@evanp/activitypub-bot 0.8.0

package/tests/httpsignatureauthenticator.test.js

@@ -0,0 +1,463 @@
+import { describe, before, after, it } from 'node:test'
+import assert from 'node:assert'
+import { Sequelize } from 'sequelize'
+import { KeyStorage } from '../lib/keystorage.js'
+import { nockSetup, nockSignature, nockKeyRotate, nockFormat } from './utils/nock.js'
+import { HTTPSignature } from '../lib/httpsignature.js'
+import { HTTPSignatureAuthenticator } from '../lib/httpsignatureauthenticator.js'
+import Logger from 'pino'
+import { Digester } from '../lib/digester.js'
+import { RemoteKeyStorage } from '../lib/remotekeystorage.js'
+import { ActivityPubClient } from '../lib/activitypubclient.js'
+import { UrlFormatter } from '../lib/urlformatter.js'
+import as2 from '../lib/activitystreams.js'
+
+describe('HTTPSignatureAuthenticator', async () => {
+  const domain = 'activitypubbot.example'
+  const origin = `https://${domain}`
+  let authenticator = null
+  let logger = null
+  let signer = null
+  let digester = null
+  let remoteKeyStorage = null
+  let connection = null
+  const next = (err) => {
+    if (err) {
+      assert.fail(`Failed to authenticate: ${err.message}`)
+    } else {
+      assert.ok(true, 'Authenticated successfully')
+    }
+  }
+  const failNext = (err) => {
+    if (err) {
+      assert.ok(true, 'Failed successfully')
+    } else {
+      assert.fail('Passed through an incorrect request')
+    }
+  }
+  before(async () => {
+    logger = Logger({
+      level: 'silent'
+    })
+    connection = new Sequelize('sqlite::memory:', { logging: false })
+    await connection.authenticate()
+    signer = new HTTPSignature(logger)
+    digester = new Digester(logger)
+    const formatter = new UrlFormatter(origin)
+    const keyStorage = new KeyStorage(connection, logger)
+    await keyStorage.initialize()
+    const client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)
+    remoteKeyStorage = new RemoteKeyStorage(client, connection, logger)
+    await remoteKeyStorage.initialize()
+    nockSetup('social.example')
+  })
+
+  after(async () => {
+    await connection.close()
+    authenticator = null
+    digester = null
+    signer = null
+    remoteKeyStorage = null
+  })
+
+  it('can initialize', async () => {
+    authenticator = new HTTPSignatureAuthenticator(
+      remoteKeyStorage,
+      signer,
+      digester,
+      logger)
+  })
+
+  it('can authenticate a valid GET request', async () => {
+    const username = 'test'
+    const date = new Date().toUTCString()
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, next)
+  })
+
+  it('can authenticate a valid GET request with parameters', async () => {
+    const lname = 'ok'
+    const username = 'test'
+    const date = new Date().toUTCString()
+    const signature = await nockSignature({
+      url: `${origin}/.well-known/webfinger?resource=acct:${lname}@${domain}`,
+      date,
+      username
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = `/.well-known/webfinger?resource=acct:${lname}@${domain}`
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, next)
+  })
+
+  it('can authenticate a valid GET request after key rotation', async () => {
+    const username = 'test2'
+    const date = new Date().toUTCString()
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, next)
+    await nockKeyRotate(username)
+    const date2 = new Date().toUTCString()
+    const signature2 = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date: date2,
+      username
+    })
+    const headers2 = {
+      date: date2,
+      signature: signature2,
+      host: URL.parse(origin).host
+    }
+    const req2 = {
+      headers: headers2,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req2, res, next)
+  })
+
+  it('can authenticate a valid POST request', async () => {
+    const username = 'test3'
+    const type = 'Activity'
+    const activity = await as2.import({
+      id: nockFormat({ username, type }),
+      type
+    })
+    const rawBodyText = await activity.write()
+    const digest = await digester.digest(rawBodyText)
+    const date = new Date().toUTCString()
+    const method = 'POST'
+    const originalUrl = '/user/ok/inbox'
+    const signature = await nockSignature({
+      username,
+      url: `${origin}${originalUrl}`,
+      date,
+      digest,
+      method
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host,
+      digest
+    }
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      },
+      rawBodyText
+    }
+    await authenticator.authenticate(req, res, next)
+  })
+
+  it('skips a request that is not signed', async () => {
+    const date = new Date().toUTCString()
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const headers = {
+      date,
+      host: URL.parse(origin).host
+    }
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, next)
+  })
+
+  it('can refuse a request signed with the wrong key', async () => {
+    const username = 'test'
+    const date = new Date().toUTCString()
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, next)
+  })
+
+  it('can refuse a request with a bad digest', async () => {
+    const username = 'test3'
+    const type = 'Activity'
+    const activity = await as2.import({
+      id: nockFormat({ username, type }),
+      type
+    })
+    const rawBodyText = await activity.write()
+    const digest = await digester.digest('This does not match the rawBodyText')
+    const date = new Date().toUTCString()
+    const method = 'POST'
+    const originalUrl = '/user/ok/inbox'
+    const signature = await nockSignature({
+      username,
+      url: `${origin}${originalUrl}`,
+      date,
+      digest,
+      method
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host,
+      digest
+    }
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      },
+      rawBodyText
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+
+  it('can refuse a request with a missing digest', async () => {
+    const username = 'test3'
+    const type = 'Activity'
+    const activity = await as2.import({
+      id: nockFormat({ username, type }),
+      type
+    })
+    const rawBodyText = await activity.write()
+    const date = new Date().toUTCString()
+    const method = 'POST'
+    const originalUrl = '/user/ok/inbox'
+    const signature = await nockSignature({
+      username,
+      url: `${origin}${originalUrl}`,
+      date,
+      method
+    })
+    const headers = {
+      date,
+      signature,
+      host: URL.parse(origin).host
+    }
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      },
+      rawBodyText
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+
+  it('can refuse a request with a missing date', async () => {
+    const username = 'test'
+    const date = new Date().toUTCString()
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+
+  it('can refuse a request with a badly formatted date', async () => {
+    const username = 'test'
+    const date = '3 Prairial CCXXXIII 14:00:35'
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+
+  it('can refuse a request with a past date outside of the skew window', async () => {
+    const username = 'test'
+    // 10 days ago
+    const date = (new Date(Date.now() - 10 * 24 * 60 * 60 * 1000)).toUTCString()
+    logger.debug(date)
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+
+  it('can refuse a request with a future date outside of the skew window', async () => {
+    const username = 'test'
+    // 10 days ago
+    const date = (new Date(Date.now() + 10 * 24 * 60 * 60 * 1000)).toUTCString()
+    logger.debug(date)
+    const signature = await nockSignature({
+      url: `${origin}/user/ok/outbox`,
+      date,
+      username
+    })
+    const headers = {
+      signature,
+      host: URL.parse(origin).host
+    }
+    const method = 'GET'
+    const originalUrl = '/user/ok/outbox'
+    const res = {
+
+    }
+    const req = {
+      headers,
+      originalUrl,
+      method,
+      get: function (name) {
+        return this.headers[name.toLowerCase()]
+      }
+    }
+    await authenticator.authenticate(req, res, failNext)
+  })
+})

package/tests/keystorage.test.js

@@ -0,0 +1,89 @@
+import { describe, before, after, it } from 'node:test'
+import { KeyStorage } from '../lib/keystorage.js'
+import assert from 'node:assert'
+import { Sequelize } from 'sequelize'
+import Logger from 'pino'
+
+describe('KeyStorage', async () => {
+  let connection = null
+  let storage = null
+  let logger = null
+  let firstPublicKey = null
+  let firstPrivateKey = null
+  let secondPublicKey = null
+  let secondPrivateKey = null
+  before(async () => {
+    connection = new Sequelize('sqlite::memory:', { logging: false })
+    await connection.authenticate()
+    logger = new Logger({
+      level: 'silent'
+    })
