This is exactly what I want to do: https://github.com/tootsuite/mastodon/issues/1441 ...but things seemed to have changed in a year. So I'm looking at Peertube as well as Mastodon; have Webfinger support; getting ActivityStreams in there; I think I need Pubsubhubbub now? What the hell is "salmon" and this "magic key" that I apparently need?
Okay some of that stuff is from OStatus and not needed for a pure #ActivityPub application. Test accounts now show up in search; working on posts next.
Still working on sending the `Accept` activity back after receiving a `Follow` on @write_as. If I don't sign the request Mastodon rejects it.
I'm reading that there's no official authentication method in the #ActivityPub spec, but that HTTP Signatures should be enough, but also that I might need Linked Data Signatures for things that'll get passed around (like posts). Will see.
Yesss @Gargron to the rescue with this tutorial. More please!
Got HTTP Signatures in, but Mastodon is giving me this error:
OpenSSL::PKey::RSAError (Neither PUB key nor PRIV key: nested asn1 error)
Looking more into things, it doesn't seem the Go crypto libraries create keypairs that are compatible with OpenSSL, so switching to this one https://github.com/spacemonkeygo/openssl for generating the keys.
Follows work! Finally! I was missing the `@context` property 🤦♂️
Now to see about those posts.
Was going to try to implement LD-Signatures to see if that's what's giving me the 401 on Create activities, but there's nothing out there already for Go, and I'm not comprehending the specs for the signature algorithms right now (I got the headers part, don't understand what part of the payload to sign).
Going to start on a simple read-only #ActivityPub server so I can follow other accounts, see what they're sending out, and compare.
Sooo with some additional logging on my server I confirmed it's the HTTP Signature verification failing. If I cheat and disable that on my instance, posts show up! 🎉
But apparently Go's libraries don't create a valid signature -- and neither does openssl when I call the CLI with the parameters I did. If I could figure out what arguments are passed to create the digest, I could quickly make it work. But that's enough for today too.
Success!! Got post federation working! 💥 I figured out the HTTP Signature issue -- mostly turns out I had a bug fetching the correct keys for individual blogs.
Now I'm cleaning up code, submitting PRs for the libraries I used, and adding things I skipped, like handling unfollows.
Write-up coming soon, and with any luck, it'll be live on @write_as this week.
@paulfree14 Not quite yet -- still need to clean up some code and make sure federated message delivery is reliable. But it should be ready this week or next!
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!