@fedify/fedify 0.9.0-dev.174 → 0.9.0-dev.175
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of @fedify/fedify might be problematic. Click here for more details.
- package/CHANGES.md +9 -0
- package/esm/federation/handler.js +5 -2
- package/esm/federation/middleware.js +6 -2
- package/esm/httpsig/mod.js +7 -8
- package/package.json +1 -1
- package/types/federation/handler.d.ts +3 -1
- package/types/federation/handler.d.ts.map +1 -1
- package/types/federation/middleware.d.ts +9 -1
- package/types/federation/middleware.d.ts.map +1 -1
- package/types/httpsig/mod.d.ts +29 -5
- package/types/httpsig/mod.d.ts.map +1 -1
package/CHANGES.md
CHANGED
|
@@ -29,6 +29,15 @@ To be released.
|
|
|
29
29
|
- Added `SendActivityOptions.excludeBaseUris` property.
|
|
30
30
|
- Added `ExtractInboxesParameters.excludeBaseUris` property.
|
|
31
31
|
|
|
32
|
+
- The time window for signature verification is now configurable.
|
|
33
|
+
|
|
34
|
+
- The default time window for signature verification is now a minute (was
|
|
35
|
+
30 seconds).
|
|
36
|
+
- Added `signatureTimeWindow` option to `FederationParameters` interface.
|
|
37
|
+
- Added `VerifyOptions` interface.
|
|
38
|
+
- The signature of the `verify()` function is revamped; it now optionally
|
|
39
|
+
takes a `VerifyOptions` object as the second parameter.
|
|
40
|
+
|
|
32
41
|
- Added more log messages using the [LogTape] library. Currently the below
|
|
33
42
|
logger categories are used:
|
|
34
43
|
|
|
@@ -162,7 +162,7 @@ function filterCollectionItems(items, collectionName, filterPredicate) {
|
|
|
162
162
|
}
|
|
163
163
|
return result;
|
|
164
164
|
}
|
|
165
|
-
export async function handleInbox(request, { handle, context, kv, kvPrefix, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, }) {
|
|
165
|
+
export async function handleInbox(request, { handle, context, kv, kvPrefix, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, }) {
|
|
166
166
|
const logger = getLogger(["fedify", "federation", "inbox"]);
|
|
167
167
|
if (actorDispatcher == null) {
|
|
168
168
|
logger.error("Actor dispatcher is not set.", { handle });
|
|
@@ -176,7 +176,10 @@ export async function handleInbox(request, { handle, context, kv, kvPrefix, acto
|
|
|
176
176
|
return await onNotFound(request);
|
|
177
177
|
}
|
|
178
178
|
}
|
|
179
|
-
const key = await verify(request,
|
|
179
|
+
const key = await verify(request, {
|
|
180
|
+
...context,
|
|
181
|
+
timeWindow: signatureTimeWindow,
|
|
182
|
+
});
|
|
180
183
|
if (key == null) {
|
|
181
184
|
logger.error("Failed to verify the request signature.", { handle });
|
|
182
185
|
const response = new Response("Failed to verify the request signature.", {
|
|
@@ -36,12 +36,13 @@ export class Federation {
|
|
|
36
36
|
#authenticatedDocumentLoaderFactory;
|
|
37
37
|
#treatHttps;
|
|
38
38
|
#onOutboxError;
|
|
39
|
+
#signatureTimeWindow;
|
|
39
40
|
#backoffSchedule;
|
|
40
41
|
/**
|
|
41
42
|
* Create a new {@link Federation} instance.
|
|
42
43
|
* @param parameters Parameters for initializing the instance.
