@rmdes/indiekit-endpoint-activitypub 2.12.1 → 2.14.0

package/assets/reader.css

@@ -3408,3 +3408,28 @@
   }
 }
 
+/* Follow request approve/reject actions */
+.ap-follow-request {
+  margin-block-end: var(--space-m);
+}
+
+.ap-follow-request__actions {
+  display: flex;
+  gap: var(--space-s);
+  margin-block-start: var(--space-xs);
+  padding-inline-start: var(--space-l);
+}
+
+.ap-follow-request__form {
+  display: inline;
+}
+
+.button--danger {
+  background-color: var(--color-red45);
+  color: white;
+}
+
+.button--danger:hover {
+  background-color: var(--color-red35, #c0392b);
+}
+

package/index.js

@@ -2,6 +2,7 @@ import express from "express";
 
 import { setupFederation, buildPersonActor } from "./lib/federation-setup.js";
 import { initRedisCache } from "./lib/redis-cache.js";
+import { lookupWithSecurity } from "./lib/lookup-helpers.js";
 import {
   createFedifyMiddleware,
 } from "./lib/federation-bridge.js";
@@ -35,10 +36,16 @@ import {
   unmuteController,
   blockController,
   unblockController,
+  blockServerController,
+  unblockServerController,
   moderationController,
   filterModeController,
 } from "./lib/controllers/moderation.js";
 import { followersController } from "./lib/controllers/followers.js";
+import {
+  approveFollowController,
+  rejectFollowController,
+} from "./lib/controllers/follow-requests.js";
 import { followingController } from "./lib/controllers/following.js";
 import { activitiesController } from "./lib/controllers/activities.js";
 import {
@@ -98,6 +105,9 @@ import { startBatchRefollow } from "./lib/batch-refollow.js";
 import { logActivity } from "./lib/activity-log.js";
 import { scheduleCleanup } from "./lib/timeline-cleanup.js";
 import { runSeparateMentionsMigration } from "./lib/migrations/separate-mentions.js";
+import { loadBlockedServersToRedis } from "./lib/storage/server-blocks.js";
+import { scheduleKeyRefresh } from "./lib/key-refresh.js";
+import { startInboxProcessor } from "./lib/inbox-queue.js";
 import { deleteFederationController } from "./lib/controllers/federation-delete.js";
 import {
   federationMgmtController,
@@ -303,7 +313,11 @@ export default class ActivityPubEndpoint {
     router.post("/admin/reader/unmute", unmuteController(mp, this));
     router.post("/admin/reader/block", blockController(mp, this));
     router.post("/admin/reader/unblock", unblockController(mp, this));
+    router.post("/admin/reader/block-server", blockServerController(mp));
+    router.post("/admin/reader/unblock-server", unblockServerController(mp));
     router.get("/admin/followers", followersController(mp));
+    router.post("/admin/followers/approve", approveFollowController(mp, this));
+    router.post("/admin/followers/reject", rejectFollowController(mp, this));
     router.get("/admin/following", followingController(mp));
     router.get("/admin/activities", activitiesController(mp));
     router.get("/admin/featured", featuredGetController(mp));
@@ -493,7 +507,7 @@ export default class ActivityPubEndpoint {
           let replyToActor = null;
           if (properties["in-reply-to"]) {
             try {
-              const remoteObject = await ctx.lookupObject(
+              const remoteObject = await lookupWithSecurity(ctx,
                 new URL(properties["in-reply-to"]),
               );
               if (remoteObject && typeof remoteObject.getAttributedTo === "function") {
@@ -525,7 +539,7 @@ export default class ActivityPubEndpoint {
 
           for (const { handle } of mentionHandles) {
             try {
-              const mentionedActor = await ctx.lookupObject(
+              const mentionedActor = await lookupWithSecurity(ctx,
                 new URL(`acct:${handle}`),
               );
               if (mentionedActor?.id) {
@@ -701,7 +715,7 @@ export default class ActivityPubEndpoint {
       const documentLoader = await ctx.getDocumentLoader({
         identifier: handle,
       });
-      const remoteActor = await ctx.lookupObject(actorUrl, {
+      const remoteActor = await lookupWithSecurity(ctx,actorUrl, {
         documentLoader,
       });
       if (!remoteActor) {
@@ -802,7 +816,7 @@ export default class ActivityPubEndpoint {
       const documentLoader = await ctx.getDocumentLoader({
         identifier: handle,
       });
-      const remoteActor = await ctx.lookupObject(actorUrl, {
+      const remoteActor = await lookupWithSecurity(ctx,actorUrl, {
         documentLoader,
       });
       if (!remoteActor) {
@@ -1115,6 +1129,14 @@ export default class ActivityPubEndpoint {
     Indiekit.addCollection("ap_explore_tabs");
     // Reports collection
     Indiekit.addCollection("ap_reports");
+    // Pending follow requests (manual approval)
+    Indiekit.addCollection("ap_pending_follows");
+    // Server-level blocks
+    Indiekit.addCollection("ap_blocked_servers");
+    // Key freshness tracking for proactive refresh
+    Indiekit.addCollection("ap_key_freshness");
+    // Async inbox processing queue
+    Indiekit.addCollection("ap_inbox_queue");
 
