@fedify/fedify 2.0.0-pr.410.1558 → 2.0.0-pr.412.1692

package/dist/{key-BD3lpBWw.js → key-Epcl5jpz.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import "./type-B2h-NRAo.js";
-import "./actor-CkjTCNqi.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-BYNqWXyu.js";
+import "./type-NEA09tSC.js";
+import "./actor-D5S46edz.js";
+import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-IxRhZpOF.js";
 
 export { validateCryptoKey };

package/dist/{key-BYNqWXyu.js → key-IxRhZpOF.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Object as Object$1, deno_default, getDocumentLoader } from "./type-B2h-NRAo.js";
-import { isActor } from "./actor-CkjTCNqi.js";
+import { CryptographicKey, Object as Object$1, deno_default, getDocumentLoader } from "./type-NEA09tSC.js";
+import { isActor } from "./actor-D5S46edz.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 

package/dist/{keycache-yZDAc3-e.js → keycache-TEniXNel.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey } from "./type-B2h-NRAo.js";
+import { CryptographicKey, Multikey } from "./type-NEA09tSC.js";
 
 //#region src/federation/keycache.ts
 var KvKeyCache = class {

package/dist/{keys-Dtc-g6xq.js → keys-bZxcrZ9Z.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey, importSpki } from "./type-B2h-NRAo.js";
+import { CryptographicKey, Multikey, importSpki } from "./type-NEA09tSC.js";
 
 //#region src/testing/keys.ts
 const rsaPublicKey1 = new CryptographicKey({

package/dist/kv-63Cil1MD.d.cts

@@ -0,0 +1,81 @@
+//#region src/federation/kv.d.ts
+/**
+ * A key for a key–value store.  An array of one or more strings.
+ *
+ * @since 0.5.0
+ */
+type KvKey = readonly [string] | readonly [string, ...string[]];
+/**
+ * Additional options for setting a value in a key–value store.
+ *
+ * @since 0.5.0
+ */
+interface KvStoreSetOptions {
+  /**
+   * The time-to-live (TTL) for the value.
+   */
+  ttl?: Temporal.Duration;
+}
+/**
+ * An abstract interface for a key–value store.
+ *
+ * @since 0.5.0
+ */
+interface KvStore {
+  /**
+   * Gets the value for the given key.
+   * @param key The key to get the value for.
+   * @returns The value for the key, or `undefined` if the key does not exist.
+   * @template T The type of the value to get.
+   */
+  get<T = unknown>(key: KvKey): Promise<T | undefined>;
+  /**
+   * Sets the value for the given key.
+   * @param key The key to set the value for.
+   * @param value The value to set.
+   * @param options Additional options for setting the value.
+   */
+  set(key: KvKey, value: unknown, options?: KvStoreSetOptions): Promise<void>;
+  /**
+   * Deletes the value for the given key.
+   * @param key The key to delete.
+   */
+  delete(key: KvKey): Promise<void>;
+  /**
+   * Compare-and-swap (CAS) operation for the key–value store.
+   * @param key The key to perform the CAS operation on.
+   * @param expectedValue The expected value for the key.
+   * @param newValue The new value to set if the expected value matches.
+   * @param options Additional options for setting the value.
+   * @return `true` if the CAS operation was successful, `false` otherwise.
+   * @since 1.8.0
+   */
+  cas?: (key: KvKey, expectedValue: unknown, newValue: unknown, options?: KvStoreSetOptions) => Promise<boolean>;
+}
+/**
+ * A key–value store that stores values in memory.
+ * Do not use this in production as it does not persist values.
+ *
+ * @since 0.5.0
+ */
+declare class MemoryKvStore implements KvStore {
+  #private;
+  /**
+   * {@inheritDoc KvStore.get}
+   */
+  get<T = unknown>(key: KvKey): Promise<T | undefined>;
+  /**
+   * {@inheritDoc KvStore.set}
+   */
+  set(key: KvKey, value: unknown, options?: KvStoreSetOptions): Promise<void>;
+  /**
+   * {@inheritDoc KvStore.delete}
+   */
+  delete(key: KvKey): Promise<void>;
+  /**
+   * {@inheritDoc KvStore.cas}
+   */
+  cas(key: KvKey, expectedValue: unknown, newValue: unknown, options?: KvStoreSetOptions): Promise<boolean>;
+}
+//#endregion
+export { KvKey, KvStore, KvStoreSetOptions, MemoryKvStore };

package/dist/{ld-BJ484qSg.js → ld-DW7A0uIc.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-B2h-NRAo.js";
-import { fetchKey, validateCryptoKey } from "./key-BYNqWXyu.js";
+import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-NEA09tSC.js";
+import { fetchKey, validateCryptoKey } from "./key-IxRhZpOF.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
@@ -182,7 +182,7 @@ async function verifySignature(jsonLd, options = {}) {
 	const encoder = new TextEncoder();
 	const message = sigOptsHash + docHash;
 	const messageBytes = encoder.encode(message);
-	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature, messageBytes);
+	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes);
 	if (verified) return key;
 	if (cached) {
 		logger.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
@@ -197,7 +197,7 @@ async function verifySignature(jsonLd, options = {}) {
 			}
 		});
 		if (key$1 == null) return null;
-		const verified$1 = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key$1.publicKey, signature, messageBytes);
+		const verified$1 = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key$1.publicKey, signature.slice(), messageBytes);
 		return verified$1 ? key$1 : null;
 	}
 	logger.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {

package/dist/{lookup-Cj0sX50U.js → lookup-DhQCVVja.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Object as Object$1, deno_default, getDocumentLoader, getTypeId, lookupWebFinger } from "./type-B2h-NRAo.js";
+import { Object as Object$1, deno_default, getDocumentLoader, getTypeId, lookupWebFinger } from "./type-NEA09tSC.js";
 import { cloneDeep, delay } from "es-toolkit";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
@@ -240,14 +240,13 @@ async function lookupObject(identifier, options = {}) {
 async function lookupObjectInternal(identifier, options = {}) {
 	const documentLoader = options.documentLoader ?? getDocumentLoader({ userAgent: options.userAgent });
 	if (typeof identifier === "string") identifier = toAcctUrl(identifier) ?? new URL(identifier);
-	let document = null;
+	let remoteDoc = null;
 	if (identifier.protocol === "http:" || identifier.protocol === "https:") try {
-		const remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
-		document = remoteDoc.document;
+		remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
 	} catch (error) {
 		logger.debug("Failed to fetch remote document:\n{error}", { error });
 	}
-	if (document == null) {
+	if (remoteDoc == null) {
 		const jrd = await lookupWebFinger(identifier, {
 			userAgent: options.userAgent,
 			tracerProvider: options.tracerProvider,
@@ -258,8 +257,7 @@ async function lookupObjectInternal(identifier, options = {}) {
 		for (const l of jrd.links) {
 			if (l.type !== "application/activity+json" && !l.type?.match(/application\/ld\+json;\s*profile="https:\/\/www.w3.org\/ns\/activitystreams"/) || l.rel !== "self" || l.href == null) continue;
 			try {
-				const remoteDoc = await documentLoader(l.href, { signal: options.signal });
-				document = remoteDoc.document;
+				remoteDoc = await documentLoader(l.href, { signal: options.signal });
 				break;
 			} catch (error) {
 				logger.debug("Failed to fetch remote document:\n{error}", { error });
@@ -267,23 +265,34 @@ async function lookupObjectInternal(identifier, options = {}) {
 			}
 		}
 	}
-	if (document == null) return null;
+	if (remoteDoc == null) return null;
+	let object;
 	try {
-		return await Object$1.fromJsonLd(document, {
+		object = await Object$1.fromJsonLd(remoteDoc.document, {
 			documentLoader,
 			contextLoader: options.contextLoader,
-			tracerProvider: options.tracerProvider
+			tracerProvider: options.tracerProvider,
+			baseUrl: new URL(remoteDoc.documentUrl)
 		});
 	} catch (error) {
 		if (error instanceof TypeError) {
 			logger.debug("Failed to parse JSON-LD document: {error}\n{document}", {
-				error,
-				document
+				...remoteDoc,
+				error
 			});
 			return null;
 		}
 		throw error;
 	}
+	if (options.crossOrigin !== "trust" && object.id != null && object.id.origin !== new URL(remoteDoc.documentUrl).origin) {
+		if (options.crossOrigin === "throw") throw new Error(`The object's @id (${object.id.href}) has a different origin than the document URL (${remoteDoc.documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to "trust".`);
+		logger.warn("The object's @id ({objectId}) has a different origin than the document URL ({documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to \"trust\".", {
+			...remoteDoc,
+			objectId: object.id.href
+		});
+		return null;
+	}
+	return object;
 }
 /**
 * Traverses a collection, yielding each item in the collection.

package/dist/lookup-DiV4LFBg.cjs

@@ -0,0 +1,137 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+const require_chunk = require('./chunk-DqRYRqnO.cjs');
+const require_docloader = require('./docloader-7Ey7wNHx.cjs');
+const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
+const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
+
+//#region src/webfinger/lookup.ts
+const logger = (0, __logtape_logtape.getLogger)([
+	"fedify",
+	"webfinger",
+	"lookup"
+]);
+const DEFAULT_MAX_REDIRECTION = 5;
+/**
+* Looks up a WebFinger resource.
+* @param resource The resource URL to look up.
+* @param options Extra options for looking up the resource.
+* @returns The resource descriptor, or `null` if not found.
+* @since 0.2.0
+*/
+async function lookupWebFinger(resource, options = {}) {
+	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	return await tracer.startActiveSpan("webfinger.lookup", {
+		kind: __opentelemetry_api.SpanKind.CLIENT,
+		attributes: {
+			"webfinger.resource": resource.toString(),
+			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
+		}
+	}, async (span) => {
+		try {
+			const result = await lookupWebFingerInternal(resource, options);
+			span.setStatus({ code: result === null ? __opentelemetry_api.SpanStatusCode.ERROR : __opentelemetry_api.SpanStatusCode.OK });
+			return result;
+		} catch (error) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function lookupWebFingerInternal(resource, options = {}) {
+	if (typeof resource === "string") resource = new URL(resource);
+	let protocol = "https:";
+	let server;
+	if (resource.protocol === "acct:") {
+		const atPos = resource.pathname.lastIndexOf("@");
+		if (atPos < 0) return null;
+		server = resource.pathname.substring(atPos + 1);
+		if (server === "") return null;
+	} else {
+		protocol = resource.protocol;
+		server = resource.host;
+	}
+	let url = new URL(`${protocol}//${server}/.well-known/webfinger`);
+	url.searchParams.set("resource", resource.href);
+	let redirected = 0;
+	while (true) {
+		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
+		let response;
+		if (options.allowPrivateAddress !== true) try {
+			await require_docloader.validatePublicUrl(url.href);
+		} catch (e) {
+			if (e instanceof require_docloader.UrlError) {
+				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+		try {
+			response = await fetch(url, {
+				headers: {
+					Accept: "application/jrd+json",
+					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : require_docloader.getUserAgent(options.userAgent)
+				},
+				redirect: "manual",
+				signal: options.signal
+			});
+		} catch (error) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {error}", {
+				url: url.href,
+				error
+			});
+			return null;
+		}
+		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
+			redirected++;
+			const maxRedirection = options.maxRedirection ?? DEFAULT_MAX_REDIRECTION;
+			if (redirected >= maxRedirection) {
+				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
+				return null;
+			}
+			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
+			if (redirectedUrl.protocol !== url.protocol) {
+				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
+					protocol: url.protocol,
+					redirectedProtocol: redirectedUrl.protocol
+				});
+				return null;
+			}
+			url = redirectedUrl;
+			continue;
+		}
+		if (!response.ok) {
+			logger.debug("Failed to fetch WebFinger resource descriptor: {status} {statusText}.", {
+				url: url.href,
+				status: response.status,
+				statusText: response.statusText
+			});
+			return null;
+		}
+		try {
+			return await response.json();
+		} catch (e) {
+			if (e instanceof SyntaxError) {
+				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
+				return null;
+			}
+			throw e;
+		}
+	}
+}
+
+//#endregion
+Object.defineProperty(exports, 'lookupWebFinger', {
+  enumerable: true,
+  get: function () {
+    return lookupWebFinger;
+  }
+});

package/dist/{lookup-BzogF2gp.js → lookup-cVRa2QM-.js}

@@ -1,8 +1,8 @@
 
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-    
-import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-DnepZfu_.js";
+          import { Temporal } from "@js-temporal/polyfill";
+          import { URLPattern } from "urlpattern-polyfill";
+        
+import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-CkweNhUH.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 

package/dist/middleware-Be1JStOx.js

@@ -0,0 +1,17 @@
+
+          import { Temporal } from "@js-temporal/polyfill";
+          import { URLPattern } from "urlpattern-polyfill";
+        
+import "./transformers-BFT6d7J5.js";
+import "./docloader-CkweNhUH.js";
+import "./actor-G2S5sPEA.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-DvvYAIsd.js";
+import "./lookup-cVRa2QM-.js";
+import "./key-CkxrAIyp.js";
+import "./http-C5tC93Hn.js";
+import "./proof-Chi90OXv.js";
+import "./types-dLXLjVLf.js";
+import "./authdocloader-C5AvdCCi.js";
+import "./vocab-rWbHpc2J.js";
+
+export { FederationImpl };

package/dist/middleware-CDOK7WOb.js

@@ -0,0 +1,26 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import "./type-NEA09tSC.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-Cgr3PtaJ.js";
+import "./client-Bmd-i8x8.js";
+import "./lookup-DhQCVVja.js";
+import "./types-BSuWJsOm.js";
+import "./actor-D5S46edz.js";
+import "./key-IxRhZpOF.js";
+import "./http-DGjdMiLc.js";
+import "./authdocloader-SjwloJUA.js";
+import "./ld-DW7A0uIc.js";
+import "./owner-6Vc3UXXE.js";
+import "./proof-C1jhbeNv.js";
+import "./inbox-BoDY3z8G.js";
+import "./builder-OA47XRft.js";
+import "./collection-CcnIw1qY.js";
+import "./keycache-TEniXNel.js";
+import "./negotiation-5NPJL6zp.js";
+import "./retry-D4GJ670a.js";
+import "./send-DjATl6i3.js";
+
+export { FederationImpl };