@fedify/fedify 1.7.15 → 1.7.16

package/dist/middleware2.js

@@ -1,32 +1,17 @@
 
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
     
-import "./chunk.js";
-import { a as createFederation, i as KvSpecDeterminer, n as FederationImpl, r as InboxContextImpl, t as ContextImpl } from "./middleware.js";
+import "./transformers.js";
 import "./docloader.js";
-import "./url.js";
-import "./semver.js";
-import "./client.js";
-import "./router.js";
-import "./types.js";
-import "./multibase.js";
-import "./vocab.js";
-import "./langstr.js";
-import "./lookup.js";
 import "./actor.js";
+import { a as createFederation, i as KvSpecDeterminer, n as FederationImpl, r as InboxContextImpl, t as ContextImpl } from "./middleware.js";
+import "./lookup.js";
 import "./key2.js";
 import "./http.js";
-import "./authdocloader.js";
-import "./ld.js";
-import "./owner.js";
 import "./proof.js";
-import "./lookup2.js";
-import "./inbox.js";
-import "./builder.js";
-import "./collection.js";
-import "./keycache.js";
-import "./send.js";
+import "./types.js";
+import "./authdocloader.js";
+import "./vocab.js";
 
 export { FederationImpl };

package/dist/nodeinfo/client.test.js

@@ -3,18 +3,18 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "../chunk.js";
-import { t as assertEquals } from "../assert_equals.js";
-import "../docloader.js";
-import "../url.js";
-import "../semver.js";
-import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client.js";
-import { t as test } from "../testing.js";
-import "../std__assert.js";
-import "../assert_rejects.js";
-import "../assert_is_error.js";
-import "../assert_throws.js";
-import { t as esm_default } from "../esm.js";
+import "../chunk-DvTpRkcT.js";
+import { t as assertEquals } from "../assert_equals-Dy0MG_Zw.js";
+import "../docloader-I3SkMpZK.js";
+import "../url-BdNvnK9P.js";
+import "../semver-D9d-VO-_.js";
+import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client-CJ3nfMyp.js";
+import { t as test } from "../testing-qaAD4B0t.js";
+import "../std__assert-BdP_WkD-.js";
+import "../assert_rejects-Bkh5lA1a.js";
+import "../assert_is_error-CIYFACrT.js";
+import "../assert_throws-CmpfkWEM.js";
+import { t as esm_default } from "../esm-BRXvTSrx.js";
 
 //#region nodeinfo/client.test.ts
 test("getNodeInfo()", async (t) => {

package/dist/nodeinfo/handler.test.js

@@ -3,40 +3,40 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "../chunk.js";
-import { t as assertEquals } from "../assert_equals.js";
-import { t as MemoryKvStore } from "../kv.js";
-import { a as createFederation, h as handleNodeInfoJrd, m as handleNodeInfo } from "../middleware.js";
-import "../docloader.js";
-import "../url.js";
-import { n as parseSemVer } from "../semver.js";
-import "../client.js";
-import "../router.js";
-import "../types.js";
-import "../multibase.js";
-import "../vocab.js";
-import "../langstr.js";
-import "../lookup.js";
-import "../actor.js";
-import "../key2.js";
-import "../http.js";
-import "../authdocloader.js";
-import "../ld.js";
-import "../owner.js";
-import "../proof.js";
-import "../lookup2.js";
-import "../inbox.js";
-import "../builder.js";
-import "../collection.js";
-import "../keycache.js";
-import "../send.js";
-import { t as test } from "../testing.js";
-import "../std__assert.js";
-import "../assert_rejects.js";
-import "../assert_is_error.js";
-import "../assert_throws.js";
-import "../docloader2.js";
-import { n as createRequestContext } from "../context.js";
+import "../chunk-DvTpRkcT.js";
+import { t as assertEquals } from "../assert_equals-Dy0MG_Zw.js";
+import { t as MemoryKvStore } from "../kv-QeuZ51go.js";
+import { a as createFederation, h as handleNodeInfoJrd, m as handleNodeInfo } from "../middleware-Dvd4BUlF.js";
+import "../docloader-I3SkMpZK.js";
+import "../url-BdNvnK9P.js";
+import { n as parseSemVer } from "../semver-D9d-VO-_.js";
+import "../client-CJ3nfMyp.js";
+import "../router-BuDkN4RQ.js";
+import "../types-CB_2uuCA.js";
+import "../multibase-DBcKTV2a.js";
+import "../vocab-B8zleLsO.js";
+import "../langstr-pFHBDU4y.js";
+import "../lookup-CoCshjhM.js";
+import "../actor-BzWaWDTY.js";
+import "../key-Ba-IjS2c.js";
+import "../http-CiQH4CF3.js";
+import "../authdocloader-1vrHbYJF.js";
+import "../ld-Dm1tdWDX.js";
+import "../owner-BO3ZhyYg.js";
+import "../proof-Btlfk6hr.js";
+import "../lookup-BumKjgCt.js";
+import "../inbox-BqBPO0vG.js";
+import "../builder-8YjpOSrf.js";
+import "../collection-XNLQhehO.js";
+import "../keycache-BdgRTisV.js";
+import "../send-Dj-482tr.js";
+import { t as test } from "../testing-qaAD4B0t.js";
+import "../std__assert-BdP_WkD-.js";
+import "../assert_rejects-Bkh5lA1a.js";
+import "../assert_is_error-CIYFACrT.js";
+import "../assert_throws-CmpfkWEM.js";
+import "../docloader-BDSHZfTJ.js";
+import { n as createRequestContext } from "../context-OXYKUfFL.js";
 
 //#region nodeinfo/handler.test.ts
 test("handleNodeInfo()", async () => {

package/dist/nodeinfo/semver.test.js

@@ -3,14 +3,14 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "../chunk.js";
-import { t as assertEquals } from "../assert_equals.js";
-import { n as parseSemVer, t as formatSemVer } from "../semver.js";
-import { t as test } from "../testing.js";
-import "../std__assert.js";
-import "../assert_rejects.js";
-import "../assert_is_error.js";
-import { t as assertThrows } from "../assert_throws.js";
+import "../chunk-DvTpRkcT.js";
+import { t as assertEquals } from "../assert_equals-Dy0MG_Zw.js";
+import { n as parseSemVer, t as formatSemVer } from "../semver-D9d-VO-_.js";
+import { t as test } from "../testing-qaAD4B0t.js";
+import "../std__assert-BdP_WkD-.js";
+import "../assert_rejects-Bkh5lA1a.js";
+import "../assert_is_error-CIYFACrT.js";
+import { t as assertThrows } from "../assert_throws-CmpfkWEM.js";
 
 //#region nodeinfo/semver.test.ts
 test("parseSemVer() handles major", async (t) => {

package/dist/nodeinfo/types.test.js

@@ -3,15 +3,15 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "../chunk.js";
-import { t as assertEquals } from "../assert_equals.js";
-import "../semver.js";
-import { t as nodeInfoToJson } from "../types.js";
-import { t as test } from "../testing.js";
-import "../std__assert.js";
-import "../assert_rejects.js";
-import "../assert_is_error.js";
-import { t as assertThrows } from "../assert_throws.js";
+import "../chunk-DvTpRkcT.js";
+import { t as assertEquals } from "../assert_equals-Dy0MG_Zw.js";
+import "../semver-D9d-VO-_.js";
+import { t as nodeInfoToJson } from "../types-CB_2uuCA.js";
+import { t as test } from "../testing-qaAD4B0t.js";
+import "../std__assert-BdP_WkD-.js";
+import "../assert_rejects-Bkh5lA1a.js";
+import "../assert_is_error-CIYFACrT.js";
+import { t as assertThrows } from "../assert_throws-CmpfkWEM.js";
 
 //#region nodeinfo/types.test.ts
 test("nodeInfoToJson()", () => {

package/dist/{owner.js → owner-BO3ZhyYg.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { i as getDocumentLoader } from "./docloader.js";
-import { _ as Object$1, o as CryptographicKey } from "./vocab.js";
-import { i as isActor } from "./actor.js";
+import { i as getDocumentLoader } from "./docloader-I3SkMpZK.js";
+import { _ as Object$1, o as CryptographicKey } from "./vocab-B8zleLsO.js";
+import { i as isActor } from "./actor-BzWaWDTY.js";
 import { trace } from "@opentelemetry/api";
 
