@rmdes/indiekit-endpoint-activitypub 1.0.28 → 1.1.1

package/lib/controllers/moderation.js

@@ -0,0 +1,294 @@
+/**
+ * Moderation controllers — Mute, Unmute, Block, Unblock.
+ */
+
+import { validateToken, getToken } from "../csrf.js";
+import {
+  addMuted,
+  removeMuted,
+  addBlocked,
+  removeBlocked,
+  getAllMuted,
+  getAllBlocked,
+} from "../storage/moderation.js";
+
+/**
+ * Helper to get moderation collections from request.
+ */
+function getModerationCollections(request) {
+  const { application } = request.app.locals;
+  return {
+    ap_muted: application?.collections?.get("ap_muted"),
+    ap_blocked: application?.collections?.get("ap_blocked"),
+    ap_timeline: application?.collections?.get("ap_timeline"),
+  };
+}
+
+/**
+ * POST /admin/reader/mute — Mute an actor or keyword.
+ */
+export function muteController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url, keyword } = request.body;
+
+      if (!url && !keyword) {
+        return response.status(400).json({
+          success: false,
+          error: "Provide url or keyword to mute",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await addMuted(collections, { url: url || undefined, keyword: keyword || undefined });
+
+      console.info(
+        `[ActivityPub] Muted ${url ? `actor: ${url}` : `keyword: ${keyword}`}`,
+      );
+
+      return response.json({
+        success: true,
+        type: "mute",
+        url: url || undefined,
+        keyword: keyword || undefined,
+      });
+    } catch (error) {
+      console.error("[ActivityPub] Mute failed:", error.message);
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unmute — Unmute an actor or keyword.
+ */
+export function unmuteController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url, keyword } = request.body;
+
+      if (!url && !keyword) {
+        return response.status(400).json({
+          success: false,
+          error: "Provide url or keyword to unmute",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await removeMuted(collections, { url: url || undefined, keyword: keyword || undefined });
+
+      return response.json({
+        success: true,
+        type: "unmute",
+        url: url || undefined,
+        keyword: keyword || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/block — Block an actor (sends Block activity + removes timeline items).
+ */
+export function blockController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+
+      // Store the block
+      await addBlocked(collections, url);
+
+      // Remove timeline items from this actor
+      if (collections.ap_timeline) {
+        await collections.ap_timeline.deleteMany({ "author.url": url });
+      }
+
+      // Send Block activity via federation
+      if (plugin._federation) {
+        try {
+          const { Block } = await import("@fedify/fedify");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const remoteActor = await ctx.lookupObject(new URL(url));
+
+          if (remoteActor) {
+            const block = new Block({
+              actor: ctx.getActorUri(handle),
+              object: new URL(url),
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              block,
+              { orderingKey: url },
+            );
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Block to ${url}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(`[ActivityPub] Blocked actor: ${url}`);
+
+      return response.json({
+        success: true,
+        type: "block",
+        url,
+      });
+    } catch (error) {
+      console.error("[ActivityPub] Block failed:", error.message);
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unblock — Unblock an actor (sends Undo(Block)).
+ */
+export function unblockController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await removeBlocked(collections, url);
+
+      // Send Undo(Block) via federation
+      if (plugin._federation) {
+        try {
+          const { Block, Undo } = await import("@fedify/fedify");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const remoteActor = await ctx.lookupObject(new URL(url));
+
+          if (remoteActor) {
+            const block = new Block({
+              actor: ctx.getActorUri(handle),
+              object: new URL(url),
+            });
+
+            const undo = new Undo({
+              actor: ctx.getActorUri(handle),
+              object: block,
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              undo,
+              { orderingKey: url },
+            );
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Undo(Block) to ${url}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(`[ActivityPub] Unblocked actor: ${url}`);
+
+      return response.json({
+        success: true,
+        type: "unblock",
+        url,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * GET /admin/reader/moderation — View muted/blocked lists.
+ */
+export function moderationController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const collections = getModerationCollections(request);
+      const csrfToken = getToken(request.session);
+
+      const muted = await getAllMuted(collections);
+      const blocked = await getAllBlocked(collections);
+
+      response.render("activitypub-moderation", {
+        title: response.locals.__("activitypub.moderation.title"),
+        muted,
+        blocked,
+        csrfToken,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}

package/lib/controllers/profile.js

@@ -5,6 +5,8 @@
  * POST: saves updated profile fields back to ap_profile
  */
 
+const ACTOR_TYPES = ["Person", "Service", "Organization"];
+
 export function profileGetController(mountPath) {
   return async (request, response, next) => {
     try {
@@ -18,6 +20,7 @@ export function profileGetController(mountPath) {
         title: response.locals.__("activitypub.profile.title"),
         mountPath,
         profile,
+        actorTypes: ACTOR_TYPES,
         result: null,
       });
     } catch (error) {
@@ -26,7 +29,7 @@ export function profileGetController(mountPath) {
   };
 }
 
-export function profilePostController(mountPath) {
+export function profilePostController(mountPath, plugin) {
   return async (request, response, next) => {
     try {
       const { application } = request.app.locals;
@@ -42,10 +45,23 @@ export function profilePostController(mountPath) {
         url,
         icon,
         image,
+        actorType,
         manuallyApprovesFollowers,
         authorizedFetch,
       } = request.body;
 
