Fedify changelog
Version 0.12.0
Released on July 24, 2024.
The
fedify
command is now available on npm. [#104]Incoming activities are now queued before being dispatched to the inbox listener if the
queue
option is provided to thecreateFederation()
function. [#70]- The type of
InboxListener
callback type's first parameter becameContext
(wasRequestContext
). - The type of
InboxErrorHandler
callback type's first parameter becameContext
(wasRequestContext
). - The type of
SharedInboxKeyDispatcher
callback type's first parameter becameContext
(wasRequestContext
).
- The type of
Implemented fully customizable retry policy for failed tasks in the task queue. By default, the task queue retries the failed tasks with an exponential backoff policy with decorrelated jitter.
- Added
outboxRetryPolicy
option toCreateFederationOptions
interface. - Added
inboxRetryPolicy
option toCreateFederationOptions
interface. [#70] - Added
RetryPolicy
callback type. - Added
RetryContext
interface. - Added
createExponentialBackoffPolicy()
function. - Added
CreateExponentialBackoffPolicyOptions
interface.
- Added
Federation
object now allows its task queue to be started manually. [#53]- Added
manuallyStartQueue
option toCreateFederationOptions
interface. - Added
Federation.startQueue()
method.
- Added
Made the router able to be insensitive to trailing slashes in the URL paths. [#81]
- Added
trailingSlashInsensitive
option toCreateFederationOptions
interface. - Added
RouterOptions
interface. - Added an optional parameter to
new Router()
constructor.
- Added
Added
ChatMessage
class to Activity Vocabulary API. [#85]Added
Move
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Added
Read
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Added
Travel
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Added
View
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Added
TentativeAccept
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Added
TentativeReject
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]Improved multitenancy (virtual hosting) support. [#66]
- Added
Context.hostname
property. - Added
Context.host
property. - Added
Context.origin
property. - The type of
ActorKeyPairsDispatcher<TContextData>
's first parameter becameContext
(wasTContextData
).
- Added
During verifying HTTP Signatures and Object Integrity Proofs, once fetched public keys are now cached. [#107]
- The
verifyRequest()
function now caches the fetched public keys when thekeyCache
option is provided. - The
verifyProof()
function now caches the fetched public keys when thekeyCache
option is provided. - The
verifyObject()
function now caches the fetched public keys when thekeyCache
option is provided. - Added
KeyCache
interface. - Added
VerifyRequestOptions.keyCache
property. - Added
VerifyProofOptions.keyCache
property. - Added
VerifyObjectOptions.keyCache
property. - Added
FederationKvPrefixes.publicKey
property.
- The
The built-in document loaders now recognize JSON-LD context provided in an HTTP
Link
header. [#6]- The
fetchDocumentLoader()
function now recognizes theLink
header with thehttp://www.w3.org/ns/json-ld#context
link relation. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that recognizes theLink
header with thehttp://www.w3.org/ns/json-ld#context
link relation.
- The
Deprecated
Federation.sendActivity()
method. UseContext.sendActivity()
method instead.The last parameter of
Federation.sendActivity()
method is no longer optional. Also, it now takes the requiredcontextData
option.Removed
Context.getHandleFromActorUri()
method which was deprecated in version 0.9.0. UseContext.parseUri()
method instead.Removed
@fedify/fedify/httpsig
module which was deprecated in version 0.9.0. Use@fedify/fedify/sig
module instead.- Removed
sign()
function. - Removed
verify()
function. - Removed
VerifyOptions
interface.
- Removed
Fixed a bug where the
lookupWebFinger()
function had incorrectly queried if the givenresource
was a URL starts withhttp:
or had a non-default port number.Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address. - Added an optional second parameter to the
fetchDocumentLoader()
function, which can be used to allow fetching private network addresses. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address. - Added an optional second parameter to the
getAuthenticatedDocumentLoader()
function, which can be used to allow fetching private network addresses.
- The
Added
fedify init
subcommand. [#105]Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "federation", "queue"]
Version 0.11.3
Released on July 15, 2024.
- Fixed a bug where use of
Federation.setInboxDispatcher()
afterFederation.setInboxListeners()
had caused aRouterError
to be thrown even if the paths match. [#101 by Fabien O'Carroll]
Version 0.11.2
Released on July 9, 2024.
Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given domain name has any records referring to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.
- The
Version 0.11.1
Released on July 5, 2024.
Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.
- The
Version 0.11.0
Released on June 29, 2024.
Improved runtime type error messages for Activity Vocabulary API. [#79]
Added
suppressError
option to dereferencing accessors of Activity Vocabulary classes.Added more collection dispatchers. [#78]
- Added
Federation.setInboxDispatcher()
method. [#71] - Added
Federation.setLikedDispatcher()
method. - Added
Context.getLikedUri()
method. - Added
{ type: "liked"; handle: string }
case toParseUriResult
type. - Renamed
linked
property (which was a typo) toliked
inApplication
,Group
,Organization
,Person
, andService
classes. - Added
Federation.setFeaturedDispatcher()
method. - Added
Context.getFeaturedUri()
method. - Added
{ type: "featured"; handle: string }
case toParseUriResult
type. - Added
Federation.setFeaturedTagsDispatcher()
method. - Added
Context.getFeaturedTagsUri()
method. - Added
{ type: "featuredTags"; handle: string }
case toParseUriResult
type.
- Added
Frequently used JSON-LD contexts are now preloaded. [#74]
The
fetchDocumentLoader()
function now preloads the following JSON-LD contexts:The default
rules
forkvCache()
function are now 5 minutes for all URLs.
Added
Invite
class to Activity Vocabulary API. [#65, #80 by Randy Wressell]Added
Join
class to Activity Vocabulary API. [#65, #80 by Randy Wressell]Added
Leave
class to Activity Vocabulary API. [#65, #80 by Randy Wressell]Added
Listen
class to Activity Vocabulary API. [#65, #80 by Randy Wressell]Added
Offer
class to Activity Vocabulary API. [#65, #76 by Lee Dogeon]The below properties of
Collection
andCollectionPage
in Activity Vocabulary API now do not acceptLink
objects:Collection.current
Collection.first
Collection.last
CollectionPage.partOf
CollectionPage.next
CollectionPage.prev
Added
featured
property toActor
types in Activity Vocabulary API. [#78]- Added
Application.getFeatured()
method. - Added
Application.featuredId
property. new Application()
constructor now acceptsfeatured
option.Application.clone()
method now acceptsfeatured
option.- Added
Group.getFeatured()
method. - Added
Group.featuredId
property. new Group()
constructor now acceptsfeatured
option.Group.clone()
method now acceptsfeatured
option.- Added
Organization.getFeatured()
method. - Added
Organization.featuredId
property. new Organization()
constructor now acceptsfeatured
option.Organization.clone()
method now acceptsfeatured
option.- Added
Person.getFeatured()
method. - Added
Person.featuredId
property. new Person()
constructor now acceptsfeatured
option.Person.clone()
method now acceptsfeatured
option.- Added
Service.getFeatured()
method. - Added
Service.featuredId
property. new Service()
constructor now acceptsfeatured
option.Service.clone()
method now acceptsfeatured
option.
- Added
Added
featuredTags
property toActor
types in Activity Vocabulary API. [#78]- Added
Application.getFeaturedTags()
method. - Added
Application.featuredTagsId
property. new Application()
constructor now acceptsfeaturedTags
option.Application.clone()
method now acceptsfeaturedTags
option.- Added
Group.getFeaturedTags()
method. - Added
Group.featuredTagsId
property. new Group()
constructor now acceptsfeaturedTags
option.Group.clone()
method now acceptsfeaturedTags
option.- Added
Organization.getFeaturedTags()
method. - Added
Organization.featuredTagsId
property. new Organization()
constructor now acceptsfeaturedTags
option.Organization.clone()
method now acceptsfeaturedTags
option.- Added
Person.getFeaturedTags()
method. - Added
Person.featuredTagsId
property. new Person()
constructor now acceptsfeaturedTags
option.Person.clone()
method now acceptsfeaturedTags
option.- Added
Service.getFeaturedTags()
method. - Added
Service.featuredTagsId
property. new Service()
constructor now acceptsfeaturedTags
option.Service.clone()
method now acceptsfeaturedTags
option.