+  })
+  after(async () => {
+    await connection.close()
+    connection = null
+    logger = null
+  })
+  it('can initialize', async () => {
+    storage = new KeyStorage(connection, logger)
+    await storage.initialize()
+  })
+  it('can get a public key', async () => {
+    firstPublicKey = await storage.getPublicKey('test1')
+    assert.ok(firstPublicKey)
+    assert.equal(typeof firstPublicKey, 'string')
+    assert.match(firstPublicKey, /^-----BEGIN PUBLIC KEY-----\n/)
+    assert.match(firstPublicKey, /-----END PUBLIC KEY-----\n$/)
+  })
+  it('can get a public key again', async () => {
+    secondPublicKey = await storage.getPublicKey('test1')
+    assert.ok(secondPublicKey)
+    assert.equal(typeof secondPublicKey, 'string')
+    assert.match(secondPublicKey, /^-----BEGIN PUBLIC KEY-----\n/)
+    assert.match(secondPublicKey, /-----END PUBLIC KEY-----\n$/)
+    assert.equal(firstPublicKey, secondPublicKey)
+  })
+  it('can get a private key after getting a public key', async () => {
+    const privateKey = await storage.getPrivateKey('test1')
+    assert.ok(privateKey)
+    assert.equal(typeof privateKey, 'string')
+    assert.match(privateKey, /^-----BEGIN PRIVATE KEY-----\n/)
+    assert.match(privateKey, /-----END PRIVATE KEY-----\n$/)
+  })
+  it('can get a private key', async () => {
+    firstPrivateKey = await storage.getPrivateKey('test2')
+    assert.ok(firstPrivateKey)
+    assert.equal(typeof firstPrivateKey, 'string')
+    assert.match(firstPrivateKey, /^-----BEGIN PRIVATE KEY-----\n/)
+    assert.match(firstPrivateKey, /-----END PRIVATE KEY-----\n$/)
+  })
+  it('can get a private key again', async () => {
+    secondPrivateKey = await storage.getPrivateKey('test2')
+    assert.ok(secondPrivateKey)
+    assert.equal(typeof secondPrivateKey, 'string')
+    assert.match(secondPrivateKey, /^-----BEGIN PRIVATE KEY-----\n/)
+    assert.match(secondPrivateKey, /-----END PRIVATE KEY-----\n$/)
+    assert.equal(firstPrivateKey, secondPrivateKey)
+  })
+  it('can get a public key after getting a private key', async () => {
+    const publicKey = await storage.getPublicKey('test2')
+    assert.ok(publicKey)
+    assert.equal(typeof publicKey, 'string')
+    assert.match(publicKey, /^-----BEGIN PUBLIC KEY-----\n/)
+    assert.match(publicKey, /-----END PUBLIC KEY-----\n$/)
+  })
+  it('can get distinct public keys for distinct bots', async () => {
+    const publicKey = await storage.getPublicKey('test1')
+    const publicKey2 = await storage.getPublicKey('test2')
+    assert.ok(publicKey)
+    assert.ok(publicKey2)
+    assert.notEqual(publicKey, publicKey2)
+  })
+  it('can get distinct private keys for distinct bots', async () => {
+    const privateKey = await storage.getPrivateKey('test1')
+    const privateKey2 = await storage.getPrivateKey('test2')
+    assert.ok(privateKey)
+    assert.ok(privateKey2)
+    assert.notEqual(privateKey, privateKey2)
+  })
+})

package/tests/microsyntax.test.js

@@ -0,0 +1,122 @@
+import { describe, it } from 'node:test'
+import assert from 'node:assert'
+import { Sequelize } from 'sequelize'
+import { Transformer } from '../lib/microsyntax.js'
+import { UrlFormatter } from '../lib/urlformatter.js'
+import { KeyStorage } from '../lib/keystorage.js'
+import { ActivityPubClient } from '../lib/activitypubclient.js'
+import { nockSetup } from './utils/nock.js'
+import { HTTPSignature } from '../lib/httpsignature.js'
+import Logger from 'pino'
+import { Digester } from '../lib/digester.js'
+
+const AS2 = 'https://www.w3.org/ns/activitystreams#'
+
+describe('microsyntax', async () => {
+  const tagNamespace = 'https://tags.example/tag/'
+  const origin = 'https://activitypubbot.example'
+
+  nockSetup('social.example')
+
+  const logger = Logger({
+    level: 'silent'
+  })
+  const digester = new Digester(logger)
+  const connection = new Sequelize('sqlite::memory:', { logging: false })
+  await connection.authenticate()
+  const keyStorage = new KeyStorage(connection, logger)
+  await keyStorage.initialize()
+  const formatter = new UrlFormatter(origin)
+  const signer = new HTTPSignature(logger)
+  const client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)
+  const transformer = new Transformer(tagNamespace, client)
+
+  it('has transformer', () => {
+    assert.ok(transformer)
+  })
+
+  describe('transform tagless text', async () => {
+    const text = 'Hello, world!'
