giersig.eu/indiekit-server
1
0
Fork 0
Code Issues Actions Packages Projects Releases Activity

chore(patches): remove 10 obsolete AP patches now baked into fork

Browse Source 
All of the following are now native in svemagie/indiekit-endpoint-activitypub:
- patch-ap-url-lookup-api (AP URL lookup endpoint)
- patch-ap-allow-private-address (allowPrivateAddress in federation-setup)
- patch-ap-like-note-dispatcher (fake-Note revert)
- patch-ap-like-activity-id (canonical Like activity id URI)
- patch-ap-like-activity-dispatcher (Like setObjectDispatcher)
- patch-ap-url-lookup-api-like (likeOf URL in /api/ap-url)
- patch-ap-remove-federation-diag (inbox diagnostic log removed)
- patch-ap-og-image (orphan, not in package.json)
- patch-ap-normalize-nested-tags (orphan, no-op)
- patch-ap-object-url-trailing-slash (orphan, no-op)

patch-ap-skip-draft-syndication kept — draft guard in syndicate() not yet in fork.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sven
2026-03-22 20:21:26 +01:00
parent 81abaee160
commit 18a946c9ea
11 changed files with 2 additions and 1165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
scripts/patch-ap-allow-private-address.mjs
View File

@@ -1,153 +0,0 @@
/**
* Patch: allow Fedify to fetch URLs that resolve to private IP addresses.
*
* Root cause:
* blog.giersig.eu resolves to 10.100.0.10 (a private RFC-1918 address)
* from within the home network where the indiekit server runs. When a
* remote Fediverse server sends an activity (Like, Announce, etc.) whose
* object URL points to blog.giersig.eu, Fedify tries to dereference that
* URL to validate the object. Its built-in SSRF guard calls
* validatePublicUrl(), sees the resolved IP is private, and throws:
*
* Disallowed private URL: 'https://blog.giersig.eu/likes/ed6d1/'
* Invalid or private address: 10.100.0.10
*
* This causes WebFinger lookups and lookupObject() calls for own-site URLs
* to fail, producing ERR-level noise in the log and breaking thread loading
* in the ActivityPub reader for local posts.
*
* Fix:
* Pass allowPrivateAddress: true to createFederation. This disables the
* SSRF IP check so Fedify can dereference own-site URLs. The network-level
* solution (split-horizon DNS returning the public IP inside the LAN) is
* cleaner but requires router/DNS changes outside the codebase.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
];
const MARKER = "// allow private address fix";
const patchSpecs = [
// Case 1: v2.15+ — signatureTimeWindow present, upstream comment style (no marker suffix)
{
name: "upstream-v2.15-with-signature-time-window",
oldSnippet: ` const federation = createFederation({
kv,
queue,
// Accept signatures up to 12 h old.
// Mastodon retries failed deliveries with the original signature, which
// can be hours old by the time the delivery succeeds.
signatureTimeWindow: { hours: 12 },
});`,
newSnippet: ` const federation = createFederation({
kv,
queue,
// Accept signatures up to 12 h old.
// Mastodon retries failed deliveries with the original signature, which
// can be hours old by the time the delivery succeeds.
signatureTimeWindow: { hours: 12 },
// Allow fetching own-site URLs that resolve to private IPs. // allow private address fix
// blog.giersig.eu resolves to 10.100.0.10 on the home LAN. Without this,
// Fedify's SSRF guard blocks lookupObject() / WebFinger for own posts.
allowPrivateAddress: true,
});`,
},
// Case 2: signatureTimeWindow present with old marker comment style
{
name: "with-signature-time-window-marker",
oldSnippet: ` const federation = createFederation({
kv,
queue,
// Accept signatures up to 12 h old. // signature time window fix
// Mastodon retries failed deliveries with the original signature, which
// can be hours old by the time the delivery succeeds.
signatureTimeWindow: { hours: 12 },
});`,
newSnippet: ` const federation = createFederation({
kv,
queue,
// Accept signatures up to 12 h old. // signature time window fix
// Mastodon retries failed deliveries with the original signature, which
// can be hours old by the time the delivery succeeds.
signatureTimeWindow: { hours: 12 },
// Allow fetching own-site URLs that resolve to private IPs. // allow private address fix
// blog.giersig.eu resolves to 10.100.0.10 on the home LAN. Without this,
// Fedify's SSRF guard blocks lookupObject() / WebFinger for own posts.
allowPrivateAddress: true,
});`,
},
// Case 3: fresh install without signatureTimeWindow — add both
{
name: "fresh-without-signature-time-window",
oldSnippet: ` const federation = createFederation({
kv,
queue,
});`,
newSnippet: ` const federation = createFederation({
kv,
queue,
// Accept signatures up to 12 h old. // signature time window fix
// Mastodon retries failed deliveries with the original signature, which
// can be hours old by the time the delivery succeeds.
signatureTimeWindow: { hours: 12 },
// Allow fetching own-site URLs that resolve to private IPs. // allow private address fix
// blog.giersig.eu resolves to 10.100.0.10 on the home LAN. Without this,
// Fedify's SSRF guard blocks lookupObject() / WebFinger for own posts.
allowPrivateAddress: true,
});`,
},
];
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER) || source.includes("allowPrivateAddress")) {
continue;
}
let applied = false;
for (const spec of patchSpecs) {
if (!source.includes(spec.oldSnippet)) continue;
const updated = source.replace(spec.oldSnippet, spec.newSnippet);
if (updated === source) continue;
await writeFile(filePath, updated, "utf8");
patched += 1;
applied = true;
console.log(`[postinstall] Applied patch-ap-allow-private-address (${spec.name}) to ${filePath}`);
break;
}
if (!applied) {
console.log(`[postinstall] patch-ap-allow-private-address: no matching snippet in ${filePath} — skipping`);
}
}
if (checked === 0) {
console.log("[postinstall] patch-ap-allow-private-address: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-allow-private-address: already up to date");
} else {
console.log(`[postinstall] patch-ap-allow-private-address: patched ${patched}/${checked} file(s)`);
}

