@fedify/fedify 2.0.0-pr.435.1673 → 2.0.0-pr.449.1725
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{actor-m_ko-86v.js → actor-C0gLJq8I.js} +7263 -2440
- package/dist/{actor-CNUje03O.cjs → actor-CsRJa7wV.cjs} +7263 -2440
- package/dist/{actor-DMgu-ZjT.d.cts → actor-D6K058Tb.d.cts} +1 -1
- package/dist/{actor-C22bXuuC.d.ts → actor-T6RyhRgk.d.ts} +1 -1
- package/dist/{actor-BxAu0qet.js → actor-VrXd7EdX.js} +1 -1
- package/dist/{authdocloader-nRFL9luh.js → authdocloader-6F9IP-VO.js} +3 -3
- package/dist/{authdocloader-D_3mtAjX.cjs → authdocloader-BkuVo8LL.cjs} +3 -3
- package/dist/{authdocloader-Chl2nuOI.js → authdocloader-C8LXxsmU.js} +3 -3
- package/dist/{builder-C8Of4dPy.js → builder-JjsppXTK.js} +14 -8
- package/dist/{client-yGBH5stP.js → client-BS-GE3XI.js} +1 -1
- package/dist/compat/mod.d.cts +7 -7
- package/dist/compat/mod.d.ts +7 -7
- package/dist/compat/transformers.test.js +16 -16
- package/dist/{context-CQsAT7xk.d.ts → context-B1X8-X33.d.ts} +186 -98
- package/dist/{context-tVOQ76fi.d.cts → context-DYCJXr7J.d.cts} +186 -98
- package/dist/{docloader-_WdHTWQR.js → docloader-AMdJU291.js} +1 -1
- package/dist/{docloader-SZjTrl6Z.cjs → docloader-BdF5STdg.cjs} +1 -1
- package/dist/{esm-e_G_xo95.js → esm-CvUgdJZ_.js} +1 -1
- package/dist/federation/builder.test.js +5 -5
- package/dist/federation/collection.test.js +3 -3
- package/dist/federation/handler.test.js +17 -17
- package/dist/federation/idempotency.test.d.ts +3 -0
- package/dist/federation/idempotency.test.js +202 -0
- package/dist/federation/inbox.test.js +4 -4
- package/dist/federation/keycache.test.js +4 -4
- package/dist/federation/kv.test.js +3 -3
- package/dist/federation/middleware.test.js +24 -47
- package/dist/federation/mod.cjs +10 -10
- package/dist/federation/mod.d.cts +7 -7
- package/dist/federation/mod.d.ts +7 -7
- package/dist/federation/mod.js +10 -10
- package/dist/federation/mq.test.js +3 -3
- package/dist/federation/negotiation.test.js +3 -3
- package/dist/federation/retry.test.js +3 -3
- package/dist/federation/router.test.js +3 -3
- package/dist/federation/send.test.js +10 -10
- package/dist/fixtures/media.example.com/avatars/test-avatar.jpg.json +6 -0
- package/dist/{http-BS6766zs.d.cts → http-D-e6AFwR.d.cts} +1 -1
- package/dist/{http-DqSNLFNY.d.ts → http-D6Uj2x2y.d.ts} +1 -1
- package/dist/{http-BpoEurUR.js → http-DVQEn98K.js} +3 -3
- package/dist/{http-DREvFalF.cjs → http-D_BI5KHC.cjs} +3 -3
- package/dist/{http-BEo67UOx.js → http-DbyMqL2X.js} +2 -2
- package/dist/{inbox-D-B5xFtJ.js → inbox-DQlf_-Dz.js} +24 -7
- package/dist/{key-DJpcumqB.js → key-BBzfhQGE.js} +4 -4
- package/dist/key-BMz_uAnc.cjs +10 -0
- package/dist/{key-Cps8Sv3N.js → key-BSJX6n9o.js} +2 -2
- package/dist/{key-JqiQvcq1.cjs → key-D-RgWfcf.cjs} +2 -2
- package/dist/{key-Cf8KTg-A.js → key-DFefr8X2.js} +2 -2
- package/dist/{key-DqrTz8Xq.js → key-DW2DrPGl.js} +3 -3
- package/dist/{keycache-D_Q1fPV0.js → keycache-CcIfdj0m.js} +1 -1
- package/dist/{keys-F0jh2GNR.js → keys-DnSaJmvD.js} +1 -1
- package/dist/{ld-CXygHn_m.js → ld-CAJ6Q2od.js} +2 -2
- package/dist/{lookup-C-Y0Ep1a.cjs → lookup-B2Bsau2g.cjs} +1 -1
- package/dist/{lookup-C6WSLjPE.js → lookup-BGCuyJRy.js} +1 -1
- package/dist/{lookup-DuqY2_In.js → lookup-C3pnuyiD.js} +21 -12
- package/dist/{middleware-2qNNXYEE.js → middleware-1oxZY_0z.js} +78 -56
- package/dist/middleware-B8WWe8Q2.js +26 -0
- package/dist/{middleware-CMiUxZ6O.js → middleware-BDqkoMAQ.js} +48 -49
- package/dist/{middleware-BsFAFlnZ.cjs → middleware-D0XMPoN8.cjs} +78 -56
- package/dist/middleware-DipQbJmB.js +17 -0
- package/dist/middleware-mLaQeD_Z.cjs +17 -0
