@rmdes/indiekit-endpoint-activitypub 1.1.10 → 1.1.12

package/lib/controllers/compose.js

@@ -3,7 +3,6 @@
  */
 
 import { Temporal } from "@js-temporal/polyfill";
-import { getTimelineItem } from "../storage/timeline.js";
 import { getToken, validateToken } from "../csrf.js";
 import { sanitizeContent } from "../timeline-store.js";
 
@@ -62,7 +61,12 @@ export function composeController(mountPath, plugin) {
         };
 
         // Try to find the post in our timeline first
-        replyContext = await getTimelineItem(collections, replyTo);
+        // Note: Timeline stores uid (canonical AP URL) and url (display URL).
+        // The card link passes the display URL, so search both fields.
+        const ap_timeline = collections.ap_timeline;
+        replyContext = ap_timeline
+          ? await ap_timeline.findOne({ $or: [{ uid: replyTo }, { url: replyTo }] })
+          : null;
 
         // If not in timeline, try to look up remotely
         if (!replyContext && plugin._federation) {
@@ -110,8 +114,11 @@ export function composeController(mountPath, plugin) {
                 author: { name: authorName, url: authorUrl },
               };
             }
-          } catch {
-            // Could not resolve — form still works without context
+          } catch (error) {
+            console.warn(
+              `[ActivityPub] lookupObject failed for ${replyTo} (compose):`,
+              error.message,
+            );
           }
         }
       }

package/lib/controllers/interactions-boost.js

@@ -82,8 +82,11 @@ export function boostController(mountPath, plugin) {
             );
           }
         }
-      } catch {
-        // Non-critical — followers still received the boost
+      } catch (error) {
+        console.warn(
+          `[ActivityPub] lookupObject failed for ${url} (boost):`,
+          error.message,
+        );
       }
 
       // Track the interaction

package/lib/controllers/interactions-like.js

@@ -4,7 +4,6 @@
  */
 
 import { validateToken } from "../csrf.js";
-import { getTimelineItem } from "../storage/timeline.js";
 
 /**
  * POST /admin/reader/like — send a Like activity to the post author.
@@ -61,17 +60,22 @@ export function likeController(mountPath, plugin) {
           const author = await remoteObject.getAttributedTo({ documentLoader });
           recipient = Array.isArray(author) ? author[0] : author;
         }
-      } catch {
-        // Network failure — fall through to timeline
+      } catch (error) {
+        console.warn(
+          `[ActivityPub] lookupObject failed for ${url}:`,
+          error.message,
+        );
       }
 
       // Strategy 2: Use author URL from our timeline (already stored)
+      // Note: Timeline items store both uid (canonical AP URL) and url (display URL).
+      // The card passes the display URL, so we search by both fields.
       if (!recipient) {
         const { application } = request.app.locals;
-        const collections = {
-          ap_timeline: application?.collections?.get("ap_timeline"),
-        };
-        const timelineItem = await getTimelineItem(collections, url);
+        const ap_timeline = application?.collections?.get("ap_timeline");
+        const timelineItem = ap_timeline
+          ? await ap_timeline.findOne({ $or: [{ uid: url }, { url }] })
+          : null;
         const authorUrl = timelineItem?.author?.url;
 
         if (authorUrl) {
@@ -210,15 +214,18 @@ export function unlikeController(mountPath, plugin) {
           const author = await remoteObject.getAttributedTo({ documentLoader });
           recipient = Array.isArray(author) ? author[0] : author;
         }
-      } catch {
-        // Network failure
+      } catch (error) {
+        console.warn(
+          `[ActivityPub] lookupObject failed for ${url} (unlike):`,
+          error.message,
+        );
       }
 
       if (!recipient) {
-        const collections = {
-          ap_timeline: application?.collections?.get("ap_timeline"),
-        };
-        const timelineItem = await getTimelineItem(collections, url);
+        const ap_timeline = application?.collections?.get("ap_timeline");
+        const timelineItem = ap_timeline
+          ? await ap_timeline.findOne({ $or: [{ uid: url }, { url }] })
+          : null;
         const authorUrl = timelineItem?.author?.url;
 
         if (authorUrl) {

package/lib/controllers/profile.remote.js

@@ -64,7 +64,7 @@ export function remoteProfileController(mountPath, plugin) {
         actor.preferredUsername?.toString() ||
         actorUrl;
       const actorHandle = actor.preferredUsername?.toString() || "";
-      const summary = sanitizeContent(actor.summary?.toString() || "");
+      const bio = sanitizeContent(actor.summary?.toString() || "");
       let icon = "";
       let image = "";
 