113
scripts/patch-ap-like-activity-dispatcher.mjs
View File

@@ -1,113 +0,0 @@
/**
* Patch: register a Fedify Like activity dispatcher in federation-setup.js.
*
* Per ActivityPub §3.1, objects with an `id` MUST be dereferenceable at that
* URI. The Like activities produced by jf2ToAS2Activity (after patch-ap-like-
* activity-id.mjs adds an id) need a corresponding Fedify object dispatcher so
* that fetching /activitypub/activities/like/{id} returns the Like activity.
*
* Fix:
* Add federation.setObjectDispatcher(Like, ...) after the Article dispatcher
* in setupObjectDispatchers(). The handler looks up the post, calls
* jf2ToAS2Activity, and returns the Like if that's what was produced.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
];
const MARKER = "// ap-like-activity-dispatcher patch";
const OLD_SNIPPET = ` // Article dispatcher
federation.setObjectDispatcher(
Article,
\`\${mountPath}/objects/article/{+id}\`,
async (ctx, { id }) => {
const obj = await resolvePost(ctx, id);
return obj instanceof Article ? obj : null;
},
);
}`;
const NEW_SNIPPET = ` // Article dispatcher
federation.setObjectDispatcher(
Article,
\`\${mountPath}/objects/article/{+id}\`,
async (ctx, { id }) => {
const obj = await resolvePost(ctx, id);
return obj instanceof Article ? obj : null;
},
);
// Like activity dispatcher — makes AP-like activities dereferenceable (AP §3.1)
// ap-like-activity-dispatcher patch
federation.setObjectDispatcher(
Like,
\`\${mountPath}/activities/like/{+id}\`,
async (ctx, { id }) => {
if (!collections.posts || !publicationUrl) return null;
const postUrl = \`\${publicationUrl.replace(/\\/$/, "")}/\${id}\`;
const post = await collections.posts.findOne({
"properties.url": { $in: [postUrl, postUrl + "/"] },
});
if (!post) return null;
if (post?.properties?.["post-status"] === "draft") return null;
if (post?.properties?.visibility === "unlisted") return null;
if (post.properties?.deleted) return null;
const actorUrl = ctx.getActorUri(handle).href;
const activity = await jf2ToAS2Activity(post.properties, actorUrl, publicationUrl);
return activity instanceof Like ? activity : null;
},
);
}`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue; // already patched
}
if (!source.includes(OLD_SNIPPET)) {
console.log(`[postinstall] patch-ap-like-activity-dispatcher: snippet not found in ${filePath}`);
continue;
}
// Ensure Like is imported from @fedify/fedify/vocab (may be absent on fresh installs)
if (!source.includes(" Like,")) {
source = source.replace(" Note,", " Like,\n Note,");
}
source = source.replace(OLD_SNIPPET, NEW_SNIPPET);
await writeFile(filePath, source, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-like-activity-dispatcher to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-like-activity-dispatcher: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-like-activity-dispatcher: already up to date");
} else {
console.log(`[postinstall] patch-ap-like-activity-dispatcher: patched ${patched}/${checked} file(s)`);
}

91
scripts/patch-ap-like-activity-id.mjs
View File

@@ -1,91 +0,0 @@
/**
* Patch: add a canonical `id` to the Like activity produced by jf2ToAS2Activity.
*
* Per ActivityPub §6.2.1, activities sent from a server SHOULD have an `id`
* URI so that remote servers can dereference them. The current Like activity
* has no `id`, which means it cannot be looked up by its URL.
*
* Fix:
* In jf2-to-as2.js, derive the mount path from the actor URL and construct
* a canonical id at /activitypub/activities/like/{post-path}.
*
* This enables:
* - The Like activity dispatcher (patch-ap-like-activity-dispatcher.mjs) to
* serve the Like at its canonical URL.
* - Remote servers to dereference the Like activity by its id.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
];
const MARKER = "// ap-like-activity-id patch";
const OLD_SNIPPET = ` return new Like({
actor: actorUri,
object: new URL(likeOfUrl),
to: new URL("https://www.w3.org/ns/activitystreams#Public"),
});`;
const NEW_SNIPPET = ` // ap-like-activity-id patch
// Derive mount path from actor URL (e.g. "/activitypub") so we can
// construct the canonical id without needing mountPath in options.
const actorPath = new URL(actorUrl).pathname; // e.g. "/activitypub/users/sven"
const mp = actorPath.replace(/\\/users\\/[^/]+$/, ""); // → "/activitypub"
const postRelPath = (properties.url || "")
.replace(publicationUrl.replace(/\\/$/, ""), "")
.replace(/^\\//, "")
.replace(/\\/$/, ""); // e.g. "likes/9acc3"
const likeActivityId = \`\${publicationUrl.replace(/\\/$/, "")}\${mp}/activities/like/\${postRelPath}\`;
return new Like({
id: new URL(likeActivityId),
actor: actorUri,
object: new URL(likeOfUrl),
to: new URL("https://www.w3.org/ns/activitystreams#Public"),
});`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue; // already patched
}
if (!source.includes(OLD_SNIPPET)) {
console.log(`[postinstall] patch-ap-like-activity-id: snippet not found in ${filePath}`);
continue;
}
source = source.replace(OLD_SNIPPET, NEW_SNIPPET);
await writeFile(filePath, source, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-like-activity-id to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-like-activity-id: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-like-activity-id: already up to date");
} else {
console.log(`[postinstall] patch-ap-like-activity-id: patched ${patched}/${checked} file(s)`);
}

87
scripts/patch-ap-like-note-dispatcher.mjs
View File

@@ -1,87 +0,0 @@
/**
* Patch: REVERT the wrong ap-like-note-dispatcher change in federation-setup.js.
*
* The previous version of this script served AP-likes as fake Notes at the
* Note dispatcher URL, which violated ActivityPub semantics (Like activities
* should not be served as Notes).
*
* This rewritten version removes that fake-Note block and restores the original
* resolvePost() logic. The correct AP-compliant fixes are handled by:
* - patch-ap-like-activity-id.mjs (adds id to Like activity)
* - patch-ap-like-activity-dispatcher.mjs (registers Like object dispatcher)
* - patch-ap-url-lookup-api-like.mjs (returns likeOf URL for AP-likes in widget)
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
];
// Marker from the old wrong patch — if this is present, we need to revert
const WRONG_PATCH_MARKER = "// ap-like-note-dispatcher patch";
// Clean up the Like import comment added by the old patch
const OLD_IMPORT = ` Like, // Like import for ap-like-note-dispatcher patch`;
const NEW_IMPORT = ` Like,`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (!source.includes(WRONG_PATCH_MARKER)) {
// Already reverted (or never applied)
continue;
}
let modified = false;
// 1. Clean up Like import comment
if (source.includes(OLD_IMPORT)) {
source = source.replace(OLD_IMPORT, NEW_IMPORT);
modified = true;
}
// 2. Remove fake Note block — use regex to avoid escaping issues with
// unicode escapes and template literals inside the block.
// Match from the opening comment through `return await activity.getObject();`
const fakeNoteBlock = / \/\/ Only Create activities wrap Note\/Article objects\.\n[\s\S]*? return await activity\.getObject\(\);/;
if (fakeNoteBlock.test(source)) {
source = source.replace(
fakeNoteBlock,
` // Only Create activities wrap Note/Article objects\n if (!(activity instanceof Create)) return null;\n return await activity.getObject();`,
);
modified = true;
}
if (modified) {
await writeFile(filePath, source, "utf8");
patched += 1;
console.log(`[postinstall] Reverted ap-like-note-dispatcher patch in ${filePath}`);
}
}
if (checked === 0) {
console.log("[postinstall] patch-ap-like-note-dispatcher: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-like-note-dispatcher: already up to date");
} else {
console.log(`[postinstall] patch-ap-like-note-dispatcher: reverted ${patched}/${checked} file(s)`);
}

