@rmdes/indiekit-endpoint-activitypub 2.13.0 → 2.15.0

package/index.js

@@ -36,6 +36,8 @@ import {
   unmuteController,
   blockController,
   unblockController,
+  blockServerController,
+  unblockServerController,
   moderationController,
   filterModeController,
 } from "./lib/controllers/moderation.js";
@@ -103,6 +105,9 @@ import { startBatchRefollow } from "./lib/batch-refollow.js";
 import { logActivity } from "./lib/activity-log.js";
 import { scheduleCleanup } from "./lib/timeline-cleanup.js";
 import { runSeparateMentionsMigration } from "./lib/migrations/separate-mentions.js";
+import { loadBlockedServersToRedis } from "./lib/storage/server-blocks.js";
+import { scheduleKeyRefresh } from "./lib/key-refresh.js";
+import { startInboxProcessor } from "./lib/inbox-queue.js";
 import { deleteFederationController } from "./lib/controllers/federation-delete.js";
 import {
   federationMgmtController,
@@ -308,6 +313,8 @@ export default class ActivityPubEndpoint {
     router.post("/admin/reader/unmute", unmuteController(mp, this));
     router.post("/admin/reader/block", blockController(mp, this));
     router.post("/admin/reader/unblock", unblockController(mp, this));
+    router.post("/admin/reader/block-server", blockServerController(mp));
+    router.post("/admin/reader/unblock-server", unblockServerController(mp));
     router.get("/admin/followers", followersController(mp));
     router.post("/admin/followers/approve", approveFollowController(mp, this));
     router.post("/admin/followers/reject", rejectFollowController(mp, this));
@@ -1124,6 +1131,12 @@ export default class ActivityPubEndpoint {
     Indiekit.addCollection("ap_reports");
     // Pending follow requests (manual approval)
     Indiekit.addCollection("ap_pending_follows");
+    // Server-level blocks
+    Indiekit.addCollection("ap_blocked_servers");
+    // Key freshness tracking for proactive refresh
+    Indiekit.addCollection("ap_key_freshness");
+    // Async inbox processing queue
+    Indiekit.addCollection("ap_inbox_queue");
 
     // Store collection references (posts resolved lazily)
     const indiekitCollections = Indiekit.collections;
@@ -1151,6 +1164,12 @@ export default class ActivityPubEndpoint {
       ap_reports: indiekitCollections.get("ap_reports"),
       // Pending follow requests (manual approval)
       ap_pending_follows: indiekitCollections.get("ap_pending_follows"),
+      // Server-level blocks
+      ap_blocked_servers: indiekitCollections.get("ap_blocked_servers"),
+      // Key freshness tracking
+      ap_key_freshness: indiekitCollections.get("ap_key_freshness"),
+      // Async inbox processing queue
+      ap_inbox_queue: indiekitCollections.get("ap_inbox_queue"),
       get posts() {
         return indiekitCollections.get("posts");
       },
@@ -1351,6 +1370,27 @@ export default class ActivityPubEndpoint {
         { requestedAt: -1 },
         { background: true },
       );
+      // Server-level blocks
+      this._collections.ap_blocked_servers.createIndex(
+        { hostname: 1 },
+        { unique: true, background: true },
+      );
+      // Key freshness tracking
+      this._collections.ap_key_freshness.createIndex(
+        { actorUrl: 1 },
+        { unique: true, background: true },
+      );
+
+      // Inbox queue indexes
+      this._collections.ap_inbox_queue.createIndex(
+        { status: 1, receivedAt: 1 },
+        { background: true },
+      );
+      // TTL: auto-prune completed items after 24h
+      this._collections.ap_inbox_queue.createIndex(
+        { processedAt: 1 },
+        { expireAfterSeconds: 86_400, background: true },
+      );
     } catch {
       // Index creation failed — collections not yet available.
       // Indexes already exist from previous startups; non-fatal.
@@ -1446,6 +1486,34 @@ export default class ActivityPubEndpoint {
     if (this.options.timelineRetention > 0) {
       scheduleCleanup(this._collections, this.options.timelineRetention);
     }
+
+    // Load server blocks into Redis for fast inbox checks
+    loadBlockedServersToRedis(this._collections).catch((error) => {
+      console.warn("[ActivityPub] Failed to load blocked servers to Redis:", error.message);
+    });
+
+    // Schedule proactive key refresh for stale follower keys (runs on startup + every 24h)
+    const keyRefreshHandle = this.options.actor.handle;
+    const keyRefreshFederation = this._federation;
+    const keyRefreshPubUrl = this._publicationUrl;
+    scheduleKeyRefresh(
+      this._collections,
+      () => keyRefreshFederation?.createContext(new URL(keyRefreshPubUrl), {
+        handle: keyRefreshHandle,
+        publicationUrl: keyRefreshPubUrl,
+      }),
+      keyRefreshHandle,
+    );
+
+    // Start async inbox queue processor (processes one item every 3s)
+    this._inboxProcessorInterval = startInboxProcessor(
+      this._collections,
+      () => this._federation?.createContext(new URL(this._publicationUrl), {
+        handle: this.options.actor.handle,
+        publicationUrl: this._publicationUrl,
+      }),
+      this.options.actor.handle,
+    );
   }
 
   /**

package/lib/controllers/moderation.js

@@ -14,6 +14,11 @@ import {
   getFilterMode,
   setFilterMode,
 } from "../storage/moderation.js";
+import {
+  addBlockedServer,
+  removeBlockedServer,
+  getAllBlockedServers,
+} from "../storage/server-blocks.js";
 
 /**
  * Helper to get moderation collections from request.
@@ -23,6 +28,7 @@ function getModerationCollections(request) {
   return {
     ap_muted: application?.collections?.get("ap_muted"),
     ap_blocked: application?.collections?.get("ap_blocked"),
+    ap_blocked_servers: application?.collections?.get("ap_blocked_servers"),
     ap_timeline: application?.collections?.get("ap_timeline"),
     ap_profile: application?.collections?.get("ap_profile"),
   };
@@ -282,6 +288,77 @@ export function unblockController(mountPath, plugin) {
   };
 }
 
+/**
+ * POST /admin/reader/block-server — Block a server by hostname.
+ */
+export function blockServerController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { hostname, reason } = request.body;
+      if (!hostname) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing hostname",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await addBlockedServer(collections, hostname, reason);
+
+      console.info(`[ActivityPub] Blocked server: ${hostname}`);
+      return response.json({ success: true, type: "block-server", hostname });
+    } catch (error) {
+      console.error("[ActivityPub] Block server failed:", error.message);
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
+/**
+ * POST /admin/reader/unblock-server — Unblock a server.
+ */
+export function unblockServerController(mountPath) {
+  return async (request, response, next) => {
+    try {
+      if (!validateToken(request)) {
+        return response.status(403).json({
+          success: false,
+          error: "Invalid CSRF token",
+        });
+      }
+
+      const { hostname } = request.body;
+      if (!hostname) {
+        return response.status(400).json({
+          success: false,
+          error: "Missing hostname",
+        });
+      }
+
+      const collections = getModerationCollections(request);
+      await removeBlockedServer(collections, hostname);
+
+      console.info(`[ActivityPub] Unblocked server: ${hostname}`);
+      return response.json({ success: true, type: "unblock-server", hostname });
+    } catch (error) {
+      return response.status(500).json({
+        success: false,
+        error: "Operation failed. Please try again later.",
+      });
+    }
+  };
+}
+
 /**
  * GET /admin/reader/moderation — View muted/blocked lists.
  */
@@ -291,9 +368,10 @@ export function moderationController(mountPath) {
       const collections = getModerationCollections(request);
       const csrfToken = getToken(request.session);
 
