npm - @fedify/fedify - Versions diffs - 2.0.0-pr.435.1673 → 2.0.0-pr.449.1725 - Mend

@fedify/fedify 2.0.0-pr.435.1673 → 2.0.0-pr.449.1725

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/dist/{actor-m_ko-86v.js → actor-C0gLJq8I.js} +7263 -2440
package/dist/{actor-CNUje03O.cjs → actor-CsRJa7wV.cjs} +7263 -2440
package/dist/{actor-DMgu-ZjT.d.cts → actor-D6K058Tb.d.cts} +1 -1
package/dist/{actor-C22bXuuC.d.ts → actor-T6RyhRgk.d.ts} +1 -1
package/dist/{actor-BxAu0qet.js → actor-VrXd7EdX.js} +1 -1
package/dist/{authdocloader-nRFL9luh.js → authdocloader-6F9IP-VO.js} +3 -3
package/dist/{authdocloader-D_3mtAjX.cjs → authdocloader-BkuVo8LL.cjs} +3 -3
package/dist/{authdocloader-Chl2nuOI.js → authdocloader-C8LXxsmU.js} +3 -3
package/dist/{builder-C8Of4dPy.js → builder-JjsppXTK.js} +14 -8
package/dist/{client-yGBH5stP.js → client-BS-GE3XI.js} +1 -1
package/dist/compat/mod.d.cts +7 -7
package/dist/compat/mod.d.ts +7 -7
package/dist/compat/transformers.test.js +16 -16
package/dist/{context-CQsAT7xk.d.ts → context-B1X8-X33.d.ts} +186 -98
package/dist/{context-tVOQ76fi.d.cts → context-DYCJXr7J.d.cts} +186 -98
package/dist/{docloader-_WdHTWQR.js → docloader-AMdJU291.js} +1 -1
package/dist/{docloader-SZjTrl6Z.cjs → docloader-BdF5STdg.cjs} +1 -1
package/dist/{esm-e_G_xo95.js → esm-CvUgdJZ_.js} +1 -1
package/dist/federation/builder.test.js +5 -5
package/dist/federation/collection.test.js +3 -3
package/dist/federation/handler.test.js +17 -17
package/dist/federation/idempotency.test.d.ts +3 -0
package/dist/federation/idempotency.test.js +202 -0
package/dist/federation/inbox.test.js +4 -4
package/dist/federation/keycache.test.js +4 -4
package/dist/federation/kv.test.js +3 -3
package/dist/federation/middleware.test.js +24 -47
package/dist/federation/mod.cjs +10 -10
package/dist/federation/mod.d.cts +7 -7
package/dist/federation/mod.d.ts +7 -7
package/dist/federation/mod.js +10 -10
package/dist/federation/mq.test.js +3 -3
package/dist/federation/negotiation.test.js +3 -3
package/dist/federation/retry.test.js +3 -3
package/dist/federation/router.test.js +3 -3
package/dist/federation/send.test.js +10 -10
package/dist/fixtures/media.example.com/avatars/test-avatar.jpg.json +6 -0
package/dist/{http-BS6766zs.d.cts → http-D-e6AFwR.d.cts} +1 -1
package/dist/{http-DqSNLFNY.d.ts → http-D6Uj2x2y.d.ts} +1 -1
package/dist/{http-BpoEurUR.js → http-DVQEn98K.js} +3 -3
package/dist/{http-DREvFalF.cjs → http-D_BI5KHC.cjs} +3 -3
package/dist/{http-BEo67UOx.js → http-DbyMqL2X.js} +2 -2
package/dist/{inbox-D-B5xFtJ.js → inbox-DQlf_-Dz.js} +24 -7
package/dist/{key-DJpcumqB.js → key-BBzfhQGE.js} +4 -4
package/dist/key-BMz_uAnc.cjs +10 -0
package/dist/{key-Cps8Sv3N.js → key-BSJX6n9o.js} +2 -2
package/dist/{key-JqiQvcq1.cjs → key-D-RgWfcf.cjs} +2 -2
package/dist/{key-Cf8KTg-A.js → key-DFefr8X2.js} +2 -2
package/dist/{key-DqrTz8Xq.js → key-DW2DrPGl.js} +3 -3
package/dist/{keycache-D_Q1fPV0.js → keycache-CcIfdj0m.js} +1 -1
package/dist/{keys-F0jh2GNR.js → keys-DnSaJmvD.js} +1 -1
package/dist/{ld-CXygHn_m.js → ld-CAJ6Q2od.js} +2 -2
package/dist/{lookup-C-Y0Ep1a.cjs → lookup-B2Bsau2g.cjs} +1 -1
package/dist/{lookup-C6WSLjPE.js → lookup-BGCuyJRy.js} +1 -1
package/dist/{lookup-DuqY2_In.js → lookup-C3pnuyiD.js} +21 -12
package/dist/{middleware-2qNNXYEE.js → middleware-1oxZY_0z.js} +78 -56
package/dist/middleware-B8WWe8Q2.js +26 -0
package/dist/{middleware-CMiUxZ6O.js → middleware-BDqkoMAQ.js} +48 -49
package/dist/{middleware-BsFAFlnZ.cjs → middleware-D0XMPoN8.cjs} +78 -56
