A single-user, Azure-hosted, ActivityPub-compatible art gallery and feed reader built on ASP.NET Core.
For more information, see Views/About/Index.cshtml.
Supported platforms and protocols:
Create / Import | Export / Crosspost | Inbox | Reply | Notifications | Authentication | |
---|---|---|---|---|---|---|
ActivityPub | ✓ | ✓ | ✓ | ✓ (Activites, Replies) | ||
Bluesky | ✓ (Manual) | ✓ | ✓ | PDS / DID / Password | ||
DeviantArt | ✓ | ✓ | ✓ (Messages, Notes) | OAuth (ASP.NET Identity) | ||
RSS / Atom | ✓ | ✓ | ||||
Weasyl | ✓ (Manual) | ✓ | Partial | API Key |
Pandacap is a single-user application. To log in, the instance owner must use a Microsoft account that they have explicitly allowed in the associated Entra ID app registration.
Any authenticated user can access the same data. This means authorization is the sole reponsibility of your Entra ID registration. so only one user account should be allowed access.
A DeviantArt account cannot be used to set up the Pandacap account, but once attached to the existing account, either it or the Microsoft account it can be used to log in.
This application runs on the following Azure resources:
The web app and function app must have the appropriate IAM permissions to access the storage account (Storage Blob Data Contributor) and the key vault (Key Vault Crypto User).
Function app responsibilities:
InboxCleanup
(every day at 9:00)
InboxIngest
(every hour at :10)
OutboxCleanup
(every day at 8:00)
SendOutbound
(every ten minutes)
This version of Pandacap uses Entra ID as the primary authentication and authorization method. To set up:
https://localhost:7206/signin-microsoft
AuthorizationEndpoint
)TokenEndpoint
)Application settings (for both the function app and the web app):
Name | Purpose |
---|---|
ActivityPubUsername | Username to use for ActivityPub and on the home page |
ApplicationHostname | Public hostname of the app |
CosmosDBAccountEndpoint | URL of the database |
CosmosDBAccountKey | Database key |
DeviantArtClientId | OAuth client ID from DeviantArt |
DeviantArtClientSecret | OAuth secret from DeviantArt |
KeyVaultHostname | Key vault hostname |
Application settings (for the web app only):
Name | Purpose |
---|---|
Authentication:Microsoft:TenantId | Tenant ID of your Entra (AAD) directory |
Authentication:Microsoft:ClientId | Application (client) ID of the app registration you've created in Entra |
Authentication:Microsoft:ClientSecret | A client secret generated for the app registration |
The CosmosDBAccountKey is optional; without it, Pandacap will try to connect to Cosmos DB using Entra authentication, which can lead to slower performance. See Crowmask for an example of how to set that up.
Function app local.settings.json
example:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "UseDevelopmentStorage=true",
"FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
"ApplicationHostname": "example.azurewebsites.net",
"CosmosDBAccountEndpoint": "https://example-cosmos.documents.azure.com:443/",
"CosmosDBAccountKey": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000==",
"DeviantArtClientId": "12345",
"DeviantArtClientSecret": "00000000000000000000000000000000",
"DeviantArtUsername": "example",
"KeyVaultHostname": "example-kv.vault.azure.net"
}
}
Web app local.settings.json
example:
{
"ApplicationHostname": "example.azurewebsites.net",
"CosmosDBAccountEndpoint": "https://example-cosmos.documents.azure.com:443/",
"CosmosDBAccountKey": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000==",
"DeviantArtClientId": "12345",
"DeviantArtClientSecret": "00000000000000000000000000000000",
"DeviantArtUsername": "example",
"KeyVaultHostname": "example-kv.vault.azure.net"
}
The key vault is for a single encryption key called activitypub
that is used
to sign ActivityPub requests.