+      // Parse profile links (attachments) from form arrays
+      const linkNames = [].concat(request.body["link_name[]"] || []);
+      const linkValues = [].concat(request.body["link_value[]"] || []);
+      const attachments = [];
+      for (let i = 0; i < linkNames.length; i++) {
+        const n = linkNames[i]?.trim();
+        const v = linkValues[i]?.trim();
+        if (n && v) {
+          attachments.push({ name: n, value: v });
+        }
+      }
+
       const update = {
         $set: {
           name: name?.trim() || "",
@@ -53,20 +69,30 @@ export function profilePostController(mountPath) {
           url: url?.trim() || "",
           icon: icon?.trim() || "",
           image: image?.trim() || "",
+          actorType: ACTOR_TYPES.includes(actorType) ? actorType : "Person",
           manuallyApprovesFollowers: manuallyApprovesFollowers === "true",
           authorizedFetch: authorizedFetch === "true",
+          attachments,
           updatedAt: new Date().toISOString(),
         },
       };
 
       await profileCollection.updateOne({}, update, { upsert: true });
 
+      // Send Update(Person) to followers so remote servers re-fetch the actor
+      if (plugin?.broadcastActorUpdate) {
+        plugin.broadcastActorUpdate().catch((error) => {
+          console.warn("[ActivityPub] Profile update broadcast failed:", error.message);
+        });
+      }
+
       const profile = await profileCollection.findOne({});
 
       response.render("activitypub-profile", {
         title: response.locals.__("activitypub.profile.title"),
         mountPath,
         profile,
+        actorTypes: ACTOR_TYPES,
         result: {
           type: "success",
           text: response.locals.__("activitypub.profile.saved"),

package/lib/controllers/profile.remote.js

@@ -0,0 +1,218 @@
+/**
+ * Remote profile controllers — view remote actors and follow/unfollow.
+ */
+
+import { getToken, validateToken } from "../csrf.js";
+import { sanitizeContent } from "../timeline-store.js";
+
+/**
+ * GET /admin/reader/profile — Show remote actor profile.
+ * @param {string} mountPath - Plugin mount path
+ * @param {object} plugin - ActivityPub plugin instance
+ */
+export function remoteProfileController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const actorUrl = request.query.url || request.query.handle;
+
+      if (!actorUrl) {
+        return response.status(400).render("error", {
+          title: "Error",
+          content: "Missing actor URL or handle",
+        });
+      }
+
+      if (!plugin._federation) {
+        return response.status(503).render("error", {
+          title: "Error",
+          content: "Federation not initialized",
+        });
+      }
+
+      const handle = plugin.options.actor.handle;
+      const ctx = plugin._federation.createContext(
+        new URL(plugin._publicationUrl),
+        { handle, publicationUrl: plugin._publicationUrl },
+      );
+
+      // Look up the remote actor
+      let actor;
+
+      try {
+        actor = await ctx.lookupObject(new URL(actorUrl));
+      } catch {
+        return response.status(404).render("error", {
+          title: "Error",
+          content: response.locals.__("activitypub.profile.remote.notFound"),
+        });
+      }
+
+      if (!actor) {
+        return response.status(404).render("error", {
+          title: "Error",
+          content: response.locals.__("activitypub.profile.remote.notFound"),
+        });
+      }
+
+      // Extract actor info
+      const name =
+        actor.name?.toString() ||
+        actor.preferredUsername?.toString() ||
+        actorUrl;
+      const actorHandle = actor.preferredUsername?.toString() || "";
+      const summary = sanitizeContent(actor.summary?.toString() || "");
+      let icon = "";
+      let image = "";
+
+      try {
+        const iconObj = await actor.getIcon();
+        icon = iconObj?.url?.href || "";
+      } catch {
+        // No icon
+      }
+
+      try {
+        const imageObj = await actor.getImage();
+        image = imageObj?.url?.href || "";
+      } catch {
+        // No header image
+      }
+
+      // Extract host for "View on {instance}"
+      let instanceHost = "";
+
+      try {
+        instanceHost = new URL(actorUrl).hostname;
+      } catch {
+        // Invalid URL
+      }
+
+      // Check if we're following this actor
+      const followingCol = application?.collections?.get("ap_following");
+      const isFollowing = followingCol
+        ? !!(await followingCol.findOne({ actorUrl }))
+        : false;
+
+      // Get their posts from our timeline (only if following)
+      let posts = [];
+
+      if (isFollowing) {
+        const timelineCol = application?.collections?.get("ap_timeline");
+
+        if (timelineCol) {
+          posts = await timelineCol
+            .find({ "author.url": actorUrl })
+            .sort({ published: -1 })
+            .limit(20)
+            .toArray();
+        }
+      }
+
+      // Check mute/block state
+      const mutedCol = application?.collections?.get("ap_muted");
+      const blockedCol = application?.collections?.get("ap_blocked");
+      const isMuted = mutedCol
+        ? !!(await mutedCol.findOne({ url: actorUrl }))
+        : false;
+      const isBlocked = blockedCol
+        ? !!(await blockedCol.findOne({ url: actorUrl }))
+        : false;
+
+      const csrfToken = getToken(request.session);
+
+      response.render("activitypub-remote-profile", {
+        title: name,
+        actorUrl,
+        name,
+        actorHandle,
+        summary,
+        icon,
+        image,
+        instanceHost,
+        isFollowing,
+        isMuted,
+        isBlocked,
+        posts,
+        csrfToken,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/follow — Follow a remote actor.
+ */
+export function followController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const result = await plugin.followActor(url);
+
+      return response.json({
+        success: result.ok,
+        error: result.error || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unfollow — Unfollow a remote actor.
+ */
+export function unfollowController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const result = await plugin.unfollowActor(url);
+
+      return response.json({
+        success: result.ok,
+        error: result.error || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}