@fedify/fedify 1.7.15 → 1.7.16

package/dist/http.js

@@ -1,16 +1,15 @@
 
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
     
-import { d as version, u as name } from "./docloader.js";
-import { o as CryptographicKey } from "./vocab.js";
+import { d as name, f as version } from "./docloader.js";
+import { y as CryptographicKey } from "./actor.js";
 import { a as validateCryptoKey, n as fetchKey } from "./key2.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
-import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
 import { encodeHex } from "byte-encodings/hex";
+import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { Item, decodeDict, encodeItem } from "structured-field-values";
 
 //#region sig/http.ts
@@ -786,4 +785,4 @@ function timingSafeEqual(a, b) {
 }
 
 //#endregion
-export { parseRfc9421Signature as a, timingSafeEqual as c, formatRfc9421SignatureParameters as i, verifyRequest as l, doubleKnock as n, parseRfc9421SignatureInput as o, formatRfc9421Signature as r, signRequest as s, createRfc9421SignatureBase as t };
+export { signRequest as n, verifyRequest as r, doubleKnock as t };

package/dist/{inbox.js → inbox-BqBPO0vG.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { d as version, u as name } from "./docloader.js";
-import { t as Activity } from "./vocab.js";
-import { t as getTypeId } from "./type.js";
+import { d as version, u as name } from "./docloader-I3SkMpZK.js";
+import { t as Activity } from "./vocab-B8zleLsO.js";
+import { t as getTypeId } from "./type-DFsmi-p1.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 

package/dist/key-Ba-IjS2c.js

@@ -0,0 +1,259 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { d as version, i as getDocumentLoader, u as name } from "./docloader-I3SkMpZK.js";
+import { _ as Object$1, o as CryptographicKey } from "./vocab-B8zleLsO.js";
+import { i as isActor } from "./actor-BzWaWDTY.js";
+import { getLogger } from "@logtape/logtape";
+import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
+
+//#region sig/key.ts
+/**
+* Checks if the given key is valid and supported.  No-op if the key is valid,
+* otherwise throws an error.
+* @param key The key to check.
+* @param type Which type of key to check.  If not specified, the key can be
+*             either public or private.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		if (key.algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+/**
+* Generates a key pair which is appropriate for Fedify.
+* @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
+*                  Ed25519 are supported.
+* @returns The generated key pair.
+* @throws {TypeError} If the algorithm is unsupported.
+*/
+function generateCryptoKeyPair(algorithm) {
+	if (algorithm == null) getLogger([
+		"fedify",
+		"sig",
+		"key"
+	]).warn("No algorithm specified.  Using RSASSA-PKCS1-v1_5 by default, but it is recommended to specify the algorithm explicitly as the parameter will be required in the future.");
+	if (algorithm == null || algorithm === "RSASSA-PKCS1-v1_5") return crypto.subtle.generateKey({
+		name: "RSASSA-PKCS1-v1_5",
+		modulusLength: 4096,
+		publicExponent: new Uint8Array([
+			1,
+			0,
+			1
+		]),
+		hash: "SHA-256"
+	}, true, ["sign", "verify"]);
+	else if (algorithm === "Ed25519") return crypto.subtle.generateKey("Ed25519", true, ["sign", "verify"]);
+	throw new TypeError("Unsupported algorithm: " + algorithm);
+}
+/**
+* Exports a key in JWK format.
+* @param key The key to export.  Either public or private key.
+* @returns The exported key in JWK format.  The key is suitable for
+*          serialization and storage.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+/**
+* Imports a key from JWK format.
+* @param jwk The key in JWK format.
+* @param type Which type of key to import, either `"public"` or `"private"`.
+* @returns The imported key.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+/**
+* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
+* If the given URL contains an {@link Actor} object, it tries to find
+* the corresponding key in the `publicKey` or `assertionMethod` property.
+* @typeParam T The type of the key to fetch.  Either {@link CryptographicKey}
+*              or {@link Multikey}.
+* @param keyId The URL of the key.
+* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
+*            or {@link Multikey}.
+* @param options Options for fetching the key.  See {@link FetchKeyOptions}.
+* @returns The fetched key or `null` if the key is not found.
+* @since 1.3.0
+*/
+function fetchKey(keyId, cls, options = {}) {
+	const tracer = (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version);
+	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
+	return tracer.startActiveSpan("activitypub.fetch_key", {
+		kind: SpanKind.CLIENT,
+		attributes: {
+			"http.method": "GET",
+			"url.full": keyId.href,
+			"url.scheme": keyId.protocol.replace(/:$/, ""),
+			"url.domain": keyId.hostname,
+			"url.path": keyId.pathname,
+			"url.query": keyId.search.replace(/^\?/, ""),
+			"url.fragment": keyId.hash.replace(/^#/, "")
+		}
+	}, async (span) => {
+		try {
+			const result = await fetchKeyInternal(keyId, cls, options);
+			span.setAttribute("activitypub.actor.key.cached", result.cached);
+			return result;
+		} catch (e) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, keyCache, tracerProvider } = {}) {
+	const logger = getLogger([
+		"fedify",
+		"sig",
+		"key"
+	]);
+	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
+	keyId = typeof keyId === "string" ? keyId : keyId.href;
+	if (keyCache != null) {
+		const cachedKey = await keyCache.get(cacheKey);
+		if (cachedKey instanceof cls && cachedKey.publicKey != null) {
+			logger.debug("Key {keyId} found in cache.", { keyId });
+			return {
+				key: cachedKey,
+				cached: true
+			};
+		} else if (cachedKey === null) {
+			logger.debug("Entry {keyId} found in cache, but it is unavailable.", { keyId });
+			return {
+				key: null,
+				cached: true
+			};
+		}
+	}
+	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
+	let document;
+	try {
+		document = (await (documentLoader ?? getDocumentLoader())(keyId)).document;
+	} catch (_) {
+		logger.debug("Failed to fetch key {keyId}.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	let object;
+	try {
+		object = await Object$1.fromJsonLd(document, {
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		});
+	} catch (e) {
+		if (!(e instanceof TypeError)) throw e;
+		try {
+			object = await cls.fromJsonLd(document, {
+				documentLoader,
+				contextLoader,
+				tracerProvider
+			});
+		} catch (e$1) {
+			if (e$1 instanceof TypeError) {
+				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+				await keyCache?.set(cacheKey, null);
+				return {
+					key: null,
+					cached: false
+				};
+			}
+			throw e$1;
+		}
+	}
+	let key = null;
+	if (object instanceof cls) key = object;
+	else if (isActor(object)) {
+		const keys = cls === CryptographicKey ? object.getPublicKeys({
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		}) : object.getAssertionMethods({
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		});
+		let length = 0;
+		let lastKey = null;
+		for await (const k of keys) {
+			length++;
+			lastKey = k;
+			if (k.id?.href === keyId) {
+				key = k;
+				break;
+			}
+		}
+		const keyIdUrl = new URL(keyId);
+		if (key == null && keyIdUrl.hash === "" && length === 1) key = lastKey;
+		if (key == null) {
+			logger.debug("Failed to verify; object {keyId} returned an {actorType}, but has no key matching {keyId}.", {
+				keyId,
+				actorType: object.constructor.name
+			});
+			await keyCache?.set(cacheKey, null);
+			return {
+				key: null,
+				cached: false
+			};
+		}
+	} else {
+		logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	if (key.publicKey == null) {
+		logger.debug("Failed to verify; key {keyId} has no publicKeyPem field.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	if (keyCache != null) {
+		await keyCache.set(cacheKey, key);
+		logger.debug("Key {keyId} cached.", { keyId });
+	}
+	return {
+		key,
+		cached: false
+	};
+}
+
+//#endregion
+export { validateCryptoKey as a, importJwk as i, fetchKey as n, generateCryptoKeyPair as r, exportJwk as t };

