npm - @fedify/fedify - Versions diffs - 2.0.0-pr.435.1667 → 2.0.0-pr.445.1694 - Mend

@fedify/fedify 2.0.0-pr.435.1667 → 2.0.0-pr.445.1694

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

package/dist/{actor-C3gJhZJj.cjs → actor-CwZ2m5rG.cjs} +7263 -2440
package/dist/{actor-DMgu-ZjT.d.cts → actor-D6K058Tb.d.cts} +1 -1
package/dist/{actor-Cpal85xW.js → actor-D8gCwLzv.js} +1 -1
package/dist/{actor-CnVfp1Hp.js → actor-DoMcqXsW.js} +7263 -2440
package/dist/{actor-C22bXuuC.d.ts → actor-T6RyhRgk.d.ts} +1 -1
package/dist/{assert_rejects-7UF4R_Qs.js → assert_rejects-DiIiJbZn.js} +1 -1
package/dist/{assert_throws-53_pKeP3.js → assert_throws-BOO88avQ.js} +1 -1
package/dist/{authdocloader-DWnwkjvZ.js → authdocloader-Cv_qEn1G.js} +3 -3
package/dist/{authdocloader-Df2BFefL.js → authdocloader-DYTNpaMA.js} +3 -3
package/dist/{authdocloader-DPCGwidE.cjs → authdocloader-bsmVF6eO.cjs} +3 -3
package/dist/{builder-CMxichO9.js → builder-1_skw-d2.js} +10 -4
package/dist/{client-BqyuOGiQ.js → client-D5CBsPrc.js} +1 -1
package/dist/compat/mod.d.cts +7 -7
package/dist/compat/mod.d.ts +7 -7
package/dist/compat/transformers.test.js +18 -17
package/dist/{context-CDSZdQHD.d.ts → context-DBKpNBnc.d.ts} +66 -12
package/dist/{context-Dq8aCtMH.d.cts → context-DiqjMRef.d.cts} +66 -12
package/dist/{docloader-B1O1Z5OK.cjs → docloader-CYnQRIXv.cjs} +2 -2
package/dist/{docloader-xJVzq9O0.js → docloader-Czl3xV10.js} +2 -2
package/dist/{esm-BBznxjVc.js → esm-Dl5T1RNE.js} +1 -1
package/dist/federation/builder.test.js +10 -10
package/dist/federation/collection.test.js +8 -8
package/dist/federation/handler.test.js +26 -145
package/dist/federation/idempotency.test.d.ts +3 -0
package/dist/federation/idempotency.test.js +202 -0
package/dist/federation/inbox.test.js +6 -6
package/dist/federation/keycache.test.js +4 -4
package/dist/federation/kv.test.js +8 -8
package/dist/federation/middleware.test.js +238 -44
package/dist/federation/mod.cjs +10 -10
package/dist/federation/mod.d.cts +7 -7
package/dist/federation/mod.d.ts +7 -7
package/dist/federation/mod.js +10 -10
package/dist/federation/mq.test.js +10 -10
package/dist/federation/negotiation.test.d.ts +3 -0
package/dist/federation/negotiation.test.js +28 -0
package/dist/federation/retry.test.js +5 -5
package/dist/federation/router.test.js +8 -8
package/dist/federation/send.test.js +15 -15
package/dist/fixtures/media.example.com/avatars/test-avatar.jpg.json +6 -0
package/dist/{http-Hw9HJp9i.cjs → http-CAusBl_3.cjs} +3 -3
package/dist/{http-CovAm6we.js → http-C_Qc2neP.js} +3 -3
package/dist/{http-y7khnX5Q.js → http-CuS-d4U0.js} +2 -2
package/dist/{http-BS6766zs.d.cts → http-D-e6AFwR.d.cts} +1 -1
package/dist/{http-DqSNLFNY.d.ts → http-D6Uj2x2y.d.ts} +1 -1
package/dist/{inbox-DpcYOzs8.js → inbox-IETv_Qez.js} +24 -7
package/dist/{key-BRmlopJL.js → key-BNJQQm3h.js} +2 -2
package/dist/{key-lapZwBwG.js → key-C_ruQbbl.js} +4 -4
package/dist/key-DIMJMxf4.cjs +10 -0
package/dist/{key-DORX19Bl.js → key-DnqhSgAv.js} +2 -2
package/dist/{key-jf6dIIF-.js → key-DpFjiItf.js} +3 -3
package/dist/{key-CzF9SAEI.cjs → key-DuXv64tg.cjs} +2 -2
package/dist/{keycache-AH1uj1j-.js → keycache-CSBkusP8.js} +1 -1
package/dist/{keys-B3fzLXBG.js → keys-D3_MDK7n.js} +1 -1
package/dist/{ld-D3cq9xO1.js → ld-Isot0tiW.js} +2 -2
package/dist/{lookup-BrhURkmj.js → lookup-CbtuFbtg.js} +21 -12
package/dist/{lookup-7u217Q3H.cjs → lookup-D6dro5Au.cjs} +1 -1
package/dist/{lookup-CfU0DgLr.js → lookup-Dhm78GlK.js} +1 -1
package/dist/middleware-BpR6186a.js +26 -0
package/dist/{middleware-DXWUGrBQ.js → middleware-BuHr2fzh.js} +73 -81
package/dist/middleware-DDMxdtWM.cjs +17 -0
package/dist/{middleware-BDN7YoYJ.js → middleware-DQYscW90.js} +47 -142
package/dist/{middleware-Gsxukxs5.cjs → middleware-Dgmdgrvb.cjs} +73 -81
package/dist/middleware-T-knSMwl.js +17 -0