- package/dist/{mod-Drmz72EK.d.ts → mod-BhUKmBJD.d.ts} +2 -2
- package/dist/{mod-TFoH2Ql8.d.ts → mod-CerN_Sza.d.ts} +1 -1
- package/dist/{mod-Dc_-mf8s.d.cts → mod-Cj1tHXBR.d.cts} +1 -1
- package/dist/{mod-evzlRVZq.d.cts → mod-CxkWO3Mg.d.cts} +19 -1
- package/dist/{mod-B26zRlH1.d.ts → mod-DcKxhFQ8.d.ts} +2 -2
- package/dist/{mod-BClfg3ej.d.cts → mod-Djzcw2ry.d.cts} +2 -2
- package/dist/{mod-Cxt4Kpf6.d.ts → mod-DlU8ISoa.d.ts} +19 -1
- package/dist/{mod-DBQAI4v9.d.cts → mod-twdvV2hR.d.cts} +2 -2
- package/dist/mod.cjs +10 -10
- package/dist/mod.d.cts +10 -10
- package/dist/mod.d.ts +10 -10
- package/dist/mod.js +10 -10
- package/dist/nodeinfo/client.test.js +5 -5
- package/dist/nodeinfo/handler.test.js +16 -16
- package/dist/nodeinfo/mod.cjs +2 -2
- package/dist/nodeinfo/mod.js +2 -2
- package/dist/nodeinfo/types.test.js +3 -3
- package/dist/{owner-B-7Ptt_m.d.cts → owner-BN_tO3cY.d.cts} +2 -2
- package/dist/{owner-D2fTlp_x.js → owner-CaIfLBwg.js} +2 -2
- package/dist/{owner-CQPnQVtf.d.ts → owner-hd9lvQcP.d.ts} +2 -2
- package/dist/{proof-C4Y4gJcm.cjs → proof-AhyVJcNZ.cjs} +3 -3
- package/dist/{proof-kEUjWRNJ.js → proof-BQwXHakc.js} +2 -2
- package/dist/{proof-CHM9su4L.js → proof-CKXppjee.js} +3 -3
- package/dist/runtime/authdocloader.test.js +9 -9
- package/dist/runtime/docloader.test.js +4 -4
- package/dist/runtime/key.test.js +5 -5
- package/dist/runtime/langstr.test.js +3 -3
- package/dist/runtime/link.test.js +3 -3
- package/dist/runtime/mod.cjs +6 -6
- package/dist/runtime/mod.d.cts +3 -3
- package/dist/runtime/mod.d.ts +3 -3
- package/dist/runtime/mod.js +6 -6
- package/dist/runtime/multibase/multibase.test.js +3 -3
- package/dist/runtime/url.test.js +3 -3
- package/dist/{send-Utq2Jm0I.js → send-DQd3R1Oc.js} +2 -2
- package/dist/sig/http.test.js +8 -8
- package/dist/sig/key.test.js +6 -6
- package/dist/sig/ld.test.js +7 -7
- package/dist/sig/mod.cjs +6 -6
- package/dist/sig/mod.d.cts +5 -5
- package/dist/sig/mod.d.ts +5 -5
- package/dist/sig/mod.js +6 -6
- package/dist/sig/owner.test.js +7 -7
- package/dist/sig/proof.test.js +7 -7
- package/dist/testing/docloader.test.js +3 -3
- package/dist/testing/mod.d.ts +391 -86
- package/dist/testing/mod.js +3 -3
- package/dist/{testing-DUpTIvNE.js → testing-BljKU-GG.js} +2 -2
- package/dist/{type-BYN6Ax2M.js → type-COb6KNlm.js} +6943 -2120
- package/dist/{types-BXkh8ctL.js → types-CEn4wB51.js} +1 -1
- package/dist/{types-BBpQe860.cjs → types-DI0yutHB.cjs} +1 -1
- package/dist/vocab/actor.test.js +5 -5
- package/dist/vocab/lookup.test.js +255 -5
- package/dist/vocab/mod.cjs +4 -4
- package/dist/vocab/mod.d.cts +3 -3
- package/dist/vocab/mod.d.ts +3 -3
- package/dist/vocab/mod.js +4 -4
- package/dist/vocab/type.test.js +3 -3
- package/dist/vocab/vocab.test.js +397 -8
- package/dist/{vocab-SOE1ifCr.d.ts → vocab-BI0Ak5lL.d.ts} +290 -0
- package/dist/{vocab-PKJB4DyY.js → vocab-CkWH9P5l.js} +23 -14
- package/dist/{vocab-DJTYMqyU.d.cts → vocab-Dw1-yVGg.d.cts} +290 -0
- package/dist/{vocab-DWZQ7gVQ.cjs → vocab-NZXL5Pr-.cjs} +23 -14
- package/dist/webfinger/handler.test.js +16 -16
- package/dist/webfinger/lookup.test.js +4 -4
- package/dist/webfinger/mod.cjs +2 -2
- package/dist/webfinger/mod.js +2 -2
- package/dist/x/cfworkers.test.js +3 -3
- package/dist/x/hono.d.cts +6 -6
- package/dist/x/hono.d.ts +6 -6
- package/dist/x/sveltekit.d.cts +6 -6
- package/dist/x/sveltekit.d.ts +6 -6
- package/package.json +1 -1
- package/dist/key-BvvbahfP.cjs +0 -10
- package/dist/middleware-BD1IE5O5.js +0 -26
- package/dist/middleware-BuZrvrDv.js +0 -17
- package/dist/middleware-h_3nRr8m.cjs +0 -17
