@evanp/activitypub-bot 0.12.1 → 0.13.0

package/lib/app.js

@@ -140,12 +140,30 @@ export async function makeApp (databaseUrl, origin, bots, logLevel = 'silent') {
   app.use('/', serverRouter)
   app.use('/', userRouter)
   app.use('/', collectionRouter)
-  app.use('/', objectRouter)
   app.use('/', inboxRouter)
+  app.use('/', objectRouter)
   app.use('/', healthRouter)
   app.use('/', webfingerRouter)
   app.use('/', sharedInboxRouter)
 
+  app.use(async (req, res) => {
+    if (req.accepts('json')) {
+      const status = 404
+      const title = http.STATUS_CODES[status] || 'Not Found'
+      res.status(status)
+      res.type('application/problem+json')
+      res.json({
+        type: 'about:blank',
+        title,
+        status,
+        detail: 'Not found',
+        instance: req.originalUrl
+      })
+    } else {
+      res.status(404).send('Not found')
+    }
+  })
+
   app.use((err, req, res, next) => {
     const { logger } = req.app.locals
     let status = 500

package/lib/index.js

@@ -1,3 +1,5 @@
 export { makeApp } from './app.js'
 export { default as Bot } from './bot.js'
 export { default as BotFactory } from './botfactory.js'
+export { default as OKBot } from './bots/ok.js'
+export { default as DoNothingBot } from './bots/donothing.js'

package/lib/routes/collection.js

@@ -2,7 +2,9 @@ import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
 import BotMaker from '../botmaker.js'
+import assert from 'node:assert'
 
+const collections = ['outbox', 'liked', 'followers', 'following']
 const router = express.Router()
 
 async function filterAsync (array, asyncPredicate) {
@@ -16,81 +18,95 @@ async function filterAsync (array, asyncPredicate) {
   return array.filter((_, idx) => booleans[idx])
 }
 
-router.get('/user/:username/:collection', async (req, res, next) => {
-  const { username, collection } = req.params
-  const { actorStorage, bots } = req.app.locals
-  const bot = await BotMaker.makeBot(bots, username)
-  if (!bot) {
-    return next(createHttpError(404, `User ${username} not found`))
-  }
-  if (collection === 'inbox') {
-    return next(createHttpError(403, `No access to ${collection} collection`))
-  }
-  if (!['outbox', 'liked', 'followers', 'following'].includes(req.params.collection)) {
-    return next(createHttpError(404,
-      `No such collection ${collection} for user ${username}`))
+// This got tricky because Express 5 doesn't let us add regexes to our routes,
+// so the page routes conflict with the object routes in ./object.js. This
+// format lets us define fixed routes for the 4 user collections that support
+// GET
+
+function collectionHandler (collection) {
+  assert.ok(collections.includes(collection))
+  return async (req, res, next) => {
+    const { username } = req.params
+    const { actorStorage, bots } = req.app.locals
+    const bot = await BotMaker.makeBot(bots, username)
+    if (!bot) {
+      return next(createHttpError(404, `User ${username} not found`))
+    }
+    const coll = await actorStorage.getCollection(username, collection)
+    res.status(200)
+    res.type(as2.mediaType)
+    res.end(await coll.prettyWrite({ useOriginalContext: true }))
   }
-  const coll = await actorStorage.getCollection(username, collection)
-  res.status(200)
-  res.type(as2.mediaType)
-  res.end(await coll.prettyWrite({ useOriginalContext: true }))
-})
+}
 
-router.get('/user/:username/:collection/:n(\\d+)', async (req, res, next) => {
-  const { username, collection, n } = req.params
-  const { actorStorage, bots, authorizer, objectStorage, formatter, client } = req.app.locals
-  const bot = await BotMaker.makeBot(bots, username)
+function collectionPageHandler (collection) {
+  assert.ok(['outbox', 'liked', 'followers', 'following'].includes(collection))
+  return async (req, res, next) => {
+    const { username, n } = req.params
+    let pageNo
+    try {
+      pageNo = parseInt(n)
+    } catch (err) {
+      return next(createHttpError(400, `Invalid page ${n}`))
+    }
+    const { actorStorage, bots, authorizer, objectStorage, formatter, client } = req.app.locals
+    const bot = await BotMaker.makeBot(bots, username)
 