     // Store collection references (posts resolved lazily)
     const indiekitCollections = Indiekit.collections;
@@ -1140,6 +1162,14 @@ export default class ActivityPubEndpoint {
       ap_explore_tabs: indiekitCollections.get("ap_explore_tabs"),
       // Reports collection
       ap_reports: indiekitCollections.get("ap_reports"),
+      // Pending follow requests (manual approval)
+      ap_pending_follows: indiekitCollections.get("ap_pending_follows"),
+      // Server-level blocks
+      ap_blocked_servers: indiekitCollections.get("ap_blocked_servers"),
+      // Key freshness tracking
+      ap_key_freshness: indiekitCollections.get("ap_key_freshness"),
+      // Async inbox processing queue
+      ap_inbox_queue: indiekitCollections.get("ap_inbox_queue"),
       get posts() {
         return indiekitCollections.get("posts");
       },
@@ -1331,6 +1361,36 @@ export default class ActivityPubEndpoint {
         { reportedUrls: 1 },
         { background: true },
       );
+      // Pending follow requests — unique on actorUrl
+      this._collections.ap_pending_follows.createIndex(
+        { actorUrl: 1 },
+        { unique: true, background: true },
+      );
+      this._collections.ap_pending_follows.createIndex(
+        { requestedAt: -1 },
+        { background: true },
+      );
+      // Server-level blocks
+      this._collections.ap_blocked_servers.createIndex(
+        { hostname: 1 },
+        { unique: true, background: true },
+      );
+      // Key freshness tracking
+      this._collections.ap_key_freshness.createIndex(
+        { actorUrl: 1 },
+        { unique: true, background: true },
+      );
+
+      // Inbox queue indexes
+      this._collections.ap_inbox_queue.createIndex(
+        { status: 1, receivedAt: 1 },
+        { background: true },
+      );
+      // TTL: auto-prune completed items after 24h
+      this._collections.ap_inbox_queue.createIndex(
+        { processedAt: 1 },
+        { expireAfterSeconds: 86_400, background: true },
+      );
     } catch {
       // Index creation failed — collections not yet available.
       // Indexes already exist from previous startups; non-fatal.
@@ -1375,7 +1435,7 @@ export default class ActivityPubEndpoint {
         const documentLoader = await ctx.getDocumentLoader({
           identifier: handle,
         });
-        const actor = await ctx.lookupObject(new URL(actorUrl), {
+        const actor = await lookupWithSecurity(ctx,new URL(actorUrl), {
           documentLoader,
         });
         if (!actor) return "";
@@ -1426,6 +1486,34 @@ export default class ActivityPubEndpoint {
     if (this.options.timelineRetention > 0) {
       scheduleCleanup(this._collections, this.options.timelineRetention);
     }
+
+    // Load server blocks into Redis for fast inbox checks
+    loadBlockedServersToRedis(this._collections).catch((error) => {
+      console.warn("[ActivityPub] Failed to load blocked servers to Redis:", error.message);
+    });
+
+    // Schedule proactive key refresh for stale follower keys (runs on startup + every 24h)
+    const keyRefreshHandle = this.options.actor.handle;
+    const keyRefreshFederation = this._federation;
+    const keyRefreshPubUrl = this._publicationUrl;
+    scheduleKeyRefresh(
+      this._collections,
+      () => keyRefreshFederation?.createContext(new URL(keyRefreshPubUrl), {
+        handle: keyRefreshHandle,
+        publicationUrl: keyRefreshPubUrl,
+      }),
+      keyRefreshHandle,
+    );
+
+    // Start async inbox queue processor (processes one item every 3s)
+    this._inboxProcessorInterval = startInboxProcessor(
+      this._collections,
+      () => this._federation?.createContext(new URL(this._publicationUrl), {
+        handle: this.options.actor.handle,
+        publicationUrl: this._publicationUrl,
+      }),
+      this.options.actor.handle,
+    );
   }
 
