Loading CHANGES.md +80 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,14 @@ Version 1.5.3 To be released. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.5.2 ------------- Loading Loading @@ -158,6 +166,20 @@ Released on March 28, 2025. [multibase]: https://github.com/multiformats/js-multibase Version 1.4.11 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.4.10 -------------- Loading Loading @@ -382,6 +404,20 @@ Released on February 5, 2025. [#195]: https://github.com/fedify-dev/fedify/issues/195 Version 1.3.18 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.3.17 -------------- Loading Loading @@ -722,6 +758,20 @@ Released on November 30, 2024. [#193]: https://github.com/fedify-dev/fedify/issues/193 Version 1.2.22 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.2.21 -------------- Loading Loading @@ -1110,6 +1160,20 @@ Released on October 31, 2024. [#118]: https://github.com/fedify-dev/fedify/issues/118 Version 1.1.22 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.1.21 -------------- Loading Loading @@ -1539,6 +1603,22 @@ Released on October 20, 2024. [#150]: https://github.com/fedify-dev/fedify/issues/150 Version 1.0.25 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. [#232]: https://github.com/fedify-dev/fedify/issues/232 Version 1.0.24 -------------- Loading src/federation/handler.test.ts +35 −0 Original line number Diff line number Diff line Loading @@ -1271,6 +1271,41 @@ test("handleInbox()", async () => { }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 202); const invalidRequest = new Request("https://example.com/", { method: "POST", body: JSON.stringify({ "@context": [ "https://www.w3.org/ns/activitystreams", true, 23, ], type: "Create", object: { type: "Note", content: "Hello, world!" }, actor: "https://example.com/users/alice", }), }); const signedInvalidRequest = await signRequest( invalidRequest, rsaPrivateKey3, rsaPublicKey3.id!, ); const signedInvalidContext = createRequestContext({ request: signedInvalidRequest, url: new URL(signedInvalidRequest.url), data: undefined, documentLoader: mockDocumentLoader, }); response = await handleInbox(signedInvalidRequest, { recipient: null, context: signedContext, inboxContextFactory(_activity) { return createInboxContext(signedInvalidContext); }, ...inboxOptions, }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 400); }); test("respondWithObject()", async () => { Loading src/federation/handler.ts +18 −6 Original line number Diff line number Diff line Loading @@ -596,12 +596,24 @@ async function handleInboxInternal<TContextData>( }); } const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx); const ldSigVerified = await verifyJsonLd(json, { let ldSigVerified: boolean; try { ldSigVerified = await verifyJsonLd(json, { contextLoader: ctx.contextLoader, documentLoader: ctx.documentLoader, keyCache, tracerProvider, }); } catch (error) { if (error instanceof Error && error.name === "jsonld.SyntaxError") { logger.error("Failed to parse JSON-LD:\n{error}", { recipient, error }); return new Response("Invalid JSON-LD.", { status: 400, headers: { "Content-Type": "text/plain; charset=utf-8" }, }); } ldSigVerified = false; } const jsonWithoutSig = detachSignature(json); let activity: Activity | null = null; if (ldSigVerified) { Loading Loading
CHANGES.md +80 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,14 @@ Version 1.5.3 To be released. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.5.2 ------------- Loading Loading @@ -158,6 +166,20 @@ Released on March 28, 2025. [multibase]: https://github.com/multiformats/js-multibase Version 1.4.11 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.4.10 -------------- Loading Loading @@ -382,6 +404,20 @@ Released on February 5, 2025. [#195]: https://github.com/fedify-dev/fedify/issues/195 Version 1.3.18 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.3.17 -------------- Loading Loading @@ -722,6 +758,20 @@ Released on November 30, 2024. [#193]: https://github.com/fedify-dev/fedify/issues/193 Version 1.2.22 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.2.21 -------------- Loading Loading @@ -1110,6 +1160,20 @@ Released on October 31, 2024. [#118]: https://github.com/fedify-dev/fedify/issues/118 Version 1.1.22 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. Version 1.1.21 -------------- Loading Loading @@ -1539,6 +1603,22 @@ Released on October 20, 2024. [#150]: https://github.com/fedify-dev/fedify/issues/150 Version 1.0.25 -------------- Released on May 16, 2025. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. [#232]: https://github.com/fedify-dev/fedify/issues/232 Version 1.0.24 -------------- Loading
src/federation/handler.test.ts +35 −0 Original line number Diff line number Diff line Loading @@ -1271,6 +1271,41 @@ test("handleInbox()", async () => { }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 202); const invalidRequest = new Request("https://example.com/", { method: "POST", body: JSON.stringify({ "@context": [ "https://www.w3.org/ns/activitystreams", true, 23, ], type: "Create", object: { type: "Note", content: "Hello, world!" }, actor: "https://example.com/users/alice", }), }); const signedInvalidRequest = await signRequest( invalidRequest, rsaPrivateKey3, rsaPublicKey3.id!, ); const signedInvalidContext = createRequestContext({ request: signedInvalidRequest, url: new URL(signedInvalidRequest.url), data: undefined, documentLoader: mockDocumentLoader, }); response = await handleInbox(signedInvalidRequest, { recipient: null, context: signedContext, inboxContextFactory(_activity) { return createInboxContext(signedInvalidContext); }, ...inboxOptions, }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 400); }); test("respondWithObject()", async () => { Loading
src/federation/handler.ts +18 −6 Original line number Diff line number Diff line Loading @@ -596,12 +596,24 @@ async function handleInboxInternal<TContextData>( }); } const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx); const ldSigVerified = await verifyJsonLd(json, { let ldSigVerified: boolean; try { ldSigVerified = await verifyJsonLd(json, { contextLoader: ctx.contextLoader, documentLoader: ctx.documentLoader, keyCache, tracerProvider, }); } catch (error) { if (error instanceof Error && error.name === "jsonld.SyntaxError") { logger.error("Failed to parse JSON-LD:\n{error}", { recipient, error }); return new Response("Invalid JSON-LD.", { status: 400, headers: { "Content-Type": "text/plain; charset=utf-8" }, }); } ldSigVerified = false; } const jsonWithoutSig = detachSignature(json); let activity: Activity | null = null; if (ldSigVerified) { Loading