-  if (!bot) {
-    return next(createHttpError(404, `User ${username} not found`))
-  }
+    if (!bot) {
+      return next(createHttpError(404, `User ${username} not found`))
+    }
 
-  if (collection === 'inbox') {
-    return next(createHttpError(403, `No access to ${collection} collection`))
-  }
-  if (!['outbox', 'liked', 'followers', 'following'].includes(collection)) {
-    return next(createHttpError(404,
-      `No such collection ${collection} for user ${username}`))
-  }
-  if (!await actorStorage.hasPage(username, collection, parseInt(n))) {
-    return next(createHttpError(404, `No such page ${n} for collection ${collection} for user ${username}`))
-  }
+    if (collection === 'inbox') {
+      return next(createHttpError(403, `No access to ${collection} collection`))
+    }
+    if (!await actorStorage.hasPage(username, collection, parseInt(n))) {
+      return next(createHttpError(404, `No such page ${n} for collection ${collection} for user ${username}`))
+    }
 
-  let exported = null
+    let exported = null
 
-  try {
-    const id = req.auth?.subject
-    const remote = (id) ? await as2.import({ id }) : null
-    const page = await actorStorage.getCollectionPage(
-      username,
-      collection,
-      parseInt(n)
-    )
-    exported = await page.export({ useOriginalContext: true })
+    try {
+      const id = req.auth?.subject
+      const remote = (id) ? await as2.import({ id }) : null
+      const page = await actorStorage.getCollectionPage(
+        username,
+        collection,
+        pageNo
+      )
+      exported = await page.export({ useOriginalContext: true })
 
-    if (['outbox', 'liked'].includes(collection)) {
-      exported.items = await filterAsync(exported.items, async (id) => {
-        const object = (formatter.isLocal(id))
-          ? await objectStorage.read(id)
-          : await client.get(id)
-        if (!object) {
-          req.log.warn({ id }, 'could not load object')
-          return false
-        }
-        req.log.debug({ id, object }, 'loaded object')
-        return await authorizer.canRead(remote, object)
-      })
+      if (['outbox', 'liked'].includes(collection)) {
+        exported.items = await filterAsync(exported.items, async (id) => {
+          const object = (formatter.isLocal(id))
+            ? await objectStorage.read(id)
+            : await client.get(id)
+          if (!object) {
+            req.log.warn({ id }, 'could not load object')
+            return false
+          }
+          req.log.debug({ id, object }, 'loaded object')
+          return await authorizer.canRead(remote, object)
+        })
+      }
+    } catch (error) {
+      req.log.error(
+        { err: error, username, collection, n },
+        'error loading collection page'
+      )
+      return next(createHttpError(500, 'Error loading collection page'))
     }
-  } catch (error) {
-    req.log.error(
-      { err: error, username, collection, n },
-      'error loading collection page'
-    )
-    return next(createHttpError(500, 'Error loading collection page'))
+    res.status(200)
+    res.type(as2.mediaType)
+    res.end(JSON.stringify(exported))
   }
-  res.status(200)
-  res.type(as2.mediaType)
-  res.end(JSON.stringify(exported))
-})
+}
+
+for (const collection of collections) {
+  router.get(`/user/:username/${collection}`, collectionHandler(collection))
+  router.get(
+    `/user/:username/${collection}/:n`,
+    collectionPageHandler(collection)
+  )
+}
 
 export default router

package/lib/routes/inbox.js

@@ -67,4 +67,12 @@ router.post('/user/:username/inbox', async (req, res, next) => {
   res.send('OK')
 })
 
+router.get('/user/:username/inbox', async (req, res, next) => {
+  return next(createHttpError(403, `No access to inbox collection`))
+})
+
+router.get('/user/:username/inbox/:n', async (req, res, next) => {
+  return next(createHttpError(403, `No access to inbox collection`))
+})
+
 export default router

package/lib/routes/object.js

@@ -6,8 +6,11 @@ const router = express.Router()
 
 export default router
 
-router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})', async (req, res, next) => {
+router.get('/user/:username/:type/:nanoid', async (req, res, next) => {
   const { username, type, nanoid } = req.params
+  if (!nanoid.match(/^[A-Za-z0-9_\\-]{21}$/)) {
+    return next(createHttpError(400, `Invalid nanoid ${nanoid}`))
+  }
   const { objectStorage, formatter, authorizer } = req.app.locals
   const id = formatter.format({ username, type, nanoid })
   const object = await objectStorage.read(id)
@@ -23,12 +26,16 @@ router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})', async (req, res
   res.end(await object.prettyWrite())
 })
 
