@fedify/fedify 2.2.0-dev.802 → 2.2.0-pr.695.16

package/dist/federation/handler.test.mjs

@@ -1,19 +1,18 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as createOutboxContext, r as createRequestContext, t as createInboxContext } from "../context-Dk_tacqz.mjs";
+import { n as createRequestContext, t as createInboxContext } from "../context-Juj6bdHC.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { t as assertInstanceOf } from "../assert_instance_of-C4Ri6VuN.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
 import { r as parseAcceptSignature } from "../accept-Dd__NiUL.mjs";
-import { s as signRequest } from "../http-iFvJsgX5.mjs";
+import { s as signRequest } from "../http-RZPxDWq5.mjs";
 import { a as rsaPrivateKey3, c as rsaPublicKey3, s as rsaPublicKey2 } from "../keys-BAK-tUlf.mjs";
 import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
-import { c as handleActor, d as handleInbox, f as handleObject, h as respondWithObjectIfAcceptable, l as handleCollection, m as respondWithObject, o as createFederation, p as handleOutbox, u as handleCustomCollection } from "../middleware-CERbaJNL.mjs";
-import { t as ActivityListenerSet } from "../activity-listener-Ck3JZ_hR.mjs";
+import { a as createFederation, c as handleCollection, d as handleObject, f as respondWithObject, l as handleCustomCollection, p as respondWithObjectIfAcceptable, s as handleActor, u as handleInbox } from "../middleware-BjVx-_bv.mjs";
+import { t as InboxListenerSet } from "../inbox-CmYvcSMM.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
-import { Activity, Create, Note, Person, Tombstone } from "@fedify/vocab";
+import { Create, Note, Person, Tombstone } from "@fedify/vocab";
 import { FetchError } from "@fedify/vocab-runtime";
 //#region src/federation/handler.test.ts
 const QUOTE_CONTEXT_TERMS = {
@@ -1127,366 +1126,6 @@ test("handleInbox()", async () => {
 	assertEquals(onNotFoundCalled, null);
 	assertEquals(response.status, 400);
 });
-test("handleOutbox()", async () => {
-	const activity = new Create({
-		id: new URL("https://example.com/activities/1"),
-		actor: new URL("https://example.com/users/someone"),
-		object: new Note({
-			id: new URL("https://example.com/notes/1"),
-			attribution: new URL("https://example.com/users/someone"),
-			content: "Hello, world!"
-		})
-	});
-	const requestUrl = "https://example.com/users/someone/outbox";
-	const requestBody = JSON.stringify(await activity.toJsonLd());
-	const federation = createFederation({ kv: new MemoryKvStore() });
-	const createRequestContextPair = (body = requestBody) => {
-		const request = new Request(requestUrl, {
-			method: "POST",
-			body
-		});
-		return {
-			request,
-			context: createRequestContext({
-				federation,
-				request,
-				url: new URL(request.url),
-				data: void 0,
-				getActorUri(identifier) {
-					return new URL(`https://example.com/users/${identifier}`);
-				}
-			})
-		};
-	};
-	let onNotFoundCalled = null;
-	const onNotFound = (request) => {
-		onNotFoundCalled = request;
-		return new Response("Not found", { status: 404 });
-	};
-	let onUnauthorizedCalled = null;
-	const onUnauthorized = (request) => {
-		onUnauthorizedCalled = request;
-		return new Response("Unauthorized", { status: 401 });
-	};
-	const actorDispatcher = (ctx, identifier) => {
-		if (identifier !== "someone") return null;
-		return new Person({
-			id: ctx.getActorUri(identifier),
-			name: "Someone"
-		});
-	};
-	const listeners = new ActivityListenerSet();
-	const seen = [];
-	listeners.add(Activity, (ctx, activity) => {
-		seen.push(`${ctx.identifier}:${activity.id?.href}`);
-	});
-	let { request, context } = createRequestContextPair();
-	let response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher: void 0,
-		outboxListeners: listeners,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onNotFoundCalled, request);
-	assertEquals(response.status, 404);
-	onNotFoundCalled = null;
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "nobody",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onNotFoundCalled, request);
-	assertEquals(response.status, 404);
-	onNotFoundCalled = null;
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		authorizePredicate: () => false,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onNotFoundCalled, null);
-	assertInstanceOf(onUnauthorizedCalled, Request);
-	assertEquals(onUnauthorizedCalled === request, false);
-	assertEquals(response.status, 401);
-	assertEquals(seen, []);
-	onNotFoundCalled = null;
-	onUnauthorizedCalled = null;
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher: () => null,
-		outboxListeners: listeners,
-		authorizePredicate: () => false,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onNotFoundCalled, null);
-	assertInstanceOf(onUnauthorizedCalled, Request);
-	assertEquals(response.status, 401);
-	onUnauthorizedCalled = null;
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		authorizePredicate: () => true,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onUnauthorizedCalled, null);
-	assertEquals([response.status, await response.text()], [202, ""]);
-	assertEquals(response.headers.get("content-type"), "text/plain; charset=utf-8");
-	assertEquals(seen, [`someone:${activity.id?.href}`]);
-	onUnauthorizedCalled = null;
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		authorizePredicate: async (ctx) => {
-			await ctx.request.json();
-			return true;
-		},
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(onUnauthorizedCalled, null);
-	assertEquals([response.status, await response.text()], [202, ""]);
-	assertEquals(response.headers.get("content-type"), "text/plain; charset=utf-8");
-	assertEquals(seen, [`someone:${activity.id?.href}`, `someone:${activity.id?.href}`]);
-	onUnauthorizedCalled = null;
-	({request, context} = createRequestContextPair());
-	let unauthorizedBody = null;
