Closed Nothing4You closed 5 months ago
if signature validation is implemented, the public key of the expected instance could be passed as env var to ensure it's originating from the correct source
https://www.w3.org/TR/activitypub/#server-to-server-interactions
POST
requests (eg. to the inbox) MUST be made with a Content-Type ofapplication/ld+json; profile="https://www.w3.org/ns/activitystreams"
[…]. Servers SHOULD interpret a Content-Type […] ofapplication/activity+json
as equivalent toapplication/ld+json; profile="https://www.w3.org/ns/activitystreams"
for server-to-server interactions.
https://www.w3.org/TR/activitypub/#server-to-server-interactions
An Activity sent over the network SHOULD have an
id
, unless it is intended to be transient (in which case it MAY omit theid
).
I don't believe Lemmy is currently able to send activities without ID, although this should be double checked. If Lemmy doesn't need this, this should just be documented to reject activities that don't have an ID. We could return a 5xx status code if it's valid JSON without id to at least have the sender (if they are able to retry activities) not drop the activity.
If I understand the activitypub-federation-rust code right, all activities are expected to have an id:
if signature validation is implemented, the public key of the expected instance could be passed as env var to ensure it's originating from the correct source
this is not actually that easy, as the signer could be either the instance itself or any of the actors on it, such as a user or community, in which case a different keypair would be used.
I will ignore signature validation for now in favor of IP whitelisting
we can borrow parts of the validation logic from https://github.com/LemmyNet/activitypub-federation-rust/
this would need to be verified at the very least:
it should be checked if there are scenarios where lemmy will throw a 5xx status for bad data, as that could fully block the federation queue.
this might be nice to have, but it adds quite a bit of complexity: