@fedify/fedify 2.0.0-pr.435.1673 → 2.0.0-pr.449.1725

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (138) hide show
  1. package/dist/{actor-m_ko-86v.js → actor-C0gLJq8I.js} +7263 -2440
  2. package/dist/{actor-CNUje03O.cjs → actor-CsRJa7wV.cjs} +7263 -2440
  3. package/dist/{actor-DMgu-ZjT.d.cts → actor-D6K058Tb.d.cts} +1 -1
  4. package/dist/{actor-C22bXuuC.d.ts → actor-T6RyhRgk.d.ts} +1 -1
  5. package/dist/{actor-BxAu0qet.js → actor-VrXd7EdX.js} +1 -1
  6. package/dist/{authdocloader-nRFL9luh.js → authdocloader-6F9IP-VO.js} +3 -3
  7. package/dist/{authdocloader-D_3mtAjX.cjs → authdocloader-BkuVo8LL.cjs} +3 -3
  8. package/dist/{authdocloader-Chl2nuOI.js → authdocloader-C8LXxsmU.js} +3 -3
  9. package/dist/{builder-C8Of4dPy.js → builder-JjsppXTK.js} +14 -8
  10. package/dist/{client-yGBH5stP.js → client-BS-GE3XI.js} +1 -1
  11. package/dist/compat/mod.d.cts +7 -7
  12. package/dist/compat/mod.d.ts +7 -7
  13. package/dist/compat/transformers.test.js +16 -16
  14. package/dist/{context-CQsAT7xk.d.ts → context-B1X8-X33.d.ts} +186 -98
  15. package/dist/{context-tVOQ76fi.d.cts → context-DYCJXr7J.d.cts} +186 -98
  16. package/dist/{docloader-_WdHTWQR.js → docloader-AMdJU291.js} +1 -1
  17. package/dist/{docloader-SZjTrl6Z.cjs → docloader-BdF5STdg.cjs} +1 -1
  18. package/dist/{esm-e_G_xo95.js → esm-CvUgdJZ_.js} +1 -1
  19. package/dist/federation/builder.test.js +5 -5
  20. package/dist/federation/collection.test.js +3 -3
  21. package/dist/federation/handler.test.js +17 -17
  22. package/dist/federation/idempotency.test.d.ts +3 -0
  23. package/dist/federation/idempotency.test.js +202 -0
  24. package/dist/federation/inbox.test.js +4 -4
  25. package/dist/federation/keycache.test.js +4 -4
  26. package/dist/federation/kv.test.js +3 -3
  27. package/dist/federation/middleware.test.js +24 -47
  28. package/dist/federation/mod.cjs +10 -10
  29. package/dist/federation/mod.d.cts +7 -7
  30. package/dist/federation/mod.d.ts +7 -7
  31. package/dist/federation/mod.js +10 -10
  32. package/dist/federation/mq.test.js +3 -3
  33. package/dist/federation/negotiation.test.js +3 -3
  34. package/dist/federation/retry.test.js +3 -3
  35. package/dist/federation/router.test.js +3 -3
  36. package/dist/federation/send.test.js +10 -10
  37. package/dist/fixtures/media.example.com/avatars/test-avatar.jpg.json +6 -0
  38. package/dist/{http-BS6766zs.d.cts → http-D-e6AFwR.d.cts} +1 -1
  39. package/dist/{http-DqSNLFNY.d.ts → http-D6Uj2x2y.d.ts} +1 -1
  40. package/dist/{http-BpoEurUR.js → http-DVQEn98K.js} +3 -3
  41. package/dist/{http-DREvFalF.cjs → http-D_BI5KHC.cjs} +3 -3
  42. package/dist/{http-BEo67UOx.js → http-DbyMqL2X.js} +2 -2
  43. package/dist/{inbox-D-B5xFtJ.js → inbox-DQlf_-Dz.js} +24 -7
  44. package/dist/{key-DJpcumqB.js → key-BBzfhQGE.js} +4 -4
  45. package/dist/key-BMz_uAnc.cjs +10 -0
  46. package/dist/{key-Cps8Sv3N.js → key-BSJX6n9o.js} +2 -2
  47. package/dist/{key-JqiQvcq1.cjs → key-D-RgWfcf.cjs} +2 -2
  48. package/dist/{key-Cf8KTg-A.js → key-DFefr8X2.js} +2 -2
