@fedify/fedify 2.0.0-dev.1641 → 2.0.0-dev.166

package/dist/{middleware-DXidHY4N.js → middleware-7qNi2Qwp.js}

@@ -2,23 +2,21 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
         
-import { getDefaultActivityTransformers } from "./transformers-BFT6d7J5.js";
-import { deno_default, getDocumentLoader, kvCache } from "./docloader-BtqIh1OE.js";
-import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId } from "./actor-DU511yTk.js";
-import { lookupWebFinger } from "./lookup-NuT9cCSl.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-Cc0JlcKe.js";
-import { doubleKnock, verifyRequest } from "./http-C7uYFcBo.js";
-import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-DkxwMaWE.js";
-import { getNodeInfo, nodeInfoToJson } from "./types-l2uh_ZhP.js";
-import { getAuthenticatedDocumentLoader } from "./authdocloader-DCgMyo82.js";
-import { lookupObject, traverseCollection } from "./vocab-lBFcVxVF.js";
+import { getDefaultActivityTransformers } from "./transformers-N_ip_y4P.js";
+import { deno_default, doubleKnock, exportJwk, importJwk, validateCryptoKey, verifyRequest } from "./http-CY-Bbe9s.js";
+import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-aPT2G2bY.js";
+import { getNodeInfo, nodeInfoToJson } from "./types-8l28uC8o.js";
+import { getAuthenticatedDocumentLoader, kvCache } from "./kv-cache-BCsLgQXU.js";
 import { getLogger, withContext } from "@logtape/logtape";
+import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
-import { encodeHex } from "byte-encodings/hex";
 import { cloneDeep } from "es-toolkit";
 import { Router } from "uri-template-router";
 import { parseTemplate } from "url-template";
+import { encodeHex } from "byte-encodings/hex";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { lookupWebFinger } from "@fedify/webfinger";
 import { domainToASCII } from "node:url";
 
 //#region src/federation/inbox.ts
@@ -55,17 +53,34 @@ var InboxListenerSet = class InboxListenerSet {
 		return this.dispatchWithClass(activity)?.listener ?? null;
 	}
 };
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
 		"inbox"
 	]);
-	const cacheKey = activity.id == null ? null : [
-		...kvPrefixes.activityIdempotence,
-		ctx.origin,
-		activity.id.href
-	];
+	let cacheKey = null;
+	if (activity.id != null) {
+		const inboxContext = inboxContextFactory(recipient, json, activity.id?.href, getTypeId(activity).href);
+		const strategy = idempotencyStrategy ?? "per-inbox";
+		let keyString;
+		if (typeof strategy === "function") {
+			const result = await strategy(inboxContext, activity);
+			keyString = result;
+		} else switch (strategy) {
+			case "global":
+				keyString = activity.id.href;
+				break;
+			case "per-origin":
+				keyString = `${ctx.origin}\n${activity.id.href}`;
+				break;
+			case "per-inbox":
+				keyString = `${ctx.origin}\n${activity.id.href}\n${recipient == null ? "sharedInbox" : `inbox\n${recipient}`}`;
+				break;
+			default: keyString = `${ctx.origin}\n${activity.id.href}`;
+		}
+		if (keyString != null) cacheKey = [...kvPrefixes.activityIdempotence, keyString];
+	}
 	if (cacheKey != null) {
 		const cached = await kv.get(cacheKey);
 		if (cached === true) {
@@ -307,6 +322,7 @@ var FederationBuilderImpl = class {
 	inboxListeners;
 	inboxErrorHandler;
 	sharedInboxKeyDispatcher;
+	idempotencyStrategy;
 	collectionTypeIds;
 	collectionCallbacks;
 	/**
@@ -321,7 +337,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await import("./middleware-Bp3I9z8r.js");
+		const { FederationImpl: FederationImpl$1 } = await import("./middleware-B7mdNwwo.js");
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -343,6 +359,7 @@ var FederationBuilderImpl = class {
 		f.inboxListeners = this.inboxListeners?.clone();
 		f.inboxErrorHandler = this.inboxErrorHandler;
 		f.sharedInboxKeyDispatcher = this.sharedInboxKeyDispatcher;
+		f.idempotencyStrategy = this.idempotencyStrategy;
 		return f;
 	}
 	_getTracer() {
@@ -765,15 +782,19 @@ var FederationBuilderImpl = class {
 			setSharedKeyDispatcher: (dispatcher) => {
 				this.sharedInboxKeyDispatcher = dispatcher;
 				return setters;
+			},
+			withIdempotency: (strategy) => {
+				this.idempotencyStrategy = strategy;
+				return setters;
 			}
 		};
 		return setters;
 	}
-	setCollectionDispatcher(name, ...args) {
-		return this.#setCustomCollectionDispatcher(name, "collection", ...args);
+	setCollectionDispatcher(name, itemType, path, dispatcher) {
+		return this.#setCustomCollectionDispatcher(name, "collection", itemType, path, dispatcher);
 	}
-	setOrderedCollectionDispatcher(name, ...args) {
-		return this.#setCustomCollectionDispatcher(name, "orderedCollection", ...args);
+	setOrderedCollectionDispatcher(name, itemType, path, dispatcher) {
+		return this.#setCustomCollectionDispatcher(name, "orderedCollection", itemType, path, dispatcher);
 	}
 	#setCustomCollectionDispatcher(name, collectionType, itemType, path, dispatcher) {
 		const strName = String(name);
@@ -979,9 +1000,6 @@ function preferredMediaTypes(accept) {
 	const accepts = parseAccept(accept === void 0 ? "*/*" : accept ?? "");
 	return accepts.filter(isQuality).sort(compareSpecs).map(getFullType);
