@fedify/fedify 2.0.0-pr.445.1694 → 2.0.0-pr.451.1730

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. package/dist/{actor-T6RyhRgk.d.ts → actor-Cd2CREO0.d.ts} +2 -2
  2. package/dist/{actor-D8gCwLzv.js → actor-Cg8ZhoVF.js} +1 -1
  3. package/dist/{actor-CwZ2m5rG.cjs → actor-D020hlx3.cjs} +922 -1451
  4. package/dist/{actor-D6K058Tb.d.cts → actor-DDhZuMGl.d.cts} +2 -2
  5. package/dist/{actor-DoMcqXsW.js → actor-DPD6Gbdn.js} +190 -677
  6. package/dist/{assert_rejects-DiIiJbZn.js → assert_rejects-Ce45JcFg.js} +1 -1
  7. package/dist/{assert_is_error-BPGph1Jx.js → assert_throws-BNXdRGWP.js} +31 -1
  8. package/dist/{builder-1_skw-d2.js → builder-Dn87hy75.js} +7 -8
  9. package/dist/{client-bgSdkFa2.d.ts → client-Bkaw0_PR.d.ts} +1 -1
  10. package/dist/{client-CegPX0Rn.d.cts → client-Cle5j1T1.d.cts} +1 -1
  11. package/dist/{client-D5CBsPrc.js → client-D6-5okV1.js} +1 -1
  12. package/dist/compat/mod.d.cts +11 -11
  13. package/dist/compat/mod.d.ts +12 -12
  14. package/dist/compat/transformers.test.js +20 -20
  15. package/dist/{context-DiqjMRef.d.cts → context-BOYzcFSe.d.cts} +130 -97
  16. package/dist/{context-DBKpNBnc.d.ts → context-DqFifMwj.d.ts} +131 -98
  17. package/dist/{authdocloader-DYTNpaMA.js → docloader-B2BFBGqv.js} +18 -8
  18. package/dist/{esm-Dl5T1RNE.js → esm-CU0Dnk7T.js} +11 -11
  19. package/dist/federation/builder.test.js +8 -10
  20. package/dist/federation/collection.test.js +7 -9
  21. package/dist/federation/handler.test.js +25 -26
  22. package/dist/federation/idempotency.test.js +25 -26
  23. package/dist/federation/inbox.test.js +4 -6
  24. package/dist/federation/keycache.test.js +3 -4
  25. package/dist/federation/kv.test.js +6 -8
  26. package/dist/federation/middleware.test.js +26 -27
  27. package/dist/federation/mod.cjs +10 -11
  28. package/dist/federation/mod.d.cts +11 -11
  29. package/dist/federation/mod.d.ts +13 -13
  30. package/dist/federation/mod.js +10 -11
  31. package/dist/federation/mq.test.js +8 -10
  32. package/dist/federation/negotiation.test.js +7 -9
  33. package/dist/federation/retry.test.js +4 -5
  34. package/dist/federation/router.test.js +6 -8
  35. package/dist/federation/send.test.js +13 -15
  36. package/dist/{http-D-e6AFwR.d.cts → http-B6SKO6NJ.d.cts} +2 -2
  37. package/dist/{http-D6Uj2x2y.d.ts → http-BE7aFuqn.d.ts} +2 -2
  38. package/dist/{http-CAusBl_3.cjs → http-DMsjudj8.cjs} +289 -9
  39. package/dist/{http-CuS-d4U0.js → http-DN0v2zoF.js} +2 -2
  40. package/dist/{http-C_Qc2neP.js → http-DcDb8r1W.js} +256 -6
  41. package/dist/{inbox-IETv_Qez.js → inbox-CgGy7Hzc.js} +1 -1
  42. package/dist/{key-DnqhSgAv.js → key-jSvnymAk.js} +3 -2
  43. package/dist/{keycache-CSBkusP8.js → keycache-IVLjlAK9.js} +1 -1
  44. package/dist/{keys-D3_MDK7n.js → keys-BKM2Mqu2.js} +2 -1
  45. package/dist/{docloader-CYnQRIXv.cjs → kv-cache-BHIupktM.cjs} +69 -651
  46. package/dist/kv-cache-DNvS-egZ.js +4236 -0
  47. package/dist/{docloader-Czl3xV10.js → kv-cache-ydIs4Ul6.js} +68 -596
  48. package/dist/{ld-Isot0tiW.js → ld-CcsryBo0.js} +3 -2
  49. package/dist/{lookup-Dhm78GlK.js → lookup-BV3A9Zbc.js} +63 -2
  50. package/dist/{type-DaUr3Il7.js → lookup-BbEekiru.js} +588 -5303
