@rmdes/indiekit-endpoint-activitypub 0.1.0

package/assets/icon.svg

@@ -0,0 +1,12 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+  <circle cx="12" cy="12" r="10"/>
+  <circle cx="12" cy="12" r="3"/>
+  <line x1="12" y1="2" x2="12" y2="5"/>
+  <line x1="12" y1="19" x2="12" y2="22"/>
+  <line x1="2" y1="12" x2="5" y2="12"/>
+  <line x1="19" y1="12" x2="22" y2="12"/>
+  <line x1="4.93" y1="4.93" x2="6.76" y2="6.76"/>
+  <line x1="17.24" y1="17.24" x2="19.07" y2="19.07"/>
+  <line x1="4.93" y1="19.07" x2="6.76" y2="17.24"/>
+  <line x1="17.24" y1="6.76" x2="19.07" y2="4.93"/>
+</svg>

package/index.js

@@ -0,0 +1,376 @@
+import path from "node:path";
+
+import express from "express";
+
+import { handleWebFinger } from "./lib/webfinger.js";
+import { buildActorDocument } from "./lib/actor.js";
+import { getOrCreateKeyPair } from "./lib/keys.js";
+import { jf2ToActivityStreams, resolvePostUrl } from "./lib/jf2-to-as2.js";
+import { createFederationHandler } from "./lib/federation.js";
+import { dashboardController } from "./lib/controllers/dashboard.js";
+import { followersController } from "./lib/controllers/followers.js";
+import { followingController } from "./lib/controllers/following.js";
+import { activitiesController } from "./lib/controllers/activities.js";
+import { migrateGetController, migratePostController } from "./lib/controllers/migrate.js";
+
+const defaults = {
+  mountPath: "/activitypub",
+  actor: {
+    handle: "rick",
+    name: "",
+    summary: "",
+    icon: "",
+  },
+  checked: true,
+  alsoKnownAs: "",
+  activityRetentionDays: 90, // Auto-delete activities older than this (0 = keep forever)
+  storeRawActivities: false, // Store full incoming JSON (enables debugging, costs storage)
+};
+
+export default class ActivityPubEndpoint {
+  name = "ActivityPub endpoint";
+
+  constructor(options = {}) {
+    this.options = { ...defaults, ...options };
+    this.options.actor = { ...defaults.actor, ...options.actor };
+    this.mountPath = this.options.mountPath;
+
+    // Set at init time when we have access to Indiekit
+    this._publicationUrl = "";
+    this._actorUrl = "";
+    this._collections = {};
+    this._federationHandler = null;
+  }
+
+  get navigationItems() {
+    return {
+      href: this.options.mountPath,
+      text: "activitypub.title",
+      requiresDatabase: true,
+    };
+  }
+
+  get filePath() {
+    return path.dirname(new URL(import.meta.url).pathname);
+  }
+
+  /**
+   * WebFinger routes — mounted at /.well-known/
+   */
+  get routesWellKnown() {
+    const router = express.Router(); // eslint-disable-line new-cap
+    const options = this.options;
+    const self = this;
+
+    router.get("/webfinger", (request, response) => {
+      const resource = request.query.resource;
+      if (!resource) {
+        return response.status(400).json({ error: "Missing resource parameter" });
+      }
+
+      const result = handleWebFinger(resource, {
+        handle: options.actor.handle,
+        hostname: new URL(self._publicationUrl).hostname,
+        actorUrl: self._actorUrl,
+      });
+
+      if (!result) {
+        return response.status(404).json({ error: "Resource not found" });
+      }
+
+      response.set("Content-Type", "application/jrd+json");
+      return response.json(result);
+    });
+
+    return router;
+  }
+
+  /**
+   * Public federation routes — mounted at mountPath, unauthenticated
+   */
+  get routesPublic() {
+    const router = express.Router(); // eslint-disable-line new-cap
+    const self = this;
+
+    // Actor document (fallback — primary is content negotiation on /)
+    router.get("/actor", async (request, response) => {
+      const actor = await self._getActorDocument();
+      if (!actor) {
+        return response.status(500).json({ error: "Actor not configured" });
+      }
+      response.set("Content-Type", "application/activity+json");
+      return response.json(actor);
+    });
+
+    // Inbox — receive incoming activities
+    router.post("/inbox", express.raw({ type: ["application/activity+json", "application/ld+json", "application/json"] }), async (request, response, next) => {
+      try {
+        if (self._federationHandler) {
