Loading CHANGES.md +6 −1 Original line number Diff line number Diff line Loading @@ -22,12 +22,17 @@ To be released. - Added `Router.trailingSlashInsensitive` property. - Implemented HTTP Message Signatures ([RFC 9421]). [[#208]] - Implemented HTTP Message Signatures ([RFC 9421]) with double-knocking. Currently, it only works with RSA-PKCS#1-v1.5. [[#208]] - Added `HttpMessageSignaturesSpec` type. - Added `SignRequestOptions.spec` option. - Added `SignRequestOptions.currentTime` option. - Added `VerifyRequestOptions.spec` option. - Added `GetAuthenticatedDocumentLoaderOptions.specDeterminer` option. - Added `GetAuthenticatedDocumentLoaderOptions.traceProvider` option. - Added `HttpMessageSignaturesSpecDeterminer` interface. - Added `--first-knock` option to `fedify lookup` command. [RFC 9421]: https://www.rfc-editor.org/rfc/rfc9421 [#208]: https://github.com/fedify-dev/fedify/issues/208 Loading cli/lookup.ts +27 −5 Original line number Diff line number Diff line import { colors } from "@cliffy/ansi"; import { Command } from "@cliffy/command"; import { Command, EnumType } from "@cliffy/command"; import { Application, Collection, Loading @@ -22,7 +22,10 @@ import { printJson } from "./utils.ts"; const logger = getLogger(["fedify", "cli", "lookup"]); const sigSpec = new EnumType(["draft-cavage-http-signatures-12", "rfc9421"]); export const command = new Command() .type("sig-spec", sigSpec) .arguments("<...urls:string>") .description( "Lookup an Activity Streams object by URL or the actor handle. " + Loading @@ -30,6 +33,12 @@ export const command = new Command() "(e.g., @username@domain), and it can be multiple.", ) .option("-a, --authorized-fetch", "Sign the request with an one-time key.") .option( "--first-knock <spec:sig-spec>", "The first-knock spec for -a/--authorized-fetch. It is used for " + "the double-knocking technique.", { depends: ["authorized-fetch"], default: "rfc9421" }, ) .option( "-t, --traverse", "Traverse the given collection to fetch all items. If it is turned on, " + Loading Loading @@ -118,10 +127,21 @@ export const command = new Command() { contextLoader }, ); }); authLoader = getAuthenticatedDocumentLoader({ authLoader = getAuthenticatedDocumentLoader( { keyId: new URL("#main-key", server.url), privateKey: key.privateKey, }); }, { specDeterminer: { determineSpec() { return options.firstKnock; }, rememberSpec() { }, }, }, ); } spinner.text = `Looking up the ${ options.traverse ? "collection" : urls.length > 1 ? "objects" : "object" Loading Loading @@ -255,3 +275,5 @@ export const command = new Command() Deno.exit(1); } }); // cSpell: ignore sigspec deno.json +1 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ "check": "deno task -f @fedify/fedify check && deno task -f @fedify/cli check && deno task -f @fedify/blog check && deno task -f @fedify/hono-sample check", "test-all": "deno task -f @fedify/fedify test-all && deno task -f @fedify/cli check && deno task -f @fedify/blog check && deno task -f @fedify/hono-sample check", "publish": "deno task -f @fedify/fedify publish && deno task -f @fedify/cli publish", "cli": "deno task -f @fedify/cli run", "hooks:install": "deno run --allow-read=deno.json,.git/hooks/ --allow-write=.git/hooks/ jsr:@hongminhee/deno-task-hooks", "hooks:pre-commit": { "dependencies": [ Loading docs/cli.md +30 −0 Original line number Diff line number Diff line Loading @@ -727,6 +727,36 @@ Person { } ~~~~ ### `--first-knock`: First-knock spec for `-a`/`--authorized-fetch` *This option is available since Fedify 1.6.0.* The `--first-knock` option is used to specify which HTTP Signatures spec to try first when using the `-a`/`--authorized-fetch` option. The ActivityPub ecosystem currently uses different versions of HTTP Signatures specifications, and the [double-knocking] technique (trying one version, then falling back to another if rejected) allows for better compatibility across servers. Available options are: `draft-cavage-http-signatures-12` : [HTTP Signatures], which is obsolete but still widely adopted in the fediverse as of May 2025. `rfc9421` (default) : [RFC 9421]: HTTP Message Signatures, which is the final revision of the specification and is recommended, but not yet widely adopted in the fediverse as of May 2025. If the first signature attempt fails, Fedify will automatically try the other specification format, implementing the [double-knocking] technique described in the [ActivityPub HTTP Signatures] specification. [double-knocking]: https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions [HTTP Signatures]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12 [RFC 9421]: https://www.rfc-editor.org/rfc/rfc9421 [ActivityPub HTTP Signatures]: https://swicg.github.io/activitypub-http-signature/ ### `-u`/`--user-agent`: Custom `User-Agent` header *This option is available since Fedify 1.3.0.* Loading docs/manual/federation.md +10 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,16 @@ that the `Federation` object uses: The key prefix used for caching public keys. `["_fedify", "publicKey"]` by default. `~FederationKvPrefixes.httpMessageSignaturesSpec` : *This API is available since Fedify 1.6.0.* The key prefix used for caching HTTP Message Signatures spec. The cached spec is used to reduce the number of attempts to make signed requests ([double-knocking] technique). `["_fedify", "httpMessageSignaturesSpec"]` by default. [double-knocking]: https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions ### `queue` *This API is available since Fedify 0.5.0.* Loading Loading
