npm - @rmdes/indiekit-endpoint-activitypub - Versions diffs - 3.13.2 → 3.13.4 - Mend

@rmdes/indiekit-endpoint-activitypub 3.13.2 → 3.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/index.js +1 -0
package/lib/mastodon/helpers/id-mapping.js +10 -11
package/lib/mastodon/routes/accounts.js +21 -3
package/lib/mastodon/routes/statuses.js +31 -20
package/lib/timeline-cleanup.js +22 -9
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -1119,6 +1119,7 @@ export default class ActivityPubEndpoint {
         federation: this._federation,
         followActor: (url, info) => pluginRef.followActor(url, info),
         unfollowActor: (url) => pluginRef.unfollowActor(url),
+        broadcastActorUpdate: () => pluginRef.broadcastActorUpdate(),
         loadRsaKey: () => pluginRef._loadRsaPrivateKey(),
       },
     });

package/lib/mastodon/helpers/id-mapping.js CHANGED Viewed

@@ -1,15 +1,16 @@
 /**
  * Deterministic ID mapping for Mastodon Client API.
  *
- * Local accounts use MongoDB _id.toString().
- * Remote actors use sha256(actorUrl).slice(0, 24) for stable IDs
- * without requiring a dedicated accounts collection.
+ * All accounts (local and remote) use sha256(actorUrl).slice(0, 24)
+ * for stable, consistent IDs. This ensures verify_credentials and
+ * status serialization produce the same ID for the local user,
+ * even though the profile doc has _id but timeline author objects don't.
  */
 import crypto from "node:crypto";
 /**
- * Generate a deterministic ID for a remote actor URL.
- * @param {string} actorUrl - The remote actor's URL
+ * Generate a deterministic ID for an actor URL.
+ * @param {string} actorUrl - The actor's URL
  * @returns {string} 24-character hex ID
  */
 export function remoteActorId(actorUrl) {
@@ -18,15 +19,13 @@ export function remoteActorId(actorUrl) {
 /**
  * Get the Mastodon API ID for an account.
+ * Uses URL-based hash for all accounts (local and remote) so the ID
+ * is consistent regardless of whether the actor object has a MongoDB _id.
  * @param {object} actor - Actor object (local profile or remote author)
- * @param {boolean} isLocal - Whether this is the local profile
+ * @param {boolean} _isLocal - Unused (kept for API compatibility)
  * @returns {string}
  */
-export function accountId(actor, isLocal = false) {
-  if (isLocal && actor._id) {
-    return actor._id.toString();
-  }
-  // Remote actors: use URL-based deterministic hash
+export function accountId(actor, _isLocal = false) {
   const url = actor.url || actor.actorUrl || "";
   return url ? remoteActorId(url) : "0";
 }

package/lib/mastodon/routes/accounts.js CHANGED Viewed

@@ -306,6 +306,13 @@ router.patch("/api/v1/accounts/update_credentials", tokenRequired, scopeRequired
     if (Object.keys(update).length > 0 && collections.ap_profile) {
       await collections.ap_profile.updateOne({}, { $set: update });
+      // Broadcast Update(Person) to followers so profile changes federate
+      if (pluginOptions.broadcastActorUpdate) {
+        pluginOptions.broadcastActorUpdate().catch((err) =>
+          console.warn(`[Mastodon API] broadcastActorUpdate failed: ${err.message}`),
+        );
+      }
     }
     // Return updated credential account
@@ -313,12 +320,23 @@ router.patch("/api/v1/accounts/update_credentials", tokenRequired, scopeRequired
       ? await collections.ap_profile.findOne({})
       : {};
+    const handle = pluginOptions.handle || "user";
+    let counts = {};
+    try {
+      const [statuses, followers, following] = await Promise.all([
+        collections.ap_timeline.countDocuments({ "author.url": profile.url }),
+        collections.ap_followers.countDocuments({}),
+        collections.ap_following.countDocuments({}),
+      ]);
+      counts = { statuses, followers, following };
+    } catch {
+      counts = { statuses: 0, followers: 0, following: 0 };
+    }
     const { serializeCredentialAccount } = await import(
       "../entities/account.js"
     );
-    res.json(
-      await serializeCredentialAccount(profile, { baseUrl, collections }),
-    );
+    res.json(serializeCredentialAccount(profile, { baseUrl, handle, counts }));
   } catch (error) {
     next(error);
   }

package/lib/mastodon/routes/statuses.js CHANGED Viewed

@@ -466,6 +466,13 @@ router.put("/api/v1/statuses/:id", tokenRequired, scopeRequired("write", "write:
         if (statusText !== undefined) {
           updatePayload.replace.content = [statusText];
         }
+        if (spoilerText !== undefined) {
+          updatePayload.replace["content-warning"] = spoilerText ? [spoilerText] : [];
+          updatePayload.replace.sensitive = [spoilerText ? "true" : "false"];
+        }
+        if (sensitive !== undefined && spoilerText === undefined) {
+          updatePayload.replace.sensitive = [sensitive === true || sensitive === "true" ? "true" : "false"];
+        }
         try {
           await fetch(micropubUrl, {
@@ -604,23 +611,25 @@ router.get("/api/v1/statuses/:id/favourited_by", tokenRequired, scopeRequired("r
     );
     if (!item) return res.status(404).json({ error: "Record not found" });
-    const uid = item.uid || item.url;
-    if (!uid || !collections.ap_interactions) return res.json([]);
+    const targetUrl = item.uid || item.url;
+    if (!targetUrl || !collections.ap_notifications) return res.json([]);
-    const interactions = await collections.ap_interactions
-      .find({ objectUrl: uid, type: "like" })
+    // Incoming likes are stored as notifications by the inbox handler
+    const notifications = await collections.ap_notifications
+      .find({ targetUrl, type: "like" })
       .limit(40)
       .toArray();
     const { serializeAccount } = await import("../entities/account.js");
-    const accounts = interactions
-      .filter((i) => i.actorUrl || i.actorName)
-      .map((i) =>
+    const accounts = notifications
+      .filter((n) => n.actorUrl)
+      .map((n) =>
         serializeAccount(
           {
-            url: i.actorUrl,
-            name: i.actorName || "",
-            handle: i.actorHandle || "",
+            url: n.actorUrl,
+            name: n.actorName || "",
+            handle: n.actorHandle || "",
+            photo: n.actorPhoto || "",
           },
           { baseUrl, isLocal: false },
         ),
@@ -645,23 +654,25 @@ router.get("/api/v1/statuses/:id/reblogged_by", tokenRequired, scopeRequired("re
     );
     if (!item) return res.status(404).json({ error: "Record not found" });
-    const uid = item.uid || item.url;
-    if (!uid || !collections.ap_interactions) return res.json([]);
+    const targetUrl = item.uid || item.url;
+    if (!targetUrl || !collections.ap_notifications) return res.json([]);
-    const interactions = await collections.ap_interactions
-      .find({ objectUrl: uid, type: "boost" })
+    // Incoming boosts are stored as notifications by the inbox handler
+    const notifications = await collections.ap_notifications
+      .find({ targetUrl, type: "boost" })
       .limit(40)
       .toArray();
     const { serializeAccount } = await import("../entities/account.js");
-    const accounts = interactions
-      .filter((i) => i.actorUrl || i.actorName)
-      .map((i) =>
+    const accounts = notifications
+      .filter((n) => n.actorUrl)
+      .map((n) =>
         serializeAccount(
           {
-            url: i.actorUrl,
-            name: i.actorName || "",
-            handle: i.actorHandle || "",
+            url: n.actorUrl,
+            name: n.actorName || "",
+            handle: n.actorHandle || "",
+            photo: n.actorPhoto || "",
           },
           { baseUrl, isLocal: false },
         ),

package/lib/timeline-cleanup.js CHANGED Viewed

@@ -19,19 +19,32 @@ export async function cleanupTimeline(collections, retentionLimit) {
     return { removed: 0, interactionsRemoved: 0 };
   }
-  const totalCount = await collections.ap_timeline.countDocuments();
-  if (totalCount <= retentionLimit) {
+  // Get the local profile URL to exempt own posts from cleanup.
+  // Own posts are your content — they should never be deleted by retention.
+  const profile = collections.ap_profile
+    ? await collections.ap_profile.findOne({})
+    : null;
+  const ownerUrl = profile?.url || null;
+  // Only count remote posts toward retention limit
+  const remoteFilter = ownerUrl
+    ? { "author.url": { $ne: ownerUrl } }
+    : {};
+  const remoteCount = await collections.ap_timeline.countDocuments(remoteFilter);
+  if (remoteCount <= retentionLimit) {
     return { removed: 0, interactionsRemoved: 0 };
   }
-  // Use aggregation to get exact UIDs beyond the retention limit.
-  // This avoids race conditions: we delete by UID, not by date.
+  // Find remote items beyond the retention limit, sorted newest-first.
+  // Own posts are excluded from the aggregation pipeline entirely.
+  const pipeline = [
+    ...(ownerUrl ? [{ $match: { "author.url": { $ne: ownerUrl } } }] : []),
+    { $sort: { published: -1 } },
+    { $skip: retentionLimit },
+    { $project: { uid: 1 } },
+  ];
   const toDelete = await collections.ap_timeline
-    .aggregate([
-      { $sort: { published: -1 } },
-      { $skip: retentionLimit },
-      { $project: { uid: 1 } },
-    ])
+    .aggregate(pipeline)
     .toArray();
   if (!toDelete.length) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rmdes/indiekit-endpoint-activitypub",
-  "version": "3.13.2",
+  "version": "3.13.4",
   "description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
   "keywords": [
     "indiekit",