@fedify/fedify 2.1.0-dev.503 → 2.1.0-dev.523

package/dist/{builder-BHUnSQtB.js → builder-CJkMYxxc.js}

@@ -3,9 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { deno_default } from "./deno-BYerLnry.js";
+import { deno_default } from "./deno-CQdJQjC5.js";
 import { Router, RouterError } from "./router-D9eI0s4b.js";
-import { InboxListenerSet } from "./inbox-BaA0g5I_.js";
+import { InboxListenerSet } from "./inbox-CWa6sqsk.js";
 import { getLogger } from "@logtape/logtape";
 import { getTypeId } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
@@ -29,6 +29,7 @@ var FederationBuilderImpl = class {
 	inboxListeners;
 	inboxErrorHandler;
 	sharedInboxKeyDispatcher;
+	unverifiedActivityHandler;
 	outboxPermanentFailureHandler;
 	idempotencyStrategy;
 	collectionTypeIds;
@@ -45,7 +46,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl } = await import("./middleware-CfI9C9Xy.js");
+		const { FederationImpl } = await import("./middleware-2XtoTBq0.js");
 		const f = new FederationImpl(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -67,6 +68,7 @@ var FederationBuilderImpl = class {
 		f.inboxListeners = this.inboxListeners?.clone();
 		f.inboxErrorHandler = this.inboxErrorHandler;
 		f.sharedInboxKeyDispatcher = this.sharedInboxKeyDispatcher;
+		f.unverifiedActivityHandler = this.unverifiedActivityHandler;
 		f.outboxPermanentFailureHandler = this.outboxPermanentFailureHandler;
 		f.idempotencyStrategy = this.idempotencyStrategy;
 		return f;
@@ -443,6 +445,10 @@ var FederationBuilderImpl = class {
 				this.inboxErrorHandler = handler;
 				return setters;
 			},
+			onUnverifiedActivity: (handler) => {
+				this.unverifiedActivityHandler = handler;
+				return setters;
+			},
 			setSharedKeyDispatcher: (dispatcher) => {
 				this.sharedInboxKeyDispatcher = dispatcher;
 				return setters;

package/dist/compat/mod.d.cts

@@ -1,7 +1,7 @@
 import "../client-C97KOq3x.cjs";
-import "../http-Cz3MlXAZ.cjs";
+import "../http-DsqqmkXi.cjs";
 import "../owner-1AbPBOOZ.cjs";
-import { ActivityTransformer } from "../context-D3QkEtZd.cjs";
+import { ActivityTransformer } from "../context-DL0cPpPV.cjs";
 import "../kv-BL4nlICN.cjs";
-import { actorDehydrator, autoIdAssigner, getDefaultActivityTransformers } from "../mod-DVwHUI_x.cjs";
+import { actorDehydrator, autoIdAssigner, getDefaultActivityTransformers } from "../mod-DE8MYisy.cjs";
 export { ActivityTransformer, actorDehydrator, autoIdAssigner, getDefaultActivityTransformers };

package/dist/compat/mod.d.ts

@@ -1,9 +1,9 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 import "../client-BxMZiQaD.js";
-import "../http-DkHdFfrc.js";
+import "../http-BbfOqHGG.js";
 import "../owner-gd0Q9FuU.js";
-import { ActivityTransformer } from "../context-DZJhUmzF.js";
+import { ActivityTransformer } from "../context--RwChtri.js";
 import "../kv-DXEUEP6z.js";
-import { actorDehydrator, autoIdAssigner, getDefaultActivityTransformers } from "../mod-DosD6NsG.js";
+import { actorDehydrator, autoIdAssigner, getDefaultActivityTransformers } from "../mod-Z7lIaCfo.js";
 export { ActivityTransformer, actorDehydrator, autoIdAssigner, getDefaultActivityTransformers };

