@fedify/fedify 2.0.0-dev.1485 → 2.0.0-dev.150

package/dist/kv-cache-DhRe6qxQ.js

@@ -0,0 +1,122 @@
+
+          import { Temporal } from "@js-temporal/polyfill";
+          import { URLPattern } from "urlpattern-polyfill";
+        
+import { doubleKnock, validateCryptoKey } from "./http-B1d-Jhbj.js";
+import { getLogger } from "@logtape/logtape";
+import { UrlError, createActivityPubRequest, getDocumentLoader, getRemoteDocument, logRequest, preloadedContexts, validatePublicUrl } from "@fedify/vocab-runtime";
+import { curry } from "es-toolkit";
+
+//#region src/utils/docloader.ts
+const logger$1 = getLogger([
+	"fedify",
+	"utils",
+	"docloader"
+]);
+/**
+* Gets an authenticated {@link DocumentLoader} for the given identity.
+* Note that an authenticated document loader intentionally does not cache
+* the fetched documents.
+* @param identity The identity to get the document loader for.
+*                 The actor's key pair.
+* @param options The options for the document loader.
+* @returns The authenticated document loader.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.4.0
+*/
+function getAuthenticatedDocumentLoader(identity, { allowPrivateAddress, userAgent, specDeterminer, tracerProvider } = {}) {
+	validateCryptoKey(identity.privateKey);
+	async function load(url, options) {
+		if (!allowPrivateAddress) try {
+			await validatePublicUrl(url);
+		} catch (error) {
+			if (error instanceof UrlError) logger$1.error("Disallowed private URL: {url}", {
+				url,
+				error
+			});
+			throw error;
+		}
+		const originalRequest = createActivityPubRequest(url, { userAgent });
+		const response = await doubleKnock(originalRequest, identity, {
+			specDeterminer,
+			log: curry(logRequest)(logger$1),
+			tracerProvider,
+			signal: options?.signal
+		});
+		return getRemoteDocument(url, response, load);
+	}
+	return load;
+}
+const _fetchDocumentLoader = getDocumentLoader();
+const _fetchDocumentLoader_allowPrivateAddress = getDocumentLoader({ allowPrivateAddress: true });
+
+//#endregion
+//#region src/utils/kv-cache.ts
+const logger = getLogger([
+	"fedify",
+	"utils",
+	"kv-cache"
+]);
+/**
+* Decorates a {@link DocumentLoader} with a cache backed by a {@link Deno.Kv}.
+* @param parameters The parameters for the cache.
+* @returns The decorated document loader which is cache-enabled.
+*/
+function kvCache({ loader, kv, prefix, rules }) {
+	const keyPrefix = prefix ?? ["_fedify", "remoteDocument"];
+	rules ??= [[new URLPattern({}), Temporal.Duration.from({ minutes: 5 })]];
+	for (const [p, duration] of rules) if (Temporal.Duration.compare(duration, { days: 30 }) > 0) throw new TypeError("The maximum cache duration is 30 days: " + (p instanceof URLPattern ? `${p.protocol}://${p.username}:${p.password}@${p.hostname}:${p.port}/${p.pathname}?${p.search}#${p.hash}` : p.toString()));
+	return async (url, options) => {
+		if (url in preloadedContexts) {
+			logger.debug("Using preloaded context: {url}.", { url });
+			return {
+				contextUrl: null,
+				document: preloadedContexts[url],
+				documentUrl: url
+			};
+		}
+		const match = matchRule(url, rules);
+		if (match == null) return await loader(url, options);
+		const key = [...keyPrefix, url];
+		let cache = void 0;
+		try {
+			cache = await kv.get(key);
+		} catch (error) {
+			if (error instanceof Error) logger.warn("Failed to get the document of {url} from the KV cache: {error}", {
