@fedify/fedify 2.3.0-dev.1137 → 2.3.0-dev.1150

package/dist/{ld-k8yqD2a-.mjs → ld-BwKhquPx.mjs}

@@ -1,9 +1,9 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-B_9yJW3w.mjs";
-import { n as getDurationMs, r as getFederationMetrics, s as measureSignatureKeyFetch } from "./metrics-iRBg8jTk.mjs";
-import { n as fetchKey, o as validateCryptoKey } from "./key-CkkMJBjF.mjs";
+import { n as version, t as name } from "./deno-CKFE6Uya.mjs";
+import { n as getDurationMs, r as getFederationMetrics, s as measureSignatureKeyFetch } from "./metrics-7Vy9FvEw.mjs";
+import { n as fetchKey, o as validateCryptoKey } from "./key-N0zP_oJA.mjs";
 import { getLogger } from "@logtape/logtape";
 import { Activity, CryptographicKey, Object as Object$1, getTypeId } from "@fedify/vocab";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
@@ -17,6 +17,290 @@ const logger = getLogger([
 	"sig",
 	"ld"
 ]);
+const localContext = [
+	"https://w3id.org/identity/v1",
+	"https://www.w3.org/ns/activitystreams",
+	"https://w3id.org/security/v1",
+	"https://w3id.org/security/data-integrity/v1"
+];
+const localContextUrls = new Set(localContext);
+const builtInContextLoader = getDocumentLoader();
+const disallowedJsonLdKeywords = new Set([
+	"@graph",
+	"@included",
+	"@reverse"
+]);
+/** @internal */
+var UnsafeJsonLdError = class extends TypeError {
+	keyword;
+	constructor(keyword) {
+		super(`Unsupported JSON-LD keyword: ${keyword}.`);
+		this.keyword = keyword;
+		this.name = "UnsafeJsonLdError";
+	}
+};
+/** @internal */
+var InvalidContextReferenceError = class extends TypeError {
+	reference;
+	constructor(reference) {
+		super(`Invalid JSON-LD context reference: ${reference}.`);
+		this.reference = reference;
+		this.name = "InvalidContextReferenceError";
+	}
+};
+function createLoadingRemoteContextFailedError(reference, cause) {
+	const message = cause instanceof Error ? cause.message : String(cause);
+	const error = /* @__PURE__ */ new Error(`Dereferencing a URL did not result in a valid JSON-LD context: ${reference}. ${message}`);
+	error.name = "jsonld.InvalidUrl";
+	error.details = {
+		code: "loading remote context failed",
+		url: reference
+	};
+	error.cause = cause;
+	return error;
+}
+/** @internal */
+function isClearlyMalformedContextReference(reference) {
+	for (const char of reference) {
+		const code = char.charCodeAt(0);
+		if (code <= 32 || code === 127) return true;
+	}
+	if (/^[A-Za-z][A-Za-z0-9+.-]*:/.test(reference) && !URL.canParse(reference)) return true;
+	for (let i = 0; i < reference.length; i++) {
+		if (reference[i] !== "%") continue;
+		if (i + 2 >= reference.length || !/[0-9A-Fa-f]/.test(reference[i + 1]) || !/[0-9A-Fa-f]/.test(reference[i + 2])) return true;
+		i += 2;
+	}
+	if (reference.startsWith("./") || reference.startsWith("../") || reference.startsWith("/") || reference.startsWith("//")) {
+		for (const char of reference) if ("[]<>\"\\^`{|}".includes(char)) return true;
+	}
+	return false;
+}
+function cloneRemoteDocument(remoteDocument) {
+	return structuredClone(remoteDocument);
+}
+function createMemoizedDocumentLoader(documentLoader) {
+	const cache = /* @__PURE__ */ new Map();
+	return async (url, options) => {
+		const cacheKey = URL.canParse(url) ? new URL(url).href : url;
+		let remoteDocument = cache.get(cacheKey);
+		if (remoteDocument == null) {
+			remoteDocument = Promise.resolve(documentLoader(url, options)).then(cloneRemoteDocument);
+			remoteDocument.catch(() => {
+				if (cache.get(cacheKey) === remoteDocument) cache.delete(cacheKey);
+			});
+			cache.set(cacheKey, remoteDocument);
+		}
+		return cloneRemoteDocument(await remoteDocument);
+	};
+}
+/** @internal */
+function wrapContextLoaderForJsonLd(contextLoader) {
+	const loader = contextLoader ?? builtInContextLoader;
+	return async (url, options) => {
+		try {
+			return await loader(url, options);
+		} catch (error) {
+			if (!isInvalidUrlTypeError(error)) throw error;
+			if (isClearlyMalformedContextReference(url)) throw new InvalidContextReferenceError(url);
+			throw createLoadingRemoteContextFailedError(url, error);
+		}
+	};
+}
+/** @internal */
+function getNormalizationContextLoader(contextLoader) {
+	const loader = wrapContextLoaderForJsonLd(contextLoader);
+	return createMemoizedDocumentLoader(async (url, options) => {
+		if (URL.canParse(url)) {
+			const normalizedUrl = new URL(url).href;
+			if (localContextUrls.has(normalizedUrl)) return await builtInContextLoader(normalizedUrl, options);
+		}
+		return await loader(url, options);
+	});
+}
+/** @internal */
+async function compactJsonLd(jsonLd, contextLoader) {
+	const hasLds = typeof jsonLd === "object" && jsonLd != null && "signature" in jsonLd;
+	const signature = hasLds ? jsonLd.signature : void 0;
+	const normalizationContextLoader = getNormalizationContextLoader(contextLoader);
+	const document = hasLds ? detachSignature(jsonLd) : jsonLd;
+	await assertNoGraphBeforeCompaction(document, normalizationContextLoader);
+	const compacted = await jsonld.compact(document, localContext, { documentLoader: normalizationContextLoader });
+	if (hasLds && typeof compacted === "object" && compacted != null) compacted.signature = signature;
+	assertSafeJsonLd(compacted);
+	return compacted;
+}
+function createInvalidRemoteContextError(reference) {
+	const error = /* @__PURE__ */ new Error(`Dereferencing a URL did not result in a JSON object. The response was valid JSON, but it was not a JSON object. URL: "${reference}".`);
+	error.name = "jsonld.InvalidUrl";
+	error.details = {
+		code: "invalid remote context",
+		url: reference
+	};
+	return error;
+}
+function getRemoteContext(remoteDocument, reference) {
+	const { contextUrl, documentUrl } = remoteDocument;
+	let { document } = remoteDocument;
+	if (typeof document === "string") document = JSON.parse(document);
+	if (typeof document !== "object" || document == null || Array.isArray(document)) throw createInvalidRemoteContextError(reference);
+	let context = "@context" in document ? document["@context"] : {};
+	if (contextUrl != null) context = Array.isArray(context) ? [...context, contextUrl] : [context, contextUrl];
+	return {
+		context,
+		baseUrl: documentUrl ?? reference
+	};
+}
+function createGraphAliasContextState() {
+	return {
+		graphTerms: /* @__PURE__ */ new Set(),
+		jsonTerms: /* @__PURE__ */ new Set(),
+		propertyContexts: /* @__PURE__ */ new Map(),
+		termTargets: /* @__PURE__ */ new Map()
+	};
+}
+function cloneGraphAliasContextState(state) {
+	return {
+		graphTerms: new Set(state.graphTerms),
+		jsonTerms: new Set(state.jsonTerms),
+		propertyContexts: new Map(state.propertyContexts),
+		termTargets: new Map(state.termTargets)
+	};
+}
+function resolveContextTarget(target, state) {
+	if (target === "@graph") return target;
+	const mapped = state.termTargets.get(target);
+	if (mapped == null) return target;
+	return mapped;
+}
+function getDirectContextTarget(definition) {
+	if (definition === null) return null;
+	if (typeof definition === "string") return definition;
+	if (typeof definition === "object" && definition != null && "@id" in definition) {
+		const id = definition["@id"];
+		if (id === null) return null;
+		if (typeof id === "string") return id;
+	}
+}
+function isJsonTypedDefinition(definition) {
+	return typeof definition === "object" && definition != null && "@type" in definition && definition["@type"] === "@json";
+}
+function resolveLocalContextTarget(target, state, localTargets, seen = /* @__PURE__ */ new Set()) {
+	if (target === "@graph") return target;
+	if (seen.has(target)) return target;
+	seen.add(target);
+	if (localTargets.has(target)) {
+		const localTarget = localTargets.get(target);
+		return localTarget == null ? target : resolveLocalContextTarget(localTarget, state, localTargets, seen);
+	}
+	return resolveContextTarget(target, state);
+}
+function refreshGraphAliases(state) {
+	state.graphTerms.clear();
+	for (const [term, target] of state.termTargets) if (target === "@graph") state.graphTerms.add(term);
+}
+function normalizeContextReference(reference, baseUrl) {
+	if (baseUrl != null) return new URL(reference, baseUrl).href;
+	return URL.canParse(reference) ? new URL(reference).href : reference;
+}
+/** @internal */
+function isInvalidUrlTypeError(error) {
+	const code = error.code;
+	return error instanceof TypeError && (code === "ERR_INVALID_URL" || /^Invalid URL(?::|$)/.test(error.message) || / cannot be parsed as a URL\.?$/.test(error.message));
+}
+async function applyGraphAliasContext(state, context, documentLoader, remoteContextCache, baseUrl = null, processingContexts = /* @__PURE__ */ new Set()) {
+	if (context === null) return createGraphAliasContextState();
+	let nextState = cloneGraphAliasContextState(state);
+	if (Array.isArray(context)) {
+		for (const item of context) nextState = await applyGraphAliasContext(nextState, item, documentLoader, remoteContextCache, baseUrl, processingContexts);
+		return nextState;
+	}
+	if (typeof context === "string") {
+		const reference = normalizeContextReference(context, baseUrl);
+		const cacheKey = `${baseUrl ?? ""}\n${reference}`;
+		if (processingContexts.has(cacheKey)) return nextState;
+		processingContexts.add(cacheKey);
+		try {
+			let remoteContext = remoteContextCache.get(cacheKey);
+			if (remoteContext == null) {
+				remoteContext = (async () => {
+					try {
+						return getRemoteContext(await documentLoader(reference), reference);
+					} catch (error) {
+						if (reference === context && isInvalidUrlTypeError(error) && isClearlyMalformedContextReference(context)) throw new InvalidContextReferenceError(context);
+						throw error;
+					}
+				})();
+				remoteContextCache.set(cacheKey, remoteContext);
+			}
+			const loadedRemoteContext = await remoteContext;
+			return await applyGraphAliasContext(nextState, loadedRemoteContext.context, documentLoader, remoteContextCache, loadedRemoteContext.baseUrl, processingContexts);
+		} finally {
+			processingContexts.delete(cacheKey);
+		}
+	}
+	if (typeof context === "object" && context != null) {
+		if ("@import" in context && typeof context["@import"] === "string") nextState = await applyGraphAliasContext(nextState, context["@import"], documentLoader, remoteContextCache, baseUrl, processingContexts);
+		const localTargets = /* @__PURE__ */ new Map();
+		for (const [term, definition] of globalThis.Object.entries(context)) {
+			if (term.startsWith("@")) continue;
+			const target = getDirectContextTarget(definition);
+			if (target == null) localTargets.set(term, null);
+			else if (typeof target === "string") localTargets.set(term, target);
+			else localTargets.delete(term);
+		}
+		for (const [term, definition] of globalThis.Object.entries(context)) {
+			if (term.startsWith("@")) continue;
+			if (localTargets.has(term)) {
+				const directTarget = localTargets.get(term);
+				if (directTarget == null) nextState.termTargets.set(term, null);
+				else nextState.termTargets.set(term, resolveLocalContextTarget(directTarget, nextState, localTargets));
+			} else nextState.termTargets.delete(term);
+			if (typeof definition === "object" && definition != null && "@context" in definition) nextState.propertyContexts.set(term, {
+				context: definition["@context"],
+				baseUrl
+			});
+			else nextState.propertyContexts.delete(term);
+			if (isJsonTypedDefinition(definition)) nextState.jsonTerms.add(term);
+			else nextState.jsonTerms.delete(term);
+		}
+		refreshGraphAliases(nextState);
+	}
+	return nextState;
+}
+async function assertNoGraphBeforeCompaction(jsonLd, documentLoader, inheritedState = createGraphAliasContextState(), propertyContext, remoteContextCache = /* @__PURE__ */ new Map()) {
+	if (Array.isArray(jsonLd)) {
+		for (const item of jsonLd) await assertNoGraphBeforeCompaction(item, documentLoader, inheritedState, propertyContext, remoteContextCache);
+		return;
+	}
+	if (typeof jsonLd !== "object" || jsonLd == null) return;
+	const jsonLiteralWrapper = isJsonLiteralWrapper(jsonLd);
+	let state = inheritedState;
+	if (propertyContext !== void 0) state = await applyGraphAliasContext(state, propertyContext.context, documentLoader, remoteContextCache, propertyContext.baseUrl);
+	if ("@context" in jsonLd) state = await applyGraphAliasContext(state, jsonLd["@context"], documentLoader, remoteContextCache);
+	for (const [key, value] of globalThis.Object.entries(jsonLd)) {
+		if (key === "@context") continue;
+		if (jsonLiteralWrapper && key === "@value") continue;
+		if (key === "@graph" || state.graphTerms.has(key)) throw new UnsafeJsonLdError("@graph");
+		if (state.jsonTerms.has(key)) continue;
+		await assertNoGraphBeforeCompaction(value, documentLoader, state, state.propertyContexts.get(key), remoteContextCache);
+	}
+}
+function isJsonLiteralWrapper(value) {
+	return "@value" in value && (value["@type"] === "@json" || value.type === "@json");
+}
+/** @internal */
+function assertSafeJsonLd(jsonLd) {
+	if (Array.isArray(jsonLd)) for (const item of jsonLd) assertSafeJsonLd(item);
+	else if (typeof jsonLd === "object" && jsonLd != null) {
+		const jsonLiteralWrapper = isJsonLiteralWrapper(jsonLd);
+		for (const [key, value] of globalThis.Object.entries(jsonLd)) {
+			if (disallowedJsonLdKeywords.has(key)) throw new UnsafeJsonLdError(key);
+			if (jsonLiteralWrapper && key === "@value") continue;
+			assertSafeJsonLd(value);
+		}
+	}
+}
 /**
 * Attaches a LD signature to the given JSON-LD document.
 * @param jsonLd The JSON-LD document to attach the signature to.  It is not
@@ -271,13 +555,25 @@ function getLdSignatureObject(jsonLd) {
 * @returns `true` if the document is authentic; `false` otherwise.
 */
 async function verifyJsonLd(jsonLd, options = {}) {
+	return await verifyJsonLdInternal(jsonLd, options, true);
+}
+/** @internal */
+async function verifyCompactJsonLd(jsonLd, options = {}) {
+	return await verifyJsonLdInternal(jsonLd, options, false);
+}
+async function verifyJsonLdInternal(jsonLd, options, compact) {
 	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("ld_signatures.verify", async (span) => {
 		const start = performance.now();
 		let verified = false;
 		let threw = false;
 		let signatureType;
 		try {
-			const object = await Object$1.fromJsonLd(jsonLd, options);
+			const verificationOptions = hasSignature(jsonLd) ? {
+				...options,
+				contextLoader: getNormalizationContextLoader(options.contextLoader)
+			} : options;
+			const compacted = compact ? hasSignature(jsonLd) ? await compactJsonLd(jsonLd, options.contextLoader) : jsonLd : jsonLd;
+			const object = await Object$1.fromJsonLd(compacted, verificationOptions);
 			if (object.id != null) span.setAttribute("activitypub.object.id", object.id.href);
 			span.setAttribute("activitypub.object.type", getTypeId(object).href);
 			const sig = getLdSignatureObject(jsonLd);
@@ -291,7 +587,7 @@ async function verifyJsonLd(jsonLd, options = {}) {
 			}
 			const attributions = new Set(object.attributionIds.map((uri) => uri.href));
 			if (object instanceof Activity) for (const uri of object.actorIds) attributions.add(uri.href);
-			const key = await verifySignature(jsonLd, options);
+			const key = await verifySignature(compacted, verificationOptions);
 			if (key == null) return false;
 			if (key.ownerId == null) {
 				logger.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
@@ -327,4 +623,4 @@ async function hashJsonLd(jsonLd, contextLoader) {
 	return encodeHex(await crypto.subtle.digest("SHA-256", encoder.encode(canon)));
 }
 //#endregion
-export { signJsonLd as a, hasSignatureLike as i, createSignature as n, verifyJsonLd as o, detachSignature as r, verifySignature as s, attachSignature as t };
+export { wrapContextLoaderForJsonLd as _, compactJsonLd as a, getNormalizationContextLoader as c, isClearlyMalformedContextReference as d, isInvalidUrlTypeError as f, verifySignature as g, verifyJsonLd as h, attachSignature as i, hasSignature as l, verifyCompactJsonLd as m, UnsafeJsonLdError as n, createSignature as o, signJsonLd as p, assertSafeJsonLd as r, detachSignature as s, InvalidContextReferenceError as t, hasSignatureLike as u };