CHANGES.md +6 −1 Original line number Diff line number Diff line Loading @@ -22,12 +22,17 @@ To be released. - Added `Router.trailingSlashInsensitive` property. - Implemented HTTP Message Signatures ([RFC 9421]). [[#208]] - Implemented HTTP Message Signatures ([RFC 9421]) with double-knocking. Currently, it only works with RSA-PKCS#1-v1.5. [[#208]] - Added `HttpMessageSignaturesSpec` type. - Added `SignRequestOptions.spec` option. - Added `SignRequestOptions.currentTime` option. - Added `VerifyRequestOptions.spec` option. - Added `GetAuthenticatedDocumentLoaderOptions.specDeterminer` option. - Added `GetAuthenticatedDocumentLoaderOptions.traceProvider` option. - Added `HttpMessageSignaturesSpecDeterminer` interface. - Added `--first-knock` option to `fedify lookup` command. [RFC 9421]: https://www.rfc-editor.org/rfc/rfc9421 [#208]: https://github.com/fedify-dev/fedify/issues/208 Loading
cli/lookup.ts +27 −5 Original line number Diff line number Diff line import { colors } from "@cliffy/ansi"; import { Command } from "@cliffy/command"; import { Command, EnumType } from "@cliffy/command"; import { Application, Collection, Loading @@ -22,7 +22,10 @@ import { printJson } from "./utils.ts"; const logger = getLogger(["fedify", "cli", "lookup"]); const sigSpec = new EnumType(["draft-cavage-http-signatures-12", "rfc9421"]); export const command = new Command() .type("sig-spec", sigSpec) .arguments("<...urls:string>") .description( "Lookup an Activity Streams object by URL or the actor handle. " + Loading @@ -30,6 +33,12 @@ export const command = new Command() "(e.g., @username@domain), and it can be multiple.", ) .option("-a, --authorized-fetch", "Sign the request with an one-time key.") .option( "--first-knock <spec:sig-spec>", "The first-knock spec for -a/--authorized-fetch. It is used for " + "the double-knocking technique.", { depends: ["authorized-fetch"], default: "rfc9421" }, ) .option( "-t, --traverse", "Traverse the given collection to fetch all items. If it is turned on, " + Loading Loading @@ -118,10 +127,21 @@ export const command = new Command() { contextLoader }, ); }); authLoader = getAuthenticatedDocumentLoader({ authLoader = getAuthenticatedDocumentLoader( { keyId: new URL("#main-key", server.url), privateKey: key.privateKey, }); }, { specDeterminer: { determineSpec() { return options.firstKnock; }, rememberSpec() { }, }, }, ); } spinner.text = `Looking up the ${ options.traverse ? "collection" : urls.length > 1 ? "objects" : "object" Loading Loading @@ -255,3 +275,5 @@ export const command = new Command() Deno.exit(1); } }); // cSpell: ignore sigspec
deno.json +1 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ "check": "deno task -f @fedify/fedify check && deno task -f @fedify/cli check && deno task -f @fedify/blog check && deno task -f @fedify/hono-sample check", "test-all": "deno task -f @fedify/fedify test-all && deno task -f @fedify/cli check && deno task -f @fedify/blog check && deno task -f @fedify/hono-sample check", "publish": "deno task -f @fedify/fedify publish && deno task -f @fedify/cli publish", "cli": "deno task -f @fedify/cli run", "hooks:install": "deno run --allow-read=deno.json,.git/hooks/ --allow-write=.git/hooks/ jsr:@hongminhee/deno-task-hooks", "hooks:pre-commit": { "dependencies": [ Loading
docs/cli.md +30 −0 Original line number Diff line number Diff line Loading @@ -727,6 +727,36 @@ Person { } ~~~~ ### `--first-knock`: First-knock spec for `-a`/`--authorized-fetch` *This option is available since Fedify 1.6.0.* The `--first-knock` option is used to specify which HTTP Signatures spec to try first when using the `-a`/`--authorized-fetch` option. The ActivityPub ecosystem currently uses different versions of HTTP Signatures specifications, and the [double-knocking] technique (trying one version, then falling back to another if rejected) allows for better compatibility across servers. Available options are: `draft-cavage-http-signatures-12` : [HTTP Signatures], which is obsolete but still widely adopted in the fediverse as of May 2025. `rfc9421` (default) : [RFC 9421]: HTTP Message Signatures, which is the final revision of the specification and is recommended, but not yet widely adopted in the fediverse as of May 2025. If the first signature attempt fails, Fedify will automatically try the other specification format, implementing the [double-knocking] technique described in the [ActivityPub HTTP Signatures] specification. [double-knocking]: https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions [HTTP Signatures]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12 [RFC 9421]: https://www.rfc-editor.org/rfc/rfc9421 [ActivityPub HTTP Signatures]: https://swicg.github.io/activitypub-http-signature/ ### `-u`/`--user-agent`: Custom `User-Agent` header *This option is available since Fedify 1.3.0.* Loading
docs/manual/federation.md +10 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,16 @@ that the `Federation` object uses: The key prefix used for caching public keys. `["_fedify", "publicKey"]` by default. `~FederationKvPrefixes.httpMessageSignaturesSpec` : *This API is available since Fedify 1.6.0.* The key prefix used for caching HTTP Message Signatures spec. The cached spec is used to reduce the number of attempts to make signed requests ([double-knocking] technique). `["_fedify", "httpMessageSignaturesSpec"]` by default. [double-knocking]: https://swicg.github.io/activitypub-http-signature/#how-to-upgrade-supported-versions ### `queue` *This API is available since Fedify 0.5.0.* Loading
