Going to write a tutorial on building a "Hello World" service for the fediverse as soon as I can figure out how to federate with the fediverse.
This is exactly what I want to do: https://github.com/tootsuite/mastodon/issues/1441 ...but things seemed to have changed in a year. So I'm looking at Peertube as well as Mastodon; have Webfinger support; getting ActivityStreams in there; I think I need Pubsubhubbub now? What the hell is "salmon" and this "magic key" that I apparently need?
Okay some of that stuff is from OStatus and not needed for a pure #ActivityPub application. Test accounts now show up in search; working on posts next.
GETting an outbox works; correct number of posts shows up. Now I guess I need to keep track of followers on my end to know where to deliver events when a new post is published.
Still working on sending the `Accept` activity back after receiving a `Follow` on @write_as. If I don't sign the request Mastodon rejects it.
I'm reading that there's no official authentication method in the #ActivityPub spec, but that HTTP Signatures should be enough, but also that I might need Linked Data Signatures for things that'll get passed around (like posts). Will see.
I'm now looking at #Plume and Mastodon's code to figure out what data to send. #federation
Yesss @Gargron to the rescue with this tutorial. More please!
https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
Got HTTP Signatures in, but Mastodon is giving me this error:
OpenSSL::PKey::RSAError (Neither PUB key nor PRIV key: nested asn1 error)
Looking more into things, it doesn't seem the Go crypto libraries create keypairs that are compatible with OpenSSL, so switching to this one https://github.com/spacemonkeygo/openssl for generating the keys.
Tried that library, but everything broke when I had different versions of OpenSSL on my dev machine and server. Now just calling the CLI from the app.
Keys look good now, Mastodon is accepting my requests, but the Accept activity isn't having any effect. Going to start digging some more
Accept activity still not having an effect, despite seeing a 202 response in the logs. So went ahead and started sending Create activities for new posts, and oddly I'm getting a 401 back for that. Think I've done enough for tonight
Follows work! Finally! I was missing the `@context` property 🤦♂️
Now to see about those posts.
Was going to try to implement LD-Signatures to see if that's what's giving me the 401 on Create activities, but there's nothing out there already for Go, and I'm not comprehending the specs for the signature algorithms right now (I got the headers part, don't understand what part of the payload to sign).
Going to start on a simple read-only #ActivityPub server so I can follow other accounts, see what they're sending out, and compare.
Sooo with some additional logging on my server I confirmed it's the HTTP Signature verification failing. If I cheat and disable that on my instance, posts show up! 🎉
But apparently Go's libraries don't create a valid signature -- and neither does openssl when I call the CLI with the parameters I did. If I could figure out what arguments are passed to create the digest, I could quickly make it work. But that's enough for today too.
Success!! Got post federation working! 💥 I figured out the HTTP Signature issue -- mostly turns out I had a bug fetching the correct keys for individual blogs.
Now I'm cleaning up code, submitting PRs for the libraries I used, and adding things I skipped, like handling unfollows.
Write-up coming soon, and with any luck, it'll be live on @write_as this week.