Comments (15)
@rimu @zotanmew I just shipped support for this, feel free to re-open if you run into any issues. This is live on pixelfed.social if you want to test it btw!
from pixelfed.
this is not required. which implementations are having issues, and what are the issues?
from pixelfed.
Iceshrimp.NET currently can't resolve pixelfed users for this reason. I'll check the spec again to be sure, I may be mistaken.
from pixelfed.
If i'm reading the spec correctly, it specifies that URIs under aliases
identify the same entity as subject
. (section 4.4.2). I'd conclude from this that they should be usable as a query target URI /resource
as per section 4.1. Mastodon/pleroma/misskey/gotosocial all implement it in this way as well, though they presumably don't rely on it.
from pixelfed.
The reason we're querying the uri via webfinger is that it's the only way to obtain information on the split-domain configuration of the remote instance (whereby the accounts are registered under @instance.tld
but the instance is reachable under web.instance.tld
or similar)
from pixelfed.
should, not must
the way you set up different web-domain and local-domain is to redirect webfinger requests from local-domain to web-domain
but you already have the id of the user so you do something like this:
- do a webfinger for acct:preferredUsername@webdomain against webdomain
- you should get redirected to the same query against localdomain
- if the self-link points back to the id you started with, take the subject
https://swicg.github.io/activitypub-webfinger/#reverse-discovery
https://docs.joinmastodon.org/admin/config/#web_domain
https://docs.gotosocial.org/en/latest/advanced/host-account-domain/
from pixelfed.
My point is that with the way the code is currently structured, WebFinger always comes before the AP fetch. Refactoring this would take ages & I'm sure we won't be the last implementation having issues like this. Would it be that difficult to check whether the resource being queried points to a local user? I can even send a PR if required, though my PHP is very rusty.
from pixelfed.
webfinger shouldn't be necessary if you already have the actor id. how hard is it to just skip webfinger? something like the following pseudocode:
def get_actor_document(x):
if x.startswith('https'):
actor_document = get(x, headers={'accept': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
else:
username, domain = x.split('@', 2)
jrd = get(f'https://{domain}/.well-known/webfinger?resource=acct:{username}@{domain}', headers={'accept': 'application/jrd+json'})
actor_id = filter(jrd, rel='self').href
actor_document = get(actor_id, headers={'accept': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'})
then you can construct the webfinger acct: uri following reverse discovery, in order to verify it
from pixelfed.
The issue is that using this you cannot figure out the canonical domain for a split domain user, since the AP payload never tells you what it's supposed to be. You have to webfinger the URI to do this. You can't even ask the remote instance for ?resource=preferredUsername
after fetching it, because on AP platforms like takahe there may be more than one user with the same preferredUsername, on different accountDomains.
from pixelfed.
It'd be a lot of work to refactor this logic on my side, and it would just be one extra check (starts with http/s) and db query on your end.
Also, specifications are one thing in ActivityPub, we all know that to federate with everyone you have to implement what everyone else does, which isn't necessarily what the spec says. In this case, all the major implementations support this, so whether the spec says it's required or not, supporting it is a good idea regardless to ensure compatibility.
from pixelfed.
you cannot figure out the canonical domain for a split domain user
you can. do reverse discovery.
to be clear, this is what it looks like when you do forward discovery and then verify with reverse discovery:
forward discovery
- start with
[email protected]
- do a webfinger for that acct: at that host, e.g.
https://trwnh.com/.well-known/webfinger?resource=acct:[email protected]
- take the
self
link which can be something likehttps://ap.trwnh.com/actors/1
reverse discovery
- start with
https://ap.trwnh.com/actors/1
- extract preferredUsername
a
and hostnameap.trwnh.com
, do a webfinger at e.g.https://ap.trwnh.com/.well-known/webfinger?resource=acct:[email protected]
- make sure the
self
link matches the actor you started with - take the JRD
subject
as canonical
this shouldn't be hard. it's what "all the major implementations" do to get your canonical webfinger address.
You have to webfinger the URI to do this
no, you webfinger the preferredUsername@web_domain. you shouldn't have to webfinger the https uri for an actor under any circumstances.
from pixelfed.
I'm aware how this works, I've talked to people who co-wrote the AP spec. I can assure you that this is anything but easy to implement on our side.
We'd have to refactor several hundreds of lines of code that was really annoying to get right to begin with, to support a quirk of a different piece of AP software, that diverges from what mastodon does. I'm not going to spend several days rewriting hundreds of lines of critical federation code just to federate with Pixelfed.
Again, I'm happy to write a PR for this, I don't understand why you're so reluctant to make/merge this tiny compatibility change that would allow for federation with more services.
from pixelfed.
the change isn't unwelcome, but i'm trying to point out that you are probably going to have issues in the future like this, and there's a high chance you're overcomplicating your code by doing something you shouldn't be doing. if it's "hundreds of lines" as you say, then that's almost certainly the case.
from pixelfed.
This would be really simple on the pixelfed side:
query = request.args.get('resource') # e.g. query value: "acct:[email protected]"
if 'acct:' in query:
actor = query.split(':')[1].split('@')[0] # alice
elif 'https:' in query or 'http:' in query:
actor = query.split('/')[-1] # alice
else:
return 'Webfinger regex failed to match'
it's maybe 3 extra lines.
from pixelfed.
@dansup thank you so much! one tiny nitpick (though I'm happy to add support for this on our end Update: added support for it on our end.) is that one of the aliases (instance.tld/username) still causes webfinger to return 400. Would be nice if you could add that, though it's not critical. The patch as-is fixed most of our federation issues with pixelfed, and the ones that remain I can easily work around on our end. Thanks again!
from pixelfed.
Related Issues (20)
- 0.12.0 installation issue -- composer error HOT 4
- Update docker image to 0.12 HOT 2
- Please add the "Custom CSS" option for admins
- 0.12.0 upgrade - problems with Horizon HOT 2
- Muting a user should hide old notifications from that user
- Can't get INSTANCE_CUR_REG_NOTIFY_ADMIN_ON_VERIFY activated HOT 1
- Thumbnail on profile shows age as "2y" despite post being older than 2 years
- Middle click and CTRL+click should open in new tab, not same tab
- Can't follow/be followed by any accounts HOT 8
- No Keyboard on focused search bar in PWA
- Domain for App-Updates has expired HOT 1
- backup:run only works with mysql backend HOT 1
- Improve the dark color scheme to something more smooth and still be as accessible as possible
- Incorrect number of seconds HOT 2
- Feature Request - Account Export
- Feature Request - Built-in Tor Bridge Pluggable Transports, Snowflake WebTunnel | i2pd HOT 2
- disable "sensitive content" warning HOT 1
- Click on the Link of posting time leads to old UI
- Federation issue on posts with Farsi/Arabic hashtags HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pixelfed.