  51. package/dist/{lookup-D6dro5Au.cjs → lookup-CMAGfQ1Q.cjs} +78 -5
  52. package/dist/{middleware-BuHr2fzh.js → middleware-D-vPitR-.js} +37 -38
  53. package/dist/{middleware-DQYscW90.js → middleware-Dm8sXYUr.js} +40 -40
  54. package/dist/middleware-DzA970CF.js +16 -0
  55. package/dist/middleware-VpoC5jyA.js +26 -0
  56. package/dist/middleware-W_-inBoE.cjs +16 -0
  57. package/dist/{middleware-Dgmdgrvb.cjs → middleware-ekn2KaOw.cjs} +57 -58
  58. package/dist/{mod-CxkWO3Mg.d.cts → mod--K7l84wp.d.cts} +3 -2
  59. package/dist/{mod-DBzN0aCM.d.ts → mod-CB80AlIA.d.ts} +1 -1
  60. package/dist/mod-CLKu6Uo_.d.cts +107 -0
  61. package/dist/{mod-Djzcw2ry.d.cts → mod-COlOrmr9.d.cts} +3 -3
  62. package/dist/{mod-DlU8ISoa.d.ts → mod-CRENK2dd.d.ts} +3 -2
  63. package/dist/{mod-D_y2y32N.d.ts → mod-CaWbCg0N.d.ts} +2 -2
  64. package/dist/mod-Cm97bAiT.d.ts +109 -0
  65. package/dist/{mod-Bpb5QLaZ.d.cts → mod-D9XZsft2.d.cts} +2 -2
  66. package/dist/{mod-BhUKmBJD.d.ts → mod-DLIidI_j.d.ts} +3 -3
  67. package/dist/{mod-jQ4OODsl.d.cts → mod-DuclhZjh.d.cts} +1 -1
  68. package/dist/mod.cjs +21 -32
  69. package/dist/mod.d.cts +14 -14
  70. package/dist/mod.d.ts +17 -17
  71. package/dist/mod.js +15 -16
  72. package/dist/nodeinfo/client.test.js +8 -10
  73. package/dist/nodeinfo/handler.test.js +24 -25
  74. package/dist/nodeinfo/mod.cjs +3 -3
  75. package/dist/nodeinfo/mod.d.cts +2 -3
  76. package/dist/nodeinfo/mod.d.ts +3 -4
  77. package/dist/nodeinfo/mod.js +3 -3
  78. package/dist/nodeinfo/types.test.js +7 -9
  79. package/dist/{owner-hd9lvQcP.d.ts → owner-CktUdA0h.d.ts} +3 -3
  80. package/dist/{owner-BN_tO3cY.d.cts → owner-dkg5OpSC.d.cts} +3 -3
  81. package/dist/{owner-ChSL4aJ7.js → owner-n5c_oZ_M.js} +3 -2
  82. package/dist/{proof-BiSCuwyA.js → proof-CLwByIT1.js} +5 -4
  83. package/dist/{proof-ONNmhInb.cjs → proof-CZfrp13P.cjs} +17 -16
  84. package/dist/{proof-x3IBewan.js → proof-CsFR7fiS.js} +2 -2
  85. package/dist/request-BbHkedIU.d.cts +35 -0
  86. package/dist/request-DKGQaofB.js +184 -0
  87. package/dist/request-U1t6zZtk.d.ts +39 -0
  88. package/dist/request-XHWUW2bi.cjs +208 -0
  89. package/dist/{send-D5fjmUEj.js → send-eW9JIzQV.js} +2 -2
  90. package/dist/sig/http.test.js +12 -13
  91. package/dist/sig/key.test.js +9 -11
  92. package/dist/sig/ld.test.js +8 -10
  93. package/dist/sig/mod.cjs +10 -11
  94. package/dist/sig/mod.d.cts +6 -7
  95. package/dist/sig/mod.d.ts +6 -7
  96. package/dist/sig/mod.js +6 -7
  97. package/dist/sig/owner.test.js +10 -12
  98. package/dist/sig/proof.test.js +13 -14
  99. package/dist/testing/docloader.test.js +6 -8
  100. package/dist/testing/mod.d.ts +122 -148
  101. package/dist/testing/mod.js +2 -3
  102. package/dist/{testing-tWr1VQxx.js → testing-ClYSmXdi.js} +1 -2
  103. package/dist/{types-D2Nyz0tR.cjs → types-BT0xc4-R.cjs} +3 -3
  104. package/dist/{types-DQuSDtDg.js → types-DaPoJTSc.js} +1 -1
  105. package/dist/{runtime/authdocloader.test.js → utils/docloader.test.js} +13 -15
  106. package/dist/utils/kv-cache.test.js +208 -0
  107. package/dist/utils/mod.cjs +14 -0
  108. package/dist/utils/mod.d.cts +6 -0