-router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection', async (req, res, next) => {
+router.get('/user/:username/:type/:nanoid/:collection', async (req, res, next) => {
   const { objectStorage, formatter, authorizer } = req.app.locals
   if (!['replies', 'likes', 'shares', 'thread'].includes(req.params.collection)) {
     return next(createHttpError(404, 'Not Found'))
   }
-  const id = formatter.format({ username: req.params.username, type: req.params.type, nanoid: req.params.nanoid })
+  const { username, type, nanoid } = req.params
+  if (!nanoid.match(/^[A-Za-z0-9_\\-]{21}$/)) {
+    return next(createHttpError(400, `Invalid nanoid ${nanoid}`))
+  }
+  const id = formatter.format({ username, type, nanoid })
   const object = await objectStorage.read(id)
   if (!object) {
     return next(createHttpError(404, 'Not Found'))
@@ -43,8 +50,17 @@ router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection', asy
   res.end(await collection.prettyWrite({ useOriginalContext: true }))
 })
 
-router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection/:n(\\d+)', async (req, res, next) => {
+router.get('/user/:username/:type/:nanoid/:collection/:n', async (req, res, next) => {
   const { username, type, nanoid, collection, n } = req.params
+  let pageNo
+  try {
+    pageNo = parseInt(n)
+  } catch (err) {
+    return next(createHttpError(400, `Invalid page ${n}`))
+  }
+  if (!nanoid.match(/^[A-Za-z0-9_\\-]{21}$/)) {
+    return next(createHttpError(400, `Invalid nanoid ${nanoid}`))
+  }
   const { objectStorage, formatter, authorizer } = req.app.locals
   if (!['replies', 'likes', 'shares', 'thread'].includes(req.params.collection)) {
     return next(createHttpError(404, 'Not Found'))
@@ -58,7 +74,11 @@ router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection/:n(\\
   if (!await authorizer.canRead(remote, object)) {
     return next(createHttpError(403, 'Forbidden'))
   }
-  const collectionPage = await objectStorage.getCollectionPage(id, collection, parseInt(n))
+  const collectionPage = await objectStorage.getCollectionPage(
+    id,
+    collection,
+    pageNo
+  )
   const exported = await collectionPage.export({ useOriginalContext: true })
   if (!Array.isArray(exported.items)) {
     exported.items = [exported.items]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@evanp/activitypub-bot",
-  "version": "0.12.1",
+  "version": "0.13.0",
   "description": "server-side ActivityPub bot framework",
   "type": "module",
   "main": "lib/index.js",
@@ -30,7 +30,7 @@
   "dependencies": {
     "@isaacs/ttlcache": "^2.1.4",
     "activitystrea.ms": "3.2",
-    "express": "^4.22.1",
+    "express": "^5.2.1",
     "http-errors": "^2.0.0",
     "humanhash": "^1.0.4",
     "lru-cache": "^11.1.0",

package/tests/index.test.js

@@ -1,10 +1,12 @@
 import assert from 'node:assert'
 import { describe, it } from 'node:test'
 describe('package exports', () => {
-  it('exposes Bot, BotFactory, and makeApp', async () => {
-    const { Bot, BotFactory, makeApp } = await import('../lib/index.js')
+  it('exposes Bot, BotFactory, default bots, and makeApp', async () => {
+    const { Bot, BotFactory, makeApp, DoNothingBot, OKBot } = await import('../lib/index.js')
     assert.equal(typeof Bot, 'function')
     assert.equal(typeof BotFactory, 'function')
     assert.equal(typeof makeApp, 'function')
+    assert.equal(typeof OKBot, 'function')
+    assert.equal(typeof DoNothingBot, 'function')
   })
 })