112
scripts/patch-ap-normalize-nested-tags.mjs
View File

@@ -1,112 +0,0 @@
/**
* Patch: normalize nested/hierarchical tags before syndicating to the fediverse.
*
* Root cause:
* Posts use nested tag notation like `on/art/music` or `art/music`. When
* these are sent as ActivityPub Hashtag objects, the full path becomes the
* hashtag name (e.g. #on/art/music), which is invalid on Mastodon and other
* fediverse platforms. Clients display them as broken links or plain text.
*
* Fix:
* Extract only the last segment of each slash-separated tag before building
* the hashtag name. `on/art/music` → `music`, `art/music` → `music`.
* The href still links to the full category path on the publication so
* internal navigation is unaffected.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
];
const MARKER = "// normalize nested tags fix";
const OLD_PLAIN = ` tags.push({
type: "Hashtag",
name: \`#\${cat.replace(/\\s+/g, "")}\`,
href: \`\${publicationUrl}categories/\${encodeURIComponent(cat)}\`,
});`;
const NEW_PLAIN = ` tags.push({
type: "Hashtag",
name: \`#\${cat.split("/").at(-1).replace(/\\s+/g, "")}\`, // normalize nested tags fix
href: \`\${publicationUrl}categories/\${encodeURIComponent(cat)}\`,
});`;
const OLD_FEDIFY = ` tags.push(
new Hashtag({
name: \`#\${cat.replace(/\\s+/g, "")}\`,
href: new URL(
\`\${publicationUrl}categories/\${encodeURIComponent(cat)}\`,
),
}),
);`;
const NEW_FEDIFY = ` tags.push(
new Hashtag({
name: \`#\${cat.split("/").at(-1).replace(/\\s+/g, "")}\`, // normalize nested tags fix
href: new URL(
\`\${publicationUrl}categories/\${encodeURIComponent(cat)}\`,
),
}),
);`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue;
}
let updated = source;
let changed = false;
if (source.includes(OLD_PLAIN)) {
updated = updated.replace(OLD_PLAIN, NEW_PLAIN);
changed = true;
} else {
console.log(`[postinstall] patch-ap-normalize-nested-tags: buildPlainTags snippet not found in ${filePath}`);
}
if (source.includes(OLD_FEDIFY)) {
updated = updated.replace(OLD_FEDIFY, NEW_FEDIFY);
changed = true;
} else {
console.log(`[postinstall] patch-ap-normalize-nested-tags: buildFedifyTags snippet not found in ${filePath}`);
}
if (!changed || updated === source) {
continue;
}
await writeFile(filePath, updated, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-normalize-nested-tags to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-normalize-nested-tags: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-normalize-nested-tags: already up to date");
} else {
console.log(`[postinstall] patch-ap-normalize-nested-tags: patched ${patched}/${checked} file(s)`);
}

