@fedify/fedify 2.0.7 → 2.0.9

package/dist/federation/{webfinger.test.js → webfinger.test.mjs}

@@ -1,50 +1,23 @@
-
-      import { Temporal } from "@js-temporal/polyfill";
-      import { URLPattern } from "urlpattern-polyfill";
-      globalThis.addEventListener = () => {};
-    
-import { assertEquals } from "../assert_equals-DSbWqCm3.js";
-import "../assert-MZs1qjMx.js";
-import "../assert_instance_of-DHz7EHNU.js";
-import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-CbQK8e-e.js";
-import { createFederation, handleWebFinger } from "../middleware-BI1VCuPT.js";
-import "../client-CoCIaTNO.js";
-import "../router-D9eI0s4b.js";
-import "../types-CPz01LGH.js";
-import "../key-Cga1p73u.js";
-import "../http-CjaLjnRN.js";
-import "../ld-BWSOukKj.js";
-import "../owner-HASxJJP1.js";
-import "../proof-BXt2Oi8t.js";
-import "../docloader-CJeSPcS_.js";
-import "../kv-cache-El7We5sy.js";
-import "../inbox-B33isX44.js";
-import "../builder-DA7Qgx_F.js";
-import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
-import "../negotiation-5NPJL6zp.js";
-import "../retry-D4GJ670a.js";
-import "../send-BF3omx5-.js";
-import "../std__assert-DWivtrGR.js";
-import "../assert_rejects-Ce45JcFg.js";
-import "../assert_throws-BNXdRGWP.js";
-import "../assert_not_equals-C80BG-_5.js";
-import { createRequestContext } from "../context-pa9aIrwp.js";
+import "@js-temporal/polyfill";
+import "urlpattern-polyfill";
+globalThis.addEventListener = () => {};
+import { n as createRequestContext } from "../context-Juj6bdHC.mjs";
+import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
+import "../std__assert-Duiq_YC9.mjs";
+import { t as MemoryKvStore } from "../kv-BrZHNugx.mjs";
+import { a as createFederation, o as handleWebFinger } from "../middleware-DoHz9oIo.mjs";
 import { test } from "@fedify/fixture";
 import { Image, Link, Person } from "@fedify/vocab";
-
 //#region src/federation/webfinger.test.ts
 test("handleWebFinger()", async (t) => {
 	const url = new URL("https://example.com/.well-known/webfinger");
-	function createContext(url$1) {
-		const federation = createFederation({ kv: new MemoryKvStore() });
+	function createContext(url) {
 		const context = createRequestContext({
-			federation,
-			url: url$1,
+			federation: createFederation({ kv: new MemoryKvStore() }),
+			url,
 			data: void 0,
 			getActorUri(identifier) {
-				return new URL(`${url$1.origin}/users/${identifier}`);
+				return new URL(`${url.origin}/users/${identifier}`);
 			},
 			async getActor(handle) {
 				return await actorDispatcher(context, handle);
@@ -54,10 +27,9 @@ test("handleWebFinger()", async (t) => {
 				if (uri.protocol === "acct:") return null;
 				if (!uri.pathname.startsWith("/users/")) return null;
 				const paths = uri.pathname.split("/");
-				const identifier = paths[paths.length - 1];
 				return {
 					type: "actor",
-					identifier
+					identifier: paths[paths.length - 1]
 				};
 			}
 		});
@@ -89,11 +61,10 @@ test("handleWebFinger()", async (t) => {
 	await t.step("no actor dispatcher", async () => {
 		const context = createContext(url);
 		const request = context.request;
-		const response = await handleWebFinger(request, {
+		assertEquals((await handleWebFinger(request, {
 			context,
 			onNotFound
-		});
-		assertEquals(response.status, 404);
+		})).status, 404);
 		assertEquals(onNotFoundCalled, request);
 	});
 	onNotFoundCalled = null;
@@ -113,8 +84,7 @@ test("handleWebFinger()", async (t) => {
 		const u = new URL(url);
 		u.searchParams.set("resource", " invalid ");
 		const context = createContext(u);
-		const request = new Request(u);
-		const response = await handleWebFinger(request, {
+		const response = await handleWebFinger(new Request(u), {
 			context,
 			actorDispatcher,
 			onNotFound
@@ -220,12 +190,11 @@ test("handleWebFinger()", async (t) => {
 		u.searchParams.set("resource", "acct:no-one@example.com");
 		const context = createContext(u);
 		const request = context.request;
-		const response = await handleWebFinger(request, {
+		assertEquals((await handleWebFinger(request, {
 			context,
 			actorDispatcher,
 			onNotFound
-		});
-		assertEquals(response.status, 404);
+		})).status, 404);
 		assertEquals(onNotFoundCalled, request);
 	});
 	onNotFoundCalled = null;
@@ -521,16 +490,14 @@ test("handleWebFinger()", async (t) => {
 			onNotFound
 		});
 		assertEquals(response.status, 200);
-		const result = await response.json();
-		const expectedWithCustomLinks = {
+		assertEquals(await response.json(), {
 			...expected,
 			links: [...expected.links, {
 				rel: "http://ostatus.org/schema/1.0/subscribe",
 				template: "https://example.com/follow?acct={uri}"
 			}]
-		};
-		assertEquals(result, expectedWithCustomLinks);
+		});
 	});
 });
-
-//#endregion
+//#endregion
+export {};