package/dist/vocab/vocab.test.js
CHANGED
|
@@ -3,18 +3,18 @@
|
|
|
3
3
|
import { URLPattern } from "urlpattern-polyfill";
|
|
4
4
|
globalThis.addEventListener = () => {};
|
|
5
5
|
|
|
6
|
-
import { Activity, Announce, Collection, Create, CryptographicKey, Follow, Hashtag, LanguageString, Link, Note, Object as Object$1, OrderedCollectionPage, Person, Place, Question, Source, decode, vocab_exports } from "../type-
|
|
6
|
+
import { Activity, Announce, Collection, Create, CryptographicKey, Follow, Hashtag, LanguageString, Link, Note, Object as Object$1, OrderedCollectionPage, Person, Place, Question, Source, decode, vocab_exports } from "../type-COb6KNlm.js";
|
|
7
7
|
import { assertEquals } from "../assert_equals-DSbWqCm3.js";
|
|
8
8
|
import { assert } from "../assert-MZs1qjMx.js";
|
|
9
9
|
import { assertInstanceOf } from "../assert_instance_of-DHz7EHNU.js";
|
|
10
|
-
import "../lookup-
|
|
11
|
-
import { mockDocumentLoader, test } from "../testing-
|
|
10
|
+
import "../lookup-C3pnuyiD.js";
|
|
11
|
+
import { mockDocumentLoader, test } from "../testing-BljKU-GG.js";
|
|
12
12
|
import "../std__assert-X-_kMxKM.js";
|
|
13
13
|
import { assertFalse, assertRejects } from "../assert_rejects-DiIiJbZn.js";
|
|
14
14
|
import "../assert_is_error-BPGph1Jx.js";
|
|
15
15
|
import { assertNotEquals } from "../assert_not_equals-f3m3epl3.js";
|
|
16
16
|
import { assertThrows } from "../assert_throws-BOO88avQ.js";
|
|
17
|
-
import { ed25519PublicKey, rsaPublicKey1 } from "../keys-
|
|
17
|
+
import { ed25519PublicKey, rsaPublicKey1 } from "../keys-DnSaJmvD.js";
|
|
18
18
|
import { pascalCase } from "es-toolkit";
|
|
19
19
|
import { Validator } from "@cfworker/json-schema";
|
|
20
20
|
import { readFile, readdir } from "node:fs/promises";
|
|
@@ -2238,9 +2238,9 @@ const scalarTypes = {
|
|
|
2238
2238
|
dataCheck(v) {
|
|
2239
2239
|
return `typeof ${v} === "object" && "@id" in ${v}
|
|
2240
2240
|
&& typeof ${v}["@id"] === "string"
|
|
2241
|
-
&& ${v}["@id"] !== ""
|
|
2241
|
+
&& ${v}["@id"] !== ""`;
|
|
2242
2242
|
},
|
|
2243
|
-
decoder(v) {
|
|
2243
|
+
decoder(v, baseUrlVar) {
|
|
2244
2244
|
return `${v}["@id"].startsWith("at://")
|
|
2245
2245
|
? new URL("at://" +
|
|
2246
2246
|
encodeURIComponent(
|
|
@@ -2254,7 +2254,9 @@ const scalarTypes = {
|
|
|
2254
2254
|
: ""
|
|
2255
2255
|
)
|
|
2256
2256
|
)
|
|
2257
|
-
:
|
|
2257
|
+
: URL.canParse(${v}["@id"]) && ${baseUrlVar}
|
|
2258
|
+
? new URL(${v}["@id"])
|
|
2259
|
+
: new URL(${v}["@id"], ${baseUrlVar})`;
|
|
2258
2260
|
}
|
|
2259
2261
|
},
|
|
2260
2262
|
"http://www.w3.org/1999/02/22-rdf-syntax-ns#langString": {
|
|
@@ -2868,6 +2870,7 @@ test({
|
|
|
2868
2870
|
test("Person.fromJsonLd()", async () => {
|
|
2869
2871
|
const person = await Person.fromJsonLd({
|
|
2870
2872
|
"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"],
|
|
2873
|
+
"id": "https://todon.eu/users/hongminhee",
|
|
2871
2874
|
"publicKey": {
|
|
2872
2875
|
"id": "https://todon.eu/users/hongminhee#main-key",
|
|
2873
2876
|
"owner": "https://todon.eu/users/hongminhee",
|
|
@@ -2875,7 +2878,8 @@ test("Person.fromJsonLd()", async () => {
|
|
|
2875
2878
|
}
|
|
2876
2879
|
}, {
|
|
2877
2880
|
documentLoader: mockDocumentLoader,
|
|
2878
|
-
contextLoader: mockDocumentLoader
|
|
2881
|
+
contextLoader: mockDocumentLoader,
|
|
2882
|
+
baseUrl: new URL("https://todon.eu/")
|
|
2879
2883
|
});
|
|
2880
2884
|
assertEquals(person.publicKeyId, new URL("https://todon.eu/users/hongminhee#main-key"));
|
|
2881
2885
|
const publicKey = await person.getPublicKey({ documentLoader: mockDocumentLoader });