 //#region sig/owner.ts

package/dist/proof-Btlfk6hr.js

@@ -0,0 +1,255 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { d as version, u as name } from "./docloader-I3SkMpZK.js";
+import { h as Multikey, s as DataIntegrityProof, t as Activity } from "./vocab-B8zleLsO.js";
+import { t as getTypeId } from "./type-DFsmi-p1.js";
+import { a as validateCryptoKey, n as fetchKey } from "./key-Ba-IjS2c.js";
+import { getLogger } from "@logtape/logtape";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
+import { encodeHex } from "byte-encodings/hex";
+import serialize from "json-canon";
+
+//#region sig/proof.ts
+const logger = getLogger([
+	"fedify",
+	"sig",
+	"proof"
+]);
+/**
+* Creates a proof for the given object.
+* @param object The object to create a proof for.
+* @param privateKey The private key to sign the proof with.
+* @param keyId The key ID to use in the proof. It will be used by the verifier.
+* @param options Additional options.  See also {@link CreateProofOptions}.
+* @returns The created proof.
+* @throws {TypeError} If the private key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function createProof(object, privateKey, keyId, { contextLoader, context: context$1, created } = {}) {
+	validateCryptoKey(privateKey, "private");
+	if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
+	const compactMsg = await object.clone({ proofs: [] }).toJsonLd({
+		format: "compact",
+		contextLoader,
+		context: context$1
+	});
+	const msgCanon = serialize(compactMsg);
+	const encoder = new TextEncoder();
+	const msgBytes = encoder.encode(msgCanon);
+	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+	created ??= Temporal.Now.instant();
+	const proofCanon = serialize({
+		"@context": compactMsg["@context"],
+		type: "DataIntegrityProof",
+		cryptosuite: "eddsa-jcs-2022",
+		verificationMethod: keyId.href,
+		proofPurpose: "assertionMethod",
+		created: created.toString()
+	});
+	const proofBytes = encoder.encode(proofCanon);
+	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
+	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
+	digest.set(new Uint8Array(proofDigest), 0);
+	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	const sig = await crypto.subtle.sign("Ed25519", privateKey, digest);
+	return new DataIntegrityProof({
+		cryptosuite: "eddsa-jcs-2022",
+		verificationMethod: keyId,
+		proofPurpose: "assertionMethod",
+		created: created ?? Temporal.Now.instant(),
+		proofValue: new Uint8Array(sig)
+	});
+}
+/**
+* Signs the given object with the private key and returns the signed object.
+* @param object The object to create a proof for.
+* @param privateKey The private key to sign the proof with.
+* @param keyId The key ID to use in the proof. It will be used by the verifier.
+* @param options Additional options.  See also {@link SignObjectOptions}.
+* @returns The signed object.
+* @throws {TypeError} If the private key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function signObject(object, privateKey, keyId, options = {}) {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("object_integrity_proofs.sign", { attributes: { "activitypub.object.type": getTypeId(object).href } }, async (span) => {
+		try {
+			if (object.id != null) span.setAttribute("activitypub.object.id", object.id.href);
+			const existingProofs = [];
+			for await (const proof$1 of object.getProofs(options)) existingProofs.push(proof$1);
+			const proof = await createProof(object, privateKey, keyId, options);
+			if (span.isRecording()) {
+				if (proof.cryptosuite != null) span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite);
+				if (proof.verificationMethodId != null) span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href);
+				if (proof.proofValue != null) span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue));
+			}
+			return object.clone({ proofs: [...existingProofs, proof] });
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+/**
+* Verifies the given proof for the object.
+* @param jsonLd The JSON-LD object to verify the proof for.  If it contains
+*               any proofs, they will be ignored.
+* @param proof The proof to verify.
+* @param options Additional options.  See also {@link VerifyProofOptions}.
+* @returns The public key that was used to sign the proof, or `null` if the
+*          proof is invalid.
+* @since 0.10.0
+*/
+async function verifyProof(jsonLd, proof, options = {}) {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("object_integrity_proofs.verify", async (span) => {
+		if (span.isRecording()) {
+			if (proof.cryptosuite != null) span.setAttribute("object_integrity_proofs.cryptosuite", proof.cryptosuite);
+			if (proof.verificationMethodId != null) span.setAttribute("object_integrity_proofs.key_id", proof.verificationMethodId.href);
