@rmdes/indiekit-endpoint-activitypub 1.0.29 → 1.1.1

package/lib/controllers/moderation.js

@@ -0,0 +1,294 @@
+/**
+ * Moderation controllers — Mute, Unmute, Block, Unblock.
+ */
+
+import { validateToken, getToken } from "../csrf.js";
+import {
+  addMuted,
+  removeMuted,
+  addBlocked,
+  removeBlocked,
+  getAllMuted,
+  getAllBlocked,
+} from "../storage/moderation.js";
+
+/**
+ * Helper to get moderation collections from request.
+ */
+function getModerationCollections(request) {
+  const { application } = request.app.locals;
+  return {
+    ap_muted: application?.collections?.get("ap_muted"),
+    ap_blocked: application?.collections?.get("ap_blocked"),
+    ap_timeline: application?.collections?.get("ap_timeline"),
+  };
+}
+
+/**
+ * POST /admin/reader/mute — Mute an actor or keyword.
+ */
+export function muteController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url, keyword } = request.body;
+
+      if (!url && !keyword) {
+        return response.status(400).json({
+          success: false,
+          error: "Provide url or keyword to mute",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await addMuted(collections, { url: url || undefined, keyword: keyword || undefined });
+
+      console.info(
+        `[ActivityPub] Muted ${url ? `actor: ${url}` : `keyword: ${keyword}`}`,
+      );
+
+      return response.json({
+        success: true,
+        type: "mute",
+        url: url || undefined,
+        keyword: keyword || undefined,
+      });
+    } catch (error) {
+      console.error("[ActivityPub] Mute failed:", error.message);
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unmute — Unmute an actor or keyword.
+ */
+export function unmuteController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url, keyword } = request.body;
+
+      if (!url && !keyword) {
+        return response.status(400).json({
+          success: false,
+          error: "Provide url or keyword to unmute",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await removeMuted(collections, { url: url || undefined, keyword: keyword || undefined });
+
+      return response.json({
+        success: true,
+        type: "unmute",
+        url: url || undefined,
+        keyword: keyword || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/block — Block an actor (sends Block activity + removes timeline items).
+ */
+export function blockController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+
+      // Store the block
+      await addBlocked(collections, url);
+
+      // Remove timeline items from this actor
+      if (collections.ap_timeline) {
+        await collections.ap_timeline.deleteMany({ "author.url": url });
+      }
+
+      // Send Block activity via federation
+      if (plugin._federation) {
+        try {
+          const { Block } = await import("@fedify/fedify");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const remoteActor = await ctx.lookupObject(new URL(url));
+
+          if (remoteActor) {
+            const block = new Block({
+              actor: ctx.getActorUri(handle),
+              object: new URL(url),
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              block,
+              { orderingKey: url },
+            );
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Block to ${url}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(`[ActivityPub] Blocked actor: ${url}`);
+
+      return response.json({
+        success: true,
+        type: "block",
+        url,
+      });
+    } catch (error) {
+      console.error("[ActivityPub] Block failed:", error.message);
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unblock — Unblock an actor (sends Undo(Block)).
+ */
+export function unblockController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await removeBlocked(collections, url);
+
+      // Send Undo(Block) via federation
+      if (plugin._federation) {
+        try {
+          const { Block, Undo } = await import("@fedify/fedify");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const remoteActor = await ctx.lookupObject(new URL(url));
+
+          if (remoteActor) {
+            const block = new Block({
+              actor: ctx.getActorUri(handle),
+              object: new URL(url),
+            });
+
+            const undo = new Undo({
+              actor: ctx.getActorUri(handle),
+              object: block,
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              undo,
+              { orderingKey: url },
+            );
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Undo(Block) to ${url}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(`[ActivityPub] Unblocked actor: ${url}`);
+
+      return response.json({
+        success: true,
+        type: "unblock",
+        url,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * GET /admin/reader/moderation — View muted/blocked lists.
+ */
+export function moderationController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const collections = getModerationCollections(request);
+      const csrfToken = getToken(request.session);
+
+      const muted = await getAllMuted(collections);
+      const blocked = await getAllBlocked(collections);
+
+      response.render("activitypub-moderation", {
+        title: response.locals.__("activitypub.moderation.title"),
+        muted,
+        blocked,
+        csrfToken,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}

package/lib/controllers/profile.js

@@ -29,7 +29,7 @@ export function profileGetController(mountPath) {
   };
 }
 
-export function profilePostController(mountPath) {
+export function profilePostController(mountPath, plugin) {
   return async (request, response, next) => {
     try {
       const { application } = request.app.locals;
@@ -79,6 +79,13 @@ export function profilePostController(mountPath) {
 
       await profileCollection.updateOne({}, update, { upsert: true });
 
+      // Send Update(Person) to followers so remote servers re-fetch the actor
+      if (plugin?.broadcastActorUpdate) {
+        plugin.broadcastActorUpdate().catch((error) => {
+          console.warn("[ActivityPub] Profile update broadcast failed:", error.message);
+        });
+      }
+
       const profile = await profileCollection.findOne({});
 
       response.render("activitypub-profile", {

package/lib/controllers/profile.remote.js

@@ -0,0 +1,218 @@
+/**
+ * Remote profile controllers — view remote actors and follow/unfollow.
+ */
+
+import { getToken, validateToken } from "../csrf.js";
+import { sanitizeContent } from "../timeline-store.js";
+
+/**
+ * GET /admin/reader/profile — Show remote actor profile.
+ * @param {string} mountPath - Plugin mount path
+ * @param {object} plugin - ActivityPub plugin instance
+ */
+export function remoteProfileController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const actorUrl = request.query.url || request.query.handle;
+
+      if (!actorUrl) {
+        return response.status(400).render("error", {
+          title: "Error",
+          content: "Missing actor URL or handle",
+        });
+      }
+
+      if (!plugin._federation) {
+        return response.status(503).render("error", {
+          title: "Error",
+          content: "Federation not initialized",
+        });
+      }
+
+      const handle = plugin.options.actor.handle;
+      const ctx = plugin._federation.createContext(
+        new URL(plugin._publicationUrl),
+        { handle, publicationUrl: plugin._publicationUrl },
+      );
+
+      // Look up the remote actor
+      let actor;
+
+      try {
+        actor = await ctx.lookupObject(new URL(actorUrl));
+      } catch {
+        return response.status(404).render("error", {
+          title: "Error",
+          content: response.locals.__("activitypub.profile.remote.notFound"),
+        });
+      }
+
+      if (!actor) {
+        return response.status(404).render("error", {
+          title: "Error",
+          content: response.locals.__("activitypub.profile.remote.notFound"),
+        });
+      }
+
+      // Extract actor info
+      const name =
+        actor.name?.toString() ||
+        actor.preferredUsername?.toString() ||
+        actorUrl;
+      const actorHandle = actor.preferredUsername?.toString() || "";
+      const summary = sanitizeContent(actor.summary?.toString() || "");
+      let icon = "";
+      let image = "";
+
+      try {
+        const iconObj = await actor.getIcon();
+        icon = iconObj?.url?.href || "";
+      } catch {
+        // No icon
+      }
+
+      try {
+        const imageObj = await actor.getImage();
+        image = imageObj?.url?.href || "";
+      } catch {
+        // No header image
+      }
+
+      // Extract host for "View on {instance}"
+      let instanceHost = "";
+
+      try {
+        instanceHost = new URL(actorUrl).hostname;
+      } catch {
+        // Invalid URL
+      }
+
+      // Check if we're following this actor
+      const followingCol = application?.collections?.get("ap_following");
+      const isFollowing = followingCol
+        ? !!(await followingCol.findOne({ actorUrl }))
+        : false;
+
+      // Get their posts from our timeline (only if following)
+      let posts = [];
+
+      if (isFollowing) {
+        const timelineCol = application?.collections?.get("ap_timeline");
+
+        if (timelineCol) {
+          posts = await timelineCol
+            .find({ "author.url": actorUrl })
+            .sort({ published: -1 })
+            .limit(20)
+            .toArray();
+        }
+      }
+
+      // Check mute/block state
+      const mutedCol = application?.collections?.get("ap_muted");
+      const blockedCol = application?.collections?.get("ap_blocked");
+      const isMuted = mutedCol
+        ? !!(await mutedCol.findOne({ url: actorUrl }))
+        : false;
+      const isBlocked = blockedCol
+        ? !!(await blockedCol.findOne({ url: actorUrl }))
+        : false;
+
+      const csrfToken = getToken(request.session);
+
+      response.render("activitypub-remote-profile", {
+        title: name,
+        actorUrl,
+        name,
+        actorHandle,
+        summary,
+        icon,
+        image,
+        instanceHost,
+        isFollowing,
+        isMuted,
+        isBlocked,
+        posts,
+        csrfToken,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/follow — Follow a remote actor.
+ */
+export function followController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const result = await plugin.followActor(url);
+
+      return response.json({
+        success: result.ok,
+        error: result.error || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unfollow — Unfollow a remote actor.
+ */
+export function unfollowController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { url } = request.body;
+
+      if (!url) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const result = await plugin.unfollowActor(url);
+
+      return response.json({
+        success: result.ok,
+        error: result.error || undefined,
+      });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}

package/lib/controllers/reader.js

@@ -0,0 +1,187 @@
+/**
+ * Reader controller — shows timeline of posts from followed accounts.
+ */
+
+import { getTimelineItems } from "../storage/timeline.js";
+import {
+  getNotifications,
+  getUnreadNotificationCount,
+  markAllNotificationsRead,
+} from "../storage/notifications.js";
+import { getToken } from "../csrf.js";
+import {
+  getMutedUrls,
+  getMutedKeywords,
+  getBlockedUrls,
+} from "../storage/moderation.js";
+
+// Re-export controllers from split modules for backward compatibility
+export {
+  composeController,
+  submitComposeController,
+} from "./compose.js";
+export {
+  remoteProfileController,
+  followController,
+  unfollowController,
+} from "./profile.remote.js";
+
+export function readerController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const collections = {
+        ap_timeline: application?.collections?.get("ap_timeline"),
+        ap_notifications: application?.collections?.get("ap_notifications"),
+      };
+
+      // Query parameters
+      const tab = request.query.tab || "all";
+      const before = request.query.before;
+      const after = request.query.after;
+      const limit = Number.parseInt(request.query.limit || "20", 10);
+
+      // Build query options
+      const options = { before, after, limit };
+
+      // Tab filtering
+      if (tab === "notes") {
+        options.type = "note";
+      } else if (tab === "articles") {
+        options.type = "article";
+      } else if (tab === "boosts") {
+        options.type = "boost";
+      }
+
+      // Get timeline items
+      const result = await getTimelineItems(collections, options);
+
+      // Apply client-side filtering for tabs not supported by storage layer
+      let items = result.items;
+      if (tab === "replies") {
+        items = items.filter((item) => item.inReplyTo);
+      } else if (tab === "media") {
+        items = items.filter(
+          (item) =>
+            (item.photo && item.photo.length > 0) ||
+            (item.video && item.video.length > 0) ||
+            (item.audio && item.audio.length > 0),
+        );
+      }
+
+      // Apply moderation filters (muted actors, keywords, blocked actors)
+      const modCollections = {
+        ap_muted: application?.collections?.get("ap_muted"),
+        ap_blocked: application?.collections?.get("ap_blocked"),
+      };
+      const [mutedUrls, mutedKeywords, blockedUrls] = await Promise.all([
+        getMutedUrls(modCollections),
+        getMutedKeywords(modCollections),
+        getBlockedUrls(modCollections),
+      ]);
+      const hiddenUrls = new Set([...mutedUrls, ...blockedUrls]);
+
+      if (hiddenUrls.size > 0 || mutedKeywords.length > 0) {
+        items = items.filter((item) => {
+          // Filter by author URL
+          if (item.author?.url && hiddenUrls.has(item.author.url)) {
+            return false;
+          }
+
+          // Filter by muted keywords in content
+          if (mutedKeywords.length > 0 && item.content?.text) {
+            const lower = item.content.text.toLowerCase();
+
+            if (
+              mutedKeywords.some((kw) => lower.includes(kw.toLowerCase()))
+            ) {
+              return false;
+            }
+          }
+
+          return true;
+        });
+      }
+
+      // Get unread notification count for badge
+      const unreadCount = await getUnreadNotificationCount(collections);
+
+      // Get interaction state for liked/boosted indicators
+      const interactionsCol =
+        application?.collections?.get("ap_interactions");
+      const interactionMap = {};
+
+      if (interactionsCol) {
+        const itemUrls = items
+          .map((item) => item.url || item.originalUrl)
+          .filter(Boolean);
+
+        if (itemUrls.length > 0) {
+          const interactions = await interactionsCol
+            .find({ objectUrl: { $in: itemUrls } })
+            .toArray();
+
+          for (const interaction of interactions) {
+            if (!interactionMap[interaction.objectUrl]) {
+              interactionMap[interaction.objectUrl] = {};
+            }
+
+            interactionMap[interaction.objectUrl][interaction.type] = true;
+          }
+        }
+      }
+
+      // CSRF token for interaction forms
+      const csrfToken = getToken(request.session);
+
+      response.render("activitypub-reader", {
+        title: response.locals.__("activitypub.reader.title"),
+        items,
+        tab,
+        before: result.before,
+        after: result.after,
+        unreadCount,
+        interactionMap,
+        csrfToken,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+export function notificationsController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      const { application } = request.app.locals;
+      const collections = {
+        ap_notifications: application?.collections?.get("ap_notifications"),
+      };
+
+      const before = request.query.before;
+      const limit = Number.parseInt(request.query.limit || "20", 10);
+
+      // Get notifications
+      const result = await getNotifications(collections, { before, limit });
+
+      // Get unread count before marking as read
+      const unreadCount = await getUnreadNotificationCount(collections);
+
+      // Mark all as read when page loads
+      if (result.items.length > 0) {
+        await markAllNotificationsRead(collections);
+      }
+
+      response.render("activitypub-notifications", {
+        title: response.locals.__("activitypub.notifications.title"),
+        items: result.items,
+        before: result.before,
+        unreadCount,
+        mountPath,
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+}