package/dist/compat/transformers.test.js

@@ -8,25 +8,25 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import { assertInstanceOf } from "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
-import { FederationImpl, actorDehydrator, autoIdAssigner } from "../middleware-BelSJK7m.js";
+import "../deno-CQdJQjC5.js";
+import { FederationImpl, actorDehydrator, autoIdAssigner } from "../middleware-Dn9UDJZP.js";
 import "../client-Dg7OfUDA.js";
 import "../router-D9eI0s4b.js";
 import "../types-CPz01LGH.js";
-import "../key-DCdTVZiK.js";
-import "../http-S2U3qDwN.js";
-import "../ld-CrX7pQda.js";
-import "../owner-BAlnLKMO.js";
-import "../proof-DMgHaXNJ.js";
-import "../docloader-MSkogD2T.js";
+import "../key-DRgvVevp.js";
+import "../http-DK0CTomU.js";
+import "../ld-s9_8WfBc.js";
+import "../owner-Cx8gV-j4.js";
+import "../proof-CDr3NP3R.js";
+import "../docloader-Cyl0-S8m.js";
 import "../kv-cache-B__dHl7g.js";
-import "../inbox-BaA0g5I_.js";
-import "../builder-BHUnSQtB.js";
+import "../inbox-CWa6sqsk.js";
+import "../builder-CJkMYxxc.js";
 import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
+import "../keycache-C7k8s1Bk.js";
 import "../negotiation-5NPJL6zp.js";
 import "../retry-D4GJ670a.js";
-import "../send-B2aZYf9A.js";
+import "../send-DreBSY1U.js";
 import { Follow, Person } from "@fedify/vocab";
 
 //#region src/compat/transformers.test.ts

package/dist/{context-DZJhUmzF.d.ts → context--RwChtri.d.ts}

@@ -1,7 +1,7 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 import { GetNodeInfoOptions, JsonValue, NodeInfo } from "./client-BxMZiQaD.js";
-import { HttpMessageSignaturesSpec } from "./http-DkHdFfrc.js";
+import { HttpMessageSignaturesSpec, VerifyRequestFailureReason } from "./http-BbfOqHGG.js";
 import { GetKeyOwnerOptions } from "./owner-gd0Q9FuU.js";
 import { KvKey, KvStore } from "./kv-DXEUEP6z.js";
 import { Activity, Actor, Collection, CryptographicKey, Hashtag, Link, LookupObjectOptions, Multikey, Object as Object$1, Recipient, TraverseCollectionOptions } from "@fedify/vocab";
@@ -216,6 +216,29 @@ type CollectionCursor<TContext extends Context<TContextData>, TContextData, TFil
 */
 type InboxListener<TContextData, TActivity extends Activity> = (context: InboxContext<TContextData>, activity: TActivity) => void | Promise<void>;
 /**
+* The reason why an incoming activity could not be verified.
+*
+* Unlike inbox listeners registered through {@link InboxListenerSetters.on},
+* unverified activity handlers are called only when the activity payload could
+* be parsed but its HTTP signatures could not be verified.
+*
+* @since 2.1.0
+*/
+type UnverifiedActivityReason = VerifyRequestFailureReason;
+/**
+* A callback that handles activities whose signatures could not be verified.
+*
+* Returning a {@link Response} overrides Fedify's default `401 Unauthorized`
+* response.  Returning `void` keeps the default behavior.
+*
+* @template TContextData The context data to pass to the {@link Context}.
+* @param context The request context.
+* @param activity The incoming activity that could be parsed.
+* @param reason The reason why signature verification failed.
+* @since 2.1.0
+*/
+type UnverifiedActivityHandler<TContextData> = (context: RequestContext<TContextData>, activity: Activity, reason: UnverifiedActivityReason) => void | Response | Promise<void | Response>;
+/**
 * A callback that handles errors in an inbox.
 *
 * @template TContextData The context data to pass to the {@link Context}.
@@ -1628,6 +1651,35 @@ interface InboxListenerSetters<TContextData> {
   */
   onError(handler: InboxErrorHandler<TContextData>): InboxListenerSetters<TContextData>;
   /**
+  * Registers a callback for incoming activities whose HTTP signatures could
+  * not be verified.
+  *
+  * The regular inbox listeners registered through {@link on} continue to
+  * receive only verified activities.  This hook is an opt-in escape hatch for
+  * applications that need to inspect unverified deliveries and optionally
+  * override the default `401 Unauthorized` response.
+  *
+  * @example
+  * ``` typescript
+  * federation
+  *   .setInboxListeners("/users/{identifier}/inbox", "/inbox")
+  *   .onUnverifiedActivity((ctx, activity, reason) => {
+  *     if (
+  *       reason.type === "keyFetchError" &&
+  *       "status" in reason.result &&
+  *       reason.result.status === 410
+  *     ) {
+  *       return new Response(null, { status: 202 });
+  *     }
+  *   });
+  * ```
+  *
+  * @param handler A callback to handle an unverified activity.
+  * @returns The setters object so that settings can be chained.
+  * @since 2.1.0
+  */
+  onUnverifiedActivity(handler: UnverifiedActivityHandler<TContextData>): InboxListenerSetters<TContextData>;
+  /**
   * Configures a callback to dispatch the key pair for the authenticated
   * document loader of the {@link Context} passed to the shared inbox listener.
   *
@@ -2493,4 +2545,4 @@ interface ActorKeyPair extends CryptoKeyPair {
   readonly multikey: Multikey;
 }
 //#endregion
-export { ActivityTransformer, ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };
+export { ActivityTransformer, ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };

package/dist/{context-D3QkEtZd.d.cts → context-DL0cPpPV.d.cts}

@@ -1,5 +1,5 @@
 import { GetNodeInfoOptions, JsonValue, NodeInfo } from "./client-C97KOq3x.cjs";
-import { HttpMessageSignaturesSpec } from "./http-Cz3MlXAZ.cjs";
+import { HttpMessageSignaturesSpec, VerifyRequestFailureReason } from "./http-DsqqmkXi.cjs";
 import { GetKeyOwnerOptions } from "./owner-1AbPBOOZ.cjs";
 import { KvKey, KvStore } from "./kv-BL4nlICN.cjs";
 import { Activity, Actor, Collection, CryptographicKey, Hashtag, Link, LookupObjectOptions, Multikey, Object as Object$1, Recipient, TraverseCollectionOptions } from "@fedify/vocab";
@@ -214,6 +214,29 @@ type CollectionCursor<TContext extends Context<TContextData>, TContextData, TFil
 */
 type InboxListener<TContextData, TActivity extends Activity> = (context: InboxContext<TContextData>, activity: TActivity) => void | Promise<void>;
 /**
+* The reason why an incoming activity could not be verified.
+*
+* Unlike inbox listeners registered through {@link InboxListenerSetters.on},
+* unverified activity handlers are called only when the activity payload could
+* be parsed but its HTTP signatures could not be verified.
+*
+* @since 2.1.0
+*/
+type UnverifiedActivityReason = VerifyRequestFailureReason;
+/**
+* A callback that handles activities whose signatures could not be verified.
+*
+* Returning a {@link Response} overrides Fedify's default `401 Unauthorized`
+* response.  Returning `void` keeps the default behavior.
+*
+* @template TContextData The context data to pass to the {@link Context}.
+* @param context The request context.
+* @param activity The incoming activity that could be parsed.
+* @param reason The reason why signature verification failed.
+* @since 2.1.0
+*/
+type UnverifiedActivityHandler<TContextData> = (context: RequestContext<TContextData>, activity: Activity, reason: UnverifiedActivityReason) => void | Response | Promise<void | Response>;
+/**
 * A callback that handles errors in an inbox.
 *
 * @template TContextData The context data to pass to the {@link Context}.
@@ -1626,6 +1649,35 @@ interface InboxListenerSetters<TContextData> {
   */
   onError(handler: InboxErrorHandler<TContextData>): InboxListenerSetters<TContextData>;
   /**
+  * Registers a callback for incoming activities whose HTTP signatures could
+  * not be verified.
+  *
+  * The regular inbox listeners registered through {@link on} continue to
+  * receive only verified activities.  This hook is an opt-in escape hatch for
+  * applications that need to inspect unverified deliveries and optionally
+  * override the default `401 Unauthorized` response.
+  *
+  * @example
+  * ``` typescript
+  * federation
+  *   .setInboxListeners("/users/{identifier}/inbox", "/inbox")
+  *   .onUnverifiedActivity((ctx, activity, reason) => {
+  *     if (
+  *       reason.type === "keyFetchError" &&
+  *       "status" in reason.result &&
+  *       reason.result.status === 410
+  *     ) {
+  *       return new Response(null, { status: 202 });
+  *     }
+  *   });
+  * ```
+  *
+  * @param handler A callback to handle an unverified activity.
+  * @returns The setters object so that settings can be chained.
+  * @since 2.1.0
+  */
+  onUnverifiedActivity(handler: UnverifiedActivityHandler<TContextData>): InboxListenerSetters<TContextData>;
+  /**
   * Configures a callback to dispatch the key pair for the authenticated
   * document loader of the {@link Context} passed to the shared inbox listener.
   *
@@ -2491,4 +2543,4 @@ interface ActorKeyPair extends CryptoKeyPair {
   readonly multikey: Multikey;
 }
 //#endregion
-export { ActivityTransformer, ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };
+export { ActivityTransformer, ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };

package/dist/{deno-BYerLnry.js → deno-CQdJQjC5.js}

@@ -5,7 +5,7 @@
     
 //#region deno.json
 var name = "@fedify/fedify";
-var version = "2.1.0-dev.503+1172d43b";
+var version = "2.1.0-dev.523+150998a5";
 var license = "MIT";
 var exports = {
 	".": "./src/mod.ts",

package/dist/{docloader-MSkogD2T.js → docloader-Cyl0-S8m.js}

@@ -3,8 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { validateCryptoKey } from "./key-DCdTVZiK.js";
-import { doubleKnock } from "./http-S2U3qDwN.js";
+import { validateCryptoKey } from "./key-DRgvVevp.js";
+import { doubleKnock } from "./http-DK0CTomU.js";
 import { getLogger } from "@logtape/logtape";
 import { curry } from "es-toolkit";
 import { UrlError, createActivityPubRequest, getRemoteDocument, logRequest, validatePublicUrl } from "@fedify/vocab-runtime";

package/dist/federation/builder.test.js

@@ -8,10 +8,10 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
+import "../deno-CQdJQjC5.js";
 import "../router-D9eI0s4b.js";
-import "../inbox-BaA0g5I_.js";
-import { createFederationBuilder } from "../builder-BHUnSQtB.js";
+import "../inbox-CWa6sqsk.js";
+import { createFederationBuilder } from "../builder-CJkMYxxc.js";
 import { assertExists } from "../std__assert-DWivtrGR.js";
 import "../assert_rejects-Ce45JcFg.js";
 import { assertThrows } from "../assert_throws-BNXdRGWP.js";
@@ -123,6 +123,17 @@ test("FederationBuilder", async (t) => {
 		const implRfc = federationRfc;
 		assertEquals(implRfc.firstKnock, "rfc9421");
 	});
+	await t.step("should copy unverified activity handler into built federation", async () => {
+		const builder = createFederationBuilder();
+		const kv = new MemoryKvStore();
+		const handler = (_ctx, _activity, _reason) => {
+			return;
+		};
+		builder.setInboxListeners("/users/{identifier}/inbox").onUnverifiedActivity(handler);
+		const federation = await builder.build({ kv });
+		const impl = federation;
+		assertEquals(impl.unverifiedActivityHandler, handler);
+	});
 	await t.step("should register multiple object dispatchers and verify them", async () => {
 		const builder = createFederationBuilder();
 		const kv = new MemoryKvStore();