 }
-
-//#endregion
-//#region src/federation/handler.ts
 function acceptsJsonLd(request) {
 	const accept = request.headers.get("Accept");
 	const types = accept ? preferredMediaTypes(accept) : ["*/*"];
@@ -989,6 +1007,9 @@ function acceptsJsonLd(request) {
 	if (types[0] === "text/html" || types[0] === "application/xhtml+xml") return false;
 	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
 }
+
+//#endregion
+//#region src/federation/handler.ts
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -996,7 +1017,7 @@ function acceptsJsonLd(request) {
 * @param parameters The parameters for handling the actor.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onUnauthorized }) {
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
@@ -1011,7 +1032,6 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 		logger$1.debug("Actor {identifier} not found.", { identifier });
 		return await onNotFound(request);
 	}
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -1046,11 +1066,10 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 * @param parameters The parameters for handling the object.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onUnauthorized }) {
 	if (objectDispatcher == null) return await onNotFound(request);
 	const object = await objectDispatcher(context$1, values);
 	if (object == null) return await onNotFound(request);
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -1088,7 +1107,7 @@ async function handleObject(request, { values, context: context$1, objectDispatc
 * @param parameters The parameters for handling the collection.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound, onNotAcceptable }) {
+async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
 	const spanName = name.trim().replace(/\s+/g, "_");
 	tracerProvider = tracerProvider ?? trace.getTracerProvider();
 	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
@@ -1201,7 +1220,6 @@ async function handleCollection(request, { name, identifier, uriGetter, filter,
 			partOf
 		});
 	}
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (collectionCallbacks.authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -1296,7 +1314,8 @@ async function handleInbox(request, options) {
 * @param span The OpenTelemetry span for tracing.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+async function handleInboxInternal(request, parameters, span) {
+	const { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider } = parameters;
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
@@ -1470,6 +1489,13 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+	span.addEvent("activitypub.activity.received", {
+		"activitypub.activity.json": JSON.stringify(json),
+		"activitypub.activity.verified": activity != null,
+		"ld_signatures.verified": ldSigVerified,
+		"http_signatures.verified": httpSigKey != null,
+		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
+	});
 	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
 		logger$1.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
@@ -1498,7 +1524,8 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 		kvPrefixes,
 		queue,
 		span,
-		tracerProvider
+		tracerProvider,
+		idempotencyStrategy: parameters.idempotencyStrategy
 	});
 	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
 		status: 202,
@@ -1528,7 +1555,7 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 /**
 * Handles a custom collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -1539,7 +1566,6 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 const handleCustomCollection = exceptWrapper(_handleCustomCollection);
 async function _handleCustomCollection(request, { name, values, context: context$1, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
 	verifyDefined(callbacks);
-	verifyJsonLdRequest(request);
 	await authIfNeeded(context$1, values, callbacks);
 	const cursor = new URL(request.url).searchParams.get("cursor");
 	return await new CustomCollectionHandler(name, values, context$1, callbacks, tracerProvider, Collection, CollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
@@ -1547,7 +1573,7 @@ async function _handleCustomCollection(request, { name, values, context: context
 /**
 * Handles an ordered collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -1558,7 +1584,6 @@ async function _handleCustomCollection(request, { name, values, context: context
 const handleOrderedCollection = exceptWrapper(_handleOrderedCollection);
 async function _handleOrderedCollection(request, { name, values, context: context$1, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
 	verifyDefined(callbacks);
-	verifyJsonLdRequest(request);
 	await authIfNeeded(context$1, values, callbacks);
 	const cursor = new URL(request.url).searchParams.get("cursor");
 	return await new CustomCollectionHandler(name, values, context$1, callbacks, tracerProvider, OrderedCollection, OrderedCollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
@@ -1568,7 +1593,7 @@ async function _handleOrderedCollection(request, { name, values, context: contex
 * The main flow is on `getCollection`, `dispatch`.
