@evanp/activitypub-bot 0.8.0 → 0.11.0

package/lib/botmaker.js

@@ -0,0 +1,23 @@
+import assert from 'node:assert'
+
+export default class BotMaker {
+  static async makeBot (bots, username) {
+    assert.ok(bots)
+    assert.ok(typeof bots === 'object')
+    assert.ok(username)
+    assert.ok(typeof username === 'string')
+
+    let bot
+
+    if (username in bots) {
+      bot = bots[username]
+    } else if ('*' in bots) {
+      const factory = bots['*']
+      if (await factory.canCreate(username)) {
+        bot = await factory.create(username)
+      }
+    }
+
+    return bot
+  }
+}

package/lib/keystorage.js

@@ -17,27 +17,6 @@ export class KeyStorage {
     this.#hasher = new HumanHasher()
   }
 
-  async initialize () {
-    await this.#connection.query(`
-            CREATE TABLE IF NOT EXISTS new_keys (
-                username varchar(512) PRIMARY KEY,
-                public_key TEXT,
-                private_key TEXT
-            )
-        `)
-    try {
-      await this.#connection.query(`
-              INSERT OR IGNORE INTO new_keys (username, public_key, private_key)
-              SELECT bot_id, public_key, private_key
-              FROM keys
-          `)
-    } catch (error) {
-      this.#logger.debug(
-        { error, method: 'KeyStorage.initialize' },
-        'failed to copy keys to new_keys table')
-    }
-  }
-
   async getPublicKey (username) {
     this.#logger.debug(
       { username, method: 'KeyStorage.getPublicKey' },
@@ -57,9 +36,13 @@ export class KeyStorage {
   async #getKeys (username) {
     let privateKey
     let publicKey
-    const [result] = await this.#connection.query(`
-          SELECT public_key, private_key FROM new_keys WHERE username = ?
-      `, { replacements: [username] })
+    const qry = (username)
+      ? 'SELECT public_key, private_key FROM new_keys WHERE username = ?'
+      : 'SELECT public_key, private_key FROM new_keys WHERE username IS NULL'
+    const [result] = await this.#connection.query(
+      qry,
+      { replacements: [username] }
+    )
     if (result.length > 0) {
       this.#logger.debug(
         { username, method: 'KeyStorage.#getKeys' },

package/lib/migrations/001-initial.js

@@ -0,0 +1,107 @@
+export const id = '001-initial'
+
+export async function up (connection) {
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS actorcollection (
+      username varchar(512) NOT NULL,
+      property varchar(512) NOT NULL,
+      first INTEGER NOT NULL,
+      totalItems INTEGER NOT NULL DEFAULT 0,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      PRIMARY KEY (username, property)
+    );
+  `)
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS actorcollectionpage (
+      username varchar(512) NOT NULL,
+      property varchar(512) NOT NULL,
+      item varchar(512) NOT NULL,
+      page INTEGER NOT NULL,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      PRIMARY KEY (username, property, item)
+    );
+  `)
+  await connection.query(
+    `CREATE INDEX IF NOT EXISTS actorcollectionpage_username_property_page
+    ON actorcollectionpage (username, property, page);`
+  )
+
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS objects (
+      id VARCHAR(512) PRIMARY KEY,
+      data TEXT NOT NULL,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+    )
+  `)
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS collections (
+      id VARCHAR(512) NOT NULL,
+      property VARCHAR(512) NOT NULL,
+      first INTEGER NOT NULL,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      PRIMARY KEY (id, property)
+    )
+  `)
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS pages (
+      id VARCHAR(512) NOT NULL,
+      property VARCHAR(64) NOT NULL,
+      item VARCHAR(512) NOT NULL,
+      page INTEGER NOT NULL,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      PRIMARY KEY (id, property, item)
+    )
+  `)
+  await connection.query(
+    `CREATE INDEX IF NOT EXISTS pages_username_property_page
+    ON pages (id, property, page);`
+  )
+
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS botdata (
+      username VARCHAR(512) not null,
+      key VARCHAR(512) not null,
+      value TEXT not null,
+      createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+      PRIMARY KEY (username, key)
+    )
+  `)
+
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS new_keys (
+      username varchar(512) PRIMARY KEY,
+      public_key TEXT,
+      private_key TEXT
+    )
+  `)
+  try {
+    await connection.query(`
+      INSERT OR IGNORE INTO new_keys (username, public_key, private_key)
+      SELECT bot_id, public_key, private_key
+      FROM keys
+    `)
+  } catch {
+  }
+
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS new_remotekeys (
+      id VARCHAR(512) PRIMARY KEY,
+      owner VARCHAR(512) NOT NULL,
+      publicKeyPem TEXT NOT NULL,
+      createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+      updatedAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    )
+  `)
+  try {
+    await connection.query(`
+      INSERT OR IGNORE INTO new_remotekeys (id, owner, publicKeyPem)
+      SELECT id, owner, publicKeyPem
+      FROM remotekeys
+    `)
+  } catch {
+  }
+}

