@fedify/vocab-runtime 2.4.0-dev.1508 → 2.4.0-dev.1531

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/deno.json +2 -1
  2. package/dist/docloader-DnUMWHaJ.d.cts +202 -0
  3. package/dist/docloader-xRGn1azD.d.ts +202 -0
  4. package/dist/internal/jsonld-cache.cjs +279 -0
  5. package/dist/internal/jsonld-cache.d.cts +48 -0
  6. package/dist/internal/jsonld-cache.d.ts +48 -0
  7. package/dist/internal/jsonld-cache.js +275 -0
  8. package/dist/mod.cjs +85 -190
  9. package/dist/mod.d.cts +18 -200
  10. package/dist/mod.d.ts +18 -200
  11. package/dist/mod.js +75 -184
  12. package/dist/tests/decimal.test.cjs +2 -2
  13. package/dist/tests/decimal.test.mjs +2 -2
  14. package/dist/tests/{docloader-0m6FCm4u.mjs → docloader-Bfj7NaT_.mjs} +75 -10
  15. package/dist/tests/{docloader-60uMNsd3.cjs → docloader-Cvdl8PIZ.cjs} +80 -9
  16. package/dist/tests/docloader.test.cjs +58 -6
  17. package/dist/tests/docloader.test.mjs +58 -6
  18. package/dist/tests/jsonld-cache.test.cjs +652 -0
  19. package/dist/tests/jsonld-cache.test.d.cts +1 -0
  20. package/dist/tests/jsonld-cache.test.d.mts +1 -0
  21. package/dist/tests/jsonld-cache.test.mjs +651 -0
  22. package/dist/tests/{request-CO5esooK.mjs → request-B5Su2gl0.mjs} +1 -1
  23. package/dist/tests/{request-CcBmdgDa.cjs → request-DJvOZdo7.cjs} +1 -1
  24. package/dist/tests/request.test.cjs +1 -1
  25. package/dist/tests/request.test.mjs +1 -1
  26. package/dist/tests/{url-C20FhC7p.cjs → url-2XwVbUS_.cjs} +108 -0
  27. package/dist/tests/{url-m9Qzxy-Y.mjs → url-YWJbnRlf.mjs} +85 -1
  28. package/dist/tests/url.test.cjs +104 -1
  29. package/dist/tests/url.test.mjs +105 -2
  30. package/dist/url-BAdyyqAa.cjs +315 -0
  31. package/dist/url-BuxPHxK2.js +261 -0
  32. package/package.json +11 -1
  33. package/src/docloader.test.ts +102 -6
  34. package/src/docloader.ts +76 -8
  35. package/src/internal/jsonld-cache.ts +538 -0
  36. package/src/jsonld-cache.test.ts +554 -0
  37. package/src/mod.ts +4 -0
  38. package/src/url.test.ts +252 -1
  39. package/src/url.ts +141 -0
  40. package/tsdown.config.ts +6 -1
package/dist/mod.d.ts CHANGED
@@ -1,208 +1,10 @@
1
1
  /// <reference lib="esnext.temporal" />
2
- import { Logger } from "@logtape/logtape";
2
+ import { a as DocumentLoaderOptions, c as getDocumentLoader, d as FetchError, f as GetUserAgentOptions, h as logRequest, i as DocumentLoaderFactoryOptions, l as getRemoteDocument, m as getUserAgent, n as DocumentLoader, o as GetDocumentLoaderOptions, p as createActivityPubRequest, r as DocumentLoaderFactory, s as RemoteDocument, t as AuthenticatedDocumentLoaderFactory, u as CreateRequestOptions } from "./docloader-xRGn1azD.js";
3
3
  import { TracerProvider } from "@opentelemetry/api";
4
4
 
5
5
  //#region src/contexts.d.ts
6
6
  declare const preloadedContexts: Record<string, unknown>;
7
7
  //#endregion
8
- //#region src/request.d.ts
9
- /**
10
- * Error thrown when fetching a JSON-LD document failed.
11
- */
12
- declare class FetchError extends Error {
13
- /**
14
- * The URL that failed to fetch.
15
- */
16
- url: URL;
17
- /**
18
- * The HTTP response that failed, if available.
19
- */
20
- response?: Response;
21
- /**
22
- * Constructs a new `FetchError`.
23
- *
24
- * @param url The URL that failed to fetch.
25
- * @param message Error message.
26
- * @param response The failed HTTP response, if available.
27
- */
28
- constructor(url: URL | string, message?: string, response?: Response);
29
- }
30
- /**
31
- * Options for creating a request.
32
- * @internal
33
- */
34
- interface CreateRequestOptions {
35
- userAgent?: GetUserAgentOptions | string;
36
- }
37
- /**
38
- * Creates a request for the given URL.
39
- * @param url The URL to create the request for.
40
- * @param options The options for the request.
41
- * @returns The created request.
42
- * @internal
43
- */
44
- declare function createActivityPubRequest(url: string, options?: CreateRequestOptions): Request;
45
- /**
46
- * Options for making `User-Agent` string.
47
- * @see {@link getUserAgent}
48
- * @since 1.3.0
49
- */
50
- interface GetUserAgentOptions {
51
- /**
52
- * An optional software name and version, e.g., `"Hollo/1.0.0"`.
53
- */
54
- software?: string | null;
55
- /**
56
- * An optional URL to append to the user agent string.
57
- * Usually the URL of the ActivityPub instance.
58
- */
59
- url?: string | URL | null;
60
- }
61
- /**
62
- * Gets the user agent string for the given application and URL.
63
- * @param options The options for making the user agent string.
64
- * @returns The user agent string.
65
- * @since 1.3.0
66
- */
67
- declare function getUserAgent({
68
- software,
69
- url
70
- }?: GetUserAgentOptions): string;
71
- /**
72
- * Logs the request.
73
- * @param request The request to log.
74
- * @internal
75
- */
76
- declare function logRequest(logger: Logger, request: Request): void;
77
- //#endregion
78
- //#region src/docloader.d.ts
79
- /**
80
- * A remote JSON-LD document and its context fetched by
81
- * a {@link DocumentLoader}.
82
- */
83
- interface RemoteDocument {
84
- /**
85
- * The URL of the context document.
86
- */
87
- contextUrl: string | null;
88
- /**
89
- * The fetched JSON-LD document.
90
- */
91
- document: unknown;
92
- /**
93
- * The URL of the fetched document.
94
- */
95
- documentUrl: string;
96
- }
97
- /**
98
- * Options for {@link DocumentLoader}.
99
- * @since 1.8.0
100
- */
101
- interface DocumentLoaderOptions {
102
- /**
103
- * An `AbortSignal` for cancellation.
104
- * @since 1.8.0
105
- */
106
- signal?: AbortSignal;
107
- }
108
- /**
109
- * A JSON-LD document loader that fetches documents from the Web.
110
- * @param url The URL of the document to load.
111
- * @param options The options for the document loader.
112
- * @returns The loaded remote document.
113
- */
114
- type DocumentLoader = (url: string, options?: DocumentLoaderOptions) => Promise<RemoteDocument>;
115
- /**
116
- * A factory function that creates a {@link DocumentLoader} with options.
117
- * @param options The options for the document loader.
118
- * @returns The document loader.
119
- * @since 1.4.0
120
- */
121
- type DocumentLoaderFactory = (options?: DocumentLoaderFactoryOptions) => DocumentLoader;
122
- /**
123
- * Options for {@link DocumentLoaderFactory}.
124
- * @see {@link DocumentLoaderFactory}
125
- * @see {@link AuthenticatedDocumentLoaderFactory}
126
- * @since 1.4.0
127
- */
128
- interface DocumentLoaderFactoryOptions {
129
- /**
130
- * Whether to allow fetching private network addresses.
131
- * Turned off by default.
132
- * @default `false``
133
- */
134
- allowPrivateAddress?: boolean;
135
- /**
136
- * Options for making `User-Agent` string.
137
- * If a string is given, it is used as the `User-Agent` header value.
138
- * If an object is given, it is passed to {@link getUserAgent} function.
139
- */
140
- userAgent?: GetUserAgentOptions | string;
141
- /**
142
- * The maximum number of redirections to follow.
143
- * @default `20`
144
- * @since 2.2.0
145
- */
146
- maxRedirection?: number;
147
- }
148
- /**
149
- * A factory function that creates an authenticated {@link DocumentLoader} for
150
- * a given identity. This is used for fetching documents that require
151
- * authentication.
152
- * @param identity The identity to create the document loader for.
153
- * The actor's key pair.
154
- * @param options The options for the document loader.
155
- * @returns The authenticated document loader.
156
- * @since 0.4.0
157
- */
158
- type AuthenticatedDocumentLoaderFactory = (identity: {
159
- keyId: URL;
160
- privateKey: CryptoKey;
161
- }, options?: DocumentLoaderFactoryOptions) => DocumentLoader;
162
- /**
163
- * Gets a {@link RemoteDocument} from the given response.
164
- * @param url The URL of the document to load.
165
- * @param response The response to get the document from.
166
- * @param fetch The function to fetch the document.
167
- * @returns The loaded remote document.
168
- * @throws {FetchError} If the response is not OK.
169
- * @internal
170
- */
171
- declare function getRemoteDocument(url: string, response: Response, fetch: (url: string, options?: DocumentLoaderOptions) => Promise<RemoteDocument>): Promise<RemoteDocument>;
172
- /**
173
- * Options for {@link getDocumentLoader}.