  109. package/dist/utils/mod.d.ts +8 -0
  110. package/dist/utils/mod.js +12 -0
  111. package/dist/utils/request.test.js +48 -0
  112. package/dist/utils/url.test.js +41 -0
  113. package/dist/vocab/actor.test.js +8 -10
  114. package/dist/vocab/lookup.test.js +7 -9
  115. package/dist/vocab/mod.cjs +4 -4
  116. package/dist/vocab/mod.d.cts +4 -5
  117. package/dist/vocab/mod.d.ts +4 -5
  118. package/dist/vocab/mod.js +4 -4
  119. package/dist/vocab/type.test.js +2 -3
  120. package/dist/vocab/vocab.test.js +9 -10
  121. package/dist/{vocab-Dd4VMrr0.cjs → vocab-CxTuoEVd.cjs} +6 -5
  122. package/dist/{vocab-Dw1-yVGg.d.cts → vocab-DCBw44JZ.d.cts} +2 -21
  123. package/dist/{vocab-BI0Ak5lL.d.ts → vocab-ivDKb439.d.ts} +2 -21
  124. package/dist/{vocab-w--qk7HF.js → vocab-yFT-fQBj.js} +4 -3
  125. package/dist/webfinger/handler.test.js +24 -25
  126. package/dist/webfinger/lookup.test.js +7 -9
  127. package/dist/webfinger/mod.cjs +3 -3
  128. package/dist/webfinger/mod.d.cts +2 -3
  129. package/dist/webfinger/mod.d.ts +2 -3
  130. package/dist/webfinger/mod.js +3 -3
  131. package/dist/x/cfworkers.d.cts +1 -1
  132. package/dist/x/cfworkers.d.ts +2 -2
  133. package/dist/x/cfworkers.test.js +6 -8
  134. package/dist/x/hono.d.cts +10 -10
  135. package/dist/x/hono.d.ts +11 -11
  136. package/dist/x/sveltekit.d.cts +10 -10
  137. package/dist/x/sveltekit.d.ts +11 -11
  138. package/package.json +16 -14
  139. package/dist/assert_throws-BOO88avQ.js +0 -39
  140. package/dist/authdocloader-Cv_qEn1G.js +0 -52
  141. package/dist/authdocloader-bsmVF6eO.cjs +0 -58
  142. package/dist/docloader-CxWcuWqQ.d.ts +0 -221
  143. package/dist/docloader-D-MrRyHl.d.cts +0 -219
  144. package/dist/key-BNJQQm3h.js +0 -260
  145. package/dist/key-C_ruQbbl.js +0 -10
  146. package/dist/key-DIMJMxf4.cjs +0 -10
  147. package/dist/key-DpFjiItf.js +0 -10
  148. package/dist/key-DuXv64tg.cjs +0 -290
  149. package/dist/lookup-CbtuFbtg.js +0 -331
  150. package/dist/middleware-BpR6186a.js +0 -26
  151. package/dist/middleware-DDMxdtWM.cjs +0 -17
  152. package/dist/middleware-T-knSMwl.js +0 -17
  153. package/dist/mod-CerN_Sza.d.ts +0 -104
  154. package/dist/mod-Cj1tHXBR.d.cts +0 -102
  155. package/dist/runtime/docloader.test.js +0 -522
  156. package/dist/runtime/key.test.js +0 -103
  157. package/dist/runtime/langstr.test.d.ts +0 -3
  158. package/dist/runtime/langstr.test.js +0 -39
  159. package/dist/runtime/link.test.d.ts +0 -3
  160. package/dist/runtime/link.test.js +0 -61
  161. package/dist/runtime/mod.cjs +0 -25
  162. package/dist/runtime/mod.d.cts +0 -6
  163. package/dist/runtime/mod.d.ts +0 -8
  164. package/dist/runtime/mod.js +0 -13
  165. package/dist/runtime/multibase/multibase.test.d.ts +0 -3
  166. package/dist/runtime/multibase/multibase.test.js +0 -358
  167. package/dist/runtime/url.test.js +0 -45
  168. /package/dist/{assert_not_equals-f3m3epl3.js → assert_not_equals-C80BG-_5.js} +0 -0
  169. /package/dist/{collection-CcnIw1qY.js → collection-BzWsN9pB.js} +0 -0
  170. /package/dist/{denokv-Bv33Xxea.js → denokv-CCssOzMJ.js} +0 -0
  171. /package/dist/{federation-H2_En3j5.cjs → federation-DOuZpcAw.cjs} +0 -0