   /**

package/lib/batch-refollow.js

@@ -1,3 +1,5 @@
+import { lookupWithSecurity } from "./lookup-helpers.js";
+
 /**
  * Batch re-follow processor for imported accounts.
  *
@@ -232,7 +234,7 @@ async function processOneFollow(options, entry) {
     const documentLoader = await ctx.getDocumentLoader({
       identifier: handle,
     });
-    const remoteActor = await ctx.lookupObject(entry.actorUrl, {
+    const remoteActor = await lookupWithSecurity(ctx,entry.actorUrl, {
       documentLoader,
     });
     if (!remoteActor) {

package/lib/controllers/compose.js

@@ -4,6 +4,7 @@
 
 import { getToken, validateToken } from "../csrf.js";
 import { sanitizeContent } from "../timeline-store.js";
+import { lookupWithSecurity } from "../lookup-helpers.js";
 
 /**
  * Fetch syndication targets from the Micropub config endpoint.
@@ -79,7 +80,7 @@ export function composeController(mountPath, plugin) {
             const documentLoader = await ctx.getDocumentLoader({
               identifier: handle,
             });
-            const remoteObject = await ctx.lookupObject(new URL(replyTo), {
+            const remoteObject = await lookupWithSecurity(ctx,new URL(replyTo), {
               documentLoader,
             });
 

package/lib/controllers/federation-mgmt.js

@@ -3,8 +3,10 @@
  * the relationship between local content and the fediverse.
  */
 
+import Redis from "ioredis";
 import { getToken, validateToken } from "../csrf.js";
 import { jf2ToActivityStreams } from "../jf2-to-as2.js";
+import { lookupWithSecurity } from "../lookup-helpers.js";
 
 const PAGE_SIZE = 20;
 
@@ -37,10 +39,12 @@ export function federationMgmtController(mountPath, plugin) {
       const { application } = request.app.locals;
       const collections = application?.collections;
 
+      const redisUrl = plugin.options.redisUrl || "";
+
       // Parallel: collection stats + posts + recent activities
       const [collectionStats, postsResult, recentActivities] =
         await Promise.all([
-          getCollectionStats(collections),
+          getCollectionStats(collections, { redisUrl }),
           getPaginatedPosts(collections, request.query.page),
           getRecentActivities(collections),
         ]);
@@ -219,7 +223,7 @@ export function lookupObjectController(mountPath, plugin) {
         identifier: handle,
       });
 
-      const object = await ctx.lookupObject(query, { documentLoader });
+      const object = await lookupWithSecurity(ctx,query, { documentLoader });
 
       if (!object) {
         return response
@@ -239,11 +243,16 @@ export function lookupObjectController(mountPath, plugin) {
 
 // --- Helpers ---
 
-async function getCollectionStats(collections) {
+async function getCollectionStats(collections, { redisUrl = "" } = {}) {
   if (!collections) return [];
 
   const stats = await Promise.all(
     AP_COLLECTIONS.map(async (name) => {
+      // When Redis handles KV, count fedify::* keys from Redis instead
+      if (name === "ap_kv" && redisUrl) {
+        const count = await countRedisKvKeys(redisUrl);
+        return { name: "ap_kv (redis)", count };
+      }
       const col = collections.get(name);
       const count = col ? await col.countDocuments() : 0;
       return { name, count };
@@ -253,6 +262,36 @@ async function getCollectionStats(collections) {
   return stats;
 }
 
+/**
+ * Count Fedify KV keys in Redis (prefix: "fedify::").
+ * Uses SCAN to avoid blocking on large key spaces.
+ */
+async function countRedisKvKeys(redisUrl) {
+  let client;
+  try {
+    client = new Redis(redisUrl, { lazyConnect: true, connectTimeout: 3000 });
+    await client.connect();
+    let count = 0;
+    let cursor = "0";
+    do {
+      const [nextCursor, keys] = await client.scan(
+        cursor,
+        "MATCH",
+        "fedify::*",
+        "COUNT",
+        500,
+      );
+      cursor = nextCursor;
+      count += keys.length;
+    } while (cursor !== "0");
+    return count;
+  } catch {
+    return 0;
+  } finally {
+    client?.disconnect();
+  }
+}
+
 async function getPaginatedPosts(collections, pageParam) {
   const postsCol = collections?.get("posts");
   if (!postsCol) return { posts: [], cursor: null };