|
|
43
44
|
*/
|
|
44
|
-
constructor({ kv, kvPrefixes, queue, documentLoader, contextLoader, authenticatedDocumentLoaderFactory, treatHttps, onOutboxError, backoffSchedule, }) {
|
|
45
|
+
constructor({ kv, kvPrefixes, queue, documentLoader, contextLoader, authenticatedDocumentLoaderFactory, treatHttps, onOutboxError, signatureTimeWindow, backoffSchedule, }) {
|
|
45
46
|
this.#kv = kv;
|
|
46
47
|
this.#kvPrefixes = {
|
|
47
48
|
...({
|
|
@@ -68,6 +69,7 @@ export class Federation {
|
|
|
68
69
|
getAuthenticatedDocumentLoader;
|
|
69
70
|
this.#onOutboxError = onOutboxError;
|
|
70
71
|
this.#treatHttps = treatHttps ?? false;
|
|
72
|
+
this.#signatureTimeWindow = signatureTimeWindow ?? { minutes: 1 };
|
|
71
73
|
this.#backoffSchedule = backoffSchedule ?? [
|
|
72
74
|
3000,
|
|
73
75
|
15000,
|
|
@@ -293,6 +295,7 @@ export class Federation {
|
|
|
293
295
|
return context;
|
|
294
296
|
let signedKey = undefined;
|
|
295
297
|
let signedKeyOwner = undefined;
|
|
298
|
+
const timeWindow = this.#signatureTimeWindow;
|
|
296
299
|
const reqCtx = {
|
|
297
300
|
...context,
|
|
298
301
|
request,
|
|
@@ -341,7 +344,7 @@ export class Federation {
|
|
|
341
344
|
async getSignedKey() {
|
|
342
345
|
if (signedKey !== undefined)
|
|
343
346
|
return signedKey;
|
|
344
|
-
return signedKey = await verify(request, context
|
|
347
|
+
return signedKey = await verify(request, { ...context, timeWindow });
|
|
345
348
|
},
|
|
346
349
|
async getSignedKeyOwner() {
|
|
347
350
|
if (signedKeyOwner !== undefined)
|
|
@@ -939,6 +942,7 @@ export class Federation {
|
|
|
939
942
|
inboxListeners: this.#inboxListeners,
|
|
940
943
|
inboxErrorHandler: this.#inboxErrorHandler,
|
|
941
944
|
onNotFound,
|
|
945
|
+
signatureTimeWindow: this.#signatureTimeWindow,
|
|
942
946
|
});
|
|
943
947
|
case "following":
|
|
944
948
|
return await handleCollection(request, {
|
package/esm/httpsig/mod.js
CHANGED
|
@@ -67,15 +67,13 @@ const supportedHashAlgorithms = {
|
|
|
67
67
|
* if the request body is already consumed. Consuming the request body after
|
|
68
68
|
* calling this function is okay, since this function clones the request
|
|
69
69
|
* under the hood.
|
|
70
|
+
*
|
|
70
71
|
* @param request The request to verify.
|
|
71
|
-
* @param
|
|
72
|
-
* @param contextLoader The context loader to use for JSON-LD context retrieval.
|
|
73
|
-
* @param currentTime The current time. If not specified, the current time is
|
|
74
|
-
* used. This is useful for testing.
|
|
72
|
+
* @param options Options for verifying the request.
|
|
75
73
|
* @returns The public key of the verified signature, or `null` if the signature
|
|
76
74
|
* could not be verified.
|
|
77
75
|
*/
|
|
78
|
-
export async function verify(request, documentLoader, contextLoader, currentTime) {
|
|
76
|
+
export async function verify(request, { documentLoader, contextLoader, timeWindow, currentTime } = {}) {
|
|
79
77
|
const logger = getLogger(["fedify", "httpsig", "verify"]);
|
|
80
78
|
request = request.clone();
|
|
81
79
|
const dateHeader = request.headers.get("Date");
|
|
@@ -127,11 +125,12 @@ export async function verify(request, documentLoader, contextLoader, currentTime
|
|
|
127
125
|
}
|
|
128
126
|
const date = dntShim.Temporal.Instant.from(new Date(dateHeader).toISOString());
|
|
129
127
|
const now = currentTime ?? dntShim.Temporal.Now.instant();
|
|
130
|
-
|
|
128
|
+
const tw = timeWindow ?? { minutes: 1 };
|
|
129
|
+
if (dntShim.Temporal.Instant.compare(date, now.add(tw)) > 0) {
|
|
131
130
|
logger.debug("Failed to verify; Date is too far in the future.", { date: date.toString(), now: now.toString() });
|
|
132
131
|
return null;
|
|
133
132
|
}
|
|
134
|
-