 *
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context. {@link Context} or {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @template TCollection The type of the collection, extending {@link Collection}.
@@ -1602,14 +1627,14 @@ var CustomCollectionHandler = class {
 	#collection = null;
 	/**
 	* Creates a new CustomCollection instance.
-	* @param {string} name The name of the collection.
-	* @param {TParams} values The parameter values for the collection.
-	* @param {TContext} context The request context.
-	* @param {CustomCollectionCallbacks} callbacks The collection callbacks.
-	* @param {TracerProvider} tracerProvider The tracer provider for telemetry.
-	* @param {ConstructorWithTypeId<TCollection>} Collection The Collection constructor.
-	* @param {ConstructorWithTypeId<TCollectionPage>} CollectionPage The CollectionPage constructor.
-	* @param {(item: TItem) => boolean} filterPredicate Optional filter predicate for items.
+	* @param name The name of the collection.
+	* @param values The parameter values for the collection.
+	* @param context The request context.
+	* @param callbacks The collection callbacks.
+	* @param tracerProvider The tracer provider for telemetry.
+	* @param Collection The Collection constructor.
+	* @param CollectionPage The CollectionPage constructor.
+	* @param filterPredicate Optional filter predicate for items.
 	*/
 	constructor(name, values, context$1, callbacks, tracerProvider = trace.getTracerProvider(), Collection$1, CollectionPage$1, filterPredicate) {
 		this.name = name;
@@ -1734,7 +1759,7 @@ var CustomCollectionHandler = class {
 	/**
 	* Creates a function to wrap the dispatcher so tracing can be applied.
 	* @param params Parameters including cursor and total items.
-	* @returns {(span: Span) => Promise<PageItems<TItem>>} A function that handles the span operation.
+	* @returns A function that handles the span operation.
 	*/
 	spanPages = ({ totalItems = null, cursor = null }) => async (span) => {
 		try {
@@ -1755,23 +1780,23 @@ var CustomCollectionHandler = class {
 	};
 	/**
 	* Dispatches the collection request to get items.
-	* @param {string | null} cursor The cursor for pagination, or null for the first page.
-	* @returns {Promise<PageItems<TItem>>} A promise that resolves to the page items.
+	* @param cursor The cursor for pagination, or null for the first page.
+	* @returns A promise that resolves to the page items.
 	*/
 	async dispatch(cursor = null) {
 		return await this.#dispatcher(this.context, this.values, cursor) ?? new ItemsNotFoundError().throw();
 	}
 	/**
 	* Filters the items in the collection.
-	* @param {TItem[]} items The items to filter.
-	* @returns {(Object | Link | URL)[]} The filtered items.
+	* @param items The items to filter.
+	* @returns The filtered items.
 	*/
 	filterItems(items) {
 		return filterCollectionItems(items, this.name, this.filterPredicate);
 	}
 	/**
 	* Appends a cursor to the URL if it exists.
-	* @param {string | null | undefined} cursor The cursor to append, or null/undefined.
+	* @param cursor The cursor to append, or null/undefined.
 	* @returns The URL with cursor appended, or null if cursor is null/undefined.
 	*/
 	appendToUrl(cursor) {
@@ -1779,8 +1804,7 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the stored collection or collection page.
-	* @returns {Promise<TCollection | TCollectionPage>} A promise that resolves to
-	the collection or collection page.
+	* @returns A promise that resolves to the collection or collection page.
