Follows and relationships (#27)

* Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions.
2021-05-21 15:48:26 +02:00 · 2021-05-21 15:48:26 +02:00 · d839f27c30
parent dc06e71b76
commit d839f27c30
54 changed files with 2260 additions and 299 deletions
--- a/PROGRESS.md
+++ b/PROGRESS.md
@ -17,12 +17,12 @@
    * [x] /api/v1/accounts/:id GET                          (Get account information)
    * [x] /api/v1/accounts/:id/statuses GET                 (Get an account's statuses)
    * [x] /api/v1/accounts/:id/followers GET                (Get an account's followers)
-    * [ ] /api/v1/accounts/:id/following GET                (Get an account's following)
+    * [x] /api/v1/accounts/:id/following GET                (Get an account's following)
    * [ ] /api/v1/accounts/:id/featured_tags GET            (Get an account's featured tags)
    * [ ] /api/v1/accounts/:id/lists GET                    (Get lists containing this account)
    * [ ] /api/v1/accounts/:id/identity_proofs GET          (Get identity proofs for this account)
-    * [ ] /api/v1/accounts/:id/follow POST                  (Follow this account)
+    * [x] /api/v1/accounts/:id/follow POST                  (Follow this account)
-    * [ ] /api/v1/accounts/:id/unfollow POST                (Unfollow this account)
+    * [x] /api/v1/accounts/:id/unfollow POST                (Unfollow this account)
    * [ ] /api/v1/accounts/:id/block POST                   (Block this account)
    * [ ] /api/v1/accounts/:id/unblock POST                 (Unblock this account)
    * [ ] /api/v1/accounts/:id/mute POST                    (Mute this account)
@ -30,7 +30,7 @@
    * [ ] /api/v1/accounts/:id/pin POST                     (Feature this account on profile)
    * [ ] /api/v1/accounts/:id/unpin POST                   (Remove this account from profile)
    * [ ] /api/v1/accounts/:id/note POST                    (Make a personal note about this account)
-    * [ ] /api/v1/accounts/relationships GET                (Check relationships with accounts)
+    * [x] /api/v1/accounts/relationships GET                (Check relationships with accounts)
    * [ ] /api/v1/accounts/search GET                       (Search for an account)
  * [ ] Bookmarks
    * [ ] /api/v1/bookmarks GET                             (See bookmarked statuses)
@ -177,6 +177,7 @@
    * [ ] 'Greedy' federation
    * [ ] No federation (insulate this instance from the Fediverse)
      * [ ] Allowlist
  * [x] Secure HTTP signatures (creation and validation)
 * [ ] Storage
  * [x] Internal/statuses/preferences etc
    * [x] Postgres interface
--- a/internal/api/client/account/account.go
+++ b/internal/api/client/account/account.go
@ -57,6 +57,14 @@ const (
 	GetStatusesPath = BasePathWithID + "/statuses"
 	// GetFollowersPath is for showing an account's followers
 	GetFollowersPath = BasePathWithID + "/followers"
 	// GetFollowingPath is for showing account's that an account follows.
 	GetFollowingPath = BasePathWithID + "/following"
 	// GetRelationshipsPath is for showing an account's relationship with other accounts
 	GetRelationshipsPath = BasePath + "/relationships"
 	// FollowPath is for POSTing new follows to, and updating existing follows
 	PostFollowPath = BasePathWithID + "/follow"
 	// PostUnfollowPath is for POSTing an unfollow
 	PostUnfollowPath = BasePathWithID + "/unfollow"
 )
 // Module implements the ClientAPIModule interface for account-related actions
@ -82,6 +90,10 @@ func (m *Module) Route(r router.Router) error {
 	r.AttachHandler(http.MethodPatch, BasePathWithID, m.muxHandler)
 	r.AttachHandler(http.MethodGet, GetStatusesPath, m.AccountStatusesGETHandler)
 	r.AttachHandler(http.MethodGet, GetFollowersPath, m.AccountFollowersGETHandler)
 	r.AttachHandler(http.MethodGet, GetFollowingPath, m.AccountFollowingGETHandler)
 	r.AttachHandler(http.MethodGet, GetRelationshipsPath, m.AccountRelationshipsGETHandler)
 	r.AttachHandler(http.MethodPost, PostFollowPath, m.AccountFollowPOSTHandler)
 	r.AttachHandler(http.MethodPost, PostUnfollowPath, m.AccountUnfollowPOSTHandler)
 	return nil
 }
--- a/internal/api/client/account/follow.go
+++ b/internal/api/client/account/follow.go
@ -0,0 +1,56 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package account
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 // AccountFollowPOSTHandler is the endpoint for creating a new follow request to the target account
 func (m *Module) AccountFollowPOSTHandler(c *gin.Context) {
 	authed, err := oauth.Authed(c, true, true, true, true)
 	if err != nil {
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
 		return
 	}
 	targetAcctID := c.Param(IDKey)
 	if targetAcctID == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"})
 		return
 	}
 	form := &model.AccountFollowRequest{}
 	if err := c.ShouldBind(form); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
 	form.TargetAccountID = targetAcctID
 	relationship, errWithCode := m.processor.AccountFollowCreate(authed, form)
 	if errWithCode != nil {
 		c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 		return
 	}
 	c.JSON(http.StatusOK, relationship)
 }
--- a/internal/api/client/account/following.go
+++ b/internal/api/client/account/following.go
@ -0,0 +1,49 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package account
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 // AccountFollowersGETHandler serves the followers of the requested account, if they're visible to the requester.
 func (m *Module) AccountFollowingGETHandler(c *gin.Context) {
 	authed, err := oauth.Authed(c, true, true, true, true)
 	if err != nil {
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
 		return
 	}
 	targetAcctID := c.Param(IDKey)
 	if targetAcctID == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"})
 		return
 	}
 	following, errWithCode := m.processor.AccountFollowingGet(authed, targetAcctID)
 	if errWithCode != nil {
 		c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 		return
 	}
 	c.JSON(http.StatusOK, following)
 }
--- a/internal/api/client/account/relationships.go
+++ b/internal/api/client/account/relationships.go
@ -0,0 +1,46 @@
 package account
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 // AccountRelationshipsGETHandler serves the relationship of the requesting account with one or more requested account IDs.
 func (m *Module) AccountRelationshipsGETHandler(c *gin.Context) {
 	l := m.log.WithField("func", "AccountRelationshipsGETHandler")
 	authed, err := oauth.Authed(c, true, true, true, true)
 	if err != nil {
 		l.Debugf("error authing: %s", err)
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
 		return
 	}
 	targetAccountIDs := c.QueryArray("id[]")
 	if len(targetAccountIDs) == 0 {
 		// check fallback -- let's be generous and see if maybe it's just set as 'id'?