+				url,
+				error
+			});
+		}
+		if (cache == null) {
+			const remoteDoc = await loader(url, options);
+			try {
+				await kv.set(key, remoteDoc, { ttl: match });
+			} catch (error) {
+				logger.warn("Failed to save the document of {url} to the KV cache: {error}", {
+					url,
+					error
+				});
+			}
+			return remoteDoc;
+		}
+		return cache;
+	};
+}
+function matchRule(url, rules) {
+	for (const [pattern, d] of rules) {
+		const duration = d instanceof Temporal.Duration ? d : Temporal.Duration.from(d);
+		if (typeof pattern === "string") {
+			if (url === pattern) return duration;
+			continue;
+		}
+		if (pattern instanceof URL) {
+			if (pattern.href == url) return duration;
+			continue;
+		}
+		if (pattern.test(url)) return duration;
+	}
+	return null;
+}
+
+//#endregion
+export { getAuthenticatedDocumentLoader, kvCache };

package/dist/kv-cache-a7LD3ze0.cjs

@@ -0,0 +1,134 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+const require_chunk = require('./chunk-DqRYRqnO.cjs');
+const require_http = require('./http-CS6iqtXa.cjs');
+const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
+const __fedify_vocab_runtime = require_chunk.__toESM(require("@fedify/vocab-runtime"));
+const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
+
+//#region src/utils/docloader.ts
+const logger$1 = (0, __logtape_logtape.getLogger)([
+	"fedify",
+	"utils",
+	"docloader"
+]);
+/**
+* Gets an authenticated {@link DocumentLoader} for the given identity.
+* Note that an authenticated document loader intentionally does not cache
+* the fetched documents.
+* @param identity The identity to get the document loader for.
+*                 The actor's key pair.
+* @param options The options for the document loader.
+* @returns The authenticated document loader.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.4.0
+*/
+function getAuthenticatedDocumentLoader(identity, { allowPrivateAddress, userAgent, specDeterminer, tracerProvider } = {}) {
+	require_http.validateCryptoKey(identity.privateKey);
+	async function load(url, options) {
+		if (!allowPrivateAddress) try {
+			await (0, __fedify_vocab_runtime.validatePublicUrl)(url);
+		} catch (error) {
+			if (error instanceof __fedify_vocab_runtime.UrlError) logger$1.error("Disallowed private URL: {url}", {
+				url,
+				error
+			});
+			throw error;
+		}
+		const originalRequest = (0, __fedify_vocab_runtime.createActivityPubRequest)(url, { userAgent });
+		const response = await require_http.doubleKnock(originalRequest, identity, {
+			specDeterminer,
+			log: (0, es_toolkit.curry)(__fedify_vocab_runtime.logRequest)(logger$1),
+			tracerProvider,
+			signal: options?.signal
+		});
+		return (0, __fedify_vocab_runtime.getRemoteDocument)(url, response, load);
+	}
+	return load;
+}
+const _fetchDocumentLoader = (0, __fedify_vocab_runtime.getDocumentLoader)();
+const _fetchDocumentLoader_allowPrivateAddress = (0, __fedify_vocab_runtime.getDocumentLoader)({ allowPrivateAddress: true });
+
+//#endregion
+//#region src/utils/kv-cache.ts
+const logger = (0, __logtape_logtape.getLogger)([
+	"fedify",
+	"utils",
+	"kv-cache"
+]);
+/**
+* Decorates a {@link DocumentLoader} with a cache backed by a {@link Deno.Kv}.
+* @param parameters The parameters for the cache.
+* @returns The decorated document loader which is cache-enabled.