 	*/
 	get collection() {
 		if (this.#collection === null) this.#collection = this.getCollection();
@@ -1788,8 +1812,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the total number of items in the collection.
-	* @returns {Promise<number | null>} A promise that
-	resolves to the total items count, or null if not available.
+	* @returns A promise that resolves to the total items count,
+	*          or null if not available.
 	*/
 	get totalItems() {
 		if (this.#totalItems === void 0) this.totalItems = this.callbacks.counter?.(this.context, this.values);
@@ -1805,8 +1829,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the first cursor for pagination.
-	* @returns {Promise<string | null>} A promise that resolves to the first cursor,
-	or null if not available.
+	* @returns A promise that resolves to the first cursor,
+	*          or null if not available.
 	*/
 	get firstCursor() {
 		const cursor = this.callbacks.firstCursor?.(this.context, this.values);
@@ -1836,10 +1860,9 @@ function exceptWrapper(handler) {
 		try {
 			return await handler(request, handlerParams);
 		} catch (error) {
-			const { onNotFound, onNotAcceptable, onUnauthorized } = handlerParams;
+			const { onNotFound, onUnauthorized } = handlerParams;
 			switch (error?.constructor) {
 				case ItemsNotFoundError: return await onNotFound(request);
-				case NotAcceptableError: return await onNotAcceptable(request);
 				case UnauthorizedError: return await onUnauthorized(request);
 				default: throw error;
 			}
@@ -1857,15 +1880,6 @@ const verifyDefined = (callbacks) => {
 	if (callbacks === void 0) throw new ItemsNotFoundError();
 };
 /**
-* Verifies that a request accepts JSON-LD content type.
-* @param request The HTTP request to verify.
-* @throws {NotAcceptableError} If the request doesn't accept JSON-LD.
-* @since 1.8.0
-*/
-const verifyJsonLdRequest = (request) => {
-	if (!acceptsJsonLd(request)) throw new NotAcceptableError();
-};
-/**
 * Performs authorization if needed based on the authorization predicate.
 * @template TContextData The context data type.
 * @param {RequestContext<TContextData>} context The request context.
@@ -1949,15 +1963,6 @@ var ItemsNotFoundError = class extends HandlerError {
 	}
 };
 /**
-* Error thrown when the request is not acceptable (e.g., wrong content type).
-* @since 1.8.0
-*/
-var NotAcceptableError = class extends HandlerError {
-	constructor() {
-		super("The request is not acceptable.");
-	}
-};
-/**
 * Error thrown when access to a collection is unauthorized.
 * @since 1.8.0
 */
@@ -2031,139 +2036,6 @@ function handleNodeInfoJrd(_request, context$1) {
 	return Promise.resolve(response);
 }
 
-//#endregion
-//#region src/webfinger/handler.ts
-const logger = getLogger([
-	"fedify",
-	"webfinger",
-	"server"
-]);
-/**
-* Handles a WebFinger request.  You would not typically call this function
-* directly, but instead use {@link Federation.fetch} method.
-* @param request The WebFinger request to handle.
-* @param parameters The parameters for handling the request.
-* @returns The response to the request.
-*/
-async function handleWebFinger(request, options) {
-	if (options.tracer == null) return await handleWebFingerInternal(request, options);
-	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
-		try {
-			const response = await handleWebFingerInternal(request, options);
-			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
-			return response;
-		} catch (error) {
-			span.setStatus({
-				code: SpanStatusCode.ERROR,
-				message: String(error)
-			});
-			throw error;
-		} finally {
-			span.end();
-		}
-	});
-}
-async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span, webFingerLinksDispatcher }) {
-	if (actorDispatcher == null) {
-		logger.error("Actor dispatcher is not set.");
-		return await onNotFound(request);
-	}
-	const resource = context$1.url.searchParams.get("resource");
-	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
-	span?.setAttribute("webfinger.resource", resource);
-	let resourceUrl;
-	try {
-		resourceUrl = new URL(resource);
-	} catch (e) {
-		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
-		throw e;
-	}
-	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
-	async function mapUsernameToIdentifier(username) {
-		if (actorHandleMapper == null) {
-			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
-			return username;
-		}
-		const identifier$1 = await actorHandleMapper(context$1, username);
-		if (identifier$1 == null) {