package/dist/key-CdNa4Um6.js

@@ -0,0 +1,16 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import "./chunk-DvTpRkcT.js";
+import "./docloader-I3SkMpZK.js";
+import "./url-BdNvnK9P.js";
+import "./multibase-DBcKTV2a.js";
+import "./vocab-B8zleLsO.js";
+import "./langstr-pFHBDU4y.js";
+import "./lookup-CoCshjhM.js";
+import "./actor-BzWaWDTY.js";
+import { a as validateCryptoKey, i as importJwk, n as fetchKey, r as generateCryptoKeyPair, t as exportJwk } from "./key-Ba-IjS2c.js";
+
+export { validateCryptoKey };

package/dist/key.js

@@ -1,16 +1,10 @@
 
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
     
-import "./chunk.js";
 import "./docloader.js";
-import "./url.js";
-import "./multibase.js";
-import "./vocab.js";
-import "./langstr.js";
-import "./lookup.js";
 import "./actor.js";
+import "./lookup.js";
 import { a as validateCryptoKey, i as importJwk, n as fetchKey, r as generateCryptoKeyPair, t as exportJwk } from "./key2.js";
 
 export { validateCryptoKey };

package/dist/key2.js

@@ -1,11 +1,9 @@
 
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
     
-import { d as version, i as getDocumentLoader, u as name } from "./docloader.js";
-import { _ as Object$1, o as CryptographicKey } from "./vocab.js";
-import { i as isActor } from "./actor.js";
+import { d as name, f as version, i as getDocumentLoader } from "./docloader.js";
+import { i as isActor, q as Object$1, y as CryptographicKey } from "./actor.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 

package/dist/{keycache.js → keycache-BdgRTisV.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { h as Multikey, o as CryptographicKey } from "./vocab.js";
+import { h as Multikey, o as CryptographicKey } from "./vocab-B8zleLsO.js";
 
 //#region federation/keycache.ts
 var KvKeyCache = class {

package/dist/{keys.js → keys-CLFIvF3E.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { P as importSpki, h as Multikey, o as CryptographicKey } from "./vocab.js";
+import { P as importSpki, h as Multikey, o as CryptographicKey } from "./vocab-B8zleLsO.js";
 