- Added
Added
target
property toActivity
class in Activity Vocabulary API.- Added
Activity.getTarget()
method. - Added
Activity.getTargets()
method. - Added
Activity.targetId
property. - Added
Activity.targetIds
property. new Activity()
constructor now acceptstarget
option.new Activity()
constructor now acceptstargets
option.Activity.clone()
method now acceptstarget
option.Activity.clone()
method now acceptstargets
option.
- Added
Added
result
property toActivity
class in Activity Vocabulary API.- Added
Activity.getResult()
method. - Added
Activity.getResults()
method. - Added
Activity.resultId
property. - Added
Activity.resultIds
property. new Activity()
constructor now acceptsresult
option.new Activity()
constructor now acceptsresults
option.Activity.clone()
method now acceptsresult
option.Activity.clone()
method now acceptsresults
option.
- Added
Added
origin
property toActivity
class in Activity Vocabulary API.- Added
Activity.getOrigin()
method. - Added
Activity.getOrigins()
method. - Added
Activity.originId
property. - Added
Activity.originIds
property. new Activity()
constructor now acceptsorigin
option.new Activity()
constructor now acceptsorigins
option.Activity.clone()
method now acceptsorigin
option.Activity.clone()
method now acceptsorigins
option.
- Added
Added
instrument
property toActivity
class in Activity Vocabulary API.- Added
Activity.getInstrument()
method. - Added
Activity.getInstruments()
method. - Added
Activity.instrumentId
property. - Added
Activity.instrumentIds
property. new Activity()
constructor now acceptsinstrument
option.new Activity()
constructor now acceptsinstruments
option.Activity.clone()
method now acceptsinstrument
option.Activity.clone()
method now acceptsinstruments
option.
- Added
The
items
property ofOrderedCollection
andOrderedCollectionPage
in Activity Vocabulary API is now represented asorderedItems
(wasitems
) in JSON-LD.The key pair or the key pair for signing outgoing HTTP requests made from the shared inbox now can be configured. This improves the compatibility with other ActivityPub implementations that require authorized fetches (i.e., secure mode).
- Added
SharedInboxKeyDispatcher
type. - Renamed
InboxListenerSetter
interface toInboxListenerSetters
. - Added
InboxListenerSetters.setSharedKeyDispatcher()
method.
- Added
Followed up the change in
eddsa-jcs-2022
specification for Object Integrity Proofs. [FEP-8b32, #54]
Version 0.10.2
Released on July 9, 2024.
Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given domain name has any records referring to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.
- The
Version 0.10.1
Released on July 5, 2024.
Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.
- The
Version 0.10.0
Released on June 18, 2024.
Starting with this release, Fedify, previously distributed under AGPL 3.0, is now distributed under the MIT License to encourage wider adoption.
Besides RSA-PKCS#1-v1.5, Fedify now supports Ed25519 for signing and verifying the activities. [#55]
- Added an optional parameter to
generateCryptoKeyPair()
function,algorithm
, which can be either"RSASSA-PKCS1-v1_5"
or"Ed25519"
. - The
importJwk()
function now accepts Ed25519 keys. - The
exportJwk()
function now exports Ed25519 keys. - The
importSpki()
function now accepts Ed25519 keys. - The
exportJwk()
function now exports Ed25519 keys.
- Added an optional parameter to
Now multiple key pairs can be registered for an actor. [FEP-521a, #55]
- Added
Context.getActorKeyPairs()
method. - Deprecated
Context.getActorKey()
method. UseContext.getActorKeyPairs()
method instead. - Added
ActorKeyPair
interface. - Added
ActorCallbackSetters.setKeyPairsDispatcher()
method. - Added
ActorKeyPairsDispatcher
type. - Deprecated
ActorCallbackSetters.setKeyPairDispatcher()
method. - Deprecated
ActorKeyPairDispatcher
type. - Deprecated the third parameter of the
ActorDispatcher
callback type. UseContext.getActorKeyPairs()
method instead.
- Added
Added
Multikey
class to Activity Vocabulary API. [FEP-521a, #55]- Added
importMultibaseKey()
function. - Added
exportMultibaseKey()
function.
