Skip to content

Releases: fedify-dev/fedify

Fedify 0.9.2

05 Jul 02:22
0.9.2
944d1ae
Compare
Choose a tag to compare

Released on July 5, 2024.

  • Fixed a SSRF vulnerability in the built-in document loader. [CVE-2024-39687]

    • The fetchDocumentLoader() function now throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.
    • The getAuthenticatedDocumentLoader() function now returns a document loader that throws an error when the given URL is not an HTTP or HTTPS URL or refers to a private network address.

Fedify 0.11.0

28 Jun 15:57
0.11.0
dcd1fed
Compare
Choose a tag to compare

Released on June 29, 2024.

  • Improved runtime type error messages for Activity Vocabulary API. [#79]

  • Added suppressError option to dereferencing accessors of Activity Vocabulary classes.

  • Added more collection dispatchers. [#78]

    • Added Federation.setInboxDispatcher() method. [#71]
    • Added Federation.setLikedDispatcher() method.
    • Added Context.getLikedUri() method.
    • Added { type: "liked"; handle: string } case to ParseUriResult type.
    • Renamed linked property (which was a typo) to liked in Application, Group, Organization, Person, and Service classes.
    • Added Federation.setFeaturedDispatcher() method.
    • Added Context.getFeaturedUri() method.
    • Added { type: "featured"; handle: string } case to ParseUriResult type.
    • Added Federation.setFeaturedTagsDispatcher() method.
    • Added Context.getFeaturedTagsUri() method.
    • Added { type: "featuredTags"; handle: string } case to ParseUriResult type.
  • Frequently used JSON-LD contexts are now preloaded. [#74]

  • Added Invite class to Activity Vocabulary API. [#65, #80 by Randy Wressell]

  • Added Join class to Activity Vocabulary API. [#65, #80 by Randy Wressell]

  • Added Leave class to Activity Vocabulary API. [#65, #80 by Randy Wressell]

  • Added Listen class to Activity Vocabulary API. [#65, #80 by Randy Wressell]

  • Added Offer class to Activity Vocabulary API. [#65, #76 by Lee Dogeon]

  • The below properties of Collection and CollectionPage in Activity Vocabulary API now do not accept Link objects:

    • Collection.current
    • Collection.first
    • Collection.last
    • CollectionPage.partOf
    • CollectionPage.next
    • CollectionPage.prev
  • Added featured property to Actor types in Activity Vocabulary API. [#78]

    • Added Application.getFeatured() method.
    • Added Application.featuredId property.
    • new Application() constructor now accepts featured option.
    • Application.clone() method now accepts featured option.
    • Added Group.getFeatured() method.
    • Added Group.featuredId property.
    • new Group() constructor now accepts featured option.
    • Group.clone() method now accepts featured option.
    • Added Organization.getFeatured() method.
    • Added Organization.featuredId property.
    • new Organization() constructor now accepts featured option.
    • Organization.clone() method now accepts featured option.
    • Added Person.getFeatured() method.
    • Added Person.featuredId property.
    • new Person() constructor now accepts featured option.
    • Person.clone() method now accepts featured option.
    • Added Service.getFeatured() method.
    • Added Service.featuredId property.
    • new Service() constructor now accepts featured option.
    • Service.clone() method now accepts featured option.
  • Added featuredTags property to Actor types in Activity Vocabulary API. [#78]

    • Added Application.getFeaturedTags() method.
    • Added Application.featuredTagsId property.
    • new Application() constructor now accepts featuredTags option.
    • Application.clone() method now accepts featuredTags option.
    • Added Group.getFeaturedTags() method.
    • Added Group.featuredTagsId property.
    • new Group() constructor now accepts featuredTags option.
    • Group.clone() method now accepts featuredTags option.
    • Added Organization.getFeaturedTags() method.
    • Added Organization.featuredTagsId property.
    • new Organization() constructor now accepts featuredTags option.
    • Organization.clone() method now accepts featuredTags option.
    • Added Person.getFeaturedTags() method.
    • Added Person.featuredTagsId property.
    • new Person() constructor now accepts featuredTags option.
    • Person.clone() method now accepts featuredTags option.
    • Added Service.getFeaturedTags() method.
    • Added Service.featuredTagsId property.
    • new Service() constructor now accepts featuredTags option.
    • Service.clone() method now accepts featuredTags option.
  • Added target property to Activity class in Activity Vocabulary API.

    • Added Activity.getTarget() method.
    • Added Activity.getTargets() method.
    • Added Activity.targetId property.
    • Added Activity.targetIds property.
    • new Activity() constructor now accepts target option.
    • new Activity() constructor now accepts targets option.
    • Activity.clone() method now accepts target option.
    • Activity.clone() method now accepts targets option.
  • Added result property to Activity class in Activity Vocabulary API.

    • Added Activity.getResult() method.
    • Added Activity.getResults() method.
    • Added Activity.resultId property.
    • Added Activity.resultIds property.
    • new Activity() constructor now accepts result option.
    • new Activity() constructor now accepts results option.
    • Activity.clone() method now accepts result option.
    • Activity.clone() method now accepts results option.
  • Added origin property to Activity class in Activity Vocabulary API.

    • Added Activity.getOrigin() method.
    • Added Activity.getOrigins() method.
    • Added Activity.originId property.
    • Added Activity.originIds property.
    • new Activity() constructor now accepts origin option.
    • new Activity() constructor now accepts origins option.
    • Activity.clone() method now accepts origin option.
    • Activity.clone() method now accepts origins option.
  • Added instrument property to Activity class in Activity Vocabulary API.

    • Added Activity.getInstrument() method.
    • Added Activity.getInstruments() method.
    • Added Activity.instrumentId property.
    • Added Activity.instrumentIds property.
    • new Activity() constructor now accepts instrument option.
    • new Activity() constructor now accepts instruments option.
    • Activity.clone() method now accepts instrument option.
    • Activity.clone() method now accepts instruments option.
  • The items property of OrderedCollection and OrderedCollectionPage in Activity Vocabulary API is now represented as orderedItems (was items) in JSON-LD.

  • The key pair or the key pair for signing outgoing HTTP requests made from the shared inbox now can be configured. This improves the compatibility with other ActivityPub implementations that require authorized fetches (i.e., secure mode).

    • Added SharedInboxKeyDispatcher type.
    • Renamed InboxListenerSetter interface to InboxListenerSetters.
    • Added InboxListenerSetters.setSharedKeyDispatcher() method.
  • Followed up the change in eddsa-jcs-2022 specification for Object Integrity Proofs. [FEP-8b32, #54]

Fedify 0.10.0

18 Jun 15:04
0.10.0
c77c868
Compare
Choose a tag to compare

Released on June 18, 2024.

Starting with this release, Fedify, previously distributed under AGPL 3.0, is now distributed under the MIT License to encourage wider adoption.

  • Besides RSA-PKCS#1-v1.5, Fedify now supports Ed25519 for signing and verifying the activities. [#55]

    • Added an optional parameter to generateCryptoKeyPair() function, algorithm, which can be either "RSASSA-PKCS1-v1_5" or "Ed25519".
    • The importJwk() function now accepts Ed25519 keys.
    • The exportJwk() function now exports Ed25519 keys.
    • The importSpki() function now accepts Ed25519 keys.
    • The exportJwk() function now exports Ed25519 keys.
  • Now multiple key pairs can be registered for an actor. [FEP-521a, #55]

    • Added Context.getActorKeyPairs() method.
    • Deprecated Context.getActorKey() method. Use Context.getActorKeyPairs() method instead.
    • Added ActorKeyPair interface.
    • Added ActorCallbackSetters.setKeyPairsDispatcher() method.
    • Added ActorKeyPairsDispatcher type.
    • Deprecated ActorCallbackSetters.setKeyPairDispatcher() method.
    • Deprecated ActorKeyPairDispatcher type.
    • Deprecated the third parameter of the ActorDispatcher callback type. Use Context.getActorKeyPairs() method instead.
  • Added Multikey class to Activity Vocabulary API. [FEP-521a, #55]

    • Added importMultibaseKey() function.
    • Added exportMultibaseKey() function.
  • Added assertionMethod property to the Actor types in the Activity Vocabulary API. [FEP-521a, #55]

    • Added Application.getAssertionMethod() method.
    • Added Application.getAssertionMethods() method.
    • new Application() constructor now accepts assertionMethod option.
    • new Application() constructor now accepts assertionMethods option.
    • Application.clone() method now accepts assertionMethod option.
    • Application.clone() method now accepts assertionMethods option.
    • Added Group.getAssertionMethod() method.
    • Added Group.getAssertionMethods() method.
    • new Group() constructor now accepts assertionMethod option.
    • new Group() constructor now accepts assertionMethods option.
    • Group.clone() method now accepts assertionMethod option.
    • Group.clone() method now accepts assertionMethods option.
    • Added Organization.getAssertionMethod() method.
    • Added Organization.getAssertionMethods() method.
    • new Organization() constructor now accepts assertionMethod option.
    • new Organization() constructor now accepts assertionMethods option.
    • Organization.clone() method now accepts assertionMethod option.
    • Organization.clone() method now accepts assertionMethods option.
    • Added Person.getAssertionMethod() method.
    • Added Person.getAssertionMethods() method.
    • new Person() constructor now accepts assertionMethod option.
    • new Person() constructor now accepts assertionMethods option.
    • Person.clone() method now accepts assertionMethod option.
    • Person.clone() method now accepts assertionMethods option.
    • Added Service.getAssertionMethod() method.
    • Added Service.getAssertionMethods() method.
    • new Service() constructor now accepts assertionMethod option.
    • new Service() constructor now accepts assertionMethods option.
    • Service.clone() method now accepts assertionMethod option.
    • Service.clone() method now accepts assertionMethods option.
  • Added DataIntegrityProof class to Activity Vocabulary API. [FEP-8b32, #54]

  • Added proof property to the Object class in the Activity Vocabulary API. [FEP-8b32, #54]

    • Added Object.getProof() method.
    • Added Object.getProofs() method.
    • new Object() constructor now accepts proof option.
    • new Object() constructor now accepts proofs option.
    • Object.clone() method now accepts proof option.
    • Object.clone() method now accepts proofs option.
  • Implemented Object Integrity Proofs. [FEP-8b32, #54]

    • If there are any Ed25519 key pairs, the Context.sendActivity() and Federation.sendActivity() methods now make Object Integrity Proofs for the activity to be sent.
    • If the incoming activity has Object Integrity Proofs, the inbox listener now verifies them and ignores HTTP Signatures (if any).
    • Added signObject() function.
    • Added SignObjectOptions interface.
    • Added createProof() function.
    • Added CreateProofOptions interface.
    • Added verifyObject() function.
    • Added VerifyObjectOptions interface.
    • Added verifyProof() function.
    • Added VerifyProofOptions interface.
    • Added fetchKey() function.
    • Added FetchKeyOptions interface.
    • Added SenderKeyPair interface.
    • The type of Federation.sendActivity() method's first parameter became SenderKeyPair[] (was { keyId: URL; privateKey: CryptoKey }).
    • The Context.sendActivity() method's first parameter now accepts SenderKeyPair[] as well.
  • In the future, Federation class will become an interface. For the forward compatibility, the following changes are made:

    • Added createFederation() function.
    • Added CreateFederationOptions interface.
    • Deprecated new Federation() constructor. Use createFederation() function instead.
    • Deprecated FederationParameters interface.
  • Added Arrive class to Activity Vocabulary API. [#65, #68 by Randy Wressell]

  • Added Question class to Activity Vocabulary API.

  • Added context option to Object.toJsonLd() method. This applies to any subclasses of the Object class too.

  • Deprecated treatHttps option in FederationParameters interface. Instead, use the x-forwarded-fetch library to recognize the X-Forwarded-Host and X-Forwarded-Proto headers.

  • Removed the Federation.handle() method which was deprecated in version 0.6.0.

  • Removed the integrateHandlerOptions() function from @fedify/fedify/x/fresh which was deprecated in version 0.6.0.

  • Ephemeral actors and inboxes that the fedify inbox command spawns are now more interoperable with other ActivityPub implementations.

    • Ephemeral actors now have the following properties: summary, following, followers, outbox, manuallyApprovesFollowers, and url.
    • Improved the compatibility of the fedify inbox command with Misskey and Mitra.
  • Added more log messages using the LogTape library. Currently the below logger categories are used:

    • ["fedify", "sig", "proof"]
    • ["fedify", "sig", "key"]
    • ["fedify", "vocab", "lookup"]
    • ["fedify", "webfinger", "lookup"]

Fedify 0.9.1

13 Jun 03:50
0.9.1
c27ed66
Compare
Choose a tag to compare

Released on June 13, 2024.

  • Fixed a bug of Activity Vocabulary API that clone() method of Vocabulary classes had not cloned the id property from the source object.

Fedify 0.9.0

02 Jun 06:56
0.9.0
ecc6c8c
Compare
Choose a tag to compare

Released on June 2, 2024.