 		id := c.Query("id")
 		if id == "" {
 			l.Debug("no account id specified in query")
 			c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"})
 			return
 		}
 		targetAccountIDs = append(targetAccountIDs, id)
 	}
 	relationships := []model.Relationship{}
 	for _, targetAccountID := range targetAccountIDs {
 		r, errWithCode := m.processor.AccountRelationshipGet(authed, targetAccountID)
 		if err != nil {
 			c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 			return
 		}
 		relationships = append(relationships, *r)
 	}
 	c.JSON(http.StatusOK, relationships)
 }
--- a/internal/api/client/account/unfollow.go
+++ b/internal/api/client/account/unfollow.go
@ -0,0 +1,53 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package account
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 // AccountUnfollowPOSTHandler is the endpoint for removing a follow and/or follow request to the target account
 func (m *Module) AccountUnfollowPOSTHandler(c *gin.Context) {
 	l := m.log.WithField("func", "AccountUnfollowPOSTHandler")
 	authed, err := oauth.Authed(c, true, true, true, true)
 	if err != nil {
 		l.Debug(err)
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
 		return
 	}
 	targetAcctID := c.Param(IDKey)
 	if targetAcctID == "" {
 		l.Debug(err)
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"})
 		return
 	}
 	relationship, errWithCode := m.processor.AccountFollowRemove(authed, targetAcctID)
 	if errWithCode != nil {
 		l.Debug(errWithCode.Error())
 		c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 		return
 	}
 	c.JSON(http.StatusOK, relationship)
 }
--- a/internal/api/client/auth/authorize.go
+++ b/internal/api/client/auth/authorize.go
@ -28,6 +28,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
@ -60,7 +61,7 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) {
 	app := &gtsmodel.Application{
 		ClientID: clientID,
 	}
-	if err := m.db.GetWhere("client_id", app.ClientID, app); err != nil {
+	if err := m.db.GetWhere([]db.Where{{Key: "client_id", Value: app.ClientID}}, app); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("no application found for client id %s", clientID)})
 		return
 	}
--- a/internal/api/client/auth/middleware.go
+++ b/internal/api/client/auth/middleware.go
@ -20,6 +20,7 @@ package auth
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
@ -68,7 +69,7 @@ func (m *Module) OauthTokenMiddleware(c *gin.Context) {
 	if cid := ti.GetClientID(); cid != "" {
 		l.Tracef("authenticated client %s with bearer token, scope is %s", cid, ti.GetScope())
 		app := &gtsmodel.Application{}
-		if err := m.db.GetWhere("client_id", cid, app); err != nil {
+		if err := m.db.GetWhere([]db.Where{{Key: "client_id",Value: cid}}, app); err != nil {
 			l.Tracef("no app found for client %s", cid)
 		}
 		c.Set(oauth.SessionAuthorizedApplication, app)
--- a/internal/api/client/auth/signin.go
+++ b/internal/api/client/auth/signin.go
@ -24,6 +24,7 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"golang.org/x/crypto/bcrypt"
 )
@ -87,7 +88,7 @@ func (m *Module) ValidatePassword(email string, password string) (userid string,
 	// first we select the user from the database based on email address, bail if no user found for that email
 	gtsUser := &gtsmodel.User{}
-	if err := m.db.GetWhere("email", email, gtsUser); err != nil {
+	if err := m.db.GetWhere([]db.Where{{Key: "email", Value: email}}, gtsUser); err != nil {
 		l.Debugf("user %s was not retrievable from db during oauth authorization attempt: %s", email, err)
 		return incorrectPassword()
 	}
--- a/internal/api/client/followrequest/accept.go
+++ b/internal/api/client/followrequest/accept.go
@ -48,10 +48,11 @@ func (m *Module) FollowRequestAcceptPOSTHandler(c *gin.Context) {
 		return
 	}
-	if errWithCode := m.processor.FollowRequestAccept(authed, originAccountID); errWithCode != nil {
+	r, errWithCode := m.processor.FollowRequestAccept(authed, originAccountID)
 	if errWithCode != nil {
 		l.Debug(errWithCode.Error())
 		c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 		return
 	}
-	c.Status(http.StatusOK)
+	c.JSON(http.StatusOK, r)
 }
--- a/internal/api/client/status/statuscreate_test.go
+++ b/internal/api/client/status/statuscreate_test.go
@ -32,6 +32,7 @@ import (
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/api/client/status"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/testrig"
@ -118,7 +119,7 @@ func (suite *StatusCreateTestSuite) TestPostNewStatus() {
 	}, statusReply.Tags[0])
 	gtsTag := &gtsmodel.Tag{}
-	err = suite.db.GetWhere("name", "helloworld", gtsTag)
+	err = suite.db.GetWhere([]db.Where{{Key: "name", Value: "helloworld"}}, gtsTag)
 	assert.NoError(suite.T(), err)
 	assert.Equal(suite.T(), statusReply.Account.ID, gtsTag.FirstSeenFromAccountID)
 }
--- a/internal/api/model/account.go
+++ b/internal/api/model/account.go
@ -77,18 +77,18 @@ type Account struct {
 // See https://docs.joinmastodon.org/methods/accounts/
 type AccountCreateRequest struct {
 	// Text that will be reviewed by moderators if registrations require manual approval.
-	Reason string `form:"reason"`
+	Reason string `form:"reason" json:"reason" xml:"reason"`
 	// The desired username for the account
-	Username string `form:"username" binding:"required"`
+	Username string `form:"username" json:"username" xml:"username" binding:"required"`
 	// The email address to be used for login
-	Email string `form:"email" binding:"required"`
+	Email string `form:"email" json:"email" xml:"email" binding:"required"`
 	// The password to be used for login
-	Password string `form:"password" binding:"required"`
+	Password string `form:"password" json:"password" xml:"password" binding:"required"`
 	// Whether the user agrees to the local rules, terms, and policies.
 	// These should be presented to the user in order to allow them to consent before setting this parameter to TRUE.
-	Agreement bool `form:"agreement" binding:"required"`
+	Agreement bool `form:"agreement"  json:"agreement" xml:"agreement" binding:"required"`
 	// The language of the confirmation email that will be sent
-	Locale string `form:"locale" binding:"required"`
+	Locale string `form:"locale" json:"locale" xml:"locale" binding:"required"`
 	// The IP of the sign up request, will not be parsed from the form but must be added manually
 	IP net.IP `form:"-"`
 }
@ -97,40 +97,51 @@ type AccountCreateRequest struct {
 // See https://docs.joinmastodon.org/methods/accounts/
 type UpdateCredentialsRequest struct {
 	// Whether the account should be shown in the profile directory.
-	Discoverable *bool `form:"discoverable"`
+	Discoverable *bool `form:"discoverable" json:"discoverable" xml:"discoverable"`
 	// Whether the account has a bot flag.
-	Bot *bool `form:"bot"`
+	Bot *bool `form:"bot" json:"bot" xml:"bot"`
 	// The display name to use for the profile.
-	DisplayName *string `form:"display_name"`
+	DisplayName *string `form:"display_name" json:"display_name" xml:"display_name"`
 	// The account bio.
-	Note *string `form:"note"`
+	Note *string `form:"note" json:"note" xml:"note"`
 	// Avatar image encoded using multipart/form-data
-	Avatar *multipart.FileHeader `form:"avatar"`
+	Avatar *multipart.FileHeader `form:"avatar" json:"avatar" xml:"avatar"`
 	// Header image encoded using multipart/form-data
-	Header *multipart.FileHeader `form:"header"`
+	Header *multipart.FileHeader `form:"header" json:"header" xml:"header"`
 	// Whether manual approval of follow requests is required.
-	Locked *bool `form:"locked"`
+	Locked *bool `form:"locked" json:"locked" xml:"locked"`
 	// New Source values for this account
-	Source *UpdateSource `form:"source"`
+	Source *UpdateSource `form:"source" json:"source" xml:"source"`
 	// Profile metadata name and value
-	FieldsAttributes *[]UpdateField `form:"fields_attributes"`
+	FieldsAttributes *[]UpdateField `form:"fields_attributes" json:"fields_attributes" xml:"fields_attributes"`
 }
 // UpdateSource is to be used specifically in an UpdateCredentialsRequest.
 type UpdateSource struct {
 	// Default post privacy for authored statuses.
-	Privacy *string `form:"privacy"`
+	Privacy *string `form:"privacy" json:"privacy" xml:"privacy"`
 	// Whether to mark authored statuses as sensitive by default.
-	Sensitive *bool `form:"sensitive"`
+	Sensitive *bool `form:"sensitive" json:"sensitive" xml:"sensitive"`
 	// Default language to use for authored statuses. (ISO 6391)
-	Language *string `form:"language"`
+	Language *string `form:"language" json:"language" xml:"language"`
 }
 // UpdateField is to be used specifically in an UpdateCredentialsRequest.
 // By default, max 4 fields and 255 characters per property/value.
 type UpdateField struct {
 	// Name of the field
-	Name *string `form:"name"`
+	Name *string `form:"name" json:"name" xml:"name"`
 	// Value of the field
-	Value *string `form:"value"`
+	Value *string `form:"value" json:"value" xml:"value"`
 }
 // AccountFollowRequest is for parsing requests at /api/v1/accounts/:id/follow
 type AccountFollowRequest struct {
 	// ID of the account to follow request
 	// This should be a URL parameter not a form field
 	TargetAccountID string `form:"-"`
 	// Show reblogs for this account?
 	Reblogs *bool `form:"reblogs" json:"reblogs" xml:"reblogs"`
 	// Notify when this account posts?