174
- * @since 1.3.0
175
- */
176
- interface GetDocumentLoaderOptions extends DocumentLoaderFactoryOptions {
177
- /**
178
- * Whether to preload the frequently used contexts.
179
- */
180
- skipPreloadedContexts?: boolean;
181
- }
182
- /**
183
- * Creates a JSON-LD document loader that utilizes the browser's `fetch` API.
184
- *
185
- * The created loader preloads the below frequently used contexts by default
186
- * (unless `options.skipPreloadedContexts` is set to `true`):
187
- *
188
- * - <https://www.w3.org/ns/activitystreams>
189
- * - <https://w3id.org/security/v1>
190
- * - <https://w3id.org/security/data-integrity/v1>
191
- * - <https://www.w3.org/ns/did/v1>
192
- * - <https://w3id.org/security/multikey/v1>
193
- * - <https://purl.archive.org/socialweb/webfinger>
194
- * - <http://schema.org/>
195
- * @param options Options for the document loader.
196
- * @returns The document loader.
197
- * @since 1.3.0
198
- */
199
- declare function getDocumentLoader({
200
- allowPrivateAddress,
201
- maxRedirection,
202
- skipPreloadedContexts,
203
- userAgent
204
- }?: GetDocumentLoaderOptions): DocumentLoader;
205
- //#endregion
206
8
  //#region src/key.d.ts
207
9
  /**
208
10
  * Imports a PEM-SPKI formatted public key.
@@ -461,6 +263,22 @@ declare class UrlError extends Error {
461
263
  constructor(message: string);
462
264
  }
463
265
  /**
266
+ * Parses a JSON-LD `@id` value as an IRI.
267
+ */
268
+ declare function parseJsonLdId(id: string | undefined, base?: string | URL): URL | undefined;
269
+ /**
270
+ * Parses an IRI as a URL, including FEP-ef61 portable ActivityPub IRIs.
271
+ */
272
+ declare function parseIri(iri: string | URL, base?: string | URL): URL;
273
+ /**
274
+ * Formats a URL as an IRI, including FEP-ef61 portable ActivityPub IRIs.
275
+ */
276
+ declare function formatIri(iri: string | URL): string;
277
+ /**
278
+ * Checks whether two IRIs have the same origin.
279
+ */
280
+ declare function haveSameIriOrigin(left: URL, right: URL): boolean;
281
+ /**
464
282
  * Validates a URL to prevent SSRF attacks.
465
283
  */
466
284
  declare function validatePublicUrl(url: string): Promise<void>;
@@ -468,4 +286,4 @@ declare function isValidPublicIPv4Address(address: string): boolean;
468
286
  declare function isValidPublicIPv6Address(address: string): boolean;
469
287
  declare function expandIPv6Address(address: string): string;
470
288
  //#endregion
471
- export { type AuthenticatedDocumentLoaderFactory, type CreateRequestOptions, type Decimal, type DocumentLoader, type DocumentLoaderFactory, type DocumentLoaderFactoryOptions, type DocumentLoaderOptions, FetchError, type GetDocumentLoaderOptions, type GetUserAgentOptions, type Json, LanguageString, type PropertyPreprocessor, type PropertyPreprocessorContext, type RemoteDocument, UrlError, canParseDecimal, createActivityPubRequest, decodeMultibase, encodeMultibase, encodingFromBaseData, expandIPv6Address, exportMultibaseKey, exportSpki, getDocumentLoader, getRemoteDocument, getUserAgent, importMultibaseKey, importPem, importPkcs1, importSpki, isDecimal, isValidPublicIPv4Address, isValidPublicIPv6Address, logRequest, parseDecimal, preloadedContexts, validatePublicUrl };
289
+ export { type AuthenticatedDocumentLoaderFactory, type CreateRequestOptions, type Decimal, type DocumentLoader, type DocumentLoaderFactory, type DocumentLoaderFactoryOptions, type DocumentLoaderOptions, FetchError, type GetDocumentLoaderOptions, type GetUserAgentOptions, type Json, LanguageString, type PropertyPreprocessor, type PropertyPreprocessorContext, type RemoteDocument, UrlError, canParseDecimal, createActivityPubRequest, decodeMultibase, encodeMultibase, encodingFromBaseData, expandIPv6Address, exportMultibaseKey, exportSpki, formatIri, getDocumentLoader, getRemoteDocument, getUserAgent, haveSameIriOrigin, importMultibaseKey, importPem, importPkcs1, importSpki, isDecimal, isValidPublicIPv4Address, isValidPublicIPv6Address, logRequest, parseDecimal, parseIri, parseJsonLdId, preloadedContexts, validatePublicUrl };
package/dist/mod.js CHANGED
@@ -1,9 +1,8 @@
1
1
 
2
+ import { a as isValidPublicIPv4Address, c as parseJsonLdId, i as haveSameIriOrigin, l as validatePublicUrl, n as expandIPv6Address, o as isValidPublicIPv6Address, r as formatIri, s as parseIri, t as UrlError } from "./url-BuxPHxK2.js";
2
3
  import { getLogger } from "@logtape/logtape";
3
4
  import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
4
5
  import process from "node:process";
5
- import { lookup } from "node:dns/promises";
6
- import { isIP } from "node:net";
7
6
  import { Integer, Sequence } from "asn1js";
8
7
  import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
9
8
  import { decodeBase64Url } from "byte-encodings/base64url";
@@ -4342,7 +4341,7 @@ const preloadedContexts = {
4342
4341
  //#endregion
4343
4342
  //#region deno.json
4344
4343
  var name = "@fedify/vocab-runtime";
4345
- var version = "2.4.0-dev.1508+68519bf4";
4344
+ var version = "2.4.0-dev.1531+0896bc51";
4346
4345
  //#endregion
4347
4346
  //#region src/link.ts
4348
4347
  const parametersNeedLowerCase = ["rel", "type"];
@@ -4595,179 +4594,6 @@ function logRequest(logger, request) {
4595
4594
  });
4596
4595
  }
4597
4596
  //#endregion
4598
- //#region src/url.ts
4599
- var UrlError = class extends Error {
4600
- constructor(message) {
4601
- super(message);
4602
- this.name = "UrlError";
4603
- }
4604
- };
4605
- /**
4606
- * Validates a URL to prevent SSRF attacks.
4607
- */
4608
- async function validatePublicUrl(url) {
4609
- const parsed = new URL(url);
4610
- if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new UrlError(`Unsupported protocol: ${parsed.protocol}`);
4611
- let hostname = parsed.hostname;
4612
- if (hostname.startsWith("[") && hostname.endsWith("]")) hostname = hostname.slice(1, -1);
4613
- if (hostname === "localhost") throw new UrlError("Localhost is not allowed");
4614
- const hostnameFamily = isIP(hostname);
4615
- if (hostnameFamily !== 0) {
4616
- validatePublicIpAddress(hostname, hostnameFamily);
4617
- return;
4618
- }
4619
- if ("Deno" in globalThis && !isIP(hostname)) {
4620
- if ((await Deno.permissions.query({ name: "net" })).state !== "granted") return;
4621
- }
4622
- if ("Bun" in globalThis) {
4623
- if (hostname === "example.com" || hostname.endsWith(".example.com")) return;
4624
- else if (hostname === "fedify-test.internal") throw new UrlError("Invalid or private address: fedify-test.internal");
4625
- }
4626
- let addresses;
4627
- try {
4628
- addresses = await lookup(hostname, { all: true });
4629
- } catch {
4630
- addresses = [];
4631
- }
4632
- for (const { address, family } of addresses) validatePublicIpAddress(address, family);
4633
- }
4634
- function validatePublicIpAddress(address, family) {
4635
- if (family === 4 && isValidPublicIPv4Address(address) || family === 6 && isValidPublicIPv6Address(address)) return;
4636
- throw new UrlError(`Invalid or private address: ${address}`);
4637
- }
4638
- function isValidPublicIPv4Address(address) {
4639
- const parts = parseIPv4Address(address);
4640
- if (parts == null) return false;
4641
- const value = ipv4PartsToNumber(parts);
4642
- return !nonPublicIPv4Prefixes.some(({ base, prefix }) => matchesIPv4Prefix(value, base, prefix));
4643
- }
4644
- function isValidPublicIPv6Address(address) {
4645
- const words = parseIPv6Address(address);
4646
- if (words == null) return false;
4647
- if (nonPublicIPv6Prefixes.some(({ words: prefixWords, prefix }) => matchesIPv6Prefix(words, prefixWords, prefix))) return false;
4648
- for (const { extractIPv4, prefix, words: prefixWords } of ipv6WithIPv4Prefixes) {
4649
- if (!matchesIPv6Prefix(words, prefixWords, prefix)) continue;
4650
- const ipv4Address = extractIPv4(words);
4651
- if (ipv4Address != null && !isValidPublicIPv4Address(ipv4Address)) return false;
4652
- }
4653
- return true;
4654
- }
4655
- function expandIPv6Address(address) {
4656
- address = address.toLowerCase();
4657
- const ipv4Delimiter = address.lastIndexOf(":");
4658
- if (address.includes(".") && ipv4Delimiter >= 0) {
4659
- const ipv4Parts = parseIPv4Address(address.substring(ipv4Delimiter + 1));
4660
- if (ipv4Parts == null) return address;
4661
- const high = (ipv4Parts[0] << 8) + ipv4Parts[1];
4662
- const low = (ipv4Parts[2] << 8) + ipv4Parts[3];
4663
- address = address.substring(0, ipv4Delimiter + 1) + high.toString(16) + ":" + low.toString(16);
4664
- }
4665
- if (address === "::") return "0000:0000:0000:0000:0000:0000:0000:0000";
4666
- if (address.startsWith("::")) address = "0000" + address;
4667
- if (address.endsWith("::")) address = address + "0000";
4668
- address = address.replace("::", ":0000".repeat(8 - (address.match(/:/g) || []).length) + ":");
4669
- return address.split(":").map((part) => part.padStart(4, "0")).join(":");
4670
- }
4671
- const nonPublicIPv4Prefixes = [
4672
- ipv4Prefix("0.0.0.0/8", "RFC 6890"),
4673
- ipv4Prefix("10.0.0.0/8", "RFC 1918"),
4674
- ipv4Prefix("100.64.0.0/10", "RFC 6598"),
4675
- ipv4Prefix("127.0.0.0/8", "RFC 1122"),
4676
- ipv4Prefix("169.254.0.0/16", "RFC 3927"),
4677
- ipv4Prefix("172.16.0.0/12", "RFC 1918"),
4678
- ipv4Prefix("192.0.0.0/24", "RFC 6890"),
4679
- ipv4Prefix("192.0.2.0/24", "RFC 5737"),
4680
- ipv4Prefix("192.88.99.0/24", "RFC 7526"),
4681
- ipv4Prefix("192.168.0.0/16", "RFC 1918"),
4682
- ipv4Prefix("198.18.0.0/15", "RFC 2544"),
4683
- ipv4Prefix("198.51.100.0/24", "RFC 5737"),
4684
- ipv4Prefix("203.0.113.0/24", "RFC 5737"),
4685
- ipv4Prefix("224.0.0.0/4", "RFC 5771"),
4686
- ipv4Prefix("240.0.0.0/4", "RFC 1112")
4687
- ];
4688
- const nonPublicIPv6Prefixes = [
4689
- ipv6Prefix("::/16", "RFC 4291"),
4690
- ipv6Prefix("2001::/32", "RFC 4380"),
4691
- ipv6Prefix("2002::/16", "RFC 3056"),
4692
- ipv6Prefix("64:ff9b:1::/48", "RFC 8215"),
4693
- ipv6Prefix("fc00::/7", "RFC 4193"),
4694
- ipv6Prefix("fe80::/10", "RFC 4291"),
4695
- ipv6Prefix("ff00::/8", "RFC 4291")
4696
- ];
4697
- const ipv6WithIPv4Prefixes = [{
4698
- ...ipv6Prefix("64:ff9b::/96", "RFC 6052"),
4699
- extractIPv4: (words) => ipv4FromWords(words[6], words[7])
4700
- }];
4701
- function ipv4Prefix(cidr, rfc) {
4702
- const [address, prefixText] = cidr.split("/");
4703
- const prefix = parseInt(prefixText, 10);
4704
- const parts = parseIPv4Address(address);
4705
- if (parts == null || !Number.isInteger(prefix) || prefix < 0 || prefix > 32) throw new Error(`Invalid IPv4 prefix: ${cidr}`);
4706
- return {
4707
- cidr,
4708
- base: ipv4PartsToNumber(parts),
4709
- prefix,
4710
- rfc
4711
- };
4712
- }
4713
- function ipv6Prefix(cidr, rfc) {
4714
- const [address, prefixText] = cidr.split("/");
4715
- const prefix = parseInt(prefixText, 10);
4716
- const words = parseIPv6Address(address);
4717
- if (words == null || !Number.isInteger(prefix) || prefix < 0 || prefix > 128) throw new Error(`Invalid IPv6 prefix: ${cidr}`);
4718
- return {
4719
- cidr,
4720
- words,
4721
- prefix,
4722
- rfc
4723
- };
4724
- }
4725
- function parseIPv4Address(address) {
4726
- const parts = address.split(".").map((part) => {
4727
- if (!/^\d+$/.test(part)) return NaN;
4728
- return parseInt(part, 10);
4729
- });
4730
- if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) return null;
4731
- return parts;
4732
- }
4733
- function parseIPv6Address(address) {
4734
- const parts = expandIPv6Address(address).split(":");
4735
- if (parts.length !== 8) return null;
4736
- const words = parts.map((part) => {
4737
- if (!/^[0-9a-f]{1,4}$/i.test(part)) return NaN;
4738
- return parseInt(part, 16);
4739
- });
4740
- if (words.some((word) => !Number.isInteger(word) || word < 0 || word > 65535)) return null;
4741
- return words;
4742
- }
4743
- function ipv4PartsToNumber(parts) {
4744
- return parts[0] * 2 ** 24 + parts[1] * 2 ** 16 + parts[2] * 2 ** 8 + parts[3];
4745
- }
4746
- function ipv4FromWords(highWord, lowWord) {
4747
- return [
4748
- highWord >> 8,
4749
- highWord & 255,
4750
- lowWord >> 8,
4751
- lowWord & 255
4752
- ].join(".");
4753
- }
4754
- function matchesIPv4Prefix(address, prefixBase, prefixLength) {
4755
- const blockSize = 2 ** (32 - prefixLength);
4756
- return Math.floor(address / blockSize) === Math.floor(prefixBase / blockSize);
4757
- }
4758
- function matchesIPv6Prefix(address, prefixWords, prefixLength) {
4759
- let remaining = prefixLength;
4760
- for (let i = 0; i < 8 && remaining > 0; i++) if (remaining >= 16) {
4761
- if (address[i] !== prefixWords[i]) return false;
4762
- remaining -= 16;
4763
- } else {
4764
- const mask = 65535 << 16 - remaining & 65535;
4765
- if ((address[i] & mask) !== (prefixWords[i] & mask)) return false;
4766
- remaining = 0;
4767
- }
4768
- return true;
4769
- }
4770
- //#endregion
4771
4597
  //#region src/docloader.ts
4772
4598
  const logger = getLogger([
4773
4599
  "fedify",
@@ -4775,6 +4601,66 @@ const logger = getLogger([
4775
4601
  "docloader"
4776
4602
  ]);
4777
4603
  const DEFAULT_MAX_REDIRECTION = 20;
4604
+ const MAX_HTML_SIZE = 1024 * 1024;
4605
+ function createResponseMetadata(response) {
4606
+ return new Response(null, {
4607
+ headers: response.headers,
4608
+ status: response.status,
4609
+ statusText: response.statusText
4610
+ });
4611
+ }
4612
+ async function cancelResponseBody(response) {
4613
+ if (response.body != null) await response.body.cancel();
4614
+ }
4615
+ async function readBoundedText(response, maxBytes) {
4616
+ const contentLength = response.headers.get("Content-Length");
4617
+ if (contentLength != null) {
4618
+ const size = Number(contentLength);
4619
+ if (size > maxBytes) {
4620
+ await cancelResponseBody(response);
4621
+ return {
4622
+ text: "",
4623
+ size,
4624
+ tooLarge: true
4625
+ };
4626
+ }
4627
+ }
4628
+ if (response.body == null) return {
4629
+ text: "",
4630
+ size: 0,
4631
+ tooLarge: false
4632
+ };
4633
+ const reader = response.body.getReader();
4634
+ const decoder = new TextDecoder();
4635
+ let text = "";
4636
+ let size = 0;
4637
+ try {
4638
+ while (true) {
4639
+ const result = await reader.read();
4640
+ if (result.done) break;
4641
+ const chunkSize = result.value.byteLength;
4642
+ if (size + chunkSize > maxBytes) {
4643
+ size += chunkSize;
4644
+ await reader.cancel();
4645
+ return {
4646
+ text: "",
4647
+ size,
4648
+ tooLarge: true
4649
+ };
4650
+ }
4651
+ size += chunkSize;
4652
+ text += decoder.decode(result.value, { stream: true });
4653
+ }
4654
+ text += decoder.decode();
4655
+ return {
4656
+ text,
4657
+ size,
4658
+ tooLarge: false
4659
+ };
4660
+ } finally {
4661
+ reader.releaseLock();
4662
+ }
4663
+ }
4778
4664
  /**
4779
4665
  * Gets a {@link RemoteDocument} from the given response.
4780
4666
  * @param url The URL of the document to load.
