@evanp/activitypub-bot 0.9.0 → 0.11.0

package/lib/remotekeystorage.js

@@ -10,30 +10,6 @@ export class RemoteKeyStorage {
     this.#logger = logger.child({ class: this.constructor.name })
   }
 
-  async initialize () {
-    await this.#connection.query(
-      `CREATE TABLE IF NOT EXISTS new_remotekeys (
-        id VARCHAR(512) PRIMARY KEY,
-        owner VARCHAR(512) NOT NULL,
-        publicKeyPem TEXT NOT NULL,
-        createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        updatedAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-      )`
-    )
-    try {
-      await this.#connection.query(
-        `INSERT OR IGNORE INTO new_remotekeys (id, owner, publicKeyPem)
-         SELECT id, owner, publicKeyPem
-         FROM remotekeys`
-      )
-    } catch (error) {
-      this.#logger.debug(
-        { error, method: 'RemoteKeyStorage.initialize' },
-        'failed to copy remotekeys to new_remotekeys table'
-      )
-    }
-  }
-
   async getPublicKey (id, useCache = true) {
     this.debug(`getPublicKey(${id})`)
     if (useCache) {

package/lib/routes/collection.js

@@ -1,6 +1,7 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
@@ -18,7 +19,8 @@ async function filterAsync (array, asyncPredicate) {
 router.get('/user/:username/:collection', async (req, res, next) => {
   const { username, collection } = req.params
   const { actorStorage, bots } = req.app.locals
-  if (!(username in bots)) {
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   if (collection === 'inbox') {
@@ -37,10 +39,12 @@ router.get('/user/:username/:collection', async (req, res, next) => {
 router.get('/user/:username/:collection/:n(\\d+)', async (req, res, next) => {
   const { username, collection, n } = req.params
   const { actorStorage, bots, authorizer, objectStorage, formatter, client } = req.app.locals
+  const bot = await BotMaker.makeBot(bots, username)
 
-  if (!(username in bots)) {
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
+
   if (collection === 'inbox') {
     return next(createHttpError(403, `No access to ${collection} collection`))
   }

package/lib/routes/inbox.js

@@ -1,26 +1,19 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
-function isActivity (object) {
-  return true
-}
-
-function getActor (activity) {
-  return activity.actor?.first
-}
-
 router.post('/user/:username/inbox', async (req, res, next) => {
   const { username } = req.params
-  const { bots, actorStorage, activityHandler } = req.app.locals
+  const { bots, deliverer, actorStorage } = req.app.locals
   const { subject } = req.auth
   const { logger } = req.app.locals
 
-  const bot = bots[username]
+  const bot = await BotMaker.makeBot(bots, username)
   if (!bot) {
-    return next(createHttpError(404, 'Not Found'))
+    return next(createHttpError(404, `User ${username} not found`))
   }
 
   if (!subject) {
@@ -41,11 +34,11 @@ router.post('/user/:username/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'Invalid request body'))
   }
 
-  if (!isActivity(activity)) {
+  if (!deliverer.isActivity(activity)) {
     return next(createHttpError(400, 'Request body is not an activity'))
   }
 
-  const actor = getActor(activity)
+  const actor = deliverer.getActor(activity)
 
   if (!actor) {
     return next(createHttpError(400, 'No actor found in activity'))
@@ -67,13 +60,7 @@ router.post('/user/:username/inbox', async (req, res, next) => {
     return next(createHttpError(400, 'Activity already delivered'))
   }
 
-  try {
-    await activityHandler.handleActivity(bot, activity)
-  } catch (err) {
-    return next(err)
-  }
-
-  await actorStorage.addToCollection(bot.username, 'inbox', activity)
+  await deliverer.deliverTo(activity, bot)
 
   res.status(200)
   res.type('text/plain')

package/lib/routes/sharedinbox.js

@@ -0,0 +1,54 @@
+import express from 'express'
+import as2 from '../activitystreams.js'
+import createHttpError from 'http-errors'
+
+const router = express.Router()
+
+router.post('/shared/inbox', async (req, res, next) => {
+  const { bots, deliverer, logger } = req.app.locals
+  const { subject } = req.auth
+
+  if (!subject) {
+    return next(createHttpError(401, 'Unauthorized'))
+  }
+
+  if (!req.body) {
+    return next(createHttpError(400, 'No request body provided'))
+  }
+
+  let activity
+
+  try {
+    activity = await as2.import(req.body)
+  } catch (err) {
+    logger.warn('Failed to import activity', err)
+    logger.debug('Request body', req.body)
+    return next(createHttpError(400, 'Invalid request body'))
+  }
+
+  if (!deliverer.isActivity(activity)) {
+    return next(createHttpError(400, 'Request body is not an activity'))
+  }
+
+  const actor = deliverer.getActor(activity)
+
+  if (!actor) {
+    return next(createHttpError(400, 'No actor found in activity'))
+  }
+
+  if (!actor.id) {
+    return next(createHttpError(400, 'No actor id found in activity'))
+  }
+
+  if (actor.id !== subject) {
+    return next(createHttpError(403, `${subject} is not the actor ${actor.id}`))
+  }
+
+  await deliverer.deliverToAll(activity, bots)
+
+  res.status(200)
+  res.type('text/plain')
+  res.send('OK')
+})
+
+export default router

package/lib/routes/user.js

@@ -1,13 +1,15 @@
 import express from 'express'
 import as2 from '../activitystreams.js'
 import createHttpError from 'http-errors'
+import BotMaker from '../botmaker.js'
 
 const router = express.Router()
 
 router.get('/user/:username', async (req, res, next) => {
   const { username } = req.params
-  const { actorStorage, keyStorage, formatter, bots } = req.app.locals
-  if (!(username in bots)) {
+  const { actorStorage, keyStorage, formatter, bots, origin } = req.app.locals
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   const publicKeyPem = await keyStorage.getPublicKey(username)
@@ -16,14 +18,17 @@ router.get('/user/:username', async (req, res, next) => {
       'https://www.w3.org/ns/activitystreams',
       'https://w3id.org/security/v1'
     ],
-    name: bots[username].fullname,
-    summary: bots[username].description,
+    name: bot.fullname,
+    summary: bot.description,
     publicKey: {
       publicKeyPem,
       id: formatter.format({ username, type: 'publickey' }),
       owner: formatter.format({ username }),
       type: 'CryptographicKey',
       to: 'as:Public'
+    },
+    endpoints: {
+      sharedInbox: `${origin}/shared/inbox`
     }
   })
   res.status(200)
@@ -37,7 +42,8 @@ router.get('/user/:username', async (req, res, next) => {
 router.get('/user/:username/publickey', async (req, res, next) => {
   const { username } = req.params
   const { formatter, keyStorage, bots } = req.app.locals
-  if (!(username in bots)) {
+  const bot = await BotMaker.makeBot(bots, username)
+  if (!bot) {
     return next(createHttpError(404, `User ${username} not found`))
   }
   const publicKeyPem = await keyStorage.getPublicKey(username)

package/lib/routes/webfinger.js

@@ -3,11 +3,14 @@ import createHttpError from 'http-errors'
 
 const router = Router()
 
-router.get('/.well-known/webfinger', (req, res, next) => {
+router.get('/.well-known/webfinger', async (req, res, next) => {
   const { resource } = req.query
   if (!resource) {
     return next(createHttpError(400, 'resource parameter is required'))
   }
+  if (resource.substring(0, 5) !== 'acct:') {
+    return next(createHttpError(400, 'only acct: protocol supported'))
+  }
   const [username, domain] = resource.substring(5).split('@')
   if (!username || !domain) {
     return next(createHttpError(400, 'Invalid resource parameter'))
@@ -17,7 +20,13 @@ router.get('/.well-known/webfinger', (req, res, next) => {
     return next(createHttpError(400, 'Invalid domain in resource parameter'))
   }
   if (!(username in req.app.locals.bots)) {
-    return next(createHttpError(404, 'Bot not found'))
+    if ('*' in req.app.locals.bots) {
+      if (!await req.app.locals.bots['*'].canCreate(username)) {
+        return next(createHttpError(404, 'Bot not found'))
+      }
+    } else {
+      return next(createHttpError(404, 'Bot not found'))
+    }
   }
   res.status(200)
   res.type('application/jrd+json')

package/lib/urlformatter.js

@@ -94,4 +94,12 @@ export class UrlFormatter {
     }
     return parts
   }
+
+  isActor (url) {
+    if (!this.isLocal(url)) {
+      return false
+    }
+    const parts = this.unformat(url)
+    return (parts.username && !parts.type && !parts.collection)
+  }
 }