package/dist/federation/handler.test.js

@@ -8,25 +8,25 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
-import { createFederation, handleActor, handleCollection, handleCustomCollection, handleInbox, handleObject, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-BelSJK7m.js";
+import "../deno-CQdJQjC5.js";
+import { createFederation, handleActor, handleCollection, handleCustomCollection, handleInbox, handleObject, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-Dn9UDJZP.js";
 import "../client-Dg7OfUDA.js";
 import "../router-D9eI0s4b.js";
 import "../types-CPz01LGH.js";
-import "../key-DCdTVZiK.js";
-import { signRequest } from "../http-S2U3qDwN.js";
-import "../ld-CrX7pQda.js";
-import "../owner-BAlnLKMO.js";
-import "../proof-DMgHaXNJ.js";
-import "../docloader-MSkogD2T.js";
+import "../key-DRgvVevp.js";
+import { signRequest } from "../http-DK0CTomU.js";
+import "../ld-s9_8WfBc.js";
+import "../owner-Cx8gV-j4.js";
+import "../proof-CDr3NP3R.js";
+import "../docloader-Cyl0-S8m.js";
 import "../kv-cache-B__dHl7g.js";
-import { InboxListenerSet } from "../inbox-BaA0g5I_.js";
-import "../builder-BHUnSQtB.js";
+import { InboxListenerSet } from "../inbox-CWa6sqsk.js";
+import "../builder-CJkMYxxc.js";
 import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
+import "../keycache-C7k8s1Bk.js";
 import "../negotiation-5NPJL6zp.js";
 import "../retry-D4GJ670a.js";
-import "../send-B2aZYf9A.js";
+import "../send-DreBSY1U.js";
 import "../std__assert-DWivtrGR.js";
 import "../assert_rejects-Ce45JcFg.js";
 import "../assert_throws-BNXdRGWP.js";
@@ -34,6 +34,7 @@ import "../assert_not_equals-C80BG-_5.js";
 import { createInboxContext, createRequestContext } from "../context-CZ5llAss.js";
 import { rsaPrivateKey3, rsaPublicKey2, rsaPublicKey3 } from "../keys-ZbcByPg9.js";
 import { Create, Note, Person } from "@fedify/vocab";
+import { FetchError } from "@fedify/vocab-runtime";
 