 	Notify *bool `form:"notify" json:"notify" xml:"notify"`
 }
--- a/internal/api/s2s/user/followers.go
+++ b/internal/api/s2s/user/followers.go
@ -0,0 +1,58 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package user
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 )
 func (m *Module) FollowersGETHandler(c *gin.Context) {
 	l := m.log.WithFields(logrus.Fields{
 		"func": "FollowersGETHandler",
 		"url":  c.Request.RequestURI,
 	})
 	requestedUsername := c.Param(UsernameKey)
 	if requestedUsername == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no username specified in request"})
 		return
 	}
 	// make sure this actually an AP request
 	format := c.NegotiateFormat(ActivityPubAcceptHeaders...)
 	if format == "" {
 		c.JSON(http.StatusNotAcceptable, gin.H{"error": "could not negotiate format with given Accept header(s)"})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
 	// make a copy of the context to pass along so we don't break anything
 	cp := c.Copy()
 	user, err := m.processor.GetFediFollowers(requestedUsername, cp.Request) // GetFediUser handles auth as well
 	if err != nil {
 		l.Info(err.Error())
 		c.JSON(err.Code(), gin.H{"error": err.Safe()})
 		return
 	}
 	c.JSON(http.StatusOK, user)
 }
--- a/internal/api/s2s/user/statusget.go
+++ b/internal/api/s2s/user/statusget.go
@ -0,0 +1,46 @@
 package user
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 )
 func (m *Module) StatusGETHandler(c *gin.Context) {
 	l := m.log.WithFields(logrus.Fields{
 		"func": "StatusGETHandler",
 		"url":  c.Request.RequestURI,
 	})
 	requestedUsername := c.Param(UsernameKey)
 	if requestedUsername == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no username specified in request"})
 		return
 	}
 	requestedStatusID := c.Param(StatusIDKey)
 	if requestedStatusID == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id specified in request"})
 		return
 	}
 	// make sure this actually an AP request
 	format := c.NegotiateFormat(ActivityPubAcceptHeaders...)
 	if format == "" {
 		c.JSON(http.StatusNotAcceptable, gin.H{"error": "could not negotiate format with given Accept header(s)"})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
 	// make a copy of the context to pass along so we don't break anything
 	cp := c.Copy()
 	status, err := m.processor.GetFediStatus(requestedUsername, requestedStatusID, cp.Request) // handles auth as well
 	if err != nil {
 		l.Info(err.Error())
 		c.JSON(err.Code(), gin.H{"error": err.Safe()})
 		return
 	}
 	c.JSON(http.StatusOK, status)
 }
--- a/internal/api/s2s/user/user.go
+++ b/internal/api/s2s/user/user.go
@ -32,6 +32,8 @@ import (
 const (
 	// UsernameKey is for account usernames.
 	UsernameKey = "username"
 	// StatusIDKey is for status IDs
 	StatusIDKey = "status"
 	// UsersBasePath is the base path for serving information about Users eg https://example.org/users
 	UsersBasePath = "/" + util.UsersPath
 	// UsersBasePathWithUsername is just the users base path with the Username key in it.
@ -40,6 +42,10 @@ const (
 	UsersBasePathWithUsername = UsersBasePath + "/:" + UsernameKey
 	// UsersInboxPath is for serving POST requests to a user's inbox with the given username key.
 	UsersInboxPath = UsersBasePathWithUsername + "/" + util.InboxPath
 	// UsersFollowersPath is for serving GET request's to a user's followers list, with the given username key.
 	UsersFollowersPath = UsersBasePathWithUsername + "/" + util.FollowersPath
 	// UsersStatusPath is for serving GET requests to a particular status by a user, with the given username key and status ID
 	UsersStatusPath = UsersBasePathWithUsername + "/" + util.StatusesPath + "/:" + StatusIDKey
 )
 // ActivityPubAcceptHeaders represents the Accept headers mentioned here:
@ -69,5 +75,7 @@ func New(config *config.Config, processor message.Processor, log *logrus.Logger)
 func (m *Module) Route(s router.Router) error {
 	s.AttachHandler(http.MethodGet, UsersBasePathWithUsername, m.UsersGETHandler)
 	s.AttachHandler(http.MethodPost, UsersInboxPath, m.InboxPOSTHandler)
 	s.AttachHandler(http.MethodGet, UsersFollowersPath, m.FollowersGETHandler)
 	s.AttachHandler(http.MethodGet, UsersStatusPath, m.StatusGETHandler)
 	return nil
 }
--- a/internal/api/security/security.go
+++ b/internal/api/security/security.go
@ -43,5 +43,6 @@ func New(config *config.Config, log *logrus.Logger) api.ClientModule {
 func (m *Module) Route(s router.Router) error {
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)
 	s.AttachMiddleware(m.UserAgentBlock)
 	return nil
 }
--- a/internal/api/security/useragentblock.go
+++ b/internal/api/security/useragentblock.go
@ -0,0 +1,43 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package security
 import (
 	"net/http"
 	"strings"
 	"github.com/gin-gonic/gin"
 )
 // UserAgentBlock is a middleware that prevents google chrome cohort tracking by
 // writing the Permissions-Policy header after all other parts of the request have been completed.
 // See: https://plausible.io/blog/google-floc
 func (m *Module) UserAgentBlock(c *gin.Context) {
 	ua := c.Request.UserAgent()
 	if ua == "" {
 		c.AbortWithStatus(http.StatusTeapot)
 		return
 	}
 	if strings.Contains(strings.ToLower(c.Request.UserAgent()), strings.ToLower("friendica")) {
 		c.AbortWithStatus(http.StatusTeapot)
 		return
 	}
 }
--- a/internal/db/db.go
+++ b/internal/db/db.go
@ -22,7 +22,6 @@ import (
 	"context"
 	"net"
 	"github.com/go-fed/activity/pub"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
@ -33,18 +32,28 @@ const (
 // ErrNoEntries is to be returned from the DB interface when no entries are found for a given query.
 type ErrNoEntries struct{}
 func (e ErrNoEntries) Error() string {
 	return "no entries"
 }
 // ErrAlreadyExists is to be returned from the DB interface when an entry already exists for a given query or its constraints.
 type ErrAlreadyExists struct{}
 func (e ErrAlreadyExists) Error() string {
 	return "already exists"
 }
 type Where struct {
 	Key string
 	Value interface{}
 }
 // DB provides methods for interacting with an underlying database or other storage mechanism (for now, just postgres).
 // Note that in all of the functions below, the passed interface should be a pointer or a slice, which will then be populated
 // by whatever is returned from the database.
 type DB interface {
 	// Federation returns an interface that's compatible with go-fed, for performing federation storage/retrieval functions.
 	// See: https://pkg.go.dev/github.com/go-fed/activity@v1.0.0/pub?utm_source=gopls#Database
-	Federation() pub.Database
+	// Federation() federatingdb.FederatingDB
 	/*
 		BASIC DB FUNCTIONALITY
@ -75,7 +84,7 @@ type DB interface {
 	// name of the key to select from.
 	// The given interface i will be set to the result of the query, whatever it is. Use a pointer or a slice.
 	// In case of no entries, a 'no entries' error will be returned
-	GetWhere(key string, value interface{}, i interface{}) error
+	GetWhere(where []Where, i interface{}) error
 	// // GetWhereMany gets one entry where key = value for *ALL* parameters passed as "where".
 	// // That is, if you pass 2 'where' entries, with 1 being Key username and Value test, and the second
@ -109,7 +118,7 @@ type DB interface {
 	// DeleteWhere deletes i where key = value
 	// If i didn't exist anyway, then no error should be returned.
-	DeleteWhere(key string, value interface{}, i interface{}) error
+	DeleteWhere(where []Where, i interface{}) error
 	/*
 		HANDY SHORTCUTS
@ -117,7 +126,9 @@ type DB interface {
 	// AcceptFollowRequest moves a follow request in the database from the follow_requests table to the follows table.
 	// In other words, it should create the follow, and delete the existing follow request.
-	AcceptFollowRequest(originAccountID string, targetAccountID string) error
+	//
 	// It will return the newly created follow for further processing.
 	AcceptFollowRequest(originAccountID string, targetAccountID string) (*gtsmodel.Follow, error)
 	// CreateInstanceAccount creates an account in the database with the same username as the instance host value.
 	// Ie., if the instance is hosted at 'example.org' the instance user will have a username of 'example.org'.
@ -204,6 +215,9 @@ type DB interface {
 	// That is, it returns true if account1 blocks account2, OR if account2 blocks account1.
 	Blocked(account1 string, account2 string) (bool, error)
 	// GetRelationship retrieves the relationship of the targetAccount to the requestingAccount.
 	GetRelationship(requestingAccount string, targetAccount string) (*gtsmodel.Relationship, error)
 	// StatusVisible returns true if targetStatus is visible to requestingAccount, based on the
 	// privacy settings of the status, and any blocks/mutes that might exist between the two accounts
 	// or account domains.
