ActivityPub server framework in TypeScript
MIT License
Bot releases are visible (Hide)
Published by github-actions[bot] about 1 month ago
Released on September 15, 2024.
ActorCallbackSetters.mapHandle()
method was called, a WebFinger username was used as an actor's handle. [#136]
Released on September 11, 2024.
Actors, collections, and objects now can have their URIs that do not consist of a WebFinger username, which means actors can change their fediverse handles.
ActorCallbackSetters.mapHandle()
method.ActorHandleMapper
type.Added quoteUrl
property to Article
, ChatMessage
, Note
, and Question
classes in Activity Vocabulary API.
Article.quoteUrl
property.new Article()
constructor now accepts quoteUrl
option.Article.clone()
method now accepts quoteUrl
option.ChatMessage.quoteUrl
property.new ChatMessage()
constructor now accepts quoteUrl
option.ChatMessage.clone()
method now accepts quoteUrl
option.Note.quoteUrl
property.new Note()
constructor now accepts quoteUrl
option.Note.clone()
method now accepts quoteUrl
option.Question.quoteUrl
property.new Question()
constructor now accepts quoteUrl
option.Question.clone()
method now accepts quoteUrl
option.The element type of the liked collection is now Object
or URL
instead of Like
.
Federation.setLikedDispatcher()
method's second parameter to CollectionDispatcher<Object | URL, RequestContext<TContextData>, TContextData, void>
(was CollectionDispatcher<Like, RequestContext<TContextData>, TContextData, void>
).Removed expand
option of Object.toJsonLd()
method, which was deprecated in version 0.14.0. Use format: "expand"
option instead.
Added Context.lookupObject()
method.
Default document loaders now recognize ActivityStream objects in more ways:
alternate
ActivityStreams objects in the Link
header.alternate
ActivityStreams objects in the <link>
/<a>
HTML elements.Added allowPrivateAddress
option to CreateFederationOptions
interface.
Fixed a bug where the WebFinger response had had a subject
property with an unmatched URI to the requested resource when a non-acct:
URI was given.
Renamed the short option -c
for --compact
of fedify lookup
command to -C
to avoid conflict with the short option -c
for --cache-dir
.
Added -r
/--raw
option to fedify lookup
command to output the raw JSON object.
Published by github-actions[bot] about 1 month ago
Released on September 6, 2024.
Object.fromJsonLd()
method where it had thrown a TypeError
when the given JSON-LD object had an @id
property with an empty string.Published by github-actions[bot] about 1 month ago
Released on September 6, 2024.
Object.fromJsonLd()
method where it had thrown a TypeError
when the given JSON-LD object had an @id
property with an empty string.Published by github-actions[bot] about 2 months ago
Released on September 1, 2024.
fedify inbox
command where it had ignored -a
/--accept-follow
options when no -f
/--follow
option was provided. [#132]
Published by github-actions[bot] about 2 months ago
Released on September 1, 2024.
fedify inbox
command where it had ignored -a
/--accept-follow
options when no -f
/--follow
option was provided. [#132]
Published by github-actions[bot] about 2 months ago
Published by github-actions[bot] about 2 months ago
Published by github-actions[bot] about 2 months ago
Released on August 29, 2024.
Fixed fedify inbox
command that had not been able to parse activities even if they are valid JSON-LD. [#126]
Fixed a bug where the Compact Activity tab of fedify inbox
command's web interface had shown an expanded JSON-LD object instead of a compacted one.
Published by github-actions[bot] about 2 months ago
Released on August 29, 2024.
fedify inbox
command that had not been able to parse activities even if they are valid JSON-LD. [#126]
Published by github-actions[bot] about 2 months ago
Released on August 27, 2024.
Removed the limitation that the sendActivity({ handle: string }, "followers", Activity)
overload is only available for RequestContext
but not for Context
. Now it is available for both. [#115]
Context.sendActivity({ handle: string }, "followers", Activity)
overload.TContext
to CollectionsDispatcher
type's first parameter to distinguish between RequestContext
and Context
.CollectionDispatcher
type became TContext
(was RequestContext
).TContext
to CollectionsCursor
type's first parameter to distinguish between RequestContext
and Context
.CollectionCursor
type became TContext
(was RequestContext
).TContext
to CollectionsCallbackSetters
type's first parameter to distinguish between RequestContext
and Context
.Added source
property to Object
class in Activity Vocabulary API. [#114]
Object.source
property.new Object()
constructor now accepts source
option.Object.clone()
method now accepts source
option.Added Source
class to Activity Vocabulary API. [#114]
Added aliases
property to Actor
type in Activity Vocabulary API.