+*/
+function kvCache({ loader, kv, prefix, rules }) {
+	const keyPrefix = prefix ?? ["_fedify", "remoteDocument"];
+	rules ??= [[new URLPattern({}), Temporal.Duration.from({ minutes: 5 })]];
+	for (const [p, duration] of rules) if (Temporal.Duration.compare(duration, { days: 30 }) > 0) throw new TypeError("The maximum cache duration is 30 days: " + (p instanceof URLPattern ? `${p.protocol}://${p.username}:${p.password}@${p.hostname}:${p.port}/${p.pathname}?${p.search}#${p.hash}` : p.toString()));
+	return async (url, options) => {
+		if (url in __fedify_vocab_runtime.preloadedContexts) {
+			logger.debug("Using preloaded context: {url}.", { url });
+			return {
+				contextUrl: null,
+				document: __fedify_vocab_runtime.preloadedContexts[url],
+				documentUrl: url
+			};
+		}
+		const match = matchRule(url, rules);
+		if (match == null) return await loader(url, options);
+		const key = [...keyPrefix, url];
+		let cache = void 0;
+		try {
+			cache = await kv.get(key);
+		} catch (error) {
+			if (error instanceof Error) logger.warn("Failed to get the document of {url} from the KV cache: {error}", {
+				url,
+				error
+			});
+		}
+		if (cache == null) {
+			const remoteDoc = await loader(url, options);
+			try {
+				await kv.set(key, remoteDoc, { ttl: match });
+			} catch (error) {
+				logger.warn("Failed to save the document of {url} to the KV cache: {error}", {
+					url,
+					error
+				});
+			}
+			return remoteDoc;
+		}
+		return cache;
+	};
+}
+function matchRule(url, rules) {
+	for (const [pattern, d] of rules) {
+		const duration = d instanceof Temporal.Duration ? d : Temporal.Duration.from(d);
+		if (typeof pattern === "string") {
+			if (url === pattern) return duration;
+			continue;
+		}
+		if (pattern instanceof URL) {
+			if (pattern.href == url) return duration;
+			continue;
+		}
+		if (pattern.test(url)) return duration;
+	}
+	return null;
+}
+
+//#endregion
+Object.defineProperty(exports, 'getAuthenticatedDocumentLoader', {
+  enumerable: true,
+  get: function () {
+    return getAuthenticatedDocumentLoader;
+  }
+});
+Object.defineProperty(exports, 'kvCache', {
+  enumerable: true,
+  get: function () {
+    return kvCache;
+  }
+});

package/dist/{ld-DWwLYT4e.js → ld-UYagkye9.js}

@@ -3,9 +3,12 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-I68qwqmo.js";
-import { fetchKey, validateCryptoKey } from "./key-CYOcZ9G5.js";
+import { deno_default } from "./deno-DHmnBq8X.js";
+import { Activity, CryptographicKey, Object as Object$1 } from "./vocab-Durhw0Gx.js";
+import { getTypeId } from "./type-BSNcIxTd.js";
+import { fetchKey, validateCryptoKey } from "./key-W6YaI4J_.js";
 import { getLogger } from "@logtape/logtape";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
 import { encodeHex } from "byte-encodings/hex";
@@ -182,7 +185,7 @@ async function verifySignature(jsonLd, options = {}) {
 	const encoder = new TextEncoder();
 	const message = sigOptsHash + docHash;
 	const messageBytes = encoder.encode(message);
-	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature, messageBytes);
+	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes);
 	if (verified) return key;
 	if (cached) {
 		logger.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
@@ -197,7 +200,7 @@ async function verifySignature(jsonLd, options = {}) {
 			}
 		});
 		if (key$1 == null) return null;
-		const verified$1 = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key$1.publicKey, signature, messageBytes);
+		const verified$1 = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key$1.publicKey, signature.slice(), messageBytes);
 		return verified$1 ? key$1 : null;
 	}
 	logger.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {

package/dist/lookup-C-ajaa9S.js

@@ -0,0 +1,256 @@
+
+          import { Temporal } from "@js-temporal/polyfill";
+          import { URLPattern } from "urlpattern-polyfill";
+        
+import { getLogger } from "@logtape/logtape";
+import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
+import { UrlError, getUserAgent, validatePublicUrl } from "@fedify/vocab-runtime";
+
+//#region deno.json
+var name = "@fedify/fedify";
+var version = "2.0.0-dev.150+7daa59dd";
+var license = "MIT";
+var exports = {
+	".": "./src/mod.ts",
+	"./compat": "./src/compat/mod.ts",
+	"./federation": "./src/federation/mod.ts",
+	"./nodeinfo": "./src/nodeinfo/mod.ts",
+	"./otel": "./src/otel/mod.ts",
+	"./sig": "./src/sig/mod.ts",
+	"./vocab": "./src/vocab/mod.ts",
+	"./utils": "./src/utils/mod.ts",
+	"./webfinger": "./src/webfinger/mod.ts"
+};
+var imports = {
+	"@multiformats/base-x": "npm:@multiformats/base-x@^4.0.1",
+	"@opentelemetry/core": "npm:@opentelemetry/core@^2.0.0",
+	"@opentelemetry/sdk-trace-base": "npm:@opentelemetry/sdk-trace-base@^2.0.0",
+	"@opentelemetry/semantic-conventions": "npm:@opentelemetry/semantic-conventions@^1.27.0",
+	"@std/assert": "jsr:@std/assert@^0.226.0",
+	"@std/url": "jsr:@std/url@^0.225.1",
+	"asn1js": "npm:asn1js@^3.0.7",
+	"fast-check": "npm:fast-check@^3.22.0",
+	"fetch-mock": "npm:fetch-mock@^12.5.2",
+	"json-canon": "npm:json-canon@^1.0.1",
+	"jsonld": "npm:jsonld@^9.0.0",
+	"multicodec": "npm:multicodec@^3.2.1",
+	"pkijs": "npm:pkijs@^3.3.3",
+	"structured-field-values": "npm:structured-field-values@^2.0.4",
+	"uri-template-router": "npm:uri-template-router@^1.0.0",
+	"url-template": "npm:url-template@^3.1.1"
+};
+var include = ["src/vocab/vocab.ts"];
+var exclude = [
+	".test-report.xml",
+	"apidoc/",
+	"dist/",
+	"node_modules/",
+	"npm/",
+	"pnpm-lock.yaml",
+	"src/cfworkers/dist/",
+	"src/cfworkers/fixtures/",
+	"src/cfworkers/imports.ts",
+	"src/cfworkers/README.md",
+	"src/cfworkers/server.ts",
+	"src/cfworkers/server.js",
+	"src/cfworkers/server.js.map",
+	"src/vocab/*.yaml",
+	"!src/vocab/vocab.ts"
+];
+var publish = { "exclude": ["**/*.test.ts", "src/testing/"] };
+var tasks = {
+	"codegen": "deno run --allow-read --allow-write --allow-env --check scripts/codegen.ts && deno fmt src/vocab/vocab.ts && deno cache src/vocab/vocab.ts && deno check src/vocab/vocab.ts",
+	"cache": {
+		"command": "deno cache src/mod.ts",
+		"dependencies": ["codegen"]
+	},
+	"check": {
+		"command": "deno fmt --check && deno lint && deno check src/**/*.ts",
+		"dependencies": ["codegen"]
+	},
+	"test": {
+		"command": "deno test --check --doc --allow-read --allow-write --allow-env --unstable-kv --trace-leaks --parallel",
+		"dependencies": ["codegen"]
+	},
+	"coverage": "deno task test --clean --coverage && deno coverage --html coverage",
+	"bench": {
+		"command": "deno bench --allow-read --allow-write --allow-net --allow-env --allow-run --unstable-kv",
+		"dependencies": ["codegen"]
+	},
+	"apidoc": {
+		"command": "deno doc --html --name=Fedify --output=apidoc/ src/mod.ts",
+		"dependencies": ["codegen"]
+	},
+	"publish": {
+		"command": "deno publish",
+		"dependencies": ["codegen"]
+	},
+	"pnpm:install": "pnpm install --silent",
+	"pnpm:build": {
+		"command": "pnpm exec tsdown",
+		"dependencies": [
+			"codegen",
+			"pnpm:install",
+			"pnpm:build-vocab",
+			"pnpm:build-fixture"
+		]
+	},
+	"pnpm:build-vocab-runtime": { "command": "cd ../vocab-runtime && pnpm build" },
+	"pnpm:build-vocab-tools": { "command": "cd ../vocab-tools && pnpm build" },
+	"pnpm:build-vocab": { "dependencies": ["pnpm:build-vocab-runtime", "pnpm:build-vocab-tools"] },
+	"test:node": {
+		"command": "cd dist/ && node --test",
+		"dependencies": ["pnpm:build"]
+	},
+	"test:bun": {
+		"command": "cd dist/ && bun test --timeout 60000",