@@ -129,7 +129,7 @@ export function remoteProfileController(mountPath, plugin) {
         actorUrl,
         name,
         actorHandle,
-        summary,
+        bio,
         icon,
         image,
         instanceHost,

package/lib/controllers/reader.js

@@ -107,26 +107,47 @@ export function readerController(mountPath) {
       const unreadCount = await getUnreadNotificationCount(collections);
 
       // Get interaction state for liked/boosted indicators
+      // Interactions are keyed by canonical AP uid (new) or display url (legacy).
+      // Query by both, normalize map keys to uid for template lookup.
       const interactionsCol =
         application?.collections?.get("ap_interactions");
       const interactionMap = {};
 
       if (interactionsCol) {
-        const itemUrls = items
-          .map((item) => item.url || item.originalUrl)
-          .filter(Boolean);
+        const lookupUrls = new Set();
+        const objectUrlToUid = new Map();
 
-        if (itemUrls.length > 0) {
+        for (const item of items) {
+          const uid = item.uid;
+          const displayUrl = item.url || item.originalUrl;
+
+          if (uid) {
+            lookupUrls.add(uid);
+            objectUrlToUid.set(uid, uid);
+          }
+
+          if (displayUrl) {
+            lookupUrls.add(displayUrl);
+            objectUrlToUid.set(displayUrl, uid || displayUrl);
+          }
+        }
+
+        if (lookupUrls.size > 0) {
           const interactions = await interactionsCol
-            .find({ objectUrl: { $in: itemUrls } })
+            .find({ objectUrl: { $in: [...lookupUrls] } })
             .toArray();
 
           for (const interaction of interactions) {
-            if (!interactionMap[interaction.objectUrl]) {
-              interactionMap[interaction.objectUrl] = {};
+            // Normalize to uid so template can look up by itemUid
+            const key =
+              objectUrlToUid.get(interaction.objectUrl) ||
+              interaction.objectUrl;
+
+            if (!interactionMap[key]) {
+              interactionMap[key] = {};
             }
 
-            interactionMap[interaction.objectUrl][interaction.type] = true;
+            interactionMap[key][interaction.type] = true;
           }
         }
       }

package/lib/inbox-listeners.js

@@ -9,6 +9,7 @@ import {
   Accept,
   Add,
   Announce,
+  Article,
   Block,
   Create,
   Delete,
@@ -365,14 +366,8 @@ export function registerInboxListeners(inboxChain, options) {
         actorObj?.preferredUsername?.toString() ||
         actorUrl;
 
-      let inReplyTo = null;
-      if (object instanceof Note && typeof object.getInReplyTo === "function") {
-        try {
-          inReplyTo = (await object.getInReplyTo())?.id?.href ?? null;
-        } catch {
-          /* remote fetch may fail */
-        }
-      }
+      // Use replyTargetId (non-fetching) for the inReplyTo URL
+      const inReplyTo = object.replyTargetId?.href || null;
 
       // Log replies to our posts (existing behavior for conversations)
       const pubUrl = collections._publicationUrl;
@@ -505,7 +500,7 @@ export function registerInboxListeners(inboxChain, options) {
       }
 
       // PATH 1: If object is a Note/Article → Update timeline item content
-      if (object && (object instanceof Note || object.type === "Article")) {
+      if (object && (object instanceof Note || object instanceof Article)) {
         const objectUrl = object.id?.href || "";
         if (objectUrl) {
           try {

package/lib/timeline-store.js

@@ -3,6 +3,7 @@
  * @module timeline-store
  */
 
+import { Article } from "@fedify/fedify";
 import sanitizeHtml from "sanitize-html";
 
 /**
@@ -98,9 +99,9 @@ export async function extractObjectData(object, options = {}) {
   const uid = object.id?.href || "";
   const url = object.url?.href || uid;
 
-  // Determine type
+  // Determine type — use instanceof for Fedify vocab objects
   let type = "note";
-  if (object.type?.toLowerCase() === "article") {
+  if (object instanceof Article) {
     type = "article";
   }
   if (options.boostedBy) {
@@ -179,42 +180,51 @@ export async function extractObjectData(object, options = {}) {
     }
   }
 
-  // Extract tags/categories
+  // Extract tags/categories — Fedify uses async getTags()
   const category = [];
-  if (object.tag) {
-    const tags = Array.isArray(object.tag) ? object.tag : [object.tag];
-    for (const tag of tags) {
-      if (tag.type === "Hashtag" && tag.name) {
-        category.push(tag.name.toString().replace(/^#/, ""));
+  try {
+    if (typeof object.getTags === "function") {
+      const tags = await object.getTags();
+      for (const tag of tags) {
+        if (tag.name) {
+          const tagName = tag.name.toString().replace(/^#/, "");
+          if (tagName) category.push(tagName);
+        }
       }
     }
+  } catch {
+    // Tags extraction failed — non-critical
   }
 
