@fedify/fedify 2.0.0-dev.1641 → 2.0.0-dev.166

package/dist/{middleware-ByPnvMMS.js → middleware-CQv0UNYy.js}

@@ -3,23 +3,28 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, deno_default, getDocumentLoader, getTypeId, kvCache, lookupWebFinger } from "./type-B4NJkfVg.js";
-import { getNodeInfo } from "./client-BW4V0OJx.js";
-import { RouterError, lookupObject, traverseCollection } from "./lookup-CiU3QxQz.js";
-import { nodeInfoToJson } from "./types-BSuWJsOm.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-CfiBDu3o.js";
-import { verifyRequest } from "./http-Cox5GsED.js";
-import { getAuthenticatedDocumentLoader } from "./authdocloader-BkIZCKQv.js";
-import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-CxgmnSO3.js";
-import { doesActorOwnKey, getKeyOwner } from "./owner-Cxob5_PK.js";
-import { signObject, verifyObject } from "./proof-BiSQNUmQ.js";
-import { routeActivity } from "./inbox-BDdRbWNI.js";
-import { FederationBuilderImpl } from "./builder-E2Icrl_a.js";
+import { deno_default } from "./deno-Cif1-iL_.js";
+import { getNodeInfo } from "./client-Dg7OfUDA.js";
+import { RouterError } from "./router-D9eI0s4b.js";
+import { nodeInfoToJson } from "./types-CPz01LGH.js";
+import { exportJwk, importJwk, validateCryptoKey } from "./key-Bw4eVboO.js";
+import { verifyRequest } from "./http-B99rtXjf.js";
+import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-1OEVoX2N.js";
+import { doesActorOwnKey, getKeyOwner } from "./owner-w_YNARRI.js";
+import { signObject, verifyObject } from "./proof-C8vStykH.js";
+import { getAuthenticatedDocumentLoader } from "./docloader-CVaWaEcp.js";
+import { kvCache } from "./kv-cache-BEeqyGER.js";
+import { routeActivity } from "./inbox-BC3B2xqc.js";
+import { FederationBuilderImpl } from "./builder-Khy2m25E.js";
 import { buildCollectionSynchronizationHeader } from "./collection-CcnIw1qY.js";
-import { KvKeyCache } from "./keycache-CVBjz3xi.js";
-import { createExponentialBackoffPolicy } from "./retry-CfF8Gn4d.js";
-import { extractInboxes, sendActivity } from "./send-DSEhWIYD.js";
+import { KvKeyCache } from "./keycache-DRxpZ5r9.js";
+import { acceptsJsonLd } from "./negotiation-5NPJL6zp.js";
+import { createExponentialBackoffPolicy } from "./retry-D4GJ670a.js";
+import { extractInboxes, sendActivity } from "./send-C77cZsvd.js";
 import { getLogger, withContext } from "@logtape/logtape";
+import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { lookupWebFinger } from "@fedify/webfinger";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { domainToASCII } from "node:url";
@@ -60,7 +65,7 @@ function autoIdAssigner(activity, context$1) {
 * activity like this:
 *
 * ```typescript
-* import { Follow, Person } from "@fedify/fedify/vocab";
+* import { Follow, Person } from "@fedify/vocab";
 * const input = new Follow({
 *   id: new URL("http://example.com/activities/1"),
 *   actor: new Person({
@@ -79,7 +84,7 @@ function autoIdAssigner(activity, context$1) {
 * The result of applying this transformer would be:
 *
 * ```typescript
-* import { Follow, Person } from "@fedify/fedify/vocab";
+* import { Follow, Person } from "@fedify/vocab";
 * const output = new Follow({
 *   id: new URL("http://example.com/activities/1"),
 *   actor: new URL("http://example.com/actors/1"),
@@ -152,218 +157,8 @@ function handleNodeInfoJrd(_request, context$1) {
 	return Promise.resolve(response);
 }
 
-//#endregion
-//#region src/vocab/constants.ts
-/**
-* The special public collection for [public addressing].  *Do not mutate this
-* object.*
-*
-* [public addressing]: https://www.w3.org/TR/activitypub/#public-addressing
-*
-* @since 0.7.0
-*/
-const PUBLIC_COLLECTION = new URL("https://www.w3.org/ns/activitystreams#Public");
-
-//#endregion
-//#region src/webfinger/handler.ts
-const logger = getLogger([
-	"fedify",
-	"webfinger",
-	"server"
-]);
-/**
-* Handles a WebFinger request.  You would not typically call this function
-* directly, but instead use {@link Federation.fetch} method.
-* @param request The WebFinger request to handle.
-* @param parameters The parameters for handling the request.
-* @returns The response to the request.
-*/
-async function handleWebFinger(request, options) {
-	if (options.tracer == null) return await handleWebFingerInternal(request, options);
-	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
-		try {
-			const response = await handleWebFingerInternal(request, options);
-			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
-			return response;
-		} catch (error) {
-			span.setStatus({
-				code: SpanStatusCode.ERROR,
-				message: String(error)
-			});
-			throw error;
-		} finally {
-			span.end();
-		}
-	});
-}
-async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span, webFingerLinksDispatcher }) {
-	if (actorDispatcher == null) {
-		logger.error("Actor dispatcher is not set.");
-		return await onNotFound(request);
-	}
-	const resource = context$1.url.searchParams.get("resource");
-	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
-	span?.setAttribute("webfinger.resource", resource);
-	let resourceUrl;
-	try {
-		resourceUrl = new URL(resource);
-	} catch (e) {
-		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
-		throw e;
-	}
-	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
-	async function mapUsernameToIdentifier(username) {
-		if (actorHandleMapper == null) {
-			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
-			return username;
-		}
-		const identifier$1 = await actorHandleMapper(context$1, username);
-		if (identifier$1 == null) {
-			logger.error("Actor {username} not found.", { username });
-			return null;
-		}
-		return identifier$1;
-	}
-	let identifier = null;
-	const uriParsed = context$1.parseUri(resourceUrl);
-	if (uriParsed?.type != "actor") {
-		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
-		if (match == null) {
-			const result = await actorAliasMapper?.(context$1, resourceUrl);
-			if (result == null) return await onNotFound(request);
-			if ("identifier" in result) identifier = result.identifier;
-			else identifier = await mapUsernameToIdentifier(result.username);
-		} else {
-			const portMatch = /:\d+$/.exec(match[2]);
-			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
-			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
-			else {
-				identifier = await mapUsernameToIdentifier(match[1]);
-				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
-			}
-		}
-	} else identifier = uriParsed.identifier;
-	if (identifier == null) return await onNotFound(request);
-	const actor = await actorDispatcher(context$1, identifier);
-	if (actor == null) {
-		logger.error("Actor {identifier} not found.", { identifier });
-		return await onNotFound(request);
-	}
-	const links = [{
-		rel: "self",
-		href: context$1.getActorUri(identifier).href,
-		type: "application/activity+json"
-	}];
-	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
-		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
-		href: url.href.href,
-		type: url.mediaType == null ? void 0 : url.mediaType
-	});
-	else if (url instanceof URL) links.push({
-		rel: "http://webfinger.net/rel/profile-page",
-		href: url.href
-	});
-	for await (const image of actor.getIcons()) {
-		if (image.url?.href == null) continue;
-		const link = {
-			rel: "http://webfinger.net/rel/avatar",
-			href: image.url.href.toString()
-		};
-		if (image.mediaType != null) link.type = image.mediaType;
-		links.push(link);
-	}
-	if (webFingerLinksDispatcher != null) {
-		const customLinks = await webFingerLinksDispatcher(context$1, resourceUrl);
-		if (customLinks != null) for (const link of customLinks) links.push(link);
-	}
-	const aliases = [];
-	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
-		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
-		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
-	}
-	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
-	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
-		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
-		aliases.push(`acct:${username}@${host}`);
-	}
-	const jrd = {
-		subject: resourceUrl.href,
-		aliases,
-		links
-	};
-	return new Response(JSON.stringify(jrd), { headers: {
-		"Content-Type": "application/jrd+json",
-		"Access-Control-Allow-Origin": "*"
-	} });
-}
-
-//#endregion
-//#region src/federation/negotiation.ts
-function compareSpecs(a, b) {
-	return b.q - a.q || (b.s ?? 0) - (a.s ?? 0) || (a.o ?? 0) - (b.o ?? 0) || a.i - b.i || 0;
-}
-function isQuality(spec) {
-	return spec.q > 0;
-}
-const simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
-function splitKeyValuePair(str) {
-	const [key, value] = str.split("=");
-	return [key.toLowerCase(), value];
-}
-function parseMediaType(str, i) {
-	const match = simpleMediaTypeRegExp.exec(str);
-	if (!match) return;
-	const [, type, subtype, parameters] = match;
-	if (!type || !subtype) return;
-	const params = Object.create(null);
-	let q = 1;
-	if (parameters) {
-		const kvps = parameters.split(";").map((p) => p.trim()).map(splitKeyValuePair);
-		for (const [key, val] of kvps) {
-			const value = val && val[0] === `"` && val[val.length - 1] === `"` ? val.slice(1, val.length - 1) : val;
-			if (key === "q" && value) {
-				q = parseFloat(value);
-				break;
-			}
-			params[key] = value;
-		}
-	}
-	return {
-		type,
-		subtype,
-		params,
-		i,
-		o: void 0,
-		q,
-		s: void 0
-	};
-}
-function parseAccept(accept) {
-	const accepts = accept.split(",").map((p) => p.trim());
-	const mediaTypes = [];
-	for (const [index, accept$1] of accepts.entries()) {
-		const mediaType = parseMediaType(accept$1.trim(), index);
-		if (mediaType) mediaTypes.push(mediaType);
-	}
-	return mediaTypes;
-}
-function getFullType(spec) {
-	return `${spec.type}/${spec.subtype}`;
-}
-function preferredMediaTypes(accept) {
-	const accepts = parseAccept(accept === void 0 ? "*/*" : accept ?? "");
-	return accepts.filter(isQuality).sort(compareSpecs).map(getFullType);
-}
-
 //#endregion
 //#region src/federation/handler.ts
-function acceptsJsonLd(request) {
-	const accept = request.headers.get("Accept");
-	const types = accept ? preferredMediaTypes(accept) : ["*/*"];
-	if (types == null) return true;
-	if (types[0] === "text/html" || types[0] === "application/xhtml+xml") return false;
-	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
-}
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -371,7 +166,7 @@ function acceptsJsonLd(request) {
 * @param parameters The parameters for handling the actor.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onUnauthorized }) {
 	const logger$2 = getLogger([
 		"fedify",
 		"federation",
@@ -386,7 +181,6 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 		logger$2.debug("Actor {identifier} not found.", { identifier });
 		return await onNotFound(request);
 	}
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -421,11 +215,10 @@ async function handleActor(request, { identifier, context: context$1, actorDispa
 * @param parameters The parameters for handling the object.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onUnauthorized }) {
 	if (objectDispatcher == null) return await onNotFound(request);
 	const object = await objectDispatcher(context$1, values);
 	if (object == null) return await onNotFound(request);
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -463,7 +256,7 @@ async function handleObject(request, { values, context: context$1, objectDispatc
 * @param parameters The parameters for handling the collection.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound, onNotAcceptable }) {
+async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
 	const spanName = name.trim().replace(/\s+/g, "_");
 	tracerProvider = tracerProvider ?? trace.getTracerProvider();
 	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
@@ -576,7 +369,6 @@ async function handleCollection(request, { name, identifier, uriGetter, filter,
 			partOf
 		});
 	}
-	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
 	if (collectionCallbacks.authorizePredicate != null) {
 		let key = await context$1.getSignedKey();
 		key = key?.clone({}, { $warning: {
@@ -671,7 +463,8 @@ async function handleInbox(request, options) {
 * @param span The OpenTelemetry span for tracing.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+async function handleInboxInternal(request, parameters, span) {
+	const { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider } = parameters;
 	const logger$2 = getLogger([
 		"fedify",
 		"federation",
@@ -845,6 +638,13 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+	span.addEvent("activitypub.activity.received", {
+		"activitypub.activity.json": JSON.stringify(json),
+		"activitypub.activity.verified": activity != null,
+		"ld_signatures.verified": ldSigVerified,
+		"http_signatures.verified": httpSigKey != null,
+		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
+	});
 	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
 		logger$2.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
@@ -873,7 +673,8 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 		kvPrefixes,
 		queue,
 		span,
-		tracerProvider
+		tracerProvider,
+		idempotencyStrategy: parameters.idempotencyStrategy
 	});
 	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
 		status: 202,
@@ -903,7 +704,7 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 /**
 * Handles a custom collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -914,7 +715,6 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 const handleCustomCollection = exceptWrapper(_handleCustomCollection);
 async function _handleCustomCollection(request, { name, values, context: context$1, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
 	verifyDefined(callbacks);
-	verifyJsonLdRequest(request);
 	await authIfNeeded(context$1, values, callbacks);
 	const cursor = new URL(request.url).searchParams.get("cursor");
 	return await new CustomCollectionHandler(name, values, context$1, callbacks, tracerProvider, Collection, CollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
@@ -922,7 +722,7 @@ async function _handleCustomCollection(request, { name, values, context: context
 /**
 * Handles an ordered collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -933,7 +733,6 @@ async function _handleCustomCollection(request, { name, values, context: context
 const handleOrderedCollection = exceptWrapper(_handleOrderedCollection);
 async function _handleOrderedCollection(request, { name, values, context: context$1, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
 	verifyDefined(callbacks);
-	verifyJsonLdRequest(request);
 	await authIfNeeded(context$1, values, callbacks);
 	const cursor = new URL(request.url).searchParams.get("cursor");
 	return await new CustomCollectionHandler(name, values, context$1, callbacks, tracerProvider, OrderedCollection, OrderedCollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
@@ -943,7 +742,7 @@ async function _handleOrderedCollection(request, { name, values, context: contex
 * The main flow is on `getCollection`, `dispatch`.
 *
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context. {@link Context} or {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @template TCollection The type of the collection, extending {@link Collection}.
@@ -977,14 +776,14 @@ var CustomCollectionHandler = class {
 	#collection = null;
 	/**
 	* Creates a new CustomCollection instance.
-	* @param {string} name The name of the collection.
-	* @param {TParams} values The parameter values for the collection.
-	* @param {TContext} context The request context.
-	* @param {CustomCollectionCallbacks} callbacks The collection callbacks.
-	* @param {TracerProvider} tracerProvider The tracer provider for telemetry.
-	* @param {ConstructorWithTypeId<TCollection>} Collection The Collection constructor.
-	* @param {ConstructorWithTypeId<TCollectionPage>} CollectionPage The CollectionPage constructor.
-	* @param {(item: TItem) => boolean} filterPredicate Optional filter predicate for items.
+	* @param name The name of the collection.
+	* @param values The parameter values for the collection.
+	* @param context The request context.
+	* @param callbacks The collection callbacks.
+	* @param tracerProvider The tracer provider for telemetry.
+	* @param Collection The Collection constructor.
+	* @param CollectionPage The CollectionPage constructor.
+	* @param filterPredicate Optional filter predicate for items.
 	*/
 	constructor(name, values, context$1, callbacks, tracerProvider = trace.getTracerProvider(), Collection$1, CollectionPage$1, filterPredicate) {
 		this.name = name;
@@ -1109,7 +908,7 @@ var CustomCollectionHandler = class {
 	/**
 	* Creates a function to wrap the dispatcher so tracing can be applied.
 	* @param params Parameters including cursor and total items.
-	* @returns {(span: Span) => Promise<PageItems<TItem>>} A function that handles the span operation.
+	* @returns A function that handles the span operation.
 	*/
 	spanPages = ({ totalItems = null, cursor = null }) => async (span) => {
 		try {
@@ -1130,23 +929,23 @@ var CustomCollectionHandler = class {
 	};
 	/**
 	* Dispatches the collection request to get items.
-	* @param {string | null} cursor The cursor for pagination, or null for the first page.
-	* @returns {Promise<PageItems<TItem>>} A promise that resolves to the page items.
+	* @param cursor The cursor for pagination, or null for the first page.
+	* @returns A promise that resolves to the page items.
 	*/
 	async dispatch(cursor = null) {
 		return await this.#dispatcher(this.context, this.values, cursor) ?? new ItemsNotFoundError().throw();
 	}
 	/**
 	* Filters the items in the collection.
-	* @param {TItem[]} items The items to filter.
-	* @returns {(Object | Link | URL)[]} The filtered items.
+	* @param items The items to filter.
+	* @returns The filtered items.
 	*/
 	filterItems(items) {
 		return filterCollectionItems(items, this.name, this.filterPredicate);
 	}
 	/**
 	* Appends a cursor to the URL if it exists.
-	* @param {string | null | undefined} cursor The cursor to append, or null/undefined.
+	* @param cursor The cursor to append, or null/undefined.
 	* @returns The URL with cursor appended, or null if cursor is null/undefined.
 	*/
 	appendToUrl(cursor) {
@@ -1154,8 +953,7 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the stored collection or collection page.
-	* @returns {Promise<TCollection | TCollectionPage>} A promise that resolves to
-	the collection or collection page.
+	* @returns A promise that resolves to the collection or collection page.
 	*/
 	get collection() {
 		if (this.#collection === null) this.#collection = this.getCollection();
@@ -1163,8 +961,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the total number of items in the collection.
-	* @returns {Promise<number | null>} A promise that
-	resolves to the total items count, or null if not available.
+	* @returns A promise that resolves to the total items count,
+	*          or null if not available.
 	*/
 	get totalItems() {
 		if (this.#totalItems === void 0) this.totalItems = this.callbacks.counter?.(this.context, this.values);
@@ -1180,8 +978,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the first cursor for pagination.
-	* @returns {Promise<string | null>} A promise that resolves to the first cursor,
-	or null if not available.
+	* @returns A promise that resolves to the first cursor,
+	*          or null if not available.
 	*/
 	get firstCursor() {
 		const cursor = this.callbacks.firstCursor?.(this.context, this.values);
@@ -1211,10 +1009,9 @@ function exceptWrapper(handler) {
 		try {
 			return await handler(request, handlerParams);
 		} catch (error) {
-			const { onNotFound, onNotAcceptable, onUnauthorized } = handlerParams;
+			const { onNotFound, onUnauthorized } = handlerParams;
 			switch (error?.constructor) {
 				case ItemsNotFoundError: return await onNotFound(request);
-				case NotAcceptableError: return await onNotAcceptable(request);
 				case UnauthorizedError: return await onUnauthorized(request);
 				default: throw error;
 			}
@@ -1232,15 +1029,6 @@ const verifyDefined = (callbacks) => {
 	if (callbacks === void 0) throw new ItemsNotFoundError();
 };
 /**
-* Verifies that a request accepts JSON-LD content type.
-* @param request The HTTP request to verify.
-* @throws {NotAcceptableError} If the request doesn't accept JSON-LD.
-* @since 1.8.0
-*/
-const verifyJsonLdRequest = (request) => {
-	if (!acceptsJsonLd(request)) throw new NotAcceptableError();
-};
-/**
 * Performs authorization if needed based on the authorization predicate.
 * @template TContextData The context data type.
 * @param {RequestContext<TContextData>} context The request context.
@@ -1324,15 +1112,6 @@ var ItemsNotFoundError = class extends HandlerError {
 	}
 };
 /**
-* Error thrown when the request is not acceptable (e.g., wrong content type).
-* @since 1.8.0
-*/
-var NotAcceptableError = class extends HandlerError {
-	constructor() {
-		super("The request is not acceptable.");
-	}
-};
-/**
 * Error thrown when access to a collection is unauthorized.
 * @since 1.8.0
 */
@@ -1368,6 +1147,138 @@ async function respondWithObjectIfAcceptable(object, request, options) {
 	return response;
 }
 
+//#endregion
+//#region src/federation/webfinger.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"server"
+]);
+/**
+* Handles a WebFinger request.  You would not typically call this function
+* directly, but instead use {@link Federation.fetch} method.
+* @param request The WebFinger request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleWebFinger(request, options) {
+	if (options.tracer == null) return await handleWebFingerInternal(request, options);
+	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
+		try {
+			const response = await handleWebFingerInternal(request, options);
+			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
+			return response;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span, webFingerLinksDispatcher }) {
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.");
+		return await onNotFound(request);
+	}
+	const resource = context$1.url.searchParams.get("resource");
+	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
+	span?.setAttribute("webfinger.resource", resource);
+	let resourceUrl;
+	try {
+		resourceUrl = new URL(resource);
+	} catch (e) {
+		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
+		throw e;
+	}
+	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
+	async function mapUsernameToIdentifier(username) {
+		if (actorHandleMapper == null) {
+			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
+			return username;
+		}
+		const identifier$1 = await actorHandleMapper(context$1, username);
+		if (identifier$1 == null) {
+			logger.error("Actor {username} not found.", { username });
+			return null;
+		}
+		return identifier$1;
+	}
+	let identifier = null;
+	const uriParsed = context$1.parseUri(resourceUrl);
+	if (uriParsed?.type != "actor") {
+		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
+		if (match == null) {
+			const result = await actorAliasMapper?.(context$1, resourceUrl);
+			if (result == null) return await onNotFound(request);
+			if ("identifier" in result) identifier = result.identifier;
+			else identifier = await mapUsernameToIdentifier(result.username);
+		} else {
+			const portMatch = /:\d+$/.exec(match[2]);
+			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
+			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
+			else {
+				identifier = await mapUsernameToIdentifier(match[1]);
+				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+			}
+		}
+	} else identifier = uriParsed.identifier;
+	if (identifier == null) return await onNotFound(request);
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const links = [{
+		rel: "self",
+		href: context$1.getActorUri(identifier).href,
+		type: "application/activity+json"
+	}];
+	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
+		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
+		href: url.href.href,
+		type: url.mediaType == null ? void 0 : url.mediaType
+	});
+	else if (url instanceof URL) links.push({
+		rel: "http://webfinger.net/rel/profile-page",
+		href: url.href
+	});
+	for await (const image of actor.getIcons()) {
+		if (image.url?.href == null) continue;
+		links.push({
+			rel: "http://webfinger.net/rel/avatar",
+			href: image.url.href.toString(),
+			...image.mediaType != null && { type: image.mediaType }
+		});
+	}
+	if (webFingerLinksDispatcher != null) {
+		const customLinks = await webFingerLinksDispatcher(context$1, resourceUrl);
+		if (customLinks != null) for (const link of customLinks) links.push(link);
+	}
+	const aliases = [];
+	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
+		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
+		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
+	}
+	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
+	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
+		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
+		aliases.push(`acct:${username}@${host}`);
+	}
+	const jrd = {
+		subject: resourceUrl.href,
+		aliases,
+		links
+	};
+	return new Response(JSON.stringify(jrd), { headers: {
+		"Content-Type": "application/jrd+json",
+		"Access-Control-Allow-Origin": "*"
+	} });
+}
+
 //#endregion
 //#region src/federation/middleware.ts
 /**
@@ -1405,7 +1316,6 @@ var FederationImpl = class extends FederationBuilderImpl {
 	firstKnock;
 	constructor(options) {
 		super();
-		const logger$2 = getLogger(["fedify", "federation"]);
 		this.kv = options.kv;
 		this.kvPrefixes = {
 			activityIdempotence: ["_fedify", "activityIdempotence"],
@@ -1453,8 +1363,9 @@ var FederationImpl = class extends FederationBuilderImpl {
 		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
 		this._initializeRouter();
 		if (options.allowPrivateAddress || options.userAgent != null) {
-			if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
-			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set documentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set contextLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
 		}
 		const { allowPrivateAddress, userAgent } = options;
 		this.allowPrivateAddress = allowPrivateAddress ?? false;
@@ -1468,11 +1379,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				prefix: this.kvPrefixes.remoteDocument
 			});
 		});
-		if (options.contextLoader != null) {
-			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
-			this.contextLoaderFactory = () => options.contextLoader;
-			logger$2.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
-		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
 		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => getAuthenticatedDocumentLoader(identity, {
 			allowPrivateAddress,
 			userAgent,
@@ -2011,6 +1918,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 						span,
 						tracer
 					});
+					if (acceptsJsonLd(request)) response.headers.set("Vary", "Accept");
 				} catch (error) {
 					span.setStatus({
 						code: SpanStatusCode.ERROR,
@@ -2074,6 +1982,9 @@ var FederationImpl = class extends FederationBuilderImpl {
 				context: context$1,
 				nodeInfoDispatcher: this.nodeInfoDispatcher
 			});
+		}
+		if (request.method !== "POST" && !acceptsJsonLd(request)) return await onNotAcceptable(request);
+		switch (routeName) {
 			case "actor":
 				context$1 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
 				return await handleActor(request, {
@@ -2082,8 +1993,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					actorDispatcher: this.actorCallbacks?.dispatcher,
 					authorizePredicate: this.actorCallbacks?.authorizePredicate,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			case "object": {
 				const typeId = route.name.replace(/^object:/, "");
@@ -2099,8 +2009,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					objectDispatcher: callbacks?.dispatcher,
 					authorizePredicate: callbacks?.authorizePredicate,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "outbox": return await handleCollection(request, {
@@ -2111,8 +2020,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.outboxCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "inbox":
 				if (request.method !== "POST") return await handleCollection(request, {
@@ -2123,8 +2031,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: this.inboxCallbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 				context$1 = this.#createContext(request, contextData, { documentLoader: await context$1.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle }) });
 			case "sharedInbox":
@@ -2146,7 +2053,8 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound,
 					signatureTimeWindow: this.signatureTimeWindow,
 					skipSignatureVerification: this.skipSignatureVerification,
-					tracerProvider: this.tracerProvider
+					tracerProvider: this.tracerProvider,
+					idempotencyStrategy: this.idempotencyStrategy
 				});
 			case "following": return await handleCollection(request, {
 				name: "following",
@@ -2156,8 +2064,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.followingCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "followers": {
 				let baseUrl = url.searchParams.get("base-url");
@@ -2180,8 +2087,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: this.followersCallbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "liked": return await handleCollection(request, {
@@ -2192,8 +2098,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.likedCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "featured": return await handleCollection(request, {
 				name: "featured",
@@ -2203,8 +2108,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.featuredCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "featuredTags": return await handleCollection(request, {
 				name: "featured tags",
@@ -2214,8 +2118,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				collectionCallbacks: this.featuredTagsCallbacks,
 				tracerProvider: this.tracerProvider,
 				onUnauthorized,
-				onNotFound,
-				onNotAcceptable
+				onNotFound
 			});
 			case "collection": {
 				const name = route.name.replace(/^collection:/, "");
@@ -2227,8 +2130,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: callbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			case "orderedCollection": {
@@ -2241,8 +2143,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					collectionCallbacks: callbacks,
 					tracerProvider: this.tracerProvider,
 					onUnauthorized,
-					onNotFound,
-					onNotAcceptable
+					onNotFound
 				});
 			}
 			default: {
@@ -2896,7 +2797,8 @@ var ContextImpl = class ContextImpl {
 			kvPrefixes: this.federation.kvPrefixes,
 			queue: this.federation.inboxQueue,
 			span,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			idempotencyStrategy: this.federation.idempotencyStrategy
 		});
 		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
 	}
@@ -3210,4 +3112,4 @@ function getRequestId(request) {
 }
 
 //#endregion
-export { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, acceptsJsonLd, actorDehydrator, autoIdAssigner, createFederation, handleActor, handleCollection, handleCustomCollection, handleInbox, handleNodeInfo, handleNodeInfoJrd, handleObject, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };
+export { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, actorDehydrator, autoIdAssigner, createFederation, handleActor, handleCollection, handleCustomCollection, handleInbox, handleNodeInfo, handleNodeInfoJrd, handleObject, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };