@rmdes/indiekit-endpoint-activitypub 0.1.10 → 1.0.0

package/lib/federation-bridge.js

@@ -0,0 +1,119 @@
+/**
+ * Express ↔ Fedify bridge.
+ *
+ * Converts Express requests to standard Request objects and delegates
+ * to federation.fetch(). We can't use @fedify/express's integrateFederation()
+ * because Indiekit plugins mount routes at a sub-path (e.g. /activitypub),
+ * which causes req.url to lose the mount prefix. Instead, we use
+ * req.originalUrl to preserve the full path that Fedify's URI templates expect.
+ */
+
+import { Readable } from "node:stream";
+import { Buffer } from "node:buffer";
+
+/**
+ * Convert an Express request to a standard Request with the full URL.
+ *
+ * @param {import("express").Request} req - Express request
+ * @returns {Request} Standard Request object
+ */
+export function fromExpressRequest(req) {
+  const url = `${req.protocol}://${req.get("host")}${req.originalUrl}`;
+  const headers = new Headers();
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (Array.isArray(value)) {
+      for (const v of value) headers.append(key, v);
+    } else if (typeof value === "string") {
+      headers.append(key, value);
+    }
+  }
+
+  return new Request(url, {
+    method: req.method,
+    headers,
+    duplex: "half",
+    body:
+      req.method === "GET" || req.method === "HEAD"
+        ? undefined
+        : Readable.toWeb(req),
+  });
+}
+
+/**
+ * Send a standard Response back through Express.
+ *
+ * @param {import("express").Response} res - Express response
+ * @param {Response} response - Standard Response from federation.fetch()
+ */
+async function sendFedifyResponse(res, response) {
+  res.status(response.status);
+  response.headers.forEach((value, key) => {
+    res.setHeader(key, value);
+  });
+
+  if (!response.body) {
+    res.end();
+    return;
+  }
+
+  const reader = response.body.getReader();
+  await new Promise((resolve) => {
+    function read({ done, value }) {
+      if (done) {
+        reader.releaseLock();
+        resolve();
+        return;
+      }
+      res.write(Buffer.from(value));
+      reader.read().then(read);
+    }
+    reader.read().then(read);
+  });
+  res.end();
+}
+
+/**
+ * Create Express middleware that delegates to Fedify's federation.fetch().
+ *
+ * On 404 (Fedify didn't match), calls next().
+ * On 406 (not acceptable), calls next() so Express can try other handlers.
+ * Otherwise, sends the Fedify response directly.
+ *
+ * @param {import("@fedify/fedify").Federation} federation
+ * @param {Function} contextDataFactory - (req) => contextData
+ * @returns {import("express").RequestHandler}
+ */
+export function createFedifyMiddleware(federation, contextDataFactory) {
+  return async (req, res, next) => {
+    try {
+      const request = fromExpressRequest(req);
+      const contextData = await Promise.resolve(contextDataFactory(req));
+
+      let notFound = false;
+      let notAcceptable = false;
+
+      const response = await federation.fetch(request, {
+        contextData,
+        onNotFound: () => {
+          notFound = true;
+          return new Response("Not found", { status: 404 });
+        },
+        onNotAcceptable: () => {
+          notAcceptable = true;
+          return new Response("Not acceptable", {
+            status: 406,
+            headers: { "Content-Type": "text/plain", Vary: "Accept" },
+          });
+        },
+      });
+
+      if (notFound || notAcceptable) {
+        return next();
+      }
+
+      await sendFedifyResponse(res, response);
+    } catch (error) {
+      next(error);
+    }
+  };
+}

package/lib/federation-setup.js

@@ -0,0 +1,321 @@
+/**
+ * Fedify Federation setup — configures the Federation instance with all
+ * dispatchers, inbox listeners, and collection handlers.
+ *
+ * This replaces the hand-rolled federation.js, actor.js, keys.js, webfinger.js,
+ * and inbox.js with Fedify's battle-tested implementations.
+ */
+
+import { Temporal } from "@js-temporal/polyfill";
+import {
+  Endpoints,
+  Image,
+  InProcessMessageQueue,
+  Person,
+  PropertyValue,
+  createFederation,
+  importSpki,
+} from "@fedify/fedify";
+import { MongoKvStore } from "./kv-store.js";
+import { registerInboxListeners } from "./inbox-listeners.js";
+
+/**
+ * Create and configure a Fedify Federation instance.
+ *
+ * @param {object} options
+ * @param {object} options.collections - MongoDB collections
+ * @param {string} options.mountPath - Plugin mount path (e.g. "/activitypub")
+ * @param {string} options.handle - Actor handle (e.g. "rick")
+ * @param {boolean} options.storeRawActivities - Whether to store full raw JSON
+ * @returns {{ federation: import("@fedify/fedify").Federation }}
+ */
+export function setupFederation(options) {
+  const {
+    collections,
+    mountPath,
+    handle,
+    storeRawActivities = false,
+  } = options;
+
+  const federation = createFederation({
+    kv: new MongoKvStore(collections.ap_kv),
+    queue: new InProcessMessageQueue(),
+  });
+
+  // --- Actor dispatcher ---
+  federation
+    .setActorDispatcher(
+      `${mountPath}/users/{identifier}`,
+      async (ctx, identifier) => {
+        if (identifier !== handle) return null;
+
+        const profile = await getProfile(collections);
+        const keyPairs = await ctx.getActorKeyPairs(identifier);
+
+        const personOptions = {
+          id: ctx.getActorUri(identifier),
+          preferredUsername: identifier,
+          name: profile.name || identifier,
+          url: profile.url ? new URL(profile.url) : null,
+          inbox: ctx.getInboxUri(identifier),
+          outbox: ctx.getOutboxUri(identifier),
+          followers: ctx.getFollowersUri(identifier),
+          following: ctx.getFollowingUri(identifier),
+          endpoints: new Endpoints({ sharedInbox: ctx.getInboxUri() }),
+          manuallyApprovesFollowers:
+            profile.manuallyApprovesFollowers || false,
+        };
+
+        if (profile.summary) {
+          personOptions.summary = profile.summary;
+        }
+
+        if (profile.icon) {
+          personOptions.icon = new Image({
+            url: new URL(profile.icon),
+            mediaType: guessImageMediaType(profile.icon),
+          });
+        }
+
+        if (profile.image) {
+          personOptions.image = new Image({
+            url: new URL(profile.image),
+            mediaType: guessImageMediaType(profile.image),
+          });
+        }
+
+        if (keyPairs.length > 0) {
+          personOptions.publicKey = keyPairs[0].cryptographicKey;
+          personOptions.assertionMethod = keyPairs[0].multikey;
+        }
+
+        if (profile.attachments?.length > 0) {
+          personOptions.attachments = profile.attachments.map(
+            (att) => new PropertyValue({ name: att.name, value: att.value }),
+          );
+        }
+
+        if (profile.alsoKnownAs?.length > 0) {
+          personOptions.alsoKnownAs = profile.alsoKnownAs.map(
+            (u) => new URL(u),
+          );
+        }
+
+        if (profile.createdAt) {
+          personOptions.published = Temporal.Instant.from(profile.createdAt);
+        }
+
+        return new Person(personOptions);
+      },
+    )
+    .setKeyPairsDispatcher(async (ctx, identifier) => {
+      if (identifier !== handle) return [];
+
+      const legacyKey = await collections.ap_keys.findOne({});
+      if (legacyKey?.publicKeyPem && legacyKey?.privateKeyPem) {
+        try {
+          const publicKey = await importSpki(legacyKey.publicKeyPem, "RSA");
+          const privateKey = await importPkcs8Pem(legacyKey.privateKeyPem);
+          return [{ publicKey, privateKey }];
+        } catch {
+          console.warn(
+            "[ActivityPub] Could not import legacy RSA keys, generating new key pairs",
+          );
+        }
+      }
+
+      return [];
+    });
+
+  // --- Inbox listeners ---
+  const inboxChain = federation.setInboxListeners(
+    `${mountPath}/users/{identifier}/inbox`,
+    `${mountPath}/inbox`,
+  );
+  registerInboxListeners(inboxChain, {
+    collections,
+    handle,
+    storeRawActivities,
+  });
+
+  // --- Collection dispatchers ---
+  setupFollowers(federation, mountPath, handle, collections);
+  setupFollowing(federation, mountPath, handle, collections);
+  setupOutbox(federation, mountPath, handle, collections);
+
+  // --- NodeInfo ---
+  federation.setNodeInfoDispatcher("/nodeinfo/2.1", async () => {
+    const postsCount = collections.posts
+      ? await collections.posts.countDocuments()
+      : 0;
+
+    return {
+      software: {
+        name: "indiekit",
+        version: { major: 1, minor: 0, patch: 0 },
+      },
+      protocols: ["activitypub"],
+      usage: {
+        users: { total: 1, activeMonth: 1, activeHalfyear: 1 },
+        localPosts: postsCount,
+        localComments: 0,
+      },
+    };
+  });
+
+  return { federation };
+}
+
+// --- Collection setup helpers ---
+
+function setupFollowers(federation, mountPath, handle, collections) {
+  federation
+    .setFollowersDispatcher(
+      `${mountPath}/users/{identifier}/followers`,
+      async (ctx, identifier, cursor) => {
+        if (identifier !== handle) return null;
+        const pageSize = 20;
+        const skip = cursor ? Number.parseInt(cursor, 10) : 0;
+        const docs = await collections.ap_followers
+          .find()
+          .sort({ followedAt: -1 })
+          .skip(skip)
+          .limit(pageSize)
+          .toArray();
+        const total = await collections.ap_followers.countDocuments();
+
+        return {
+          items: docs.map((f) => new URL(f.actorUrl)),
+          nextCursor:
+            skip + pageSize < total ? String(skip + pageSize) : null,
+        };
+      },
+    )
+    .setCounter(async (ctx, identifier) => {
+      if (identifier !== handle) return 0;
+      return await collections.ap_followers.countDocuments();
+    })
+    .setFirstCursor(async () => "0");
+}
+
+function setupFollowing(federation, mountPath, handle, collections) {
+  federation
+    .setFollowingDispatcher(
+      `${mountPath}/users/{identifier}/following`,
+      async (ctx, identifier, cursor) => {
+        if (identifier !== handle) return null;
+        const pageSize = 20;
+        const skip = cursor ? Number.parseInt(cursor, 10) : 0;
+        const docs = await collections.ap_following
+          .find()
+          .sort({ followedAt: -1 })
+          .skip(skip)
+          .limit(pageSize)
+          .toArray();
+        const total = await collections.ap_following.countDocuments();
+
+        return {
+          items: docs.map((f) => new URL(f.actorUrl)),
+          nextCursor:
+            skip + pageSize < total ? String(skip + pageSize) : null,
+        };
+      },
+    )
+    .setCounter(async (ctx, identifier) => {
+      if (identifier !== handle) return 0;
+      return await collections.ap_following.countDocuments();
+    })
+    .setFirstCursor(async () => "0");
+}
+
+function setupOutbox(federation, mountPath, handle, collections) {
+  federation
+    .setOutboxDispatcher(
+      `${mountPath}/users/{identifier}/outbox`,
+      async (ctx, identifier, cursor) => {
+        if (identifier !== handle) return null;
+
+        const postsCollection = collections.posts;
+        if (!postsCollection) return { items: [] };
+
+        const pageSize = 20;
+        const skip = cursor ? Number.parseInt(cursor, 10) : 0;
+        const total = await postsCollection.countDocuments();
+
+        const posts = await postsCollection
+          .find()
+          .sort({ "properties.published": -1 })
+          .skip(skip)
+          .limit(pageSize)
+          .toArray();
+
+        const { jf2ToAS2Activity } = await import("./jf2-to-as2.js");
+        const items = posts
+          .map((post) => {
+            try {
+              return jf2ToAS2Activity(
+                post.properties,
+                ctx.getActorUri(identifier).href,
+                collections._publicationUrl,
+              );
+            } catch {
+              return null;
+            }
+          })
+          .filter(Boolean);
+
+        return {
+          items,
+          nextCursor:
+            skip + pageSize < total ? String(skip + pageSize) : null,
+        };
+      },
+    )
+    .setCounter(async (ctx, identifier) => {
+      if (identifier !== handle) return 0;
+      const postsCollection = collections.posts;
+      if (!postsCollection) return 0;
+      return await postsCollection.countDocuments();
+    })
+    .setFirstCursor(async () => "0");
+}
+
+// --- Helpers ---
+
+async function getProfile(collections) {
+  const doc = await collections.ap_profile.findOne({});
+  return doc || {};
+}
+
+/**
+ * Import a PKCS#8 PEM private key using Web Crypto API.
+ * Fedify's importPem only handles PKCS#1, but Node.js crypto generates PKCS#8.
+ */
+async function importPkcs8Pem(pem) {
+  const lines = pem
+    .replace("-----BEGIN PRIVATE KEY-----", "")
+    .replace("-----END PRIVATE KEY-----", "")
+    .replace(/\s/g, "");
+  const der = Uint8Array.from(atob(lines), (c) => c.charCodeAt(0));
+  return crypto.subtle.importKey(
+    "pkcs8",
+    der,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    true,
+    ["sign"],
+  );
+}
+
+function guessImageMediaType(url) {
+  const ext = url.split(".").pop()?.toLowerCase();
+  const types = {
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    png: "image/png",
+    gif: "image/gif",
+    webp: "image/webp",
+    svg: "image/svg+xml",
+    avif: "image/avif",
+  };
+  return types[ext] || "image/jpeg";
+}

package/lib/inbox-listeners.js

@@ -0,0 +1,215 @@
+/**
+ * Inbox listener registrations for the Fedify Federation instance.
+ *
+ * Each listener handles a specific ActivityPub activity type received
+ * in the actor's inbox (Follow, Undo, Like, Announce, Create, Delete, Move).
+ */
+
+import {
+  Accept,
+  Announce,
+  Create,
+  Delete,
+  Follow,
+  Like,
+  Move,
+  Note,
+  Undo,
+} from "@fedify/fedify";
+
+/**
+ * Register all inbox listeners on a federation's inbox chain.
+ *
+ * @param {object} inboxChain - Return value of federation.setInboxListeners()
+ * @param {object} options
+ * @param {object} options.collections - MongoDB collections
+ * @param {string} options.handle - Actor handle
+ * @param {boolean} options.storeRawActivities - Whether to store raw JSON
+ */
+export function registerInboxListeners(inboxChain, options) {
+  const { collections, handle, storeRawActivities } = options;
+
+  inboxChain
+    .on(Follow, async (ctx, follow) => {
+      const followerActor = await follow.getActor();
+      if (!followerActor?.id) return;
+
+      const followerUrl = followerActor.id.href;
+      const followerName =
+        followerActor.name?.toString() ||
+        followerActor.preferredUsername?.toString() ||
+        followerUrl;
+
+      await collections.ap_followers.updateOne(
+        { actorUrl: followerUrl },
+        {
+          $set: {
+            actorUrl: followerUrl,
+            handle: followerActor.preferredUsername?.toString() || "",
+            name: followerName,
+            avatar: followerActor.icon
+              ? (await followerActor.icon)?.url?.href || ""
+              : "",
+            inbox: followerActor.inbox?.id?.href || "",
+            sharedInbox: followerActor.endpoints?.sharedInbox?.href || "",
+            followedAt: new Date().toISOString(),
+          },
+        },
+        { upsert: true },
+      );
+
+      // Auto-accept: send Accept back
+      await ctx.sendActivity(
+        { identifier: handle },
+        followerActor,
+        new Accept({
+          actor: ctx.getActorUri(handle),
+          object: follow,
+        }),
+      );
+
+      await logActivity(collections, storeRawActivities, {
+        direction: "inbound",
+        type: "Follow",
+        actorUrl: followerUrl,
+        actorName: followerName,
+        summary: `${followerName} followed you`,
+      });
+    })
+    .on(Undo, async (ctx, undo) => {
+      const actorObj = await undo.getActor();
+      const actorUrl = actorObj?.id?.href || "";
+      const inner = await undo.getObject();
+
+      if (inner instanceof Follow) {
+        await collections.ap_followers.deleteOne({ actorUrl });
+        await logActivity(collections, storeRawActivities, {
+          direction: "inbound",
+          type: "Undo(Follow)",
+          actorUrl,
+          summary: `${actorUrl} unfollowed you`,
+        });
+      } else if (inner instanceof Like) {
+        const objectId = (await inner.getObject())?.id?.href || "";
+        await collections.ap_activities.deleteOne({
