Loading CHANGES.md +59 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,22 @@ To be released. [#162]: https://github.com/dahlia/fedify/issues/162 Version 1.2.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.2.3 ------------- Loading Loading @@ -122,6 +138,22 @@ Released on October 31, 2024. [#118]: https://github.com/dahlia/fedify/issues/118 Version 1.1.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.1.3 ------------- Loading Loading @@ -252,6 +284,22 @@ Released on October 20, 2024. [#150]: https://github.com/dahlia/fedify/issues/150 Version 1.0.8 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.0.7 ------------- Loading Loading @@ -501,6 +549,17 @@ Released on September 26, 2024. [#137]: https://github.com/dahlia/fedify/issues/137 Version 0.15.6 -------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. Version 0.15.5 -------------- Loading src/runtime/docloader.test.ts +27 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,33 @@ test("getDocumentLoader()", async (t) => { }); }); mf.mock("GET@/wrong-content-type", (_req) => new Response( JSON.stringify({ "@context": "https://www.w3.org/ns/activitystreams", id: "https://example.com/wrong-content-type", name: "Fetched object", type: "Object", }), { status: 200, headers: { "Content-Type": "text/html; charset=utf-8" } }, )); await t.step("Wrong Content-Type", async () => { assertEquals( await fetchDocumentLoader("https://example.com/wrong-content-type"), { contextUrl: null, documentUrl: "https://example.com/wrong-content-type", document: { "@context": "https://www.w3.org/ns/activitystreams", id: "https://example.com/wrong-content-type", name: "Fetched object", type: "Object", }, }, ); }); mf.mock("GET@/404", (_req) => new Response("", { status: 404 })); await t.step("not ok", async () => { Loading src/runtime/docloader.ts +5 −5 Original line number Diff line number Diff line Loading @@ -162,6 +162,7 @@ async function getRemoteDocument( } } } let document: unknown; if ( !jsonLd && (contentType === "text/html" || contentType?.startsWith("text/html;") || Loading Loading @@ -197,6 +198,9 @@ async function getRemoteDocument( return await fetch(new URL(attribs.href, docUrl).href); } } document = JSON.parse(html); } else { document = await response.json(); } logger.debug( "Fetched document: {status} {url} {headers}", Loading @@ -206,11 +210,7 @@ async function getRemoteDocument( headers: Object.fromEntries(response.headers.entries()), }, ); return { contextUrl, document: await response.json(), documentUrl, }; return { contextUrl, document, documentUrl }; } /** Loading src/sig/ld.ts +20 −2 Original line number Diff line number Diff line Loading @@ -238,10 +238,28 @@ export async function verifySignature( delete sigOpts.type; delete sigOpts.id; delete sigOpts.signatureValue; const sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader); let sigOptsHash: string; try { sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader); } catch (error) { logger.warn( "Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", { signatureOptions: sigOpts, error }, ); return null; } const document: { signature?: unknown } = { ...jsonLd }; delete document.signature; const docHash = await hashJsonLd(document, options.contextLoader); let docHash: string; try { docHash = await hashJsonLd(document, options.contextLoader); } catch (error) { logger.warn( "Failed to verify; failed to hash the document: {document}\n{error}", { document, error }, ); return null; } const encoder = new TextEncoder(); const message = sigOptsHash + docHash; const messageBytes = encoder.encode(message); Loading Loading
CHANGES.md +59 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,22 @@ To be released. [#162]: https://github.com/dahlia/fedify/issues/162 Version 1.2.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.2.3 ------------- Loading Loading @@ -122,6 +138,22 @@ Released on October 31, 2024. [#118]: https://github.com/dahlia/fedify/issues/118 Version 1.1.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.1.3 ------------- Loading Loading @@ -252,6 +284,22 @@ Released on October 20, 2024. [#150]: https://github.com/dahlia/fedify/issues/150 Version 1.0.8 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.0.7 ------------- Loading Loading @@ -501,6 +549,17 @@ Released on September 26, 2024. [#137]: https://github.com/dahlia/fedify/issues/137 Version 0.15.6 -------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. Version 0.15.5 -------------- Loading
src/runtime/docloader.test.ts +27 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,33 @@ test("getDocumentLoader()", async (t) => { }); }); mf.mock("GET@/wrong-content-type", (_req) => new Response( JSON.stringify({ "@context": "https://www.w3.org/ns/activitystreams", id: "https://example.com/wrong-content-type", name: "Fetched object", type: "Object", }), { status: 200, headers: { "Content-Type": "text/html; charset=utf-8" } }, )); await t.step("Wrong Content-Type", async () => { assertEquals( await fetchDocumentLoader("https://example.com/wrong-content-type"), { contextUrl: null, documentUrl: "https://example.com/wrong-content-type", document: { "@context": "https://www.w3.org/ns/activitystreams", id: "https://example.com/wrong-content-type", name: "Fetched object", type: "Object", }, }, ); }); mf.mock("GET@/404", (_req) => new Response("", { status: 404 })); await t.step("not ok", async () => { Loading
src/runtime/docloader.ts +5 −5 Original line number Diff line number Diff line Loading @@ -162,6 +162,7 @@ async function getRemoteDocument( } } } let document: unknown; if ( !jsonLd && (contentType === "text/html" || contentType?.startsWith("text/html;") || Loading Loading @@ -197,6 +198,9 @@ async function getRemoteDocument( return await fetch(new URL(attribs.href, docUrl).href); } } document = JSON.parse(html); } else { document = await response.json(); } logger.debug( "Fetched document: {status} {url} {headers}", Loading @@ -206,11 +210,7 @@ async function getRemoteDocument( headers: Object.fromEntries(response.headers.entries()), }, ); return { contextUrl, document: await response.json(), documentUrl, }; return { contextUrl, document, documentUrl }; } /** Loading
src/sig/ld.ts +20 −2 Original line number Diff line number Diff line Loading @@ -238,10 +238,28 @@ export async function verifySignature( delete sigOpts.type; delete sigOpts.id; delete sigOpts.signatureValue; const sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader); let sigOptsHash: string; try { sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader); } catch (error) { logger.warn( "Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", { signatureOptions: sigOpts, error }, ); return null; } const document: { signature?: unknown } = { ...jsonLd }; delete document.signature; const docHash = await hashJsonLd(document, options.contextLoader); let docHash: string; try { docHash = await hashJsonLd(document, options.contextLoader); } catch (error) { logger.warn( "Failed to verify; failed to hash the document: {document}\n{error}", { document, error }, ); return null; } const encoder = new TextEncoder(); const message = sigOptsHash + docHash; const messageBytes = encoder.encode(message); Loading
