@fedify/fedify 2.0.0-pr.412.1559 → 2.0.0-pr.412.1794

package/dist/key-CUZQgVlf.js

@@ -1,10 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
-    
-import "./type-SK-d7Tbw.js";
-import "./actor-Cc6B76eG.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-CzLv1phF.js";
-
-export { validateCryptoKey };

package/dist/key-Deb0_wWL.js

@@ -1,10 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-    
-import "./docloader-DEhniCVa.js";
-import "./actor-CTAuCsWy.js";
-import "./lookup-dtdr2ftf.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-DxA6xRtZ.js";
-
-export { validateCryptoKey };

package/dist/key-DxA6xRtZ.js

@@ -1,260 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-    
-import { deno_default, getDocumentLoader } from "./docloader-DEhniCVa.js";
-import { CryptographicKey, Object as Object$1, isActor } from "./actor-CTAuCsWy.js";
-import { getLogger } from "@logtape/logtape";
-import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
-
-//#region src/sig/key.ts
-/**
-* Checks if the given key is valid and supported.  No-op if the key is valid,
-* otherwise throws an error.
-* @param key The key to check.
-* @param type Which type of key to check.  If not specified, the key can be
-*             either public or private.
-* @throws {TypeError} If the key is invalid or unsupported.
-*/
-function validateCryptoKey(key, type) {
-	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
-	if (!key.extractable) throw new TypeError("The key is not extractable.");
-	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
-	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
-		const algorithm = key.algorithm;
-		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
-	}
-}
-/**
-* Generates a key pair which is appropriate for Fedify.
-* @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
-*                  Ed25519 are supported.
-* @returns The generated key pair.
-* @throws {TypeError} If the algorithm is unsupported.
-*/
-function generateCryptoKeyPair(algorithm) {
-	if (algorithm == null) getLogger([
-		"fedify",
-		"sig",
-		"key"
-	]).warn("No algorithm specified.  Using RSASSA-PKCS1-v1_5 by default, but it is recommended to specify the algorithm explicitly as the parameter will be required in the future.");
-	if (algorithm == null || algorithm === "RSASSA-PKCS1-v1_5") return crypto.subtle.generateKey({
-		name: "RSASSA-PKCS1-v1_5",
-		modulusLength: 4096,
-		publicExponent: new Uint8Array([
-			1,
-			0,
-			1
-		]),
-		hash: "SHA-256"
-	}, true, ["sign", "verify"]);
-	else if (algorithm === "Ed25519") return crypto.subtle.generateKey("Ed25519", true, ["sign", "verify"]);
-	throw new TypeError("Unsupported algorithm: " + algorithm);
-}
-/**
-* Exports a key in JWK format.
-* @param key The key to export.  Either public or private key.
-* @returns The exported key in JWK format.  The key is suitable for
-*          serialization and storage.
-* @throws {TypeError} If the key is invalid or unsupported.
-*/
-async function exportJwk(key) {
-	validateCryptoKey(key);
-	const jwk = await crypto.subtle.exportKey("jwk", key);
-	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
-	return jwk;
-}
-/**
-* Imports a key from JWK format.
-* @param jwk The key in JWK format.
-* @param type Which type of key to import, either `"public"` or `"private"`.
-* @returns The imported key.
-* @throws {TypeError} If the key is invalid or unsupported.
-*/
-async function importJwk(jwk, type) {
-	let key;
-	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
-		name: "RSASSA-PKCS1-v1_5",
-		hash: "SHA-256"
-	}, true, type === "public" ? ["verify"] : ["sign"]);
-	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
-		if (navigator?.userAgent === "Cloudflare-Workers") {
-			jwk = { ...jwk };
-			delete jwk.alg;
-		}
-		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
-	} else throw new TypeError("Unsupported JWK format.");
-	validateCryptoKey(key, type);
-	return key;
-}
-/**
-* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
-* If the given URL contains an {@link Actor} object, it tries to find
-* the corresponding key in the `publicKey` or `assertionMethod` property.
-* @template T The type of the key to fetch.  Either {@link CryptographicKey}
-*              or {@link Multikey}.
-* @param keyId The URL of the key.
-* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
-*            or {@link Multikey}.
-* @param options Options for fetching the key.  See {@link FetchKeyOptions}.
-* @returns The fetched key or `null` if the key is not found.
-* @since 1.3.0
-*/
-function fetchKey(keyId, cls, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
-	return tracer.startActiveSpan("activitypub.fetch_key", {
-		kind: SpanKind.CLIENT,
-		attributes: {
-			"http.method": "GET",
-			"url.full": keyId.href,
-			"url.scheme": keyId.protocol.replace(/:$/, ""),
-			"url.domain": keyId.hostname,
-			"url.path": keyId.pathname,
-			"url.query": keyId.search.replace(/^\?/, ""),
-			"url.fragment": keyId.hash.replace(/^#/, "")
-		}
-	}, async (span) => {
-		try {
-			const result = await fetchKeyInternal(keyId, cls, options);
-			span.setAttribute("activitypub.actor.key.cached", result.cached);
-			return result;
-		} catch (e) {
-			span.setStatus({
-				code: SpanStatusCode.ERROR,
-				message: String(e)
-			});
-			throw e;
-		} finally {
-			span.end();
-		}
-	});
-}
-async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, keyCache, tracerProvider } = {}) {
-	const logger = getLogger([
-		"fedify",
-		"sig",
-		"key"
-	]);
-	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
-	keyId = typeof keyId === "string" ? keyId : keyId.href;
-	if (keyCache != null) {
-		const cachedKey = await keyCache.get(cacheKey);
-		if (cachedKey instanceof cls && cachedKey.publicKey != null) {
-			logger.debug("Key {keyId} found in cache.", { keyId });
-			return {
-				key: cachedKey,
-				cached: true
-			};
-		} else if (cachedKey === null) {
-			logger.debug("Entry {keyId} found in cache, but it is unavailable.", { keyId });
-			return {
-				key: null,
-				cached: true
-			};
-		}
-	}
-	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
-	let document;
-	try {
-		const remoteDocument = await (documentLoader ?? getDocumentLoader())(keyId);
-		document = remoteDocument.document;
-	} catch (_) {
-		logger.debug("Failed to fetch key {keyId}.", { keyId });
-		await keyCache?.set(cacheKey, null);
-		return {
-			key: null,
-			cached: false
-		};
-	}
-	let object;
-	try {
-		object = await Object$1.fromJsonLd(document, {
-			documentLoader,
-			contextLoader,
-			tracerProvider
-		});
-	} catch (e) {
-		if (!(e instanceof TypeError)) throw e;
-		try {
-			object = await cls.fromJsonLd(document, {
-				documentLoader,
-				contextLoader,
-				tracerProvider
-			});
-		} catch (e$1) {
-			if (e$1 instanceof TypeError) {
-				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
-				await keyCache?.set(cacheKey, null);
-				return {
-					key: null,
-					cached: false
-				};
-			}
-			throw e$1;
-		}
-	}
-	let key = null;
-	if (object instanceof cls) key = object;
-	else if (isActor(object)) {
-		const keys = cls === CryptographicKey ? object.getPublicKeys({
-			documentLoader,
-			contextLoader,
-			tracerProvider
-		}) : object.getAssertionMethods({
-			documentLoader,
-			contextLoader,
-			tracerProvider
-		});
-		let length = 0;
-		let lastKey = null;
-		for await (const k of keys) {
-			length++;
-			lastKey = k;
-			if (k.id?.href === keyId) {
-				key = k;
-				break;
-			}
-		}
-		const keyIdUrl = new URL(keyId);
-		if (key == null && keyIdUrl.hash === "" && length === 1) key = lastKey;
-		if (key == null) {
-			logger.debug("Failed to verify; object {keyId} returned an {actorType}, but has no key matching {keyId}.", {
-				keyId,
-				actorType: object.constructor.name
-			});
-			await keyCache?.set(cacheKey, null);
-			return {
-				key: null,
-				cached: false
-			};
-		}
-	} else {
-		logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
-		await keyCache?.set(cacheKey, null);
-		return {
-			key: null,
-			cached: false
-		};
-	}
-	if (key.publicKey == null) {
-		logger.debug("Failed to verify; key {keyId} has no publicKeyPem field.", { keyId });
-		await keyCache?.set(cacheKey, null);
-		return {
-			key: null,
-			cached: false
-		};
-	}
-	if (keyCache != null) {
-		await keyCache.set(cacheKey, key);
-		logger.debug("Key {keyId} cached.", { keyId });
-	}
-	return {
-		key,
-		cached: false
-	};
-}
-
-//#endregion
-export { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey };

package/dist/lookup-dtdr2ftf.js

@@ -1,131 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-    
-import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-DEhniCVa.js";
-import { getLogger } from "@logtape/logtape";
-import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
-
-//#region src/webfinger/lookup.ts
-const logger = getLogger([
-	"fedify",
-	"webfinger",
-	"lookup"
-]);
-const DEFAULT_MAX_REDIRECTION = 5;
-/**
-* Looks up a WebFinger resource.
-* @param resource The resource URL to look up.
-* @param options Extra options for looking up the resource.
-* @returns The resource descriptor, or `null` if not found.
-* @since 0.2.0
-*/
-async function lookupWebFinger(resource, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("webfinger.lookup", {
-		kind: SpanKind.CLIENT,
-		attributes: {
-			"webfinger.resource": resource.toString(),
-			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
-		}
-	}, async (span) => {
-		try {
-			const result = await lookupWebFingerInternal(resource, options);
-			span.setStatus({ code: result === null ? SpanStatusCode.ERROR : SpanStatusCode.OK });
-			return result;
-		} catch (error) {
-			span.setStatus({
-				code: SpanStatusCode.ERROR,
-				message: String(error)
-			});
-			throw error;
-		} finally {
-			span.end();
-		}
-	});
-}
-async function lookupWebFingerInternal(resource, options = {}) {
-	if (typeof resource === "string") resource = new URL(resource);
-	let protocol = "https:";
-	let server;
-	if (resource.protocol === "acct:") {
-		const atPos = resource.pathname.lastIndexOf("@");
-		if (atPos < 0) return null;
-		server = resource.pathname.substring(atPos + 1);
-		if (server === "") return null;
-	} else {
-		protocol = resource.protocol;
-		server = resource.host;
-	}
-	let url = new URL(`${protocol}//${server}/.well-known/webfinger`);
-	url.searchParams.set("resource", resource.href);
-	let redirected = 0;
-	while (true) {
-		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
-		let response;
-		if (options.allowPrivateAddress !== true) try {
-			await validatePublicUrl(url.href);
-		} catch (e) {
-			if (e instanceof UrlError) {
-				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
-				return null;
-			}
-			throw e;
-		}
-		try {
-			response = await fetch(url, {
-				headers: {
-					Accept: "application/jrd+json",
-					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : getUserAgent(options.userAgent)
-				},
-				redirect: "manual",
-				signal: options.signal
-			});
-		} catch (error) {
-			logger.debug("Failed to fetch WebFinger resource descriptor: {error}", {
-				url: url.href,
-				error
-			});
-			return null;
-		}
-		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
-			redirected++;
-			const maxRedirection = options.maxRedirection ?? DEFAULT_MAX_REDIRECTION;
-			if (redirected >= maxRedirection) {
-				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
-				return null;
-			}
-			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
-			if (redirectedUrl.protocol !== url.protocol) {
-				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
-					protocol: url.protocol,
-					redirectedProtocol: redirectedUrl.protocol
-				});
-				return null;
-			}
-			url = redirectedUrl;
-			continue;
-		}
-		if (!response.ok) {
-			logger.debug("Failed to fetch WebFinger resource descriptor: {status} {statusText}.", {
-				url: url.href,
-				status: response.status,
-				statusText: response.statusText
-			});
-			return null;
-		}
-		try {
-			return await response.json();
-		} catch (e) {
-			if (e instanceof SyntaxError) {
-				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
-				return null;
-			}
-			throw e;
-		}
-	}
-}
-
-//#endregion
-export { lookupWebFinger };

package/dist/middleware-BE_geSiJ.js

@@ -1,17 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-    
-import "./transformers-Dna8Fg7k.js";
-import "./docloader-DEhniCVa.js";
-import "./actor-CTAuCsWy.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-CxEkcFW0.js";
-import "./lookup-dtdr2ftf.js";
-import "./key-DxA6xRtZ.js";
-import "./http-l0TEupZK.js";
-import "./proof-tgUlT8hw.js";
-import "./types-DgPvoUWN.js";
-import "./authdocloader-BFVqUbyo.js";
-import "./vocab-CvD6Vbml.js";
-
-export { FederationImpl };

package/dist/middleware-BnU6hzVp.js

@@ -1,26 +0,0 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
-    
-import "./type-SK-d7Tbw.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-BRgu1IH8.js";
-import "./semver-dArNLkR9.js";
-import "./client-De-z2UnN.js";
-import "./lookup-Bn_HEC_d.js";
-import "./types-BIgY6c-l.js";
-import "./actor-Cc6B76eG.js";
-import "./key-CzLv1phF.js";
-import "./http-CcdM1brU.js";
-import "./authdocloader-CLgDGafZ.js";
-import "./ld-CBcQdZ6N.js";
-import "./owner-VEIjmR8r.js";
-import "./proof-DoSQAGkE.js";
-import "./inbox-B6DZbGNf.js";
-import "./builder-BOEBObR8.js";
-import "./collection-CSzG2j1P.js";
-import "./keycache-B8HdZJSt.js";
-import "./retry-D4GJ670a.js";
-import "./send-BzS7w-QF.js";
-
-export { FederationImpl };

package/dist/mod-TFoH2Ql8.d.ts

@@ -1,104 +0,0 @@
-import { Temporal } from "@js-temporal/polyfill";
-import { URLPattern } from "urlpattern-polyfill";
-import { DocumentLoader, DocumentLoaderFactoryOptions } from "./docloader-CxWcuWqQ.js";
-import { HttpMessageSignaturesSpecDeterminer } from "./http-DqSNLFNY.js";
-import { TracerProvider } from "@opentelemetry/api";
-
-//#region src/runtime/authdocloader.d.ts
-/**
- * Options for {@link getAuthenticatedDocumentLoader}.
- * @see {@link getAuthenticatedDocumentLoader}
- * @since 1.3.0
- */
-interface GetAuthenticatedDocumentLoaderOptions extends DocumentLoaderFactoryOptions {
-  /**
-   * An optional spec determiner for HTTP Message Signatures.
-   * It determines the spec to use for signing requests.
-   * It is used for double-knocking
-   * (see <https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions>).
-   * @since 1.6.0
-   */
-  specDeterminer?: HttpMessageSignaturesSpecDeterminer;
-  /**
-   * The OpenTelemetry tracer provider.  If omitted, the global tracer provider
-   * is used.
-   * @since 1.6.0
-   */
-  tracerProvider?: TracerProvider;
-}
-/**
- * Gets an authenticated {@link DocumentLoader} for the given identity.
- * Note that an authenticated document loader intentionally does not cache
- * the fetched documents.
- * @param identity The identity to get the document loader for.
- *                 The actor's key pair.
- * @param options The options for the document loader.
- * @returns The authenticated document loader.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.4.0
- */
-declare function getAuthenticatedDocumentLoader(identity: {
-  keyId: URL;
-  privateKey: CryptoKey;
-}, {
-  allowPrivateAddress,
-  userAgent,
-  specDeterminer,
-  tracerProvider
-}?: GetAuthenticatedDocumentLoaderOptions): DocumentLoader;
-//#endregion
-//#region src/runtime/key.d.ts
-/**
- * Imports a PEM-SPKI formatted public key.
- * @param pem The PEM-SPKI formatted public key.
- * @returns The imported public key.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.5.0
- */
-declare function importSpki(pem: string): Promise<CryptoKey>;
-/**
- * Exports a public key in PEM-SPKI format.
- * @param key The public key to export.
- * @returns The exported public key in PEM-SPKI format.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.5.0
- */
-declare function exportSpki(key: CryptoKey): Promise<string>;
-/**
- * Imports a PEM-PKCS#1 formatted public key.
- * @param pem The PEM-PKCS#1 formatted public key.
- * @returns The imported public key.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 1.5.0
- */
-declare function importPkcs1(pem: string): Promise<CryptoKey>;
-/**
- * Imports a PEM formatted public key (SPKI or PKCS#1).
- * @param pem The PEM formatted public key to import (SPKI or PKCS#1).
- * @returns The imported public key.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 1.5.0
- */
-declare function importPem(pem: string): Promise<CryptoKey>;
-/**
- * Imports a [Multibase]-encoded public key.
- *
- * [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
- * @param key The Multibase-encoded public key.
- * @returns The imported public key.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.10.0
- */
-declare function importMultibaseKey(key: string): Promise<CryptoKey>;
-/**
- * Exports a public key in [Multibase] format.
- *
- * [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
- * @param key The public key to export.
- * @returns The exported public key in Multibase format.
- * @throws {TypeError} If the key is invalid or unsupported.
- * @since 0.10.0
- */
-declare function exportMultibaseKey(key: CryptoKey): Promise<string>;
-//#endregion
-export { GetAuthenticatedDocumentLoaderOptions, exportMultibaseKey, exportSpki, getAuthenticatedDocumentLoader, importMultibaseKey, importPem, importPkcs1, importSpki };