package/tests/routes.collection.test.js

@@ -273,129 +273,6 @@ describe('actor collection routes', async () => {
     it('should return an object with a detail', async () => {
       assert.strictEqual(typeof response.body.detail, 'string')
     })
-    it('should return an object with a detail matching the request', async () => {
-      assert.strictEqual(response.body.detail, 'No such collection dne for user ok')
-    })
-  })
-
-  describe('GET page for non-existent collection for existent user', async () => {
-    let response = null
-    it('should work without an error', async () => {
-      response = await request(app).get('/user/ok/dne/1')
-    })
-    it('should return 404 Not Found', async () => {
-      assert.strictEqual(response.status, 404)
-    })
-    it('should return Problem Details JSON', async () => {
-      assert.strictEqual(response.type, 'application/problem+json')
-    })
-    it('should return an object', async () => {
-      assert.strictEqual(typeof response.body, 'object')
-    })
-    it('should return an object with a type', async () => {
-      assert.strictEqual(typeof response.body.type, 'string')
-    })
-    it('should return an object with an type matching the request', async () => {
-      assert.strictEqual(response.body.type, 'about:blank')
-    })
-    it('should return an object with a title', async () => {
-      assert.strictEqual(typeof response.body.title, 'string')
-    })
-    it('should return an object with a title matching the request', async () => {
-      assert.strictEqual(response.body.title, 'Not Found')
-    })
-    it('should return an object with a status', async () => {
-      assert.strictEqual(typeof response.body.status, 'number')
-    })
-    it('should return an object with a status matching the request', async () => {
-      assert.strictEqual(response.body.status, 404)
-    })
-    it('should return an object with a detail', async () => {
-      assert.strictEqual(typeof response.body.detail, 'string')
-    })
-    it('should return an object with a detail matching the request', async () => {
-      assert.strictEqual(response.body.detail, 'No such collection dne for user ok')
-    })
-  })
-
-  describe('GET /user/{botid}/inbox', async () => {
-    let response = null
-    it('should work without an error', async () => {
-      response = await request(app).get('/user/ok/inbox')
-    })
-    it('should return 403 Forbidden', async () => {
-      assert.strictEqual(response.status, 403)
-    })
-    it('should return Problem Details JSON', async () => {
-      assert.strictEqual(response.type, 'application/problem+json')
-    })
-    it('should return an object', async () => {
-      assert.strictEqual(typeof response.body, 'object')
-    })
-    it('should return an object with a type', async () => {
-      assert.strictEqual(typeof response.body.type, 'string')
-    })
-    it('should return an object with an type matching the request', async () => {
-      assert.strictEqual(response.body.type, 'about:blank')
-    })
-    it('should return an object with a title', async () => {
-      assert.strictEqual(typeof response.body.title, 'string')
-    })
-    it('should return an object with a title matching the request', async () => {
-      assert.strictEqual(response.body.title, 'Forbidden')
-    })
-    it('should return an object with a status', async () => {
-      assert.strictEqual(typeof response.body.status, 'number')
-    })
-    it('should return an object with a status matching the request', async () => {
-      assert.strictEqual(response.body.status, 403)
-    })
-    it('should return an object with a detail', async () => {
-      assert.strictEqual(typeof response.body.detail, 'string')
-    })
-    it('should return an object with a detail matching the request', async () => {
-      assert.strictEqual(response.body.detail, 'No access to inbox collection')
-    })
-  })
-
-  describe('GET /user/{botid}/inbox/1', async () => {
-    let response = null
-    it('should work without an error', async () => {
-      response = await request(app).get('/user/ok/inbox/1')
-    })
-    it('should return 403 Forbidden', async () => {
-      assert.strictEqual(response.status, 403)
-    })
-    it('should return Problem Details JSON', async () => {
-      assert.strictEqual(response.type, 'application/problem+json')
-    })
-    it('should return an object', async () => {
-      assert.strictEqual(typeof response.body, 'object')
-    })
-    it('should return an object with a type', async () => {
-      assert.strictEqual(typeof response.body.type, 'string')
-    })
-    it('should return an object with an type matching the request', async () => {
-      assert.strictEqual(response.body.type, 'about:blank')
-    })
-    it('should return an object with a title', async () => {
-      assert.strictEqual(typeof response.body.title, 'string')
-    })
-    it('should return an object with a title matching the request', async () => {
-      assert.strictEqual(response.body.title, 'Forbidden')
-    })
-    it('should return an object with a status', async () => {
-      assert.strictEqual(typeof response.body.status, 'number')
-    })
-    it('should return an object with a status matching the request', async () => {
-      assert.strictEqual(response.body.status, 403)
-    })
-    it('should return an object with a detail', async () => {
-      assert.strictEqual(typeof response.body.detail, 'string')
-    })
-    it('should return an object with a detail matching the request', async () => {
-      assert.strictEqual(response.body.detail, 'No access to inbox collection')
-    })
   })
 