-  // Extract media attachments
+  // Extract media attachments — Fedify uses async getAttachments()
   const photo = [];
   const video = [];
   const audio = [];
 
-  if (object.attachment) {
-    const attachments = Array.isArray(object.attachment) ? object.attachment : [object.attachment];
-    for (const att of attachments) {
-      const mediaUrl = att.url?.href || "";
-      if (!mediaUrl) continue;
+  try {
+    if (typeof object.getAttachments === "function") {
+      const attachments = await object.getAttachments();
+      for (const att of attachments) {
+        const mediaUrl = att.url?.href || "";
+        if (!mediaUrl) continue;
 
-      const mediaType = att.mediaType?.toLowerCase() || "";
+        const mediaType = att.mediaType?.toLowerCase() || "";
 
-      if (mediaType.startsWith("image/")) {
-        photo.push(mediaUrl);
-      } else if (mediaType.startsWith("video/")) {
-        video.push(mediaUrl);
-      } else if (mediaType.startsWith("audio/")) {
-        audio.push(mediaUrl);
+        if (mediaType.startsWith("image/")) {
+          photo.push(mediaUrl);
+        } else if (mediaType.startsWith("video/")) {
+          video.push(mediaUrl);
+        } else if (mediaType.startsWith("audio/")) {
+          audio.push(mediaUrl);
+        }
       }
     }
+  } catch {
+    // Attachment extraction failed — non-critical
   }
 
-  // In-reply-to
-  const inReplyTo = object.inReplyTo?.href || "";
+  // In-reply-to — Fedify uses replyTargetId (non-fetching)
+  const inReplyTo = object.replyTargetId?.href || "";
 
   // Build base timeline item
   const item = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rmdes/indiekit-endpoint-activitypub",
-  "version": "1.1.10",
+  "version": "1.1.12",
   "description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
   "keywords": [
     "indiekit",

package/views/activitypub-remote-profile.njk

@@ -57,8 +57,8 @@
         {% if actorHandle %}
           <div class="ap-profile__handle">@{{ actorHandle }}@{{ instanceHost }}</div>
         {% endif %}
-        {% if summary %}
-          <div class="ap-profile__bio">{{ summary | safe }}</div>
+        {% if bio %}
+          <div class="ap-profile__bio">{{ bio | safe }}</div>
         {% endif %}
       </div>
 

package/views/partials/ap-item-card.njk

@@ -97,11 +97,13 @@
   {% endif %}
 
   {# Interaction buttons — Alpine.js for optimistic updates #}
-  {# Dynamic data moved to data-* attributes to prevent XSS from inline interpolation #}
+  {# Use canonical AP uid for interactions (Fedify lookupObject), display url for links #}
   {% set itemUrl = item.url or item.originalUrl %}
-  {% set isLiked = interactionMap[itemUrl].like if interactionMap[itemUrl] else false %}
-  {% set isBoosted = interactionMap[itemUrl].boost if interactionMap[itemUrl] else false %}
+  {% set itemUid = item.uid or item.url or item.originalUrl %}
+  {% set isLiked = interactionMap[itemUid].like if interactionMap[itemUid] else false %}
+  {% set isBoosted = interactionMap[itemUid].boost if interactionMap[itemUid] else false %}
   <footer class="ap-card__actions"
+    data-item-uid="{{ itemUid }}"
     data-item-url="{{ itemUrl }}"
     data-csrf-token="{{ csrfToken }}"
     data-mount-path="{{ mountPath }}"
@@ -115,7 +117,7 @@
         this.loading = true;
         this.error = '';
         const el = this.$root;
-        const itemUrl = el.dataset.itemUrl;
+        const itemUid = el.dataset.itemUid;
         const csrfToken = el.dataset.csrfToken;
         const basePath = el.dataset.mountPath;
         const prev = { liked: this.liked, boosted: this.boosted };
@@ -130,7 +132,7 @@
               'Content-Type': 'application/json',
               'X-CSRF-Token': csrfToken
             },
-            body: JSON.stringify({ url: itemUrl })
+            body: JSON.stringify({ url: itemUid })
           });
           const data = await res.json();
           if (!data.success) {
@@ -147,7 +149,7 @@
         if (this.error) setTimeout(() => this.error = '', 3000);
       }
     }">
-    <a href="{{ mountPath }}/admin/reader/compose?replyTo={{ itemUrl | urlencode }}"
+    <a href="{{ mountPath }}/admin/reader/compose?replyTo={{ itemUid | urlencode }}"
        class="ap-card__action ap-card__action--reply"
        title="{{ __('activitypub.reader.actions.reply') }}">
       ↩ {{ __("activitypub.reader.actions.reply") }}