  172. /package/dist/{federation-D1U8YY9t.js → federation-pZJsapBn.js} +0 -0
  173. /package/dist/{kv-63Cil1MD.d.cts → kv-BMKIFXNW.d.cts} +0 -0
  174. /package/dist/{kv-C7sopW2E.d.ts → kv-Dt06smFt.d.ts} +0 -0
  175. /package/dist/{mod-1pDWKvUL.d.ts → mod-B-ZQqbGe.d.ts} +0 -0
  176. /package/dist/{mod-g0xFzAP9.d.ts → mod-CjsiSl7_.d.ts} +0 -0
  177. /package/dist/{mq-CRGm1e_F.d.ts → mq-CPRJk4mZ.d.ts} +0 -0
  178. /package/dist/{negotiation-5NPJL6zp.js → negotiation-C4nFufNk.js} +0 -0
  179. /package/dist/{nodeinfo-DfycQ8Wf.js → nodeinfo-B0UefMXO.js} +0 -0
  180. /package/dist/{nodeinfo-Co9lJrWl.cjs → nodeinfo-ByTd7HpT.cjs} +0 -0
  181. /package/dist/{retry-D4GJ670a.js → retry-CfF8Gn4d.js} +0 -0
  182. /package/dist/{runtime-C58AJWSv.cjs → sig-DE_NC_VQ.cjs} +0 -0
  183. /package/dist/{runtime-DPYEDf-o.js → sig-Dx59zAgn.js} +0 -0
  184. /package/dist/{std__assert-X-_kMxKM.js → std__assert-DWivtrGR.js} +0 -0
  185. /package/dist/{types-BSuWJsOm.js → types-C2XVl6gj.js} +0 -0
  186. /package/dist/{runtime → utils}/docloader.test.d.ts +0 -0
  187. /package/dist/{runtime/authdocloader.test.d.ts → utils/kv-cache.test.d.ts} +0 -0
  188. /package/dist/{runtime/key.test.d.ts → utils/request.test.d.ts} +0 -0
  189. /package/dist/{runtime → utils}/url.test.d.ts +0 -0
  190. /package/dist/{sig-ByHXzqUi.cjs → utils-B6yXfxAQ.cjs} +0 -0
  191. /package/dist/{sig-Cj3tk-ig.js → utils-BXMGcmqK.js} +0 -0
  192. /package/dist/{webfinger-BjOEdFPs.cjs → webfinger-C949bxcD.cjs} +0 -0
  193. /package/dist/{webfinger-De_bU0iE.js → webfinger-qG8R5jc3.js} +0 -0
package/dist/{ld-Isot0tiW.js → ld-CcsryBo0.js} RENAMED
@@ -3,8 +3,9 @@
3
3
  import { URLPattern } from "urlpattern-polyfill";
4
4
  globalThis.addEventListener = () => {};
5
5
 
6
- import { Activity, CryptographicKey, Object as Object$1, deno_default, getDocumentLoader, getTypeId } from "./type-DaUr3Il7.js";
7
- import { fetchKey, validateCryptoKey } from "./key-DnqhSgAv.js";
6
+ import { Activity, CryptographicKey, Object as Object$1, deno_default, getTypeId } from "./lookup-BbEekiru.js";
7
+ import { fetchKey, validateCryptoKey } from "./key-jSvnymAk.js";
8
+ import { getDocumentLoader } from "@fedify/vocab-runtime";
8
9
  import { getLogger } from "@logtape/logtape";
9
10
  import { SpanStatusCode, trace } from "@opentelemetry/api";
10
11
  import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
package/dist/{lookup-Dhm78GlK.js → lookup-BV3A9Zbc.js} RENAMED
@@ -2,10 +2,71 @@
2
2
  import { Temporal } from "@js-temporal/polyfill";
3
3
  import { URLPattern } from "urlpattern-polyfill";
4
4
 
5
- import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-Czl3xV10.js";
5
+ import { deno_default, getUserAgent } from "./request-DKGQaofB.js";
6
6
  import { getLogger } from "@logtape/logtape";
7
7
  import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
8
+ import { lookup } from "node:dns/promises";
9
+ import { isIP } from "node:net";
8
10
 
11
+ //#region src/utils/url.ts
12
+ var UrlError = class extends Error {
13
+ constructor(message) {
14
+ super(message);
15
+ this.name = "UrlError";
16
+ }
17
+ };
18
+ /**
19
+ * Validates a URL to prevent SSRF attacks.