@ -222,6 +236,9 @@ type DB interface {
 	// Follows returns true if sourceAccount follows target account, or an error if something goes wrong while finding out.
 	Follows(sourceAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) (bool, error)
 	// FollowRequested returns true if sourceAccount has requested to follow target account, or an error if something goes wrong while finding out.
 	FollowRequested(sourceAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) (bool, error)
 	// Mutuals returns true if account1 and account2 both follow each other, or an error if something goes wrong while finding out.
 	Mutuals(account1 *gtsmodel.Account, account2 *gtsmodel.Account) (bool, error)
--- a/internal/db/pg/pg.go
+++ b/internal/db/pg/pg.go
@ -30,7 +30,6 @@ import (
 	"strings"
 	"time"
 	"github.com/go-fed/activity/pub"
 	"github.com/go-pg/pg/extra/pgdebug"
 	"github.com/go-pg/pg/v10"
 	"github.com/go-pg/pg/v10/orm"
@ -38,7 +37,6 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"golang.org/x/crypto/bcrypt"
@ -46,11 +44,11 @@ import (
 // postgresService satisfies the DB interface
 type postgresService struct {
-	config       *config.Config
+	config *config.Config
-	conn         *pg.DB
+	conn   *pg.DB
-	log          *logrus.Logger
+	log    *logrus.Logger
-	cancel       context.CancelFunc
+	cancel context.CancelFunc
-	federationDB pub.Database
+	// federationDB pub.Database
 }
 // NewPostgresService returns a postgresService derived from the provided config, which implements the go-fed DB interface.
@ -97,9 +95,6 @@ func NewPostgresService(ctx context.Context, c *config.Config, log *logrus.Logge
 		cancel: cancel,
 	}
 	federatingDB := federation.NewFederatingDB(ps, c, log)
 	ps.federationDB = federatingDB
 	// we can confidently return this useable postgres service now
 	return ps, nil
 }
@ -159,14 +154,6 @@ func derivePGOptions(c *config.Config) (*pg.Options, error) {
 	return options, nil
 }
 /*
 	FEDERATION FUNCTIONALITY
 */
 func (ps *postgresService) Federation() pub.Database {
 	return ps.federationDB
 }
 /*
 	BASIC DB FUNCTIONALITY
 */
@ -229,8 +216,17 @@ func (ps *postgresService) GetByID(id string, i interface{}) error {
 	return nil
 }
-func (ps *postgresService) GetWhere(key string, value interface{}, i interface{}) error {
+func (ps *postgresService) GetWhere(where []db.Where, i interface{}) error {
-	if err := ps.conn.Model(i).Where("? = ?", pg.Safe(key), value).Select(); err != nil {
+	if len(where) == 0 {
 		return errors.New("no queries provided")
 	}
 	q := ps.conn.Model(i)
 	for _, w := range where {
 		q = q.Where("? = ?", pg.Safe(w.Key), w.Value)
 	}
 	if err := q.Select(); err != nil {
 		if err == pg.ErrNoRows {
 			return db.ErrNoEntries{}
 		}
@ -255,6 +251,9 @@ func (ps *postgresService) GetAll(i interface{}) error {
 func (ps *postgresService) Put(i interface{}) error {
 	_, err := ps.conn.Model(i).Insert(i)
 	if err != nil && strings.Contains(err.Error(), "duplicate key value violates unique constraint") {
 		return db.ErrAlreadyExists{}
 	}
 	return err
 }
@ -285,20 +284,31 @@ func (ps *postgresService) UpdateOneByID(id string, key string, value interface{
 func (ps *postgresService) DeleteByID(id string, i interface{}) error {
 	if _, err := ps.conn.Model(i).Where("id = ?", id).Delete(); err != nil {
-		if err == pg.ErrNoRows {
+		// if there are no rows *anyway* then that's fine
-			return db.ErrNoEntries{}
+		// just return err if there's an actual error
 		if err != pg.ErrNoRows {
 			return err
 		}
 		return err
 	}
 	return nil
 }
-func (ps *postgresService) DeleteWhere(key string, value interface{}, i interface{}) error {
+func (ps *postgresService) DeleteWhere(where []db.Where, i interface{}) error {
-	if _, err := ps.conn.Model(i).Where("? = ?", pg.Safe(key), value).Delete(); err != nil {
+	if len(where) == 0 {
-		if err == pg.ErrNoRows {
+		return errors.New("no queries provided")
-			return db.ErrNoEntries{}
+	}
 	q := ps.conn.Model(i)
 	for _, w := range where {
 		q = q.Where("? = ?", pg.Safe(w.Key), w.Value)
 	}
 	if _, err := q.Delete(); err != nil {
 		// if there are no rows *anyway* then that's fine
 		// just return err if there's an actual error
 		if err != pg.ErrNoRows {
 			return err
 		}
 		return err
 	}
 	return nil
 }
@ -307,30 +317,34 @@ func (ps *postgresService) DeleteWhere(key string, value interface{}, i interfac
 	HANDY SHORTCUTS
 */
-func (ps *postgresService) AcceptFollowRequest(originAccountID string, targetAccountID string) error {
+func (ps *postgresService) AcceptFollowRequest(originAccountID string, targetAccountID string) (*gtsmodel.Follow, error) {
 	// make sure the original follow request exists
 	fr := &gtsmodel.FollowRequest{}
 	if err := ps.conn.Model(fr).Where("account_id = ?", originAccountID).Where("target_account_id = ?", targetAccountID).Select(); err != nil {
 		if err == pg.ErrMultiRows {
-			return db.ErrNoEntries{}
+			return nil, db.ErrNoEntries{}
 		}
-		return err
+		return nil, err
 	}
 	// create a new follow to 'replace' the request with
 	follow := &gtsmodel.Follow{
 		AccountID:       originAccountID,
 		TargetAccountID: targetAccountID,
 		URI:             fr.URI,
 	}
-	if _, err := ps.conn.Model(follow).Insert(); err != nil {
+	// if the follow already exists, just update the URI -- we don't need to do anything else
-		return err
+	if _, err := ps.conn.Model(follow).OnConflict("ON CONSTRAINT follows_account_id_target_account_id_key DO UPDATE set uri = ?", follow.URI).Insert(); err != nil {
 		return nil, err
 	}
 	// now remove the follow request
 	if _, err := ps.conn.Model(&gtsmodel.FollowRequest{}).Where("account_id = ?", originAccountID).Where("target_account_id = ?", targetAccountID).Delete(); err != nil {
-		return err
+		return nil, err
 	}
-	return nil
+	return follow, nil
 }
 func (ps *postgresService) CreateInstanceAccount() error {
@ -681,6 +695,60 @@ func (ps *postgresService) Blocked(account1 string, account2 string) (bool, erro
 	return blocked, nil
 }
 func (ps *postgresService) GetRelationship(requestingAccount string, targetAccount string) (*gtsmodel.Relationship, error) {
 	r := &gtsmodel.Relationship{
 		ID: targetAccount,
 	}
 	// check if the requesting account follows the target account
 	follow := &gtsmodel.Follow{}
 	if err := ps.conn.Model(follow).Where("account_id = ?", requestingAccount).Where("target_account_id = ?", targetAccount).Select(); err != nil {
 		if err != pg.ErrNoRows {
 			// a proper error
 			return nil, fmt.Errorf("getrelationship: error checking follow existence: %s", err)
 		}
 		// no follow exists so these are all false
 		r.Following = false
 		r.ShowingReblogs = false
 		r.Notifying = false
 	} else {
 		// follow exists so we can fill these fields out...