|
|
@@ -3094,6 +3098,391 @@ test("Link.fromJsonLd()", async () => {
|
|
|
3094
3098
|
});
|
|
3095
3099
|
assertEquals(link3.href, new URL("at://did%3Aplc%3Aia76kvnndjutgedggx2ibrem"));
|
|
3096
3100
|
});
|
|
3101
|
+
test("Person.fromJsonLd() with relative URLs", async () => {
|
|
3102
|
+
const json = {
|
|
3103
|
+
"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"],
|
|
3104
|
+
id: "https://example.com/ap/actors/019382d3-63d7-7cf7-86e8-91e2551c306c",
|
|
3105
|
+
type: "Person",
|
|
3106
|
+
name: "Test User",
|
|
3107
|
+
icon: {
|
|
3108
|
+
type: "Image",
|
|
3109
|
+
url: "/avatars/test-avatar.jpg"
|
|
3110
|
+
}
|
|
3111
|
+
};
|
|
3112
|
+
const person = await Person.fromJsonLd(json, {
|
|
3113
|
+
documentLoader: mockDocumentLoader,
|
|
3114
|
+
contextLoader: mockDocumentLoader
|
|
3115
|
+
});
|
|
3116
|
+
const icon = await person.getIcon();
|
|
3117
|
+
assertEquals(icon?.url, new URL("https://example.com/avatars/test-avatar.jpg"));
|
|
3118
|
+
const json2 = {
|
|
3119
|
+
"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"],
|
|
3120
|
+
id: "https://example.com/ap/actors/019382d3-63d7-7cf7-86e8-91e2551c306c",
|
|
3121
|
+
type: "Person",
|
|
3122
|
+
name: "Test User",
|
|
3123
|
+
icon: {
|
|
3124
|
+
id: "https://media.example.com/avatars/test-avatar.jpg",
|
|
3125
|
+
type: "Image",
|
|
3126
|
+
url: "/avatars/test-avatar.jpg"
|
|
3127
|
+
}
|
|
3128
|
+
};
|
|
3129
|
+
const person2 = await Person.fromJsonLd(json2, {
|
|
3130
|
+
documentLoader: mockDocumentLoader,
|
|
3131
|
+
contextLoader: mockDocumentLoader
|
|
3132
|
+
});
|
|
3133
|
+
const icon2 = await person2.getIcon();
|
|
3134
|
+
assertEquals(icon2?.url, new URL("https://media.example.com/avatars/test-avatar.jpg"));
|
|
3135
|
+
});
|
|
3136
|
+
test("Person.fromJsonLd() with relative URLs and baseUrl", async () => {
|
|
3137
|
+
const json = {
|
|
3138
|
+
"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"],
|
|
3139
|
+
"id": "https://example.com/ap/actors/019382d3-63d7-7cf7-86e8-91e2551c306c",
|
|
3140
|
+
"type": "Person",
|
|
3141
|
+
"name": "Test User",
|
|
3142
|
+
"icon": {
|
|
3143
|
+
"type": "Image",
|
|
3144
|
+
"url": "/avatars/test-avatar.jpg"
|
|
3145
|
+
}
|
|
3146
|
+
};
|
|
3147
|
+
const personWithBase = await Person.fromJsonLd(json, {
|
|
3148
|
+
documentLoader: mockDocumentLoader,
|
|
3149
|
+
contextLoader: mockDocumentLoader,
|
|
3150
|
+
baseUrl: new URL("https://example.com")
|
|
3151
|
+
});
|
|
3152
|
+
const icon = await personWithBase.getIcon();
|
|
3153
|
+
assertEquals(icon?.url, new URL("https://example.com/avatars/test-avatar.jpg"));
|
|
3154
|
+
});
|
|
3155
|
+
test("FEP-fe34: Trust tracking in object construction", async () => {
|
|
3156
|
+
const note = new Note({
|
|
3157
|
+
id: new URL("https://example.com/note"),
|
|
3158
|
+
content: "Hello World"
|
|
3159
|
+
});
|
|
3160
|
+
const create = new Create({
|
|
3161
|
+
id: new URL("https://example.com/create"),
|
|
3162
|
+
actor: new URL("https://example.com/actor"),
|
|
3163
|
+
object: note
|
|
3164
|
+
});
|
|
3165
|
+
assertEquals(create.objectId, new URL("https://example.com/note"));
|
|
3166
|
+
const result = await create.getObject();
|
|
3167
|
+
assertEquals(result, note);
|
|
3168
|
+
assertEquals(result?.content, "Hello World");
|
|
3169
|
+
});
|
|
3170
|
+
test("FEP-fe34: Trust tracking in object cloning", () => {
|
|
3171
|
+
const originalNote = new Note({
|
|
3172
|
+
id: new URL("https://example.com/note"),
|
|
3173
|
+
content: "Original content"
|
|
3174
|
+
});
|
|
3175
|
+
const create = new Create({
|
|
3176
|
+
id: new URL("https://example.com/create"),
|
|
3177
|
+
actor: new URL("https://example.com/actor"),
|
|
3178
|
+
object: originalNote
|
|
3179
|
+
});
|
|
3180
|
+
const newNote = new Note({
|
|
3181
|
+
id: new URL("https://example.com/new-note"),
|
|
3182
|
+
content: "New content"
|
|
3183
|
+
});
|
|
3184
|
+
const clonedCreate = create.clone({ object: newNote });
|
|
3185
|
+
assertEquals(clonedCreate.objectId, new URL("https://example.com/new-note"));
|
|
3186
|
+
});
|
|
3187
|
+
test("FEP-fe34: crossOrigin ignore behavior (default)", async () => {
|
|
3188
|
+
const crossOriginDocumentLoader = async (url) => {
|
|
3189
|
+
if (url === "https://different-origin.com/note") return {
|
|
3190
|
+
documentUrl: url,
|
|
3191
|
+
contextUrl: null,
|
|
3192
|
+
document: {
|
|
3193
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3194
|
+
"@type": "Note",
|
|
3195
|
+
"@id": "https://malicious.com/fake-note",
|
|
3196
|
+
"content": "This is a spoofed note"
|
|
3197
|
+
}
|
|
3198
|
+
};
|
|
3199
|
+
throw new Error("Document not found");
|
|
3200
|
+
};
|
|
3201
|
+
const create = new Create({
|
|
3202
|
+
id: new URL("https://example.com/create"),
|
|
3203
|
+
actor: new URL("https://example.com/actor"),
|
|
3204
|
+
object: new URL("https://different-origin.com/note")
|
|
3205
|
+
});
|
|
3206
|
+
const result = await create.getObject({ documentLoader: crossOriginDocumentLoader });
|
|
3207
|
+
assertEquals(result, null);
|
|
3208
|
+
});
|
|
3209
|
+
test("FEP-fe34: crossOrigin throw behavior", async () => {
|
|
3210
|
+
const crossOriginDocumentLoader = async (url) => {
|
|
3211
|
+
if (url === "https://different-origin.com/note") return {
|
|
3212
|
+
documentUrl: url,
|
|
3213
|
+
contextUrl: null,
|
|
3214
|
+
document: {
|
|
3215
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3216
|
+
"@type": "Note",
|
|
3217
|
+
"@id": "https://malicious.com/fake-note",
|
|
3218
|
+
"content": "This is a spoofed note"
|
|
3219
|
+
}
|
|
3220
|
+
};
|
|
3221
|
+
throw new Error("Document not found");
|
|
3222
|
+
};
|
|
3223
|
+
const create = new Create({
|
|
3224
|
+
id: new URL("https://example.com/create"),
|
|
3225
|
+
actor: new URL("https://example.com/actor"),
|
|
3226
|
+
object: new URL("https://different-origin.com/note")
|
|
3227
|
+
});
|
|
3228
|
+
await assertRejects(() => create.getObject({
|
|
3229
|
+
documentLoader: crossOriginDocumentLoader,
|
|
3230
|
+
crossOrigin: "throw"
|
|
3231
|
+
}), Error, "The object's @id (https://malicious.com/fake-note) has a different origin than the document URL (https://different-origin.com/note)");
|
|
3232
|
+
});
|
|
3233
|
+
test("FEP-fe34: crossOrigin trust behavior", async () => {
|
|
3234
|
+
const crossOriginDocumentLoader = async (url) => {
|
|
3235
|
+
if (url === "https://different-origin.com/note") return {
|
|
3236
|
+
documentUrl: url,
|
|
3237
|
+
contextUrl: null,
|
|
3238
|
+
document: {
|
|
3239
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3240
|
+
"@type": "Note",
|
|
3241
|
+
"@id": "https://malicious.com/fake-note",
|
|
3242
|
+
"content": "This is a spoofed note"
|
|
3243
|
+
}
|
|
3244
|
+
};
|
|
3245
|
+
throw new Error("Document not found");
|
|
3246
|
+
};
|
|
3247
|
+
const create = new Create({
|
|
3248
|
+
id: new URL("https://example.com/create"),
|
|
3249
|
+
actor: new URL("https://example.com/actor"),
|
|
3250
|
+
object: new URL("https://different-origin.com/note")
|
|
3251
|
+
});
|
|
3252
|
+
const result = await create.getObject({
|
|
3253
|
+
documentLoader: crossOriginDocumentLoader,
|
|
3254
|
+