   describe('GET /user/{botid}/outbox/1 with contents', async () => {

package/tests/routes.inbox.test.js

@@ -20,6 +20,86 @@ describe('routes.inbox', async () => {
     app = await makeApp(databaseUrl, origin, bots, 'silent')
   })
 
+  describe('GET /user/{botid}/inbox', async () => {
+    let response = null
+    it('should work without an error', async () => {
+      response = await request(app).get('/user/ok/inbox')
+    })
+    it('should return 403 Forbidden', async () => {
+      assert.strictEqual(response.status, 403)
+    })
+    it('should return Problem Details JSON', async () => {
+      assert.strictEqual(response.type, 'application/problem+json')
+    })
+    it('should return an object', async () => {
+      assert.strictEqual(typeof response.body, 'object')
+    })
+    it('should return an object with a type', async () => {
+      assert.strictEqual(typeof response.body.type, 'string')
+    })
+    it('should return an object with an type matching the request', async () => {
+      assert.strictEqual(response.body.type, 'about:blank')
+    })
+    it('should return an object with a title', async () => {
+      assert.strictEqual(typeof response.body.title, 'string')
+    })
+    it('should return an object with a title matching the request', async () => {
+      assert.strictEqual(response.body.title, 'Forbidden')
+    })
+    it('should return an object with a status', async () => {
+      assert.strictEqual(typeof response.body.status, 'number')
+    })
+    it('should return an object with a status matching the request', async () => {
+      assert.strictEqual(response.body.status, 403)
+    })
+    it('should return an object with a detail', async () => {
+      assert.strictEqual(typeof response.body.detail, 'string')
+    })
+    it('should return an object with a detail matching the request', async () => {
+      assert.strictEqual(response.body.detail, 'No access to inbox collection')
+    })
+  })
+
+  describe('GET /user/{botid}/inbox/1', async () => {
+    let response = null
+    it('should work without an error', async () => {
+      response = await request(app).get('/user/ok/inbox/1')
+    })
+    it('should return 403 Forbidden', async () => {
+      assert.strictEqual(response.status, 403)
+    })
+    it('should return Problem Details JSON', async () => {
+      assert.strictEqual(response.type, 'application/problem+json')
+    })
+    it('should return an object', async () => {
+      assert.strictEqual(typeof response.body, 'object')
+    })
+    it('should return an object with a type', async () => {
+      assert.strictEqual(typeof response.body.type, 'string')
+    })
+    it('should return an object with an type matching the request', async () => {
+      assert.strictEqual(response.body.type, 'about:blank')
+    })
+    it('should return an object with a title', async () => {
+      assert.strictEqual(typeof response.body.title, 'string')
+    })
+    it('should return an object with a title matching the request', async () => {
+      assert.strictEqual(response.body.title, 'Forbidden')
+    })
+    it('should return an object with a status', async () => {
+      assert.strictEqual(typeof response.body.status, 'number')
+    })
+    it('should return an object with a status matching the request', async () => {
+      assert.strictEqual(response.body.status, 403)
+    })
+    it('should return an object with a detail', async () => {
+      assert.strictEqual(typeof response.body.detail, 'string')
+    })
+    it('should return an object with a detail matching the request', async () => {
+      assert.strictEqual(response.body.detail, 'No access to inbox collection')
+    })
+  })
+
   describe('can handle an incoming activity', async () => {
     const username = 'actor1'
     const botName = 'test0'