Application.getAliases()
method.Application.getAlias()
method.new Application()
constructor now accepts alias
option.new Application()
constructor now accepts aliases
option.Application.clone()
method now accepts alias
option.Application.clone()
method now accepts aliases
option.Group.getAliases()
method.Group.getAlias()
method.new Group()
constructor now accepts alias
option.new Group()
constructor now accepts aliases
option.Group.clone()
method now accepts alias
option.Group.clone()
method now accepts aliases
option.Organization.getAliases()
method.Organization.getAlias()
method.new Organization()
constructor now accepts alias
option.new Organization()
constructor now accepts aliases
option.Organization.clone()
method now accepts alias
option.Organization.clone()
method now accepts aliases
option.Person.getAliases()
method.Person.getAlias()
method.new Person()
constructor now accepts alias
option.new Person()
constructor now accepts aliases
option.Person.clone()
method now accepts alias
option.Person.clone()
method now accepts aliases
option.Service.getAliases()
method.Service.getAlias()
method.new Service()
constructor now accepts alias
option.new Service()
constructor now accepts aliases
option.Service.clone()
method now accepts alias
option.Service.clone()
method now accepts aliases
option.Improved the performance of Object.toJsonLd()
method.
Object.toJsonLd()
method no longer guarantees that the returned JSON-LD object is compacted unless the format: "compact"
option is provided.format
option to Object.toJsonLd()
method.expand
option of Object.toJsonLd()
method. Use format: "expand"
option instead.context
option of Object.toJsonLd()
method is now only applicable to format: "compact"
. Otherwise, it throws a TypeError
.The getActorHandle()
function now supports cross-origin WebFinger resources.
The lookupWebFinger()
and getActorHandle()
functions no more throw an error when they fail to reach the WebFinger resource.
Collection dispatchers now set the id
property of the OrderedCollection
/OrderedCollectionPage
objects that they return to the their canonical URI.
Now fedify init
generates a default tsconfig.json file on Node.js and Bun, and fills the deno.json file with the default compilerOptions
on Deno.
Published by github-actions[bot] 2 months ago
Released on August 18, 2024.
getActorHandle()
function had trusted the hostname of WebFinger aliases that had not matched the hostname of the actor ID (URI).Published by github-actions[bot] 2 months ago
Released on August 18, 2024.
getActorHandle()
function had trusted the hostname of WebFinger aliases that had not matched the hostname of the actor ID (URI).Published by github-actions[bot] 2 months ago
Released on August 7, 2024.
Added closed
property to Question
class in Activity Vocabulary API.
Question.closed
property.new Question()
constructor now accepts closed
option.Question.clone()
method now accepts closed
option.Added voters
property to Question
class in Activity Vocabulary API.
Question.voters
property.new Question()
constructor now accepts voters
option.Question.clone()
method now accepts voters
option.HTTP Signatures verficiation now can be optionally skipped for the sake of testing. [#110]
CreateFederationOptions.signatureTimeWindow
property became Temporal.DurationLike | false
(was Temporal.DurationLike
).VerifyRequestOptions.timeWindow
property became Temporal.DurationLike | false
(was Temporal.DurationLike
).CreateFederationOptions.skipSignatureVerification
property.Removed the singular actor key pair dispatcher APIs which were deprecated in version 0.10.0.
ActorDispatcher
callback type. Use Context.getActorKeyPairs()
method instead.ActorKeyPairDispatcher
type. Use ActorKeyPairsDispatcher
type instead.ActorCallbackSetters.setKeyPairDispatcher()
method. Use ActorCallbackSetters.setKeyPairsDispatcher()
method instead.Context.getActorKey()
method. Use Context.getActorKeyPairs()
method instead.The Federation
is no more a class, but an interface, which has been planned since version 0.10.0. [#69]
new Federation()
constructor is removed. Use createFederation()
function instead.Federation.sendActivity()
method. Use Context.sendActivity()
method instead.Federation
class.Federation
interface.FederationParameters
interface.Added fedify tunnel
command to expose a local HTTP server to the public internet.
A scaffold project generated by the fedify init
command has several changes:
X-Forwarded-Proto
and X-Forwarded-Host
headers.Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "webfinger", "server"]
Published by github-actions[bot] 3 months ago
Released on July 31, 2024.
queue
option was provided to the createFederation()
function.Published by github-actions[bot] 3 months ago
Released on July 27, 2024.
fedify init -w hono
had generated scaffold files without Fedify integration.fedify init -r bun -w hono
had generated scaffold files with a wrong port number (was 3000).Published by github-actions[bot] 3 months ago
Released on July 24, 2024.