 		r.Following = true
 		r.ShowingReblogs = follow.ShowReblogs
 		r.Notifying = follow.Notify
 	}
 	// check if the target account follows the requesting account
 	followedBy, err := ps.conn.Model(&gtsmodel.Follow{}).Where("account_id = ?", targetAccount).Where("target_account_id = ?", requestingAccount).Exists()
 	if err != nil {
 		return nil, fmt.Errorf("getrelationship: error checking followed_by existence: %s", err)
 	}
 	r.FollowedBy = followedBy
 	// check if the requesting account blocks the target account
 	blocking, err := ps.conn.Model(&gtsmodel.Block{}).Where("account_id = ?", requestingAccount).Where("target_account_id = ?", targetAccount).Exists()
 	if err != nil {
 		return nil, fmt.Errorf("getrelationship: error checking blocking existence: %s", err)
 	}
 	r.Blocking = blocking
 	// check if the target account blocks the requesting account
 	blockedBy, err := ps.conn.Model(&gtsmodel.Block{}).Where("account_id = ?", targetAccount).Where("target_account_id = ?", requestingAccount).Exists()
 	if err != nil {
 		return nil, fmt.Errorf("getrelationship: error checking blocked existence: %s", err)
 	}
 	r.BlockedBy = blockedBy
 	// check if there's a pending following request from requesting account to target account
 	requested, err := ps.conn.Model(&gtsmodel.FollowRequest{}).Where("account_id = ?", requestingAccount).Where("target_account_id = ?", targetAccount).Exists()
 	if err != nil {
 		return nil, fmt.Errorf("getrelationship: error checking blocked existence: %s", err)
 	}
 	r.Requested = requested
 	return r, nil
 }
 func (ps *postgresService) StatusVisible(targetStatus *gtsmodel.Status, targetAccount *gtsmodel.Account, requestingAccount *gtsmodel.Account, relevantAccounts *gtsmodel.RelevantAccounts) (bool, error) {
 	l := ps.log.WithField("func", "StatusVisible")
@ -853,6 +921,10 @@ func (ps *postgresService) Follows(sourceAccount *gtsmodel.Account, targetAccoun
 	return ps.conn.Model(&gtsmodel.Follow{}).Where("account_id = ?", sourceAccount.ID).Where("target_account_id = ?", targetAccount.ID).Exists()
 }
 func (ps *postgresService) FollowRequested(sourceAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) (bool, error) {
 	return ps.conn.Model(&gtsmodel.FollowRequest{}).Where("account_id = ?", sourceAccount.ID).Where("target_account_id = ?", targetAccount.ID).Exists()
 }
 func (ps *postgresService) Mutuals(account1 *gtsmodel.Account, account2 *gtsmodel.Account) (bool, error) {
 	// make sure account 1 follows account 2
 	f1, err := ps.conn.Model(&gtsmodel.Follow{}).Where("account_id = ?", account1.ID).Where("target_account_id = ?", account2.ID).Exists()
@ -1036,6 +1108,11 @@ func (ps *postgresService) WhoFavedStatus(status *gtsmodel.Status) ([]*gtsmodel.
 */
 func (ps *postgresService) MentionStringsToMentions(targetAccounts []string, originAccountID string, statusID string) ([]*gtsmodel.Mention, error) {
 	ogAccount := &gtsmodel.Account{}
 	if err := ps.conn.Model(ogAccount).Where("id = ?", originAccountID).Select(); err != nil {
 		return nil, err
 	}
 	menchies := []*gtsmodel.Mention{}
 	for _, a := range targetAccounts {
 		// A mentioned account looks like "@test@example.org" or just "@test" for a local account
@ -1093,9 +1170,13 @@ func (ps *postgresService) MentionStringsToMentions(targetAccounts []string, ori
 		// id, createdAt and updatedAt will be populated by the db, so we have everything we need!
 		menchies = append(menchies, &gtsmodel.Mention{
-			StatusID:        statusID,
+			StatusID:            statusID,
-			OriginAccountID: originAccountID,
+			OriginAccountID:     ogAccount.ID,
-			TargetAccountID: mentionedAccount.ID,
+			OriginAccountURI:    ogAccount.URI,
 			TargetAccountID:     mentionedAccount.ID,
 			NameString:          a,
 			MentionedAccountURI: mentionedAccount.URI,
 			GTSAccount:          mentionedAccount,
 		})
 	}
 	return menchies, nil
--- a/internal/federation/federating_db.go
+++ b/internal/federation/federating_db.go
@ -20,6 +20,7 @@ package federation
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/url"
@ -37,6 +38,12 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 type FederatingDB interface {
 	pub.Database
 	Undo(ctx context.Context, undo vocab.ActivityStreamsUndo) error
 	Accept(ctx context.Context, accept vocab.ActivityStreamsAccept) error
 }
 // FederatingDB uses the underlying DB interface to implement the go-fed pub.Database interface.
 // It doesn't care what the underlying implementation of the DB interface is, as long as it works.
 type federatingDB struct {
@ -47,8 +54,8 @@ type federatingDB struct {
 	typeConverter typeutils.TypeConverter
 }
-// NewFederatingDB returns a pub.Database interface using the given database, config, and logger.
+// NewFederatingDB returns a FederatingDB interface using the given database, config, and logger.
-func NewFederatingDB(db db.DB, config *config.Config, log *logrus.Logger) pub.Database {
+func NewFederatingDB(db db.DB, config *config.Config, log *logrus.Logger) FederatingDB {
 	return &federatingDB{
 		locks:         new(sync.Map),
 		db:            db,
@ -204,7 +211,7 @@ func (f *federatingDB) Owns(c context.Context, id *url.URL) (bool, error) {
 		if err != nil {
 			return false, fmt.Errorf("error parsing statuses path for url %s: %s", id.String(), err)
 		}
-		if err := f.db.GetWhere("uri", uid, &gtsmodel.Status{}); err != nil {
+		if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: uid}}, &gtsmodel.Status{}); err != nil {
 			if _, ok := err.(db.ErrNoEntries); ok {
 				// there are no entries for this status
 				return false, nil
@ -253,7 +260,7 @@ func (f *federatingDB) ActorForOutbox(c context.Context, outboxIRI *url.URL) (ac
 		return nil, fmt.Errorf("%s is not an outbox URI", outboxIRI.String())
 	}
 	acct := &gtsmodel.Account{}
-	if err := f.db.GetWhere("outbox_uri", outboxIRI.String(), acct); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "outbox_uri", Value: outboxIRI.String()}}, acct); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return nil, fmt.Errorf("no actor found that corresponds to outbox %s", outboxIRI.String())
 		}
@ -278,7 +285,7 @@ func (f *federatingDB) ActorForInbox(c context.Context, inboxIRI *url.URL) (acto
 		return nil, fmt.Errorf("%s is not an inbox URI", inboxIRI.String())
 	}
 	acct := &gtsmodel.Account{}
-	if err := f.db.GetWhere("inbox_uri", inboxIRI.String(), acct); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "inbox_uri", Value: inboxIRI.String()}}, acct); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return nil, fmt.Errorf("no actor found that corresponds to inbox %s", inboxIRI.String())
 		}
@ -304,7 +311,7 @@ func (f *federatingDB) OutboxForInbox(c context.Context, inboxIRI *url.URL) (out
 		return nil, fmt.Errorf("%s is not an inbox URI", inboxIRI.String())
 	}
 	acct := &gtsmodel.Account{}
-	if err := f.db.GetWhere("inbox_uri", inboxIRI.String(), acct); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "inbox_uri", Value: inboxIRI.String()}}, acct); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return nil, fmt.Errorf("no actor found that corresponds to inbox %s", inboxIRI.String())
 		}
@ -343,9 +350,10 @@ func (f *federatingDB) Get(c context.Context, id *url.URL) (value vocab.Type, er
 	if util.IsUserPath(id) {
 		acct := &gtsmodel.Account{}
-		if err := f.db.GetWhere("uri", id.String(), acct); err != nil {
+		if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: id.String()}}, acct); err != nil {
 			return nil, err
 		}
 		l.Debug("is user path! returning account")
 		return f.typeConverter.AccountToAS(acct)
 	}
@ -371,27 +379,40 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
 			"asType": asType.GetTypeName(),
 		},
 	)
-	l.Debugf("received CREATE asType %+v", asType)
+	m, err := streams.Serialize(asType)
 	if err != nil {
 		return err
 	}
 	b, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	l.Debugf("received CREATE asType %s", string(b))
 	targetAcctI := ctx.Value(util.APAccount)
 	if targetAcctI == nil {
 		l.Error("target account wasn't set on context")
 		return nil
 	}
 	targetAcct, ok := targetAcctI.(*gtsmodel.Account)
 	if !ok {
 		l.Error("target account was set on context but couldn't be parsed")
 		return nil
 	}
 	fromFederatorChanI := ctx.Value(util.APFromFederatorChanKey)
 	if fromFederatorChanI == nil {
 		l.Error("from federator channel wasn't set on context")
 		return nil
 	}
 	fromFederatorChan, ok := fromFederatorChanI.(chan gtsmodel.FromFederator)
 	if !ok {
 		l.Error("from federator channel was set on context but couldn't be parsed")
 		return nil
 	}
-	switch gtsmodel.ActivityStreamsActivity(asType.GetTypeName()) {
+	switch asType.GetTypeName() {
 	case gtsmodel.ActivityStreamsCreate:
 		create, ok := asType.(vocab.ActivityStreamsCreate)
 		if !ok {
@ -399,7 +420,7 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
 		}
 		object := create.GetActivityStreamsObject()
 		for objectIter := object.Begin(); objectIter != object.End(); objectIter = objectIter.Next() {
-			switch gtsmodel.ActivityStreamsObject(objectIter.GetType().GetTypeName()) {
+			switch objectIter.GetType().GetTypeName() {
 			case gtsmodel.ActivityStreamsNote:
 				note := objectIter.GetActivityStreamsNote()
 				status, err := f.typeConverter.ASStatusToStatus(note)
@ -407,13 +428,17 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
 					return fmt.Errorf("error converting note to status: %s", err)
 				}
 				if err := f.db.Put(status); err != nil {
 					if _, ok := err.(db.ErrAlreadyExists); ok {
 						return nil
 					}
 					return fmt.Errorf("database error inserting status: %s", err)
 				}
 				fromFederatorChan <- gtsmodel.FromFederator{
-					APObjectType:   gtsmodel.ActivityStreamsNote,
+					APObjectType:     gtsmodel.ActivityStreamsNote,
-					APActivityType: gtsmodel.ActivityStreamsCreate,
+					APActivityType:   gtsmodel.ActivityStreamsCreate,
-					GTSModel:       status,
+					GTSModel:         status,
 					ReceivingAccount: targetAcct,
 				}
 			}
 		}
@ -433,7 +458,7 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
 		}
 		if !targetAcct.Locked {
-			if err := f.db.AcceptFollowRequest(followRequest.AccountID, followRequest.TargetAccountID); err != nil {
+			if _, err := f.db.AcceptFollowRequest(followRequest.AccountID, followRequest.TargetAccountID); err != nil {
 				return fmt.Errorf("database error accepting follow request: %s", err)
 			}
 		}
@ -450,14 +475,87 @@ func (f *federatingDB) Create(ctx context.Context, asType vocab.Type) error {
 // the entire value.