package/lib/migrations/index.js

@@ -0,0 +1,28 @@
+import { id as initialId, up as initialUp } from './001-initial.js'
+
+const migrations = [
+  { id: initialId, up: initialUp }
+]
+
+export async function runMigrations (connection) {
+  await connection.query(`
+    CREATE TABLE IF NOT EXISTS migrations (
+      id VARCHAR(255) PRIMARY KEY,
+      ranAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+    )
+  `)
+
+  const [rows] = await connection.query('SELECT id FROM migrations')
+  const applied = new Set(rows.map((row) => row.id))
+
+  for (const migration of migrations) {
+    if (applied.has(migration.id)) {
+      continue
+    }
+    await migration.up(connection)
+    await connection.query(
+      'INSERT INTO migrations (id) VALUES (?)',
+      { replacements: [migration.id] }
+    )
+  }
+}

package/lib/objectcache.js

@@ -1,4 +1,7 @@
-import TTLCache from '@isaacs/ttlcache'
+import * as ttlcachePkg from '@isaacs/ttlcache'
+
+const TTLCache =
+  ttlcachePkg.TTLCache ?? ttlcachePkg.default ?? ttlcachePkg
 
 export class ObjectCache {
   #objects = null

package/lib/objectstorage.js

@@ -17,42 +17,6 @@ export class ObjectStorage {
     this.#connection = connection
   }
 
-  async initialize () {
-    await this.#connection.query(`
-            CREATE TABLE IF NOT EXISTS objects (
-                id VARCHAR(512) PRIMARY KEY,
-                data TEXT NOT NULL,
-                createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-                updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
-            )
-        `)
-    await this.#connection.query(`
-            CREATE TABLE IF NOT EXISTS collections (
-                id VARCHAR(512) NOT NULL,
-                property VARCHAR(512) NOT NULL,
-                first INTEGER NOT NULL,
-                createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-                updatedAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-                PRIMARY KEY (id, property)
-            )
-        `)
-    await this.#connection.query(`
-            CREATE TABLE IF NOT EXISTS pages (
-                id VARCHAR(512) NOT NULL,
-                property VARCHAR(64) NOT NULL,
-                item VARCHAR(512) NOT NULL,
-                page INTEGER NOT NULL,
-                createdAt DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-                PRIMARY KEY (id, property, item)
-            )
-        `)
-
-    await this.#connection.query(
-      `CREATE INDEX IF NOT EXISTS pages_username_property_page
-      ON pages (id, property, page);`
-    )
-  }
-
   async create (object) {
     assert.ok(this.#connection, 'ObjectStorage not initialized')
     assert.ok(object, 'object is required')

package/lib/remotekeystorage.js

@@ -10,30 +10,6 @@ export class RemoteKeyStorage {
     this.#logger = logger.child({ class: this.constructor.name })
   }
 
-  async initialize () {
-    await this.#connection.query(
-      `CREATE TABLE IF NOT EXISTS new_remotekeys (
-        id VARCHAR(512) PRIMARY KEY,
-        owner VARCHAR(512) NOT NULL,
-        publicKeyPem TEXT NOT NULL,
-        createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        updatedAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-      )`
-    )
-    try {
-      await this.#connection.query(
-        `INSERT OR IGNORE INTO new_remotekeys (id, owner, publicKeyPem)
-         SELECT id, owner, publicKeyPem
-         FROM remotekeys`
-      )
-    } catch (error) {
-      this.#logger.debug(
-        { error, method: 'RemoteKeyStorage.initialize' },
-        'failed to copy remotekeys to new_remotekeys table'
-      )
-    }
-  }
-
   async getPublicKey (id, useCache = true) {
     this.debug(`getPublicKey(${id})`)
     if (useCache) {

package/lib/routes/collection.js

@@ -1,6 +1,7 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
@@ -18,7 +19,8 @@ async function filterAsync (array, asyncPredicate) {
 router.get('/user/:username/:collection', async (req, res, next) => {
   const { username, collection } = req.params
   const { actorStorage, bots } = req.app.locals
-  if (!(username in bots)) {
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   if (collection === 'inbox') {
@@ -37,10 +39,12 @@ router.get('/user/:username/:collection', async (req, res, next) => {
 router.get('/user/:username/:collection/:n(\\d+)', async (req, res, next) => {
   const { username, collection, n } = req.params
   const { actorStorage, bots, authorizer, objectStorage, formatter, client } = req.app.locals
+  const bot = await BotMaker.makeBot(bots, username)
 