package/dist/{mod-Drmz72EK.d.ts → mod-BhUKmBJD.d.ts} +2 -2
package/dist/{mod-BhMnAkFX.d.cts → mod-Bpb5QLaZ.d.cts} +2 -2
package/dist/{mod-TFoH2Ql8.d.ts → mod-CerN_Sza.d.ts} +1 -1
package/dist/{mod-Dc_-mf8s.d.cts → mod-Cj1tHXBR.d.cts} +1 -1
package/dist/{mod-evzlRVZq.d.cts → mod-CxkWO3Mg.d.cts} +19 -1
package/dist/{mod-RI3-KvUI.d.ts → mod-D_y2y32N.d.ts} +2 -2
package/dist/{mod-BClfg3ej.d.cts → mod-Djzcw2ry.d.cts} +2 -2
package/dist/{mod-Cxt4Kpf6.d.ts → mod-DlU8ISoa.d.ts} +19 -1
package/dist/mod.cjs +10 -10
package/dist/mod.d.cts +10 -10
package/dist/mod.d.ts +10 -10
package/dist/mod.js +10 -10
package/dist/negotiation-5NPJL6zp.js +71 -0
package/dist/nodeinfo/client.test.js +10 -10
package/dist/nodeinfo/handler.test.js +23 -22
package/dist/nodeinfo/mod.cjs +2 -2
package/dist/nodeinfo/mod.js +2 -2
package/dist/nodeinfo/types.test.js +8 -8
package/dist/{owner-B-7Ptt_m.d.cts → owner-BN_tO3cY.d.cts} +2 -2
package/dist/{owner-NFlQJyvM.js → owner-ChSL4aJ7.js} +2 -2
package/dist/{owner-CQPnQVtf.d.ts → owner-hd9lvQcP.d.ts} +2 -2
package/dist/{proof-Be1oOYEh.js → proof-BiSCuwyA.js} +3 -3
package/dist/{proof-Gip91fK7.cjs → proof-ONNmhInb.cjs} +3 -3
package/dist/{proof-ar9xgPWi.js → proof-x3IBewan.js} +2 -2
package/dist/runtime/authdocloader.test.js +14 -14
package/dist/runtime/docloader.test.js +9 -9
package/dist/runtime/key.test.js +10 -10
package/dist/runtime/langstr.test.js +8 -8
package/dist/runtime/link.test.js +3 -3
package/dist/runtime/mod.cjs +6 -6
package/dist/runtime/mod.d.cts +3 -3
package/dist/runtime/mod.d.ts +3 -3
package/dist/runtime/mod.js +6 -6
package/dist/runtime/multibase/multibase.test.js +8 -8
package/dist/runtime/url.test.js +5 -5
package/dist/{send-DkwkMFjJ.js → send-D5fjmUEj.js} +2 -2
package/dist/sig/http.test.js +13 -13
package/dist/sig/key.test.js +11 -11
package/dist/sig/ld.test.js +10 -10
package/dist/sig/mod.cjs +6 -6
package/dist/sig/mod.d.cts +5 -5
package/dist/sig/mod.d.ts +5 -5
package/dist/sig/mod.js +6 -6
package/dist/sig/owner.test.js +12 -12
package/dist/sig/proof.test.js +12 -12
package/dist/testing/docloader.test.js +8 -8
package/dist/testing/mod.d.ts +272 -0
package/dist/testing/mod.js +3 -3
package/dist/{testing-BMBhkcz9.js → testing-tWr1VQxx.js} +2 -2
package/dist/{type-FCer_9yh.js → type-DaUr3Il7.js} +6944 -2121
package/dist/{types-CZ_qo9KW.cjs → types-D2Nyz0tR.cjs} +1 -1
package/dist/{types-CNWeAz8v.js → types-DQuSDtDg.js} +1 -1
package/dist/vocab/actor.test.js +10 -10
package/dist/vocab/lookup.test.js +259 -9
package/dist/vocab/mod.cjs +4 -4
package/dist/vocab/mod.d.cts +3 -3
package/dist/vocab/mod.d.ts +3 -3
package/dist/vocab/mod.js +4 -4
package/dist/vocab/type.test.js +3 -3
package/dist/vocab/vocab.test.js +402 -13
package/dist/{vocab-SOE1ifCr.d.ts → vocab-BI0Ak5lL.d.ts} +290 -0
package/dist/{vocab-9MjZjuZb.cjs → vocab-Dd4VMrr0.cjs} +23 -14
package/dist/{vocab-DJTYMqyU.d.cts → vocab-Dw1-yVGg.d.cts} +290 -0
package/dist/{vocab-gpwUU9fc.js → vocab-w--qk7HF.js} +23 -14
package/dist/webfinger/handler.test.js +23 -22
package/dist/webfinger/lookup.test.js +9 -9
package/dist/webfinger/mod.cjs +2 -2
package/dist/webfinger/mod.js +2 -2
package/dist/x/cfworkers.test.js +8 -8
package/dist/x/hono.d.cts +6 -6
package/dist/x/hono.d.ts +6 -6
package/dist/x/sveltekit.d.cts +6 -6
package/dist/x/sveltekit.d.ts +6 -6
package/package.json +1 -1
package/dist/key-CV3FT32G.cjs +0 -10
package/dist/middleware-CV-OPMlZ.js +0 -17
package/dist/middleware-DGqnaAbp.cjs +0 -17
package/dist/middleware-cCdfTTMv.js +0 -25
/package/dist/{assert_is_error-B035L3om.js → assert_is_error-BPGph1Jx.js} +0 -0
/package/dist/{assert_not_equals-C80BG-_5.js → assert_not_equals-f3m3epl3.js} +0 -0
/package/dist/{denokv-jZ0Z2h0M.js → denokv-Bv33Xxea.js} +0 -0
/package/dist/{retry-CfF8Gn4d.js → retry-D4GJ670a.js} +0 -0
/package/dist/{std__assert-DWivtrGR.js → std__assert-X-_kMxKM.js} +0 -0