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		authorizePredicate: async (ctx) => {
-			await ctx.request.json();
-			return false;
-		},
-		onNotFound,
-		onUnauthorized: async (request) => {
-			onUnauthorizedCalled = request;
-			unauthorizedBody = await request.text();
-			return new Response("Unauthorized", { status: 401 });
-		}
-	});
-	assertInstanceOf(onUnauthorizedCalled, Request);
-	assertEquals((unauthorizedBody ?? "").includes("\"type\":\"Create\""), true);
-	assertEquals([response.status, await response.text()], [401, "Unauthorized"]);
-	const invalidRequest = new Request("https://example.com/users/someone/outbox", {
-		method: "POST",
-		body: JSON.stringify({
-			"@context": [
-				"https://www.w3.org/ns/activitystreams",
-				true,
-				23
-			],
-			type: "Create",
-			object: {
-				type: "Note",
-				content: "Hello, world!"
-			},
-			actor: "https://example.com/users/alice"
-		})
-	});
-	const invalidContext = createRequestContext({
-		federation,
-		request: invalidRequest,
-		url: new URL(invalidRequest.url),
-		data: void 0,
-		getActorUri(identifier) {
-			return new URL(`https://example.com/users/${identifier}`);
-		}
-	});
-	let invalidActivityId;
-	let invalidActivityType;
-	response = await handleOutbox(invalidRequest, {
-		identifier: "someone",
-		context: invalidContext,
-		outboxContextFactory(identifier, _json, activityId, activityType) {
-			invalidActivityId = activityId;
-			invalidActivityType = activityType;
-			return createOutboxContext({
-				...invalidContext,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(response.status, 400);
-	assertEquals(invalidActivityId, void 0);
-	assertEquals(invalidActivityType, "Create");
-	const mismatchedActorJson = await activity.toJsonLd();
-	const missingActorRequest = new Request("https://example.com/users/someone/outbox", {
-		method: "POST",
-		body: JSON.stringify({
-			...mismatchedActorJson,
-			actor: void 0
-		})
-	});
-	const missingActorContext = createRequestContext({
-		federation,
-		request: missingActorRequest,
-		url: new URL(missingActorRequest.url),
-		data: void 0,
-		getActorUri(identifier) {
-			return new URL(`https://example.com/users/${identifier}`);
-		}
-	});
-	let missingActorErrorMessage = null;
-	response = await handleOutbox(missingActorRequest, {
-		identifier: "someone",
-		context: missingActorContext,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...missingActorContext,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		outboxErrorHandler: (_ctx, error) => {
-			missingActorErrorMessage = error.message;
-		},
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals([response.status, await response.text()], [400, "The posted activity has no actor."]);
-	assertEquals(missingActorErrorMessage, "The posted activity has no actor.");
-	const mismatchedActorRequest = new Request("https://example.com/users/someone/outbox", {
-		method: "POST",
-		body: JSON.stringify({
-			...mismatchedActorJson,
-			actor: "https://example.com/users/somebody-else"
-		})
-	});
-	const mismatchedActorContext = createRequestContext({
-		federation,
-		request: mismatchedActorRequest,
-		url: new URL(mismatchedActorRequest.url),
-		data: void 0,
-		getActorUri(identifier) {
-			return new URL(`https://example.com/users/${identifier}`);
-		}
-	});
-	let mismatchedActorErrorMessage = null;
-	response = await handleOutbox(mismatchedActorRequest, {
-		identifier: "someone",
-		context: mismatchedActorContext,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...mismatchedActorContext,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: listeners,
-		outboxErrorHandler: (_ctx, error) => {
-			mismatchedActorErrorMessage = error.message;
-		},
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals([response.status, await response.text()], [400, "The activity actor does not match the outbox owner."]);
-	assertEquals(mismatchedActorErrorMessage, "The activity actor does not match the outbox owner.");
-	const throwingListeners = new ActivityListenerSet();
-	let onErrorCalled = false;
-	throwingListeners.add(Create, () => {
-		throw new Error("Boom");
-	});
-	({request, context} = createRequestContextPair());
-	response = await handleOutbox(request, {
-		identifier: "someone",
-		context,
-		outboxContextFactory(identifier) {
-			return createOutboxContext({
-				...context,
-				clone: void 0,
-				identifier
-			});
-		},
-		actorDispatcher,
-		outboxListeners: throwingListeners,
-		outboxErrorHandler: (_ctx, _error) => {
-			onErrorCalled = true;
-		},
-		onNotFound,
-		onUnauthorized
-	});
-	assertEquals(response.status, 500);
-	assertEquals(onErrorCalled, true);
-});
 test("respondWithObject()", async () => {
 	const response = await respondWithObject(new Note({
 		id: new URL("https://example.com/notes/1"),
@@ -1524,7 +1163,7 @@ test("respondWithObject()", async () => {
 test("handleInbox() - authentication bypass vulnerability", async () => {
 	const federation = createFederation({ kv: new MemoryKvStore() });
 	let processedActivity;
-	const inboxListeners = new ActivityListenerSet();
+	const inboxListeners = new InboxListenerSet();
 	inboxListeners.add(Create, (_ctx, activity) => {
 		processedActivity = activity;
 	});
@@ -1948,7 +1587,7 @@ test("handleInbox() records OpenTelemetry span events", async () => {
 			publicKey: rsaPublicKey2
 		});
 	};
-	const listeners = new ActivityListenerSet();
+	const listeners = new InboxListenerSet();
 	let receivedActivity = null;
 	listeners.add(Create, (_ctx, activity) => {
 		receivedActivity = activity;
@@ -2054,7 +1693,7 @@ test("handleInbox() records unverified HTTP signature details", async () => {
 			acceptSignatureNonce: ["acceptSignatureNonce"]
 		},
 		actorDispatcher,
-		inboxListeners: new ActivityListenerSet(),
+		inboxListeners: new InboxListenerSet(),
 		inboxErrorHandler: void 0,
 		unverifiedActivityHandler() {
 			return new Response("", { status: 202 });