+          return await self._federationHandler.handleInbox(request, response);
+        }
+        return response.status(202).json({ status: "accepted" });
+      } catch (error) {
+        next(error);
+      }
+    });
+
+    // Outbox — serve published posts as ActivityStreams
+    router.get("/outbox", async (request, response, next) => {
+      try {
+        if (self._federationHandler) {
+          return await self._federationHandler.handleOutbox(request, response);
+        }
+        response.set("Content-Type", "application/activity+json");
+        return response.json({
+          "@context": "https://www.w3.org/ns/activitystreams",
+          type: "OrderedCollection",
+          totalItems: 0,
+          orderedItems: [],
+        });
+      } catch (error) {
+        next(error);
+      }
+    });
+
+    // Followers collection
+    router.get("/followers", async (request, response, next) => {
+      try {
+        if (self._federationHandler) {
+          return await self._federationHandler.handleFollowers(request, response);
+        }
+        response.set("Content-Type", "application/activity+json");
+        return response.json({
+          "@context": "https://www.w3.org/ns/activitystreams",
+          type: "OrderedCollection",
+          totalItems: 0,
+          orderedItems: [],
+        });
+      } catch (error) {
+        next(error);
+      }
+    });
+
+    // Following collection
+    router.get("/following", async (request, response, next) => {
+      try {
+        if (self._federationHandler) {
+          return await self._federationHandler.handleFollowing(request, response);
+        }
+        response.set("Content-Type", "application/activity+json");
+        return response.json({
+          "@context": "https://www.w3.org/ns/activitystreams",
+          type: "OrderedCollection",
+          totalItems: 0,
+          orderedItems: [],
+        });
+      } catch (error) {
+        next(error);
+      }
+    });
+
+    return router;
+  }
+
+  /**
+   * Authenticated admin routes — mounted at mountPath, behind IndieAuth
+   */
+  get routes() {
+    const router = express.Router(); // eslint-disable-line new-cap
+    const mp = this.options.mountPath;
+
+    router.get("/", dashboardController(mp));
+    router.get("/admin/followers", followersController(mp));
+    router.get("/admin/following", followingController(mp));
+    router.get("/admin/activities", activitiesController(mp));
+    router.get("/admin/migrate", migrateGetController(mp));
+    router.post("/admin/migrate", migratePostController(mp, this.options));
+
+    return router;
+  }
+
+  /**
+   * Content negotiation handler — serves AS2 JSON for ActivityPub clients
+   * Registered as a separate endpoint with mountPath "/"
+   */
+  get contentNegotiationRoutes() {
+    const router = express.Router(); // eslint-disable-line new-cap
+    const self = this;
+
+    router.get("*", async (request, response, next) => {
+      const accept = request.headers.accept || "";
+      const isActivityPub =
+        accept.includes("application/activity+json") ||
+        accept.includes("application/ld+json");
+
+      if (!isActivityPub) {
+        return next();
+      }
+
+      try {
+        // Root URL — serve actor document
+        if (request.path === "/") {
+          const actor = await self._getActorDocument();
+          if (!actor) {
+            return next();
+          }
+          response.set("Content-Type", "application/activity+json");
+          return response.json(actor);
+        }
+
+        // Post URLs — look up in database and convert to AS2
+        const { application } = request.app.locals;
+        const postsCollection = application?.collections?.get("posts");
+        if (!postsCollection) {
+          return next();
+        }
+
+        // Try to find a post matching this URL path
+        const requestUrl = `${self._publicationUrl}${request.path.slice(1)}`;
+        const post = await postsCollection.findOne({
+          "properties.url": requestUrl,
+        });
+
+        if (!post) {
+          return next();
+        }
+
+        const activity = jf2ToActivityStreams(
+          post.properties,
+          self._actorUrl,
+          self._publicationUrl,