- Added
Added
assertionMethod
property to theActor
types in the Activity Vocabulary API. [FEP-521a, #55]- Added
Application.getAssertionMethod()
method. - Added
Application.getAssertionMethods()
method. new Application()
constructor now acceptsassertionMethod
option.new Application()
constructor now acceptsassertionMethods
option.Application.clone()
method now acceptsassertionMethod
option.Application.clone()
method now acceptsassertionMethods
option.- Added
Group.getAssertionMethod()
method. - Added
Group.getAssertionMethods()
method. new Group()
constructor now acceptsassertionMethod
option.new Group()
constructor now acceptsassertionMethods
option.Group.clone()
method now acceptsassertionMethod
option.Group.clone()
method now acceptsassertionMethods
option.- Added
Organization.getAssertionMethod()
method. - Added
Organization.getAssertionMethods()
method. new Organization()
constructor now acceptsassertionMethod
option.new Organization()
constructor now acceptsassertionMethods
option.Organization.clone()
method now acceptsassertionMethod
option.Organization.clone()
method now acceptsassertionMethods
option.- Added
Person.getAssertionMethod()
method. - Added
Person.getAssertionMethods()
method. new Person()
constructor now acceptsassertionMethod
option.new Person()
constructor now acceptsassertionMethods
option.Person.clone()
method now acceptsassertionMethod
option.Person.clone()
method now acceptsassertionMethods
option.- Added
Service.getAssertionMethod()
method. - Added
Service.getAssertionMethods()
method. new Service()
constructor now acceptsassertionMethod
option.new Service()
constructor now acceptsassertionMethods
option.Service.clone()
method now acceptsassertionMethod
option.Service.clone()
method now acceptsassertionMethods
option.
- Added
Added
DataIntegrityProof
class to Activity Vocabulary API. [FEP-8b32, #54]Added
proof
property to theObject
class in the Activity Vocabulary API. [FEP-8b32, #54]- Added
Object.getProof()
method. - Added
Object.getProofs()
method. new Object()
constructor now acceptsproof
option.new Object()
constructor now acceptsproofs
option.Object.clone()
method now acceptsproof
option.Object.clone()
method now acceptsproofs
option.
- Added
Implemented Object Integrity Proofs. [FEP-8b32, #54]
- If there are any Ed25519 key pairs, the
Context.sendActivity()
andFederation.sendActivity()
methods now make Object Integrity Proofs for the activity to be sent. - If the incoming activity has Object Integrity Proofs, the inbox listener now verifies them and ignores HTTP Signatures (if any).
- Added
signObject()
function. - Added
SignObjectOptions
interface. - Added
createProof()
function. - Added
CreateProofOptions
interface. - Added
verifyObject()
function. - Added
VerifyObjectOptions
interface. - Added
verifyProof()
function. - Added
VerifyProofOptions
interface. - Added
fetchKey()
function. - Added
FetchKeyOptions
interface. - Added
SenderKeyPair
interface. - The type of
Federation.sendActivity()
method's first parameter becameSenderKeyPair[]
(was{ keyId: URL; privateKey: CryptoKey }
). - The
Context.sendActivity()
method's first parameter now acceptsSenderKeyPair[]
as well.
- If there are any Ed25519 key pairs, the
In the future,
Federation
class will become an interface. For the forward compatibility, the following changes are made:- Added
createFederation()
function. - Added
CreateFederationOptions
interface. - Deprecated
new Federation()
constructor. UsecreateFederation()
function instead. - Deprecated
FederationParameters
interface.
- Added
Added
Arrive
class to Activity Vocabulary API. [#65, #68 by Randy Wressell]Added
Question
class to Activity Vocabulary API.Added
context
option toObject.toJsonLd()
method. This applies to any subclasses of theObject
class too.Deprecated
treatHttps
option inFederationParameters
interface. Instead, use the x-forwarded-fetch library to recognize theX-Forwarded-Host
andX-Forwarded-Proto
headers.Removed the
Federation.handle()
method which was deprecated in version 0.6.0.Removed the
integrateHandlerOptions()
function from@fedify/fedify/x/fresh
which was deprecated in version 0.6.0.Ephemeral actors and inboxes that the
fedify inbox
command spawns are now more interoperable with other ActivityPub implementations.- Ephemeral actors now have the following properties:
summary
,following
,followers
,outbox
,manuallyApprovesFollowers
, andurl
. - Improved the compatibility of the
fedify inbox
command with Misskey and Mitra.