package/dist/federation/idempotency.test.mjs

@@ -4,9 +4,9 @@ globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { n as ed25519PrivateKey, r as ed25519PublicKey, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
-import { r as signObject } from "../proof-B6PfWGbc.mjs";
+import { n as signObject } from "../proof--CpZsF_p.mjs";
 import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
-import { o as createFederation } from "../middleware-CERbaJNL.mjs";
+import { a as createFederation } from "../middleware-BjVx-_bv.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
 import { Create, Follow, Person } from "@fedify/vocab";
 //#region src/federation/idempotency.test.ts

package/dist/federation/inbox.test.mjs

@@ -3,12 +3,12 @@ import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
-import { t as ActivityListenerSet } from "../activity-listener-Ck3JZ_hR.mjs";
+import { t as InboxListenerSet } from "../inbox-CmYvcSMM.mjs";
 import { test } from "@fedify/fixture";
 import { Activity, Create, Invite, Offer, Update } from "@fedify/vocab";
 //#region src/federation/inbox.test.ts
-test("ActivityListenerSet", () => {
-	const listeners = new ActivityListenerSet();
+test("InboxListenerSet", () => {
+	const listeners = new InboxListenerSet();
 	const activity = new Activity({});
 	const offer = new Offer({});
 	const invite = new Invite({});