@fedify/fedify 0.14.0-dev.344 → 0.14.0-dev.345
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGES.md +6 -0
- package/esm/vocab/actor.js +13 -1
- package/esm/webfinger/lookup.js +11 -4
- package/package.json +1 -1
- package/types/vocab/actor.d.ts.map +1 -1
- package/types/webfinger/lookup.d.ts.map +1 -1
package/CHANGES.md
CHANGED
|
@@ -79,6 +79,12 @@ To be released.
|
|
|
79
79
|
applicable to `format: "compact"`. Otherwise, it throws
|
|
80
80
|
a `TypeError`.
|
|
81
81
|
|
|
82
|
+
- The `getActorHandle()` function now supports cross-origin WebFinger
|
|
83
|
+
resources.
|
|
84
|
+
|
|
85
|
+
- The `lookupWebFinger()` and `getActorHandle()` functions no more throw
|
|
86
|
+
an error when they fail to reach the WebFinger resource.
|
|
87
|
+
|
|
82
88
|
- Now `fedify init` generates a default *tsconfig.json* file on Node.js and
|
|
83
89
|
Bun, and fills the *deno.json* file with the default `compilerOptions` on
|
|
84
90
|
Deno.
|
package/esm/vocab/actor.js
CHANGED
|
@@ -87,8 +87,10 @@ export async function getActorHandle(actor, options = {}) {
|
|
|
87
87
|
const match = alias.match(/^acct:([^@]+)@([^@]+)$/);
|
|
88
88
|
if (match != null) {
|
|
89
89
|
const hostname = new URL(`https://${match[2]}/`).hostname;
|
|
90
|
-
if (hostname !== actorId.hostname
|
|
90
|
+
if (hostname !== actorId.hostname &&
|
|
91
|
+
!await verifyCrossOriginActorHandle(actorId.href, alias)) {
|
|
91
92
|
continue;
|
|
93
|
+
}
|
|
92
94
|
return normalizeActorHandle(`@${match[1]}@${match[2]}`, options);
|
|
93
95
|
}
|
|
94
96
|
}
|
|
@@ -100,6 +102,16 @@ export async function getActorHandle(actor, options = {}) {
|
|
|
100
102
|
}
|
|
101
103
|
throw new TypeError("Actor does not have enough information to get the handle.");
|
|
102
104
|
}
|
|
105
|
+
async function verifyCrossOriginActorHandle(actorId, alias) {
|
|
106
|
+
const response = await lookupWebFinger(alias);
|
|
107
|
+
if (response == null)
|
|
108
|
+
return false;
|
|
109
|
+
for (const alias of response.aliases ?? []) {
|
|
110
|
+
if (new URL(alias).href === actorId)
|
|
111
|
+
return true;
|
|
112
|
+
}
|
|
113
|
+
return false;
|
|
114
|
+
}
|
|
103
115
|
/**
|
|
104
116
|
* Normalizes the given actor handle.
|
|
105
117
|
* @param handle The full handle of the actor to normalize.
|
package/esm/webfinger/lookup.js
CHANGED
|
@@ -27,10 +27,17 @@ export async function lookupWebFinger(resource) {
|
|
|
27
27
|
url.searchParams.set("resource", resource.href);
|
|
28
28
|
while (true) {
|
|
29
29
|
logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
30
|
+
let response;
|
|
31
|
+
try {
|
|
32
|
+
response = await fetch(url, {
|
|
33
|
+
headers: { Accept: "application/jrd+json" },
|
|
34
|
+
redirect: "manual",
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
catch (error) {
|
|
38
|
+
logger.debug("Failed to fetch WebFinger resource descriptor: {error}", { url: url.href, error });
|
|
39
|
+
return null;
|
|
40
|
+
}
|
|
34
41
|
if (response.status >= 300 && response.status < 400 &&
|
|
35
42
|
response.headers.has("Location")) {
|
|
36
43
|
url = new URL(response.headers.get("Location"));
|
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actor.d.ts","sourceRoot":"","sources":["../../src/vocab/actor.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE/E;;;GAGG;AACH,MAAM,MAAM,KAAK,GAAG,WAAW,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;AAE1E;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,KAAK,CAQxD;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,aAAa,GACb,OAAO,GACP,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,KAAK,GACX,aAAa,CAOf;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,aAAa,GAErB,OAAO,WAAW,GAClB,OAAO,KAAK,GACZ,OAAO,YAAY,GACnB,OAAO,MAAM,GACb,OAAO,OAAO,CAcjB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,KAAK,GAAG,GAAG,EAClB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"actor.d.ts","sourceRoot":"","sources":["../../src/vocab/actor.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE/E;;;GAGG;AACH,MAAM,MAAM,KAAK,GAAG,WAAW,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;AAE1E;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,KAAK,CAQxD;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,aAAa,GACb,OAAO,GACP,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,KAAK,GACX,aAAa,CAOf;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,aAAa,GAErB,OAAO,WAAW,GAClB,OAAO,KAAK,GACZ,OAAO,YAAY,GACnB,OAAO,MAAM,GACb,OAAO,OAAO,CAcjB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,KAAK,GAAG,GAAG,EAClB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,CAkCzD;AAcD;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,2BAAgC,GACxC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAahD;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC;IAE7B;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QACnB;;WAEG;QACH,WAAW,EAAE,GAAG,GAAG,IAAI,CAAC;KACzB,GAAG,IAAI,CAAC;CACV"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lookup.d.ts","sourceRoot":"","sources":["../../src/webfinger/lookup.ts"],"names":[],"mappings":";AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAInD;;;;;GAKG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,GAAG,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"lookup.d.ts","sourceRoot":"","sources":["../../src/webfinger/lookup.ts"],"names":[],"mappings":";AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAInD;;;;;GAKG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,GAAG,GAAG,MAAM,GACrB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAgEpC"}
|