-  if (!(username in bots)) {
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
+
   if (collection === 'inbox') {
     return next(createHttpError(403, `No access to ${collection} collection`))
   }

package/lib/routes/inbox.js

@@ -1,26 +1,19 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
-function isActivity (object) {
-  return true
-}
-
-function getActor (activity) {
-  return activity.actor?.first
-}
-
 router.post('/user/:username/inbox', async (req, res, next) => {
   const { username } = req.params
-  const { bots, actorStorage, activityHandler } = req.app.locals
+  const { bots, deliverer, actorStorage } = req.app.locals
   const { subject } = req.auth
   const { logger } = req.app.locals
 
-  const bot = bots[username]
+  const bot = await BotMaker.makeBot(bots, username)
   if (!bot) {
-    return next(createHttpError(404, 'Not Found'))
+    return next(createHttpError(404, `User ${username} not found`))
   }
 
   if (!subject) {
@@ -41,11 +34,11 @@ router.post('/user/:username/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'Invalid request body'))
   }
 
-  if (!isActivity(activity)) {
+  if (!deliverer.isActivity(activity)) {
     return next(createHttpError(400, 'Request body is not an activity'))
   }
 
-  const actor = getActor(activity)
+  const actor = deliverer.getActor(activity)
 
   if (!actor) {
     return next(createHttpError(400, 'No actor found in activity'))
@@ -67,13 +60,7 @@ router.post('/user/:username/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'Activity already delivered'))
   }
 
-  try {
-    await activityHandler.handleActivity(bot, activity)
-  } catch (err) {
-    return next(err)
-  }
-
-  await actorStorage.addToCollection(bot.username, 'inbox', activity)
+  await deliverer.deliverTo(activity, bot)
 
   res.status(200)
   res.type('text/plain')

package/lib/routes/sharedinbox.js

@@ -0,0 +1,54 @@
+import express from 'express'
+import as2 from '../activitystreams.js'
+import createHttpError from 'http-errors'
+
+const router = express.Router()
+
+router.post('/shared/inbox', async (req, res, next) => {
+  const { bots, deliverer, logger } = req.app.locals
+  const { subject } = req.auth
+
+  if (!subject) {
+    return next(createHttpError(401, 'Unauthorized'))
+  }
+
+  if (!req.body) {
+    return next(createHttpError(400, 'No request body provided'))
+  }
+
+  let activity
+
+  try {
+    activity = await as2.import(req.body)
+  } catch (err) {
+    logger.warn('Failed to import activity', err)
+    logger.debug('Request body', req.body)
+    return next(createHttpError(400, 'Invalid request body'))
+  }
+
+  if (!deliverer.isActivity(activity)) {
+    return next(createHttpError(400, 'Request body is not an activity'))
+  }
+
+  const actor = deliverer.getActor(activity)
+
+  if (!actor) {
+    return next(createHttpError(400, 'No actor found in activity'))
+  }
+
+  if (!actor.id) {
+    return next(createHttpError(400, 'No actor id found in activity'))
+  }
+
+  if (actor.id !== subject) {
+    return next(createHttpError(403, `${subject} is not the actor ${actor.id}`))
+  }
+
+  await deliverer.deliverToAll(activity, bots)
+
+  res.status(200)
+  res.type('text/plain')
+  res.send('OK')
+})
+
+export default router

package/lib/routes/user.js

@@ -1,13 +1,15 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
 router.get('/user/:username', async (req, res, next) => {
   const { username } = req.params
-  const { actorStorage, keyStorage, formatter, bots } = req.app.locals
-  if (!(username in bots)) {
+  const { actorStorage, keyStorage, formatter, bots, origin } = req.app.locals
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   const publicKeyPem = await keyStorage.getPublicKey(username)
@@ -16,14 +18,17 @@ router.get('/user/:username', async (req, res, next) => {
       'https://www.w3.org/ns/activitystreams',
       'https://w3id.org/security/v1'
     ],
-    name: bots[username].fullname,
-    summary: bots[username].description,
+    name: bot.fullname,
+    summary: bot.description,
     publicKey: {
       publicKeyPem,
       id: formatter.format({ username, type: 'publickey' }),
       owner: formatter.format({ username }),
       type: 'CryptographicKey',
       to: 'as:Public'
+    },
+    endpoints: {
+      sharedInbox: `${origin}/shared/inbox`
     }
   })
   res.status(200)
@@ -37,7 +42,8 @@ router.get('/user/:username', async (req, res, next) => {
 router.get('/user/:username/publickey', async (req, res, next) => {
   const { username } = req.params
   const { formatter, keyStorage, bots } = req.app.locals
-  if (!(username in bots)) {
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   const publicKeyPem = await keyStorage.getPublicKey(username)

package/lib/routes/webfinger.js

@@ -3,11 +3,14 @@ import createHttpError from 'http-errors'
 
 const router = Router()
 