@@ -4829,19 +4715,19 @@ async function getRemoteDocument(url, response, fetch) {
4829
4715
  }
4830
4716
  let document;
4831
4717
  if (!jsonLd && (contentType === "text/html" || contentType?.startsWith("text/html;") || contentType === "application/xhtml+xml" || contentType?.startsWith("application/xhtml+xml;"))) {
4832
- const MAX_HTML_SIZE = 1024 * 1024;
4833
- const html = await response.text();
4834
- if (html.length > MAX_HTML_SIZE) {
4718
+ const errorResponse = createResponseMetadata(response);
4719
+ const html = await readBoundedText(response, MAX_HTML_SIZE);
4720
+ if (html.tooLarge) {
4835
4721
  logger.warn("HTML response too large, skipping alternate link discovery: {url}", {
4836
4722
  url: documentUrl,
4837
- size: html.length
4723
+ size: html.size
4838
4724
  });
4839
- document = JSON.parse(html);
4725
+ throw new FetchError(documentUrl, `HTML document is too large to scan for an ActivityPub alternate link (Content-Type: ${contentType})`, errorResponse);
4840
4726
  } else {
4841
4727
  const tagPattern = /<(a|link)\s+([^>]*?)\s*\/?>/gi;
4842
4728
  const attrPattern = /([a-z][a-z:_-]*)=(?:"([^"]*)"|'([^']*)'|([^\s>]+))/gi;
4843
4729
  let tagMatch;
4844
- while ((tagMatch = tagPattern.exec(html)) !== null) {
4730
+ while ((tagMatch = tagPattern.exec(html.text)) !== null) {
4845
4731
  const tagContent = tagMatch[2];
4846
4732
  let attrMatch;
4847
4733
  const attribs = {};
@@ -4858,7 +4744,12 @@ async function getRemoteDocument(url, response, fetch) {
4858
4744
  return await fetch(new URL(attribs.href, docUrl).href);
4859
4745
  }
4860
4746
  }
4861
- document = JSON.parse(html);
4747
+ try {
4748
+ document = JSON.parse(html.text);
4749
+ } catch (error) {
4750
+ if (!(error instanceof SyntaxError)) throw error;
4751
+ throw new FetchError(documentUrl, `HTML document has no ActivityPub alternate link (Content-Type: ${contentType})`, errorResponse);
4752
+ }
4862
4753
  }
4863
4754
  } else document = await response.json();
4864
4755
  logger.debug("Fetched document: {status} {url} {headers}", {
@@ -5563,4 +5454,4 @@ LanguageString.prototype[Symbol.for("nodejs.util.inspect.custom")] = function(_d
5563
5454
  return `<${this.locale.baseName}> ${inspect(this.toString(), options)}`;
5564
5455
  };
5565
5456
  //#endregion
5566
- export { FetchError, LanguageString, UrlError, canParseDecimal, createActivityPubRequest, decodeMultibase, encodeMultibase, encodingFromBaseData, expandIPv6Address, exportMultibaseKey, exportSpki, getDocumentLoader, getRemoteDocument, getUserAgent, importMultibaseKey, importPem, importPkcs1, importSpki, isDecimal, isValidPublicIPv4Address, isValidPublicIPv6Address, logRequest, parseDecimal, preloadedContexts, validatePublicUrl };
5457
+ export { FetchError, LanguageString, UrlError, canParseDecimal, createActivityPubRequest, decodeMultibase, encodeMultibase, encodingFromBaseData, expandIPv6Address, exportMultibaseKey, exportSpki, formatIri, getDocumentLoader, getRemoteDocument, getUserAgent, haveSameIriOrigin, importMultibaseKey, importPem, importPkcs1, importSpki, isDecimal, isValidPublicIPv4Address, isValidPublicIPv6Address, logRequest, parseDecimal, parseIri, parseJsonLdId, preloadedContexts, validatePublicUrl };
@@ -1,6 +1,6 @@
1
1
  require("./chunk-C2EiDwsr.cjs");
2
- require("./docloader-60uMNsd3.cjs");
3
- require("./url-C20FhC7p.cjs");
2
+ require("./docloader-Cvdl8PIZ.cjs");
3
+ require("./url-2XwVbUS_.cjs");
4
4
  require("./key-pMmqUKuo.cjs");
5
5
  require("./multibase-Bz_UUDtL.cjs");
6
6
  require("./langstr-CbAxaeEZ.cjs");
@@ -1,5 +1,5 @@
1
- import "./docloader-0m6FCm4u.mjs";
2
- import "./url-m9Qzxy-Y.mjs";
1
+ import "./docloader-Bfj7NaT_.mjs";
2
+ import "./url-YWJbnRlf.mjs";
3
3
  import "./key-CrrK9mYh.mjs";
4
4
  import "./multibase-B4bvakyA.mjs";
5
5
  import "./langstr-Di5AvKpB.mjs";
@@ -1,6 +1,6 @@
1
- import { a as name, i as logRequest, n as createActivityPubRequest, o as version, t as FetchError } from "./request-CO5esooK.mjs";
1
+ import { a as name, i as logRequest, n as createActivityPubRequest, o as version, t as FetchError } from "./request-B5Su2gl0.mjs";
2
2
  import { t as HttpHeaderLink } from "./link-NUUWCdnK.mjs";
3
- import { a as validatePublicUrl, t as UrlError } from "./url-m9Qzxy-Y.mjs";
3
+ import { l as validatePublicUrl, t as UrlError } from "./url-YWJbnRlf.mjs";
4
4
  import { getLogger } from "@logtape/logtape";