package/dist/{vocab-9MjZjuZb.cjs → vocab-Dd4VMrr0.cjs} RENAMED Viewed

@@ -3,9 +3,9 @@
           const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-B1O1Z5OK.cjs');
-const require_actor = require('./actor-C3gJhZJj.cjs');
-const require_lookup = require('./lookup-7u217Q3H.cjs');
+const require_docloader = require('./docloader-CYnQRIXv.cjs');
+const require_actor = require('./actor-CwZ2m5rG.cjs');
+const require_lookup = require('./lookup-D6dro5Au.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
 const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
@@ -153,14 +153,13 @@ async function lookupObject(identifier, options = {}) {
 async function lookupObjectInternal(identifier, options = {}) {
 	const documentLoader = options.documentLoader ?? require_docloader.getDocumentLoader({ userAgent: options.userAgent });
 	if (typeof identifier === "string") identifier = toAcctUrl(identifier) ?? new URL(identifier);
-	let document = null;
+	let remoteDoc = null;
 	if (identifier.protocol === "http:" || identifier.protocol === "https:") try {
-		const remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
-		document = remoteDoc.document;
+		remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
 	} catch (error) {
 		logger.debug("Failed to fetch remote document:\n{error}", { error });
 	}
-	if (document == null) {
+	if (remoteDoc == null) {
 		const jrd = await require_lookup.lookupWebFinger(identifier, {
 			userAgent: options.userAgent,
 			tracerProvider: options.tracerProvider,
@@ -171,8 +170,7 @@ async function lookupObjectInternal(identifier, options = {}) {
 		for (const l of jrd.links) {
 			if (l.type !== "application/activity+json" && !l.type?.match(/application\/ld\+json;\s*profile="https:\/\/www.w3.org\/ns\/activitystreams"/) || l.rel !== "self" || l.href == null) continue;
 			try {
-				const remoteDoc = await documentLoader(l.href, { signal: options.signal });
-				document = remoteDoc.document;
+				remoteDoc = await documentLoader(l.href, { signal: options.signal });
 				break;
 			} catch (error) {
 				logger.debug("Failed to fetch remote document:\n{error}", { error });
@@ -180,23 +178,34 @@ async function lookupObjectInternal(identifier, options = {}) {
 			}
 		}
 	}
-	if (document == null) return null;
+	if (remoteDoc == null) return null;
+	let object;
 	try {
-		return await require_actor.Object.fromJsonLd(document, {
+		object = await require_actor.Object.fromJsonLd(remoteDoc.document, {
 			documentLoader,
 			contextLoader: options.contextLoader,
-			tracerProvider: options.tracerProvider
+			tracerProvider: options.tracerProvider,
+			baseUrl: new URL(remoteDoc.documentUrl)
 		});
 	} catch (error) {
 		if (error instanceof TypeError) {
 			logger.debug("Failed to parse JSON-LD document: {error}\n{document}", {
-				error,
-				document
+				...remoteDoc,
+				error
 			});
 			return null;
 		}
 		throw error;
 	}
+	if (options.crossOrigin !== "trust" && object.id != null && object.id.origin !== new URL(remoteDoc.documentUrl).origin) {
+		if (options.crossOrigin === "throw") throw new Error(`The object's @id (${object.id.href}) has a different origin than the document URL (${remoteDoc.documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to "trust".`);
+		logger.warn("The object's @id ({objectId}) has a different origin than the document URL ({documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to \"trust\".", {
+			...remoteDoc,
+			objectId: object.id.href
+		});
+		return null;
+	}
+	return object;
 }
 /**
 * Traverses a collection, yielding each item in the collection.