svemagie/indiekit-endpoint-activitypub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-activitypub.git synced 2026-04-02 15:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b33932f1f6e4a04ac3cb69526c324b537d875e98
indiekit-endpoint-activitypub/lib/controllers/interactions-like.js
Ricardo c2920cafd8 fix: raw signed fetch fallback for author resolution 
Servers like wafrn return AP JSON without @context, causing Fedify's
JSON-LD processor to reject the document. Strategy 1b in resolveAuthor
does a direct signed GET, extracts attributedTo/actor from plain JSON,
then resolves the actor via lookupWithSecurity.

Also: _loadRsaPrivateKey now imports with extractable=true (required
by Fedify's signRequest), and loadRsaKey is wired through to all
Mastodon API interaction helpers.
2026-03-23 07:56:34 +01:00

240 lines
6.4 KiB
JavaScript
Raw Blame History

/**
* Like/Unlike interaction controllers.
* Sends Like and Undo(Like) activities via Fedify.
*/
import { validateToken } from "../csrf.js";
import { resolveAuthor } from "../resolve-author.js";
/**
* POST /admin/reader/like — send a Like activity to the post author.
* @param {string} mountPath - Plugin mount path
* @param {object} plugin - ActivityPub plugin instance (for federation access)
*/
export function likeController(mountPath, plugin) {
return async (request, response, next) => {
try {
if (!validateToken(request)) {
return response.status(403).json({
success: false,
error: "Invalid CSRF token",
});
}
const { url } = request.body;
if (!url) {
return response.status(400).json({
success: false,
error: "Missing post URL",
});
}
if (!plugin._federation) {
return response.status(503).json({
success: false,
error: "Federation not initialized",
});
}
const { Like } = await import("@fedify/fedify/vocab");
const handle = plugin.options.actor.handle;
const ctx = plugin._federation.createContext(
new URL(plugin._publicationUrl),
{ handle, publicationUrl: plugin._publicationUrl },
);
const documentLoader = await ctx.getDocumentLoader({
identifier: handle,
});
const { application } = request.app.locals;
const rsaKey = await plugin._loadRsaPrivateKey();
const recipient = await resolveAuthor(
url,
ctx,
documentLoader,
application?.collections,
{
privateKey: rsaKey,
keyId: `${ctx.getActorUri(handle).href}#main-key`,
},
);
if (!recipient) {
return response.status(404).json({
success: false,
error: "Could not resolve post author",
});
}
// Generate a unique activity ID
const uuid = crypto.randomUUID();
const baseUrl = plugin._publicationUrl.replace(/\/$/, "");
const activityId = `${baseUrl}/activitypub/likes/${uuid}`;
// Construct and send Like activity
const like = new Like({
id: new URL(activityId),
actor: ctx.getActorUri(handle),
object: new URL(url),
});
await ctx.sendActivity({ identifier: handle }, recipient, like, {
orderingKey: url,
});
// Track the interaction for undo
const interactions = application?.collections?.get("ap_interactions");
if (interactions) {
await interactions.updateOne(
{ objectUrl: url, type: "like" },
{
$set: {
objectUrl: url,
type: "like",
activityId,
recipientUrl: recipient.id?.href || "",
createdAt: new Date().toISOString(),
},
},
{ upsert: true },
);
}
console.info(`[ActivityPub] Sent Like for ${url}`);
return response.json({
success: true,
type: "like",
objectUrl: url,
});
} catch (error) {
console.error("[ActivityPub] Like failed:", error.message);
return response.status(500).json({
success: false,
error: "Like failed. Please try again later.",
});
}
};
}
/**
* POST /admin/reader/unlike — send an Undo(Like) activity.
*/
export function unlikeController(mountPath, plugin) {
return async (request, response, next) => {
try {
if (!validateToken(request)) {
return response.status(403).json({
success: false,
error: "Invalid CSRF token",
});
}
const { url } = request.body;
if (!url) {
return response.status(400).json({
success: false,
error: "Missing post URL",
});
}
if (!plugin._federation) {
return response.status(503).json({
success: false,
error: "Federation not initialized",
});
}
const { application } = request.app.locals;
const interactions = application?.collections?.get("ap_interactions");
// Look up the original interaction to get the activity ID
const existing = interactions
? await interactions.findOne({ objectUrl: url, type: "like" })
: null;
if (!existing) {
return response.status(404).json({
success: false,
error: "No like found for this post",
});
}
const { Like, Undo } = await import("@fedify/fedify/vocab");
const handle = plugin.options.actor.handle;
const ctx = plugin._federation.createContext(
new URL(plugin._publicationUrl),
{ handle, publicationUrl: plugin._publicationUrl },
);
const documentLoader = await ctx.getDocumentLoader({
identifier: handle,
});
const rsaKey2 = await plugin._loadRsaPrivateKey();
const recipient = await resolveAuthor(
url,
ctx,
documentLoader,
application?.collections,
{
privateKey: rsaKey2,
keyId: `${ctx.getActorUri(handle).href}#main-key`,
},
);
if (!recipient) {
// Clean up the local record even if we can't send Undo
if (interactions) {
await interactions.deleteOne({ objectUrl: url, type: "like" });
}
return response.json({
success: true,
type: "unlike",
objectUrl: url,
});
}
// Construct Undo(Like)
const like = new Like({
id: existing.activityId ? new URL(existing.activityId) : undefined,
actor: ctx.getActorUri(handle),
object: new URL(url),
});
const undo = new Undo({
actor: ctx.getActorUri(handle),
object: like,
});
await ctx.sendActivity({ identifier: handle }, recipient, undo, {
orderingKey: url,
});
// Remove the interaction record
if (interactions) {
await interactions.deleteOne({ objectUrl: url, type: "like" });
}
console.info(`[ActivityPub] Sent Undo(Like) for ${url}`);
return response.json({
success: true,
type: "unlike",
objectUrl: url,
});
} catch (error) {
console.error("[ActivityPub] Unlike failed:", error.message);
return response.status(500).json({
success: false,
error: "Unlike failed. Please try again later.",
});
}
};
}
Reference in New Issue View Git Blame Copy Permalink