@fedify/fedify 1.5.6 → 1.5.8

package/CHANGES.md

@@ -3,6 +3,30 @@
 Fedify changelog
 ================
 
+Version 1.5.8
+-------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+
+Version 1.5.7
+-------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.5.6
 -------------
 
@@ -201,6 +225,30 @@ Released on March 28, 2025.
 [multibase]: https://github.com/multiformats/js-multibase
 
 
+Version 1.4.16
+--------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+
+Version 1.4.15
+--------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.4.14
 --------------
 
@@ -474,6 +522,30 @@ Released on February 5, 2025.
 [#195]: https://github.com/fedify-dev/fedify/issues/195
 
 
+Version 1.3.23
+--------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+
+Version 1.3.22
+--------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.3.21
 --------------
 
@@ -865,6 +937,30 @@ Released on November 30, 2024.
 [#193]: https://github.com/fedify-dev/fedify/issues/193
 
 
+Version 1.2.26
+--------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+
+Version 1.2.25
+--------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.2.24
 --------------
 
@@ -1289,6 +1385,30 @@ Released on October 31, 2024.
 [#118]: https://github.com/fedify-dev/fedify/issues/118
 
 
+Version 1.1.26
+--------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+
+Version 1.1.25
+--------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.1.24
 --------------
 
@@ -1754,6 +1874,32 @@ Released on October 20, 2024.
 [#150]: https://github.com/fedify-dev/fedify/issues/150
 
 
+Version 1.0.29
+--------------
+
+Released on September 17, 2025.
+
+ -  Added a temporary workaround for invalid AT Protocol URIs from BridgyFed.
+    URIs like `at://did:plc:...` that violate RFC 3986 URI syntax are now
+    automatically URL-encoded to `at://did%3Aplc%3A...` to prevent parsing
+    failures when processing bridged Bluesky content.  [[#436]]
+
+[#436]: https://github.com/fedify-dev/fedify/issues/436
+
+
+Version 1.0.28
+--------------
+
+Released on August 25, 2025.
+
+ -  Fixed a bug where `verifyRequest()` function threw a `TypeError` when
+    verifying HTTP Signatures with `created` or `expires` fields in
+    the `Signature` header as defined in draft-cavage-http-signatures-12,
+    causing `500 Internal Server Error` responses in inbox handlers.
+    Now it correctly handles these fields as unquoted integers according
+    to the specification.
+
+
 Version 1.0.27
 --------------
 

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "@fedify/fedify",
-    "version": "1.5.6",
+    "version": "1.5.8",
     "license": "MIT",
     "exports": {
         ".": "./mod.ts",

package/esm/runtime/key.js

@@ -94,11 +94,14 @@ export async function importMultibaseKey(key) {
             format: "der",
             type: "pkcs1",
         });
-        const spki = keyObject.export({ type: "spki", format: "der" }).buffer;
+        const exported = keyObject.export({ type: "spki", format: "der" }).buffer;
+        const spki = exported instanceof Uint8Array
+            ? exported
+            : new Uint8Array(exported);
         return await dntShim.crypto.subtle.importKey("spki", new Uint8Array(spki), { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, true, ["verify"]);
     }
     else if (code === 0xed) { // ed25519-pub
-        return await dntShim.crypto.subtle.importKey("raw", content, "Ed25519", true, ["verify"]);
+        return await dntShim.crypto.subtle.importKey("raw", content.slice(), "Ed25519", true, ["verify"]);
     }
     else {
         throw new TypeError("Unsupported key type: 0x" + code.toString(16));