  49. package/dist/{key-DqrTz8Xq.js → key-DW2DrPGl.js} +3 -3
  50. package/dist/{keycache-D_Q1fPV0.js → keycache-CcIfdj0m.js} +1 -1
  51. package/dist/{keys-F0jh2GNR.js → keys-DnSaJmvD.js} +1 -1
  52. package/dist/{ld-CXygHn_m.js → ld-CAJ6Q2od.js} +2 -2
  53. package/dist/{lookup-C-Y0Ep1a.cjs → lookup-B2Bsau2g.cjs} +1 -1
  54. package/dist/{lookup-C6WSLjPE.js → lookup-BGCuyJRy.js} +1 -1
  55. package/dist/{lookup-DuqY2_In.js → lookup-C3pnuyiD.js} +21 -12
  56. package/dist/{middleware-2qNNXYEE.js → middleware-1oxZY_0z.js} +78 -56
  57. package/dist/middleware-B8WWe8Q2.js +26 -0
  58. package/dist/{middleware-CMiUxZ6O.js → middleware-BDqkoMAQ.js} +48 -49
  59. package/dist/{middleware-BsFAFlnZ.cjs → middleware-D0XMPoN8.cjs} +78 -56
  60. package/dist/middleware-DipQbJmB.js +17 -0
  61. package/dist/middleware-mLaQeD_Z.cjs +17 -0
  62. package/dist/{mod-Drmz72EK.d.ts → mod-BhUKmBJD.d.ts} +2 -2
  63. package/dist/{mod-TFoH2Ql8.d.ts → mod-CerN_Sza.d.ts} +1 -1
  64. package/dist/{mod-Dc_-mf8s.d.cts → mod-Cj1tHXBR.d.cts} +1 -1
  65. package/dist/{mod-evzlRVZq.d.cts → mod-CxkWO3Mg.d.cts} +19 -1
  66. package/dist/{mod-B26zRlH1.d.ts → mod-DcKxhFQ8.d.ts} +2 -2
  67. package/dist/{mod-BClfg3ej.d.cts → mod-Djzcw2ry.d.cts} +2 -2
  68. package/dist/{mod-Cxt4Kpf6.d.ts → mod-DlU8ISoa.d.ts} +19 -1
  69. package/dist/{mod-DBQAI4v9.d.cts → mod-twdvV2hR.d.cts} +2 -2
  70. package/dist/mod.cjs +10 -10
  71. package/dist/mod.d.cts +10 -10
  72. package/dist/mod.d.ts +10 -10
  73. package/dist/mod.js +10 -10
  74. package/dist/nodeinfo/client.test.js +5 -5
  75. package/dist/nodeinfo/handler.test.js +16 -16
  76. package/dist/nodeinfo/mod.cjs +2 -2
  77. package/dist/nodeinfo/mod.js +2 -2
  78. package/dist/nodeinfo/types.test.js +3 -3
  79. package/dist/{owner-B-7Ptt_m.d.cts → owner-BN_tO3cY.d.cts} +2 -2
  80. package/dist/{owner-D2fTlp_x.js → owner-CaIfLBwg.js} +2 -2
  81. package/dist/{owner-CQPnQVtf.d.ts → owner-hd9lvQcP.d.ts} +2 -2
  82. package/dist/{proof-C4Y4gJcm.cjs → proof-AhyVJcNZ.cjs} +3 -3
  83. package/dist/{proof-kEUjWRNJ.js → proof-BQwXHakc.js} +2 -2
  84. package/dist/{proof-CHM9su4L.js → proof-CKXppjee.js} +3 -3
  85. package/dist/runtime/authdocloader.test.js +9 -9
  86. package/dist/runtime/docloader.test.js +4 -4
  87. package/dist/runtime/key.test.js +5 -5
  88. package/dist/runtime/langstr.test.js +3 -3
  89. package/dist/runtime/link.test.js +3 -3
  90. package/dist/runtime/mod.cjs +6 -6
  91. package/dist/runtime/mod.d.cts +3 -3
  92. package/dist/runtime/mod.d.ts +3 -3
  93. package/dist/runtime/mod.js +6 -6
  94. package/dist/runtime/multibase/multibase.test.js +3 -3
  95. package/dist/runtime/url.test.js +3 -3
  96. package/dist/{send-Utq2Jm0I.js → send-DQd3R1Oc.js} +2 -2
  97. package/dist/sig/http.test.js +8 -8
  98. package/dist/sig/key.test.js +6 -6
  99. package/dist/sig/ld.test.js +7 -7
  100. package/dist/sig/mod.cjs +6 -6
  101. package/dist/sig/mod.d.cts +5 -5
  102. package/dist/sig/mod.d.ts +5 -5
  103. package/dist/sig/mod.js +6 -6