package/dist/middleware-DipQbJmB.js +17 -0
package/dist/middleware-mLaQeD_Z.cjs +17 -0
package/dist/{mod-Drmz72EK.d.ts → mod-BhUKmBJD.d.ts} +2 -2
package/dist/{mod-TFoH2Ql8.d.ts → mod-CerN_Sza.d.ts} +1 -1
package/dist/{mod-Dc_-mf8s.d.cts → mod-Cj1tHXBR.d.cts} +1 -1
package/dist/{mod-evzlRVZq.d.cts → mod-CxkWO3Mg.d.cts} +19 -1
package/dist/{mod-B26zRlH1.d.ts → mod-DcKxhFQ8.d.ts} +2 -2
package/dist/{mod-BClfg3ej.d.cts → mod-Djzcw2ry.d.cts} +2 -2
package/dist/{mod-Cxt4Kpf6.d.ts → mod-DlU8ISoa.d.ts} +19 -1
package/dist/{mod-DBQAI4v9.d.cts → mod-twdvV2hR.d.cts} +2 -2
package/dist/mod.cjs +10 -10
package/dist/mod.d.cts +10 -10
package/dist/mod.d.ts +10 -10
package/dist/mod.js +10 -10
package/dist/nodeinfo/client.test.js +5 -5
package/dist/nodeinfo/handler.test.js +16 -16
package/dist/nodeinfo/mod.cjs +2 -2
package/dist/nodeinfo/mod.js +2 -2
package/dist/nodeinfo/types.test.js +3 -3
package/dist/{owner-B-7Ptt_m.d.cts → owner-BN_tO3cY.d.cts} +2 -2
package/dist/{owner-D2fTlp_x.js → owner-CaIfLBwg.js} +2 -2
package/dist/{owner-CQPnQVtf.d.ts → owner-hd9lvQcP.d.ts} +2 -2
package/dist/{proof-C4Y4gJcm.cjs → proof-AhyVJcNZ.cjs} +3 -3
package/dist/{proof-kEUjWRNJ.js → proof-BQwXHakc.js} +2 -2
package/dist/{proof-CHM9su4L.js → proof-CKXppjee.js} +3 -3
package/dist/runtime/authdocloader.test.js +9 -9
package/dist/runtime/docloader.test.js +4 -4
package/dist/runtime/key.test.js +5 -5
package/dist/runtime/langstr.test.js +3 -3
package/dist/runtime/link.test.js +3 -3
package/dist/runtime/mod.cjs +6 -6
package/dist/runtime/mod.d.cts +3 -3
package/dist/runtime/mod.d.ts +3 -3
package/dist/runtime/mod.js +6 -6
package/dist/runtime/multibase/multibase.test.js +3 -3
package/dist/runtime/url.test.js +3 -3
package/dist/{send-Utq2Jm0I.js → send-DQd3R1Oc.js} +2 -2
package/dist/sig/http.test.js +8 -8
package/dist/sig/key.test.js +6 -6
package/dist/sig/ld.test.js +7 -7
package/dist/sig/mod.cjs +6 -6
package/dist/sig/mod.d.cts +5 -5
package/dist/sig/mod.d.ts +5 -5
package/dist/sig/mod.js +6 -6
package/dist/sig/owner.test.js +7 -7
package/dist/sig/proof.test.js +7 -7
package/dist/testing/docloader.test.js +3 -3
package/dist/testing/mod.d.ts +391 -86
package/dist/testing/mod.js +3 -3
package/dist/{testing-DUpTIvNE.js → testing-BljKU-GG.js} +2 -2
package/dist/{type-BYN6Ax2M.js → type-COb6KNlm.js} +6943 -2120
package/dist/{types-BXkh8ctL.js → types-CEn4wB51.js} +1 -1
package/dist/{types-BBpQe860.cjs → types-DI0yutHB.cjs} +1 -1
package/dist/vocab/actor.test.js +5 -5
package/dist/vocab/lookup.test.js +255 -5
package/dist/vocab/mod.cjs +4 -4
package/dist/vocab/mod.d.cts +3 -3
package/dist/vocab/mod.d.ts +3 -3
package/dist/vocab/mod.js +4 -4
package/dist/vocab/type.test.js +3 -3
package/dist/vocab/vocab.test.js +397 -8
package/dist/{vocab-SOE1ifCr.d.ts → vocab-BI0Ak5lL.d.ts} +290 -0
package/dist/{vocab-PKJB4DyY.js → vocab-CkWH9P5l.js} +23 -14
package/dist/{vocab-DJTYMqyU.d.cts → vocab-Dw1-yVGg.d.cts} +290 -0
package/dist/{vocab-DWZQ7gVQ.cjs → vocab-NZXL5Pr-.cjs} +23 -14
package/dist/webfinger/handler.test.js +16 -16
package/dist/webfinger/lookup.test.js +4 -4
package/dist/webfinger/mod.cjs +2 -2
package/dist/webfinger/mod.js +2 -2
package/dist/x/cfworkers.test.js +3 -3
package/dist/x/hono.d.cts +6 -6
package/dist/x/hono.d.ts +6 -6
package/dist/x/sveltekit.d.cts +6 -6
package/dist/x/sveltekit.d.ts +6 -6
package/package.json +1 -1
package/dist/key-BvvbahfP.cjs +0 -10
package/dist/middleware-BD1IE5O5.js +0 -26
package/dist/middleware-BuZrvrDv.js +0 -17
package/dist/middleware-h_3nRr8m.cjs +0 -17