-			logger.error("Actor {username} not found.", { username });
-			return null;
-		}
-		return identifier$1;
-	}
-	let identifier = null;
-	const uriParsed = context$1.parseUri(resourceUrl);
-	if (uriParsed?.type != "actor") {
-		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
-		if (match == null) {
-			const result = await actorAliasMapper?.(context$1, resourceUrl);
-			if (result == null) return await onNotFound(request);
-			if ("identifier" in result) identifier = result.identifier;
-			else identifier = await mapUsernameToIdentifier(result.username);
-		} else {
-			const portMatch = /:\d+$/.exec(match[2]);
-			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
-			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
-			else {
-				identifier = await mapUsernameToIdentifier(match[1]);
-				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
-			}
-		}
-	} else identifier = uriParsed.identifier;
-	if (identifier == null) return await onNotFound(request);
-	const actor = await actorDispatcher(context$1, identifier);
-	if (actor == null) {
-		logger.error("Actor {identifier} not found.", { identifier });
-		return await onNotFound(request);
-	}
-	const links = [{
-		rel: "self",
-		href: context$1.getActorUri(identifier).href,
-		type: "application/activity+json"
-	}];
-	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
-		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
-		href: url.href.href,
-		type: url.mediaType == null ? void 0 : url.mediaType
-	});
-	else if (url instanceof URL) links.push({
-		rel: "http://webfinger.net/rel/profile-page",
-		href: url.href
-	});
-	for await (const image of actor.getIcons()) {
-		if (image.url?.href == null) continue;
-		const link = {
-			rel: "http://webfinger.net/rel/avatar",
-			href: image.url.href.toString()
-		};
-		if (image.mediaType != null) link.type = image.mediaType;
-		links.push(link);
-	}
-	if (webFingerLinksDispatcher != null) {
-		const customLinks = await webFingerLinksDispatcher(context$1, resourceUrl);
-		if (customLinks != null) for (const link of customLinks) links.push(link);
-	}
-	const aliases = [];
-	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
-		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
-		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
-	}
-	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
-	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
-		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
-		aliases.push(`acct:${username}@${host}`);
-	}
-	const jrd = {
-		subject: resourceUrl.href,
-		aliases,
-		links
-	};
-	return new Response(JSON.stringify(jrd), { headers: {
-		"Content-Type": "application/jrd+json",
-		"Access-Control-Allow-Origin": "*"
-	} });
-}
-
 //#endregion
 //#region src/federation/retry.ts
 /**
@@ -2190,8 +2062,8 @@ function createExponentialBackoffPolicy(options = {}) {
 			milliseconds *= 1 + Math.random();
 			milliseconds = Math.round(milliseconds);
 		}
-		const delay$1 = Temporal.Duration.from({ milliseconds });
-		return Temporal.Duration.compare(delay$1, maxDelay) > 0 ? maxDelay : delay$1;
+		const delay = Temporal.Duration.from({ milliseconds });
+		return Temporal.Duration.compare(delay, maxDelay) > 0 ? maxDelay : delay;
 	};
 }
 
@@ -2243,7 +2115,7 @@ function sendActivity(options) {
 			await sendActivityInternal({
 				...options,
 				tracerProvider
-			});
+			}, span);
 		} catch (e) {
 			span.setStatus({
 				code: SpanStatusCode.ERROR,
@@ -2255,7 +2127,7 @@ function sendActivity(options) {
 		}
 	});
 }
-async function sendActivityInternal({ activity, activityId, keys, inbox, headers, specDeterminer, tracerProvider }) {
+async function sendActivityInternal({ activity, activityId, keys, inbox, headers, specDeterminer, tracerProvider }, span) {
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
@@ -2310,6 +2182,143 @@ async function sendActivityInternal({ activity, activityId, keys, inbox, headers
 		});
 		throw new Error(`Failed to send activity ${activityId} to ${inbox.href} (${response.status} ${response.statusText}):\n${error}`);
 	}
+	span.addEvent("activitypub.activity.sent", {
+		"activitypub.activity.json": JSON.stringify(activity),
+		"activitypub.inbox.url": inbox.href,
+		"activitypub.activity.id": activityId ?? ""
+	});
+}
+
+//#endregion
+//#region src/federation/webfinger.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"server"
+]);
+/**
+* Handles a WebFinger request.  You would not typically call this function
+* directly, but instead use {@link Federation.fetch} method.
