indiekit-server

Author SHA1 Message Date

Author	SHA1	Message	Date
Sven	1ad3bae3fc	fix(patches): restore lost AP patches and fix broken patch chain The signatureTimeWindow patch was deleted in `e52e98c5c` (assumed fixed in fork), but the lockfile still pins the fork to v2.10.1 which lacks it. This broke the patch-ap-allow-private-address patch chain: it expected signatureTimeWindow in its OLD_SNIPPET, never matched, and silently skipped — leaving the server without both signatureTimeWindow AND allowPrivateAddress. Without allowPrivateAddress, Fedify's SSRF guard blocks own-site URL resolution (blog.giersig.eu → 10.100.0.10), breaking federation delivery. - Fix patch-ap-allow-private-address to handle fresh v2.10.1 (adds both signatureTimeWindow and allowPrivateAddress in one step) - Restore patch-ap-object-url-trailing-slash (also lost in `e52e98c5c`) - Add both patches to postinstall and serve scripts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-18 19:18:40 +01:00
Sven	e52e98c5c5	chore(patches): remove patches now fixed in forks Fixes implemented upstream in svemagie/indiekit-endpoint-activitypub and svemagie/indiekit-endpoint-microsub; postinstall patches no longer needed: - patch-microsub-feed-discovery (HTML <link> discovery in fetcher.js) - patch-inbox-skip-view-activity-parse (PeerTube View buffering in federation-bridge.js) - patch-ap-inbox-raw-body-digest (raw body preservation for HTTP Signature Digest) - patch-ap-object-url-trailing-slash (trailing slash $in fix in federation-setup.js) - patch-ap-signature-time-window (12h signatureTimeWindow in federation-setup.js) - patch-inbox-ignore-view-activity (View no-op handler in inbox-listeners.js) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-16 12:19:18 +01:00
Sven	02919b6e37	fix: patch resolvePost to match post URLs with or without trailing slash The Fedify object dispatcher constructs the post lookup URL from the {+id} path variable (e.g. "replies/bd78a"), which has no trailing slash. Posts in MongoDB store their URL with a trailing slash, so the exact findOne() match was silently returning null → Fedify serving 404 → mountains.social showing "Could not connect to the given address". Fix uses $in to try both variants so the dispatcher works regardless of whether the request URL has a trailing slash or not. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-15 15:17:27 +01:00

Sven

1ad3bae3fc

fix(patches): restore lost AP patches and fix broken patch chain

The signatureTimeWindow patch was deleted in e52e98c5c (assumed fixed
in fork), but the lockfile still pins the fork to v2.10.1 which lacks
it. This broke the patch-ap-allow-private-address patch chain: it
expected signatureTimeWindow in its OLD_SNIPPET, never matched, and
silently skipped — leaving the server without both signatureTimeWindow
AND allowPrivateAddress. Without allowPrivateAddress, Fedify's SSRF
guard blocks own-site URL resolution (blog.giersig.eu → 10.100.0.10),
breaking federation delivery.

- Fix patch-ap-allow-private-address to handle fresh v2.10.1 (adds
  both signatureTimeWindow and allowPrivateAddress in one step)
- Restore patch-ap-object-url-trailing-slash (also lost in e52e98c5c)
- Add both patches to postinstall and serve scripts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-18 19:18:40 +01:00

Sven

e52e98c5c5

chore(patches): remove patches now fixed in forks

Fixes implemented upstream in svemagie/indiekit-endpoint-activitypub
and svemagie/indiekit-endpoint-microsub; postinstall patches no longer
needed:

- patch-microsub-feed-discovery (HTML <link> discovery in fetcher.js)
- patch-inbox-skip-view-activity-parse (PeerTube View buffering in federation-bridge.js)
- patch-ap-inbox-raw-body-digest (raw body preservation for HTTP Signature Digest)
- patch-ap-object-url-trailing-slash (trailing slash $in fix in federation-setup.js)
- patch-ap-signature-time-window (12h signatureTimeWindow in federation-setup.js)
- patch-inbox-ignore-view-activity (View no-op handler in inbox-listeners.js)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-16 12:19:18 +01:00

Sven

02919b6e37

fix: patch resolvePost to match post URLs with or without trailing slash

The Fedify object dispatcher constructs the post lookup URL from the
{+id} path variable (e.g. "replies/bd78a"), which has no trailing slash.
Posts in MongoDB store their URL with a trailing slash, so the exact
findOne() match was silently returning null → Fedify serving 404 →
mountains.social showing "Could not connect to the given address".

Fix uses $in to try both variants so the dispatcher works regardless
of whether the request URL has a trailing slash or not.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-15 15:17:27 +01:00

3 Commits