 //#region src/federation/handler.test.ts
 test("handleActor()", async () => {
@@ -1562,12 +1563,95 @@ test("handleInbox() records OpenTelemetry span events", async () => {
 	assertEquals(events.length, 1);
 	const event = events[0];
 	assert(event.attributes != null);
-	assertEquals(event.attributes["activitypub.activity.verified"], true);
+	assertEquals(event.attributes["activitypub.activity.verified"], false);
 	assertEquals(event.attributes["http_signatures.verified"], false);
 	assert(typeof event.attributes["activitypub.activity.json"] === "string");
 	const recordedActivity = JSON.parse(event.attributes["activitypub.activity.json"]);
 	assertEquals(recordedActivity.id, "https://example.com/activity");
 	assertEquals(recordedActivity.type, "Create");
 });
+test("handleInbox() records unverified HTTP signature details", async () => {
+	const [tracerProvider, exporter] = createTestTracerProvider();
+	const kv = new MemoryKvStore();
+	const federation = createFederation({
+		kv,
+		tracerProvider
+	});
+	const keyId = new URL("https://gone.example/users/someone#main-key");
+	const activity = new Create({
+		id: new URL("https://example.com/activity"),
+		actor: new URL("https://gone.example/users/someone"),
+		object: new Note({
+			id: new URL("https://example.com/note"),
+			content: "Hello, world!"
+		})
+	});
+	const request = new Request("https://example.com/users/someone/inbox", {
+		method: "POST",
+		headers: { "Content-Type": "application/activity+json" },
+		body: JSON.stringify(await activity.toJsonLd())
+	});
+	const signed = await signRequest(request, rsaPrivateKey3, keyId);
+	const documentLoader = (url) => {
+		if (url === keyId.href) throw new FetchError(keyId, `HTTP 410: ${keyId.href}`, new Response(null, { status: 410 }));
+		return mockDocumentLoader(url);
+	};
+	const context = createRequestContext({
+		federation,
+		request: signed,
+		url: new URL(signed.url),
+		data: void 0,
+		documentLoader,
+		contextLoader: mockDocumentLoader,
+		getActorUri(identifier) {
+			return new URL(`https://example.com/users/${identifier}`);
+		}
+	});
+	const actorDispatcher = (ctx, identifier) => {
+		if (identifier !== "someone") return null;
+		return new Person({
+			id: ctx.getActorUri(identifier),
+			name: "Someone",
+			inbox: new URL("https://example.com/users/someone/inbox"),
+			publicKey: rsaPublicKey2
+		});
+	};
+	const response = await handleInbox(signed, {
+		recipient: "someone",
+		context,
+		inboxContextFactory(_activity) {
+			return createInboxContext({
+				...context,
+				clone: void 0
+			});
+		},
+		kv,
+		kvPrefixes: {
+			activityIdempotence: ["activityIdempotence"],
+			publicKey: ["publicKey"]
+		},
+		actorDispatcher,
+		inboxListeners: new InboxListenerSet(),
+		inboxErrorHandler: void 0,
+		unverifiedActivityHandler() {
+			return new Response("", { status: 202 });
+		},
+		onNotFound: (_request) => new Response("Not found", { status: 404 }),
+		signatureTimeWindow: false,
+		skipSignatureVerification: false,
+		tracerProvider
+	});
+	assertEquals(response.status, 202);
+	const verifySpans = exporter.getSpans("http_signatures.verify");
+	assertEquals(verifySpans.length, 1);
+	assertEquals(verifySpans[0].attributes["http_signatures.failure_reason"], "keyFetchError");
+	assertEquals(verifySpans[0].attributes["http_signatures.key_fetch_status"], 410);
+	const events = exporter.getEvents("activitypub.inbox", "activitypub.activity.received");
+	assertEquals(events.length, 1);
+	const event = events[0];
+	assert(event.attributes != null);
+	assertEquals(event.attributes["http_signatures.failure_reason"], "keyFetchError");
+	assertEquals(event.attributes["http_signatures.key_fetch_status"], 410);
+});
 
 //#endregion

package/dist/federation/idempotency.test.js

@@ -8,25 +8,25 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
-import { createFederation } from "../middleware-BelSJK7m.js";
+import "../deno-CQdJQjC5.js";
+import { createFederation } from "../middleware-Dn9UDJZP.js";
 import "../client-Dg7OfUDA.js";
 import "../router-D9eI0s4b.js";
 import "../types-CPz01LGH.js";
-import "../key-DCdTVZiK.js";
-import "../http-S2U3qDwN.js";
-import "../ld-CrX7pQda.js";
-import "../owner-BAlnLKMO.js";
-import { signObject } from "../proof-DMgHaXNJ.js";
-import "../docloader-MSkogD2T.js";
+import "../key-DRgvVevp.js";
+import "../http-DK0CTomU.js";
+import "../ld-s9_8WfBc.js";
+import "../owner-Cx8gV-j4.js";
+import { signObject } from "../proof-CDr3NP3R.js";
+import "../docloader-Cyl0-S8m.js";
 import "../kv-cache-B__dHl7g.js";
-import "../inbox-BaA0g5I_.js";
-import "../builder-BHUnSQtB.js";
+import "../inbox-CWa6sqsk.js";
+import "../builder-CJkMYxxc.js";
 import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
+import "../keycache-C7k8s1Bk.js";
 import "../negotiation-5NPJL6zp.js";
 import "../retry-D4GJ670a.js";
-import "../send-B2aZYf9A.js";
+import "../send-DreBSY1U.js";
 import "../std__assert-DWivtrGR.js";
 import "../assert_rejects-Ce45JcFg.js";
 import "../assert_throws-BNXdRGWP.js";