+* @param request The WebFinger request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleWebFinger(request, options) {
+	if (options.tracer == null) return await handleWebFingerInternal(request, options);
+	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
+		try {
+			const response = await handleWebFingerInternal(request, options);
+			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
+			return response;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span, webFingerLinksDispatcher }) {
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.");
+		return await onNotFound(request);
+	}
+	const resource = context$1.url.searchParams.get("resource");
+	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
+	span?.setAttribute("webfinger.resource", resource);
+	let resourceUrl;
+	try {
+		resourceUrl = new URL(resource);
+	} catch (e) {
+		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
+		throw e;
+	}
+	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
+	async function mapUsernameToIdentifier(username) {
+		if (actorHandleMapper == null) {
+			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
+			return username;
+		}
+		const identifier$1 = await actorHandleMapper(context$1, username);
+		if (identifier$1 == null) {
+			logger.error("Actor {username} not found.", { username });
+			return null;
+		}
+		return identifier$1;
+	}
+	let identifier = null;
+	const uriParsed = context$1.parseUri(resourceUrl);
+	if (uriParsed?.type != "actor") {
+		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
+		if (match == null) {
+			const result = await actorAliasMapper?.(context$1, resourceUrl);
+			if (result == null) return await onNotFound(request);
+			if ("identifier" in result) identifier = result.identifier;
+			else identifier = await mapUsernameToIdentifier(result.username);
+		} else {
+			const portMatch = /:\d+$/.exec(match[2]);
+			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
+			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
+			else {
+				identifier = await mapUsernameToIdentifier(match[1]);
+				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+			}
+		}
+	} else identifier = uriParsed.identifier;
+	if (identifier == null) return await onNotFound(request);
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const links = [{
+		rel: "self",
+		href: context$1.getActorUri(identifier).href,
+		type: "application/activity+json"
+	}];
+	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
+		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
+		href: url.href.href,
+		type: url.mediaType == null ? void 0 : url.mediaType
+	});
+	else if (url instanceof URL) links.push({
+		rel: "http://webfinger.net/rel/profile-page",
+		href: url.href
+	});
+	for await (const image of actor.getIcons()) {
+		if (image.url?.href == null) continue;
+		links.push({
+			rel: "http://webfinger.net/rel/avatar",
+			href: image.url.href.toString(),
+			...image.mediaType != null && { type: image.mediaType }
+		});
+	}
+	if (webFingerLinksDispatcher != null) {
+		const customLinks = await webFingerLinksDispatcher(context$1, resourceUrl);
+		if (customLinks != null) for (const link of customLinks) links.push(link);
+	}
+	const aliases = [];
+	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
+		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
+		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
+	}
+	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
+	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
+		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
+		aliases.push(`acct:${username}@${host}`);
+	}
+	const jrd = {
+		subject: resourceUrl.href,
+		aliases,
+		links
+	};
+	return new Response(JSON.stringify(jrd), { headers: {
+		"Content-Type": "application/jrd+json",
+		"Access-Control-Allow-Origin": "*"
+	} });
 }
 
 //#endregion
@@ -2349,7 +2358,6 @@ var FederationImpl = class extends FederationBuilderImpl {
 	firstKnock;
 	constructor(options) {
 		super();
-		const logger$1 = getLogger(["fedify", "federation"]);
 		this.kv = options.kv;
 		this.kvPrefixes = {
 			activityIdempotence: ["_fedify", "activityIdempotence"],
@@ -2397,8 +2405,9 @@ var FederationImpl = class extends FederationBuilderImpl {
 		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
 		this._initializeRouter();
 		if (options.allowPrivateAddress || options.userAgent != null) {
-			if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
-			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set documentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set contextLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
 		}
 		const { allowPrivateAddress, userAgent } = options;
 		this.allowPrivateAddress = allowPrivateAddress ?? false;
@@ -2412,11 +2421,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				prefix: this.kvPrefixes.remoteDocument
 			});
 		});
-		if (options.contextLoader != null) {
-			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
-			this.contextLoaderFactory = () => options.contextLoader;
-			logger$1.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
-		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
 		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => getAuthenticatedDocumentLoader(identity, {
 			allowPrivateAddress,
 			userAgent,
@@ -2620,11 +2625,11 @@ var FederationImpl = class extends FederationBuilderImpl {
 				});
 				throw error;
 			}
-			const delay$1 = this.outboxRetryPolicy({
+			const delay = this.outboxRetryPolicy({
 				elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
 				attempts: message.attempt
 			});
-			if (delay$1 != null) {
+			if (delay != null) {
 				logger$1.error("Failed to send activity {activityId} to {inbox} (attempt #{attempt}); retry...:\n{error}", {