package/dist/{http-BS6766zs.d.cts → http-D-e6AFwR.d.cts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import { DocumentLoader } from "./docloader-D-MrRyHl.cjs";
-import { CryptographicKey, Multikey } from "./vocab-DJTYMqyU.cjs";
+import { CryptographicKey, Multikey } from "./vocab-Dw1-yVGg.cjs";
 import { TracerProvider } from "@opentelemetry/api";
 //#region src/sig/key.d.ts

package/dist/{http-DqSNLFNY.d.ts → http-D6Uj2x2y.d.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 import { DocumentLoader } from "./docloader-CxWcuWqQ.js";
-import { CryptographicKey, Multikey } from "./vocab-SOE1ifCr.js";
+import { CryptographicKey, Multikey } from "./vocab-BI0Ak5lL.js";
 import { TracerProvider } from "@opentelemetry/api";
 //#region src/sig/key.d.ts

package/dist/{http-BpoEurUR.js → http-DVQEn98K.js} RENAMED Viewed

@@ -2,9 +2,9 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
-import { deno_default } from "./docloader-_WdHTWQR.js";
-import { CryptographicKey } from "./actor-m_ko-86v.js";
-import { fetchKey, validateCryptoKey } from "./key-Cf8KTg-A.js";
+import { deno_default } from "./docloader-AMdJU291.js";
+import { CryptographicKey } from "./actor-C0gLJq8I.js";
+import { fetchKey, validateCryptoKey } from "./key-DFefr8X2.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";

package/dist/{http-DREvFalF.cjs → http-D_BI5KHC.cjs} RENAMED Viewed

@@ -3,9 +3,9 @@
           const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-SZjTrl6Z.cjs');
-const require_actor = require('./actor-CNUje03O.cjs');
-const require_key = require('./key-JqiQvcq1.cjs');
+const require_docloader = require('./docloader-BdF5STdg.cjs');
+const require_actor = require('./actor-CsRJa7wV.cjs');
+const require_key = require('./key-D-RgWfcf.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
 const byte_encodings_base64 = require_chunk.__toESM(require("byte-encodings/base64"));

package/dist/{http-BEo67UOx.js → http-DbyMqL2X.js} RENAMED Viewed

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { CryptographicKey, deno_default } from "./type-BYN6Ax2M.js";
-import { fetchKey, validateCryptoKey } from "./key-Cps8Sv3N.js";
+import { CryptographicKey, deno_default } from "./type-COb6KNlm.js";
+import { fetchKey, validateCryptoKey } from "./key-BSJX6n9o.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";