package/dist/{http-DkHdFfrc.d.ts → http-B2wiNmSo.d.ts}

@@ -5,7 +5,6 @@ import { TracerProvider } from "@opentelemetry/api";
 import { DocumentLoader } from "@fedify/vocab-runtime";
 
 //#region src/sig/key.d.ts
-
 /**
 * Generates a key pair which is appropriate for Fedify.
 * @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
@@ -238,9 +237,5 @@ interface HttpMessageSignaturesSpecDeterminer {
   */
   rememberSpec(origin: string, spec: HttpMessageSignaturesSpec): void | Promise<void>;
 }
-/**
-* The options for double-knock requests.
-* @since 1.6.0
-*/
 //#endregion
-export { FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestOptions, exportJwk, fetchKey, generateCryptoKeyPair, importJwk, signRequest, verifyRequest };
+export { signRequest as a, FetchKeyResult as c, fetchKey as d, generateCryptoKeyPair as f, VerifyRequestOptions as i, KeyCache as l, HttpMessageSignaturesSpecDeterminer as n, verifyRequest as o, importJwk as p, SignRequestOptions as r, FetchKeyOptions as s, HttpMessageSignaturesSpec as t, exportJwk as u };

package/dist/{http-B3vAjAtl.js → http-Bz7avX57.js}

@@ -1,130 +1,16 @@
-
-          import { Temporal } from "@js-temporal/polyfill";
-          import { URLPattern } from "urlpattern-polyfill";
-        
+import { Temporal } from "@js-temporal/polyfill";
+import "urlpattern-polyfill";
 import { getLogger } from "@logtape/logtape";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { encodeHex } from "byte-encodings/hex";
+import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
 import { Item, decodeDict, encodeItem } from "structured-field-values";
-import { getDocumentLoader } from "@fedify/vocab-runtime";
-
 //#region deno.json
 var name = "@fedify/fedify";
-var version = "2.0.7";
-var license = "MIT";
-var exports = {
-	".": "./src/mod.ts",
-	"./compat": "./src/compat/mod.ts",
-	"./federation": "./src/federation/mod.ts",
-	"./nodeinfo": "./src/nodeinfo/mod.ts",
-	"./otel": "./src/otel/mod.ts",
-	"./runtime": "./src/runtime/mod.ts",
-	"./sig": "./src/sig/mod.ts",
-	"./utils": "./src/utils/mod.ts",
-	"./vocab": "./src/vocab/mod.ts"
-};
-var imports = {
-	"@multiformats/base-x": "npm:@multiformats/base-x@^4.0.1",
-	"@std/assert": "jsr:@std/assert@^0.226.0",
-	"@std/url": "jsr:@std/url@^0.225.1",
-	"asn1js": "npm:asn1js@^3.0.7",
-	"fast-check": "npm:fast-check@^3.22.0",
-	"fetch-mock": "npm:fetch-mock@^12.5.2",
-	"json-canon": "npm:json-canon@^1.0.1",
-	"jsonld": "npm:jsonld@^9.0.0",
-	"pkijs": "npm:pkijs@^3.3.3",
-	"structured-field-values": "npm:structured-field-values@^2.0.4",
-	"uri-template-router": "npm:uri-template-router@^1.0.0",
-	"url-template": "npm:url-template@^3.1.1"
-};
-var exclude = [
-	".test-report.xml",
-	"apidoc/",
-	"dist/",
-	"node_modules/",
-	"npm/",
-	"pnpm-lock.yaml",
-	"src/cfworkers/dist/",
-	"src/cfworkers/fixtures/",
-	"src/cfworkers/imports.ts",
-	"src/cfworkers/README.md",
-	"src/cfworkers/server.ts",
-	"src/cfworkers/server.js",
-	"src/cfworkers/server.js.map"
-];
-var publish = { "exclude": [
-	"**/*.test.ts",
-	"src/testing/",
-	"tsdown.config.ts",
-	"scripts/",
-	"wrangler.toml"
-] };
-var tasks = {
-	"codegen": "deno task -f @fedify/vocab compile",
-	"cache": {
-		"command": "deno cache src/mod.ts",
-		"dependencies": ["codegen"]
-	},
-	"check": {
-		"command": "deno fmt --check && deno lint && deno check src/**/*.ts",
-		"dependencies": ["codegen"]
-	},
-	"test": {
-		"command": "deno test --check --doc --allow-read --allow-write --allow-env --unstable-kv --trace-leaks --parallel",
-		"dependencies": ["codegen"]
-	},
-	"coverage": "deno task test --clean --coverage && deno coverage --html coverage",
-	"bench": {
-		"command": "deno bench --allow-read --allow-write --allow-net --allow-env --allow-run --unstable-kv",
-		"dependencies": ["codegen"]
-	},
-	"apidoc": {
-		"command": "deno doc --html --name=Fedify --output=apidoc/ src/mod.ts",
-		"dependencies": ["codegen"]
-	},
-	"publish": {
-		"command": "deno publish",
-		"dependencies": ["codegen"]
-	},
-	"pnpm:install": "pnpm install --silent",
-	"pnpm:build": {
-		"command": "pnpm exec tsdown",
-		"dependencies": ["pnpm:build-vocab"]
-	},
-	"test:node": {
-		"command": "cd dist/ && node --test",
-		"dependencies": ["pnpm:build"]
-	},
-	"test:bun": {
