Loading federation/callback.ts +5 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,10 @@ export type OutboxErrorHandler = ( * @param handle The handle of the actor that is being requested. * @param signedKey The key that was used to sign the request, or `null` if * the request was not signed or the signature was invalid. * @param signedKeyOwner The actor that owns the key that was used to sign the * request, or `null` if the request was not signed or the * signature was invalid, or if the key is not associated * with an actor. * @returns `true` if the request is authorized, `false` otherwise. * @since 0.7.0 */ Loading @@ -114,4 +118,5 @@ export type AuthorizePredicate<TContextData> = ( context: RequestContext<TContextData>, handle: string, signedKey: CryptographicKey | null, signedKeyOwner: Actor | null, ) => boolean | Promise<boolean>; federation/handler.test.ts +10 −4 Original line number Diff line number Diff line Loading @@ -206,7 +206,8 @@ Deno.test("handleActor()", async () => { context, handle: "someone", actorDispatcher, authorizePredicate: (_ctx, _handle, signedKey) => signedKey != null, authorizePredicate: (_ctx, _handle, signedKey, signedKeyOwner) => signedKey != null && signedKeyOwner != null, onNotFound, onNotAcceptable, onUnauthorized, Loading @@ -221,6 +222,7 @@ Deno.test("handleActor()", async () => { context = createRequestContext<void>({ ...context, getSignedKey: () => Promise.resolve(publicKey2), getSignedKeyOwner: () => Promise.resolve(new Person({})), }); response = await handleActor( context.request, Loading @@ -228,7 +230,8 @@ Deno.test("handleActor()", async () => { context, handle: "someone", actorDispatcher, authorizePredicate: (_ctx, _handle, signedKey) => signedKey != null, authorizePredicate: (_ctx, _handle, signedKey, signedKeyOwner) => signedKey != null && signedKeyOwner != null, onNotFound, onNotAcceptable, onUnauthorized, Loading Loading @@ -425,7 +428,8 @@ Deno.test("handleCollection()", async () => { handle: "someone", collectionCallbacks: { dispatcher, authorizePredicate: (_ctx, _handle, key) => key != null, authorizePredicate: (_ctx, _handle, key, keyOwner) => key != null && keyOwner != null, }, onNotFound, onNotAcceptable, Loading @@ -441,6 +445,7 @@ Deno.test("handleCollection()", async () => { context = createRequestContext<void>({ ...context, getSignedKey: () => Promise.resolve(publicKey2), getSignedKeyOwner: () => Promise.resolve(new Person({})), }); response = await handleCollection( context.request, Loading @@ -449,7 +454,8 @@ Deno.test("handleCollection()", async () => { handle: "someone", collectionCallbacks: { dispatcher, authorizePredicate: (_ctx, _handle, key) => key != null, authorizePredicate: (_ctx, _handle, key, keyOwner) => key != null && keyOwner != null, }, onNotFound, onNotAcceptable, Loading federation/handler.ts +11 −2 Original line number Diff line number Diff line Loading @@ -64,7 +64,8 @@ export async function handleActor<TContextData>( if (!acceptsJsonLd(request)) return await onNotAcceptable(request); if (authorizePredicate != null) { const key = await context.getSignedKey(); if (!await authorizePredicate(context, handle, key)) { const keyOwner = await context.getSignedKeyOwner(); if (!await authorizePredicate(context, handle, key, keyOwner)) { return await onUnauthorized(request); } } Loading Loading @@ -187,7 +188,15 @@ export async function handleCollection< if (!acceptsJsonLd(request)) return await onNotAcceptable(request); if (collectionCallbacks.authorizePredicate != null) { const key = await context.getSignedKey(); if (!await collectionCallbacks.authorizePredicate(context, handle, key)) { const keyOwner = await context.getSignedKeyOwner(); if ( !await collectionCallbacks.authorizePredicate( context, handle, key, keyOwner, ) ) { return await onUnauthorized(request); } } Loading Loading
