@fedify/fedify 2.3.0-dev.1137 → 2.3.0-dev.1150

package/dist/temporal-BkmBfs__.mjs

@@ -0,0 +1,95 @@
+import { Temporal } from "@js-temporal/polyfill";
+import "urlpattern-polyfill";
+globalThis.addEventListener = () => {};
+import { c as getNormalizationContextLoader } from "./ld-BwKhquPx.mjs";
+import jsonld from "@fedify/vocab-runtime/jsonld";
+//#region src/federation/temporal.ts
+function isPlainObject(value) {
+	return typeof value === "object" && value != null && !Array.isArray(value);
+}
+function normalizeDateTimeLiteral(value) {
+	return value.substring(19).match(/[Z+-]/) ? value : value + "Z";
+}
+function isMalformedDateTimeLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Instant.from(normalizeDateTimeLiteral(value));
+		return false;
+	} catch {
+		return true;
+	}
+}
+function isMalformedDurationLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Duration.from(value);
+		return false;
+	} catch {
+		return true;
+	}
+}
+const TEMPORAL_DATE_TIME_IRIS = new Set([
+	"https://www.w3.org/ns/activitystreams#deleted",
+	"https://www.w3.org/ns/activitystreams#endTime",
+	"https://www.w3.org/ns/activitystreams#published",
+	"https://www.w3.org/ns/activitystreams#startTime",
+	"https://www.w3.org/ns/activitystreams#updated",
+	"http://purl.org/dc/terms/created",
+	"https://w3id.org/security#created"
+]);
+const TEMPORAL_DURATION_IRIS = new Set(["https://www.w3.org/ns/activitystreams#duration"]);
+const QUESTION_CLOSED_IRI = "https://www.w3.org/ns/activitystreams#closed";
+const XSD_DATE_TIME_IRI = "http://www.w3.org/2001/XMLSchema#dateTime";
+function hasMalformedExpandedDateTimeLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDateTimeLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDateTimeLiteral(value["@value"]);
+}
+function hasMalformedExpandedQuestionClosedLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedQuestionClosedLiteral);
+	if (!isPlainObject(value) || !("@value" in value)) return false;
+	const literal = value["@value"];
+	if (typeof literal === "boolean") return false;
+	if (typeof literal !== "string") return false;
+	if (value["@type"] !== XSD_DATE_TIME_IRI) return false;
+	if (new Date(literal).toString() === "Invalid Date") return false;
+	return isMalformedDateTimeLiteral(literal);
+}
+function hasMalformedExpandedDurationLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDurationLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDurationLiteral(value["@value"]);
+}
+function hasMalformedKnownTemporalLiteralInternal(value, visited) {
+	if (Array.isArray(value)) return value.some((item) => hasMalformedKnownTemporalLiteralInternal(item, visited));
+	if (!isPlainObject(value)) return false;
+	if (visited.has(value)) return false;
+	visited.add(value);
+	if ("@value" in value) return false;
+	for (const [key, child] of Object.entries(value)) {
+		if (TEMPORAL_DATE_TIME_IRIS.has(key)) {
+			if (hasMalformedExpandedDateTimeLiteral(child)) return true;
+			continue;
+		}
+		if (key === QUESTION_CLOSED_IRI) {
+			if (hasMalformedExpandedQuestionClosedLiteral(child)) return true;
+			continue;
+		}
+		if (TEMPORAL_DURATION_IRIS.has(key)) {
+			if (hasMalformedExpandedDurationLiteral(child)) return true;
+			continue;
+		}
+		if (hasMalformedKnownTemporalLiteralInternal(child, visited)) return true;
+	}
+	return false;
+}
+async function hasMalformedKnownTemporalLiteral(value, contextLoader) {
+	try {
+		return hasMalformedKnownTemporalLiteralInternal(await jsonld.expand(value, {
+			documentLoader: getNormalizationContextLoader(contextLoader),
+			keepFreeFloatingNodes: true
+		}), /* @__PURE__ */ new Set());
+	} catch {
+		return false;
+	}
+}
+//#endregion
+export { hasMalformedKnownTemporalLiteral as t };