else if (dntShim.Temporal.Instant.compare(date, now.subtract(
|
|
133
|
+
else if (dntShim.Temporal.Instant.compare(date, now.subtract(tw)) < 0) {
|
|
135
134
|
logger.debug("Failed to verify; Date is too far in the past.", { date: date.toString(), now: now.toString() });
|
|
136
135
|
return null;
|
|
137
136
|
}
|
|
@@ -152,7 +151,7 @@ export async function verify(request, documentLoader, contextLoader, currentTime
|
|
|
152
151
|
logger.debug("Fetching key {keyId} to verify signature...", { keyId });
|
|
153
152
|
let document;
|
|
154
153
|
try {
|
|
155
|
-
const remoteDocument = await documentLoader(keyId);
|
|
154
|
+
const remoteDocument = await (documentLoader ?? fetchDocumentLoader)(keyId);
|
|
156
155
|
document = remoteDocument.document;
|
|
157
156
|
}
|
|
158
157
|
catch (_) {
|
package/package.json
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
/// <reference types="node" />
|
|
3
|
+
import * as dntShim from "../_dnt.shims.js";
|
|
3
4
|
import type { DocumentLoader } from "../runtime/docloader.js";
|
|
4
5
|
import type { Recipient } from "../vocab/actor.js";
|
|
5
6
|
import { Activity, Link, Object } from "../vocab/vocab.js";
|
|
@@ -73,8 +74,9 @@ export interface InboxHandlerParameters<TContextData> {
|
|
|
73
74
|
inboxListeners: Map<new (...args: unknown[]) => Activity, InboxListener<TContextData, Activity>>;
|
|
74
75
|
inboxErrorHandler?: InboxErrorHandler<TContextData>;
|
|
75
76
|
onNotFound(request: Request): Response | Promise<Response>;
|
|
77
|
+
signatureTimeWindow: dntShim.Temporal.DurationLike;
|
|
76
78
|
}
|
|
77
|
-
export declare function handleInbox<TContextData>(request: Request, { handle, context, kv, kvPrefix, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, }: InboxHandlerParameters<TContextData>): Promise<Response>;
|
|
79
|
+
export declare function handleInbox<TContextData>(request: Request, { handle, context, kv, kvPrefix, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, }: InboxHandlerParameters<TContextData>): Promise<Response>;
|
|
78
80
|
/**
|
|
79
81
|
* Options for the {@link respondWithObject} and
|
|
80
82
|
* {@link respondWithObjectIfAcceptable} functions.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../src/federation/handler.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../src/federation/handler.ts"],"names":[],"mappings":";;AAAA,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAI5C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,IAAI,EACJ,MAAM,EAGP,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EACV,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,wBAAwB,EACxB,gBAAgB,EACjB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAE9C,wBAAgB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CASvD;AAED,MAAM,WAAW,sBAAsB,CAAC,YAAY;IAClD,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,eAAe,CAAC,YAAY,CAAC,CAAC;IAChD,kBAAkB,CAAC,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACtD,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3D,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACjE;AAED,wBAAsB,WAAW,CAAC,YAAY,EAC5C,OAAO,EAAE,OAAO,EAChB,EACE,MAAM,EACN,OAAO,EACP,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,eAAe,EACf,cAAc,GACf,EAAE,sBAAsB,CAAC,YAAY,CAAC,GACtC,OAAO,CAAC,QAAQ,CAAC,CAoBnB;AAED,MAAM,WAAW,uBAAuB,CAAC,YAAY;IACnD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,OAAO,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;IACtC,gBAAgB,CAAC,EAAE,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAClE,kBAAkB,CAAC,EAAE,wBAAwB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACpE,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3D,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACjE;AAED,wBAAsB,YAAY,CAAC,YAAY,EAC7C,OAAO,EAAE,OAAO,EAChB,EACE,MAAM,EACN,OAAO,EACP,gBAAgB,EAChB,kBAAkB,EAClB,UAAU,EACV,eAAe,EACf,cAAc,GACf,EAAE,uBAAuB,CAAC,YAAY,CAAC,GACvC,OAAO,CAAC,QAAQ,CAAC,CAmBnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO;IAC/D;;OAEG;IACH,UAAU,EAAE,oBAAoB,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;IAE/D;;OAEG;IACH,OAAO,CAAC,EAAE,iBAAiB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEnD;;OAEG;IACH,WAAW,CAAC,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEtD;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAErD;;OAEG;IACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CACvD;AAED,MAAM,WAAW,2BAA2B,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO;IACvE,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC;IAC3C,OAAO,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;IACtC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;IACxE,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/D,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3D,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACjE;AAED,wBAAsB,gBAAgB,CACpC,KAAK,SAAS,GAAG,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,EAC7C,YAAY,EACZ,OAAO,EAEP,OAAO,EAAE,OAAO,EAChB,EACE,IAAI,EACJ,MAAM,EACN,MAAM,EACN,eAAe,EACf,OAAO,EACP,mBAAmB,EACnB,cAAc,EACd,UAAU,EACV,eAAe,GAChB,EAAE,2BAA2B,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,CAAC,GAC3D,OAAO,CAAC,QAAQ,CAAC,CA4FnB;AA+BD,MAAM,WAAW,sBAAsB,CAAC,YAAY;IAClD,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,cAAc,CAAC,YAAY,CAAC,CAAC;IACtC,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,KAAK,CAAC;IAChB,eAAe,CAAC,EAAE,eAAe,CAAC,YAAY,CAAC,CAAC;IAChD,cAAc,EAAE,GAAG,CACjB,KAAK,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,QAAQ,EACpC,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,CACtC,CAAC;IACF,iBAAiB,CAAC,EAAE,iBAAiB,CAAC,YAAY,CAAC,CAAC;IACpD,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3D,mBAAmB,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;CACpD;AAED,wBAAsB,WAAW,CAAC,YAAY,EAC5C,OAAO,EAAE,OAAO,EAChB,EACE,MAAM,EACN,OAAO,EACP,EAAE,EACF,QAAQ,EACR,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,UAAU,EACV,mBAAmB,GACpB,EAAE,sBAAsB,CAAC,YAAY,CAAC,GACtC,OAAO,CAAC,QAAQ,CAAC,CAgInB;AAED;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,aAAa,EAAE,cAAc,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,QAAQ,CAAC,CAOnB;AAED;;;;;;;;GAQG;AACH,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAK1B"}
|
|
@@ -63,6 +63,14 @@ export interface FederationParameters {
|
|
|
63
63
|
* @since 0.6.0
|
|
64
64
|
*/
|
|
65
65
|
onOutboxError?: OutboxErrorHandler;
|
|
66
|
+
/**
|
|
67
|
+
* The time window for verifying the signature of incoming requests. If the
|
|
68
|
+
* request is older or newer than this window, it is rejected. By default,
|
|
69
|
+
* the window is a minute.
|
|
70
|
+
*
|
|
71
|
+
* @since 0.9.0
|
|
72
|
+
*/
|
|
73
|
+
signatureTimeWindow?: dntShim.Temporal.DurationLike;
|
|
66
74
|
backoffSchedule?: dntShim.Temporal.Duration[];
|
|
67
75
|
}
|
|
68
76
|
/**
|
|
@@ -93,7 +101,7 @@ export declare class Federation<TContextData> {
|
|
|
93
101
|
* Create a new {@link Federation} instance.
|
|
94
102
|
* @param parameters Parameters for initializing the instance.
|
|
95
103
|
*/
|
|
96
|
-
constructor({ kv, kvPrefixes, queue, documentLoader, contextLoader, authenticatedDocumentLoaderFactory, treatHttps, onOutboxError, backoffSchedule, }: FederationParameters);
|
|
104
|
+
constructor({ kv, kvPrefixes, queue, documentLoader, contextLoader, authenticatedDocumentLoaderFactory, treatHttps, onOutboxError, signatureTimeWindow, backoffSchedule, }: FederationParameters);
|
|
97
105
|
/**
|
|
98
106
|
* Create a new context.
