@evanp/activitypub-bot 0.8.0

package/lib/routes/object.js

@@ -0,0 +1,69 @@
+import express from 'express'
+import as2 from '../activitystreams.js'
+import createHttpError from 'http-errors'
+
+const router = express.Router()
+
+export default router
+
+router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})', async (req, res, next) => {
+  const { username, type, nanoid } = req.params
+  const { objectStorage, formatter, authorizer } = req.app.locals
+  const id = formatter.format({ username, type, nanoid })
+  const object = await objectStorage.read(id)
+  if (!object) {
+    return next(createHttpError(404, `Object ${id} not found`))
+  }
+  const remote = (req.auth?.subject) ? await as2.import({ id: req.auth.subject }) : null
+  if (!await authorizer.canRead(remote, object)) {
+    return next(createHttpError(403, `Forbidden to read object ${id}`))
+  }
+  res.status(200)
+  res.type(as2.mediaType)
+  res.end(await object.prettyWrite())
+})
+
+router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection', async (req, res, next) => {
+  const { objectStorage, formatter, authorizer } = req.app.locals
+  if (!['replies', 'likes', 'shares', 'thread'].includes(req.params.collection)) {
+    return next(createHttpError(404, 'Not Found'))
+  }
+  const id = formatter.format({ username: req.params.username, type: req.params.type, nanoid: req.params.nanoid })
+  const object = await objectStorage.read(id)
+  if (!object) {
+    return next(createHttpError(404, 'Not Found'))
+  }
+  const remote = (req.auth?.subject) ? await as2.import({ id: req.auth.subject }) : null
+  if (!await authorizer.canRead(remote, object)) {
+    return next(createHttpError(403, 'Forbidden'))
+  }
+  const collection = await objectStorage.getCollection(id, req.params.collection)
+  res.status(200)
+  res.type(as2.mediaType)
+  res.end(await collection.prettyWrite({ useOriginalContext: true }))
+})
+
+router.get('/user/:username/:type/:nanoid([A-Za-z0-9_\\-]{21})/:collection/:n(\\d+)', async (req, res, next) => {
+  const { username, type, nanoid, collection, n } = req.params
+  const { objectStorage, formatter, authorizer } = req.app.locals
+  if (!['replies', 'likes', 'shares', 'thread'].includes(req.params.collection)) {
+    return next(createHttpError(404, 'Not Found'))
+  }
+  const id = formatter.format({ username, type, nanoid })
+  const object = await objectStorage.read(id)
+  if (!object) {
+    return next(createHttpError(404, 'Not Found'))
+  }
+  const remote = (req.auth?.subject) ? await as2.import({ id: req.auth.subject }) : null
+  if (!await authorizer.canRead(remote, object)) {
+    return next(createHttpError(403, 'Forbidden'))
+  }
+  const collectionPage = await objectStorage.getCollectionPage(id, collection, parseInt(n))
+  const exported = await collectionPage.export({ useOriginalContext: true })
+  if (!Array.isArray(exported.items)) {
+    exported.items = [exported.items]
+  }
+  res.status(200)
+  res.type(as2.mediaType)
+  res.json(exported)
+})

package/lib/routes/server.js

@@ -0,0 +1,47 @@
+import express from 'express'
+import as2 from '../activitystreams.js'
+
+const router = express.Router()
+
+router.get('/', async (req, res) => {
+  const { formatter } = req.app.locals
+  const server = await as2.import({
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1'
+    ],
+    id: formatter.format({ server: true }),
+    type: 'Service',
+    publicKey: formatter.format({ server: true, type: 'publickey' })
+  })
+  res.status(200)
+  res.type(as2.mediaType)
+  const body = await server.prettyWrite(
+    { additional_context: 'https://w3id.org/security/v1' }
+  )
+  res.end(body)
+})
+
+router.get('/publickey', async (req, res) => {
+  const { formatter, keyStorage } = req.app.locals
+  const publicKeyPem = await keyStorage.getPublicKey(null)
+  const publicKey = await as2.import({
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1'
+    ],
+    publicKeyPem,
+    id: formatter.format({ server: true, type: 'publickey' }),
+    owner: formatter.format({ server: true }),
+    type: 'CryptographicKey',
+    to: 'https://www.w3.org/ns/activitystreams#Public'
+  })
+  res.status(200)
+  res.type(as2.mediaType)
+  const body = await publicKey.prettyWrite(
+    { additional_context: 'https://w3id.org/security/v1' }
+  )
+  res.end(body)
+})
+
+export default router