package/lib/controllers/follow-requests.js

@@ -0,0 +1,253 @@
+/**
+ * Follow request controllers — approve and reject pending follow requests
+ * when manual follow approval is enabled.
+ */
+
+import { validateToken } from "../csrf.js";
+import { lookupWithSecurity } from "../lookup-helpers.js";
+import { logActivity } from "../activity-log.js";
+import { addNotification } from "../storage/notifications.js";
+import { extractActorInfo } from "../timeline-store.js";
+
+/**
+ * POST /admin/followers/approve — Accept a pending follow request.
+ */
+export function approveFollowController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { actorUrl } = request.body;
+
+      if (!actorUrl) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const { application } = request.app.locals;
+      const pendingCol = application?.collections?.get("ap_pending_follows");
+      const followersCol = application?.collections?.get("ap_followers");
+
+      if (!pendingCol || !followersCol) {
+        return response.status(503).json({
+          success: false,
+          error: "Collections not available",
+        });
+      }
+
+      // Find the pending request
+      const pending = await pendingCol.findOne({ actorUrl });
+      if (!pending) {
+        return response.status(404).json({
+          success: false,
+          error: "No pending follow request from this actor",
+        });
+      }
+
+      // Move to ap_followers
+      await followersCol.updateOne(
+        { actorUrl },
+        {
+          $set: {
+            actorUrl: pending.actorUrl,
+            handle: pending.handle || "",
+            name: pending.name || "",
+            avatar: pending.avatar || "",
+            inbox: pending.inbox || "",
+            sharedInbox: pending.sharedInbox || "",
+            followedAt: new Date().toISOString(),
+          },
+        },
+        { upsert: true },
+      );
+
+      // Remove from pending
+      await pendingCol.deleteOne({ actorUrl });
+
+      // Send Accept(Follow) via federation
+      if (plugin._federation) {
+        try {
+          const { Accept, Follow } = await import("@fedify/fedify/vocab");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const documentLoader = await ctx.getDocumentLoader({
+            identifier: handle,
+          });
+
+          // Resolve the remote actor for delivery
+          const remoteActor = await lookupWithSecurity(ctx, new URL(actorUrl), {
+            documentLoader,
+          });
+
+          if (remoteActor) {
+            // Reconstruct the Follow using stored activity ID
+            const followObj = new Follow({
+              id: pending.followActivityId
+                ? new URL(pending.followActivityId)
+                : undefined,
+              actor: new URL(actorUrl),
+              object: ctx.getActorUri(handle),
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              new Accept({
+                actor: ctx.getActorUri(handle),
+                object: followObj,
+              }),
+              { orderingKey: actorUrl },
+            );
+          }
+
+          const activitiesCol = application?.collections?.get("ap_activities");
+          if (activitiesCol) {
+            await logActivity(activitiesCol, {
+              direction: "outbound",
+              type: "Accept(Follow)",
+              actorUrl: plugin._publicationUrl,
+              objectUrl: actorUrl,
+              actorName: pending.name || actorUrl,
+              summary: `Approved follow request from ${pending.name || actorUrl}`,
+            });
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Accept to ${actorUrl}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(
+        `[ActivityPub] Approved follow request from ${pending.name || actorUrl}`,
+      );
+
+      // Redirect back to followers page
+      return response.redirect(`${mountPath}/admin/followers`);
+    } catch (error) {
+      next(error);
+    }
+  };
+}
+
+/**
+ * POST /admin/followers/reject — Reject a pending follow request.
+ */
+export function rejectFollowController(mountPath, plugin) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { actorUrl } = request.body;
+
+      if (!actorUrl) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing actor URL",
+        });
+      }
+
+      const { application } = request.app.locals;
+      const pendingCol = application?.collections?.get("ap_pending_follows");
+
+      if (!pendingCol) {
+        return response.status(503).json({
+          success: false,
+          error: "Collections not available",
+        });
+      }
+
+      // Find the pending request
+      const pending = await pendingCol.findOne({ actorUrl });
+      if (!pending) {
+        return response.status(404).json({
+          success: false,
+          error: "No pending follow request from this actor",
+        });
+      }
+
+      // Remove from pending
+      await pendingCol.deleteOne({ actorUrl });
+
+      // Send Reject(Follow) via federation
+      if (plugin._federation) {
+        try {
+          const { Reject, Follow } = await import("@fedify/fedify/vocab");
+          const handle = plugin.options.actor.handle;
+          const ctx = plugin._federation.createContext(
+            new URL(plugin._publicationUrl),
+            { handle, publicationUrl: plugin._publicationUrl },
+          );
+
+          const documentLoader = await ctx.getDocumentLoader({
+            identifier: handle,
+          });
+
+          const remoteActor = await lookupWithSecurity(ctx, new URL(actorUrl), {
+            documentLoader,
+          });
+
+          if (remoteActor) {
+            const followObj = new Follow({
+              id: pending.followActivityId
+                ? new URL(pending.followActivityId)
+                : undefined,
+              actor: new URL(actorUrl),
+              object: ctx.getActorUri(handle),
+            });
+
+            await ctx.sendActivity(
+              { identifier: handle },
+              remoteActor,
+              new Reject({
+                actor: ctx.getActorUri(handle),
+                object: followObj,
+              }),
+              { orderingKey: actorUrl },
+            );
+          }
+
+          const activitiesCol = application?.collections?.get("ap_activities");
+          if (activitiesCol) {
+            await logActivity(activitiesCol, {
+              direction: "outbound",
+              type: "Reject(Follow)",
+              actorUrl: plugin._publicationUrl,
+              objectUrl: actorUrl,
+              actorName: pending.name || actorUrl,
+              summary: `Rejected follow request from ${pending.name || actorUrl}`,
+            });
+          }
+        } catch (error) {
+          console.warn(
+            `[ActivityPub] Could not send Reject to ${actorUrl}: ${error.message}`,
+          );
+        }
+      }
+
+      console.info(
+        `[ActivityPub] Rejected follow request from ${pending.name || actorUrl}`,
+      );
+
+      return response.redirect(`${mountPath}/admin/followers`);
+    } catch (error) {
+      next(error);
+    }
+  };
+}

