@fedify/fedify 2.1.0-dev.503 → 2.1.0-dev.513

package/dist/{key-DCdTVZiK.js → key-j1AjF3HL.js}

@@ -3,10 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-BYerLnry.js";
+import { deno_default } from "./deno-aj03PJW6.js";
 import { getLogger } from "@logtape/logtape";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
-import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 
 //#region src/sig/key.ts
@@ -89,24 +89,10 @@ async function importJwk(jwk, type) {
 	validateCryptoKey(key, type);
 	return key;
 }
-/**
-* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
-* If the given URL contains an {@link Actor} object, it tries to find
-* the corresponding key in the `publicKey` or `assertionMethod` property.
-* @template T The type of the key to fetch.  Either {@link CryptographicKey}
-*              or {@link Multikey}.
-* @param keyId The URL of the key.
-* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
-*            or {@link Multikey}.
-* @param options Options for fetching the key.  See {@link FetchKeyOptions}.
-* @returns The fetched key or `null` if the key is not found.
-* @since 1.3.0
-*/
-function fetchKey(keyId, cls, options = {}) {
-	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+async function withFetchKeySpan(keyId, tracerProvider, fetcher) {
+	tracerProvider ??= trace.getTracerProvider();
 	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
-	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
-	return tracer.startActiveSpan("activitypub.fetch_key", {
+	return await tracer.startActiveSpan("activitypub.fetch_key", {
 		kind: SpanKind.CLIENT,
 		attributes: {
 			"http.method": "GET",
@@ -119,7 +105,7 @@ function fetchKey(keyId, cls, options = {}) {
 		}
 	}, async (span) => {
 		try {
-			const result = await fetchKeyInternal(keyId, cls, options);
+			const result = await fetcher();
 			span.setAttribute("activitypub.actor.key.cached", result.cached);
 			return result;
 		} catch (e) {
@@ -133,43 +119,105 @@ function fetchKey(keyId, cls, options = {}) {
 		}
 	});
 }
-async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, keyCache, tracerProvider } = {}) {
-	const logger = getLogger([
-		"fedify",
-		"sig",
-		"key"
-	]);
+/**
+* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
+* If the given URL contains an {@link Actor} object, it tries to find
+* the corresponding key in the `publicKey` or `assertionMethod` property.
+* @template T The type of the key to fetch.  Either {@link CryptographicKey}
+*              or {@link Multikey}.
+* @param keyId The URL of the key.
+* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
+*            or {@link Multikey}.
+* @param options Options for fetching the key.  See {@link FetchKeyOptions}.
+* @returns The fetched key or `null` if the key is not found.
+* @since 1.3.0
+*/
+function fetchKey(keyId, cls, options = {}) {
+	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
+	return withFetchKeySpan(keyId, options.tracerProvider, () => fetchKeyInternal(keyId, cls, options));
+}
+/**
+* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL,
+* preserving transport-level fetch failures for callers that need to inspect
+* why the key could not be loaded.
+*
+* @template T The type of the key to fetch.  Either {@link CryptographicKey}
+*              or {@link Multikey}.
+* @param keyId The URL of the key.
+* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
+*            or {@link Multikey}.
+* @param options Options for fetching the key.
+* @returns The fetched key, or detailed fetch failure information.
+* @since 2.1.0
+*/
+async function fetchKeyDetailed(keyId, cls, options = {}) {
 	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
-	keyId = typeof keyId === "string" ? keyId : keyId.href;
-	if (keyCache != null) {
-		const cachedKey = await keyCache.get(cacheKey);
-		if (cachedKey instanceof cls && cachedKey.publicKey != null) {
-			logger.debug("Key {keyId} found in cache.", { keyId });
+	return await withFetchKeySpan(cacheKey, options.tracerProvider, async () => {
+		return await fetchKeyWithResult(cacheKey, cls, options, async (cacheKey$1, keyId$1, keyCache, logger) => {
+			const fetchError = await keyCache?.getFetchError?.(cacheKey$1);
+			if (fetchError != null) {
+				logger.debug("Entry {keyId} found in cache with preserved fetch failure details.", { keyId: keyId$1 });
+				return {
+					key: null,
+					cached: true,
+					fetchError
+				};
+			}
+			logger.debug("Entry {keyId} found in cache, but no fetch failure details are available.", { keyId: keyId$1 });
 			return {
-				key: cachedKey,
+				key: null,
 				cached: true
 			};
-		} else if (cachedKey === null) {
-			logger.debug("Entry {keyId} found in cache, but it is unavailable.", { keyId });
+		}, async (error, cacheKey$1, keyId$1, keyCache, logger) => {
+			logger.debug("Failed to fetch key {keyId}.", {
+				keyId: keyId$1,
+				error
+			});
+			await keyCache?.set(cacheKey$1, null);