  • Added Tombstone class to Activity Vocabulary API.

  • Added Hashtag class to Activity Vocabulary API. [#48]

  • Added Emoji class to Activity Vocabulary API. [#48]

  • Added an actor handle normalization function.

    • Added normalizeActorHandle() function.
    • Added NormalizeActorHandleOptions interface.
    • The getActorHandle() function now guarantees that the returned actor handle is normalized.
    • Added the second optional parameter to getActorHandle() function.
    • The return type of getActorHandle() function became Promise<`@${string}@${string}` | `${string}@${string}`> (was Promise<`@${string}@${string}`>).
  • Added excludeBaseUris option to Context.sendActivity() and Federation.sendActivity() methods.

    • Added SendActivityOptions.excludeBaseUris property.
    • Added ExtractInboxesParameters.excludeBaseUris property.
  • The Context now can parse URIs of objects, inboxes, and collections as well as actors.

    • Added Context.parseUri() method.
    • Added ParseUriResult type.
    • Deprecated Context.getHandleFromActorUri() method.
  • The time window for signature verification is now configurable. [#52]

    • The default time window for signature verification is now a minute (was 30 seconds).
    • Added signatureTimeWindow option to FederationParameters interface.
    • Added VerifyOptions interface.
    • The signature of the verify() function is revamped; it now optionally takes a VerifyOptions object as the second parameter.
  • Renamed the @fedify/fedify/httpsig module to @fedify/fedify/sig, and also:

    • Deprecated sign() function. Use signRequest() instead.
    • Deprecated verify() function. Use verifyRequest() instead.
    • Deprecated VerifyOptions interface. Use VerifyRequestOptions instead.
  • When signing an HTTP request, the algorithm parameter is now added to the Signature header. This change improves the compatibility with Misskey and other implementations that require the algorithm parameter.

  • Added more log messages using the LogTape library. Currently the below logger categories are used:

    • ["fedify", "federation", "actor"]
    • ["fedify", "federation", "http"]
    • ["fedify", "sig", "http"]
    • ["fedify", "sig", "key"]
    • ["fedify", "sig", "owner"]

Fedify 0.8.0

06 May 13:39
0.8.0
ddccacc
Compare
Choose a tag to compare

Released on May 6, 2024.

  • The CLI toolchain for testing and debugging is now available on JSR: @fedify/cli. You can install it with deno install -A --unstable-fs --unstable-kv --unstable-temporal -n fedify jsr:@fedify/cli, or download a standalone executable from the releases page.

    • Added fedify command.
    • Added fedify lookup subcommand.
    • Added fedify inbox subcommand.
  • Implemented followers collection synchronization mechanism.

    • Added RequestContext.sendActivity() overload that takes "followers" as the second parameter.
    • Added the second type parameter to CollectionCallbackSetters interface.
    • Added the second type parameter to CollectionDispatcher type.
    • Added the fourth parameter to CollectionDispatcher type.
    • Added the second type parameter to CollectionCounter type.
    • Added the third parameter to CollectionCounter type.
    • Added the second type parameter to CollectionCursor type.
    • Added the third parameter to CollectionCursor type.
  • Relaxed the required type for activity recipients.

    • Added Recipient interface.
    • The type of the second parameter of Context.sendActivity() method became Recipient | Recipient[] (was Actor | Actor[]). However, since Recipient is a supertype of Actor, the existing code should work without any change.
  • Followers collection now has to consist of Recipient objects only. (It could consist of URLs as well as Actors before.)

    • The type of Federation.setFollowersDispatcher() method's second parameter became CollectionDispatcher<Recipient, TContextData, URL> (was CollectionDispatcher<Actor | URL, TContextData>).
  • Some of the responsibility of a document loader was separated to a context loader and a document loader.