package/lib/routes/user.js

@@ -0,0 +1,63 @@
+import express from 'express'
+import as2 from '../activitystreams.js'
+import createHttpError from 'http-errors'
+
+const router = express.Router()
+
+router.get('/user/:username', async (req, res, next) => {
+  const { username } = req.params
+  const { actorStorage, keyStorage, formatter, bots } = req.app.locals
+  if (!(username in bots)) {
+    return next(createHttpError(404, `User ${username} not found`))
+  }
+  const publicKeyPem = await keyStorage.getPublicKey(username)
+  const actor = await actorStorage.getActor(username, {
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1'
+    ],
+    name: bots[username].fullname,
+    summary: bots[username].description,
+    publicKey: {
+      publicKeyPem,
+      id: formatter.format({ username, type: 'publickey' }),
+      owner: formatter.format({ username }),
+      type: 'CryptographicKey',
+      to: 'as:Public'
+    }
+  })
+  res.status(200)
+  res.type(as2.mediaType)
+  const body = await actor.prettyWrite(
+    { additional_context: 'https://w3id.org/security/v1' }
+  )
+  res.end(body)
+})
+
+router.get('/user/:username/publickey', async (req, res, next) => {
+  const { username } = req.params
+  const { formatter, keyStorage, bots } = req.app.locals
+  if (!(username in bots)) {
+    return next(createHttpError(404, `User ${username} not found`))
+  }
+  const publicKeyPem = await keyStorage.getPublicKey(username)
+  const publicKey = await as2.import({
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1'
+    ],
+    publicKeyPem,
+    id: formatter.format({ username, type: 'publickey' }),
+    owner: formatter.format({ username }),
+    type: 'CryptographicKey',
+    to: 'as:Public'
+  })
+  res.status(200)
+  res.type(as2.mediaType)
+  const body = await publicKey.prettyWrite(
+    { additional_context: 'https://w3id.org/security/v1' }
+  )
+  res.end(body)
+})
+
+export default router

package/lib/routes/webfinger.js

@@ -0,0 +1,36 @@
+import { Router } from 'express'
+import createHttpError from 'http-errors'
+
+const router = Router()
+
+router.get('/.well-known/webfinger', (req, res, next) => {
+  const { resource } = req.query
+  if (!resource) {
+    return next(createHttpError(400, 'resource parameter is required'))
+  }
+  const [username, domain] = resource.substring(5).split('@')
+  if (!username || !domain) {
+    return next(createHttpError(400, 'Invalid resource parameter'))
+  }
+  const { host } = new URL(req.app.locals.origin)
+  if (domain !== host) {
+    return next(createHttpError(400, 'Invalid domain in resource parameter'))
+  }
+  if (!(username in req.app.locals.bots)) {
+    return next(createHttpError(404, 'Bot not found'))
+  }
+  res.status(200)
+  res.type('application/jrd+json')
+  res.json({
+    subject: resource,
+    links: [
+      {
+        rel: 'self',
+        type: 'application/activity+json',
+        href: req.app.locals.formatter.format({ username })
+      }
+    ]
+  })
+})
+
+export default router