 //
 // The library makes this call only after acquiring a lock first.
-func (f *federatingDB) Update(c context.Context, asType vocab.Type) error {
+func (f *federatingDB) Update(ctx context.Context, asType vocab.Type) error {
 	l := f.log.WithFields(
 		logrus.Fields{
 			"func":   "Update",
 			"asType": asType.GetTypeName(),
 		},
 	)
-	l.Debugf("received UPDATE asType %+v", asType)
+	m, err := streams.Serialize(asType)
 	if err != nil {
 		return err
 	}
 	b, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	l.Debugf("received UPDATE asType %s", string(b))
 	receivingAcctI := ctx.Value(util.APAccount)
 	if receivingAcctI == nil {
 		l.Error("receiving account wasn't set on context")
 	}
 	receivingAcct, ok := receivingAcctI.(*gtsmodel.Account)
 	if !ok {
 		l.Error("receiving account was set on context but couldn't be parsed")
 	}
 	fromFederatorChanI := ctx.Value(util.APFromFederatorChanKey)
 	if fromFederatorChanI == nil {
 		l.Error("from federator channel wasn't set on context")
 	}
 	fromFederatorChan, ok := fromFederatorChanI.(chan gtsmodel.FromFederator)
 	if !ok {
 		l.Error("from federator channel was set on context but couldn't be parsed")
 	}
 	switch asType.GetTypeName() {
 	case gtsmodel.ActivityStreamsUpdate:
 		update, ok := asType.(vocab.ActivityStreamsCreate)
 		if !ok {
 			return errors.New("could not convert type to create")
 		}
 		object := update.GetActivityStreamsObject()
 		for objectIter := object.Begin(); objectIter != object.End(); objectIter = objectIter.Next() {
 			switch objectIter.GetType().GetTypeName() {
 			case string(gtsmodel.ActivityStreamsPerson):
 				person := objectIter.GetActivityStreamsPerson()
 				updatedAcct, err := f.typeConverter.ASRepresentationToAccount(person)
 				if err != nil {
 					return fmt.Errorf("error converting person to account: %s", err)
 				}
 				if err := f.db.Put(updatedAcct); err != nil {
 					return fmt.Errorf("database error inserting updated account: %s", err)
 				}
 				fromFederatorChan <- gtsmodel.FromFederator{
 					APObjectType:     gtsmodel.ActivityStreamsProfile,
 					APActivityType:   gtsmodel.ActivityStreamsUpdate,
 					GTSModel:         updatedAcct,
 					ReceivingAccount: receivingAcct,
 				}
 			case string(gtsmodel.ActivityStreamsApplication):
 				application := objectIter.GetActivityStreamsApplication()
 				updatedAcct, err := f.typeConverter.ASRepresentationToAccount(application)
 				if err != nil {
 					return fmt.Errorf("error converting person to account: %s", err)
 				}
 				if err := f.db.Put(updatedAcct); err != nil {
 					return fmt.Errorf("database error inserting updated account: %s", err)
 				}
 				fromFederatorChan <- gtsmodel.FromFederator{
 					APObjectType:     gtsmodel.ActivityStreamsProfile,
 					APActivityType:   gtsmodel.ActivityStreamsUpdate,
 					GTSModel:         updatedAcct,
 					ReceivingAccount: receivingAcct,
 				}
 			}
 		}
 	}
 	return nil
 }
@ -490,7 +588,7 @@ func (f *federatingDB) GetOutbox(c context.Context, outboxIRI *url.URL) (inbox v
 	)
 	l.Debug("entering GETOUTBOX function")
-	return nil, nil
+	return streams.NewActivityStreamsOrderedCollectionPage(), nil
 }
 // SetOutbox saves the outbox value given from GetOutbox, with new items
@ -522,9 +620,60 @@ func (f *federatingDB) NewID(c context.Context, t vocab.Type) (id *url.URL, err
 			"asType": t.GetTypeName(),
 		},
 	)
-	l.Debugf("received NEWID request for asType %+v", t)
+	m, err := streams.Serialize(t)
 	if err != nil {
 		return nil, err
 	}
 	b, err := json.Marshal(m)
 	if err != nil {
 		return nil, err
 	}
 	l.Debugf("received NEWID request for asType %s", string(b))
-	return url.Parse(fmt.Sprintf("%s://%s/", f.config.Protocol, uuid.NewString()))
+	switch t.GetTypeName() {
 	case gtsmodel.ActivityStreamsFollow:
 		// FOLLOW
 		// ID might already be set on a follow we've created, so check it here and return it if it is
 		follow, ok := t.(vocab.ActivityStreamsFollow)
 		if !ok {
 			return nil, errors.New("newid: follow couldn't be parsed into vocab.ActivityStreamsFollow")
 		}
 		idProp := follow.GetJSONLDId()
 		if idProp != nil {
 			if idProp.IsIRI() {
 				return idProp.GetIRI(), nil
 			}
 		}
 		// it's not set so create one based on the actor set on the follow (ie., the followER not the followEE)
 		actorProp := follow.GetActivityStreamsActor()
 		if actorProp != nil {
 			for iter := actorProp.Begin(); iter != actorProp.End(); iter = iter.Next() {
 				// take the IRI of the first actor we can find (there should only be one)
 				if iter.IsIRI() {
 					actorAccount := &gtsmodel.Account{}
 					if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: iter.GetIRI().String()}}, actorAccount); err == nil { // if there's an error here, just use the fallback behavior -- we don't need to return an error here
 						return url.Parse(util.GenerateURIForFollow(actorAccount.Username, f.config.Protocol, f.config.Host))
 					}
 				}
 			}
 		}
 	case gtsmodel.ActivityStreamsNote:
 		// NOTE aka STATUS
 		// ID might already be set on a note we've created, so check it here and return it if it is
 		note, ok := t.(vocab.ActivityStreamsNote)
 		if !ok {
 			return nil, errors.New("newid: follow couldn't be parsed into vocab.ActivityStreamsNote")
 		}
 		idProp := note.GetJSONLDId()
 		if idProp != nil {
 			if idProp.IsIRI() {
 				return idProp.GetIRI(), nil
 			}
 		}
 	}
 	// fallback default behavior: just return a random UUID after our protocol and host
 	return url.Parse(fmt.Sprintf("%s://%s/%s", f.config.Protocol, f.config.Host, uuid.NewString()))
 }
 // Followers obtains the Followers Collection for an actor with the
@ -543,7 +692,7 @@ func (f *federatingDB) Followers(c context.Context, actorIRI *url.URL) (follower
 	l.Debugf("entering FOLLOWERS function with actorIRI %s", actorIRI.String())
 	acct := &gtsmodel.Account{}
-	if err := f.db.GetWhere("uri", actorIRI.String(), acct); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil {
 		return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err)
 	}
@ -585,7 +734,7 @@ func (f *federatingDB) Following(c context.Context, actorIRI *url.URL) (followin
 	l.Debugf("entering FOLLOWING function with actorIRI %s", actorIRI.String())
 	acct := &gtsmodel.Account{}
-	if err := f.db.GetWhere("uri", actorIRI.String(), acct); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: actorIRI.String()}}, acct); err != nil {
 		return nil, fmt.Errorf("db error getting account with uri %s: %s", actorIRI.String(), err)
 	}
@ -627,3 +776,139 @@ func (f *federatingDB) Liked(c context.Context, actorIRI *url.URL) (liked vocab.
 	l.Debugf("entering LIKED function with actorIRI %s", actorIRI.String())
 	return nil, nil
 }
 /*
 	CUSTOM FUNCTIONALITY FOR GTS
 */
 func (f *federatingDB) Undo(ctx context.Context, undo vocab.ActivityStreamsUndo) error {
 	l := f.log.WithFields(
 		logrus.Fields{
 			"func":   "Undo",
 			"asType": undo.GetTypeName(),
 		},
 	)
 	m, err := streams.Serialize(undo)
 	if err != nil {
 		return err
 	}
 	b, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	l.Debugf("received UNDO asType %s", string(b))
 	targetAcctI := ctx.Value(util.APAccount)
 	if targetAcctI == nil {
 		l.Error("UNDO: target account wasn't set on context")
 		return nil
 	}
 	targetAcct, ok := targetAcctI.(*gtsmodel.Account)
 	if !ok {
 		l.Error("UNDO: target account was set on context but couldn't be parsed")
 		return nil
 	}
 	undoObject := undo.GetActivityStreamsObject()
 	if undoObject == nil {
 		return errors.New("UNDO: no object set on vocab.ActivityStreamsUndo")
 	}
 	for iter := undoObject.Begin(); iter != undoObject.End(); iter = iter.Next() {
 		switch iter.GetType().GetTypeName() {
 		case string(gtsmodel.ActivityStreamsFollow):
 			// UNDO FOLLOW
 			ASFollow, ok := iter.GetType().(vocab.ActivityStreamsFollow)
 			if !ok {
 				return errors.New("UNDO: couldn't parse follow into vocab.ActivityStreamsFollow")
 			}
 			// make sure the actor owns the follow
 			if !sameActor(undo.GetActivityStreamsActor(), ASFollow.GetActivityStreamsActor()) {
 				return errors.New("UNDO: follow actor and activity actor not the same")
 			}
 			// convert the follow to something we can understand
 			gtsFollow, err := f.typeConverter.ASFollowToFollow(ASFollow)
 			if err != nil {
 				return fmt.Errorf("UNDO: error converting asfollow to gtsfollow: %s", err)
 			}
 			// make sure the addressee of the original follow is the same as whatever inbox this landed in
 			if gtsFollow.TargetAccountID != targetAcct.ID {
 				return errors.New("UNDO: follow object account and inbox account were not the same")
 			}
 			// delete any existing FOLLOW
 			if err := f.db.DeleteWhere([]db.Where{{Key: "uri", Value: gtsFollow.URI}}, &gtsmodel.Follow{}); err != nil {
 				return fmt.Errorf("UNDO: db error removing follow: %s", err)
 			}
 			// delete any existing FOLLOW REQUEST
 			if err := f.db.DeleteWhere([]db.Where{{Key: "uri", Value: gtsFollow.URI}}, &gtsmodel.FollowRequest{}); err != nil {
 				return fmt.Errorf("UNDO: db error removing follow request: %s", err)
 			}
 			l.Debug("follow undone")
 			return nil
 		case string(gtsmodel.ActivityStreamsLike):
 			// UNDO LIKE
 		case string(gtsmodel.ActivityStreamsAnnounce):
 			// UNDO BOOST/REBLOG/ANNOUNCE
 		}
 	}
 	return nil
 }
 func (f *federatingDB) Accept(ctx context.Context, accept vocab.ActivityStreamsAccept) error {
 	l := f.log.WithFields(
 		logrus.Fields{
 			"func":   "Accept",
 			"asType": accept.GetTypeName(),
 		},
 	)
 	m, err := streams.Serialize(accept)
 	if err != nil {
 		return err
 	}
 	b, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	l.Debugf("received ACCEPT asType %s", string(b))
 	inboxAcctI := ctx.Value(util.APAccount)
 	if inboxAcctI == nil {
 		l.Error("ACCEPT: inbox account wasn't set on context")
 		return nil
 	}
 	inboxAcct, ok := inboxAcctI.(*gtsmodel.Account)
 	if !ok {
 		l.Error("ACCEPT: inbox account was set on context but couldn't be parsed")
 		return nil
 	}
 	acceptObject := accept.GetActivityStreamsObject()
 	if acceptObject == nil {
 		return errors.New("ACCEPT: no object set on vocab.ActivityStreamsUndo")
 	}
 	for iter := acceptObject.Begin(); iter != acceptObject.End(); iter = iter.Next() {
 		switch iter.GetType().GetTypeName() {
 		case string(gtsmodel.ActivityStreamsFollow):
 			// ACCEPT FOLLOW
 			asFollow, ok := iter.GetType().(vocab.ActivityStreamsFollow)
 			if !ok {
 				return errors.New("ACCEPT: couldn't parse follow into vocab.ActivityStreamsFollow")
 			}
 			// convert the follow to something we can understand
 			gtsFollow, err := f.typeConverter.ASFollowToFollow(asFollow)
 			if err != nil {
 				return fmt.Errorf("ACCEPT: error converting asfollow to gtsfollow: %s", err)
 			}
 			// make sure the addressee of the original follow is the same as whatever inbox this landed in
 			if gtsFollow.AccountID != inboxAcct.ID {
 				return errors.New("ACCEPT: follow object account and inbox account were not the same")
 			}
 			_, err = f.db.AcceptFollowRequest(gtsFollow.AccountID, gtsFollow.TargetAccountID)
 			return err
 		}
 	}
 	return nil
 }
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@ -124,7 +124,7 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 	}
 	requestingAccount := &gtsmodel.Account{}
-	if err := f.db.GetWhere("uri", publicKeyOwnerURI.String(), requestingAccount); err != nil {
+	if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: publicKeyOwnerURI.String()}}, requestingAccount); err != nil {
 		// there's been a proper error so return it
 		if _, ok := err.(db.ErrNoEntries); !ok {
 			return ctx, false, fmt.Errorf("error getting requesting account with public key id %s: %s", publicKeyOwnerURI.String(), err)
@ -146,6 +146,22 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 		}
 		requestingAccount = a
 		// send the newly dereferenced account into the processor channel for further async processing
 		fromFederatorChanI := ctx.Value(util.APFromFederatorChanKey)
 		if fromFederatorChanI == nil {
 			l.Error("from federator channel wasn't set on context")
 		}
 		fromFederatorChan, ok := fromFederatorChanI.(chan gtsmodel.FromFederator)
 		if !ok {
 			l.Error("from federator channel was set on context but couldn't be parsed")
 		}
 		fromFederatorChan <- gtsmodel.FromFederator{
 			APObjectType:   gtsmodel.ActivityStreamsProfile,
 			APActivityType: gtsmodel.ActivityStreamsCreate,
 			GTSModel:       requestingAccount,
 		}
 	}
 	withRequester := context.WithValue(ctx, util.APRequestingAccount, requestingAccount)
@ -184,7 +200,7 @@ func (f *federator) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, er
 	for _, uri := range actorIRIs {
 		a := &gtsmodel.Account{}
-		if err := f.db.GetWhere("uri", uri.String(), a); err != nil {
+		if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String()}}, a); err != nil {
 			_, ok := err.(db.ErrNoEntries)
 			if ok {
 				// we don't have an entry for this account so it's not blocked
@ -228,17 +244,19 @@ func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.Federa
 		"func": "FederatingCallbacks",
 	})
-	targetAcctI := ctx.Value(util.APAccount)
+	receivingAcctI := ctx.Value(util.APAccount)
-	if targetAcctI == nil {
+	if receivingAcctI == nil {
-		l.Error("target account wasn't set on context")
+		l.Error("receiving account wasn't set on context")
 		return
 	}
-	targetAcct, ok := targetAcctI.(*gtsmodel.Account)
+	receivingAcct, ok := receivingAcctI.(*gtsmodel.Account)
 	if !ok {
-		l.Error("target account was set on context but couldn't be parsed")
+		l.Error("receiving account was set on context but couldn't be parsed")
 		return
 	}
 	var onFollow pub.OnFollowBehavior = pub.OnFollowAutomaticallyAccept
-	if targetAcct.Locked {
+	if receivingAcct.Locked {
 		onFollow = pub.OnFollowDoNothing
 	}
@ -248,6 +266,17 @@ func (f *federator) FederatingCallbacks(ctx context.Context) (wrapped pub.Federa
 		OnFollow: onFollow,
 	}
 	other = []interface{}{
 		// override default undo behavior
 		func(ctx context.Context, undo vocab.ActivityStreamsUndo) error {
 			return f.FederatingDB().Undo(ctx, undo)
 		},
 		// override default accept behavior
 		func(ctx context.Context, accept vocab.ActivityStreamsAccept) error {
 			return f.FederatingDB().Accept(ctx, accept)
 		},
 	}
 	return
 }
--- a/internal/federation/federator.go
+++ b/internal/federation/federator.go
@ -34,6 +34,8 @@ import (
 type Federator interface {
 	// FederatingActor returns the underlying pub.FederatingActor, which can be used to send activities, and serve actors at inboxes/outboxes.