package/dist/{metrics-iRBg8jTk.mjs → metrics-7Vy9FvEw.mjs}

@@ -1,7 +1,7 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-B_9yJW3w.mjs";
+import { n as version, t as name } from "./deno-CKFE6Uya.mjs";
 import { metrics } from "@opentelemetry/api";
 import { FetchError } from "@fedify/vocab-runtime";
 //#region src/federation/metrics.ts
@@ -29,6 +29,8 @@ var FederationMetrics = class {
 	documentFetch;
 	documentFetchDuration;
 	documentCache;
+	webFingerHandle;
+	webFingerHandleDuration;
 	constructor(meterProvider) {
 		const meter = meterProvider.getMeter(name, version);
 		this.deliverySent = meter.createCounter("activitypub.delivery.sent", {
@@ -187,6 +189,30 @@ var FederationMetrics = class {
 			description: "KV-backed document loader cache lookups, with `hit` or `miss` classification.",
 			unit: "{lookup}"
 		});
+		this.webFingerHandle = meter.createCounter("webfinger.handle", {
+			description: "Incoming WebFinger requests handled by Fedify, classified by terminal outcome.",
+			unit: "{request}"
+		});
+		this.webFingerHandleDuration = meter.createHistogram("webfinger.handle.duration", {
+			description: "Duration of incoming WebFinger request handling in Fedify.",
+			unit: "ms",
+			advice: { explicitBucketBoundaries: [
+				5,
+				10,
+				25,
+				50,
+				75,
+				100,
+				250,
+				500,
+				750,
+				1e3,
+				2500,
+				5e3,
+				7500,
+				1e4
+			] }
+		});
 	}
 	recordDelivery(inbox, durationMs, success, activityType) {
 		const deliveryAttributes = {
@@ -300,6 +326,13 @@ var FederationMetrics = class {
 		if (attrs.remoteUrl != null) attributes["activitypub.remote.host"] = getRemoteHost(attrs.remoteUrl);
 		this.documentCache.add(1, attributes);
 	}
+	recordWebFingerHandle(attrs) {
+		const attributes = { "webfinger.handle.result": attrs.result };
+		if (attrs.scheme != null) attributes["webfinger.resource.scheme"] = attrs.scheme;
+		if (attrs.statusCode != null) attributes["http.response.status_code"] = attrs.statusCode;
+		this.webFingerHandle.add(1, attributes);
+		this.webFingerHandleDuration.record(attrs.durationMs, attributes);
+	}
 };
 function buildActivityLifecycleAttributes(result, activityType) {
 	const attributes = { "activitypub.processing.result": result };
@@ -424,6 +457,19 @@ function recordDocumentCache(meterProvider, attrs) {
 	getFederationMetrics(meterProvider).recordDocumentCache(attrs);
 }
 /**
+* Records one measurement on `webfinger.handle` (counter) and
+* `webfinger.handle.duration` (histogram) for an incoming WebFinger
+* request handled by Fedify.  Counter and histogram are always recorded
+* together, with `webfinger.handle.result` set to one of `resolved`,
+* `invalid`, `not_found`, `tombstoned`, or `error`.  The queried
+* resource string is deliberately excluded; it remains on the
+* `webfinger.handle` span for trace-level investigation.
+* @since 2.3.0
+*/
+function recordWebFingerHandle(meterProvider, attrs) {
+	getFederationMetrics(meterProvider).recordWebFingerHandle(attrs);
+}
+/**
 * Classifies a thrown value from a key or document fetch into the bounded
 * {@link LookupResult} taxonomy and, when an HTTP response was received,
 * surfaces its status code.
@@ -586,4 +632,4 @@ function getDurationMs(start) {
 	return Math.max(0, performance.now() - start);
 }
 //#endregion
-export { instrumentDocumentLoader as a, recordDocumentCache as c, recordInboxActivity as d, recordKeyLookup as f, getRemoteHost as i, recordDocumentFetch as l, recordOutboxEnqueue as m, getDurationMs as n, isAbortError as o, recordOutboxActivity as p, getFederationMetrics as r, measureSignatureKeyFetch as s, classifyFetchError as t, recordFanoutRecipients as u };
+export { instrumentDocumentLoader as a, recordDocumentCache as c, recordInboxActivity as d, recordKeyLookup as f, recordWebFingerHandle as h, getRemoteHost as i, recordDocumentFetch as l, recordOutboxEnqueue as m, getDurationMs as n, isAbortError as o, recordOutboxActivity as p, getFederationMetrics as r, measureSignatureKeyFetch as s, classifyFetchError as t, recordFanoutRecipients as u };