package/dist/testing/mod.d.mts

@@ -618,6 +618,42 @@ interface InboxMessage {
   readonly id: ReturnType<typeof crypto.randomUUID>;
   readonly baseUrl: string;
   readonly activity: unknown;
+  /**
+   * The normalized JSON-LD representation of a signed inbox activity that
+   * Fedify already compacted successfully while accepting the request.  Queue
+   * workers can reuse this producer-side parse cache under stricter loader or
+   * network constraints without changing the raw payload preserved for
+   * forwarding.
+   *
+   * This may exist even when {@link ldSignatureVerified} is `false`, because
+   * fallback-authenticated traffic and already-queued backlog items can still
+   * depend on the cached normalized form to avoid re-fetching remote custom
+   * contexts during worker processing.
+   *
+   * This is optional for backward compatibility with messages that were
+   * queued by older Fedify versions or that were already in a queue before
+   * upgrading.
+   *
+   * Fedify keeps this on the queued message itself instead of an external
+   * sidecar because generic queue backends do not provide reliable lifecycle
+   * guarantees for auxiliary storage across retries and redeliveries.
+   *
+   * @internal
+   */
+  readonly normalizedActivity?: unknown;
+  /**
+   * Whether the producer actually verified the Linked Data Signature before
+   * queueing this message.  This lets workers distinguish verified LDS replay
+   * from other authenticated inbox traffic that merely happened to include a
+   * signature block.  This provenance marker is separate from the optional
+   * normalizedActivity parse cache.
+   *
+   * `undefined` preserves backward compatibility with older queued messages
+   * that predate this marker.
+   *
+   * @internal
+   */
+  readonly ldSignatureVerified?: boolean;
   readonly started: string;
   readonly attempt: number;
   readonly identifier: string | null;
@@ -2011,9 +2047,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
    * Forwards a received activity to the recipients' inboxes.  The forwarded
    * activity will be signed in HTTP Signatures by the forwarder, but its
    * payload will not be modified, i.e., Linked Data Signatures and Object
-   * Integrity Proofs will not be added.  Therefore, if the activity is not
-   * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-   * Proofs), the recipient probably will not trust the activity.
+   * Integrity Proofs will not be added.  Even when Fedify internally
+   * normalizes a Linked Data Signature activity for parsing, this method still
+   * forwards the original received payload so the sender's signatures/proofs
+   * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+   * has neither Linked Data Signatures nor Object Integrity Proofs), the
+   * recipient probably will not trust the activity.
    * @param forwarder The forwarder's identifier or the forwarder's username
    *                  or the forwarder's key pair(s).
    * @param recipients The recipients of the activity.
@@ -2029,9 +2068,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
    * Forwards a received activity to the recipients' inboxes.  The forwarded
    * activity will be signed in HTTP Signatures by the forwarder, but its
    * payload will not be modified, i.e., Linked Data Signatures and Object
-   * Integrity Proofs will not be added.  Therefore, if the activity is not
-   * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-   * Proofs), the recipient probably will not trust the activity.
+   * Integrity Proofs will not be added.  Even when Fedify internally
+   * normalizes a Linked Data Signature activity for parsing, this method still
+   * forwards the original received payload so the sender's signatures/proofs
+   * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+   * has neither Linked Data Signatures nor Object Integrity Proofs), the
+   * recipient probably will not trust the activity.
    * @param forwarder The forwarder's identifier or the forwarder's username.
    * @param recipients In this case, it must be `"followers"`.
    * @param options Options for forwarding the activity.

package/dist/utils/docloader.test.mjs

@@ -5,9 +5,9 @@ import { t as assertEquals } from "../assert_equals-C-ZRDbaf.mjs";
 import "../std__assert-BBjXFNOb.mjs";
 import { t as assertRejects } from "../assert_rejects-DN60FHPX.mjs";
 import { t as esm_default } from "../esm-BQRw925N.mjs";
-import { l as verifyRequest } from "../http-Cyx5SNuu.mjs";
+import { l as verifyRequest } from "../http-vHCgbhTg.mjs";
 import { i as rsaPrivateKey2 } from "../keys-C3kae-6B.mjs";
-import { t as getAuthenticatedDocumentLoader } from "../docloader-BT89tyFr.mjs";
+import { t as getAuthenticatedDocumentLoader } from "../docloader-B-ZE1cZf.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
 import { UrlError } from "@fedify/vocab-runtime";
 //#region src/utils/docloader.test.ts

package/dist/utils/kv-cache.test.mjs

@@ -1,7 +1,7 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as kvCache, t as MockKvStore } from "../kv-cache-VHFP42vY.mjs";
+import { n as kvCache, t as MockKvStore } from "../kv-cache-GXXZEemD.mjs";
 import { deepStrictEqual, throws } from "node:assert";
 import { createTestMeterProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { preloadedContexts } from "@fedify/vocab-runtime";

package/dist/utils/mod.cjs

@@ -1,6 +1,6 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_kv_cache = require("../kv-cache-DuEwFYcN.cjs");
+const require_kv_cache = require("../kv-cache-Dsg_bi4N.cjs");
 exports.getAuthenticatedDocumentLoader = require_kv_cache.getAuthenticatedDocumentLoader;
 exports.kvCache = require_kv_cache.kvCache;

package/dist/utils/mod.js

@@ -1,4 +1,4 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "../kv-cache-CuCn2xvM.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "../kv-cache-DM2O-Yjy.js";
 export { getAuthenticatedDocumentLoader, kvCache };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fedify/fedify",
-  "version": "2.3.0-dev.1137+53a1f26d",
+  "version": "2.3.0-dev.1150+8db5848a",
   "description": "An ActivityPub server framework",
   "keywords": [
     "ActivityPub",
@@ -151,10 +151,10 @@
     "jsonld": "^9.0.0",
     "structured-field-values": "^2.0.4",
     "urlpattern-polyfill": "^10.1.0",
-    "@fedify/vocab-runtime": "2.3.0-dev.1137+53a1f26d",
-    "@fedify/webfinger": "2.3.0-dev.1137+53a1f26d",
-    "@fedify/vocab": "2.3.0-dev.1137+53a1f26d",
-    "@fedify/uri-template": "2.3.0-dev.1137+53a1f26d"
+    "@fedify/uri-template": "2.3.0-dev.1150+8db5848a",
+    "@fedify/vocab": "2.3.0-dev.1150+8db5848a",
+    "@fedify/webfinger": "2.3.0-dev.1150+8db5848a",
+    "@fedify/vocab-runtime": "2.3.0-dev.1150+8db5848a"
   },
   "devDependencies": {
     "@opentelemetry/sdk-metrics": "2.7.1",
@@ -168,7 +168,7 @@
     "typescript": "^6.0.0",
     "wrangler": "^4.17.0",
     "@fedify/fixture": "2.0.0",
-    "@fedify/vocab-tools": "^2.3.0-dev.1137+53a1f26d"
+    "@fedify/vocab-tools": "^2.3.0-dev.1150+8db5848a"
   },
   "scripts": {
     "build:self": "tsdown",