-		"command": "cd dist/ && bun test --timeout 60000",
-		"dependencies": ["pnpm:build"]
-	},
-	"test:cfworkers": {
-		"command": "pnpm exec wrangler deploy --dry-run --outdir src/cfworkers && node --import=tsx src/cfworkers/client.ts",
-		"dependencies": ["pnpm:build"]
-	},
-	"test-all": { "dependencies": [
-		"check",
-		"test",
-		"test:node",
-		"test:bun",
-		"test:cfworkers"
-	] }
-};
-var deno_default = {
-	name,
-	version,
-	license,
-	exports,
-	imports,
-	exclude,
-	publish,
-	tasks
-};
-
+var version = "2.0.9";
 //#endregion
 //#region src/sig/key.ts
 /**
@@ -140,8 +26,7 @@ function validateCryptoKey(key, type) {
 	if (!key.extractable) throw new TypeError("The key is not extractable.");
 	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
 	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
-		const algorithm = key.algorithm;
-		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+		if (key.algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
 	}
 }
 /**
@@ -220,8 +105,7 @@ async function importJwk(jwk, type) {
 * @since 1.3.0
 */
 function fetchKey(keyId, cls, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	const tracer = (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version);
 	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
 	return tracer.startActiveSpan("activitypub.fetch_key", {
 		kind: SpanKind.CLIENT,
@@ -277,8 +161,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
 	let document;
 	try {
-		const remoteDocument = await (documentLoader ?? getDocumentLoader())(keyId);
-		document = remoteDocument.document;
+		document = (await (documentLoader ?? getDocumentLoader())(keyId)).document;
 	} catch (_) {
 		logger.debug("Failed to fetch key {keyId}.", { keyId });
 		await keyCache?.set(cacheKey, null);
@@ -302,8 +185,8 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 				contextLoader,
 				tracerProvider
 			});
-		} catch (e$1) {
-			if (e$1 instanceof TypeError) {
+		} catch (e) {
+			if (e instanceof TypeError) {
 				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
 				await keyCache?.set(cacheKey, null);
 				return {
@@ -311,7 +194,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 					cached: false
 				};
 			}
-			throw e$1;
+			throw e;
 		}
 	}
 	let key = null;
@@ -374,9 +257,9 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 		cached: false
 	};
 }
-
 //#endregion
 //#region src/sig/http.ts
+const DEFAULT_MAX_REDIRECTION = 20;
 /**
 * Signs a request using the given private key.
 * @param request The request to sign.
@@ -388,9 +271,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 */
 async function signRequest(request, privateKey, keyId, options = {}) {
 	validateCryptoKey(privateKey, "private");
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.sign", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.sign", async (span) => {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
 			let signed;
@@ -399,7 +280,7 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 			if (span.isRecording()) {
 				span.setAttribute(ATTR_HTTP_REQUEST_METHOD, signed.method);
 				span.setAttribute(ATTR_URL_FULL, signed.url);
-				for (const [name$1, value] of signed.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name$1), value);
+				for (const [name, value] of signed.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name), value);
 				span.setAttribute("http_signatures.key_id", keyId.href);
 			}
 			return signed;
@@ -427,8 +308,8 @@ async function signRequestDraft(request, privateKey, keyId, span, currentTime, b
 	}
 	if (!headers.has("Date")) headers.set("Date", currentTime == null ? (/* @__PURE__ */ new Date()).toUTCString() : new Date(currentTime.toString()).toUTCString());
 	const serialized = [["(request-target)", `${request.method.toLowerCase()} ${url.pathname}`], ...headers];
-	const headerNames = serialized.map(([name$1]) => name$1);
-	const message = serialized.map(([name$1, value]) => `${name$1}: ${value.trim()}`).join("\n");
+	const headerNames = serialized.map(([name]) => name);
+	const message = serialized.map(([name, value]) => `${name}: ${value.trim()}`).join("\n");
 	const signature = await crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(message));
