@fedify/fedify 2.1.0-dev.503 → 2.1.0-dev.523

package/dist/federation/middleware.test.js

@@ -8,25 +8,25 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import { assertInstanceOf } from "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
-import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "../middleware-BelSJK7m.js";
+import "../deno-CQdJQjC5.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "../middleware-Dn9UDJZP.js";
 import "../client-Dg7OfUDA.js";
 import { RouterError } from "../router-D9eI0s4b.js";
 import "../types-CPz01LGH.js";
-import "../key-DCdTVZiK.js";
-import { signRequest, verifyRequest } from "../http-S2U3qDwN.js";
-import { detachSignature, signJsonLd, verifyJsonLd } from "../ld-CrX7pQda.js";
-import { doesActorOwnKey } from "../owner-BAlnLKMO.js";
-import { signObject, verifyObject } from "../proof-DMgHaXNJ.js";
-import { getAuthenticatedDocumentLoader } from "../docloader-MSkogD2T.js";
+import "../key-DRgvVevp.js";
+import { signRequest, verifyRequest } from "../http-DK0CTomU.js";
+import { detachSignature, signJsonLd, verifyJsonLd } from "../ld-s9_8WfBc.js";
+import { doesActorOwnKey } from "../owner-Cx8gV-j4.js";
+import { signObject, verifyObject } from "../proof-CDr3NP3R.js";
+import { getAuthenticatedDocumentLoader } from "../docloader-Cyl0-S8m.js";
 import "../kv-cache-B__dHl7g.js";
-import "../inbox-BaA0g5I_.js";
-import "../builder-BHUnSQtB.js";
+import "../inbox-CWa6sqsk.js";
+import "../builder-CJkMYxxc.js";
 import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
+import "../keycache-C7k8s1Bk.js";
 import "../negotiation-5NPJL6zp.js";
 import "../retry-D4GJ670a.js";
-import "../send-B2aZYf9A.js";
+import "../send-DreBSY1U.js";
 import { assertStrictEquals } from "../std__assert-DWivtrGR.js";
 import { assertFalse, assertRejects } from "../assert_rejects-Ce45JcFg.js";
 import { assertThrows } from "../assert_throws-BNXdRGWP.js";
@@ -1082,6 +1082,200 @@ test("Federation.setInboxListeners()", async (t) => {
 		await inbox[0][0].documentLoader("https://example.com/person");
 		assertEquals(authenticatedRequests, [["https://example.com/person", "https://example.com/users/john#main-key"]]);
 	});
+	await t.step("onUnverifiedActivity()", async (t$1) => {
+		const options = {
+			documentLoader: mockDocumentLoader,
+			contextLoader: mockDocumentLoader
+		};
+		async function createInboxRequest(activity, signature) {
+			let request = new Request("https://example.com/inbox", {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/activity+json",
+					accept: "application/ld+json"
+				},
+				body: JSON.stringify(await activity.toJsonLd(options))
+			});
+			if (signature != null) request = await signRequest(request, signature.privateKey, signature.keyId);
+			return request;
+		}
+		function createFederationWithLoader(documentLoader$1) {
+			const federation = createFederation({
+				kv: new MemoryKvStore(),
+				documentLoaderFactory: () => documentLoader$1,
+				contextLoaderFactory: () => mockDocumentLoader
+			});
+			const verified = [];
+			federation.setActorDispatcher("/users/{identifier}", () => {
+				return new vocab.Person({});
+			});
+			const inboxListeners = federation.setInboxListeners("/users/{identifier}/inbox", "/inbox").on(vocab.Create, (_ctx, activity) => {
+				verified.push(activity);
+			});
+			return {
+				federation,
+				verified,
+				inboxListeners
+			};
+		}
+		await t$1.step("receives noSignature reason", async () => {
+			const { federation, verified, inboxListeners } = createFederationWithLoader(mockDocumentLoader);
+			let receivedReason = null;
+			inboxListeners.onUnverifiedActivity((_ctx, _activity, reason) => {
+				receivedReason = reason;
+				return new Response(null, { status: 202 });
+			});
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://remote.example/activities/no-signature"),
+				actor: new URL("https://remote.example/actors/alice")
+			})), { contextData: void 0 });
+			assertEquals(response.status, 202);
+			assertEquals(receivedReason, { type: "noSignature" });
+			assertEquals(verified, []);
+		});
+		await t$1.step("receives keyFetchError for 410 responses", async () => {
+			const goneKeyId = new URL("https://gone.example/actors/alice#main-key");
+			const goneLoader = async (url) => {
+				if (url === goneKeyId.href) throw new FetchError(goneKeyId, `HTTP 410: ${goneKeyId.href}`, new Response(null, { status: 410 }));
+				return await mockDocumentLoader(url);
+			};
+			const { federation, verified, inboxListeners } = createFederationWithLoader(goneLoader);
+			let receivedReason = null;
+			inboxListeners.onUnverifiedActivity((_ctx, _activity, reason) => {
+				receivedReason = reason;
+				return new Response(null, { status: 202 });
+			});
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://gone.example/activities/delete"),
+				actor: new URL("https://gone.example/actors/alice")
+			}), {
+				privateKey: rsaPrivateKey3,
+				keyId: goneKeyId
+			}), { contextData: void 0 });
+			assertEquals(response.status, 202);
+			assertEquals(verified, []);
+			assertEquals(receivedReason.type, "keyFetchError");
+			assertEquals(receivedReason.keyId.href, goneKeyId.href);
+			assertEquals(receivedReason.result.status, 410);
+		});