 					...logData,
 					error
@@ -2632,7 +2637,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				await this.outboxQueue?.enqueue({
 					...message,
 					attempt: message.attempt + 1
-				}, { delay: Temporal.Duration.compare(delay$1, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay$1 });
+				}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
 			} else logger$1.error("Failed to send activity {activityId} to {inbox} after {attempt} attempts; giving up:\n{error}", {
 				...logData,
 				error
@@ -2719,11 +2724,11 @@ var FederationImpl = class extends FederationBuilderImpl {
 					span$1.end();
 					throw error;
 				}
-				const delay$1 = this.inboxRetryPolicy({
+				const delay = this.inboxRetryPolicy({
 					elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
 					attempts: message.attempt
 				});
-				if (delay$1 != null) {
+				if (delay != null) {
 					logger$1.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
 						error,
 						attempt: message.attempt,
@@ -2734,7 +2739,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					await this.inboxQueue?.enqueue({
 						...message,
 						attempt: message.attempt + 1
-					}, { delay: Temporal.Duration.compare(delay$1, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay$1 });
+					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
 				} else logger$1.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
 					error,
 					activityId: activity.id?.href,
@@ -2955,6 +2960,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 						span,
 						tracer
 					});
+					if (acceptsJsonLd(request)) response.headers.set("Vary", "Accept");
 				} catch (error) {
 					span.setStatus({
 						code: SpanStatusCode.ERROR,
@@ -3018,6 +3024,9 @@ var FederationImpl = class extends FederationBuilderImpl {
 				context: context$1,
 				nodeInfoDispatcher: this.nodeInfoDispatcher
 			});
+		}
+		if (request.method !== "POST" && !acceptsJsonLd(request)) return await onNotAcceptable(request);
+		switch (routeName) {
 			case "actor":
 				context$1 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
 				return await handleActor(request, {
@@ -3026,8 +3035,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					actorDispatcher: this.actorCallbacks?.dispatcher,
 					authorizePredicate: this.actorCallbacks?.authorizePredicate,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			case "object": {
 				const typeId = route.name.replace(/^object:/, "");
@@ -3043,8 +3051,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					objectDispatcher: callbacks?.dispatcher,
 					authorizePredicate: callbacks?.authorizePredicate,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "outbox": return await handleCollection(request, {
@@ -3055,8 +3062,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.outboxCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "inbox":
 				if (request.method !== "POST") return await handleCollection(request, {
@@ -3067,8 +3073,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: this.inboxCallbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 				context$1 = this.#createContext(request, contextData, { documentLoader: await context$1.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle }) });
 			case "sharedInbox":
@@ -3090,7 +3095,8 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound,
 					signatureTimeWindow: this.signatureTimeWindow,
 					skipSignatureVerification: this.skipSignatureVerification,
-					tracerProvider: this.tracerProvider
+					tracerProvider: this.tracerProvider,
+					idempotencyStrategy: this.idempotencyStrategy
 				});
 			case "following": return await handleCollection(request, {
 				name: "following",
@@ -3100,8 +3106,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.followingCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "followers": {
 				let baseUrl = url.searchParams.get("base-url");
@@ -3124,8 +3129,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: this.followersCallbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "liked": return await handleCollection(request, {
@@ -3136,8 +3140,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.likedCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "featured": return await handleCollection(request, {
 				name: "featured",
@@ -3147,8 +3150,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.featuredCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "featuredTags": return await handleCollection(request, {
 				name: "featured tags",
@@ -3158,8 +3160,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.featuredTagsCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "collection": {
 				const name = route.name.replace(/^collection:/, "");
@@ -3171,8 +3172,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: callbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "orderedCollection": {
@@ -3185,8 +3185,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: callbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			default: {
@@ -3840,7 +3839,8 @@ var ContextImpl = class ContextImpl {
 			kvPrefixes: this.federation.kvPrefixes,
 			queue: this.federation.inboxQueue,
 			span,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			idempotencyStrategy: this.federation.idempotencyStrategy
 		});
 		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
 	}
@@ -4154,4 +4154,4 @@ function getRequestId(request) {
 }
 
 //#endregion
-export { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, Router$1 as Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };
+export { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, Router$1 as Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };