@evanp/activitypub-bot 0.39.1 → 0.39.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/activitypubclient.js +17 -5
  2. package/package.json +1 -1
package/lib/activitypubclient.js CHANGED
@@ -272,23 +272,32 @@ export class ActivityPubClient {
272
272
  const json = await obj.export()
273
273
  this.#fixupJson(json)
274
274
  const body = JSON.stringify(json)
275
- const headers = {
275
+ const digest = await this.#digester.digest(body)
276
+ const contentDigest = await this.#digester.contentDigest(body)
277
+ const baseHeaders = {
276
278
  date: new Date().toUTCString(),
277
279
  'user-agent': ActivityPubClient.#userAgent,
278
- 'content-type': 'application/activity+json',
279
- digest: await this.#digester.digest(body)
280
+ 'content-type': 'application/activity+json'
280
281
  }
281
282
  const method = 'POST'
282
- assert.ok(headers)
283
+ let headers
283
284
  this.#logger.debug({ url }, 'Signing POST')
284
285
  let lastPolicy
285
286
  const storedPolicy = await this.#policyStorage.get(parsed.origin)
286
287
  if (!storedPolicy || storedPolicy === SignaturePolicyStorage.RFC9421) {
287
288
  lastPolicy = SignaturePolicyStorage.RFC9421
289
+ headers = {
290
+ ...baseHeaders,
291
+ 'content-digest': contentDigest
292
+ }
288
293
  const sigHeaders = await this.#messageSign({ username, url, method, headers })
289
294
  Object.assign(headers, sigHeaders || {})
290
295
  } else if (storedPolicy === SignaturePolicyStorage.DRAFT_CAVAGE_12) {
291
296
  lastPolicy = SignaturePolicyStorage.DRAFT_CAVAGE_12
297
+ headers = {
298
+ ...baseHeaders,
299
+ digest
300
+ }
292
301
  headers.signature =
293
302
  await this.#sign({ username, url, method, headers })
294
303
  } else {
@@ -307,7 +316,10 @@ export class ActivityPubClient {
307
316
  )
308
317
  if ([401, 403].includes(res.status) && !storedPolicy) {
309
318
  lastPolicy = SignaturePolicyStorage.DRAFT_CAVAGE_12
310
- delete headers['signature-input']
319
+ headers = {
320
+ ...baseHeaders,
321
+ digest
322
+ }
311
323
  headers.signature =
312
324
  await this.#sign({ username, url, method, headers })
313
325
  res = await fetch(url,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@evanp/activitypub-bot",
3
- "version": "0.39.1",
3
+ "version": "0.39.2",
4
4
  "description": "server-side ActivityPub bot framework",
5
5
  "type": "module",
6
6
  "main": "lib/index.js",