 	const sigHeader = `keyId="${keyId.href}",algorithm="rsa-sha256",headers="${headerNames.join(" ")}",signature="${encodeBase64(signature)}"`;
 	headers.set("Signature", sigHeader);
@@ -485,9 +366,7 @@ function createRfc9421SignatureBase(request, components, parameters) {
 * @returns The formatted signature string.
 */
 function formatRfc9421Signature(signature, components, parameters) {
-	const signatureInputValue = `sig1=("${components.join("\" \"")}");${parameters}`;
-	const signatureValue = `sig1=:${encodeBase64(signature)}:`;
-	return [signatureInputValue, signatureValue];
+	return [`sig1=("${components.join("\" \"")}");${parameters}`, `sig1=:${encodeBase64(signature)}:`];
 }
 /**
 * Parse RFC 9421 Signature-Input header.
@@ -617,13 +496,11 @@ const supportedHashAlgorithms = {
 *          could not be verified.
 */
 async function verifyRequest(request, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	return await tracer.startActiveSpan("http_signatures.verify", async (span) => {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("http_signatures.verify", async (span) => {
 		if (span.isRecording()) {
 			span.setAttribute(ATTR_HTTP_REQUEST_METHOD, request.method);
 			span.setAttribute(ATTR_URL_FULL, request.url);
-			for (const [name$1, value] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name$1), value);
+			for (const [name, value] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(name), value);
 		}
 		try {
 			let spec = options.spec;
@@ -806,11 +683,10 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 		logger.debug("Failed to verify; required headers missing in the Signature header: {headers}.", { headers });
 		return null;
 	}
-	const message = headerNames.map((name$1) => `${name$1}: ` + (name$1 === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name$1 === "(created)" ? sigValues.created ?? "" : name$1 === "(expires)" ? sigValues.expires ?? "" : name$1 === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name$1))).join("\n");
+	const message = headerNames.map((name) => `${name}: ` + (name === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name === "(created)" ? sigValues.created ?? "" : name === "(expires)" ? sigValues.expires ?? "" : name === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name))).join("\n");
 	const sig = decodeBase64(signature);
 	span?.setAttribute("http_signatures.signature", encodeHex(sig));
-	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message));
-	if (!verified) {
+	if (!await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message))) {
 		if (cached) {
 			logger.debug("Failed to verify with the cached key {keyId}; signature {signature} is invalid.  Retrying with the freshly fetched key...", {
 				keyId,
@@ -824,7 +700,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 				currentTime,
 				keyCache: {
 					get: () => Promise.resolve(void 0),
-					set: async (keyId$1, key$1) => await keyCache?.set(keyId$1, key$1)
+					set: async (keyId, key) => await keyCache?.set(keyId, key)
 				}
 			});
 		}
@@ -974,9 +850,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 				logger.debug("Failed to verify; Content-Digest header required but not found.", { components: sigInput.components });
 				continue;
 			}
-			const body = await request.arrayBuffer();
-			const digestValid = await verifyRfc9421ContentDigest(contentDigestHeader, body);
-			if (!digestValid) {
+			if (!await verifyRfc9421ContentDigest(contentDigestHeader, await request.arrayBuffer())) {
 				logger.debug("Failed to verify; Content-Digest verification failed.", { contentDigest: contentDigestHeader });
 				continue;
 			}
@@ -1022,8 +896,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 		const signatureBaseBytes = new TextEncoder().encode(signatureBase);
 		span?.setAttribute("http_signatures.signature", encodeHex(sigBytes));
 		try {
-			const verified = await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes);
-			if (verified) {
+			if (await crypto.subtle.verify(algorithm, key.publicKey, sigBytes.slice(), signatureBaseBytes)) {
 				validKey = key;
 				break;
 			} else if (cached) {
@@ -1035,7 +908,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 					currentTime,
 					keyCache: {
 						get: () => Promise.resolve(void 0),