+		"dependencies": ["pnpm:build"]
+	},
+	"test:cfworkers": {
+		"command": "pnpm exec wrangler deploy --dry-run --outdir src/cfworkers && node --import=tsx src/cfworkers/client.ts",
+		"dependencies": ["pnpm:build"]
+	},
+	"test-all": { "dependencies": [
+		"check",
+		"test",
+		"test:node",
+		"test:bun",
+		"test:cfworkers"
+	] }
+};
+var deno_default = {
+	name,
+	version,
+	license,
+	exports,
+	imports,
+	include,
+	exclude,
+	publish,
+	tasks
+};
+
+//#endregion
+//#region src/webfinger/lookup.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"lookup"
+]);
+const DEFAULT_MAX_REDIRECTION = 5;
+/**
+* Looks up a WebFinger resource.
+* @param resource The resource URL to look up.
+* @param options Extra options for looking up the resource.
+* @returns The resource descriptor, or `null` if not found.
+* @since 0.2.0
+*/
+async function lookupWebFinger(resource, options = {}) {
+	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	return await tracer.startActiveSpan("webfinger.lookup", {
+		kind: SpanKind.CLIENT,
+		attributes: {
+			"webfinger.resource": resource.toString(),
+			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
+		}
+	}, async (span) => {
+		try {
+			const result = await lookupWebFingerInternal(resource, options);
+			span.setStatus({ code: result === null ? SpanStatusCode.ERROR : SpanStatusCode.OK });
+			return result;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function lookupWebFingerInternal(resource, options = {}) {
+	if (typeof resource === "string") resource = new URL(resource);
+	let protocol = "https:";
+	let server;
+	if (resource.protocol === "acct:") {
+		const atPos = resource.pathname.lastIndexOf("@");
+		if (atPos < 0) return null;
+		server = resource.pathname.substring(atPos + 1);
+		if (server === "") return null;
+	} else {
+		protocol = resource.protocol;
+		server = resource.host;
+	}
+	let url = new URL(`${protocol}//${server}/.well-known/webfinger`);
+	url.searchParams.set("resource", resource.href);
+	let redirected = 0;
+	while (true) {
+		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
+		let response;
+		if (options.allowPrivateAddress !== true) try {
+			await validatePublicUrl(url.href);
+		} catch (e) {
+			if (e instanceof UrlError) {
+				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+		try {
+			response = await fetch(url, {
+				headers: {
+					Accept: "application/jrd+json",
+					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : getUserAgent(options.userAgent)
+				},
+				redirect: "manual",
+				signal: options.signal
+			});
+		} catch (error) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {error}", {
+				url: url.href,
+				error
+			});
+			return null;
+		}
+		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
+			redirected++;
+			const maxRedirection = options.maxRedirection ?? DEFAULT_MAX_REDIRECTION;
+			if (redirected >= maxRedirection) {
+				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
+				return null;
+			}
+			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
+			if (redirectedUrl.protocol !== url.protocol) {
+				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
+					protocol: url.protocol,
+					redirectedProtocol: redirectedUrl.protocol
+				});
+				return null;
+			}
+			url = redirectedUrl;
+			continue;
+		}
+		if (!response.ok) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {status} {statusText}.", {
+				url: url.href,
+				status: response.status,
+				statusText: response.statusText
+			});
+			return null;
+		}
+		try {
+			return await response.json();
+		} catch (e) {
+			if (e instanceof SyntaxError) {
+				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+	}
+}
+
+//#endregion
+export { deno_default, lookupWebFinger };