+			if (error instanceof FetchError && error.response != null) {
+				const fetchError$1 = {
+					status: error.response.status,
+					response: error.response.clone()
+				};
+				await keyCache?.setFetchError?.(cacheKey$1, fetchError$1);
+				return {
+					key: null,
+					cached: false,
+					fetchError: fetchError$1
+				};
+			}
+			const fetchError = { error: error instanceof Error ? error : new Error(String(error)) };
+			await keyCache?.setFetchError?.(cacheKey$1, fetchError);
 			return {
 				key: null,
-				cached: true
+				cached: false,
+				fetchError
 			};
-		}
-	}
-	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
-	let document;
-	try {
-		const remoteDocument = await (documentLoader ?? getDocumentLoader())(keyId);
-		document = remoteDocument.document;
-	} catch (_) {
-		logger.debug("Failed to fetch key {keyId}.", { keyId });
-		await keyCache?.set(cacheKey, null);
+		});
+	});
+}
+async function getCachedFetchKey(cacheKey, keyId, cls, keyCache, logger) {
+	if (keyCache == null) return null;
+	const cachedKey = await keyCache.get(cacheKey);
+	if (cachedKey instanceof cls && cachedKey.publicKey != null) {
+		logger.debug("Key {keyId} found in cache.", { keyId });
+		return {
+			key: cachedKey,
+			cached: true
+		};
+	} else if (cachedKey === null) {
+		logger.debug("Entry {keyId} found in cache, but it is unavailable.", { keyId });
 		return {
 			key: null,
-			cached: false
+			cached: true
 		};
 	}
+	return null;
+}
+async function clearFetchErrorMetadata(keyId, keyCache) {
+	await keyCache?.setFetchError?.(keyId, null);
+}
+async function resolveFetchedKey(document, cacheKey, keyId, cls, { documentLoader, contextLoader, keyCache, tracerProvider }, logger) {
 	let object;
 	try {
 		object = await Object$1.fromJsonLd(document, {
@@ -189,6 +237,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 			if (e$1 instanceof TypeError) {
 				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
 				await keyCache?.set(cacheKey, null);
+				await clearFetchErrorMetadata(cacheKey, keyCache);
 				return {
 					key: null,
 					cached: false
@@ -227,6 +276,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 				actorType: object.constructor.name
 			});
 			await keyCache?.set(cacheKey, null);
+			await clearFetchErrorMetadata(cacheKey, keyCache);
 			return {
 				key: null,
 				cached: false
@@ -235,6 +285,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 	} else {
 		logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
 		await keyCache?.set(cacheKey, null);
+		await clearFetchErrorMetadata(cacheKey, keyCache);
 		return {
 			key: null,
 			cached: false
@@ -243,6 +294,7 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 	if (key.publicKey == null) {
 		logger.debug("Failed to verify; key {keyId} has no publicKeyPem field.", { keyId });
 		await keyCache?.set(cacheKey, null);
+		await clearFetchErrorMetadata(cacheKey, keyCache);
 		return {
 			key: null,
 			cached: false
@@ -252,11 +304,57 @@ async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, key
 		await keyCache.set(cacheKey, key);
 		logger.debug("Key {keyId} cached.", { keyId });
 	}
+	await clearFetchErrorMetadata(cacheKey, keyCache);
 	return {
 		key,
 		cached: false
 	};
 }
+async function fetchKeyWithResult(cacheKey, cls, options, onCachedUnavailable, onFetchError) {
+	const logger = getLogger([
+		"fedify",
+		"sig",
+		"key"
+	]);
+	const keyId = cacheKey.href;
+	const keyCache = options.keyCache;
+	const cached = await getCachedFetchKey(cacheKey, keyId, cls, keyCache, logger);
+	if (cached?.key === null && cached.cached) return await onCachedUnavailable(cacheKey, keyId, keyCache, logger);
+	if (cached != null) return cached;
+	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
+	let document;
+	try {
+		const remoteDocument = await (options.documentLoader ?? getDocumentLoader())(keyId);
+		document = remoteDocument.document;
+	} catch (error) {
+		return await onFetchError(error, cacheKey, keyId, keyCache, logger);
+	}
+	return await resolveFetchedKey(document, cacheKey, keyId, cls, options, logger);
+}
+async function fetchKeyInternal(keyId, cls, options = {}) {
+	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
+	return await fetchKeyWithResult(cacheKey, cls, options, (_cacheKey, _keyId, _keyCache, _logger) => {
+		return {
+			key: null,
+			cached: true
+		};
+	}, async (error, cacheKey$1, keyId$1, keyCache, logger) => {
+		logger.debug("Failed to fetch key {keyId}.", {
+			keyId: keyId$1,
+			error
+		});
+		await keyCache?.set(cacheKey$1, null);
+		if (error instanceof FetchError && error.response != null) await keyCache?.setFetchError?.(cacheKey$1, {
+			status: error.response.status,
+			response: error.response.clone()
+		});
+		else await keyCache?.setFetchError?.(cacheKey$1, { error: error instanceof Error ? error : new Error(String(error)) });
+		return {
+			key: null,
+			cached: false
+		};
+	});
+}
 