package/esm/sig/http.js

@@ -221,7 +221,7 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
             return null;
         }
     }
-    const sigValues = Object.fromEntries(sigHeader.split(",").map((pair) => pair.match(/^\s*([A-Za-z]+)="([^"]*)"\s*$/)).filter((m) => m != null).map((m) => m.slice(1, 3)));
+    const sigValues = Object.fromEntries(sigHeader.split(",").map((pair) => pair.match(/^\s*([A-Za-z]+)=(?:"([^"]*)"|(\d+))\s*$/)).filter((m) => m != null).map((m) => [m[1], m[2] ?? m[3]]));
     if (!("keyId" in sigValues)) {
         logger.debug("Failed to verify; no keyId field found in the Signature header.", { signature: sigHeader });
         return null;
@@ -234,6 +234,41 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
         logger.debug("Failed to verify; no signature field found in the Signature header.", { signature: sigHeader });
         return null;
     }
+    if ("expires" in sigValues) {
+        const expiresSeconds = parseInt(sigValues.expires);
+        if (!Number.isInteger(expiresSeconds)) {
+            logger.debug("Failed to verify; invalid expires field in the Signature header: {expires}.", { expires: sigValues.expires, signature: sigHeader });
+            return null;
+        }
+        const expires = dntShim.Temporal.Instant.fromEpochMilliseconds(expiresSeconds * 1000);
+        if (dntShim.Temporal.Instant.compare(now, expires) > 0) {
+            logger.debug("Failed to verify; signature expired at {expires} (now: {now}).", {
+                expires: expires.toString(),
+                now: now.toString(),
+                signature: sigHeader,
+            });
+            return null;
+        }
+    }
+    if ("created" in sigValues) {
+        const createdSeconds = parseInt(sigValues.created);
+        if (!Number.isInteger(createdSeconds)) {
+            logger.debug("Failed to verify; invalid created field in the Signature header: {created}.", { created: sigValues.created, signature: sigHeader });
+            return null;
+        }
+        if (timeWindow !== false) {
+            const created = dntShim.Temporal.Instant.fromEpochMilliseconds(createdSeconds * 1000);
+            const tw = timeWindow ?? { minutes: 1 };
+            if (dntShim.Temporal.Instant.compare(created, now.add(tw)) > 0) {
+                logger.debug("Failed to verify; created is too far in the future.", { created: created.toString(), now: now.toString() });
+                return null;
+            }
+            else if (dntShim.Temporal.Instant.compare(created, now.subtract(tw)) < 0) {
+                logger.debug("Failed to verify; created is too far in the past.", { created: created.toString(), now: now.toString() });
+                return null;
+            }
+        }
+    }
     const { keyId, headers, signature } = sigValues;
     span?.setAttribute("http_signatures.key_id", keyId);
     if ("algorithm" in sigValues) {
@@ -259,11 +294,15 @@ async function verifyRequestInternal(request, span, { documentLoader, contextLoa
         return null;
     }
     const message = headerNames.map((name) => `${name}: ` +
-        (name == "(request-target)"
+        (name === "(request-target)"
             ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}`
-            : name == "host"
-                ? request.headers.get("host") ?? new URL(request.url).host
-                : request.headers.get(name))).join("\n");
+            : name === "(created)"
+                ? (sigValues.created ?? "")
+                : name === "(expires)"
+                    ? (sigValues.expires ?? "")
+                    : name === "host"
+                        ? request.headers.get("host") ?? new URL(request.url).host
+                        : request.headers.get(name))).join("\n");
     const sig = decodeBase64(signature);
     span?.setAttribute("http_signatures.signature", encodeHex(sig));
     // TODO: support other than RSASSA-PKCS1-v1_5:

package/esm/sig/ld.js

@@ -184,7 +184,7 @@ export async function verifySignature(jsonLd, options = {}) {
     const encoder = new TextEncoder();
     const message = sigOptsHash + docHash;
     const messageBytes = encoder.encode(message);
-    const verified = await dntShim.crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature, messageBytes);
+    const verified = await dntShim.crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes);
     if (verified)
         return key;
     if (cached) {
@@ -200,7 +200,7 @@ export async function verifySignature(jsonLd, options = {}) {
         });
         if (key == null)
             return null;
-        const verified = await dntShim.crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature, messageBytes);
+        const verified = await dntShim.crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes);
         return verified ? key : null;
     }
     logger.debug("Failed to verify with the fetched key {keyId}; " +

package/esm/sig/proof.js

@@ -209,7 +209,7 @@ async function verifyProofInternal(jsonLd, proof, options) {
             "Ed25519 key:\n{keyId}", { proof, keyId: proof.verificationMethodId.href });
         return null;
     }
-    const verified = await dntShim.crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue, digest);
+    const verified = await dntShim.crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest);
     if (!verified) {
         if (fetchedKey.cached) {
             logger.debug("Failed to verify the proof with the cached key {keyId}; retrying " +

package/esm/testing/fixtures/oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd

@@ -0,0 +1,24 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1"
+  ],
+  "id": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd",
+  "type": "Person",
+  "preferredUsername": "hongminhee",
+  "name": "洪兔",
+  "inbox": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd/inbox",
+  "outbox": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd/outbox",
+  "publicKey": {
+    "id": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd#main-key",
+    "owner": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd",
+    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowJfOzpA/nAYyL0bVDTm\niCAOlhFCIBnqwk1jvGrbkDhMzxlsgyoDqUSlmcJdKaPwu24YdFajDtJIgto27Ju7\nIC3hB7OFchnZ4JZrdYFo7CJABOzK58o12sdmmkCdY5hXWf1604E+mzyIdBAJ1FFJ\nL8vP07VEUsZ7yo9x0iVNg7HpCOK+y6BqI2GHS2dq9qkqQEIhC2TKHXn/RQVXwYB6\nG+YQmVUtcsbCVKdcWyTKhItLRGnepu3BqBSbieLxV27B1O9NFSoPu8xiBUnYwMoe\nsUQCE5tGcqxc75HzcVCbq7PqVqHZ1NW9RYssaSUqi4FYcjXxQrR08DrAl8rR4eXT\n4QIDAQAB\n-----END PUBLIC KEY-----\n"
+  },
+  "endpoints": {
+    "type": "as:Endpoints",
+    "sharedInbox": "https://oeee.cafe/inbox"
+  },
+  "followers": "https://oeee.cafe/ap/users/3609fd4e-d51d-4db8-9f04-4189815864dd/followers",
+  "manuallyApprovesFollowers": false,
+  "url": "https://oeee.cafe/@hongminhee"
+}