- Ephemeral actors now have the following properties:
Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "sig", "proof"]
["fedify", "sig", "key"]
["fedify", "vocab", "lookup"]
["fedify", "webfinger", "lookup"]
Version 0.9.3
Released on July 9, 2024.
Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given domain name has any records referring to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.
- The
Version 0.9.2
Released on July 5, 2024.
Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]
- The
fetchDocumentLoader()
function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address. - The
getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.
- The
Version 0.9.1
Released on June 13, 2024.
- Fixed a bug of Activity Vocabulary API that
clone()
method of Vocabulary classes had not cloned theid
property from the source object.
Version 0.9.0
Released on June 2, 2024.
Added
Tombstone
class to Activity Vocabulary API.Added an actor handle normalization function.
- Added
normalizeActorHandle()
function. - Added
NormalizeActorHandleOptions
interface. - The
getActorHandle()
function now guarantees that the returned actor handle is normalized. - Added the second optional parameter to
getActorHandle()
function. - The return type of
getActorHandle()
function becamePromise<`@${string}@${string}` | `${string}@${string}`>
(wasPromise<`@${string}@${string}`>
).
- Added
Added
excludeBaseUris
option toContext.sendActivity()
andFederation.sendActivity()
methods.- Added
SendActivityOptions.excludeBaseUris
property. - Added
ExtractInboxesParameters.excludeBaseUris
property.
- Added
The
Context
now can parse URIs of objects, inboxes, and collections as well as actors.- Added
Context.parseUri()
method. - Added
ParseUriResult
type. - Deprecated
Context.getHandleFromActorUri()
method.
- Added
The time window for signature verification is now configurable. [#52]
- The default time window for signature verification is now a minute (was 30 seconds).
- Added
signatureTimeWindow
option toFederationParameters
interface. - Added
VerifyOptions
interface. - The signature of the
verify()
function is revamped; it now optionally takes aVerifyOptions
object as the second parameter.
Renamed the
@fedify/fedify/httpsig
module to@fedify/fedify/sig
, and also:- Deprecated
sign()
function. UsesignRequest()
instead. - Deprecated
verify()
function. UseverifyRequest()
instead. - Deprecated
VerifyOptions
interface. UseVerifyRequestOptions
instead.
- Deprecated
When signing an HTTP request, the
algorithm
parameter is now added to theSignature
header. This change improves the compatibility with Misskey and other implementations that require thealgorithm
parameter.Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "federation", "actor"]
["fedify", "federation", "http"]
["fedify", "sig", "http"]
["fedify", "sig", "key"]
["fedify", "sig", "owner"]
Version 0.8.0
Released on May 6, 2024.
The CLI toolchain for testing and debugging is now available on JSR: @fedify/cli. You can install it with
deno install -A --unstable-fs --unstable-kv --unstable-temporal -n fedify jsr:@fedify/cli
, or download a standalone executable from the releases page.- Added
fedify
command. - Added
fedify lookup
subcommand. - Added
fedify inbox
subcommand.
- Added
Implemented followers collection synchronization mechanism.
- Added
RequestContext.sendActivity()
overload that takes"followers"
as the second parameter. - Added the second type parameter to
CollectionCallbackSetters
interface. - Added the second type parameter to
CollectionDispatcher
type. - Added the fourth parameter to
CollectionDispatcher
type. - Added the second type parameter to
CollectionCounter
type. - Added the third parameter to
CollectionCounter
type. - Added the second type parameter to
CollectionCursor
type. - Added the third parameter to
CollectionCursor
type.
- Added
Relaxed the required type for activity recipients.
- Added
Recipient
interface. - The type of the second parameter of
Context.sendActivity()
method becameRecipient | Recipient[]
(wasActor | Actor[]
). However, sinceRecipient
is a supertype ofActor
, the existing code should work without any change.
- Added
Followers collection now has to consist of
Recipient
objects only. (It could consist ofURL
s as well asActor
s before.)- The type of
Federation.setFollowersDispatcher()
method's second parameter becameCollectionDispatcher<Recipient, TContextData, URL>
(wasCollectionDispatcher<Actor | URL, TContextData>
).
- The type of
Some of the responsibility of a document loader was separated to a context loader and a document loader.