+        );
+
+        // Return the object, not the wrapping Create activity
+        const object = activity.object || activity;
+        response.set("Content-Type", "application/activity+json");
+        return response.json({
+          "@context": [
+            "https://www.w3.org/ns/activitystreams",
+            "https://w3id.org/security/v1",
+          ],
+          ...object,
+        });
+      } catch {
+        return next();
+      }
+    });
+
+    return router;
+  }
+
+  /**
+   * Build and cache the actor document
+   */
+  async _getActorDocument() {
+    const keysCollection = this._collections.ap_keys;
+    if (!keysCollection) {
+      return null;
+    }
+
+    const keyPair = await getOrCreateKeyPair(keysCollection, this._actorUrl);
+    return buildActorDocument({
+      actorUrl: this._actorUrl,
+      publicationUrl: this._publicationUrl,
+      mountPath: this.options.mountPath,
+      handle: this.options.actor.handle,
+      name: this.options.actor.name,
+      summary: this.options.actor.summary,
+      icon: this.options.actor.icon,
+      alsoKnownAs: this.options.alsoKnownAs,
+      publicKeyPem: keyPair.publicKeyPem,
+    });
+  }
+
+  /**
+   * Syndicator — delivers posts to ActivityPub followers
+   */
+  get syndicator() {
+    const self = this;
+    return {
+      name: "ActivityPub syndicator",
+
+      get info() {
+        const hostname = self._publicationUrl
+          ? new URL(self._publicationUrl).hostname
+          : "example.com";
+        return {
+          checked: self.options.checked,
+          name: `@${self.options.actor.handle}@${hostname}`,
+          uid: self._publicationUrl || "https://example.com/",
+          service: {
+            name: "ActivityPub (Fediverse)",
+            photo: "/assets/@rmdes-indiekit-endpoint-activitypub/icon.svg",
+            url: self._publicationUrl || "https://example.com/",
+          },
+        };
+      },
+
+      async syndicate(properties, publication) {
+        if (!self._federationHandler) {
+          return undefined;
+        }
+        return self._federationHandler.deliverToFollowers(
+          properties,
+          publication,
+        );
+      },
+    };
+  }
+
+  init(Indiekit) {
+    // Store publication URL for later use
+    this._publicationUrl = Indiekit.publication?.me
+      ? Indiekit.publication.me.endsWith("/")
+        ? Indiekit.publication.me
+        : `${Indiekit.publication.me}/`
+      : "";
+    this._actorUrl = this._publicationUrl;
+
+    // Register MongoDB collections
+    Indiekit.addCollection("ap_followers");
+    Indiekit.addCollection("ap_following");
+    Indiekit.addCollection("ap_activities");
+    Indiekit.addCollection("ap_keys");
+
+    // Store collection references for later use
+    this._collections = {
+      ap_followers: Indiekit.collections.get("ap_followers"),
+      ap_following: Indiekit.collections.get("ap_following"),
+      ap_activities: Indiekit.collections.get("ap_activities"),
+      ap_keys: Indiekit.collections.get("ap_keys"),
+    };
+
+    // Set up TTL index so ap_activities self-cleans (MongoDB handles expiry)
+    const retentionDays = this.options.activityRetentionDays;
+    if (retentionDays > 0) {
+      this._collections.ap_activities.createIndex(
+        { receivedAt: 1 },
+        { expireAfterSeconds: retentionDays * 86_400 },
+      );
+    }
+
+    // Initialize federation handler
+    this._federationHandler = createFederationHandler({
+      actorUrl: this._actorUrl,
+      publicationUrl: this._publicationUrl,
+      mountPath: this.options.mountPath,
+      actorConfig: this.options.actor,
+      alsoKnownAs: this.options.alsoKnownAs,
+      collections: this._collections,
+      storeRawActivities: this.options.storeRawActivities,
+    });
+
+    // Register as endpoint (adds routes)
+    Indiekit.addEndpoint(this);
+
+    // Register content negotiation handler as a virtual endpoint
+    Indiekit.addEndpoint({
+      name: "ActivityPub content negotiation",
+      mountPath: "/",
+      routesPublic: this.contentNegotiationRoutes,
+    });
+
+    // Register as syndicator (appears in post UI)
+    Indiekit.addSyndicator(this.syndicator);
+  }
+}

package/lib/actor.js

@@ -0,0 +1,75 @@
+/**
+ * Build an ActivityPub Person actor document.
+ *
+ * This is the identity document that remote servers fetch to learn about
+ * this actor — it contains the profile, endpoints, and the public key
+ * used to verify HTTP Signatures on outbound activities.
+ *
+ * @param {object} options
+ * @param {string} options.actorUrl - Actor URL (also the Person id)
+ * @param {string} options.publicationUrl - Publication base URL (trailing slash)
+ * @param {string} options.mountPath - Plugin mount path (e.g. "/activitypub")
+ * @param {string} options.handle - Preferred username (e.g. "rick")
+ * @param {string} options.name - Display name
+ * @param {string} options.summary - Bio / profile summary
+ * @param {string} options.icon - Avatar URL or path
+ * @param {string} options.alsoKnownAs - Previous account URL (for Mastodon migration)
+ * @param {string} options.publicKeyPem - PEM-encoded RSA public key
+ * @returns {object} ActivityStreams Person document
+ */
+export function buildActorDocument(options) {
+  const {
+    actorUrl,
+    publicationUrl,
+    mountPath,
+    handle,
+    name,
+    summary,
+    icon,
+    alsoKnownAs,
+    publicKeyPem,
+  } = options;
+
+  const baseUrl = publicationUrl.replace(/\/$/, "");
+
+  const actor = {
+    "@context": [
+      "https://www.w3.org/ns/activitystreams",
+      "https://w3id.org/security/v1",
+    ],
+    type: "Person",
+    id: actorUrl,
+    preferredUsername: handle,
+    name: name || handle,
+    url: actorUrl,
+    inbox: `${baseUrl}${mountPath}/inbox`,
+    outbox: `${baseUrl}${mountPath}/outbox`,
+    followers: `${baseUrl}${mountPath}/followers`,
+    following: `${baseUrl}${mountPath}/following`,
+    publicKey: {
+      id: `${actorUrl}#main-key`,
+      owner: actorUrl,
+      publicKeyPem,
+    },
+  };
+
+  if (summary) {
+    actor.summary = summary;
+  }
+
+  if (icon) {
+    const iconUrl = icon.startsWith("http") ? icon : `${baseUrl}${icon.startsWith("/") ? "" : "/"}${icon}`;
+    actor.icon = {
+      type: "Image",
+      url: iconUrl,
+    };
+  }
+
+  if (alsoKnownAs) {
+    actor.alsoKnownAs = Array.isArray(alsoKnownAs)
+      ? alsoKnownAs
+      : [alsoKnownAs];
+  }
+
+  return actor;
+}

package/lib/controllers/activities.js

@@ -0,0 +1,56 @@
+/**
+ * Activity log controller — paginated list of inbound/outbound activities.
+ */
+const PAGE_SIZE = 20;
+
+export function activitiesController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const collection = application?.collections?.get("ap_activities");
+
+      if (!collection) {
+        return response.render("activities", {
+          title: response.locals.__("activitypub.activities"),
+          activities: [],
+          mountPath,
+        });
+      }
+
+      const page = Math.max(1, Number.parseInt(request.query.page, 10) || 1);
+      const totalCount = await collection.countDocuments();
+      const totalPages = Math.ceil(totalCount / PAGE_SIZE);
+
+      const activities = await collection
+        .find()
+        .sort({ receivedAt: -1 })
+        .skip((page - 1) * PAGE_SIZE)
+        .limit(PAGE_SIZE)
+        .toArray();
+
+      const cursor = buildCursor(page, totalPages, mountPath + "/admin/activities");
+
+      response.render("activities", {
+        title: response.locals.__("activitypub.activities"),
+        activities,
+        mountPath,
+        cursor,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+function buildCursor(page, totalPages, basePath) {
+  if (totalPages <= 1) return null;
+
+  return {
+    previous: page > 1
+      ? { href: `${basePath}?page=${page - 1}` }
+      : undefined,
+    next: page < totalPages
+      ? { href: `${basePath}?page=${page + 1}` }
+      : undefined,
+  };
+}