+			if (proof.proofValue != null) span.setAttribute("object_integrity_proofs.signature", encodeHex(proof.proofValue));
+		}
+		try {
+			const key = await verifyProofInternal(jsonLd, proof, options);
+			if (key == null) span.setStatus({ code: SpanStatusCode.ERROR });
+			return key;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function verifyProofInternal(jsonLd, proof, options) {
+	if (typeof jsonLd !== "object" || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
+	const publicKeyPromise = fetchKey(proof.verificationMethodId, Multikey, options);
+	const proofCanon = serialize({
+		"@context": jsonLd["@context"],
+		type: "DataIntegrityProof",
+		cryptosuite: proof.cryptosuite,
+		verificationMethod: proof.verificationMethodId.href,
+		proofPurpose: proof.proofPurpose,
+		created: proof.created.toString()
+	});
+	const encoder = new TextEncoder();
+	const proofBytes = encoder.encode(proofCanon);
+	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
+	const msg = { ...jsonLd };
+	if ("proof" in msg) delete msg.proof;
+	const msgCanon = serialize(msg);
+	const msgBytes = encoder.encode(msgCanon);
+	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
+	digest.set(new Uint8Array(proofDigest), 0);
+	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	let fetchedKey;
+	try {
+		fetchedKey = await publicKeyPromise;
+	} catch (error) {
+		logger.debug("Failed to get the key (verificationMethod) for the proof:\n{proof}", {
+			proof,
+			keyId: proof.verificationMethodId.href,
+			error
+		});
+		return null;
+	}
+	const publicKey = fetchedKey.key;
+	if (publicKey == null) {
+		logger.debug("Failed to get the key (verificationMethod) for the proof:\n{proof}", {
+			proof,
+			keyId: proof.verificationMethodId.href
+		});
+		return null;
+	}
+	if (publicKey.publicKey.algorithm.name !== "Ed25519") {
+		if (fetchedKey.cached) {
+			logger.debug("The cached key (verificationMethod) for the proof is not a valid Ed25519 key:\n{keyId}; retrying with the freshly fetched key...", {
+				proof,
+				keyId: proof.verificationMethodId.href
+			});
+			return await verifyProof(jsonLd, proof, {
+				...options,
+				keyCache: {
+					get: () => Promise.resolve(null),
+					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+				}
+			});
+		}
+		logger.debug("The fetched key (verificationMethod) for the proof is not a valid Ed25519 key:\n{keyId}", {
+			proof,
+			keyId: proof.verificationMethodId.href
+		});
+		return null;
+	}
+	if (!await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) {
+		if (fetchedKey.cached) {
+			logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
+				keyId: proof.verificationMethodId.href,
+				proof
+			});
+			return await verifyProof(jsonLd, proof, {
+				...options,
+				keyCache: {
+					get: () => Promise.resolve(void 0),
+					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+				}
+			});
+		}
+		logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+			keyId: proof.verificationMethodId.href,
+			proof
+		});
+		return null;
+	}
+	return publicKey;
+}
+/**
+* Verifies the given object.  It will verify all the proofs in the object,
+* and succeed only if all the proofs are valid and all attributions and
+* actors are authenticated by the proofs.
+* @typeParam T The type of the object to verify.
+* @param cls The class of the object to verify.  It must be a subclass of
+*            the {@link Object}.
+* @param jsonLd The JSON-LD object to verify.  It's assumed that the object
+*               is a compacted JSON-LD representation of a `T` with `@context`.
+* @param options Additional options.  See also {@link VerifyObjectOptions}.
+* @returns The object if it's verified, or `null` if it's not.
+* @throws {TypeError} If the object is invalid or unsupported.
+* @since 0.10.0
+*/
+async function verifyObject(cls, jsonLd, options = {}) {
+	const logger$1 = getLogger([
+		"fedify",
+		"sig",
+		"proof"
+	]);
+	const object = await cls.fromJsonLd(jsonLd, options);
+	const attributions = new Set(object.attributionIds.map((uri) => uri.href));
+	if (object instanceof Activity) for (const uri of object.actorIds) attributions.add(uri.href);
+	for await (const proof of object.getProofs(options)) {
+		const key = await verifyProof(jsonLd, proof, options);
+		if (key === null) return null;
+		if (key.controllerId == null) {
+			logger$1.debug("Key {keyId} does not have a controller.", { keyId: key.id?.href });
+			continue;
+		}
+		attributions.delete(key.controllerId.href);
+	}
+	if (attributions.size > 0) {
+		logger$1.debug("Some attributions are not authenticated by the proofs: {attributions}.", { attributions: [...attributions] });
+		return null;
+	}
+	return object;
+}
+
+//#endregion
+export { verifyProof as i, signObject as n, verifyObject as r, createProof as t };