+          type: "Like",
+          actorUrl,
+          objectUrl: objectId,
+        });
+      } else if (inner instanceof Announce) {
+        const objectId = (await inner.getObject())?.id?.href || "";
+        await collections.ap_activities.deleteOne({
+          type: "Announce",
+          actorUrl,
+          objectUrl: objectId,
+        });
+      } else {
+        const typeName = inner?.constructor?.name || "unknown";
+        await logActivity(collections, storeRawActivities, {
+          direction: "inbound",
+          type: `Undo(${typeName})`,
+          actorUrl,
+          summary: `${actorUrl} undid ${typeName}`,
+        });
+      }
+    })
+    .on(Like, async (ctx, like) => {
+      const actorObj = await like.getActor();
+      const actorUrl = actorObj?.id?.href || "";
+      const actorName =
+        actorObj?.name?.toString() ||
+        actorObj?.preferredUsername?.toString() ||
+        actorUrl;
+      const objectId = (await like.getObject())?.id?.href || "";
+
+      await logActivity(collections, storeRawActivities, {
+        direction: "inbound",
+        type: "Like",
+        actorUrl,
+        actorName,
+        objectUrl: objectId,
+        summary: `${actorName} liked ${objectId}`,
+      });
+    })
+    .on(Announce, async (ctx, announce) => {
+      const actorObj = await announce.getActor();
+      const actorUrl = actorObj?.id?.href || "";
+      const actorName =
+        actorObj?.name?.toString() ||
+        actorObj?.preferredUsername?.toString() ||
+        actorUrl;
+      const objectId = (await announce.getObject())?.id?.href || "";
+
+      await logActivity(collections, storeRawActivities, {
+        direction: "inbound",
+        type: "Announce",
+        actorUrl,
+        actorName,
+        objectUrl: objectId,
+        summary: `${actorName} boosted ${objectId}`,
+      });
+    })
+    .on(Create, async (ctx, create) => {
+      const object = await create.getObject();
+      if (!object) return;
+
+      const inReplyTo =
+        object instanceof Note
+          ? (await object.getInReplyTo())?.id?.href
+          : null;
+      if (!inReplyTo) return;
+
+      const actorObj = await create.getActor();
+      const actorUrl = actorObj?.id?.href || "";
+      const actorName =
+        actorObj?.name?.toString() ||
+        actorObj?.preferredUsername?.toString() ||
+        actorUrl;
+
+      await logActivity(collections, storeRawActivities, {
+        direction: "inbound",
+        type: "Reply",
+        actorUrl,
+        actorName,
+        objectUrl: object.id?.href || "",
+        summary: `${actorName} replied to ${inReplyTo}`,
+      });
+    })
+    .on(Delete, async (ctx, del) => {
+      const objectId = (await del.getObject())?.id?.href || "";
+      if (objectId) {
+        await collections.ap_activities.deleteMany({ objectUrl: objectId });
+      }
+    })
+    .on(Move, async (ctx, move) => {
+      const oldActorObj = await move.getActor();
+      const oldActorUrl = oldActorObj?.id?.href || "";
+      const target = await move.getTarget();
+      const newActorUrl = target?.id?.href || "";
+
+      if (oldActorUrl && newActorUrl) {
+        await collections.ap_followers.updateOne(
+          { actorUrl: oldActorUrl },
+          { $set: { actorUrl: newActorUrl, movedFrom: oldActorUrl } },
+        );
+      }
+
+      await logActivity(collections, storeRawActivities, {
+        direction: "inbound",
+        type: "Move",
+        actorUrl: oldActorUrl,
+        objectUrl: newActorUrl,
+        summary: `${oldActorUrl} moved to ${newActorUrl}`,
+      });
+    });
+}
+
+/**
+ * Log an activity to the ap_activities collection.
+ */
+async function logActivity(collections, storeRaw, record) {
+  await collections.ap_activities.insertOne({
+    ...record,
+    receivedAt: new Date().toISOString(),
+  });
+}