federation/callback.ts +5 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,10 @@ export type OutboxErrorHandler = ( * @param handle The handle of the actor that is being requested. * @param signedKey The key that was used to sign the request, or `null` if * the request was not signed or the signature was invalid. * @param signedKeyOwner The actor that owns the key that was used to sign the * request, or `null` if the request was not signed or the * signature was invalid, or if the key is not associated * with an actor. * @returns `true` if the request is authorized, `false` otherwise. * @since 0.7.0 */ Loading @@ -114,4 +118,5 @@ export type AuthorizePredicate<TContextData> = ( context: RequestContext<TContextData>, handle: string, signedKey: CryptographicKey | null, signedKeyOwner: Actor | null, ) => boolean | Promise<boolean>;
federation/handler.test.ts +10 −4 Original line number Diff line number Diff line Loading @@ -206,7 +206,8 @@ Deno.test("handleActor()", async () => { context, handle: "someone", actorDispatcher, authorizePredicate: (_ctx, _handle, signedKey) => signedKey != null, authorizePredicate: (_ctx, _handle, signedKey, signedKeyOwner) => signedKey != null && signedKeyOwner != null, onNotFound, onNotAcceptable, onUnauthorized, Loading @@ -221,6 +222,7 @@ Deno.test("handleActor()", async () => { context = createRequestContext<void>({ ...context, getSignedKey: () => Promise.resolve(publicKey2), getSignedKeyOwner: () => Promise.resolve(new Person({})), }); response = await handleActor( context.request, Loading @@ -228,7 +230,8 @@ Deno.test("handleActor()", async () => { context, handle: "someone", actorDispatcher, authorizePredicate: (_ctx, _handle, signedKey) => signedKey != null, authorizePredicate: (_ctx, _handle, signedKey, signedKeyOwner) => signedKey != null && signedKeyOwner != null, onNotFound, onNotAcceptable, onUnauthorized, Loading Loading @@ -425,7 +428,8 @@ Deno.test("handleCollection()", async () => { handle: "someone", collectionCallbacks: { dispatcher, authorizePredicate: (_ctx, _handle, key) => key != null, authorizePredicate: (_ctx, _handle, key, keyOwner) => key != null && keyOwner != null, }, onNotFound, onNotAcceptable, Loading @@ -441,6 +445,7 @@ Deno.test("handleCollection()", async () => { context = createRequestContext<void>({ ...context, getSignedKey: () => Promise.resolve(publicKey2), getSignedKeyOwner: () => Promise.resolve(new Person({})), }); response = await handleCollection( context.request, Loading @@ -449,7 +454,8 @@ Deno.test("handleCollection()", async () => { handle: "someone", collectionCallbacks: { dispatcher, authorizePredicate: (_ctx, _handle, key) => key != null, authorizePredicate: (_ctx, _handle, key, keyOwner) => key != null && keyOwner != null, }, onNotFound, onNotAcceptable, Loading
federation/handler.ts +11 −2 Original line number Diff line number Diff line Loading @@ -64,7 +64,8 @@ export async function handleActor<TContextData>( if (!acceptsJsonLd(request)) return await onNotAcceptable(request); if (authorizePredicate != null) { const key = await context.getSignedKey(); if (!await authorizePredicate(context, handle, key)) { const keyOwner = await context.getSignedKeyOwner(); if (!await authorizePredicate(context, handle, key, keyOwner)) { return await onUnauthorized(request); } } Loading Loading @@ -187,7 +188,15 @@ export async function handleCollection< if (!acceptsJsonLd(request)) return await onNotAcceptable(request); if (collectionCallbacks.authorizePredicate != null) { const key = await context.getSignedKey(); if (!await collectionCallbacks.authorizePredicate(context, handle, key)) { const keyOwner = await context.getSignedKeyOwner(); if ( !await collectionCallbacks.authorizePredicate( context, handle, key, keyOwner, ) ) { return await onUnauthorized(request); } } Loading