  104. package/dist/sig/owner.test.js +7 -7
  105. package/dist/sig/proof.test.js +7 -7
  106. package/dist/testing/docloader.test.js +3 -3
  107. package/dist/testing/mod.d.ts +391 -86
  108. package/dist/testing/mod.js +3 -3
  109. package/dist/{testing-DUpTIvNE.js → testing-BljKU-GG.js} +2 -2
  110. package/dist/{type-BYN6Ax2M.js → type-COb6KNlm.js} +6943 -2120
  111. package/dist/{types-BXkh8ctL.js → types-CEn4wB51.js} +1 -1
  112. package/dist/{types-BBpQe860.cjs → types-DI0yutHB.cjs} +1 -1
  113. package/dist/vocab/actor.test.js +5 -5
  114. package/dist/vocab/lookup.test.js +255 -5
  115. package/dist/vocab/mod.cjs +4 -4
  116. package/dist/vocab/mod.d.cts +3 -3
  117. package/dist/vocab/mod.d.ts +3 -3
  118. package/dist/vocab/mod.js +4 -4
  119. package/dist/vocab/type.test.js +3 -3
  120. package/dist/vocab/vocab.test.js +397 -8
  121. package/dist/{vocab-SOE1ifCr.d.ts → vocab-BI0Ak5lL.d.ts} +290 -0
  122. package/dist/{vocab-PKJB4DyY.js → vocab-CkWH9P5l.js} +23 -14
  123. package/dist/{vocab-DJTYMqyU.d.cts → vocab-Dw1-yVGg.d.cts} +290 -0
  124. package/dist/{vocab-DWZQ7gVQ.cjs → vocab-NZXL5Pr-.cjs} +23 -14
  125. package/dist/webfinger/handler.test.js +16 -16
  126. package/dist/webfinger/lookup.test.js +4 -4
  127. package/dist/webfinger/mod.cjs +2 -2
  128. package/dist/webfinger/mod.js +2 -2
  129. package/dist/x/cfworkers.test.js +3 -3
  130. package/dist/x/hono.d.cts +6 -6
  131. package/dist/x/hono.d.ts +6 -6
  132. package/dist/x/sveltekit.d.cts +6 -6
  133. package/dist/x/sveltekit.d.ts +6 -6
  134. package/package.json +1 -1
  135. package/dist/key-BvvbahfP.cjs +0 -10
  136. package/dist/middleware-BD1IE5O5.js +0 -26
  137. package/dist/middleware-BuZrvrDv.js +0 -17
  138. package/dist/middleware-h_3nRr8m.cjs +0 -17
package/dist/{vocab-PKJB4DyY.js → vocab-CkWH9P5l.js} RENAMED
@@ -2,9 +2,9 @@
2
2
  import { Temporal } from "@js-temporal/polyfill";
3
3
  import { URLPattern } from "urlpattern-polyfill";
4
4
 
5
- import { deno_default, getDocumentLoader } from "./docloader-_WdHTWQR.js";
6
- import { Object as Object$1, getTypeId } from "./actor-m_ko-86v.js";
7
- import { lookupWebFinger } from "./lookup-C6WSLjPE.js";
5
+ import { deno_default, getDocumentLoader } from "./docloader-AMdJU291.js";
6
+ import { Object as Object$1, getTypeId } from "./actor-C0gLJq8I.js";
7
+ import { lookupWebFinger } from "./lookup-BGCuyJRy.js";
8
8
  import { getLogger } from "@logtape/logtape";
9
9
  import { SpanStatusCode, trace } from "@opentelemetry/api";
10
10
  import { delay } from "es-toolkit";
@@ -152,14 +152,13 @@ async function lookupObject(identifier, options = {}) {
152
152
  async function lookupObjectInternal(identifier, options = {}) {
153
153
  const documentLoader = options.documentLoader ?? getDocumentLoader({ userAgent: options.userAgent });
154
154
  if (typeof identifier === "string") identifier = toAcctUrl(identifier) ?? new URL(identifier);
155
- let document = null;
155
+ let remoteDoc = null;
156
156