package/dist/{inbox-D-B5xFtJ.js → inbox-DQlf_-Dz.js} RENAMED Viewed

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { Activity, deno_default, getTypeId } from "./type-BYN6Ax2M.js";
+import { Activity, deno_default, getTypeId } from "./type-COb6KNlm.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -41,17 +41,34 @@ var InboxListenerSet = class InboxListenerSet {
 		return this.dispatchWithClass(activity)?.listener ?? null;
 	}
 };
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger = getLogger([
 		"fedify",
 		"federation",
 		"inbox"
 	]);
-	const cacheKey = activity.id == null ? null : [
-		...kvPrefixes.activityIdempotence,
-		ctx.origin,
-		activity.id.href
-	];
+	let cacheKey = null;
+	if (activity.id != null) {
+		const inboxContext = inboxContextFactory(recipient, json, activity.id?.href, getTypeId(activity).href);
+		const strategy = idempotencyStrategy ?? "per-inbox";
+		let keyString;
+		if (typeof strategy === "function") {
+			const result = await strategy(inboxContext, activity);
+			keyString = result;
+		} else switch (strategy) {
+			case "global":
+				keyString = activity.id.href;
+				break;
+			case "per-origin":
+				keyString = `${ctx.origin}\n${activity.id.href}`;
+				break;
+			case "per-inbox":
+				keyString = `${ctx.origin}\n${activity.id.href}\n${recipient == null ? "sharedInbox" : `inbox\n${recipient}`}`;
+				break;
+			default: keyString = `${ctx.origin}\n${activity.id.href}`;
+		}
+		if (keyString != null) cacheKey = [...kvPrefixes.activityIdempotence, keyString];
+	}
 	if (cacheKey != null) {
 		const cached = await kv.get(cacheKey);
 		if (cached === true) {

package/dist/{key-DJpcumqB.js → key-BBzfhQGE.js} RENAMED Viewed

@@ -2,9 +2,9 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
-import "./docloader-_WdHTWQR.js";
-import "./actor-m_ko-86v.js";
-import "./lookup-C6WSLjPE.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-Cf8KTg-A.js";
+import "./docloader-AMdJU291.js";
+import "./actor-C0gLJq8I.js";
+import "./lookup-BGCuyJRy.js";
+import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-DFefr8X2.js";
 export { validateCryptoKey };

package/dist/key-BMz_uAnc.cjs ADDED Viewed

@@ -0,0 +1,10 @@
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+require('./docloader-BdF5STdg.cjs');
+require('./actor-CsRJa7wV.cjs');
+require('./lookup-B2Bsau2g.cjs');
+const require_key = require('./key-D-RgWfcf.cjs');
+exports.validateCryptoKey = require_key.validateCryptoKey;

package/dist/{key-Cps8Sv3N.js → key-BSJX6n9o.js} RENAMED Viewed

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { CryptographicKey, Object as Object$1, deno_default, getDocumentLoader } from "./type-BYN6Ax2M.js";
-import { isActor } from "./actor-BxAu0qet.js";
+import { CryptographicKey, Object as Object$1, deno_default, getDocumentLoader } from "./type-COb6KNlm.js";
+import { isActor } from "./actor-VrXd7EdX.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";

package/dist/{key-JqiQvcq1.cjs → key-D-RgWfcf.cjs} RENAMED Viewed

@@ -3,8 +3,8 @@
           const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-SZjTrl6Z.cjs');
-const require_actor = require('./actor-CNUje03O.cjs');
+const require_docloader = require('./docloader-BdF5STdg.cjs');
+const require_actor = require('./actor-CsRJa7wV.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));

package/dist/{key-Cf8KTg-A.js → key-DFefr8X2.js} RENAMED Viewed

@@ -2,8 +2,8 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
-import { deno_default, getDocumentLoader } from "./docloader-_WdHTWQR.js";
-import { CryptographicKey, Object as Object$1, isActor } from "./actor-m_ko-86v.js";
+import { deno_default, getDocumentLoader } from "./docloader-AMdJU291.js";
+import { CryptographicKey, Object as Object$1, isActor } from "./actor-C0gLJq8I.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";

package/dist/{key-DqrTz8Xq.js → key-DW2DrPGl.js} RENAMED Viewed

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import "./type-BYN6Ax2M.js";
-import "./actor-BxAu0qet.js";
-import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-Cps8Sv3N.js";
+import "./type-COb6KNlm.js";
+import "./actor-VrXd7EdX.js";
+import { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey } from "./key-BSJX6n9o.js";
 export { validateCryptoKey };