81
scripts/patch-ap-object-url-trailing-slash.mjs
View File

@@ -1,81 +0,0 @@
/**
* Patch: make the Fedify object dispatcher's post lookup tolerate trailing-slash
* differences between the AP object URL and the stored post URL.
*
* Root cause:
* setupObjectDispatchers resolvePost() builds postUrl from the {+id} template
* variable (e.g. "replies/bd78a") and does an exact findOne() match against
* posts.properties.url. Posts in MongoDB are stored with a trailing slash
* ("https://blog.giersig.eu/replies/bd78a/"), but the AP object URL returned
* by the /api/ap-url lookup endpoint has no trailing slash. The exact match
* fails → Fedify returns 404 → remote instance shows "Could not connect".
*
* Fix:
* Replace the single-value findOne() with a $in query that tries both the
* bare URL and the URL with a trailing slash appended.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/federation-setup.js",
];
const MARKER = "// trailing-slash url fix";
const OLD_SNIPPET = ` const postUrl = \`\${publicationUrl.replace(/\\/$/, "")}/\${id}\`;
const post = await collections.posts.findOne({ "properties.url": postUrl });`;
const NEW_SNIPPET = ` const postUrl = \`\${publicationUrl.replace(/\\/$/, "")}/\${id}\`; // trailing-slash url fix
const post = await collections.posts.findOne({
"properties.url": { $in: [postUrl, postUrl + "/"] },
});`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
const source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue;
}
if (!source.includes(OLD_SNIPPET)) {
console.log(`[postinstall] patch-ap-object-url-trailing-slash: snippet not found in ${filePath}`);
continue;
}
const updated = source.replace(OLD_SNIPPET, NEW_SNIPPET);
if (updated === source) {
continue;
}
await writeFile(filePath, updated, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-object-url-trailing-slash to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-object-url-trailing-slash: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-object-url-trailing-slash: already up to date");
} else {
console.log(`[postinstall] patch-ap-object-url-trailing-slash: patched ${patched}/${checked} file(s)`);
}

136
scripts/patch-ap-og-image.mjs
View File

@@ -1,136 +0,0 @@
/**
* Patch: fix OG image URL generation in ActivityPub jf2-to-as2.js.
*
* Root cause:
* Both 842fc5af and 45f8ba9 versions of jf2-to-as2.js try to extract the
* post slug from the URL using a regex that expects date-based URLs like
* /articles/2024/01/15/slug/ but this blog uses flat URLs like /articles/slug/.
* The regex never matches so the `image` property is never set — no OG image
* preview card reaches Mastodon or other fediverse servers.
*
* Fix:
* Replace the date-from-URL regex with a simple last-path-segment extraction.
* Constructs /og/{slug}.png — the actual filename pattern the Eleventy build
* generates for static OG preview images (e.g. /og/2615b.png).
*
* Both jf2ToActivityStreams() (plain JSON-LD) and jf2ToAS2Activity() (Fedify
* vocab objects) are patched. Both 842fc5af and 45f8ba9 variants are handled
* so the patch works regardless of which commit npm install resolved.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/lib/jf2-to-as2.js",
];
const MARKER = "// og-image fix";
// ---------------------------------------------------------------------------
// Use JS regex patterns to locate the OG image blocks.
// Both 842fc5af and 45f8ba9 share the same variable names (ogMatch / ogMatchF)
// and the same if-block structure, differing only in the URL construction.
//
// Pattern: matches from "const ogMatch[F] = postUrl && postUrl.match(" to the
// closing "}" (2-space indent) of the if block.
// ---------------------------------------------------------------------------
const CN_BLOCK_RE =
/ const ogMatch = postUrl && postUrl\.match\([^\n]+\n if \(ogMatch\) \{[\s\S]*?\n \}/;
const AS2_BLOCK_RE =
/ const ogMatchF = postUrl && postUrl\.match\([^\n]+\n if \(ogMatchF\) \{[\s\S]*?\n \}/;
// ---------------------------------------------------------------------------
// Replacement: extract slug from last URL path segment.
// Build /og/{slug}.png to match the Eleventy OG filenames (e.g. /og/2615b.png).
//
// Template literal note: backslashes inside the injected regex are doubled so
// they survive the template literal → string conversion:
// \\\/ → \/ (escaped slash in regex)
// [\\\w-] → [\w-] (word char class)
// ---------------------------------------------------------------------------
const NEW_CN = ` const ogSlug = postUrl && postUrl.match(/\\/([\\\w-]+)\\/?$/)?.[1]; // og-image fix
if (ogSlug) { // og-image fix
object.image = {
type: "Image",
url: \`\${publicationUrl.replace(/\\/$/, "")}/og/\${ogSlug}.png\`, // og-image fix
mediaType: "image/png",
};
}`;
const NEW_AS2 = ` const ogSlugF = postUrl && postUrl.match(/\\/([\\\w-]+)\\/?$/)?.[1]; // og-image fix
if (ogSlugF) { // og-image fix
noteOptions.image = new Image({
url: new URL(\`\${publicationUrl.replace(/\\/$/, "")}/og/\${ogSlugF}.png\`), // og-image fix
mediaType: "image/png",
});
}`;
// ---------------------------------------------------------------------------
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
const source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
console.log(`[postinstall] patch-ap-og-image: already applied to ${filePath}`);
continue;
}
let updated = source;
let changed = false;
// Fix the jf2ToActivityStreams OG block
if (CN_BLOCK_RE.test(updated)) {
updated = updated.replace(CN_BLOCK_RE, NEW_CN);
changed = true;
} else {
console.warn(
`[postinstall] patch-ap-og-image: jf2ToActivityStreams OG block not found in ${filePath} — skipping`,
);
}
// Fix the jf2ToAS2Activity OG block
if (AS2_BLOCK_RE.test(updated)) {
updated = updated.replace(AS2_BLOCK_RE, NEW_AS2);
changed = true;
} else {
console.warn(
`[postinstall] patch-ap-og-image: jf2ToAS2Activity OG block not found in ${filePath} — skipping`,
);
}
if (!changed || updated === source) {
console.log(`[postinstall] patch-ap-og-image: no changes applied to ${filePath}`);
continue;
}
await writeFile(filePath, updated, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-og-image to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-og-image: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-og-image: already up to date");
} else {
console.log(`[postinstall] patch-ap-og-image: patched ${patched}/${checked} file(s)`);
}

