-
Notifications
You must be signed in to change notification settings - Fork 107
ActivityPub Integration
Nathan Byrd edited this page Jan 2, 2023
·
30 revisions
Discussion and design of ActivityPub / Mastodon with ENiGMA½.
- Act as both a server and a client
- On behalf of users
- As the BBS itself (bot)
- Feed views
- Local
- Federated
- Following
- Inbox
- Direct replies also land in user's inbox
- User can again reply, or directly post to ActivityPub addresses
- Similar to EchoMail
- Message Areas
- Ability to map a message area to a ActivityPub 'group'
- Read and reply in message base
- Similar to EchoMail
- Bridged message areas, such as FTN (non-Mastodon node) <-> Local (Mastodon) <-> Fediverse
First class Mastodon support
- Add additional info/debug/warn/error logging to web.js to help track down issues and to (long term) help identify abuse by logging IP, maybe correlation id, etc etc.
- Looks like Mastodon is adding some Group functionality that might make my suggested workaround for message areas unnecessary (depends on timing, I see anything about when it will be released though it does look like it is funded work): https://github.com/mastodon/mastodon/pull/19059
- In order to interoperate with Mastodon, we need to implement HTTP Signatures. More info at: https://docs.joinmastodon.org/spec/security/
- Implementation in activitypub-express
- Based on node-http-signature - probably a good idea for us to use as well
- Private / Public keypairs are generated with the Node.JS crypto library.
- Notes on approach:
- Need to create a new public / private keypair and store in the db on account creation (or one-time during migration)
- As subscribe requests occur or lookups to other servers, the Actor object needs to be stored into the database
- On outbound requests from the the BBS that involve an actor, the private key is used to sign the requests
- On incoming requests that involve a remote actor, the public key stored for the actor is used to verify the signature
- With increased usage of HTTP with ActivityPub/Mastodon support, we should look at additional security testing as well. See: Free for Open-Source App Security Tools for some tools that are free for Open Source projects.
- Should we create a more generalized ActivityPub support/module/classes that Mastodon then extends?
- Is the web part of this big enough that we should look into using something like express.js and a module like activitypub-express instead of rolling our own implementation
core/
servers/
content/
web.js
web_handlers/
webfinger.js
mastodon.js
-
webfinger.js
- Handles standard WebFinger requests via
acct:
- Handles standard profile request associated with WebFinger
- Includes additional
rel
and aliases if an ActivityPub system is also enabled, such as Mastodon- It would be nice if these could be 'injected' by
mastdon.js
- It would be nice if these could be 'injected' by
- Handles standard WebFinger requests via
-
mastodon.js
- An ActivityPub implementation with Mastodon extensions
- ActivityPub
- https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
- https://www.justingarrison.com/blog/2022-12-06-mastodon-files-instance/
- https://github.com/jakelazaroff/dumbo
- https://macwright.com/2022/12/09/activitypub.html
- https://github.com/jwilk/zygolophodon
- https://github.com/dariusk/express-activitypub
- https://www.npmjs.com/package/activitypub-express / https://github.com/immers-space/activitypub-express
- Build our own (maybe using https://github.com/jakelazaroff/dumbo as a guide)
- Advantages
- No rework required, extending what we already have
- Can build it up a little at a time
- Disadvantages
- We are totally on the hook for interoperability
- Maybe more work overall when some of it has already been done for us
- Advantages
- Use existing activitypub-express module - https://github.com/immers-space/activitypub-express
- Advantages
- Very complete
- Popular
- Interchangeable storage (that we would have to swap out)
- Active (last update Nov 11)
- Disadvantages
- The completeness might lead to additional time to understand the full codebase
- Although storage is interchangeable, it is centered around ActivityPub, decent amount of work there to interface
- Advantages