package/dist/{keycache-D_Q1fPV0.js → keycache-CcIfdj0m.js} RENAMED Viewed

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { CryptographicKey, Multikey } from "./type-BYN6Ax2M.js";
+import { CryptographicKey, Multikey } from "./type-COb6KNlm.js";
 //#region src/federation/keycache.ts
 var KvKeyCache = class {

package/dist/{keys-F0jh2GNR.js → keys-DnSaJmvD.js} RENAMED Viewed

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { CryptographicKey, Multikey, importSpki } from "./type-BYN6Ax2M.js";
+import { CryptographicKey, Multikey, importSpki } from "./type-COb6KNlm.js";
 //#region src/testing/keys.ts
 const rsaPublicKey1 = new CryptographicKey({

package/dist/{ld-CXygHn_m.js → ld-CAJ6Q2od.js} RENAMED Viewed

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-BYN6Ax2M.js";
-import { fetchKey, validateCryptoKey } from "./key-Cps8Sv3N.js";
+import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-COb6KNlm.js";
+import { fetchKey, validateCryptoKey } from "./key-BSJX6n9o.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";

package/dist/{lookup-C-Y0Ep1a.cjs → lookup-B2Bsau2g.cjs} RENAMED Viewed

@@ -3,7 +3,7 @@
           const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-SZjTrl6Z.cjs');
+const require_docloader = require('./docloader-BdF5STdg.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));

package/dist/{lookup-C6WSLjPE.js → lookup-BGCuyJRy.js} RENAMED Viewed

@@ -2,7 +2,7 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
-import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-_WdHTWQR.js";
+import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-AMdJU291.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";

package/dist/{lookup-DuqY2_In.js → lookup-C3pnuyiD.js} RENAMED Viewed

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
-import { Object as Object$1, deno_default, getDocumentLoader, getTypeId, lookupWebFinger } from "./type-BYN6Ax2M.js";
+import { Object as Object$1, deno_default, getDocumentLoader, getTypeId, lookupWebFinger } from "./type-COb6KNlm.js";
 import { cloneDeep, delay } from "es-toolkit";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
@@ -240,14 +240,13 @@ async function lookupObject(identifier, options = {}) {
 async function lookupObjectInternal(identifier, options = {}) {
 	const documentLoader = options.documentLoader ?? getDocumentLoader({ userAgent: options.userAgent });
 	if (typeof identifier === "string") identifier = toAcctUrl(identifier) ?? new URL(identifier);
-	let document = null;
+	let remoteDoc = null;
 	if (identifier.protocol === "http:" || identifier.protocol === "https:") try {
-		const remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
-		document = remoteDoc.document;
+		remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
 	} catch (error) {
 		logger.debug("Failed to fetch remote document:\n{error}", { error });
 	}
-	if (document == null) {
+	if (remoteDoc == null) {
 		const jrd = await lookupWebFinger(identifier, {
 			userAgent: options.userAgent,
 			tracerProvider: options.tracerProvider,
@@ -258,8 +257,7 @@ async function lookupObjectInternal(identifier, options = {}) {
 		for (const l of jrd.links) {
 			if (l.type !== "application/activity+json" && !l.type?.match(/application\/ld\+json;\s*profile="https:\/\/www.w3.org\/ns\/activitystreams"/) || l.rel !== "self" || l.href == null) continue;
 			try {
-				const remoteDoc = await documentLoader(l.href, { signal: options.signal });
-				document = remoteDoc.document;
+				remoteDoc = await documentLoader(l.href, { signal: options.signal });
 				break;
 			} catch (error) {
 				logger.debug("Failed to fetch remote document:\n{error}", { error });
@@ -267,23 +265,34 @@ async function lookupObjectInternal(identifier, options = {}) {
 			}
 		}
 	}
-	if (document == null) return null;
+	if (remoteDoc == null) return null;
+	let object;
 	try {
-		return await Object$1.fromJsonLd(document, {
+		object = await Object$1.fromJsonLd(remoteDoc.document, {
 			documentLoader,
 			contextLoader: options.contextLoader,
-			tracerProvider: options.tracerProvider
+			tracerProvider: options.tracerProvider,
+			baseUrl: new URL(remoteDoc.documentUrl)
 		});
 	} catch (error) {
 		if (error instanceof TypeError) {
 			logger.debug("Failed to parse JSON-LD document: {error}\n{document}", {
-				error,
-				document
+				...remoteDoc,
+				error
 			});
 			return null;
 		}
 		throw error;
 	}
+	if (options.crossOrigin !== "trust" && object.id != null && object.id.origin !== new URL(remoteDoc.documentUrl).origin) {
+		if (options.crossOrigin === "throw") throw new Error(`The object's @id (${object.id.href}) has a different origin than the document URL (${remoteDoc.documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to "trust".`);
+		logger.warn("The object's @id ({objectId}) has a different origin than the document URL ({documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to \"trust\".", {
+			...remoteDoc,
+			objectId: object.id.href
+		});
+		return null;
+	}
+	return object;
 }
 /**
 * Traverses a collection, yielding each item in the collection.

package/dist/{middleware-2qNNXYEE.js → middleware-1oxZY_0z.js} RENAMED Viewed

@@ -3,15 +3,15 @@
           import { URLPattern } from "urlpattern-polyfill";
 import { getDefaultActivityTransformers } from "./transformers-BFT6d7J5.js";
-import { deno_default, getDocumentLoader, kvCache } from "./docloader-_WdHTWQR.js";
-import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId } from "./actor-m_ko-86v.js";
-import { lookupWebFinger } from "./lookup-C6WSLjPE.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-Cf8KTg-A.js";
-import { doubleKnock, verifyRequest } from "./http-BpoEurUR.js";
-import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-CHM9su4L.js";
-import { getNodeInfo, nodeInfoToJson } from "./types-BXkh8ctL.js";
-import { getAuthenticatedDocumentLoader } from "./authdocloader-nRFL9luh.js";
-import { lookupObject, traverseCollection } from "./vocab-PKJB4DyY.js";
+import { deno_default, getDocumentLoader, kvCache } from "./docloader-AMdJU291.js";
+import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId } from "./actor-C0gLJq8I.js";
+import { lookupWebFinger } from "./lookup-BGCuyJRy.js";
+import { exportJwk, importJwk, validateCryptoKey } from "./key-DFefr8X2.js";
+import { doubleKnock, verifyRequest } from "./http-DVQEn98K.js";
+import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-CKXppjee.js";
+import { getNodeInfo, nodeInfoToJson } from "./types-CEn4wB51.js";
+import { getAuthenticatedDocumentLoader } from "./authdocloader-6F9IP-VO.js";
+import { lookupObject, traverseCollection } from "./vocab-CkWH9P5l.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 import { encodeHex } from "byte-encodings/hex";
@@ -55,17 +55,34 @@ var InboxListenerSet = class InboxListenerSet {
 		return this.dispatchWithClass(activity)?.listener ?? null;
 	}
 };
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
 		"inbox"
 	]);
-	const cacheKey = activity.id == null ? null : [
-		...kvPrefixes.activityIdempotence,
-		ctx.origin,
-		activity.id.href
-	];
+	let cacheKey = null;
+	if (activity.id != null) {
+		const inboxContext = inboxContextFactory(recipient, json, activity.id?.href, getTypeId(activity).href);
+		const strategy = idempotencyStrategy ?? "per-inbox";
+		let keyString;
+		if (typeof strategy === "function") {
+			const result = await strategy(inboxContext, activity);
+			keyString = result;
+		} else switch (strategy) {
+			case "global":
+				keyString = activity.id.href;
+				break;
+			case "per-origin":
+				keyString = `${ctx.origin}\n${activity.id.href}`;
+				break;
+			case "per-inbox":
+				keyString = `${ctx.origin}\n${activity.id.href}\n${recipient == null ? "sharedInbox" : `inbox\n${recipient}`}`;
+				break;
+			default: keyString = `${ctx.origin}\n${activity.id.href}`;
+		}
+		if (keyString != null) cacheKey = [...kvPrefixes.activityIdempotence, keyString];
+	}
 	if (cacheKey != null) {
 		const cached = await kv.get(cacheKey);
 		if (cached === true) {
@@ -307,6 +324,7 @@ var FederationBuilderImpl = class {
 	inboxListeners;
 	inboxErrorHandler;
 	sharedInboxKeyDispatcher;
+	idempotencyStrategy;
 	collectionTypeIds;
 	collectionCallbacks;
 	/**
@@ -321,7 +339,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await import("./middleware-BuZrvrDv.js");
+		const { FederationImpl: FederationImpl$1 } = await import("./middleware-DipQbJmB.js");
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -343,6 +361,7 @@ var FederationBuilderImpl = class {
 		f.inboxListeners = this.inboxListeners?.clone();
 		f.inboxErrorHandler = this.inboxErrorHandler;
 		f.sharedInboxKeyDispatcher = this.sharedInboxKeyDispatcher;
+		f.idempotencyStrategy = this.idempotencyStrategy;
 		return f;
 	}
 	_getTracer() {
@@ -765,15 +784,19 @@ var FederationBuilderImpl = class {
 			setSharedKeyDispatcher: (dispatcher) => {
 				this.sharedInboxKeyDispatcher = dispatcher;
 				return setters;
+			},
+			withIdempotency: (strategy) => {
+				this.idempotencyStrategy = strategy;
+				return setters;
 			}
 		};
 		return setters;
 	}
-	setCollectionDispatcher(name, ...args) {
-		return this.#setCustomCollectionDispatcher(name, "collection", ...args);
+	setCollectionDispatcher(name, itemType, path, dispatcher) {
+		return this.#setCustomCollectionDispatcher(name, "collection", itemType, path, dispatcher);
 	}
-	setOrderedCollectionDispatcher(name, ...args) {
-		return this.#setCustomCollectionDispatcher(name, "orderedCollection", ...args);
+	setOrderedCollectionDispatcher(name, itemType, path, dispatcher) {
