },
+    'Activity received at bot inbox'
+  )
 
   await deliverer.deliverTo(activity, bot)
 

package/lib/routes/proxy.js

@@ -37,7 +37,7 @@ router.post('/shared/proxy', async (req, res, next) => {
   try {
     obj = await client.get(id)
   } catch (err) {
-    logger.warn({ err, id }, 'Error fetching object in proxy')
+    logger.warn({ reqId: req.id, err, id }, 'Error fetching object in proxy')
     return next(createHttpError(400, `Error fetching object ${id}`))
   }
 

package/lib/routes/sharedinbox.js

@@ -40,8 +40,8 @@ router.post('/shared/inbox', async (req, res, next) => {
   try {
     activity = await as2.import(req.body)
   } catch (err) {
-    logger.warn('Failed to import activity', err)
-    logger.debug('Request body', req.body)
+    logger.warn({ reqId: req.id, err }, 'Failed to import activity')
+    logger.debug({ reqId: req.id, body: req.body }, 'Request body')
     return next(createHttpError(400, 'Invalid request body'))
   }
 
@@ -67,7 +67,10 @@ router.post('/shared/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'No activity id found in activity'))
   }
 
-  logger.info(`Activity ${activity.id} received at shared inbox`)
+  logger.info(
+    { reqId: req.id, activity: activity.id },
+    'Activity received at shared inbox'
+  )
 
   await deliverer.intake(activity, subject)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evanp/activitypub-bot",
-  "version": "0.38.1",
+  "version": "0.38.3",
   "description": "server-side ActivityPub bot framework",
   "type": "module",
   "main": "lib/index.js",