search

Automattic / wordpress-activitypub

ActivityPub for WordPress
https://wordpress.org/plugins/activitypub/
MIT License
470 stars 70 forks source link

Does this plugin support the "replies" collection? #138

Open johnspurlock opened 2 years ago

johnspurlock commented 2 years ago

Sending an ActivityPub request to https://www.draky.net/wordpress/2019/11/15/bonjour-tout-le-monde/

which has this plugin installed, returns good looking AP, but without the "replies" collection https://www.w3.org/TR/activitystreams-vocabulary/#dfn-replies

This makes it impossible to enumerate the comment thread.

I'm wondering if it's implemented?

Thanks - John

pfefferle commented 2 years ago

It is not yet implemented.

Do you know a platform that is already consuming the replies-collection?

johnspurlock commented 2 years ago

Ah, ok - thanks for getting back.

There is a new open standard for podcast episode comments that relies on the existing basic Fediverse protocol (ActivityPub, Webfinger, http signatures for auth) for sending and displaying replies to a root comment post associated with that episode.

Info site here: https://podcastsocial.org/ Underlying rss feed tag spec, and open source components to make it easier for existing podcast apps to send and display them.

For displaying comments, it relies on being able to enumerate comments by parsing the standard replies collections recursively. Mastodon supports paged collections in its replies implementation, but replies can also be modeled inline if that's easier.

For sending comments, it relies on standard s2s federation inReplyTo the target object. Is this supported? I'm getting a 406 error (see below for the gory details) when POSTing to the inbox url using my custom software. Replying from a Mastodon instance does not seem to work either.

I was really excited when I saw your plugin, the idea of a podcaster being able to use a WordPress site as the venue for their comments instead of, say, Mastodon, is that WP is already very popular in the podcasting community, and it would presumably provide additional moderation options for these incoming comments.

POST https://example.com/wp-json/activitypub/1.0/users/1/inbox
date: Thu, 24 Feb 2022 14:36:26 GMT
signature: keyId="https://sender.com/path/to#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="<base64>"
digest: SHA-256=<base64>
content-type: application/activity+json

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "id": "https://sender.com/path/to/activity",
  "type": "Create",
  "actor": "https://sender.com/path/to/actor",
  "object": {
    "id": "https://sender.com/path/to/object",
    "type": "Note",
    "published": "2022-02-24T14:35:34.151Z",
    "attributedTo": "https://sender.com/path/to/actor",
    "inReplyTo": "https://example.com/myfirstarticle/",
    "contentMap": {
      "und": "Hello!"
    },
    "to": [
      "https://www.w3.org/ns/activitystreams#Public"
    ],
    "cc": [
      "https://example.com/author/admin/"
    ]
  },
  "published": "2022-02-24T14:35:34.151Z"
}

results in

406
content-type: text/html; charset=iso-8859-1

<head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>
pfefferle commented 2 years ago

The plugin should accept replies from all big plattforms. The inReplyTo has to be the permalink of the blogpost.

See: https://github.com/pfefferle/wordpress-activitypub/blob/44c652eba8174368c9fdc2ca33e02fd2afbe436d/includes/rest/class-inbox.php#L410

pfefferle commented 2 years ago

Is your endpoint accessible? The error is coming from Mod_Security, not from the plugin, so it might be a server configuration issue?!?

johnspurlock commented 2 years ago

Yep, we're using the article permalink for inReplyTo. Test article: https://lehman-family.com/jstest/ (also is the AP "id" returned when requesting with accept: application/json)

But replying doesn't seem to work, even from Mastodon, paging @Lehmancreations for question about security setup on that site

Lehmancreations commented 2 years ago

@johnspurlock There are a few plugins that could maybe be the issue. One being Akismet Anti-Spam and the other is Limit Login Attempts. Let me know when you want to test again and I will disable them

mediaformat commented 2 years ago

This is not yet implemented, but it is planned!

johnspurlock commented 2 years ago

Alright, verified that the 406 response received was due to the shared WP host's custom security filter. They tweaked their secret algorithm and the AP payloads are now allowed through. Phew!

One small nitpick remains on incoming comments: your implementation should use the appropriate contentMap lang string (usually only one) as the content text. It currently appears to only recognize the content string property. They are actually the same conceptual field in the AP model.

My implementation can include a redundant string property on outgoing requests (Mastodon does this too as a workaround for outgoing), but it's not required, Mastodon/Pleroma use contentMap just fine if no content is provided for incoming.

Anyway this is exciting! A fediverse option with fine-grained, pre-emptive moderation is a big deal.

While sending works, we won't be able to promote this plugin as a solution, though, until the replies collection is implemented, in order to support the read scenario.

I understand this might not be a trivial thing to implement, especially if you do it with paged collections for scalability (to support a post with thousands of comments), but this would be much appreciated by several folks interested in pointing people to existing fediverse endpoints on platforms that people are already using.

Let me know if I can help in any way, I haven't done PHP in 20 years, but happy to help test on the AP client side.

Lehmancreations commented 2 years ago

I second @johnspurlock's comment Would love to be able to use this plugin in a podcasting setting but would need the replies collection. This would be totally awesome to have cross app comments in podcasting and have the root comment be on our own website were the episode is based. I hope you consider adding the replies collection.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

johnspurlock commented 2 years ago

@mediaformat still eagerly awaiting this - any news on this front?

mediaformat commented 2 years ago

@johnspurlock yes, it is planned as part of #142

johnspurlock commented 2 years ago

@johnspurlock yes, it is planned as part of #142

Excellent! Thank you

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

johnspurlock commented 1 year ago

👀

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 9 months ago

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days.

pfefferle commented 9 months ago

keep

Menrath commented 6 months ago

As I learned today the replies Collection is also used by by client application like some iOS and android apps. @pfefferle which url should the replies Collection have for a WordPress post?

I got interested in implementing this, but got stuck fast, as I stumbled upon the issue whether it is a good practice to leak internal user-ids to an API.

pfefferle commented 6 months ago

I would use an API endpoint for this. Something like /activitypub/1.0/posts/1/replies or similar?!?

Menrath commented 6 months ago

I assume the 1 is the WordPress Post-ID? Seems it should be totally possible to not include the user in the replies Collection of a post like Mastodon does. And in leaking the internal Post-ID I don't see any problem.

Menrath commented 6 months ago

Related: Mobilizon announces every reply with the application actor. Any reasons not to do that (with at least if comments are manually accepted)? ... users should be able to understand the consequences of having followers of the application actor.

pfefferle commented 6 months ago

I assume the 1 is the WordPress Post-ID? Seems it should be totally possible to not include the user in the replies Collection of a post like Mastodon does.

Exactly!

And in leaking the internal Post-ID I don't see any problem.

The Short URL is using the post ID, so I wouldn't see an issue here. (Even the User-ID is propagated by the default WordPress API btw.)

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days.

johnspurlock commented 2 months ago

👀