@evanp/activitypub-bot 0.43.1 → 0.43.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/lib/activitypubclient.js +10 -10
- package/lib/digester.js +2 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -9,6 +9,23 @@ and this project adheres to
|
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
11
|
|
|
12
|
+
## [0.43.3] - 2026-04-22
|
|
13
|
+
|
|
14
|
+
- `Digest:` header uses uppercase name for algorithm. It's supposed to be
|
|
15
|
+
case-insensitive per RFC 3230, but some software compares it case-sensitive
|
|
16
|
+
against uppercase.
|
|
17
|
+
|
|
18
|
+
## [0.43.2] - 2026-04-22
|
|
19
|
+
|
|
20
|
+
### Fixed
|
|
21
|
+
|
|
22
|
+
- `ActivityPubClient.post()` now re-sends the original activity JSON when
|
|
23
|
+
falling back from RFC 9421 to draft-cavage-12. A variable-shadowing bug
|
|
24
|
+
caused the retry to POST the error response body from the failed RFC 9421
|
|
25
|
+
attempt (e.g. `{"error":"missing signature header"}`) instead of the
|
|
26
|
+
original activity, which remote servers then rejected with `400 "no actor
|
|
27
|
+
in message"`.
|
|
28
|
+
|
|
12
29
|
## [0.43.1] - 2026-04-22
|
|
13
30
|
|
|
14
31
|
### Fixed
|
package/lib/activitypubclient.js
CHANGED
|
@@ -208,9 +208,9 @@ export class ActivityPubClient {
|
|
|
208
208
|
if ([400, 401, 403].includes(res.status) &&
|
|
209
209
|
sign &&
|
|
210
210
|
lastPolicy === SignaturePolicyStorage.RFC9421) {
|
|
211
|
-
const
|
|
211
|
+
const errBody = await res.text()
|
|
212
212
|
this.#logger.debug(
|
|
213
|
-
{ url, status: res.status, body, headers: res.headers },
|
|
213
|
+
{ url, status: res.status, body: errBody, headers: res.headers },
|
|
214
214
|
'Authentication error; retrying with draft-cavage-12 signature')
|
|
215
215
|
lastPolicy = SignaturePolicyStorage.DRAFT_CAVAGE_12
|
|
216
216
|
delete headers['signature-input']
|
|
@@ -230,15 +230,15 @@ export class ActivityPubClient {
|
|
|
230
230
|
this.#logger.debug({ baseUrl }, '304 Not Modified, returning cached object')
|
|
231
231
|
return cached.object
|
|
232
232
|
} else if (res.status < 200 || res.status > 299) {
|
|
233
|
-
const
|
|
233
|
+
const errBody = await res.text()
|
|
234
234
|
this.#logger.warn(
|
|
235
|
-
{ status: res.status, body, url: baseUrl },
|
|
235
|
+
{ status: res.status, body: errBody, url: baseUrl },
|
|
236
236
|
'Could not fetch url'
|
|
237
237
|
)
|
|
238
238
|
throw new ActivityPubClientError(
|
|
239
239
|
res.status,
|
|
240
240
|
`Could not fetch ${baseUrl}`,
|
|
241
|
-
{ url: baseUrl, method, headers: res.headers, body }
|
|
241
|
+
{ url: baseUrl, method, headers: res.headers, body: errBody }
|
|
242
242
|
)
|
|
243
243
|
}
|
|
244
244
|
|
|
@@ -347,9 +347,9 @@ export class ActivityPubClient {
|
|
|
347
347
|
)
|
|
348
348
|
if ([400, 401, 403].includes(res.status) &&
|
|
349
349
|
lastPolicy === SignaturePolicyStorage.RFC9421) {
|
|
350
|
-
const
|
|
350
|
+
const errBody = await res.text()
|
|
351
351
|
this.#logger.debug(
|
|
352
|
-
{ url, status: res.status, body, headers: res.headers },
|
|
352
|
+
{ url, status: res.status, body: errBody, headers: res.headers },
|
|
353
353
|
'Authentication error; retrying with draft-cavage-12 signature'
|
|
354
354
|
)
|
|
355
355
|
lastPolicy = SignaturePolicyStorage.DRAFT_CAVAGE_12
|
|
@@ -371,15 +371,15 @@ export class ActivityPubClient {
|
|
|
371
371
|
await this.#throttler.update(hostname, res.headers)
|
|
372
372
|
this.#logger.debug({ url }, 'Done fetching POST')
|
|
373
373
|
if (res.status < 200 || res.status > 299) {
|
|
374
|
-
const
|
|
374
|
+
const errBody = await res.text()
|
|
375
375
|
this.#logger.debug(
|
|
376
|
-
{ url, status: res.status, body, headers: res.headers },
|
|
376
|
+
{ url, status: res.status, body: errBody, headers: res.headers },
|
|
377
377
|
'Error posting to url'
|
|
378
378
|
)
|
|
379
379
|
throw new ActivityPubClientError(
|
|
380
380
|
res.status,
|
|
381
381
|
`Could not post to ${url}`,
|
|
382
|
-
{ url, method, headers: res.headers, body }
|
|
382
|
+
{ url, method, headers: res.headers, body: errBody }
|
|
383
383
|
)
|
|
384
384
|
}
|
|
385
385
|
// Only cache draft-cavage-12 (i.e. the degraded fallback). Caching
|
package/lib/digester.js
CHANGED
|
@@ -9,7 +9,8 @@ export class Digester {
|
|
|
9
9
|
async digest (body) {
|
|
10
10
|
const digest = crypto.createHash('sha256')
|
|
11
11
|
digest.update(body)
|
|
12
|
-
|
|
12
|
+
// NB: uppercase required by some ActivityPub processors
|
|
13
|
+
return `SHA-256=${digest.digest('base64')}`
|
|
13
14
|
}
|
|
14
15
|
|
|
15
16
|
async contentDigest (body) {
|