The fedify
command is now available on npm. [#104]
Incoming activities are now queued before being dispatched to the inbox listener if the queue
option is provided to the createFederation()
function. [#70]
InboxListener
callback type's first parameter became Context
(was RequestContext
).InboxErrorHandler
callback type's first parameter became Context
(was RequestContext
).SharedInboxKeyDispatcher
callback type's first parameter became Context
(was RequestContext
).Implemented fully customizable retry policy for failed tasks in the task queue. By default, the task queue retries the failed tasks with an exponential backoff policy with decorrelated jitter.
outboxRetryPolicy
option to CreateFederationOptions
interface.inboxRetryPolicy
option to CreateFederationOptions
interface. [#70]
RetryPolicy
callback type.RetryContext
interface.createExponentialBackoffPolicy()
function.CreateExponentialBackoffPolicyOptions
interface.Federation
object now allows its task queue to be started manually. [#53]
manuallyStartQueue
option to CreateFederationOptions
interface.Federation.startQueue()
method.Made the router able to be insensitive to trailing slashes in the URL paths. [#81]
trailingSlashInsensitive
option to CreateFederationOptions
interface.RouterOptions
interface.new Router()
constructor.Added ChatMessage
class to Activity Vocabulary API. [#85]
Added Move
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Added Read
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Added Travel
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Added View
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Added TentativeAccept
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Added TentativeReject
class to Activity Vocabulary API. [#65, #92 by Lee Dogeon]
Improved multitenancy (virtual hosting) support. [#66]
Context.hostname
property.Context.host
property.Context.origin
property.ActorKeyPairsDispatcher<TContextData>
's first parameter became Context
(was TContextData
).During verifying HTTP Signatures and Object Integrity Proofs, once fetched public keys are now cached. [#107]
verifyRequest()
function now caches the fetched public keys when the keyCache
option is provided.verifyProof()
function now caches the fetched public keys when the keyCache
option is provided.verifyObject()
function now caches the fetched public keys when the keyCache
option is provided.KeyCache
interface.VerifyRequestOptions.keyCache
property.VerifyProofOptions.keyCache
property.VerifyObjectOptions.keyCache
property.FederationKvPrefixes.publicKey
property.The built-in document loaders now recognize JSON-LD context provided in an HTTP Link
header. [#6]
fetchDocumentLoader()
function now recognizes the Link
header with the http://www.w3.org/ns/json-ld#context
link relation.getAuthenticatedDocumentLoader()
function now returns a document loader that recognizes the Link
header with the http://www.w3.org/ns/json-ld#context
link relation.Deprecated Federation.sendActivity()
method. Use Context.sendActivity()
method instead.
The last parameter of Federation.sendActivity()
method is no longer optional. Also, it now takes the required contextData
option.
Removed Context.getHandleFromActorUri()
method which was deprecated in version 0.9.0. Use Context.parseUri()
method instead.
Removed @fedify/fedify/httpsig
module which was deprecated in version 0.9.0. Use @fedify/fedify/sig
module instead.
sign()
function.verify()
function.VerifyOptions
interface.Fixed a bug where the lookupWebFinger()
function had incorrectly queried if the given resource
was a URL starts with http:
or had a non-default port number.
Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]
fetchDocumentLoader()
function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.fetchDocumentLoader()
function, which can be used to allow fetching private network addresses.getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.getAuthenticatedDocumentLoader()
function, which can be used to allow fetching private network addresses.Added fedify init
subcommand. [#105]
Added more log messages using the LogTape library. Currently the below logger categories are used:
["fedify", "federation", "queue"]
Published by github-actions[bot] 3 months ago
Released on July 15, 2024.
Federation.setInboxDispatcher()
after Federation.setInboxListeners()
had caused a RouterError
to be thrown even if the paths match. [#101 by Fabien O'Carroll]
Published by github-actions[bot] 3 months ago
Released on July 9, 2024.
Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]
fetchDocumentLoader()
function now throws an error when the given domain name has any records referring to a private network address.getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.Published by github-actions[bot] 3 months ago
Released on July 9, 2024.
Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]
fetchDocumentLoader()
function now throws an error when the given domain name has any records referring to a private network address.getAuthenticatedDocumentLoader()
function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.