package/dist/federation/inbox.test.js

@@ -5,8 +5,8 @@
     
 import { test } from "../dist-B5f6a8Tt.js";
 import { assertEquals } from "../assert_equals-DSbWqCm3.js";
-import "../deno-BYerLnry.js";
-import { InboxListenerSet } from "../inbox-BaA0g5I_.js";
+import "../deno-CQdJQjC5.js";
+import { InboxListenerSet } from "../inbox-CWa6sqsk.js";
 import { assertThrows } from "../assert_throws-BNXdRGWP.js";
 import { Activity, Create, Invite, Offer, Update } from "@fedify/vocab";
 

package/dist/federation/keycache.test.js

@@ -8,7 +8,7 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import { assertInstanceOf } from "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import { KvKeyCache } from "../keycache-DRxpZ5r9.js";
+import { KvKeyCache } from "../keycache-C7k8s1Bk.js";
 import { CryptographicKey, Multikey } from "@fedify/vocab";
 
 //#region src/federation/keycache.test.ts
@@ -29,6 +29,7 @@ test("KvKeyCache.set()", async () => {
 	});
 	await cache.set(new URL("https://example.com/null"), null);
 	assert(cache.nullKeys.has("https://example.com/null"));
+	assertEquals(await kv.get(["pk", "https://example.com/null"]), null);
 });
 test("KvKeyCache.get()", async () => {
 	const kv = new MemoryKvStore();
@@ -49,8 +50,51 @@ test("KvKeyCache.get()", async () => {
 	const multikey = await cache.get(new URL("https://example.com/key2"));
 	assertInstanceOf(multikey, Multikey);
 	assertEquals(multikey?.id?.href, "https://example.com/key2");
-	cache.nullKeys.add("https://example.com/null");
+	cache.nullKeys.set("https://example.com/null", Temporal.Now.instant().add(Temporal.Duration.from({ minutes: 10 })));
 	assertEquals(await cache.get(new URL("https://example.com/null")), null);
+	await kv.set(["pk", "https://example.com/null2"], null);
+	const cache2 = new KvKeyCache(kv, ["pk"]);
+	assertEquals(await cache2.get(new URL("https://example.com/null2")), null);
+});
+test("KvKeyCache fetch error metadata", async () => {
+	const kv = new MemoryKvStore();
+	const cache = new KvKeyCache(kv, ["pk"]);
+	const keyId = new URL("https://example.com/key");
+	await cache.setFetchError(keyId, {
+		status: 410,
+		response: new Response("gone", {
+			status: 410,
+			statusText: "Gone",
+			headers: { "content-type": "text/plain" }
+		})
+	});
+	const httpError = await cache.getFetchError(keyId);
+	assert(httpError != null && "status" in httpError);
+	if (httpError == null || !("status" in httpError)) throw new Error("Expected HTTP fetch error metadata.");
+	assertEquals(httpError.status, 410);
+	assertEquals(httpError.response.status, 410);
+	assertEquals(await httpError.response.text(), "gone");
+	await cache.setFetchError(keyId, { error: Object.assign(/* @__PURE__ */ new Error("boom"), { name: "TypeError" }) });
+	const nonHttpError = await cache.getFetchError(keyId);
+	assert(nonHttpError != null && "error" in nonHttpError);
+	if (nonHttpError == null || !("error" in nonHttpError)) throw new Error("Expected non-HTTP fetch error metadata.");
+	assertEquals(nonHttpError.error.name, "TypeError");
+	assertEquals(nonHttpError.error.message, "boom");
+	await cache.setFetchError(keyId, null);
+	assertEquals(await cache.getFetchError(keyId), void 0);
+});
+test("KvKeyCache unavailable entries expire", async () => {
+	const kv = new MemoryKvStore();
+	const cache = new KvKeyCache(kv, ["pk"], { unavailableKeyTtl: Temporal.Duration.from({ milliseconds: 1 }) });
+	const keyId = new URL("https://example.com/expired");
+	await cache.set(keyId, null);
+	await cache.setFetchError(keyId, {
+		status: 410,
+		response: new Response(null, { status: 410 })
+	});
+	await new Promise((resolve) => setTimeout(resolve, 10));
+	assertEquals(await cache.get(keyId), void 0);
+	assertEquals(await cache.getFetchError(keyId), void 0);
 });
 
 //#endregion