-						set: async (keyId, key$1) => await keyCache?.set(keyId, key$1)
+						set: async (keyId, key) => await keyCache?.set(keyId, key)
 					},
 					spec: "rfc9421"
 				});
@@ -1088,7 +961,11 @@ function createRedirectRequest(request, location, body) {
 * @since 1.6.0
 */
 async function doubleKnock(request, identity, options = {}) {
+	return await doubleKnockInternal(request, identity, options);
+}
+async function doubleKnockInternal(request, identity, options, redirected = 0, visited = /* @__PURE__ */ new Set()) {
 	const { specDeterminer, log, tracerProvider, signal } = options;
+	visited.add(request.url);
 	const origin = new URL(request.url).origin;
 	const firstTrySpec = specDeterminer == null ? "rfc9421" : await specDeterminer.determineSpec(origin);
 	const body = options.body !== void 0 ? options.body : request.method !== "GET" && request.method !== "HEAD" ? await request.clone().arrayBuffer() : null;
@@ -1103,11 +980,13 @@ async function doubleKnock(request, identity, options = {}) {
 		signal
 	});
 	if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
-		const location = response.headers.get("Location");
-		return doubleKnock(createRedirectRequest(request, location, body), identity, {
+		if (redirected >= DEFAULT_MAX_REDIRECTION) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
+		const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
+		if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
+		return doubleKnockInternal(redirectRequest, identity, {
 			...options,
 			body
-		});
+		}, redirected + 1, visited);
 	} else if (response.status === 400 || response.status === 401 || response.status > 401) {
 		const spec = firstTrySpec === "draft-cavage-http-signatures-12" ? "rfc9421" : "draft-cavage-http-signatures-12";
 		getLogger([
@@ -1131,11 +1010,13 @@ async function doubleKnock(request, identity, options = {}) {
 			signal
 		});
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
-			const location = response.headers.get("Location");
-			return doubleKnock(createRedirectRequest(request, location, body), identity, {
+			if (redirected >= DEFAULT_MAX_REDIRECTION) throw new FetchError(request.url, `Too many redirections (${redirected + 1})`);
+			const redirectRequest = createRedirectRequest(request, response.headers.get("Location"), body);
+			if (visited.has(redirectRequest.url)) throw new FetchError(request.url, `Redirect loop detected: ${redirectRequest.url}`);
+			return doubleKnockInternal(redirectRequest, identity, {
 				...options,
 				body
-			});
+			}, redirected + 1, visited);
 		} else if (response.status !== 400 && response.status !== 401) await specDeterminer?.rememberSpec(origin, spec);
 	} else await specDeterminer?.rememberSpec(origin, firstTrySpec);
 	return response;
@@ -1167,6 +1048,5 @@ function timingSafeEqual(a, b) {
 	result |= lenA ^ lenB;
 	return result === 0;
 }
-
 //#endregion
-export { deno_default, doubleKnock, exportJwk, fetchKey, generateCryptoKeyPair, importJwk, signRequest, validateCryptoKey, verifyRequest };
+export { fetchKey as a, validateCryptoKey as c, exportJwk as i, name as l, signRequest as n, generateCryptoKeyPair as o, verifyRequest as r, importJwk as s, doubleKnock as t, version as u };

package/dist/{http-Cz3MlXAZ.d.cts → http-C_tEAiZj.d.cts}

@@ -3,7 +3,6 @@ import { DocumentLoader } from "@fedify/vocab-runtime";
 import { TracerProvider } from "@opentelemetry/api";
 
 //#region src/sig/key.d.ts
-
 /**
 * Generates a key pair which is appropriate for Fedify.
 * @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
@@ -236,9 +235,5 @@ interface HttpMessageSignaturesSpecDeterminer {
   */
   rememberSpec(origin: string, spec: HttpMessageSignaturesSpec): void | Promise<void>;
 }
-/**
-* The options for double-knock requests.
-* @since 1.6.0
-*/
 //#endregion
-export { FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestOptions, exportJwk, fetchKey, generateCryptoKeyPair, importJwk, signRequest, verifyRequest };
+export { signRequest as a, FetchKeyResult as c, fetchKey as d, generateCryptoKeyPair as f, VerifyRequestOptions as i, KeyCache as l, HttpMessageSignaturesSpecDeterminer as n, verifyRequest as o, importJwk as p, SignRequestOptions as r, FetchKeyOptions as s, HttpMessageSignaturesSpec as t, exportJwk as u };