20
+ */
21
+ async function validatePublicUrl(url) {
22
+ const parsed = new URL(url);
23
+ if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new UrlError(`Unsupported protocol: ${parsed.protocol}`);
24
+ let hostname = parsed.hostname;
25
+ if (hostname.startsWith("[") && hostname.endsWith("]")) hostname = hostname.substring(1, hostname.length - 2);
26
+ if (hostname === "localhost") throw new UrlError("Localhost is not allowed");
27
+ if ("Deno" in globalThis && !isIP(hostname)) {
28
+ const netPermission = await Deno.permissions.query({ name: "net" });
29
+ if (netPermission.state !== "granted") return;
30
+ }
31
+ if ("Bun" in globalThis) {
32
+ if (hostname === "example.com" || hostname.endsWith(".example.com")) return;
33
+ else if (hostname === "fedify-test.internal") throw new UrlError("Invalid or private address: fedify-test.internal");
34
+ }
35
+ let addresses;
36
+ try {
37
+ addresses = await lookup(hostname, { all: true });
38
+ } catch {
39
+ addresses = [];
40
+ }
41
+ for (const { address, family } of addresses) if (family === 4 && !isValidPublicIPv4Address(address) || family === 6 && !isValidPublicIPv6Address(address) || family < 4 || family === 5 || family > 6) throw new UrlError(`Invalid or private address: ${address}`);
42
+ }
43
+ function isValidPublicIPv4Address(address) {
44
+ const parts = address.split(".");
45
+ const first = parseInt(parts[0]);
46
+ if (first === 0 || first === 10 || first === 127) return false;
47
+ const second = parseInt(parts[1]);
48
+ if (first === 169 && second === 254) return false;
49
+ if (first === 172 && second >= 16 && second <= 31) return false;
50
+ if (first === 192 && second === 168) return false;
51
+ return true;
52
+ }
53
+ function isValidPublicIPv6Address(address) {
54
+ address = expandIPv6Address(address);
55
+ if (address.at(4) !== ":") return false;
56
+ const firstWord = parseInt(address.substring(0, 4), 16);
57
+ return !(firstWord >= 64512 && firstWord <= 65023 || firstWord >= 65152 && firstWord <= 65215 || firstWord === 0 || firstWord >= 65280);
58
+ }
59
+ function expandIPv6Address(address) {
60
+ address = address.toLowerCase();
61
+ if (address === "::") return "0000:0000:0000:0000:0000:0000:0000:0000";
62
+ if (address.startsWith("::")) address = "0000" + address;
63
+ if (address.endsWith("::")) address = address + "0000";
64
+ address = address.replace("::", ":0000".repeat(8 - (address.match(/:/g) || []).length) + ":");
65
+ const parts = address.split(":");
66
+ return parts.map((part) => part.padStart(4, "0")).join(":");
67
+ }
68
+
69
+ //#endregion
9
70
  //#region src/webfinger/lookup.ts
10
71
  const logger = getLogger([
11
72
  "fedify",
@@ -128,4 +189,4 @@ async function lookupWebFingerInternal(resource, options = {}) {
128
189
  }
129
190
 
130
191
  //#endregion
131
- export { lookupWebFinger };
192
+ export { UrlError, lookupWebFinger, validatePublicUrl };