|
|
99
107
|
* @param baseUrl The base URL of the server. The `pathname` remains root,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/federation/middleware.ts"],"names":[],"mappings":";;AAAA,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,cAAc,EAIpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAoB,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,KAAK,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,mBAAmB,EACpB,MAAM,cAAc,CAAC;AAQtB,OAAO,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAK5C;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,EAAE,EAAE,OAAO,CAAC;IAEZ;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE3C;;;;OAIG;IACH,KAAK,CAAC,EAAE,YAAY,CAAC;IAErB;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;;;OAIG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC;IAE/B;;;;;;OAMG;IACH,kCAAkC,CAAC,EAAE,kCAAkC,CAAC;IAExE;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/federation/middleware.ts"],"names":[],"mappings":";;AAAA,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,cAAc,EAIpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,QAAQ,EAAoB,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,KAAK,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,mBAAmB,EACpB,MAAM,cAAc,CAAC;AAQtB,OAAO,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAK5C;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,EAAE,EAAE,OAAO,CAAC;IAEZ;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE3C;;;;OAIG;IACH,KAAK,CAAC,EAAE,YAAY,CAAC;IAErB;;;OAGG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;;;OAIG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC;IAE/B;;;;;;OAMG;IACH,kCAAkC,CAAC,EAAE,kCAAkC,CAAC;IAExE;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,kBAAkB,CAAC;IAEnC;;;;;;OAMG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAIpD,eAAe,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,mBAAmB,EAAE,KAAK,CAAC;IAE3B;;;OAGG;IACH,cAAc,EAAE,KAAK,CAAC;CACvB;AAED;;;;;;GAMG;AACH,qBAAa,UAAU,CAAC,YAAY;;IAyBlC;;;OAGG;gBAED,EACE,EAAE,EACF,UAAU,EACV,KAAK,EACL,cAAc,EACd,aAAa,EACb,kCAAkC,EAClC,UAAU,EACV,aAAa,EACb,mBAAmB,EACnB,eAAe,GAChB,EAAE,oBAAoB;IA6GzB;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAE7E;;;;;OAKG;IACH,aAAa,CACX,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,YAAY,GACxB,cAAc,CAAC,YAAY,CAAC;IAyQ/B;;;;;;;;;OASG;IACH,qBAAqB,CACnB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,kBAAkB,CAAC,YAAY,CAAC;IAc9C;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,kBAAkB,CAChB,IAAI,EAAE,GAAG,MAAM,WAAW,MAAM,EAAE,EAClC,UAAU,EAAE,eAAe,CAAC,YAAY,CAAC,GACxC,oBAAoB,CAAC,YAAY,CAAC;IAyHrC;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EACF,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EACrI,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAEvD;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EACF,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EACjH,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAEvD;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EACF,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EAC7F,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAEvD;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EACF,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EACzE,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAEvD;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EAAE,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EACzD,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAEvD;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,OAAO,SAAS,MAAM,EAAE,MAAM,SAAS,MAAM,EAE/D,GAAG,EAAE,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE,EACxD,IAAI,EAAE,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,EACrC,UAAU,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