- Added
contextLoader
option to constructors,fromJsonLd()
static methods,clone()
methods, and all non-scalar accessors (get*()
) of Activity Vocabulary classes. - Renamed
documentLoader
option tocontextLoader
intoJsonLd()
methods of Activity Vocabulary objects. - Added
contextLoader
option toLookupObjectOptions
interface. - Added
contextLoader
property toContext
interface. - Added
contextLoader
option toFederationParameters
interface. - Renamed
documentLoader
option tocontextLoader
inRespondWithObjectOptions
interface. - Added
GetKeyOwnerOptions
interface. - The type of the second parameter of
getKeyOwner()
function becameGetKeyOwnerOptions
(wasDocumentLoader
). - Added
DoesActorOwnKeyOptions
interface. - The type of the third parameter of
doesActorOwnKey()
function becameDoesActorOwnKeyOptions
(wasDocumentLoader
).
- Added
Added
width
andheight
properties toDocument
class for better compatibility with Mastodon. [#47]- Added
Document.width
property. - Added
Document.height
property. new Document()
constructor now acceptswidth
option.new Document()
constructor now acceptsheight
option.Document.clone()
method now acceptswidth
option.Document.clone()
method now acceptsheight
option.
- Added
Removed the dependency on @js-temporal/polyfill on Deno, and Fedify now requires
--unstable-temporal
flag. On other runtime, it still depends on @js-temporal/polyfill.Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "federation", "collection"]
["fedify", "httpsig", "verify"]
["fedify", "runtime", "docloader"]
Fixed a bug where the authenticated document loader had thrown
InvalidUrl
error when the URL redirection was involved in Bun.Fixed a bug of
lookupObject()
that it had failed to look up the actor object when WebFinger response had no links with"type": "application/activity+json"
but had"type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
.
Version 0.7.0
Released on April 23, 2024.
Added
PUBLIC_COLLECTION
constant for public addressing.Federation
now supports authorized fetch for actor dispatcher and collection dispatchers.- Added
ActorCallbackSetters.authorize()
method. - Added
CollectionCallbackSetters.authorize()
method. - Added
AuthorizedPredicate
type. - Added
RequestContext.getSignedKey()
method. - Added
RequestContext.getSignedKeyOwner()
method. - Added
FederationFetchOptions.onUnauthorized
option for handling unauthorized fetches. - Added
getKeyOwner()
function.
- Added
The default implementation of
FederationFetchOptions.onNotAcceptable
option now responds withVary: Accept, Signature
header.Added log messages using the LogTape library. Currently the below logger categories are used:
["fedify"]
["fedify", "federation"]
["fedify", "federation", "inbox"]
["fedify", "federation", "outbox"]
Added
RequestContext.getActor()
method.Activity Vocabulary classes now have
typeId
static property.Dispatcher setters and inbox listener setters in
Federation
now take a path as`${string}{handle}${string}`
instead ofstring
so that it is more type-safe.Added generalized object dispatchers. [#33]
- Added
Federation.setObjectDispatcher()
method. - Added
ObjectDispatcher
type. - Added
ObjectAuthorizePredicate
type. - Added
Context.getObjectUri()
method. - Added
RequestContext.getObject()
method.
- Added
Version 0.6.1
Released on April 17, 2024.
- Fixed a bug of
new Federation()
constructor that if it is once called the process will never exit. [#39]
Version 0.6.0
Released on April 9, 2024.
DocumentLoader
is now propagated to the loaded remote objects from Activity Vocabulary objects. [#27]- Added
options
parameter to Activity Vocabulary constructors. - Added
options
parameter toclone()
method of Activity Vocabulary objects. - The Activity Vocabulary object passed to
InboxListener
now implicitly loads remote object with an authenticatedDocumentLoader
.
- Added
Added
Federation.fetch()
method.- Deprecated
Federation.handle()
method. UseFederation.fetch()
method instead. - Renamed
FederationHandlerParameters
type toFederationFetchOptions
. - Added
integrateFetchOptions()
function. - Deprecated
integrateHandlerOptions()
function.
- Deprecated
Added
@fedify/fedify/x/hono
module for integrating with Hono middleware. [#25]- Added
federation()
function. - Added
ContextDataFactory
type.
- Added
Context.sendActivity()
method now throwsTypeError
instead of silently failing when the givenActivity
object lacks the actor property.Context.sendActivity()
method now uses an authenticated document loader under the hood.Added outbox error handler to
Federation
.- Added
onOutboxError
option tonew Federation()
constructor. - Added
OutboxErrorHandler
type.