+    const { html } = await transformer.transform(text)
+    it('has output', () => {
+      assert.ok(html)
+    })
+    it('is the same as input', () => {
+      assert.equal(html, `<p>${text}</p>`)
+    })
+  })
+
+  describe('transform hashtag', async () => {
+    const text = 'Hello, World! #greeting'
+    const { html, tag } = await transformer.transform(text)
+    it('has html output', () => {
+      assert.ok(html)
+    })
+    it('has tag', () => {
+      assert.ok(tag)
+    })
+    it('has correct html', () => {
+      assert.equal(html, '<p>Hello, World! <a href="https://tags.example/tag/greeting">#greeting</a></p>')
+    })
+    it('has correct tag', () => {
+      assert.equal(tag.length, 1)
+      assert.equal(tag[0].type, AS2 + 'Hashtag')
+      assert.equal(tag[0].name, '#greeting')
+      assert.equal(tag[0].href, 'https://tags.example/tag/greeting')
+    })
+  })
+
+  describe('transform url', async () => {
+    const text = 'Please visit https://example.com for more information.'
+    const { html, tag } = await transformer.transform(text)
+    it('has html output', () => {
+      assert.ok(html)
+    })
+    it('has tag', () => {
+      assert.ok(tag)
+    })
+    it('has correct html', () => {
+      assert.equal(html, '<p>Please visit <a href="https://example.com">https://example.com</a> for more information.</p>')
+    })
+    it('has correct tag', () => {
+      assert.equal(tag.length, 0)
+    })
+  })
+
+  describe('transform url with fragment', async () => {
+    const text = 'Please visit https://example.com#fragment for more information.'
+    const { html, tag } = await transformer.transform(text)
+    it('has html output', () => {
+      assert.ok(html)
+    })
+    it('has tag', () => {
+      assert.ok(tag)
+    })
+    it('has correct html', () => {
+      assert.equal(html, '<p>Please visit <a href="https://example.com#fragment">https://example.com#fragment</a> for more information.</p>')
+    })
+    it('has correct tag', () => {
+      assert.equal(tag.length, 0)
+    })
+  })
+
+  describe('transform full mention', async () => {
+    const text = 'Hello, @world@social.example !'
+    const { html, tag } = await transformer.transform(text)
+    it('has html output', () => {
+      assert.ok(html)
+    })
+    it('has tag', () => {
+      assert.ok(tag)
+    })
+    it('has correct html', () => {
+      assert.equal(html, '<p>Hello, <a href="https://social.example/profile/world">@world@social.example</a> !</p>')
+    })
+    it('has correct tag', () => {
+      assert.equal(tag.length, 1)
+      assert.equal(tag[0].type, 'Mention')
+      assert.equal(tag[0].name, '@world@social.example')
+      assert.equal(tag[0].href, 'https://social.example/profile/world')
+    })
+  })
+})