,GAC1D,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC;IAgCvD;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,mBAAmB,CACjB,IAAI,EAAE,GAAG,MAAM,WAAW,MAAM,EAAE,EAClC,UAAU,EAAE,oBAAoB,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,GAC7D,yBAAyB,CAAC,YAAY,EAAE,IAAI,CAAC;IAmChD;;;;;;;;;;OAUG;IACH,sBAAsB,CACpB,IAAI,EAAE,GAAG,MAAM,WAAW,MAAM,EAAE,EAClC,UAAU,EAAE,oBAAoB,CAAC,KAAK,GAAG,GAAG,EAAE,YAAY,EAAE,IAAI,CAAC,GAChE,yBAAyB,CAAC,YAAY,EAAE,IAAI,CAAC;IAmChD;;;;;;;;;;OAUG;IACH,sBAAsB,CACpB,IAAI,EAAE,GAAG,MAAM,WAAW,MAAM,EAAE,EAClC,UAAU,EAAE,oBAAoB,CAC9B,SAAS,EACT,YAAY,EACZ,GAAG,CACJ,GACA,yBAAyB,CAAC,YAAY,EAAE,GAAG,CAAC;IAyE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACH,iBAAiB,CACf,SAAS,EAAE,GAAG,MAAM,WAAW,MAAM,EAAE,EACvC,eAAe,CAAC,EAAE,MAAM,GACvB,mBAAmB,CAAC,YAAY,CAAC;IAyCpC;;;;;;;;;OASG;IACG,YAAY,CAChB,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE;QAAE,KAAK,EAAE,GAAG,CAAC;QAAC,UAAU,EAAE,OAAO,CAAC,SAAS,CAAA;KAAE,EACpE,UAAU,EAAE,SAAS,GAAG,SAAS,EAAE,EACnC,QAAQ,EAAE,QAAQ,EAClB,EAAE,iBAAiB,EAAE,SAAS,EAAE,eAAe,EAAE,cAAc,EAAE,GAC/D,2BAAgC,GACjC,OAAO,CAAC,IAAI,CAAC;IA2FhB;;;;;;;;;;;OAWG;IACH,MAAM,CACJ,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,sBAAsB,CAAC,YAAY,CAAC,GAC5C,OAAO,CAAC,QAAQ,CAAC;IAOpB;;;;;;;;;;;OAWG;IACG,KAAK,CACT,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,sBAAsB,CAAC,YAAY,CAAC,GAC5C,OAAO,CAAC,QAAQ,CAAC;CA8IrB;AAED;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB,CAAC,YAAY;IAClD;;OAEG;IACH,WAAW,EAAE,YAAY,CAAC;IAE1B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEhE;;;;;OAKG;IACH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAErE;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACrE;AAQD;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,oBAAoB,CAAC,YAAY;IAChD;;;;OAIG;IACH,oBAAoB,CAClB,UAAU,EAAE,sBAAsB,CAAC,YAAY,CAAC,GAC/C,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAEtC;;;;;OAKG;IACH,SAAS,CACP,SAAS,EAAE,kBAAkB,CAAC,YAAY,CAAC,GAC1C,oBAAoB,CAAC,YAAY,CAAC,CAAC;CACvC;AAQD;;GAEG;AACH,MAAM,WAAW,qBAAqB,CACpC,YAAY,EACZ,OAAO,SAAS,MAAM,EACtB,MAAM,SAAS,MAAM;IAErB;;;;;OAKG;IACH,SAAS,CACP,SAAS,EAAE,wBAAwB,CAAC,YAAY,EAAE,MAAM,CAAC,GACxD,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;CACzD;AAED;;;;;GAKG;AACH,MAAM,WAAW,yBAAyB,CAAC,YAAY,EAAE,OAAO;IAC9D;;;;OAIG;IACH,UAAU,CACR,OAAO,EAAE,iBAAiB,CAAC,YAAY,EAAE,OAAO,CAAC,GAChD,yBAAyB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEpD;;;;OAIG;IACH,cAAc,CACZ,MAAM,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,GAC9C,yBAAyB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEpD;;;;OAIG;IACH,aAAa,CACX,MAAM,EAAE,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,GAC9C,yBAAyB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEpD;;;;;OAKG;IACH,SAAS,CACP,SAAS,EAAE,kBAAkB,CAAC,YAAY,CAAC,GAC1C,yBAAyB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;CACrD;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB,CAAC,YAAY;IAC/C;;;;;;OAMG;IACH,EAAE,CAAC,SAAS,SAAS,QAAQ,EAE3B,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,SAAS,EACvC,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,GAC/C,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAErC;;;;;;OAMG;IACH,OAAO,CACL,OAAO,EAAE,iBAAiB,CAAC,YAAY,CAAC,GACvC,mBAAmB,CAAC,YAAY,CAAC,CAAC;CACtC;AAED,UAAU,2BAA4B,SAAQ,mBAAmB;IAC/D,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}
|
package/types/httpsig/mod.d.ts
CHANGED
|
@@ -21,6 +21,32 @@ export { exportJwk, generateCryptoKeyPair, importJwk } from "./key.js";
|
|
|
21
21
|
* @throws {TypeError} If the private key is invalid or unsupported.
|
|
22
22
|
*/
|
|
23
23
|
export declare function sign(request: Request, privateKey: dntShim.CryptoKey, keyId: URL): Promise<Request>;
|
|
24
|
+
/**
|
|
25
|
+
* Options for {@link verify}.