crossOrigin: "trust"
|
|
3255
|
+
});
|
|
3256
|
+
assertInstanceOf(result, Note);
|
|
3257
|
+
assertEquals(result?.id, new URL("https://malicious.com/fake-note"));
|
|
3258
|
+
assertEquals(result?.content, "This is a spoofed note");
|
|
3259
|
+
});
|
|
3260
|
+
test("FEP-fe34: Same origin objects are trusted", async () => {
|
|
3261
|
+
const sameOriginDocumentLoader = async (url) => {
|
|
3262
|
+
if (url === "https://example.com/note") return {
|
|
3263
|
+
documentUrl: url,
|
|
3264
|
+
contextUrl: null,
|
|
3265
|
+
document: {
|
|
3266
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3267
|
+
"@type": "Note",
|
|
3268
|
+
"@id": "https://example.com/note",
|
|
3269
|
+
"content": "This is a legitimate note"
|
|
3270
|
+
}
|
|
3271
|
+
};
|
|
3272
|
+
throw new Error("Document not found");
|
|
3273
|
+
};
|
|
3274
|
+
const create = new Create({
|
|
3275
|
+
id: new URL("https://example.com/create"),
|
|
3276
|
+
actor: new URL("https://example.com/actor"),
|
|
3277
|
+
object: new URL("https://example.com/note")
|
|
3278
|
+
});
|
|
3279
|
+
const result = await create.getObject({ documentLoader: sameOriginDocumentLoader });
|
|
3280
|
+
assertInstanceOf(result, Note);
|
|
3281
|
+
assertEquals(result?.id, new URL("https://example.com/note"));
|
|
3282
|
+
assertEquals(result?.content, "This is a legitimate note");
|
|
3283
|
+
});
|
|
3284
|
+
test("FEP-fe34: Embedded cross-origin objects from JSON-LD are ignored by default", async () => {
|
|
3285
|
+
const createDocumentLoader = async (url) => {
|
|
3286
|
+
if (url === "https://example.com/create") return {
|
|
3287
|
+
documentUrl: url,
|
|
3288
|
+
contextUrl: null,
|
|
3289
|
+
document: {
|
|
3290
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3291
|
+
"@type": "Create",
|
|
3292
|
+
"@id": "https://example.com/create",
|
|
3293
|
+
"actor": "https://example.com/actor",
|
|
3294
|
+
"object": {
|
|
3295
|
+
"@type": "Note",
|
|
3296
|
+
"@id": "https://different-origin.com/note",
|
|
3297
|
+
"content": "Embedded note from JSON-LD"
|
|
3298
|
+
}
|
|
3299
|
+
}
|
|
3300
|
+
};
|
|
3301
|
+
throw new Error("Document not found");
|
|
3302
|
+
};
|
|
3303
|
+
const create = await Create.fromJsonLd(await createDocumentLoader("https://example.com/create").then((r) => r.document), { documentLoader: createDocumentLoader });
|
|
3304
|
+
const objectDocumentLoader = async (url) => {
|
|
3305
|
+
if (url === "https://different-origin.com/note") return {
|
|
3306
|
+
documentUrl: url,
|
|
3307
|
+
contextUrl: null,
|
|
3308
|
+
document: {
|
|
3309
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3310
|
+
"@type": "Note",
|
|
3311
|
+
"@id": "https://different-origin.com/note",
|
|
3312
|
+
"content": "Legitimate note from origin"
|
|
3313
|
+
}
|
|
3314
|
+
};
|
|
3315
|
+
throw new Error("Document not found");
|
|
3316
|
+
};
|
|
3317
|
+
const result = await create.getObject({ documentLoader: objectDocumentLoader });
|
|
3318
|
+
assertInstanceOf(result, Note);
|
|
3319
|
+
assertEquals(result?.content, "Legitimate note from origin");
|
|
3320
|
+
});
|
|
3321
|
+
test("FEP-fe34: Constructor vs JSON-LD parsing trust difference", async () => {
|
|
3322
|
+
const constructorCreate = new Create({
|
|
3323
|
+
id: new URL("https://example.com/create"),
|
|
3324
|
+
actor: new URL("https://example.com/actor"),
|
|
3325
|
+
object: new Note({
|
|
3326
|
+
id: new URL("https://different-origin.com/note"),
|
|
3327
|
+
content: "Constructor embedded note"
|
|
3328
|
+
})
|
|
3329
|
+
});
|
|
3330
|
+
const constructorResult = await constructorCreate.getObject();