 //#region testing/keys.ts
 const rsaPublicKey1 = new CryptographicKey({

package/dist/{ld.js → ld-Dm1tdWDX.js}

@@ -3,10 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { d as version, i as getDocumentLoader, u as name } from "./docloader.js";
-import { _ as Object$1, o as CryptographicKey, t as Activity } from "./vocab.js";
-import { t as getTypeId } from "./type.js";
-import { a as validateCryptoKey, n as fetchKey } from "./key2.js";
+import { d as version, i as getDocumentLoader, u as name } from "./docloader-I3SkMpZK.js";
+import { _ as Object$1, o as CryptographicKey, t as Activity } from "./vocab-B8zleLsO.js";
+import { t as getTypeId } from "./type-DFsmi-p1.js";
+import { a as validateCryptoKey, n as fetchKey } from "./key-Ba-IjS2c.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";

package/dist/{lookup2.js → lookup-BumKjgCt.js}

@@ -3,10 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { d as version, i as getDocumentLoader, u as name } from "./docloader.js";
-import { _ as Object$1 } from "./vocab.js";
-import { t as lookupWebFinger } from "./lookup.js";
-import { t as getTypeId } from "./type.js";
+import { d as version, i as getDocumentLoader, u as name } from "./docloader-I3SkMpZK.js";
+import { _ as Object$1 } from "./vocab-B8zleLsO.js";
+import { t as lookupWebFinger } from "./lookup-CoCshjhM.js";
+import { t as getTypeId } from "./type-DFsmi-p1.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { delay } from "@es-toolkit/es-toolkit";

package/dist/lookup-CoCshjhM.js

@@ -0,0 +1,129 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { d as version, o as getUserAgent, u as name } from "./docloader-I3SkMpZK.js";
+import { a as validatePublicUrl, t as UrlError } from "./url-BdNvnK9P.js";
+import { getLogger } from "@logtape/logtape";
+import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
+
+//#region webfinger/lookup.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"lookup"
+]);
+const MAX_REDIRECTION = 5;
+/**
+* Looks up a WebFinger resource.
+* @param resource The resource URL to look up.
+* @param options Extra options for looking up the resource.
+* @returns The resource descriptor, or `null` if not found.
+* @since 0.2.0
+*/
+async function lookupWebFinger(resource, options = {}) {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("webfinger.lookup", {
+		kind: SpanKind.CLIENT,
+		attributes: {
+			"webfinger.resource": resource.toString(),
+			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
+		}
+	}, async (span) => {
+		try {
+			const result = await lookupWebFingerInternal(resource, options);
+			span.setStatus({ code: result === null ? SpanStatusCode.ERROR : SpanStatusCode.OK });
+			return result;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function lookupWebFingerInternal(resource, options = {}) {
+	if (typeof resource === "string") resource = new URL(resource);
+	let protocol = "https:";
+	let server;
+	if (resource.protocol === "acct:") {
+		const atPos = resource.pathname.lastIndexOf("@");
+		if (atPos < 0) return null;
+		server = resource.pathname.substring(atPos + 1);
+		if (server === "") return null;
+	} else {
+		protocol = resource.protocol;
+		server = resource.host;
+	}
+	let url = new URL(`${protocol}//${server}/.well-known/webfinger`);
+	url.searchParams.set("resource", resource.href);
+	let redirected = 0;
+	while (true) {
+		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
+		let response;
+		if (options.allowPrivateAddress !== true) try {
+			await validatePublicUrl(url.href);
+		} catch (e) {
+			if (e instanceof UrlError) {
+				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+		try {
+			response = await fetch(url, {
+				headers: {
+					Accept: "application/jrd+json",
+					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : getUserAgent(options.userAgent)
+				},
+				redirect: "manual"
+			});
+		} catch (error) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {error}", {
+				url: url.href,
+				error
+			});
+			return null;
+		}
+		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
+			redirected++;
+			if (redirected >= MAX_REDIRECTION) {
+				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
+				return null;
+			}
+			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
+			if (redirectedUrl.protocol !== url.protocol) {
+				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
+					protocol: url.protocol,
+					redirectedProtocol: redirectedUrl.protocol
+				});
+				return null;
+			}
+			url = redirectedUrl;
+			continue;
+		}
+		if (!response.ok) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {status} {statusText}.", {
+				url: url.href,
+				status: response.status,
+				statusText: response.statusText
+			});
+			return null;
+		}
+		try {
+			return await response.json();
+		} catch (e) {
+			if (e instanceof SyntaxError) {
+				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+	}
+}
+
+//#endregion
+export { lookupWebFinger as t };

package/dist/lookup.js

@@ -1,10 +1,8 @@
 
       import { Temporal } from "@js-temporal/polyfill";
       import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
     
-import { d as version, o as getUserAgent, u as name } from "./docloader.js";
-import { a as validatePublicUrl, t as UrlError } from "./url.js";
+import { d as name, f as version, l as UrlError, o as getUserAgent, u as validatePublicUrl } from "./docloader.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";