+		await t$1.step("preserves keyFetchError details across retries", async () => {
+			const keyId = new URL("https://gone.example/actors/alice#main-key");
+			let keyFetches = 0;
+			const goneLoader = async (url) => {
+				if (url === keyId.href) {
+					keyFetches++;
+					throw new FetchError(keyId, `HTTP 410: ${keyId.href}`, new Response(null, { status: 410 }));
+				}
+				return await mockDocumentLoader(url);
+			};
+			const { federation, inboxListeners } = createFederationWithLoader(goneLoader);
+			const reasons = [];
+			inboxListeners.onUnverifiedActivity((_ctx, _activity, reason) => {
+				reasons.push(reason);
+				return new Response(null, { status: 202 });
+			});
+			const request = await createInboxRequest(new vocab.Create({
+				id: new URL("https://gone.example/activities/retry"),
+				actor: new URL("https://gone.example/actors/alice")
+			}), {
+				privateKey: rsaPrivateKey3,
+				keyId
+			});
+			const first = await federation.fetch(request.clone(), { contextData: void 0 });
+			const second = await federation.fetch(request.clone(), { contextData: void 0 });
+			assertEquals(first.status, 202);
+			assertEquals(second.status, 202);
+			assertEquals(keyFetches, 1);
+			assertEquals(reasons[0].type, "keyFetchError");
+			assertEquals(reasons[1].type, "keyFetchError");
+			assertEquals(reasons[1].result.status, 410);
+		});
+		await t$1.step("falls back to 401 when handler returns void", async () => {
+			const missingKeyId = new URL("https://missing.example/actors/alice#main-key");
+			const missingLoader = async (url) => {
+				if (url === missingKeyId.href) throw new FetchError(missingKeyId, `HTTP 404: ${missingKeyId.href}`, new Response(null, { status: 404 }));
+				return await mockDocumentLoader(url);
+			};
+			const { federation, verified, inboxListeners } = createFederationWithLoader(missingLoader);
+			let receivedReason = null;
+			inboxListeners.onUnverifiedActivity((_ctx, _activity, reason) => {
+				receivedReason = reason;
+			});
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://missing.example/activities/delete"),
+				actor: new URL("https://missing.example/actors/alice")
+			}), {
+				privateKey: rsaPrivateKey3,
+				keyId: missingKeyId
+			}), { contextData: void 0 });
+			assertEquals(response.status, 401);
+			assertEquals(verified, []);
+			assertEquals(receivedReason.type, "keyFetchError");
+			assertEquals(receivedReason.result.status, 404);
+		});
+		await t$1.step("falls back to 401 and reports hook errors", async () => {
+			const missingKeyId = new URL("https://missing.example/actors/alice#main-key");
+			const missingLoader = async (url) => {
+				if (url === missingKeyId.href) throw new FetchError(missingKeyId, `HTTP 404: ${missingKeyId.href}`, new Response(null, { status: 404 }));
+				return await mockDocumentLoader(url);
+			};
+			const { federation, verified, inboxListeners } = createFederationWithLoader(missingLoader);
+			let receivedErrorMessage = null;
+			inboxListeners.onUnverifiedActivity(() => {
+				throw new Error("Intended unverified hook failure");
+			}).onError((_ctx, error) => {
+				receivedErrorMessage = error.message;
+			});
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://missing.example/activities/error"),
+				actor: new URL("https://missing.example/actors/alice")
+			}), {
+				privateKey: rsaPrivateKey3,
+				keyId: missingKeyId
+			}), { contextData: void 0 });
+			assertEquals(response.status, 401);
+			assertEquals(verified, []);
+			assertEquals(receivedErrorMessage, "Intended unverified hook failure");
+		});
+		await t$1.step("receives invalidSignature reason", async () => {
+			const { federation, verified, inboxListeners } = createFederationWithLoader(mockDocumentLoader);
+			let receivedReason = null;
+			inboxListeners.onUnverifiedActivity((_ctx, _activity, reason) => {
+				receivedReason = reason;
+				return new Response(null, { status: 202 });
+			});
+			const keyId = new URL("https://example.com/person2#key3");
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://example.com/activities/invalid-signature"),
+				actor: new URL("https://example.com/person2")
+			}), {
+				privateKey: rsaPrivateKey2,
+				keyId
+			}), { contextData: void 0 });
+			assertEquals(response.status, 202);
+			assertEquals(verified, []);
+			assertEquals(receivedReason.type, "invalidSignature");
+			assertEquals(receivedReason.keyId.href, keyId.href);
+		});
+		await t$1.step("does not run for verified activities", async () => {
+			const { federation, verified, inboxListeners } = createFederationWithLoader(mockDocumentLoader);
+			let unverifiedCalls = 0;
+			inboxListeners.onUnverifiedActivity(() => {
+				unverifiedCalls++;
+				return new Response(null, { status: 202 });
+			});
+			const response = await federation.fetch(await createInboxRequest(new vocab.Create({
+				id: new URL("https://example.com/activities/verified"),
+				actor: new URL("https://example.com/person2")
+			}), {
+				privateKey: rsaPrivateKey3,
+				keyId: new URL("https://example.com/person2#key3")
+			}), { contextData: void 0 });
+			assertEquals(response.status, 202);
+			assertEquals(unverifiedCalls, 0);
+			assertEquals(verified.length, 1);
+		});
+	});
 	await t.step("onError()", async () => {
 		const federation = createFederation({
 			kv,

package/dist/federation/mod.cjs

@@ -3,12 +3,12 @@
           const { URLPattern } = require("urlpattern-polyfill");
         
 require('../transformers-3g8GZwkZ.cjs');
-require('../http-DJT6NciB.cjs');
-const require_middleware = require('../middleware-D4S6i4A_.cjs');
-require('../proof-CR5RUAmy.cjs');
+require('../http-D6a6mMc0.cjs');
+const require_middleware = require('../middleware-BoCzk7-G.cjs');
+require('../proof-qHcNgE5i.cjs');
 const require_federation = require('../federation-Bp3HI26G.cjs');
 require('../types-Cd_hszr_.cjs');
-require('../kv-cache-Vtxhbo1W.cjs');
+require('../kv-cache-DPtsJ1sL.cjs');
 
 exports.InProcessMessageQueue = require_federation.InProcessMessageQueue;
 exports.MemoryKvStore = require_federation.MemoryKvStore;

package/dist/federation/mod.d.cts

@@ -1,7 +1,7 @@
 import "../client-C97KOq3x.cjs";
-import "../http-Cz3MlXAZ.cjs";
+import "../http-DsqqmkXi.cjs";
 import "../owner-1AbPBOOZ.cjs";
-import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context-D3QkEtZd.cjs";
+import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context-DL0cPpPV.cjs";
 import { KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore } from "../kv-BL4nlICN.cjs";
-import { WebFingerHandlerParameters, handleWebFinger } from "../mod-Di3W5OdP.cjs";
-export { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerHandlerParameters, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };
+import { WebFingerHandlerParameters, handleWebFinger } from "../mod-Dp0kK0hO.cjs";
+export { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerHandlerParameters, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };

package/dist/federation/mod.d.ts

@@ -1,9 +1,9 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 import "../client-BxMZiQaD.js";
-import "../http-DkHdFfrc.js";
+import "../http-BbfOqHGG.js";
 import "../owner-gd0Q9FuU.js";
-import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context-DZJhUmzF.js";
+import { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable } from "../context--RwChtri.js";
 import { KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore } from "../kv-DXEUEP6z.js";
-import { WebFingerHandlerParameters, handleWebFinger } from "../mod-DnSsduJF.js";
-export { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, WebFingerHandlerParameters, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };
+import { WebFingerHandlerParameters, handleWebFinger } from "../mod-DcfFNgYf.js";
+export { ActorAliasMapper, ActorCallbackSetters, ActorDispatcher, ActorHandleMapper, ActorKeyPair, ActorKeyPairsDispatcher, AuthorizePredicate, CollectionCallbackSetters, CollectionCounter, CollectionCursor, CollectionDispatcher, ConstructorWithTypeId, Context, CreateExponentialBackoffPolicyOptions, CustomCollectionCallbackSetters, CustomCollectionCounter, CustomCollectionCursor, CustomCollectionDispatcher, Federatable, Federation, FederationBuilder, FederationFetchOptions, FederationKvPrefixes, FederationOptions, FederationOrigin, FederationQueueOptions, FederationStartQueueOptions, ForwardActivityOptions, GetSignedKeyOptions, IdempotencyKeyCallback, IdempotencyStrategy, InProcessMessageQueue, InProcessMessageQueueOptions, InboxContext, InboxErrorHandler, InboxListener, InboxListenerSetters, KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore, Message, MessageQueue, MessageQueueEnqueueOptions, MessageQueueListenOptions, NodeInfoDispatcher, ObjectAuthorizePredicate, ObjectCallbackSetters, ObjectDispatcher, OutboxErrorHandler, OutboxPermanentFailureHandler, PageItems, ParallelMessageQueue, ParseUriResult, RequestContext, RespondWithObjectOptions, RetryContext, RetryPolicy, Rfc6570Expression, RouteActivityOptions, Router, RouterError, RouterOptions, RouterRouteResult, SendActivityError, SendActivityOptions, SendActivityOptionsForCollection, SenderKeyPair, SharedInboxKeyDispatcher, UnverifiedActivityHandler, UnverifiedActivityReason, WebFingerHandlerParameters, WebFingerLinksDispatcher, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };

package/dist/federation/mod.js

@@ -3,11 +3,11 @@
           import { URLPattern } from "urlpattern-polyfill";
         
 import "../transformers-C3FLHUd6.js";
-import "../http-CSX1-Mgi.js";
-import { Router, RouterError, SendActivityError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-MlO5iUeZ.js";
-import "../proof-BgUVmaJz.js";
+import "../http-DJmytoC2.js";
+import { Router, RouterError, SendActivityError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable } from "../middleware-Ajnk9qHB.js";
+import "../proof-Le4DAkqb.js";
 import { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue } from "../federation-DaMfqRm4.js";
 import "../types-C93Ob9cU.js";
-import "../kv-cache-CQPL_aGY.js";
+import "../kv-cache-MPcS_mGG.js";
 
 export { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue, Router, RouterError, SendActivityError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, handleWebFinger, respondWithObject, respondWithObjectIfAcceptable };

package/dist/federation/send.test.js

@@ -7,11 +7,11 @@ import { createTestTracerProvider, mockDocumentLoader, test } from "../dist-B5f6
 import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import { assert } from "../assert-MZs1qjMx.js";
 import { assertInstanceOf } from "../assert_instance_of-DHz7EHNU.js";
-import "../deno-BYerLnry.js";
-import "../key-DCdTVZiK.js";
-import { verifyRequest } from "../http-S2U3qDwN.js";
-import { doesActorOwnKey } from "../owner-BAlnLKMO.js";
-import { SendActivityError, extractInboxes, sendActivity } from "../send-B2aZYf9A.js";
+import "../deno-CQdJQjC5.js";
+import "../key-DRgvVevp.js";
+import { verifyRequest } from "../http-DK0CTomU.js";
+import { doesActorOwnKey } from "../owner-Cx8gV-j4.js";
+import { SendActivityError, extractInboxes, sendActivity } from "../send-DreBSY1U.js";
 import "../std__assert-DWivtrGR.js";
 import { assertFalse, assertRejects } from "../assert_rejects-Ce45JcFg.js";
 import "../assert_throws-BNXdRGWP.js";

package/dist/federation/webfinger.test.js

@@ -8,25 +8,25 @@ import { assertEquals } from "../assert_equals-DSbWqCm3.js";
 import "../assert-MZs1qjMx.js";
 import "../assert_instance_of-DHz7EHNU.js";
 import { MemoryKvStore } from "../kv-QzKcOQgP.js";
-import "../deno-BYerLnry.js";
-import { createFederation, handleWebFinger } from "../middleware-BelSJK7m.js";
+import "../deno-CQdJQjC5.js";
+import { createFederation, handleWebFinger } from "../middleware-Dn9UDJZP.js";
 import "../client-Dg7OfUDA.js";
 import "../router-D9eI0s4b.js";
 import "../types-CPz01LGH.js";
-import "../key-DCdTVZiK.js";
-import "../http-S2U3qDwN.js";
-import "../ld-CrX7pQda.js";
-import "../owner-BAlnLKMO.js";
-import "../proof-DMgHaXNJ.js";
-import "../docloader-MSkogD2T.js";
+import "../key-DRgvVevp.js";
+import "../http-DK0CTomU.js";
+import "../ld-s9_8WfBc.js";
+import "../owner-Cx8gV-j4.js";
+import "../proof-CDr3NP3R.js";
+import "../docloader-Cyl0-S8m.js";
 import "../kv-cache-B__dHl7g.js";
-import "../inbox-BaA0g5I_.js";
-import "../builder-BHUnSQtB.js";
+import "../inbox-CWa6sqsk.js";
+import "../builder-CJkMYxxc.js";
 import "../collection-CcnIw1qY.js";
-import "../keycache-DRxpZ5r9.js";
+import "../keycache-C7k8s1Bk.js";
 import "../negotiation-5NPJL6zp.js";
 import "../retry-D4GJ670a.js";
-import "../send-B2aZYf9A.js";
+import "../send-DreBSY1U.js";
 import "../std__assert-DWivtrGR.js";
 import "../assert_rejects-Ce45JcFg.js";
 import "../assert_throws-BNXdRGWP.js";