+		return this.#setCustomCollectionDispatcher(name, "orderedCollection", itemType, path, dispatcher);
 	}
 	#setCustomCollectionDispatcher(name, collectionType, itemType, path, dispatcher) {
 		const strName = String(name);
@@ -1293,7 +1316,8 @@ async function handleInbox(request, options) {
 * @param span The OpenTelemetry span for tracing.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+async function handleInboxInternal(request, parameters, span) {
+	const { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider } = parameters;
 	const logger$1 = getLogger([
 		"fedify",
 		"federation",
@@ -1495,7 +1519,8 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 		kvPrefixes,
 		queue,
 		span,
-		tracerProvider
+		tracerProvider,
+		idempotencyStrategy: parameters.idempotencyStrategy
 	});
 	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
 		status: 202,
@@ -1525,7 +1550,7 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
 /**
 * Handles a custom collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -1543,7 +1568,7 @@ async function _handleCustomCollection(request, { name, values, context: context
 /**
 * Handles an ordered collection request.
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context, extending {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @param request The HTTP request.
@@ -1563,7 +1588,7 @@ async function _handleOrderedCollection(request, { name, values, context: contex
 * The main flow is on `getCollection`, `dispatch`.
 *
 * @template TItem The type of items in the collection.
-* @template TParams The parameter names of the requested URL.
+* @template TParam The parameter names of the requested URL.
 * @template TContext The type of the context. {@link Context} or {@link RequestContext}.
 * @template TContextData The context data to pass to the `TContext`.
 * @template TCollection The type of the collection, extending {@link Collection}.
@@ -1597,14 +1622,14 @@ var CustomCollectionHandler = class {
 	#collection = null;
 	/**
 	* Creates a new CustomCollection instance.
-	* @param {string} name The name of the collection.
-	* @param {TParams} values The parameter values for the collection.
-	* @param {TContext} context The request context.
-	* @param {CustomCollectionCallbacks} callbacks The collection callbacks.
-	* @param {TracerProvider} tracerProvider The tracer provider for telemetry.
-	* @param {ConstructorWithTypeId<TCollection>} Collection The Collection constructor.
-	* @param {ConstructorWithTypeId<TCollectionPage>} CollectionPage The CollectionPage constructor.
-	* @param {(item: TItem) => boolean} filterPredicate Optional filter predicate for items.
+	* @param name The name of the collection.
+	* @param values The parameter values for the collection.
+	* @param context The request context.
+	* @param callbacks The collection callbacks.
+	* @param tracerProvider The tracer provider for telemetry.
+	* @param Collection The Collection constructor.
+	* @param CollectionPage The CollectionPage constructor.
+	* @param filterPredicate Optional filter predicate for items.
 	*/
 	constructor(name, values, context$1, callbacks, tracerProvider = trace.getTracerProvider(), Collection$1, CollectionPage$1, filterPredicate) {
 		this.name = name;
@@ -1729,7 +1754,7 @@ var CustomCollectionHandler = class {
 	/**
 	* Creates a function to wrap the dispatcher so tracing can be applied.
 	* @param params Parameters including cursor and total items.
-	* @returns {(span: Span) => Promise<PageItems<TItem>>} A function that handles the span operation.
+	* @returns A function that handles the span operation.
 	*/
 	spanPages = ({ totalItems = null, cursor = null }) => async (span) => {
 		try {
@@ -1750,23 +1775,23 @@ var CustomCollectionHandler = class {
 	};
 	/**
 	* Dispatches the collection request to get items.
-	* @param {string | null} cursor The cursor for pagination, or null for the first page.
-	* @returns {Promise<PageItems<TItem>>} A promise that resolves to the page items.
+	* @param cursor The cursor for pagination, or null for the first page.
+	* @returns A promise that resolves to the page items.
 	*/
 	async dispatch(cursor = null) {
 		return await this.#dispatcher(this.context, this.values, cursor) ?? new ItemsNotFoundError().throw();
 	}
 	/**
 	* Filters the items in the collection.
-	* @param {TItem[]} items The items to filter.
-	* @returns {(Object | Link | URL)[]} The filtered items.
+	* @param items The items to filter.