package/lib/controllers/dashboard.js

@@ -0,0 +1,39 @@
+/**
+ * Dashboard controller — shows follower/following counts and recent activity.
+ */
+export function dashboardController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const followersCollection = application?.collections?.get("ap_followers");
+      const followingCollection = application?.collections?.get("ap_following");
+      const activitiesCollection =
+        application?.collections?.get("ap_activities");
+
+      const followerCount = followersCollection
+        ? await followersCollection.countDocuments()
+        : 0;
+      const followingCount = followingCollection
+        ? await followingCollection.countDocuments()
+        : 0;
+
+      const recentActivities = activitiesCollection
+        ? await activitiesCollection
+            .find()
+            .sort({ receivedAt: -1 })
+            .limit(10)
+            .toArray()
+        : [];
+
+      response.render("dashboard", {
+        title: response.locals.__("activitypub.title"),
+        followerCount,
+        followingCount,
+        recentActivities,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}

package/lib/controllers/followers.js

@@ -0,0 +1,58 @@
+/**
+ * Followers list controller — paginated list of accounts following this actor.
+ */
+const PAGE_SIZE = 20;
+
+export function followersController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const collection = application?.collections?.get("ap_followers");
+
+      if (!collection) {
+        return response.render("followers", {
+          title: response.locals.__("activitypub.followers"),
+          followers: [],
+          followerCount: 0,
+          mountPath,
+        });
+      }
+
+      const page = Math.max(1, Number.parseInt(request.query.page, 10) || 1);
+      const totalCount = await collection.countDocuments();
+      const totalPages = Math.ceil(totalCount / PAGE_SIZE);
+
+      const followers = await collection
+        .find()
+        .sort({ followedAt: -1 })
+        .skip((page - 1) * PAGE_SIZE)
+        .limit(PAGE_SIZE)
+        .toArray();
+
+      const cursor = buildCursor(page, totalPages, mountPath + "/admin/followers");
+
+      response.render("followers", {
+        title: response.locals.__("activitypub.followers"),
+        followers,
+        followerCount: totalCount,
+        mountPath,
+        cursor,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+function buildCursor(page, totalPages, basePath) {
+  if (totalPages <= 1) return null;
+
+  return {
+    previous: page > 1
+      ? { href: `${basePath}?page=${page - 1}` }
+      : undefined,
+    next: page < totalPages
+      ? { href: `${basePath}?page=${page + 1}` }
+      : undefined,
+  };
+}

package/lib/controllers/following.js

@@ -0,0 +1,58 @@
+/**
+ * Following list controller — paginated list of accounts this actor follows.
+ */
+const PAGE_SIZE = 20;
+
+export function followingController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const collection = application?.collections?.get("ap_following");
+
+      if (!collection) {
+        return response.render("following", {
+          title: response.locals.__("activitypub.following"),
+          following: [],
+          followingCount: 0,
+          mountPath,
+        });
+      }
+
+      const page = Math.max(1, Number.parseInt(request.query.page, 10) || 1);
+      const totalCount = await collection.countDocuments();
+      const totalPages = Math.ceil(totalCount / PAGE_SIZE);
+
+      const following = await collection
+        .find()
+        .sort({ followedAt: -1 })
+        .skip((page - 1) * PAGE_SIZE)
+        .limit(PAGE_SIZE)
+        .toArray();
+
+      const cursor = buildCursor(page, totalPages, mountPath + "/admin/following");
+
+      response.render("following", {
+        title: response.locals.__("activitypub.following"),
+        following,
+        followingCount: totalCount,
+        mountPath,
+        cursor,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+function buildCursor(page, totalPages, basePath) {
+  if (totalPages <= 1) return null;
+
+  return {
+    previous: page > 1
+      ? { href: `${basePath}?page=${page - 1}` }
+      : undefined,
+    next: page < totalPages
+      ? { href: `${basePath}?page=${page + 1}` }
+      : undefined,
+  };
+}