package/lib/controllers/followers.js

@@ -1,6 +1,9 @@
 /**
- * Followers list controller — paginated list of accounts following this actor.
+ * Followers list controller — paginated list of accounts following this actor,
+ * with pending follow requests tab when manual approval is enabled.
  */
+import { getToken } from "../csrf.js";
+
 const PAGE_SIZE = 20;
 
 export function followersController(mountPath) {
@@ -8,6 +11,9 @@ export function followersController(mountPath) {
     try {
       const { application } = request.app.locals;
       const collection = application?.collections?.get("ap_followers");
+      const pendingCol = application?.collections?.get("ap_pending_follows");
+
+      const tab = request.query.tab || "followers";
 
       if (!collection) {
         return response.render("activitypub-followers", {
@@ -15,11 +21,50 @@ export function followersController(mountPath) {
           parent: { href: mountPath, text: response.locals.__("activitypub.title") },
           followers: [],
           followerCount: 0,
+          pendingFollows: [],
+          pendingCount: 0,
+          tab,
           mountPath,
+          csrfToken: getToken(request),
         });
       }
 
       const page = Math.max(1, Number.parseInt(request.query.page, 10) || 1);
+
+      // Count pending follow requests
+      const pendingCount = pendingCol
+        ? await pendingCol.countDocuments()
+        : 0;
+
+      if (tab === "pending") {
+        // Show pending follow requests
+        const totalPages = Math.ceil(pendingCount / PAGE_SIZE);
+        const pendingFollows = pendingCol
+          ? await pendingCol
+              .find()
+              .sort({ requestedAt: -1 })
+              .skip((page - 1) * PAGE_SIZE)
+              .limit(PAGE_SIZE)
+              .toArray()
+          : [];
+
+        const cursor = buildCursor(page, totalPages, mountPath + "/admin/followers?tab=pending");
+
+        return response.render("activitypub-followers", {
+          title: response.locals.__("activitypub.followers"),
+          parent: { href: mountPath, text: response.locals.__("activitypub.title") },
+          followers: [],
+          followerCount: await collection.countDocuments(),
+          pendingFollows,
+          pendingCount,
+          tab,
+          mountPath,
+          cursor,
+          csrfToken: getToken(request),
+        });
+      }
+
+      // Show accepted followers (default)
       const totalCount = await collection.countDocuments();
       const totalPages = Math.ceil(totalCount / PAGE_SIZE);
 
@@ -37,8 +82,12 @@ export function followersController(mountPath) {
         parent: { href: mountPath, text: response.locals.__("activitypub.title") },
         followers,
         followerCount: totalCount,
+        pendingFollows: [],
+        pendingCount,
+        tab,
         mountPath,
         cursor,
+        csrfToken: getToken(request),
       });
     } catch (error) {
       next(error);
@@ -49,12 +98,14 @@ export function followersController(mountPath) {
 function buildCursor(page, totalPages, basePath) {
   if (totalPages <= 1) return null;
 
+  const separator = basePath.includes("?") ? "&" : "?";
+
   return {
     previous: page > 1
-      ? { href: `${basePath}?page=${page - 1}` }
+      ? { href: `${basePath}${separator}page=${page - 1}` }
       : undefined,
     next: page < totalPages
-      ? { href: `${basePath}?page=${page + 1}` }
+      ? { href: `${basePath}${separator}page=${page + 1}` }
       : undefined,
   };
 }