  if (identifier.protocol === "http:" || identifier.protocol === "https:") try {
157
- const remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
158
- document = remoteDoc.document;
157
+ remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
159
158
  } catch (error) {
160
159
  logger.debug("Failed to fetch remote document:\n{error}", { error });
161
160
  }
162
- if (document == null) {
161
+ if (remoteDoc == null) {
163
162
  const jrd = await lookupWebFinger(identifier, {
164
163
  userAgent: options.userAgent,
165
164
  tracerProvider: options.tracerProvider,
@@ -170,8 +169,7 @@ async function lookupObjectInternal(identifier, options = {}) {
170
169
  for (const l of jrd.links) {
171
170
  if (l.type !== "application/activity+json" && !l.type?.match(/application\/ld\+json;\s*profile="https:\/\/www.w3.org\/ns\/activitystreams"/) || l.rel !== "self" || l.href == null) continue;
172
171
  try {
173
- const remoteDoc = await documentLoader(l.href, { signal: options.signal });
174
- document = remoteDoc.document;
172
+ remoteDoc = await documentLoader(l.href, { signal: options.signal });
175
173
  break;
176
174
  } catch (error) {
177
175
  logger.debug("Failed to fetch remote document:\n{error}", { error });
@@ -179,23 +177,34 @@ async function lookupObjectInternal(identifier, options = {}) {
179
177
  }
180
178
  }
181
179
  }
182
- if (document == null) return null;
180
+ if (remoteDoc == null) return null;
181
+ let object;
183
182
  try {
184
- return await Object$1.fromJsonLd(document, {
183
+ object = await Object$1.fromJsonLd(remoteDoc.document, {
185
184
  documentLoader,
186
185
  contextLoader: options.contextLoader,
187
- tracerProvider: options.tracerProvider
186
+ tracerProvider: options.tracerProvider,
187
+ baseUrl: new URL(remoteDoc.documentUrl)
188
188
  });
189
189
  } catch (error) {
190
190
  if (error instanceof TypeError) {
191
191
  logger.debug("Failed to parse JSON-LD document: {error}\n{document}", {
192
- error,
193
- document
192
+ ...remoteDoc,
193
+ error
194
194
  });
195
195
  return null;
196
196
  }
197
197
  throw error;
198
198
  }
199
+ if (options.crossOrigin !== "trust" && object.id != null && object.id.origin !== new URL(remoteDoc.documentUrl).origin) {
200
+ if (options.crossOrigin === "throw") throw new Error(`The object's @id (${object.id.href}) has a different origin than the document URL (${remoteDoc.documentUrl}); refusing to return the object. If you want to bypass this check and are aware of the security implications, set the crossOrigin option to "trust".`);
201
+ logger.warn("The object's @id ({objectId}) has a different origin than the document URL ({documentUrl}); refusing to return the object. If you want to bypass this check and are aware of the security implications, set the crossOrigin option to \"trust\".", {
202
+ ...remoteDoc,
203
+ objectId: object.id.href
204
+ });
205
+ return null;
206
+ }
207
+ return object;
199
208
  }
200
209
  /**
201
210
  * Traverses a collection, yielding each item in the collection.