package/dist/{http-DkHdFfrc.d.ts → http-BbfOqHGG.d.ts}

@@ -72,6 +72,34 @@ interface FetchKeyResult<T extends CryptographicKey | Multikey> {
   readonly cached: boolean;
 }
 /**
+* Detailed fetch failure information from {@link fetchKeyDetailed}.
+* @since 2.1.0
+*/
+type FetchKeyErrorResult = {
+  readonly status: number;
+  readonly response: Response;
+} | {
+  readonly error: Error;
+};
+/**
+* The result of {@link fetchKeyDetailed}.
+* @since 2.1.0
+*/
+interface FetchKeyDetailedResult<T extends CryptographicKey | Multikey> extends FetchKeyResult<T> {
+  /**
+  * The error that occurred while fetching the key, if fetching failed before
+  * a document could be parsed.
+  */
+  readonly fetchError?: FetchKeyErrorResult;
+}
+type FetchableKeyClass<T extends CryptographicKey | Multikey> = (new (...args: any[]) => T) & {
+  fromJsonLd(jsonLd: unknown, options: {
+    documentLoader?: DocumentLoader;
+    contextLoader?: DocumentLoader;
+    tracerProvider?: TracerProvider;
+  }): Promise<T>;
+};
+/**
 * Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
 * If the given URL contains an {@link Actor} object, it tries to find
 * the corresponding key in the `publicKey` or `assertionMethod` property.
@@ -84,13 +112,22 @@ interface FetchKeyResult<T extends CryptographicKey | Multikey> {
 * @returns The fetched key or `null` if the key is not found.
 * @since 1.3.0
 */
-declare function fetchKey<T extends CryptographicKey | Multikey>(keyId: URL | string, cls: (new (...args: any[]) => T) & {
-  fromJsonLd(jsonLd: unknown, options: {
-    documentLoader?: DocumentLoader;
-    contextLoader?: DocumentLoader;
-    tracerProvider?: TracerProvider;
-  }): Promise<T>;
-}, options?: FetchKeyOptions): Promise<FetchKeyResult<T>>;
+declare function fetchKey<T extends CryptographicKey | Multikey>(keyId: URL | string, cls: FetchableKeyClass<T>, options?: FetchKeyOptions): Promise<FetchKeyResult<T>>;
+/**
+* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL,
+* preserving transport-level fetch failures for callers that need to inspect
+* why the key could not be loaded.
+*
+* @template T The type of the key to fetch.  Either {@link CryptographicKey}
+*              or {@link Multikey}.
+* @param keyId The URL of the key.
+* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
+*            or {@link Multikey}.
+* @param options Options for fetching the key.
+* @returns The fetched key, or detailed fetch failure information.
+* @since 2.1.0
+*/
+declare function fetchKeyDetailed<T extends CryptographicKey | Multikey>(keyId: URL | string, cls: FetchableKeyClass<T>, options?: FetchKeyOptions): Promise<FetchKeyDetailedResult<T>>;
 /**
 * A cache for storing cryptographic keys.
 * @since 0.12.0
@@ -204,6 +241,31 @@ interface VerifyRequestOptions {
   tracerProvider?: TracerProvider;
 }
 /**
+* The reason why {@link verifyRequestDetailed} could not verify a request.
+* @since 2.1.0
+*/
+type VerifyRequestFailureReason = {
+  readonly type: "keyFetchError";
+  readonly keyId: URL;
+  readonly result: FetchKeyErrorResult;
+} | {
+  readonly type: "invalidSignature";
+  readonly keyId?: URL;
+} | {
+  readonly type: "noSignature";
+};
+/**
+* The detailed result of {@link verifyRequestDetailed}.
+* @since 2.1.0
+*/
+type VerifyRequestDetailedResult = {
+  readonly verified: true;
+  readonly key: CryptographicKey;
+} | {
+  readonly verified: false;
+  readonly reason: VerifyRequestFailureReason;
+};
+/**
 * Verifies the signature of a request.
 *
 * Note that this function consumes the request body, so it should not be used
@@ -218,6 +280,16 @@ interface VerifyRequestOptions {
 */
 declare function verifyRequest(request: Request, options?: VerifyRequestOptions): Promise<CryptographicKey | null>;
 /**
+* Verifies the signature of a request and returns a structured failure reason
+* when verification does not succeed.
+*
+* @param request The request to verify.
+* @param options Options for verifying the request.
+* @returns The verified public key, or a structured verification failure.
+* @since 2.1.0
+*/
+declare function verifyRequestDetailed(request: Request, options?: VerifyRequestOptions): Promise<VerifyRequestDetailedResult>;
+/**
 * A spec determiner for HTTP Message Signatures.
 * It determines the spec to use for signing requests.
 * It is used for double-knocking
@@ -243,4 +315,4 @@ interface HttpMessageSignaturesSpecDeterminer {
 * @since 1.6.0
 */
 //#endregion
-export { FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestOptions, exportJwk, fetchKey, generateCryptoKeyPair, importJwk, signRequest, verifyRequest };
+export { FetchKeyDetailedResult, FetchKeyErrorResult, FetchKeyOptions, FetchKeyResult, HttpMessageSignaturesSpec, HttpMessageSignaturesSpecDeterminer, KeyCache, SignRequestOptions, VerifyRequestDetailedResult, VerifyRequestFailureReason, VerifyRequestOptions, exportJwk, fetchKey, fetchKeyDetailed, generateCryptoKeyPair, importJwk, signRequest, verifyRequest, verifyRequestDetailed };