-router.get('/.well-known/webfinger', (req, res, next) => {
+router.get('/.well-known/webfinger', async (req, res, next) => {
   const { resource } = req.query
   if (!resource) {
     return next(createHttpError(400, 'resource parameter is required'))
   }
+  if (resource.substring(0, 5) !== 'acct:') {
+    return next(createHttpError(400, 'only acct: protocol supported'))
+  }
   const [username, domain] = resource.substring(5).split('@')
   if (!username || !domain) {
     return next(createHttpError(400, 'Invalid resource parameter'))
@@ -17,7 +20,13 @@ router.get('/.well-known/webfinger', (req, res, next) => {
     return next(createHttpError(400, 'Invalid domain in resource parameter'))
   }
   if (!(username in req.app.locals.bots)) {
-    return next(createHttpError(404, 'Bot not found'))
+    if ('*' in req.app.locals.bots) {
+      if (!await req.app.locals.bots['*'].canCreate(username)) {
+        return next(createHttpError(404, 'Bot not found'))
+      }
+    } else {
+      return next(createHttpError(404, 'Bot not found'))
+    }
   }
   res.status(200)
   res.type('application/jrd+json')

package/lib/urlformatter.js

@@ -94,4 +94,12 @@ export class UrlFormatter {
     }
     return parts
   }
+
+  isActor (url) {
+    if (!this.isLocal(url)) {
+      return false
+    }
+    const parts = this.unformat(url)
+    return (parts.username && !parts.type && !parts.collection)
+  }
 }

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "@evanp/activitypub-bot",
-  "version": "0.8.0",
+  "version": "0.11.0",
   "description": "server-side ActivityPub bot framework",
   "type": "module",
-  "main": "index.js",
+  "main": "activitypub-bot.js",
+  "bin": {
+    "activitypub-bot": "./activitypub-bot.js"
+  },
   "scripts": {
     "test": "NODE_ENV=test node --test",
-    "start": "node index.js"
+    "start": "npx activitypub-bot"
   },
   "repository": {
     "type": "git",
@@ -25,27 +28,31 @@
   },
   "homepage": "https://github.com/evanp/activitypub-bot#readme",
   "dependencies": {
-    "@isaacs/ttlcache": "^1.4.1",
+    "@isaacs/ttlcache": "^2.1.4",
     "activitystrea.ms": "3.2",
-    "express": "^4.18.2",
+    "express": "^4.22.1",
     "http-errors": "^2.0.0",
     "humanhash": "^1.0.4",
     "lru-cache": "^11.1.0",
     "nanoid": "^5.1.5",
     "node-fetch": "^3.3.2",
-    "p-queue": "^8.1.0",
-    "pino": "^9.7.0",
-    "pino-http": "^10.4.0",
+    "p-queue": "^9.1.0",
+    "pino": "^10.1.1",
+    "pino-http": "^11.0.0",
     "sequelize": "^6.37.7"
   },
   "devDependencies": {
     "nock": "^14.0.5",
     "standard": "^17.1.2",
-    "supertest": "^7.1.1"
+    "supertest": "^7.1.4"
   },
   "optionalDependencies": {
     "mysql2": "^3.9.1",
-    "pg": "^8.16.0",
+    "pg": "^8.16.3",
     "sqlite3": "^5.1.7"
-  }
+  },
+  "engines": {
+    "node": "^20 || ^22 || ^24 || ^25"
+  },
+  "engineStrict": true
 }

package/tests/activitydistributor.test.js

@@ -11,6 +11,7 @@ import { ActivityDistributor } from '../lib/activitydistributor.js'
 import Logger from 'pino'
 import { HTTPSignature } from '../lib/httpsignature.js'
 import { Digester } from '../lib/digester.js'
+import { runMigrations } from '../lib/migrations/index.js'
 
 const makeActor = (domain, username, shared = true) =>
   as2.import({
@@ -63,12 +64,11 @@ describe('ActivityDistributor', () => {
   before(async () => {
     logger = Logger({ level: 'silent' })
     formatter = new UrlFormatter('https://activitypubbot.example')
-    connection = new Sequelize('sqlite::memory:', { logging: false })
+    connection = new Sequelize({ dialect: 'sqlite', storage: ':memory:', logging: false })
     await connection.authenticate()
+    await runMigrations(connection)
     actorStorage = new ActorStorage(connection, formatter)
-    await actorStorage.initialize()
     keyStorage = new KeyStorage(connection, logger)
-    await keyStorage.initialize()
     const signer = new HTTPSignature(logger)
     const digester = new Digester(logger)
     client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)