@fedify/fedify 1.0.8 → 1.0.10

package/CHANGES.md

@@ -3,6 +3,82 @@
 Fedify changelog
 ================
 
+Version 1.0.10
+--------------
+
+Released on December 19, 2024.
+
+ -  Fix a bug where `Actor`'s `inbox` and `outbox` properties had not been
+    able to be set to an `OrderedCollectionPage` object, even though it is
+    a subtype of `OrderedCollection` according to Activity Vocabulary
+    specification.  [[#165]]
+
+     -  The type of `Application()` constructor's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The type of `Application.clone()` method's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The return type of `Application.getInbox()` and
+        `Application.getOutbox()` methods is now `OrderedCollection |
+        OrderedCollectionPage | null` (was `OrderedCollection | null`).
+     -  The type of `Group()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Group.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Group.getInbox()` and `Group.getOutbox()` methods
+        is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+     -  The type of `Organization()` constructor's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The type of `Organization.clone()` method's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The return type of `Organization.getInbox()` and
+        `Organization.getOutbox()` methods is now `OrderedCollection |
+        OrderedCollectionPage | null` (was `OrderedCollection | null`).
+     -  The type of `Person()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Person.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Person.getInbox()` and `Person.getOutbox()` methods
+        is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+     -  The type of `Service()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Service.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Service.getInbox()` and `Service.getOutbox()`
+        methods is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+
+
+Version 1.0.9
+-------------
+
+Released on December 14, 2024.
+
+ -  Suppressed a `TypeError` with a message <q>unusable</q> due to Node.js's
+    mysterious behavior.  [[#159]]
+
+     -  The `verifyRequest()` function no longer throws a `TypeError`
+        when a given `Request` object's body is already consumed or locked.
+        Instead, it logs an error message to the `["fedify", "sig", "http"]`
+        logger category and returns `null`.
+     -  The `Federation.fetch()` method no longer throws a `TypeError`
+        when a given `Request` object's body is already consumed or locked.
+        Instead, it logs an error message to the `["fedify", "federation",
+        "inbox"]` logger category and responds with a `500 Internal Server
+        Error`.
+
+
 Version 1.0.8
 -------------
 
@@ -268,6 +344,86 @@ Released on September 26, 2024.
 [#137]: https://github.com/dahlia/fedify/issues/137
 
 
+Version 0.15.8
+--------------
+
+Released on November 159, 2024.
+
+ -  Fix a bug where `Actor`'s `inbox` and `outbox` properties had not been
+    able to be set to an `OrderedCollectionPage` object, even though it is
+    a subtype of `OrderedCollection` according to Activity Vocabulary
+    specification.  [[#165]]
+
+     -  The type of `Application()` constructor's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The type of `Application.clone()` method's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The return type of `Application.getInbox()` and
+        `Application.getOutbox()` methods is now `OrderedCollection |
+        OrderedCollectionPage | null` (was `OrderedCollection | null`).
+     -  The type of `Group()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Group.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Group.getInbox()` and `Group.getOutbox()` methods
+        is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+     -  The type of `Organization()` constructor's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The type of `Organization.clone()` method's `inbox` and `outbox` options
+        is now `OrderedCollection | OrderedCollectionPage | null | undefined`
+        (was `OrderedCollection | null | undefined`).
+     -  The return type of `Organization.getInbox()` and
+        `Organization.getOutbox()` methods is now `OrderedCollection |
+        OrderedCollectionPage | null` (was `OrderedCollection | null`).
+     -  The type of `Person()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Person.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Person.getInbox()` and `Person.getOutbox()` methods
+        is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+     -  The type of `Service()` constructor's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The type of `Service.clone()` method's `inbox` and `outbox` options is
+        now `OrderedCollection | OrderedCollectionPage | null | undefined` (was
+        `OrderedCollection | null | undefined`).
+     -  The return type of `Service.getInbox()` and `Service.getOutbox()`
+        methods is now `OrderedCollection | OrderedCollectionPage | null` (was
+        `OrderedCollection | null`).
+
+[#165]: https://github.com/dahlia/fedify/issues/165
+
+
+Version 0.15.7
+--------------
+
+Released on November 14, 2024.
+
+ -  Suppressed a `TypeError` with a message <q>unusable</q> due to Node.js's
+    mysterious behavior.  [[#159]]
+
+     -  The `verifyRequest()` function no longer throws a `TypeError`
+        when a given `Request` object's body is already consumed or locked.
+        Instead, it logs an error message to the `["fedify", "sig", "http"]`
+        logger category and returns `null`.
+     -  The `Federation.fetch()` method no longer throws a `TypeError`
+        when a given `Request` object's body is already consumed or locked.
+        Instead, it logs an error message to the `["fedify", "federation",
+        "inbox"]` logger category and responds with a `500 Internal Server
+        Error`.
+
+[#159]: https://github.com/dahlia/fedify/issues/159
+
+
 Version 0.15.6
 --------------
 

