svemagie/indiekit-endpoint-activitypub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-activitypub.git synced 2026-04-02 15:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: raw signed fetch fallback for author resolution

Browse Source 
Servers like wafrn return AP JSON without @context, causing Fedify's
JSON-LD processor to reject the document. Strategy 1b in resolveAuthor
does a direct signed GET, extracts attributedTo/actor from plain JSON,
then resolves the actor via lookupWithSecurity.

Also: _loadRsaPrivateKey now imports with extractable=true (required
by Fedify's signRequest), and loadRsaKey is wired through to all
Mastodon API interaction helpers.
This commit is contained in:
Ricardo
2026-03-23 07:56:34 +01:00
parent c71fd691a3
commit c2920cafd8
7 changed files with 83 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/mastodon/helpers/interactions.js
View File

@@ -22,7 +22,7 @@ import { resolveAuthor } from "../../resolve-author.js";
* @param {object} params.interactions - ap_interactions collection
* @returns {Promise<{ activityId: string }>}
*/
export async function likePost({ targetUrl, federation, handle, publicationUrl, collections, interactions }) {
export async function likePost({ targetUrl, federation, handle, publicationUrl, collections, interactions, loadRsaKey }) {
const { Like } = await import("@fedify/fedify/vocab");
const ctx = federation.createContext(
new URL(publicationUrl),
@@ -30,7 +30,11 @@ export async function likePost({ targetUrl, federation, handle, publicationUrl,
);
const documentLoader = await ctx.getDocumentLoader({ identifier: handle });
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections);
const rsaKey = loadRsaKey ? await loadRsaKey() : null;
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections, {
privateKey: rsaKey,
keyId: `${ctx.getActorUri(handle).href}#main-key`,
});
const uuid = crypto.randomUUID();
const baseUrl = publicationUrl.replace(/\/$/, "");
@@ -79,7 +83,7 @@ export async function likePost({ targetUrl, federation, handle, publicationUrl,
* @param {object} params.interactions - ap_interactions collection
* @returns {Promise<void>}
*/
export async function unlikePost({ targetUrl, federation, handle, publicationUrl, collections, interactions }) {
export async function unlikePost({ targetUrl, federation, handle, publicationUrl, collections, interactions, loadRsaKey }) {
const existing = interactions
? await interactions.findOne({ objectUrl: targetUrl, type: "like" })
: null;
@@ -95,7 +99,11 @@ export async function unlikePost({ targetUrl, federation, handle, publicationUrl
);
const documentLoader = await ctx.getDocumentLoader({ identifier: handle });
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections);
const rsaKey = loadRsaKey ? await loadRsaKey() : null;
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections, {
privateKey: rsaKey,
keyId: `${ctx.getActorUri(handle).href}#main-key`,
});
if (recipient) {
const like = new Like({
@@ -131,7 +139,7 @@ export async function unlikePost({ targetUrl, federation, handle, publicationUrl
* @param {object} params.interactions - ap_interactions collection
* @returns {Promise<{ activityId: string }>}
*/
export async function boostPost({ targetUrl, federation, handle, publicationUrl, collections, interactions }) {
export async function boostPost({ targetUrl, federation, handle, publicationUrl, collections, interactions, loadRsaKey }) {
const { Announce } = await import("@fedify/fedify/vocab");
const ctx = federation.createContext(
new URL(publicationUrl),
@@ -162,7 +170,11 @@ export async function boostPost({ targetUrl, federation, handle, publicationUrl,
// Also send directly to the original post author
const documentLoader = await ctx.getDocumentLoader({ identifier: handle });
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections);
const rsaKey = loadRsaKey ? await loadRsaKey() : null;
const recipient = await resolveAuthor(targetUrl, ctx, documentLoader, collections, {
privateKey: rsaKey,
keyId: `${ctx.getActorUri(handle).href}#main-key`,
});
if (recipient) {
try {
await ctx.sendActivity({ identifier: handle }, recipient, announce, {

1
lib/mastodon/routes/statuses.js
View File

@@ -614,6 +614,7 @@ function getFederationOpts(req) {
handle: pluginOptions.handle || "user",
publicationUrl: pluginOptions.publicationUrl,
collections: req.app.locals.mastodonCollections,
loadRsaKey: pluginOptions.loadRsaKey,
};
}