92
scripts/patch-ap-remove-federation-diag.mjs
View File

@@ -1,92 +0,0 @@
/**
* Patch: remove federation-diag inbox logging from the ActivityPub endpoint.
*
* The diagnostic block logs every inbox POST to detect federation stalls.
* It is no longer needed and produces noise in indiekit.log.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
];
const MARKER = "// ap-remove-federation-diag patch";
// Matches the original form (diag block immediately before the return)
const OLD_SNIPPET_V1 = ` // Diagnostic: log inbox POSTs to detect federation stalls
if (req.method === "POST" && req.path.includes("inbox")) {
const ua = req.get("user-agent") || "unknown";
const bodyParsed = req.body !== undefined && Object.keys(req.body || {}).length > 0;
console.info(\`[federation-diag] POST \${req.path} from=\${ua.slice(0, 60)} bodyParsed=\${bodyParsed} readable=\${req.readable}\`);
}
return self._fedifyMiddleware(req, res, next);`;
const NEW_SNIPPET_V1 = ` // ap-remove-federation-diag patch
return self._fedifyMiddleware(req, res, next);`;
// Matches the updated form (diag block followed by Accept-upgrade block before the return)
const OLD_SNIPPET_V2 = ` // Diagnostic: log inbox POSTs to detect federation stalls
if (req.method === "POST" && req.path.includes("inbox")) {
const ua = req.get("user-agent") || "unknown";
const bodyParsed = req.body !== undefined && Object.keys(req.body || {}).length > 0;
console.info(\`[federation-diag] POST \${req.path} from=\${ua.slice(0, 60)} bodyParsed=\${bodyParsed} readable=\${req.readable}\`);
}
// Fedify's`;
const NEW_SNIPPET_V2 = ` // ap-remove-federation-diag patch
// Fedify's`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue; // already patched
}
let matched = false;
if (source.includes(OLD_SNIPPET_V1)) {
source = source.replace(OLD_SNIPPET_V1, NEW_SNIPPET_V1);
matched = true;
} else if (source.includes(OLD_SNIPPET_V2)) {
source = source.replace(OLD_SNIPPET_V2, NEW_SNIPPET_V2);
matched = true;
}
if (!matched) {
console.log(`[postinstall] patch-ap-remove-federation-diag: snippet not found in ${filePath}`);
continue;
}
await writeFile(filePath, source, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-remove-federation-diag to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-remove-federation-diag: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-remove-federation-diag: already up to date");
} else {
console.log(`[postinstall] patch-ap-remove-federation-diag: patched ${patched}/${checked} file(s)`);
}

