@evanp/activitypub-bot 0.48.0 → 0.48.2

package/CHANGELOG.md

@@ -9,6 +9,19 @@ and this project adheres to
 
 ## [Unreleased]
 
+- Missing required `instance` property in /nodeinfo/2.2.
+
+## [0.48.2] - 2026-06-04
+
+- Immediate expiry for actors.
+- Include required 'instance' property in nodeinfo 2.2.
+
+## [0.48.1] - 2026-05-28
+
+- 401 Unauthorized for authentication errors
+- 401 Unauthorized when actor has been
+  deleted
+
 ## [0.48.0] - 2026-05-28
 
 ### Added

package/lib/httpsignatureauthenticator.js

@@ -77,21 +77,21 @@ export class HTTPSignatureAuthenticator {
     this.#logger.debug({ reqId: req.id, signature }, 'Got signed request')
     const date = req.get('Date')
     if (!date) {
-      throw new ProblemDetailsError(400, 'No date provided')
+      throw new ProblemDetailsError(401, 'No date provided')
     }
     if (Math.abs(Date.parse(date) - Date.now()) >
         HTTPSignatureAuthenticator.#maxDateDiff) {
-      throw new ProblemDetailsError(400, 'Time skew too large')
+      throw new ProblemDetailsError(401, 'Time skew too large')
     }
     if (req.rawBodyText && req.rawBodyText.length > 0) {
       const digest = req.get('Digest')
       if (!digest) {
-        throw new ProblemDetailsError(400, 'No digest provided')
+        throw new ProblemDetailsError(401, 'No digest provided')
       }
       const calculated = await this.#digester.digest(req.rawBodyText)
       if (!this.#digester.equals(digest, calculated)) {
         this.#logger.debug({ reqId: req.id, calculated, digest }, 'Digest mismatch')
-        throw new ProblemDetailsError(400, 'Digest mismatch')
+        throw new ProblemDetailsError(401, 'Digest mismatch')
       }
     }
     const { method, headers } = req
@@ -100,7 +100,7 @@ export class HTTPSignatureAuthenticator {
     this.#logger.debug({ reqId: req.id, keyId }, 'Signed with keyId')
     const ok = await this.#remoteKeyStorage.getPublicKey(keyId)
     if (!ok) {
-      throw new ProblemDetailsError(400, 'public key not found')
+      throw new ProblemDetailsError(401, 'public key not found')
     }
     let owner = ok.owner
     let publicKeyPem = ok.publicKeyPem
@@ -137,25 +137,25 @@ export class HTTPSignatureAuthenticator {
     const date = req.get('Date')
     if (date && Math.abs(Date.parse(date) - Date.now()) >
         HTTPSignatureAuthenticator.#maxDateDiff) {
-      throw new ProblemDetailsError(400, 'Time skew too large')
+      throw new ProblemDetailsError(401, 'Time skew too large')
     }
     if (req.rawBodyText && req.rawBodyText.length > 0) {
       const digest = req.get('Content-Digest')
       if (!digest) {
-        throw new ProblemDetailsError(400, 'No digest provided')
+        throw new ProblemDetailsError(401, 'No digest provided')
       }
       const calculated = await this.#digester.contentDigest(req.rawBodyText)
       if (!this.#digester.equals(digest, calculated)) {
         this.#logger.debug({ reqId: req.id, calculated, digest }, 'Digest mismatch')
-        throw new ProblemDetailsError(400, 'Digest mismatch')
+        throw new ProblemDetailsError(401, 'Digest mismatch')
       }
     }
     const created = this.#messageSigner.created(signatureInput)
     if (!created) {
-      throw new ProblemDetailsError(400, 'No created timestamp provided')
+      throw new ProblemDetailsError(401, 'No created timestamp provided')
     }
     if (Math.abs(Date.now() - created * 1000) > HTTPSignatureAuthenticator.#maxDateDiff) {
-      throw new ProblemDetailsError(400, 'Time skew too large')
+      throw new ProblemDetailsError(401, 'Time skew too large')
     }
     const { method, headers } = req
     const { origin } = req.app.locals
@@ -163,12 +163,12 @@ export class HTTPSignatureAuthenticator {
 
     const keyId = this.#messageSigner.keyId(signatureInput)
     if (!keyId) {
-      throw new ProblemDetailsError(400, 'no public key provided')
+      throw new ProblemDetailsError(401, 'no public key provided')
     }
     this.#logger.debug({ reqId: req.id, keyId }, 'Signed with keyId')
     const ok = await this.#remoteKeyStorage.getPublicKey(keyId)
     if (!ok) {
-      throw new ProblemDetailsError(400, 'public key not found')
+      throw new ProblemDetailsError(401, 'public key not found')
     }
     let owner = ok.owner
     let publicKeyPem = ok.publicKeyPem

package/lib/remotekeystorage.js

@@ -31,7 +31,10 @@ export class RemoteKeyStorage {
       return null
     }
     if (!await this.#confirmPublicKey(remote.owner, id)) {
-      this.#logger.warn({ owner: remote.owner, id }, 'Mismatched owner and key')
+      this.#logger.warn(
+        { owner: remote.owner, id },
+        'Cannot confirm match between owner and public key'
+      )
       return null
     }
     await this.#cachePublicKey(id, remote.owner, remote.publicKeyPem)
@@ -58,7 +61,14 @@ export class RemoteKeyStorage {
 
   async #getRemotePublicKey (id) {
     this.debug(`#getRemotePublicKey(${id})`)
-    const response = await this.#client.getKey(id)
+    let response
+    try {
+      response = await this.#client.getKey(id)
+    } catch (err) {
+      this.#logger.warn({ id, err }, 'error getting key')
+      return null
+    }
+
     if (!response) {
       return null
     }

package/lib/remoteobjectcache.js

@@ -147,7 +147,7 @@ export class RemoteObjectCache {
     if (as2obj.isActivity()) {
       offset = 24 * 60 * 60 * 1000
     } else if (as2obj.inbox) {
-      offset = 30 * 60 * 1000
+      offset = -1000
     } else if (KEY_TYPES.includes(as2obj.type)) {
       offset = -1000
     } else if (COLLECTION_TYPES.includes(as2obj.type)) {

package/lib/routes/nodeinfo.js

@@ -57,7 +57,8 @@ router.get('/nodeinfo/:nodeinfoVersion', async (req, res, next) => {
         activeHalfyear: data.activeHalfYearly
       }
     },
-    metadata: {}
+    metadata: {},
+    instance: (nodeinfoVersion === '2.2') ? {} : undefined
   })
 })
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evanp/activitypub-bot",
-  "version": "0.48.0",
+  "version": "0.48.2",
   "description": "server-side ActivityPub bot framework",
   "type": "module",
   "main": "lib/index.js",