|
|
26
|
+
*
|
|
27
|
+
* @since 0.9.0
|
|
28
|
+
*/
|
|
29
|
+
export interface VerifyOptions {
|
|
30
|
+
/**
|
|
31
|
+
* The document loader to use for fetching the public key.
|
|
32
|
+
*/
|
|
33
|
+
documentLoader?: DocumentLoader;
|
|
34
|
+
/**
|
|
35
|
+
* The context loader to use for JSON-LD context retrieval.
|
|
36
|
+
*/
|
|
37
|
+
contextLoader?: DocumentLoader;
|
|
38
|
+
/**
|
|
39
|
+
* The time window to allow for the request date. The actual time window is
|
|
40
|
+
* twice the value of this option, with the current time as the center.
|
|
41
|
+
* A minute by default.
|
|
42
|
+
*/
|
|
43
|
+
timeWindow?: dntShim.Temporal.DurationLike;
|
|
44
|
+
/**
|
|
45
|
+
* The current time. If not specified, the current time is used. This is
|
|
46
|
+
* useful for testing.
|
|
47
|
+
*/
|
|
48
|
+
currentTime?: dntShim.Temporal.Instant;
|
|
49
|
+
}
|
|
24
50
|
/**
|
|
25
51
|
* Verifies the signature of a request.
|
|
26
52
|
*
|
|
@@ -28,15 +54,13 @@ export declare function sign(request: Request, privateKey: dntShim.CryptoKey, ke
|
|
|
28
54
|
* if the request body is already consumed. Consuming the request body after
|
|
29
55
|
* calling this function is okay, since this function clones the request
|
|
30
56
|
* under the hood.
|
|
57
|
+
*
|
|
31
58
|
* @param request The request to verify.
|
|
32
|
-
* @param
|
|
33
|
-
* @param contextLoader The context loader to use for JSON-LD context retrieval.
|
|
34
|
-
* @param currentTime The current time. If not specified, the current time is
|
|
35
|
-
* used. This is useful for testing.
|
|
59
|
+
* @param options Options for verifying the request.
|
|
36
60
|
* @returns The public key of the verified signature, or `null` if the signature
|
|
37
61
|
* could not be verified.
|
|
38
62
|
*/
|
|
39
|
-
export declare function verify(request: Request, documentLoader
|
|
63
|
+
export declare function verify(request: Request, { documentLoader, contextLoader, timeWindow, currentTime }?: VerifyOptions): Promise<CryptographicKey | null>;
|
|
40
64
|
/**
|
|
41
65
|
* Options for {@link doesActorOwnKey}.
|
|
42
66
|
* @since 0.8.0
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/httpsig/mod.ts"],"names":[],"mappings":";;AAAA;;;;;GAKG;AACH,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EACL,KAAK,cAAc,EAEpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,KAAK,KAAK,EAAW,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,KAAK,QAAQ,EACb,gBAAgB,EAEjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAEvE;;;;;;;;GAQG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,CAAC,SAAS,EAC7B,KAAK,EAAE,GAAG,GACT,OAAO,CAAC,OAAO,CAAC,CAuClB;AAQD
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/httpsig/mod.ts"],"names":[],"mappings":";;AAAA;;;;;GAKG;AACH,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EACL,KAAK,cAAc,EAEpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,KAAK,KAAK,EAAW,MAAM,mBAAmB,CAAC;AACxD,OAAO,EACL,KAAK,QAAQ,EACb,gBAAgB,EAEjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAEvE;;;;;;;;GAQG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,CAAC,SAAS,EAC7B,KAAK,EAAE,GAAG,GACT,OAAO,CAAC,OAAO,CAAC,CAuClB;AAQD;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC;IAE/B;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAE3C;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;CACxC;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,OAAO,EAChB,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,GAAE,aACxD,GACH,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CA+NlC;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC;CAChC;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,gBAAgB,EACrB,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,OAAO,CAAC,CAUlB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAEhC;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC;CAChC;AAED;;;;;;;;;GASG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,GAAG,GAAG,gBAAgB,EAC7B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAgDvB"}
|