package/package.json

@@ -1,12 +1,15 @@
 {
   "name": "@evanp/activitypub-bot",
-  "version": "0.9.0",
+  "version": "0.11.0",
   "description": "server-side ActivityPub bot framework",
   "type": "module",
-  "main": "index.js",
+  "main": "activitypub-bot.js",
+  "bin": {
+    "activitypub-bot": "./activitypub-bot.js"
+  },
   "scripts": {
     "test": "NODE_ENV=test node --test",
-    "start": "node index.js"
+    "start": "npx activitypub-bot"
   },
   "repository": {
     "type": "git",
@@ -25,7 +28,7 @@
   },
   "homepage": "https://github.com/evanp/activitypub-bot#readme",
   "dependencies": {
-    "@isaacs/ttlcache": "^1.4.1",
+    "@isaacs/ttlcache": "^2.1.4",
     "activitystrea.ms": "3.2",
     "express": "^4.22.1",
     "http-errors": "^2.0.0",
@@ -33,8 +36,8 @@
     "lru-cache": "^11.1.0",
     "nanoid": "^5.1.5",
     "node-fetch": "^3.3.2",
-    "p-queue": "^8.1.0",
-    "pino": "^9.7.0",
+    "p-queue": "^9.1.0",
+    "pino": "^10.1.1",
     "pino-http": "^11.0.0",
     "sequelize": "^6.37.7"
   },
@@ -47,5 +50,9 @@
     "mysql2": "^3.9.1",
     "pg": "^8.16.3",
     "sqlite3": "^5.1.7"
-  }
+  },
+  "engines": {
+    "node": "^20 || ^22 || ^24 || ^25"
+  },
+  "engineStrict": true
 }

package/tests/activitydistributor.test.js

@@ -11,6 +11,7 @@ import { ActivityDistributor } from '../lib/activitydistributor.js'
 import Logger from 'pino'
 import { HTTPSignature } from '../lib/httpsignature.js'
 import { Digester } from '../lib/digester.js'
+import { runMigrations } from '../lib/migrations/index.js'
 
 const makeActor = (domain, username, shared = true) =>
   as2.import({
@@ -63,12 +64,11 @@ describe('ActivityDistributor', () => {
   before(async () => {
     logger = Logger({ level: 'silent' })
     formatter = new UrlFormatter('https://activitypubbot.example')
-    connection = new Sequelize('sqlite::memory:', { logging: false })
+    connection = new Sequelize({ dialect: 'sqlite', storage: ':memory:', logging: false })
     await connection.authenticate()
+    await runMigrations(connection)
     actorStorage = new ActorStorage(connection, formatter)
-    await actorStorage.initialize()
     keyStorage = new KeyStorage(connection, logger)
-    await keyStorage.initialize()
     const signer = new HTTPSignature(logger)
     const digester = new Digester(logger)
     client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)

package/tests/activityhandler.test.js

@@ -17,6 +17,9 @@ import bots from './fixtures/bots.js'
 import { nockSetup, postInbox, makeActor, nockFormat } from './utils/nock.js'
 import { Digester } from '../lib/digester.js'
 import { HTTPSignature } from '../lib/httpsignature.js'
+import { runMigrations } from '../lib/migrations/index.js'
+import { BotContext } from '../lib/botcontext.js'
+import { Transformer } from '../lib/microsyntax.js'
 
