Loading CHANGES.md +7 −0 Original line number Diff line number Diff line Loading @@ -8,9 +8,16 @@ Version 1.0.25 To be released. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. [#232]: https://github.com/fedify-dev/fedify/issues/232 Version 1.0.24 -------------- Loading src/federation/handler.test.ts +35 −0 Original line number Diff line number Diff line Loading @@ -1194,6 +1194,41 @@ test("handleInbox()", async () => { }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 202); const invalidRequest = new Request("https://example.com/", { method: "POST", body: JSON.stringify({ "@context": [ "https://www.w3.org/ns/activitystreams", true, 23, ], type: "Create", object: { type: "Note", content: "Hello, world!" }, actor: "https://example.com/users/alice", }), }); const signedInvalidRequest = await signRequest( invalidRequest, rsaPrivateKey3, rsaPublicKey3.id!, ); const signedInvalidContext = createRequestContext({ request: signedInvalidRequest, url: new URL(signedInvalidRequest.url), data: undefined, documentLoader: mockDocumentLoader, }); response = await handleInbox(signedInvalidRequest, { identifier: null, context: signedContext, inboxContextFactory(_activity) { return createInboxContext(signedInvalidContext); }, ...inboxOptions, }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 400); }); test("respondWithObject()", async () => { Loading src/federation/handler.ts +17 −5 Original line number Diff line number Diff line Loading @@ -445,11 +445,23 @@ export async function handleInbox<TContextData>( await kv.set([...kvPrefixes.publicKey, keyId.href], serialized); }, }; const ldSigVerified = await verifyJsonLd(json, { let ldSigVerified: boolean; try { ldSigVerified = await verifyJsonLd(json, { contextLoader: context.contextLoader, documentLoader: context.documentLoader, keyCache, }); } catch (error) { if (error instanceof Error && error.name === "jsonld.SyntaxError") { logger.error("Failed to parse JSON-LD:\n{error}", { identifier, error }); return new Response("Invalid JSON-LD.", { status: 400, headers: { "Content-Type": "text/plain; charset=utf-8" }, }); } ldSigVerified = false; } const jsonWithoutSig = detachSignature(json); let activity: Activity | null = null; if (ldSigVerified) { Loading Loading
CHANGES.md +7 −0 Original line number Diff line number Diff line Loading @@ -8,9 +8,16 @@ Version 1.0.25 To be released. - Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which caused a `500 Internal Server Error` when the received activity had an invalid JSON-LD syntax. Now it logs the error and responds with a `400 Bad Request` error instead. [[#232]] - The `exportJwk()` function now populates the `alg` property of a returned `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key. [#232]: https://github.com/fedify-dev/fedify/issues/232 Version 1.0.24 -------------- Loading
src/federation/handler.test.ts +35 −0 Original line number Diff line number Diff line Loading @@ -1194,6 +1194,41 @@ test("handleInbox()", async () => { }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 202); const invalidRequest = new Request("https://example.com/", { method: "POST", body: JSON.stringify({ "@context": [ "https://www.w3.org/ns/activitystreams", true, 23, ], type: "Create", object: { type: "Note", content: "Hello, world!" }, actor: "https://example.com/users/alice", }), }); const signedInvalidRequest = await signRequest( invalidRequest, rsaPrivateKey3, rsaPublicKey3.id!, ); const signedInvalidContext = createRequestContext({ request: signedInvalidRequest, url: new URL(signedInvalidRequest.url), data: undefined, documentLoader: mockDocumentLoader, }); response = await handleInbox(signedInvalidRequest, { identifier: null, context: signedContext, inboxContextFactory(_activity) { return createInboxContext(signedInvalidContext); }, ...inboxOptions, }); assertEquals(onNotFoundCalled, null); assertEquals(response.status, 400); }); test("respondWithObject()", async () => { Loading
src/federation/handler.ts +17 −5 Original line number Diff line number Diff line Loading @@ -445,11 +445,23 @@ export async function handleInbox<TContextData>( await kv.set([...kvPrefixes.publicKey, keyId.href], serialized); }, }; const ldSigVerified = await verifyJsonLd(json, { let ldSigVerified: boolean; try { ldSigVerified = await verifyJsonLd(json, { contextLoader: context.contextLoader, documentLoader: context.documentLoader, keyCache, }); } catch (error) { if (error instanceof Error && error.name === "jsonld.SyntaxError") { logger.error("Failed to parse JSON-LD:\n{error}", { identifier, error }); return new Response("Invalid JSON-LD.", { status: 400, headers: { "Content-Type": "text/plain; charset=utf-8" }, }); } ldSigVerified = false; } const jsonWithoutSig = detachSignature(json); let activity: Activity | null = null; if (ldSigVerified) { Loading