- Added
Version 0.5.2
Released on April 17, 2024.
- Fixed a bug of
new Federation()
constructor that if it is once called the process will never exit. [#39]
Version 0.5.1
Released on April 5, 2024.
- Fixed a bug of
Federation
that its actor/collection dispatchers had done content negotiation before determining if the resource exists or not. It also fixed a bug thatintegrateHandler()
from@fedify/fedify/x/fresh
had responded with406 Not Acceptable
instead of404 Not Found
when the resource does not exist in the web browser. [#34]
Version 0.5.0
Released on April 2, 2024.
Fedify is now available on npm: @fedify/fedify. [#24]
Abstract key-value store for caching.
- Added
KvStore
interface. - Added
KvStoreSetOptions
interface. - Added
KvKey
type. - Added
DenoKvStore
class. KvCacheParameters.kv
option now accepts aKvStore
instead ofDeno.Kv
.KvCacheParameters.prefix
option now accepts aKvKey
instead ofDeno.KvKey
.FederationParameters.kv
option now accepts aKvStore
instead ofDeno.Kv
.FederationKvPrefixes.activityIdempotence
option now accepts aKvKey
instead ofDeno.KvKey
.FederationKvPrefixes.remoteDocument
option now accepts aKvKey
instead ofDeno.KvKey
.
- Added
Abstract message queue for outgoing activities.
- Added
MessageQueue
interface. - Added
MessageQueueEnqueueOptions
interface. - Added
InProcessMessageQueue
class. - Added
FederationParameters.queue
option.
- Added
Added
@fedify/fedify/x/denokv
module for adaptingDeno.Kv
toKvStore
andMessageQueue
. It is only available in Deno runtime.- Added
DenoKvStore
class. - Added
DenoKvMessageQueue
class.
- Added
Added
PropertyValue
to Activity Vocabulary API. [#29]- Added
PropertyValue
class. new Object()
constructor'sattachments
option now acceptsPropertyValue
objects.new Object()
constructor'sattachment
option now accepts aPropertyValue
object.Object.getAttachments()
method now yieldsPropertyValue
objects besidesObject
andLink
objects.Object.getAttachment()
method now returns aPropertyValue
object besides anObject
and aLink
object.Object.clone()
method'sattachments
option now acceptsPropertyValue
objects.Object.clone()
method'sattachment
option now accepts aPropertyValue
object.
- Added
Removed dependency on jose.
- Added
exportSpki()
function. - Added
importSpki()
function.
- Added
Fixed a bug that
Application.manuallyApprovesFollowers
,Group.manuallyApprovesFollowers
,Organization.manuallyApprovesFollowers
,Person.manuallyApprovesFollowers
, andService.manuallyApprovesFollowers
properties were not properly displayed in Mastodon.
Version 0.4.0
Released on March 26, 2024.
Added
@fedify/fedify/x/fresh
module for integrating with Fresh middleware.- Added
integrateHandler()
function. - Added
integrateHandlerOptions()
function.
- Added
Added
getActorHandle()
function.Fedify now has authenticated document loader. [#12]
- Added
Context.getDocumentLoader()
method. - Added
getAuthenticatedDocumentLoader()
function. - Added
AuthenticatedDocumentLoaderFactory
type. - Added
authenticatedDocumentLoaderFactory
option tonew Federation()
constructor. Context.documentLoader
property now returns an authenticated document loader in personal inbox listeners. (Note that it's not affected in shared inbox listeners.)
- Added
Added singular accessors to
Object
'sicon
andimage
properties.new Object()
constructor now acceptsicon
option.new Object()
constructor now acceptsimage
option.- Added
Object.getIcon()
method. - Added
Object.getImage()
method. Object.clone()
method now acceptsicon
option.Object.clone()
method now acceptsimage
option.
Object
'sicon
andimage
properties no more acceptLink
objects.new Object()
constructor'sicons
option no more acceptsLink
objects.new Object()
constructor'simages
option no more acceptsLink
objects.Object.getIcons()
method no more yieldsLink
objects.Object.getImages()
method no more yieldsLink
objects.Object.clone()
method'sicons
option no more acceptsLink
objects.Object.clone()
method'simages
option no more acceptsLink
objects.