package/lib/urlformatter.js

@@ -0,0 +1,97 @@
+import assert from 'assert'
+
+const USER_COLLECTIONS = ['inbox', 'outbox', 'liked', 'followers', 'following']
+
+export class UrlFormatter {
+  #origin = null
+  constructor (origin) {
+    this.#origin = origin
+  }
+
+  format ({ username, type, nanoid, collection, page, server }) {
+    let base = null
+    if (server) {
+      base = `${this.#origin}`
+    } else if (username) {
+      base = `${this.#origin}/user/${username}`
+    } else {
+      throw new Error('Cannot format URL without username or server')
+    }
+    let major = null
+    if (type) {
+      if (nanoid) {
+        major = `${base}/${type}/${nanoid}`
+      } else if (type === 'publickey') {
+        major = `${base}/${type}`
+      } else {
+        throw new Error('Cannot format URL without nanoid')
+      }
+    } else {
+      major = base
+    }
+    let url = null
+    if (collection) {
+      if (page) {
+        url = `${major}/${collection}/${page}`
+      } else {
+        url = `${major}/${collection}`
+      }
+    } else {
+      url = major
+    }
+    // For the base case, we want a trailing slash.
+    if (url === this.#origin) {
+      url = `${url}/`
+    }
+    return url
+  }
+
+  isLocal (url) {
+    assert.equal(typeof url, 'string', 'url must be a string')
+    return url.startsWith(this.#origin)
+  }
+
+  getUserName (url) {
+    assert.equal(typeof url, 'string', 'url must be a string')
+    const parts = this.unformat(url)
+    return parts.username
+  }
+
+  unformat (url) {
+    assert.equal(typeof url, 'string', 'url must be a string')
+    const parts = {}
+    const parsed = new URL(url)
+    if (parsed.origin !== this.#origin) {
+      throw new Error(`Can't unformat URL from remote server ${parsed.origin}`)
+    }
+    let pathParts = parsed.pathname.slice(1).split('/')
+    if (pathParts.length > 0 && pathParts[0] === 'user') {
+      parts.server = false
+      parts.username = pathParts[1]
+      pathParts = pathParts.slice(2)
+    } else {
+      parts.server = true
+    }
+    if (pathParts.length > 0) {
+      if (USER_COLLECTIONS.includes(pathParts[0])) {
+        parts.collection = pathParts[0]
+      } else {
+        parts.type = pathParts[0]
+      }
+    }
+    if (pathParts.length > 1) {
+      if (USER_COLLECTIONS.includes(pathParts[0])) {
+        parts.page = parseInt(pathParts[1])
+      } else {
+        parts.nanoid = pathParts[1]
+      }
+    }
+    if (pathParts.length > 2) {
+      parts.collection = pathParts[2]
+    }
+    if (pathParts.length > 3) {
+      parts.page = parseInt(pathParts[3])
+    }
+    return parts
+  }
+}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@evanp/activitypub-bot",
+  "version": "0.8.0",
+  "description": "server-side ActivityPub bot framework",
+  "type": "module",
+  "main": "index.js",
+  "scripts": {
+    "test": "NODE_ENV=test node --test",
+    "start": "node index.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/evanp/activitypub-bot.git"
+  },
+  "keywords": [
+    "activitypub",
+    "fediverse",
+    "bots",
+    "server"
+  ],
+  "author": "Evan Prodromou <evan@prodromou.name>",
+  "license": "AGPL-3.0",
+  "bugs": {
+    "url": "https://github.com/evanp/activitypub-bot/issues"
+  },
+  "homepage": "https://github.com/evanp/activitypub-bot#readme",
+  "dependencies": {
+    "@isaacs/ttlcache": "^1.4.1",
+    "activitystrea.ms": "3.2",
+    "express": "^4.18.2",
+    "http-errors": "^2.0.0",
+    "humanhash": "^1.0.4",
+    "lru-cache": "^11.1.0",
+    "nanoid": "^5.1.5",
+    "node-fetch": "^3.3.2",
+    "p-queue": "^8.1.0",
+    "pino": "^9.7.0",
+    "pino-http": "^10.4.0",
+    "sequelize": "^6.37.7"
+  },
+  "devDependencies": {
+    "nock": "^14.0.5",
+    "standard": "^17.1.2",
+    "supertest": "^7.1.1"
+  },
+  "optionalDependencies": {
+    "mysql2": "^3.9.1",
+    "pg": "^8.16.0",
+    "sqlite3": "^5.1.7"
+  }
+}