#118 Ignore incoming activities which have been received before, add `/activities` endpoint

Merged
dessalines merged 2 commits from activity-checks into main 1 month ago
nutomic commented 1 month ago

The first commit should be pretty clear. This is required by the Activitypub standard, and also helps to simplify our code a bit.

The /activities endpoint is also straightforward, but there is one problem: it will return activities related to private messages or Follow/Accept. We need to add some way to exclude those, maybe a column sensitive on the activity table?

Also this change does not prevent periodically clearing out the activity table. The changes here are only important for new activities, so if those over 1 month old or so are deleted, everything will still work fine. The inbox would throw an error instead of http 200 if somehow an old activity were delivered, and the http endpoint would not find old activities. But those are very minor problems.

The first commit should be pretty clear. This is required by the Activitypub standard, and also helps to simplify our code a bit. The `/activities` endpoint is also straightforward, but there is one problem: it will return activities related to private messages or `Follow`/`Accept`. We need to add some way to exclude those, maybe a column `sensitive` on the activity table? Also this change does not prevent periodically clearing out the activity table. The changes here are only important for new activities, so if those over 1 month old or so are deleted, everything will still work fine. The inbox would throw an error instead of http 200 if somehow an old activity were delivered, and the http endpoint would not find old activities. But those are very minor problems.
dessalines commented 1 month ago
Owner

For some reason this failed in travis, I restarted the job just to make sure.

For some reason this failed in travis, I restarted the job just to make sure.
nutomic commented 1 month ago
Owner

Forgot to add the migration, fixed now.

Forgot to add the migration, fixed now.
dessalines reviewed 1 month ago
@@ -4,0 +32,4 @@
.await?;
match existing {
Ok(_) => Ok(true),
Err(_) => Ok(false),
dessalines commented 1 month ago

This works, but seems like it’d be easier to just return existing.

This works, but seems like it'd be easier to just return existing.
dessalines commented 1 month ago
Owner

Looks good to me, and tests passed so I’ll merge.

Looks good to me, and tests passed so I'll merge.
dessalines merged commit 3bf885329d into main 1 month ago
nutomic commented 4 weeks ago
Owner

We still need to fix the problem that private message and follow activities are available over HTTP without authentification.

We still need to fix the problem that private message and follow activities are available over HTTP without authentification.
The pull request has been merged as 3bf885329d.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.