110
scripts/patch-ap-url-lookup-api-like.mjs
View File

@@ -1,110 +0,0 @@
/**
* Patch: make the /api/ap-url endpoint return the liked post URL for AP-likes.
*
* Root cause:
* For like posts where like-of is an ActivityPub URL (e.g. a Mastodon status),
* the "Also on: Fediverse" widget's authorize_interaction flow needs to send
* the user to the original AP object, not to a blog-side Note URL.
*
* The current handler always returns a /activitypub/objects/note/{id} URL,
* which 404s for AP-likes (because jf2ToAS2Activity returns a Like activity,
* not a Create(Note), so the Note dispatcher returns null).
*
* Fix:
* Before building the Note/Article URL, check whether the post is an AP-like
* (like-of is a URL that responds with application/activity+json). If it is,
* return { apUrl: likeOf } so that authorize_interaction opens the original
* AP object on the remote instance, where the user can interact with it.
*
* Non-AP likes (like-of is a plain web URL) fall through to the existing
* Note URL logic unchanged.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
];
const MARKER = "// ap-url-lookup-api-like patch";
const OLD_SNIPPET = ` // Determine the AP object type (mirrors jf2-to-as2.js logic)
const postType = post.properties?.["post-type"];
const isArticle = postType === "article" && !!post.properties?.name;
const objectType = isArticle ? "article" : "note";`;
const NEW_SNIPPET = ` // Determine the AP object type (mirrors jf2-to-as2.js logic)
const postType = post.properties?.["post-type"];
// For AP-likes: the widget should open the liked post on the remote instance.
// We detect AP URLs the same way as jf2-to-as2.js: HEAD with activity+json Accept.
// ap-url-lookup-api-like patch
if (postType === "like") {
const likeOf = post.properties?.["like-of"] || "";
if (likeOf) {
let isAp = false;
try {
const ctrl = new AbortController();
const tid = setTimeout(() => ctrl.abort(), 3000);
const r = await fetch(likeOf, {
method: "HEAD",
headers: { Accept: "application/activity+json, application/ld+json" },
signal: ctrl.signal,
});
clearTimeout(tid);
const ct = r.headers.get("content-type") || "";
isAp = ct.includes("activity+json") || ct.includes("ld+json");
} catch { /* network error — treat as non-AP */ }
if (isAp) {
res.set("Cache-Control", "public, max-age=60");
return res.json({ apUrl: likeOf });
}
}
}
const isArticle = postType === "article" && !!post.properties?.name;
const objectType = isArticle ? "article" : "note";`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
let source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue; // already patched
}
if (!source.includes(OLD_SNIPPET)) {
console.log(`[postinstall] patch-ap-url-lookup-api-like: snippet not found in ${filePath}`);
continue;
}
source = source.replace(OLD_SNIPPET, NEW_SNIPPET);
await writeFile(filePath, source, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-url-lookup-api-like to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-url-lookup-api-like: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-url-lookup-api-like: already up to date");
} else {
console.log(`[postinstall] patch-ap-url-lookup-api-like: patched ${patched}/${checked} file(s)`);
}

188
scripts/patch-ap-url-lookup-api.mjs
View File

@@ -1,188 +0,0 @@
/**
* Patch: add a public GET /api/ap-url endpoint to the ActivityPub endpoint.
*
* Problem:
* The "Also on fediverse" widget on blog post pages passes the blog post URL
* (e.g. https://blog.giersig.eu/replies/bd78a/) to the Mastodon
* authorize_interaction flow:
* https://{instance}/authorize_interaction?uri={blog-post-url}
*
* When the remote instance fetches that URI with Accept: application/activity+json,
* it may hit a static file server (nginx/Caddy) that returns HTML instead of
* AP JSON, causing the interaction to fail with "Could not connect to the given
* address" or a similar error.
*
* Fix:
* Add a public API route to the AP endpoint:
* GET /activitypub/api/ap-url?post={blog-post-url}
*
* This resolves the post in MongoDB, determines its object type (Note or Article),
* and returns the canonical Fedify-served AP object URL:
* { apUrl: "https://blog.giersig.eu/activitypub/objects/note/replies/bd78a/" }
*
* The "Also on fediverse" JS widget can then call this API and use the returned
* apUrl in the authorize_interaction redirect instead of the blog post URL.
* Fedify-served URLs (/activitypub/objects/…) are always proxied to Node.js and
* will reliably return AP JSON with correct content negotiation.
*
* The patch inserts the new route in the `routesPublic` getter of index.js,
* just before the closing `return router` statement.
*/
import { access, readFile, writeFile } from "node:fs/promises";
const candidates = [
"node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
"node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub/index.js",
];
const MARKER = "// AP URL lookup endpoint";
const OLD_SNIPPET = ` router.all("/inbox", (req, res) => {
res
.status(405)
.set("Allow", "POST")
.type("application/activity+json")
.json({
error: "Method Not Allowed",
message: "The shared inbox only accepts POST requests",
});
});
return router;
}
/**
* Authenticated admin routes — mounted at mountPath, behind IndieAuth.
*/`;
const NEW_SNIPPET = ` router.all("/inbox", (req, res) => {
res
.status(405)
.set("Allow", "POST")
.type("application/activity+json")
.json({
error: "Method Not Allowed",
message: "The shared inbox only accepts POST requests",
});
});
// AP URL lookup endpoint
// Public API: resolve a blog post URL → its Fedify-served AP object URL.
// GET /api/ap-url?post=https://blog.example.com/notes/foo/
// Returns { apUrl: "https://blog.example.com/activitypub/objects/note/notes/foo/" }
//
// Use this in "Also on fediverse" widgets so that authorize_interaction
// uses a URL that is always routed to Node.js (never intercepted by a
// static file server), ensuring reliable AP content negotiation.
router.get("/api/ap-url", async (req, res) => {
try {
const postParam = req.query.post;
if (!postParam) {
return res.status(400).json({ error: "post parameter required" });
}
const { application } = req.app.locals;
const postsCollection = application.collections?.get("posts");
if (!postsCollection) {
return res.status(503).json({ error: "Database unavailable" });
}
const publicationUrl = (self._publicationUrl || application.url || "").replace(/\\/$/, "");
// Match with or without trailing slash
const postUrl = postParam.replace(/\\/$/, "");
const post = await postsCollection.findOne({
"properties.url": { $in: [postUrl, postUrl + "/"] },
});
if (!post) {
return res.status(404).json({ error: "Post not found" });
}
// Draft and unlisted posts are not federated
if (post?.properties?.["post-status"] === "draft") {
return res.status(404).json({ error: "Post not found" });
}
if (post?.properties?.visibility === "unlisted") {
return res.status(404).json({ error: "Post not found" });
}
// Determine the AP object type (mirrors jf2-to-as2.js logic)
const postType = post.properties?.["post-type"];
const isArticle = postType === "article" && !!post.properties?.name;
const objectType = isArticle ? "article" : "note";
// Extract the path portion after the publication base URL
const resolvedUrl = (post.properties?.url || "").replace(/\\/$/, "");
if (!resolvedUrl.startsWith(publicationUrl)) {
return res.status(500).json({ error: "Post URL does not match publication base" });
}
const postPath = resolvedUrl.slice(publicationUrl.length).replace(/^\\//, "");
const mp = (self.options.mountPath || "").replace(/\\/$/, "");
const apBase = publicationUrl;
const apUrl = \`\${apBase}\${mp}/objects/\${objectType}/\${postPath}\`;
res.set("Cache-Control", "public, max-age=300");
res.json({ apUrl });
} catch (error) {
res.status(500).json({ error: error.message });
}
});
return router;
}
/**
* Authenticated admin routes — mounted at mountPath, behind IndieAuth.
*/`;
async function exists(filePath) {
try {
await access(filePath);
return true;
} catch {
return false;
}
}
let checked = 0;
let patched = 0;
for (const filePath of candidates) {
if (!(await exists(filePath))) {
continue;
}
checked += 1;
const source = await readFile(filePath, "utf8");
if (source.includes(MARKER)) {
continue;
}
if (!source.includes(OLD_SNIPPET)) {
console.log(`[postinstall] patch-ap-url-lookup-api: old snippet not found in ${filePath}`);
continue;
}
const updated = source.replace(OLD_SNIPPET, NEW_SNIPPET);
if (updated === source) {
continue;
}
await writeFile(filePath, updated, "utf8");
patched += 1;
console.log(`[postinstall] Applied patch-ap-url-lookup-api to ${filePath}`);
}
if (checked === 0) {
console.log("[postinstall] patch-ap-url-lookup-api: no target files found");
} else if (patched === 0) {
console.log("[postinstall] patch-ap-url-lookup-api: already up to date");
} else {
console.log(`[postinstall] patch-ap-url-lookup-api: patched ${patched}/${checked} file(s)`);
}