Object
'sattributedTo
property was renamed toattribution
.new Object()
constructor'sattributedTo
option was renamed toattribution
.new Object()
constructor'sattributedTos
option was renamed toattributions
.Object.getAttributedTo()
method is renamed toObject.getAttribution()
.Object.getAttributedTos()
method is renamed toObject.getAttributions()
.Object.clone()
method'sattributedTo
option is renamed toattribution
.Object.clone()
method'sattributedTos
option is renamed toattributions
.
Object
'sattribution
property (wasattributedTo
) now accepts onlyActor
objects.new Object()
constructor'sattribution
option (wasattributedTo
) now accepts only anActor
object.new Object()
constructor'sattributions
option (wasattributedTos
) now accepts onlyActor
objects.Object.getAttribution()
method (wasgetAttributedTo()
) now returns only anActor
object.Object.getAttributions()
method (wasgetAttributedTos()
) now returns onlyActor
objects.Object.clone()
method'sattribution
option (attributedTo
) now accepts only anActor
object.Object.clone()
method'sattributions
option (attributedTos
) now accepts onlyActor
objects.
Activity
'sobject
property no more acceptsLink
objects.new Activity()
constructor'sobject
option no more accepts aLink
object.new Activity()
constructor'sobjects
option no more acceptsLink
objects.Activity.getObject()
method no more returns aLink
object.Activity.getObjects()
method no more returnsLink
objects.Activity.clone()
method'sobject
option no more accepts aLink
object.Activity.clone()
method'sobjects
option no more acceptsLink
objects.
Activity
'sactor
property now accepts onlyActor
objects.new Activity()
constructor'sactor
option now accepts only anActor
object.new Activity()
constructor'sactors
option now accepts onlyActor
objects.Activity.getActor()
method now returns only anActor
object.Activity.getActors()
method now returns onlyActor
objects.Activity.clone()
method'sactor
option now accepts only anActor
object.Activity.clone()
method'sactors
option now accepts onlyActor
objects.
Added
sensitive
property toObject
class.new Object()
constructor now acceptssensitive
option.- Added
Object.sensitive
attribute. Object.clone()
method now acceptssensitive
option.
Now
lookupWebFinger()
follows redirections.The
http://webfinger.net/rel/profile-page
links in WebFinger responses now omittype
property.
Version 0.3.0
Released on March 15, 2024.
Added utility functions for responding with an ActivityPub object:
- Added
respondWithObject()
function. - Added
respondWithObjectIfAcceptable()
function. - Added
RespondWithObjectOptions
interface.
- Added
Added utility functions for generating and exporting cryptographic keys which are compatible with popular ActivityPub software:
- Added
generateCryptoKeyPair()
function. - Added
exportJwk()
function. - Added
importJwk()
function.
- Added
The following functions and methods now throw
TypeError
if the specifiedCryptoKey
is notextractable
:Context.getActorKey()
methodContext.sendActivity()
methodFederation.sendActivity()
method
Added
immediate
option toContext.sendActivity()
andFederation.sendActivity()
methods.Added
SendActivityOptions
interface.Now
onNotFound
/onNotAcceptable
options are optional forFederation.handle()
method. [#9]
Version 0.2.0
Released on March 10, 2024.
Implemented NodeInfo 2.1 protocol. [#1]
- Now
Federation.handle()
accepts requests for /.well-known/nodeinfo. - Added
Federation.setNodeInfoDispatcher()
method. - Added
Context.getNodeInfoUri()
method. - Added
NodeInfo
interface. - Added
Software
interface. - Added
Protocol
type. - Added
Services
interface. - Added
InboundService
type. - Added
OutboundService
type. - Added
Usage
interface. - Added
NodeInfoDispatcher
type. - Added
nodeInfoToJson()
function.
- Now
Implemented WebFinger client.
- Added
lookupObject()
function. - Added
lookupWebFinger()
function.
- Added
Federation.handle()
now responds withAccess-Control-Allow-Origin: *
header for WebFinger requests.fetchDocumentLoader()
, the default document loader, now sendsAccept: application/activity+json, application/ld+json
header (wasAccept: application/ld+json
only).
Version 0.1.0
Initial release. Released on March 8, 2024.