This is exactly what I want to do: https://github.com/tootsuite/mastodon/issues/1441 ...but things seemed to have changed in a year. So I'm looking at Peertube as well as Mastodon; have Webfinger support; getting ActivityStreams in there; I think I need Pubsubhubbub now? What the hell is "salmon" and this "magic key" that I apparently need?
GETting an outbox works; correct number of posts shows up. Now I guess I need to keep track of followers on my end to know where to deliver events when a new post is published.
Still working on sending the `Accept` activity back after receiving a `Follow` on @write_as. If I don't sign the request Mastodon rejects it.
I'm reading that there's no official authentication method in the #ActivityPub spec, but that HTTP Signatures should be enough, but also that I might need Linked Data Signatures for things that'll get passed around (like posts). Will see.
Yesss @Gargron to the rescue with this tutorial. More please!
Tried that library, but everything broke when I had different versions of OpenSSL on my dev machine and server. Now just calling the CLI from the app.
Keys look good now, Mastodon is accepting my requests, but the Accept activity isn't having any effect. Going to start digging some more
Accept activity still not having an effect, despite seeing a 202 response in the logs. So went ahead and started sending Create activities for new posts, and oddly I'm getting a 401 back for that. Think I've done enough for tonight
Follows work! Finally! I was missing the `@context` property 🤦♂️
Now to see about those posts.
Was going to try to implement LD-Signatures to see if that's what's giving me the 401 on Create activities, but there's nothing out there already for Go, and I'm not comprehending the specs for the signature algorithms right now (I got the headers part, don't understand what part of the payload to sign).
Going to start on a simple read-only #ActivityPub server so I can follow other accounts, see what they're sending out, and compare.
Sooo with some additional logging on my server I confirmed it's the HTTP Signature verification failing. If I cheat and disable that on my instance, posts show up! 🎉
But apparently Go's libraries don't create a valid signature -- and neither does openssl when I call the CLI with the parameters I did. If I could figure out what arguments are passed to create the digest, I could quickly make it work. But that's enough for today too.
Success!! Got post federation working! 💥 I figured out the HTTP Signature issue -- mostly turns out I had a bug fetching the correct keys for individual blogs.
Now I'm cleaning up code, submitting PRs for the libraries I used, and adding things I skipped, like handling unfollows.
Write-up coming soon, and with any luck, it'll be live on @write_as this week.
@matt good working! Hardest parts the climb.
@international That's right!
@paulfree14 Not quite yet -- still need to clean up some code and make sure federated message delivery is reliable. But it should be ready this week or next!
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!