    • Added contextLoader option to constructors, fromJsonLd() static methods, clone() methods, and all non-scalar accessors (get*()) of Activity Vocabulary classes.
    • Renamed documentLoader option to contextLoader in toJsonLd() methods of Activity Vocabulary objects.
    • Added contextLoader option to LookupObjectOptions interface.
    • Added contextLoader property to Context interface.
    • Added contextLoader option to FederationParameters interface.
    • Renamed documentLoader option to contextLoader in RespondWithObjectOptions interface.
    • Added GetKeyOwnerOptions interface.
    • The type of the second parameter of getKeyOwner() function became GetKeyOwnerOptions (was DocumentLoader).
    • Added DoesActorOwnKeyOptions interface.
    • The type of the third parameter of doesActorOwnKey() function became DoesActorOwnKeyOptions (was DocumentLoader).
  • Added width and height properties to Document class for better compatibility with Mastodon. [#47]

    • Added Document.width property.
    • Added Document.height property.
    • new Document() constructor now accepts width option.
    • new Document() constructor now accepts height option.
    • Document.clone() method now accepts width option.
    • Document.clone() method now accepts height option.
  • Removed the dependency on @js-temporal/polyfill on Deno, and Fedify now requires --unstable-temporal flag. On other runtime, it still depends on @js-temporal/polyfill.

  • Added more log messages using the LogTape library. Currently the below logger categories are used:

    • ["fedify", "federation", "collection"]
    • ["fedify", "httpsig", "verify"]
    • ["fedify", "runtime", "docloader"]
  • Fixed a bug where the authenticated document loader had thrown InvalidUrl error when the URL redirection was involved in Bun.

  • Fixed a bug of lookupObject() that it had failed to look up the actor object when WebFinger response had no links with "type": "application/activity+json" but had "type": "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"".

Fedify 0.7.0

23 Apr 11:57
0.7.0
2ca4b2c
Compare
Choose a tag to compare

Released on April 23, 2024.

  • Added PUBLIC_COLLECTION constant for public addressing.

  • Federation now supports authorized fetch for actor dispatcher and collection dispatchers.

    • Added ActorCallbackSetters.authorize() method.
    • Added CollectionCallbackSetters.authorize() method.
    • Added AuthorizedPredicate type.
    • Added RequestContext.getSignedKey() method.
    • Added RequestContext.getSignedKeyOwner() method.
    • Added FederationFetchOptions.onUnauthorized option for handling unauthorized fetches.
    • Added getKeyOwner() function.
  • The default implementation of FederationFetchOptions.onNotAcceptable option now responds with Vary: Accept, Signature header.

  • Added log messages using the LogTape library. Currently the below logger categories are used:

    • ["fedify"]
    • ["fedify", "federation"]
    • ["fedify", "federation", "inbox"]
    • ["fedify", "federation", "outbox"]
  • Added RequestContext.getActor() method.

  • Activity Vocabulary classes now have typeId static property.

  • Dispatcher setters and inbox listener setters in Federation now take a path as `${string}{handle}${string}` instead of string so that it is more type-safe.

  • Added generalized object dispatchers. [#33]

    • Added Federation.setObjectDispatcher() method.
    • Added ObjectDispatcher type.
    • Added ObjectAuthorizePredicate type.
    • Added Context.getObjectUri() method.
    • Added RequestContext.getObject() method.

Fedify 0.6.1

17 Apr 02:14
0.6.1
9e66924
Compare
Choose a tag to compare

Released on April 17, 2024.

  • Fixed a bug of new Federation() constructor that if it is once called the process will never exit. [#39]

Fedify 0.5.2

17 Apr 02:07
0.5.2
9e6eab8
Compare
Choose a tag to compare

Released on April 17, 2024.

  • Fixed a bug of new Federation() constructor that if it is once called the process will never exit. [#39]

Fedify 0.6.0

09 Apr 07:11
0.6.0
0b4fe36
Compare
Choose a tag to compare

Released on April 9, 2024.

  • DocumentLoader is now propagated to the loaded remote objects from Activity Vocabulary objects. [#27]

    • Added options parameter to Activity Vocabulary constructors.
    • Added options parameter to clone() method of Activity Vocabulary objects.
    • The Activity Vocabulary object passed to InboxListener now implicitly loads remote object with an authenticated DocumentLoader.
  • Added Federation.fetch() method.

    • Deprecated Federation.handle() method. Use Federation.fetch() method instead.
    • Renamed FederationHandlerParameters type to FederationFetchOptions.
    • Added integrateFetchOptions() function.
    • Deprecated integrateHandlerOptions() function.
  • Added @fedify/fedify/x/hono module for integrating with Hono middleware. [#25]

    • Added federation() function.
    • Added ContextDataFactory type.
  • Context.sendActivity() method now throws TypeError instead of silently failing when the given Activity object lacks the actor property.

  • Context.sendActivity() method now uses an authenticated document loader under the hood.

  • Added outbox error handler to Federation.

    • Added onOutboxError option to new Federation() constructor.
    • Added OutboxErrorHandler type.