 describe('ActivityHandler', () => {
   const domain = 'activitypubbot.example'
@@ -36,27 +39,46 @@ describe('ActivityHandler', () => {
   let botId = null
   const botName = 'ok'
   let bot = null
+  const loggerBotName = 'logging'
+  let lb = null
+  let lbId = null
+  let transformer = null
   before(async () => {
     logger = Logger({ level: 'silent' })
     formatter = new UrlFormatter(origin)
-    connection = new Sequelize('sqlite::memory:', { logging: false })
+    connection = new Sequelize({ dialect: 'sqlite', storage: ':memory:', logging: false })
     await connection.authenticate()
+    await runMigrations(connection)
     botDataStorage = new BotDataStorage(connection)
-    await botDataStorage.initialize()
     objectStorage = new ObjectStorage(connection)
-    await objectStorage.initialize()
     keyStorage = new KeyStorage(connection, logger)
-    await keyStorage.initialize()
     actorStorage = new ActorStorage(connection, formatter)
-    await actorStorage.initialize()
     const signer = new HTTPSignature(logger)
     const digester = new Digester(logger)
     client = new ActivityPubClient(keyStorage, formatter, signer, digester, logger)
     distributor = new ActivityDistributor(client, formatter, actorStorage, logger)
     authz = new Authorizer(actorStorage, formatter, client)
     cache = new ObjectCache({ longTTL: 3600 * 1000, shortTTL: 300 * 1000, maxItems: 1000 })
+    transformer = new Transformer(`${origin}/tag/`, client)
+    await Promise.all(
+      Object.values(bots).map(bot => bot.initialize(
+        new BotContext(
+          bot.username,
+          botDataStorage,
+          objectStorage,
+          actorStorage,
+          client,
+          distributor,
+          formatter,
+          transformer,
+          logger
+        )
+      ))
+    )
     botId = formatter.format({ username: botName })
+    lbId = formatter.format({ username: loggerBotName })
     bot = bots[botName]
+    lb = bots[loggerBotName]
     await objectStorage.create(await as2.import({
       id: formatter.format({ username: 'test1', type: 'object', nanoid: '_pEWsKke-7lACTdM3J_qd' }),
       type: 'Object',
@@ -299,6 +321,19 @@ describe('ActivityHandler', () => {
     await handler.onIdle()
     assert.ok(!postInbox.follower3)
   })
+  it('notifies the bot of a follow activity', async () => {
+    const actor = await makeActor('follower4')
+    const activity = await as2.import({
+      type: 'Follow',
+      id: 'https://social.example/user/follower4/follow/1',
+      actor: actor.id,
+      object: lbId,
+      to: lbId
+    })
+    await handler.handleActivity(lb, activity)
+    assert.ok(lb.follows.has(activity.id))
+    await handler.onIdle()
+  })
   it('can handle an accept activity', async () => {
     const actor = await makeActor('accepter1')
     const followActivity = await as2.import({
@@ -811,6 +846,34 @@ describe('ActivityHandler', () => {
       await objectStorage.isInCollection(note.id, 'likes', activity2)
     )
   })
+  it('notifies the bot of a like activity', async () => {
+    const actor = await makeActor('liker9')
+    const note = await as2.import({
+      attributedTo: lbId,
+      id: formatter.format({
+        username: loggerBotName,
+        type: 'note',
+        nanoid: 'IGeAucyHD-s3Ywg9X9sCo'
+      }),
+      type: 'Note',
+      content: 'Hello, world!',
+      to: 'as:Public'
+    })
+    await objectStorage.create(note)
+    const activity = await as2.import({
+      type: 'Like',
+      actor: actor.id,
+      id: nockFormat({
+        username: 'liker9',
+        type: 'Like',
+        nanoid: '3fKK6LcMtqrAp1Ekn471u'
+      }),
+      object: note.id,
+      to: [lbId, 'as:Public']
+    })
+    await handler.handleActivity(lb, activity)
+    assert.ok(lb.likes.has(activity.id))
+  })
   it('can handle an announce activity', async () => {
     const actor = await makeActor('announcer1')
     const note = await as2.import({
@@ -1017,6 +1080,34 @@ describe('ActivityHandler', () => {
       await objectStorage.isInCollection(note.id, 'shares', activity2)
     )
   })
+  it('notifies the bot on an announce activity', async () => {
+    const actor = await makeActor('announcer9')
+    const note = await as2.import({
+      attributedTo: lbId,
+      id: formatter.format({
+        username: loggerBotName,
+        type: 'note',
+        nanoid: 'LNCVgovrjpA6oSKnGDax2'
+      }),
+      type: 'Note',
+      content: 'Hello, world!',
+      to: 'as:Public'
+    })
+    await objectStorage.create(note)
+    const activity = await as2.import({
+      type: 'Announce',
+      actor: actor.id,
+      id: nockFormat({
+        username: 'announcer9',
+        type: 'Announce',
+        nanoid: 'LmVvlEBHNf2X6nfgzMe6F'
+      }),
+      object: note.id,
+      to: [lbId, 'as:Public']
+    })
+    await handler.handleActivity(lb, activity)
+    assert.ok(lb.shares.has(activity.id))
+  })
   it('can handle a block activity', async () => {
     const actor = await makeActor('blocker1')
     await actorStorage.addToCollection(botName, 'followers', actor)