5
5
  import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
6
6
  //#endregion
@@ -4340,6 +4340,66 @@ const logger = getLogger([
4340
4340
  "docloader"
4341
4341
  ]);
4342
4342
  const DEFAULT_MAX_REDIRECTION = 20;
4343
+ const MAX_HTML_SIZE = 1024 * 1024;
4344
+ function createResponseMetadata(response) {
4345
+ return new Response(null, {
4346
+ headers: response.headers,
4347
+ status: response.status,
4348
+ statusText: response.statusText
4349
+ });
4350
+ }
4351
+ async function cancelResponseBody(response) {
4352
+ if (response.body != null) await response.body.cancel();
4353
+ }
4354
+ async function readBoundedText(response, maxBytes) {
4355
+ const contentLength = response.headers.get("Content-Length");
4356
+ if (contentLength != null) {
4357
+ const size = Number(contentLength);
4358
+ if (size > maxBytes) {
4359
+ await cancelResponseBody(response);
4360
+ return {
4361
+ text: "",
4362
+ size,
4363
+ tooLarge: true
4364
+ };
4365
+ }
4366
+ }
4367
+ if (response.body == null) return {
4368
+ text: "",
4369
+ size: 0,
4370
+ tooLarge: false
4371
+ };
4372
+ const reader = response.body.getReader();
4373
+ const decoder = new TextDecoder();
4374
+ let text = "";
4375
+ let size = 0;
4376
+ try {
4377
+ while (true) {
4378
+ const result = await reader.read();
4379
+ if (result.done) break;
4380
+ const chunkSize = result.value.byteLength;
4381
+ if (size + chunkSize > maxBytes) {
4382
+ size += chunkSize;
4383
+ await reader.cancel();
4384
+ return {
4385
+ text: "",
4386
+ size,
4387
+ tooLarge: true
4388
+ };
4389
+ }
4390
+ size += chunkSize;
4391
+ text += decoder.decode(result.value, { stream: true });
4392
+ }
4393
+ text += decoder.decode();
4394
+ return {
4395
+ text,
4396
+ size,
4397
+ tooLarge: false
4398
+ };
4399
+ } finally {
4400
+ reader.releaseLock();
4401
+ }
4402
+ }
4343
4403
  /**
4344
4404
  * Gets a {@link RemoteDocument} from the given response.
4345
4405
  * @param url The URL of the document to load.
@@ -4394,19 +4454,19 @@ async function getRemoteDocument(url, response, fetch) {
4394
4454
  }
4395
4455
  let document;
4396
4456
  if (!jsonLd && (contentType === "text/html" || contentType?.startsWith("text/html;") || contentType === "application/xhtml+xml" || contentType?.startsWith("application/xhtml+xml;"))) {
4397
- const MAX_HTML_SIZE = 1024 * 1024;
4398
- const html = await response.text();
4399
- if (html.length > MAX_HTML_SIZE) {
4457
+ const errorResponse = createResponseMetadata(response);
4458
+ const html = await readBoundedText(response, MAX_HTML_SIZE);
4459
+ if (html.tooLarge) {
4400
4460
  logger.warn("HTML response too large, skipping alternate link discovery: {url}", {
4401
4461
  url: documentUrl,
4402
- size: html.length
4462
+ size: html.size
4403
4463
  });
4404
- document = JSON.parse(html);
4464
+ throw new FetchError(documentUrl, `HTML document is too large to scan for an ActivityPub alternate link (Content-Type: ${contentType})`, errorResponse);
4405
4465
  } else {
4406
4466
  const tagPattern = /<(a|link)\s+([^>]*?)\s*\/?>/gi;
4407
4467
  const attrPattern = /([a-z][a-z:_-]*)=(?:"([^"]*)"|'([^']*)'|([^\s>]+))/gi;
4408
4468
  let tagMatch;
4409
- while ((tagMatch = tagPattern.exec(html)) !== null) {
4469
+ while ((tagMatch = tagPattern.exec(html.text)) !== null) {
4410
4470
  const tagContent = tagMatch[2];
4411
4471
  let attrMatch;
4412
4472
  const attribs = {};
@@ -4423,7 +4483,12 @@ async function getRemoteDocument(url, response, fetch) {
4423
4483
  return await fetch(new URL(attribs.href, docUrl).href);
4424
4484
  }
4425
4485
  }
4426
- document = JSON.parse(html);
4486
+ try {
4487
+ document = JSON.parse(html.text);
4488
+ } catch (error) {
4489
+ if (!(error instanceof SyntaxError)) throw error;
4490
+ throw new FetchError(documentUrl, `HTML document has no ActivityPub alternate link (Content-Type: ${contentType})`, errorResponse);
4491
+ }
4427
4492
  }
4428
4493
  } else document = await response.json();
4429
4494
  logger.debug("Fetched document: {status} {url} {headers}", {
@@ -4528,4 +4593,4 @@ function getDocumentLoader({ allowPrivateAddress, maxRedirection, skipPreloadedC
4528
4593
  return load;
4529
4594
  }
4530
4595
  //#endregion
4531
- export { preloadedContexts as n, getDocumentLoader as t };
4596
+ export { getRemoteDocument as n, preloadedContexts as r, getDocumentLoader as t };