+	* @returns The filtered items.
 	*/
 	filterItems(items) {
 		return filterCollectionItems(items, this.name, this.filterPredicate);
 	}
 	/**
 	* Appends a cursor to the URL if it exists.
-	* @param {string | null | undefined} cursor The cursor to append, or null/undefined.
+	* @param cursor The cursor to append, or null/undefined.
 	* @returns The URL with cursor appended, or null if cursor is null/undefined.
 	*/
 	appendToUrl(cursor) {
@@ -1774,8 +1799,7 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the stored collection or collection page.
-	* @returns {Promise<TCollection | TCollectionPage>} A promise that resolves to
-	the collection or collection page.
+	* @returns A promise that resolves to the collection or collection page.
 	*/
 	get collection() {
 		if (this.#collection === null) this.#collection = this.getCollection();
@@ -1783,8 +1807,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the total number of items in the collection.
-	* @returns {Promise<number | null>} A promise that
-	resolves to the total items count, or null if not available.
+	* @returns A promise that resolves to the total items count,
+	*          or null if not available.
 	*/
 	get totalItems() {
 		if (this.#totalItems === void 0) this.totalItems = this.callbacks.counter?.(this.context, this.values);
@@ -1800,8 +1824,8 @@ var CustomCollectionHandler = class {
 	}
 	/**
 	* Gets the first cursor for pagination.
-	* @returns {Promise<string | null>} A promise that resolves to the first cursor,
-	or null if not available.
+	* @returns A promise that resolves to the first cursor,
+	*          or null if not available.
 	*/
 	get firstCursor() {
 		const cursor = this.callbacks.firstCursor?.(this.context, this.values);
@@ -2325,7 +2349,6 @@ var FederationImpl = class extends FederationBuilderImpl {
 	firstKnock;
 	constructor(options) {
 		super();
-		const logger$1 = getLogger(["fedify", "federation"]);
 		this.kv = options.kv;
 		this.kvPrefixes = {
 			activityIdempotence: ["_fedify", "activityIdempotence"],
@@ -2373,8 +2396,9 @@ var FederationImpl = class extends FederationBuilderImpl {
 		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
 		this._initializeRouter();
 		if (options.allowPrivateAddress || options.userAgent != null) {
-			if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
-			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set documentLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set contextLoaderFactory with allowPrivateAddress or userAgent options.");
+			if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
 		}
 		const { allowPrivateAddress, userAgent } = options;
 		this.allowPrivateAddress = allowPrivateAddress ?? false;
@@ -2388,11 +2412,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				prefix: this.kvPrefixes.remoteDocument
 			});
 		});
-		if (options.contextLoader != null) {
-			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
-			this.contextLoaderFactory = () => options.contextLoader;
-			logger$1.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
-		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
 		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => getAuthenticatedDocumentLoader(identity, {
 			allowPrivateAddress,
 			userAgent,
@@ -2996,7 +3016,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 				nodeInfoDispatcher: this.nodeInfoDispatcher
 			});
 		}
-		if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+		if (request.method !== "POST" && !acceptsJsonLd(request)) return await onNotAcceptable(request);
 		switch (routeName) {
 			case "actor":
 				context$1 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
@@ -3066,7 +3086,8 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound,
 					signatureTimeWindow: this.signatureTimeWindow,
 					skipSignatureVerification: this.skipSignatureVerification,
-					tracerProvider: this.tracerProvider
+					tracerProvider: this.tracerProvider,
+					idempotencyStrategy: this.idempotencyStrategy
 				});
 			case "following": return await handleCollection(request, {
 				name: "following",
@@ -3809,7 +3830,8 @@ var ContextImpl = class ContextImpl {
 			kvPrefixes: this.federation.kvPrefixes,
 			queue: this.federation.inboxQueue,
 			span,
-			tracerProvider: options.tracerProvider ?? this.tracerProvider
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			idempotencyStrategy: this.federation.idempotencyStrategy
 		});
 		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
 	}