|
|
3331
|
+
assertEquals(constructorResult?.content, "Constructor embedded note");
|
|
3332
|
+
const jsonLdCreate = await Create.fromJsonLd({
|
|
3333
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3334
|
+
"@type": "Create",
|
|
3335
|
+
"@id": "https://example.com/create",
|
|
3336
|
+
"actor": "https://example.com/actor",
|
|
3337
|
+
"object": {
|
|
3338
|
+
"@type": "Note",
|
|
3339
|
+
"@id": "https://different-origin.com/note",
|
|
3340
|
+
"content": "JSON-LD embedded note"
|
|
3341
|
+
}
|
|
3342
|
+
});
|
|
3343
|
+
const documentLoader = async (url) => {
|
|
3344
|
+
if (url === "https://different-origin.com/note") return {
|
|
3345
|
+
documentUrl: url,
|
|
3346
|
+
contextUrl: null,
|
|
3347
|
+
document: {
|
|
3348
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3349
|
+
"@type": "Note",
|
|
3350
|
+
"@id": "https://different-origin.com/note",
|
|
3351
|
+
"content": "Fetched from origin"
|
|
3352
|
+
}
|
|
3353
|
+
};
|
|
3354
|
+
throw new Error("Document not found");
|
|
3355
|
+
};
|
|
3356
|
+
const jsonLdResult = await jsonLdCreate.getObject({ documentLoader });
|
|
3357
|
+
assertEquals(jsonLdResult?.content, "Fetched from origin");
|
|
3358
|
+
});
|
|
3359
|
+
test("FEP-fe34: Array properties respect cross-origin policy", async () => {
|
|
3360
|
+
const crossOriginDocumentLoader = async (url) => {
|
|
3361
|
+
if (url === "https://different-origin.com/note1") return {
|
|
3362
|
+
documentUrl: url,
|
|
3363
|
+
contextUrl: null,
|
|
3364
|
+
document: {
|
|
3365
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3366
|
+
"@type": "Note",
|
|
3367
|
+
"@id": "https://malicious.com/fake-note1",
|
|
3368
|
+
"content": "Fake note 1"
|
|
3369
|
+
}
|
|
3370
|
+
};
|
|
3371
|
+
else if (url === "https://example.com/note2") return {
|
|
3372
|
+
documentUrl: url,
|
|
3373
|
+
contextUrl: null,
|
|
3374
|
+
document: {
|
|
3375
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3376
|
+
"@type": "Note",
|
|
3377
|
+
"@id": "https://example.com/note2",
|
|
3378
|
+
"content": "Legitimate note 2"
|
|
3379
|
+
}
|
|
3380
|
+
};
|
|
3381
|
+
throw new Error("Document not found");
|
|
3382
|
+
};
|
|
3383
|
+
const collection = new Collection({
|
|
3384
|
+
id: new URL("https://example.com/collection"),
|
|
3385
|
+
items: [new URL("https://different-origin.com/note1"), new URL("https://example.com/note2")]
|
|
3386
|
+
});
|
|
3387
|
+
const items = [];
|
|
3388
|
+
for await (const item of collection.getItems({ documentLoader: crossOriginDocumentLoader })) items.push(item);
|
|
3389
|
+
assertEquals(items.length, 1);
|
|
3390
|
+
assertInstanceOf(items[0], Note);
|
|
3391
|
+
assertEquals(items[0].content, "Legitimate note 2");
|
|
3392
|
+
});
|
|
3393
|
+
test("FEP-fe34: Array properties with crossOrigin trust option", async () => {
|
|
3394
|
+
const crossOriginDocumentLoader = async (url) => {
|
|
3395
|
+
if (url === "https://different-origin.com/note1") return {
|
|
3396
|
+
documentUrl: url,
|
|
3397
|
+
contextUrl: null,
|
|
3398
|
+
document: {
|
|
3399
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3400
|
+
"@type": "Note",
|
|
3401
|
+
"@id": "https://malicious.com/fake-note1",
|
|
3402
|
+
"content": "Fake note 1"
|
|
3403
|
+
}
|
|
3404
|
+
};
|
|
3405
|
+
else if (url === "https://example.com/note2") return {
|
|
3406
|
+
documentUrl: url,
|
|
3407
|
+
contextUrl: null,
|
|
3408
|
+
document: {
|
|
3409
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3410
|
+
"@type": "Note",
|
|
3411
|
+
"@id": "https://example.com/note2",
|
|
3412
|
+
"content": "Legitimate note 2"