-      const [muted, blocked, filterMode] = await Promise.all([
+      const [muted, blocked, blockedServers, filterMode] = await Promise.all([
         getAllMuted(collections),
         getAllBlocked(collections),
+        getAllBlockedServers(collections),
         getFilterMode(collections),
       ]);
 
@@ -305,6 +383,7 @@ export function moderationController(mountPath) {
         readerParent: { href: `${mountPath}/admin/reader`, text: response.locals.__("activitypub.reader.title") },
         muted,
         blocked,
+        blockedServers,
         mutedActors,
         mutedKeywords,
         filterMode,

package/lib/federation-setup.js

@@ -40,6 +40,10 @@ import Redis from "ioredis";
 import { MongoKvStore } from "./kv-store.js";
 import { registerInboxListeners } from "./inbox-listeners.js";
 import { jf2ToAS2Activity, resolvePostUrl } from "./jf2-to-as2.js";
+import { cachedQuery } from "./redis-cache.js";
+import { onOutboxPermanentFailure } from "./outbox-failure.js";
+
+const COLLECTION_CACHE_TTL = 300; // 5 minutes
 
 /**
  * Create and configure a Fedify Federation instance.
@@ -339,25 +343,15 @@ export function setupFederation(options) {
   });
 
   // Handle permanent delivery failures (Fedify 2.0).
-  // Fires when a remote inbox returns 404/410 — the server is gone.
-  // Log it and let the admin see which followers are unreachable.
+  // Fires when a remote inbox returns 404/410.
+  // 410: immediate full cleanup. 404: strike system (3 strikes over 7 days).
   federation.setOutboxPermanentFailureHandler(async (_ctx, values) => {
-    const { inbox, error, actorIds } = values;
-    const inboxUrl = inbox?.href || String(inbox);
-    const actors = actorIds?.map((id) => id?.href || String(id)) || [];
-    console.warn(
-      `[ActivityPub] Permanent delivery failure to ${inboxUrl}: ${error?.message || "unknown"}` +
-        (actors.length ? ` (actors: ${actors.join(", ")})` : ""),
+    await onOutboxPermanentFailure(
+      values.statusCode,
+      values.actorIds,
+      values.inbox,
+      collections,
     );
-    collections.ap_activities.insertOne({
-      direction: "outbound",
-      type: "DeliveryFailed",
-      actorUrl: publicationUrl,
-      objectUrl: inboxUrl,
-      summary: `Permanent delivery failure to ${inboxUrl}: ${error?.message || "unknown"}`,
-      affectedActors: actors,
-      receivedAt: new Date().toISOString(),
-    }).catch(() => {});
   });
 
   // Wrap with debug dashboard if enabled. The debugger proxies the
@@ -404,10 +398,12 @@ function setupFollowers(federation, mountPath, handle, collections) {
         // as Recipient objects so sendActivity("followers") can deliver.
         // See: https://fedify.dev/manual/collections#one-shot-followers-collection-for-gathering-recipients
         if (cursor == null) {
-          const docs = await collections.ap_followers
-            .find()
-            .sort({ followedAt: -1 })
-            .toArray();
+          const docs = await cachedQuery("col:followers:recipients", COLLECTION_CACHE_TTL, async () => {
+            return await collections.ap_followers
+              .find()
+              .sort({ followedAt: -1 })
+              .toArray();
+          });
           return {
             items: docs.map((f) => ({
               id: new URL(f.actorUrl),
@@ -422,13 +418,16 @@ function setupFollowers(federation, mountPath, handle, collections) {
         // Paginated collection: for remote browsing of /followers endpoint
         const pageSize = 20;
         const skip = Number.parseInt(cursor, 10);
-        const docs = await collections.ap_followers
-          .find()
-          .sort({ followedAt: -1 })
-          .skip(skip)
-          .limit(pageSize)
-          .toArray();
-        const total = await collections.ap_followers.countDocuments();
+        const [docs, total] = await cachedQuery(`col:followers:page:${cursor}`, COLLECTION_CACHE_TTL, async () => {
+          const d = await collections.ap_followers
+            .find()
+            .sort({ followedAt: -1 })
+            .skip(skip)
+            .limit(pageSize)
+            .toArray();
+          const t = await collections.ap_followers.countDocuments();
+          return [d, t];
+        });
 
         return {
           items: docs.map((f) => new URL(f.actorUrl)),
@@ -439,7 +438,9 @@ function setupFollowers(federation, mountPath, handle, collections) {
     )
     .setCounter(async (ctx, identifier) => {
       if (identifier !== handle) return 0;
-      return await collections.ap_followers.countDocuments();
+      return await cachedQuery("col:followers:count", COLLECTION_CACHE_TTL, async () => {
+        return await collections.ap_followers.countDocuments();
+      });
     })
     .setFirstCursor(async () => "0");
 }
@@ -452,13 +453,16 @@ function setupFollowing(federation, mountPath, handle, collections) {
         if (identifier !== handle) return null;
         const pageSize = 20;
         const skip = cursor ? Number.parseInt(cursor, 10) : 0;
-        const docs = await collections.ap_following
-          .find()
-          .sort({ followedAt: -1 })
-          .skip(skip)
-          .limit(pageSize)
-          .toArray();
-        const total = await collections.ap_following.countDocuments();
+        const [docs, total] = await cachedQuery(`col:following:page:${cursor}`, COLLECTION_CACHE_TTL, async () => {
+          const d = await collections.ap_following
+            .find()
+            .sort({ followedAt: -1 })
+            .skip(skip)
+            .limit(pageSize)
+            .toArray();
+          const t = await collections.ap_following.countDocuments();
+          return [d, t];
+        });
 
         return {
           items: docs.map((f) => new URL(f.actorUrl)),
@@ -469,7 +473,9 @@ function setupFollowing(federation, mountPath, handle, collections) {
     )
     .setCounter(async (ctx, identifier) => {
       if (identifier !== handle) return 0;
-      return await collections.ap_following.countDocuments();
+      return await cachedQuery("col:following:count", COLLECTION_CACHE_TTL, async () => {
+        return await collections.ap_following.countDocuments();
+      });
     })
     .setFirstCursor(async () => "0");
 }
@@ -485,13 +491,16 @@ function setupLiked(federation, mountPath, handle, collections) {
         const pageSize = 20;
         const skip = cursor ? Number.parseInt(cursor, 10) : 0;
         const query = { "properties.post-type": "like" };
-        const docs = await collections.posts
-          .find(query)
-          .sort({ "properties.published": -1 })
-          .skip(skip)
-          .limit(pageSize)
-          .toArray();
-        const total = await collections.posts.countDocuments(query);
+        const [docs, total] = await cachedQuery(`col:liked:page:${cursor}`, COLLECTION_CACHE_TTL, async () => {
+          const d = await collections.posts
+            .find(query)
+            .sort({ "properties.published": -1 })
+            .skip(skip)
+            .limit(pageSize)
+            .toArray();
+          const t = await collections.posts.countDocuments(query);
+          return [d, t];
+        });
 
         const items = docs
           .map((d) => {
@@ -510,8 +519,10 @@ function setupLiked(federation, mountPath, handle, collections) {
     .setCounter(async (ctx, identifier) => {
       if (identifier !== handle) return 0;
       if (!collections.posts) return 0;
-      return await collections.posts.countDocuments({
-        "properties.post-type": "like",
+      return await cachedQuery("col:liked:count", COLLECTION_CACHE_TTL, async () => {
+        return await collections.posts.countDocuments({
+          "properties.post-type": "like",
+        });
       });
     })
     .setFirstCursor(async () => "0");