mirror of
1
Fork 0

update adr lining out a second option

This commit is contained in:
Michael Jerger 2023-12-20 09:33:29 +01:00
parent 4d1492831d
commit 65e3f1d0ed
3 changed files with 93 additions and 36 deletions

View File

@ -0,0 +1,92 @@
# Activity for federated star action
## Status
Still in dsicussion
## Context
While implementing the star activity we have to take several decissions which will impcat all other activities. Due to this relevance we will discuss decission with as many federation contributors as posible.
## Decision
tbd
## Choices
### 1. Star Activity derived from AP Like with additional source information
```edn
# edn notation
{@context [
"as": "https://www.w3.org/ns/activitystreams#",
"forge": "https://forgefed.org/ns#",],
::as/id "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
::as/type "Star",
::forge/source "forgejo",
::as/actor "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
::as/object "https://codeberg.org/api/v1/activitypub/repository-id/12"
}
```
```json
# json notation
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
"type": "Star",
"source": "forgejo",
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
"object": "https://codeberg.org/api/v1/activitypub/repository-id/1",
"startTime": "2014-12-31T23:00:00-08:00",
}
```
This way of expressing stars will have the following features:
1. Actor & object may be dereferenced by (ap-)api
2. The activity can be referenced itself (e.g. in order to express a result of the triggered action)
3. Star is a special case of a Like. Star only happens in ForgeFed context. Different things should be named differnt ...
4. With the `source` given it would be more easy to distinguish the uri layout for object and actor id's and make implementation more straight forward
1. The `source` field reflects the software sending an activity. Values of may be forgejo, gitlab, ...
2. Knowing the sending system will it make easier to interact with:
1. We know exactly how the actor can be derefernced - names maybe filled & used different (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/routers/api/v1/activitypub/repository.go#L180)
2. We know how we can validate the given references - valid uris will be different in details (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/models/forgefed/actor.go#L121)
5. startTime protects against The Reply Attack discussed in [threat-analysis] [threat-analysis]
### 2. Like Activity while source information comes from NodeInfo
```json
# NodeInfo
{
"version": "2.1",
"software": {
"name": "gitea",
"version": "1.20.0+dev-2539-g5840cc6d3",
},
"protocols": [
"activitypub"
],
}
# Like Activity
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
"type": "Like",
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
"object": "https://codeberg.org/api/v1/activitypub/repository-id/1",
"startTime": "2014-12-31T23:00:00-08:00"
}
```
This way of expressing stars will have the following features:
1. Actor & object may be dereferenced by (ap-)api
2. The activity can be referenced itself (e.g. in order to express a result of the triggered action)
3. With NodeInfo given it would be more easy to distinguish the uri layout for object and actor id's and make implementation more straight forward
1. The NodeInfo field reflects the software & version sending an activity. Values of may be gitea, forgejo, gitlab, ...
2. Knowing the sending system will it make easier to interact with:
1. We know exactly how the actor can be derefernced - names maybe filled & used different (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/routers/api/v1/activitypub/repository.go#L180)
2. We know how we can validate the given references - valid uris will be different in details (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/models/forgefed/actor.go#L121)
4. startTime protects against The Reply Attack discussed in [threat-analysis] [threat-analysis]
## See also
1. [spec in clojure]: https://repo.prod.meissa.de/meissa/activity-pub-poc/src/branch/forgefed_star/src/test/cljc/org/domaindrivenarchitecture/fed_poc/forgefed_test.cljc#L36-L41
2. [threat-analysis]: threat_analysis_star_activity.md

View File

@ -1,35 +0,0 @@
```
# edn notation
{@context [
"as": "https://www.w3.org/ns/activitystreams#",
"forge": "https://forgefed.org/ns#",],
::as/id "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
::as/type "Star",
::forge/source "forgejo",
::as/actor "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
::as/object "https://codeberg.org/api/v1/activitypub/repository-id/12"
}
# json notation
{"id": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12345",
"type": "Star",
"source": "forgejo",
"actor": "https://repo.prod.meissa.de/api/v1/activitypub/user-id/1",
"object": "https://codeberg.org/api/v1/activitypub/repository-id/1"
}
```
This way of expressing stars will have the following features:
1. Actor & object may be dereferenced by (ap-)api
2. The activity can be referenced itself (e.g. in order to express a result of the triggered action)
3. Star is a special case of a Like. Star only happens in ForgeFed context. Different things should be named differnt ...
4. With the `source` given it would be more easy to distinguish the uri layout for object and actor id's and make implementation more straight forward
1. The `source` field reflects the software sending an activity. Values of may be forgejo, gitlab, ...
2. Knowing the sending system will it make easier to interact with:
1. We know exactly how the actor can be derefernced (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/models/forgefed/actor.go#L121)
2. We know how we can validate the given references (see: https://codeberg.org/meissa/forgejo/src/commit/7cac9806f8247963b1cdce3f2c5f5d1bc3763fbe/routers/api/v1/activitypub/repository.go#L180)
See also:
1. [spec in clojure]: https://repo.prod.meissa.de/meissa/activity-pub-poc/src/branch/forgefed_star/src/test/cljc/org/domaindrivenarchitecture/fed_poc/forgefed_test.cljc#L36-L41

View File

@ -89,7 +89,7 @@ flowchart TD
1. Validate object uri in order to send only requests to well defined endpoints. 1. Validate object uri in order to send only requests to well defined endpoints.
2. giteas global SQL injection protection. TODO: verify if there is one. 2. giteas global SQL injection protection. TODO: verify if there is one.
3. We accept only signed Activities 3. We accept only signed Activities
4. We accept only activities having a timestamp & remember the last executed activity timestamp. 4. We accept only activities having an startTime & remember the last executed activity startTime.
5. We introduce (or have) rate limiting per IP. 5. We introduce (or have) rate limiting per IP.
6. We ensure, that outgoing HTTP requests have a reasonable timeout (if you didn't get that 500b JSON response after 10 seconds, you probably won't get it). 6. We ensure, that outgoing HTTP requests have a reasonable timeout (if you didn't get that 500b JSON response after 10 seconds, you probably won't get it).