 //#endregion
-export { exportJwk, fetchKey, generateCryptoKeyPair, importJwk, validateCryptoKey };
+export { exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, validateCryptoKey };

package/dist/keycache-C7k8s1Bk.js

@@ -0,0 +1,102 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { CryptographicKey, Multikey } from "@fedify/vocab";
+
+//#region src/federation/keycache.ts
+var KvKeyCache = class {
+	kv;
+	prefix;
+	options;
+	unavailableKeyTtl;
+	nullKeys;
+	constructor(kv, prefix, options = {}) {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.options = options;
+		this.unavailableKeyTtl = options.unavailableKeyTtl ?? Temporal.Duration.from({ minutes: 10 });
+		this.nullKeys = /* @__PURE__ */ new Map();
+	}
+	#getFetchErrorKey(keyId) {
+		return [
+			...this.prefix,
+			"__fetchError",
+			keyId.href
+		];
+	}
+	async get(keyId) {
+		const negativeExpiration = this.nullKeys.get(keyId.href);
+		if (negativeExpiration != null) {
+			if (Temporal.Now.instant().until(negativeExpiration).sign >= 0) return null;
+			this.nullKeys.delete(keyId.href);
+		}
+		const serialized = await this.kv.get([...this.prefix, keyId.href]);
+		if (serialized === void 0) return void 0;
+		if (serialized === null) {
+			this.nullKeys.set(keyId.href, Temporal.Now.instant().add(this.unavailableKeyTtl));
+			return null;
+		}
+		try {
+			return await CryptographicKey.fromJsonLd(serialized, this.options);
+		} catch {
+			try {
+				return await Multikey.fromJsonLd(serialized, this.options);
+			} catch {
+				await this.kv.delete([...this.prefix, keyId.href]);
+				return void 0;
+			}
+		}
+	}
+	async set(keyId, key) {
+		if (key == null) {
+			this.nullKeys.set(keyId.href, Temporal.Now.instant().add(this.unavailableKeyTtl));
+			await this.kv.set([...this.prefix, keyId.href], null, { ttl: this.unavailableKeyTtl });
+			return;
+		}
+		this.nullKeys.delete(keyId.href);
+		const serialized = await key.toJsonLd(this.options);
+		await this.kv.set([...this.prefix, keyId.href], serialized);
+	}
+	async getFetchError(keyId) {
+		const cached = await this.kv.get(this.#getFetchErrorKey(keyId));
+		if (cached == null || typeof cached !== "object") return void 0;
+		if ("status" in cached && typeof cached.status === "number" && "statusText" in cached && typeof cached.statusText === "string" && "headers" in cached && Array.isArray(cached.headers) && "body" in cached && typeof cached.body === "string") return {
+			status: cached.status,
+			response: new Response(cached.body, {
+				status: cached.status,
+				statusText: cached.statusText,
+				headers: cached.headers
+			})
+		};
+		else if ("errorName" in cached && typeof cached.errorName === "string" && "errorMessage" in cached && typeof cached.errorMessage === "string") {
+			const error = new Error(cached.errorMessage);
+			error.name = cached.errorName;
+			return { error };
+		}
+		return void 0;
+	}
+	async setFetchError(keyId, error) {
+		if (error == null) {
+			await this.kv.delete(this.#getFetchErrorKey(keyId));
+			return;
+		}
+		if ("status" in error) {
+			await this.kv.set(this.#getFetchErrorKey(keyId), {
+				status: error.status,
+				statusText: error.response.statusText,
+				headers: Array.from(error.response.headers.entries()),
+				body: await error.response.clone().text()
+			}, { ttl: this.unavailableKeyTtl });
+			return;
+		}
+		await this.kv.set(this.#getFetchErrorKey(keyId), {
+			errorName: error.error.name,
+			errorMessage: error.error.message
+		}, { ttl: this.unavailableKeyTtl });
+	}
+};
+
+//#endregion
+export { KvKeyCache };

package/dist/{kv-cache-CQPL_aGY.js → kv-cache-CMk-kfWp.js}

@@ -2,7 +2,7 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
         
-import { doubleKnock, validateCryptoKey } from "./http-CSX1-Mgi.js";
+import { doubleKnock, validateCryptoKey } from "./http-CoM8qFZV.js";
 import { getLogger } from "@logtape/logtape";
 import { curry } from "es-toolkit";
 import { UrlError, createActivityPubRequest, getRemoteDocument, logRequest, preloadedContexts, validatePublicUrl } from "@fedify/vocab-runtime";

package/dist/{kv-cache-Vtxhbo1W.cjs → kv-cache-D0IkOVYm.cjs}

@@ -3,7 +3,7 @@
           const { URLPattern } = require("urlpattern-polyfill");
         
 const require_chunk = require('./chunk-CGaQZ11T.cjs');
-const require_http = require('./http-DJT6NciB.cjs');
+const require_http = require('./http-_l2XRk4S.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
 const __fedify_vocab_runtime = require_chunk.__toESM(require("@fedify/vocab-runtime"));

package/dist/{ld-CrX7pQda.js → ld-CD48Tb3_.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-BYerLnry.js";
-import { fetchKey, validateCryptoKey } from "./key-DCdTVZiK.js";
+import { deno_default } from "./deno-aj03PJW6.js";
+import { fetchKey, validateCryptoKey } from "./key-j1AjF3HL.js";
 import { getLogger } from "@logtape/logtape";
 import { Activity, CryptographicKey, Object as Object$1, getTypeId } from "@fedify/vocab";
 import { getDocumentLoader } from "@fedify/vocab-runtime";

package/dist/middleware-BQhgZunR.cjs

@@ -0,0 +1,12 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+require('./transformers-3g8GZwkZ.cjs');
+require('./http-_l2XRk4S.cjs');
+const require_middleware = require('./middleware-D1Awtgcf.cjs');
+require('./proof-D2auLGZD.cjs');
+require('./types-Cd_hszr_.cjs');
+require('./kv-cache-D0IkOVYm.cjs');
+
+exports.FederationImpl = require_middleware.FederationImpl;