|
|
3413
|
+
}
|
|
3414
|
+
};
|
|
3415
|
+
throw new Error("Document not found");
|
|
3416
|
+
};
|
|
3417
|
+
const collection = new Collection({
|
|
3418
|
+
id: new URL("https://example.com/collection"),
|
|
3419
|
+
items: [new URL("https://different-origin.com/note1"), new URL("https://example.com/note2")]
|
|
3420
|
+
});
|
|
3421
|
+
const items = [];
|
|
3422
|
+
for await (const item of collection.getItems({
|
|
3423
|
+
documentLoader: crossOriginDocumentLoader,
|
|
3424
|
+
crossOrigin: "trust"
|
|
3425
|
+
})) items.push(item);
|
|
3426
|
+
assertEquals(items.length, 2);
|
|
3427
|
+
assertInstanceOf(items[0], Note);
|
|
3428
|
+
assertInstanceOf(items[1], Note);
|
|
3429
|
+
assertEquals(items[0].content, "Fake note 1");
|
|
3430
|
+
assertEquals(items[1].content, "Legitimate note 2");
|
|
3431
|
+
});
|
|
3432
|
+
test("FEP-fe34: Embedded objects in arrays from JSON-LD respect cross-origin policy", async () => {
|
|
3433
|
+
const collectionDocumentLoader = async (url) => {
|
|
3434
|
+
if (url === "https://example.com/collection") return {
|
|
3435
|
+
documentUrl: url,
|
|
3436
|
+
contextUrl: null,
|
|
3437
|
+
document: {
|
|
3438
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3439
|
+
"@type": "Collection",
|
|
3440
|
+
"@id": "https://example.com/collection",
|
|
3441
|
+
"items": [{
|
|
3442
|
+
"@type": "Note",
|
|
3443
|
+
"@id": "https://example.com/trusted-note",
|
|
3444
|
+
"content": "Trusted embedded note from JSON-LD"
|
|
3445
|
+
}, {
|
|
3446
|
+
"@type": "Note",
|
|
3447
|
+
"@id": "https://different-origin.com/untrusted-note",
|
|
3448
|
+
"content": "Untrusted embedded note from JSON-LD"
|
|
3449
|
+
}]
|
|
3450
|
+
}
|
|
3451
|
+
};
|
|
3452
|
+
throw new Error("Document not found");
|
|
3453
|
+
};
|
|
3454
|
+
const collection = await Collection.fromJsonLd(await collectionDocumentLoader("https://example.com/collection").then((r) => r.document), { documentLoader: collectionDocumentLoader });
|
|
3455
|
+
const itemDocumentLoader = async (url) => {
|
|
3456
|
+
if (url === "https://example.com/trusted-note") return {
|
|
3457
|
+
documentUrl: url,
|
|
3458
|
+
contextUrl: null,
|
|
3459
|
+
document: {
|
|
3460
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3461
|
+
"@type": "Note",
|
|
3462
|
+
"@id": "https://example.com/trusted-note",
|
|
3463
|
+
"content": "Trusted note from origin"
|
|
3464
|
+
}
|
|
3465
|
+
};
|
|
3466
|
+
else if (url === "https://different-origin.com/untrusted-note") return {
|
|
3467
|
+
documentUrl: url,
|
|
3468
|
+
contextUrl: null,
|
|
3469
|
+
document: {
|
|
3470
|
+
"@context": "https://www.w3.org/ns/activitystreams",
|
|
3471
|
+
"@type": "Note",
|
|
3472
|
+
"@id": "https://different-origin.com/untrusted-note",
|
|
3473
|
+
"content": "Legitimate note from actual origin"
|
|
3474
|
+
}
|
|
3475
|
+
};
|
|
3476
|
+
throw new Error("Document not found");
|
|
3477
|
+
};
|
|
3478
|
+
const items = [];
|
|
3479
|
+
for await (const item of collection.getItems({ documentLoader: itemDocumentLoader })) items.push(item);
|
|
3480
|
+
assertEquals(items.length, 2);
|
|
3481
|
+
assertInstanceOf(items[0], Note);
|
|
3482
|
+
assertEquals(items[0].content, "Trusted embedded note from JSON-LD");
|
|
3483
|
+
assertInstanceOf(items[1], Note);
|
|
3484
|
+
assertEquals(items[1].content, "Legitimate note from actual origin");
|
|
3485
|
+
});
|
|
3097
3486
|
function getAllProperties(type, types$1) {
|
|
3098
3487
|
const props = type.properties;
|
|
3099
3488
|
if (type.extends != null) props.push(...getAllProperties(types$1[type.extends], types$1));
|