package/esm/federation/handler.js

@@ -1,6 +1,6 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
-import { accepts } from "../deps/jsr.io/@std/http/1.0.9/negotiation.js";
+import { accepts } from "../deps/jsr.io/@std/http/1.0.10/negotiation.js";
 import { verifyRequest } from "../sig/http.js";
 import { detachSignature, verifyJsonLd } from "../sig/ld.js";
 import { doesActorOwnKey } from "../sig/owner.js";
@@ -188,6 +188,20 @@ export async function handleInbox(request, { identifier, context, inboxContextFa
             return await onNotFound(request);
         }
     }
+    if (request.bodyUsed) {
+        logger.error("Request body has already been read.", { identifier });
+        return new Response("Internal server error.", {
+            status: 500,
+            headers: { "Content-Type": "text/plain; charset=utf-8" },
+        });
+    }
+    else if (request.body?.locked) {
+        logger.error("Request body is locked.", { identifier });
+        return new Response("Internal server error.", {
+            status: 500,
+            headers: { "Content-Type": "text/plain; charset=utf-8" },
+        });
+    }
     let json;
     try {
         json = await request.clone().json();

package/esm/runtime/key.js

@@ -1,6 +1,6 @@
 import * as dntShim from "../_dnt.shims.js";
 import { createPublicKey } from "node:crypto";
-import { concat } from "../deps/jsr.io/@std/bytes/1.0.3/concat.js";
+import { concat } from "../deps/jsr.io/@std/bytes/1.0.4/concat.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.5/base64.js";
 import { decodeBase64Url } from "../deps/jsr.io/@std/encoding/1.0.5/base64url.js";
 import { decodeHex } from "../deps/jsr.io/@std/encoding/1.0.5/hex.js";

package/esm/sig/http.js

@@ -1,6 +1,6 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
-import { equals } from "../deps/jsr.io/@std/bytes/1.0.3/mod.js";
+import { equals } from "../deps/jsr.io/@std/bytes/1.0.4/mod.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.5/base64.js";
 import { CryptographicKey } from "../vocab/vocab.js";
 import { fetchKey, validateCryptoKey } from "./key.js";
@@ -69,6 +69,14 @@ const supportedHashAlgorithms = {
  */
 export async function verifyRequest(request, { documentLoader, contextLoader, timeWindow, currentTime, keyCache } = {}) {
     const logger = getLogger(["fedify", "sig", "http"]);
+    if (request.bodyUsed) {
+        logger.error("Failed to verify; the request body is already consumed.", { url: request.url });
+        return null;
+    }
+    else if (request.body?.locked) {
+        logger.error("Failed to verify; the request body is locked.", { url: request.url });
+        return null;
+    }
     const originalRequest = request;
     request = request.clone();
     const dateHeader = request.headers.get("Date");

package/esm/testing/fixtures/example.com/orderedcollectionpage

@@ -0,0 +1,24 @@
+{
+  "@context": "https://www.w3.org/ns/activitystreams",
+  "id": "https://example.com/orderedcollectionpage",
+  "type": "OrderedCollectionPage",
+  "partOf": "https://example.com/orderedcollectionpage",
+  "totalItems": 1,
+  "orderedItems": [
+    {
+      "id": "https://example.com/activities/1",
+      "type": "Create",
+      "published": "2024-11-19T15:24:56Z",
+      "actor": "https://example.com/users/1",
+      "to": "https://www.w3.org/ns/activitystreams#Public",
+      "object": {
+        "id": "https://example.com/notes/1",
+        "type": "Note",
+        "content": "This is a simple note",
+        "attributedTo": "https://example.com/users/1",
+        "to": "https://www.w3.org/ns/activitystreams#Public",
+        "published": "2024-11-19T15:24:56Z"
+      }
+    }
+  ]
+}

package/esm/vocab/application.yaml

@@ -102,6 +102,7 @@ properties:
     and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: outbox
   functional: true
@@ -120,6 +121,7 @@ properties:
     implementing and deploying the server.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: following
   functional: true

package/esm/vocab/group.yaml

@@ -102,6 +102,7 @@ properties:
     and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: outbox
   functional: true
@@ -120,6 +121,7 @@ properties:
     implementing and deploying the server.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: following
   functional: true

package/esm/vocab/organization.yaml

@@ -102,6 +102,7 @@ properties:
     and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: outbox
   functional: true
@@ -120,6 +121,7 @@ properties:
     implementing and deploying the server.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: following
   functional: true

package/esm/vocab/person.yaml

@@ -102,6 +102,7 @@ properties:
     and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: outbox
   functional: true
@@ -120,6 +121,7 @@ properties:
     implementing and deploying the server.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: following
   functional: true

package/esm/vocab/service.yaml

@@ -102,6 +102,7 @@ properties:
     and dropping any activities already seen.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: outbox
   functional: true
@@ -120,6 +121,7 @@ properties:
     implementing and deploying the server.
   range:
   - "https://www.w3.org/ns/activitystreams#OrderedCollection"
+  - "https://www.w3.org/ns/activitystreams#OrderedCollectionPage"
 
 - singularName: following
   functional: true