 	FederatingActor() pub.FederatingActor
 	// FederatingDB returns the underlying FederatingDB interface.
 	FederatingDB() FederatingDB
 	// AuthenticateFederatedRequest can be used to check the authenticity of incoming http-signed requests for federating resources.
 	// The given username will be used to create a transport for making outgoing requests. See the implementation for more detailed comments.
 	AuthenticateFederatedRequest(username string, r *http.Request) (*url.URL, error)
@ -52,6 +54,7 @@ type Federator interface {
 type federator struct {
 	config              *config.Config
 	db                  db.DB
 	federatingDB        FederatingDB
 	clock               pub.Clock
 	typeConverter       typeutils.TypeConverter
 	transportController transport.Controller
@ -60,18 +63,19 @@ type federator struct {
 }
 // NewFederator returns a new federator
-func NewFederator(db db.DB, transportController transport.Controller, config *config.Config, log *logrus.Logger, typeConverter typeutils.TypeConverter) Federator {
+func NewFederator(db db.DB, federatingDB FederatingDB, transportController transport.Controller, config *config.Config, log *logrus.Logger, typeConverter typeutils.TypeConverter) Federator {
 	clock := &Clock{}
 	f := &federator{
 		config:              config,
 		db:                  db,
 		federatingDB:        federatingDB,
 		clock:               &Clock{},
 		typeConverter:       typeConverter,
 		transportController: transportController,
 		log:                 log,
 	}
-	actor := newFederatingActor(f, f, db.Federation(), clock)
+	actor := newFederatingActor(f, f, federatingDB, clock)
 	f.actor = actor
 	return f
 }
@ -79,3 +83,7 @@ func NewFederator(db db.DB, transportController transport.Controller, config *co
 func (f *federator) FederatingActor() pub.FederatingActor {
 	return f.actor
 }
 func (f *federator) FederatingDB() FederatingDB {
 	return f.federatingDB
 }
--- a/internal/federation/federator_test.go
+++ b/internal/federation/federator_test.go
@ -89,7 +89,7 @@ func (suite *ProtocolTestSuite) TestPostInboxRequestBodyHook() {
 		return nil, nil
 	}))
 	// setup module being tested
-	federator := federation.NewFederator(suite.db, tc, suite.config, suite.log, suite.typeConverter)
+	federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db), tc, suite.config, suite.log, suite.typeConverter)
 	// setup request
 	ctx := context.Background()
@ -155,7 +155,7 @@ func (suite *ProtocolTestSuite) TestAuthenticatePostInbox() {
 	}))
 	// now setup module being tested, with the mock transport controller
-	federator := federation.NewFederator(suite.db, tc, suite.config, suite.log, suite.typeConverter)
+	federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db), tc, suite.config, suite.log, suite.typeConverter)
 	// setup request
 	ctx := context.Background()
--- a/internal/federation/util.go
+++ b/internal/federation/util.go
@ -27,11 +27,13 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 	"github.com/go-fed/activity/pub"
 	"github.com/go-fed/activity/streams"
 	"github.com/go-fed/activity/streams/vocab"
 	"github.com/go-fed/httpsig"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/transport"
 	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@ -128,57 +130,73 @@ func (f *federator) AuthenticateFederatedRequest(username string, r *http.Reques
 		return nil, fmt.Errorf("could not parse key id into a url: %s", err)
 	}
-	transport, err := f.GetTransportForUser(username)
+	var publicKey interface{}
-	if err != nil {
+	var pkOwnerURI *url.URL
-		return nil, fmt.Errorf("transport err: %s", err)
+	if strings.EqualFold(requestingPublicKeyID.Host, f.config.Host) {
-	}
+		// the request is coming from INSIDE THE HOUSE so skip the remote dereferencing
 		requestingLocalAccount := &gtsmodel.Account{}
 		if err := f.db.GetWhere([]db.Where{{Key: "public_key_uri", Value: requestingPublicKeyID.String()}}, requestingLocalAccount); err != nil {
 			return nil, fmt.Errorf("couldn't get local account with public key uri %s from the database: %s", requestingPublicKeyID.String(), err)
 		}
 		publicKey = requestingLocalAccount.PublicKey
 		pkOwnerURI, err = url.Parse(requestingLocalAccount.URI)
 		if err != nil {
 			return nil, fmt.Errorf("error parsing url %s: %s", requestingLocalAccount.URI, err)
 		}
 	} else {
 		// the request is remote, so we need to authenticate the request properly by dereferencing the remote key
 		transport, err := f.GetTransportForUser(username)
 		if err != nil {
 			return nil, fmt.Errorf("transport err: %s", err)
 		}
-	// The actual http call to the remote server is made right here in the Dereference function.
+		// The actual http call to the remote server is made right here in the Dereference function.
-	b, err := transport.Dereference(context.Background(), requestingPublicKeyID)
+		b, err := transport.Dereference(context.Background(), requestingPublicKeyID)
-	if err != nil {
+		if err != nil {
-		return nil, fmt.Errorf("error deferencing key %s: %s", requestingPublicKeyID.String(), err)
+			return nil, fmt.Errorf("error deferencing key %s: %s", requestingPublicKeyID.String(), err)
-	}
+		}
-	// if the key isn't in the response, we can't authenticate the request
+		// if the key isn't in the response, we can't authenticate the request
-	requestingPublicKey, err := getPublicKeyFromResponse(context.Background(), b, requestingPublicKeyID)
+		requestingPublicKey, err := getPublicKeyFromResponse(context.Background(), b, requestingPublicKeyID)
-	if err != nil {
+		if err != nil {
-		return nil, fmt.Errorf("error getting key %s from response %s: %s", requestingPublicKeyID.String(), string(b), err)
+			return nil, fmt.Errorf("error getting key %s from response %s: %s", requestingPublicKeyID.String(), string(b), err)
-	}
+		}
-	// we should be able to get the actual key embedded in the vocab.W3IDSecurityV1PublicKey
+		// we should be able to get the actual key embedded in the vocab.W3IDSecurityV1PublicKey
-	pkPemProp := requestingPublicKey.GetW3IDSecurityV1PublicKeyPem()
+		pkPemProp := requestingPublicKey.GetW3IDSecurityV1PublicKeyPem()
-	if pkPemProp == nil || !pkPemProp.IsXMLSchemaString() {
+		if pkPemProp == nil || !pkPemProp.IsXMLSchemaString() {
-		return nil, errors.New("publicKeyPem property is not provided or it is not embedded as a value")
+			return nil, errors.New("publicKeyPem property is not provided or it is not embedded as a value")
-	}
+		}
-	// and decode the PEM so that we can parse it as a golang public key
+		// and decode the PEM so that we can parse it as a golang public key
-	pubKeyPem := pkPemProp.Get()
+		pubKeyPem := pkPemProp.Get()
-	block, _ := pem.Decode([]byte(pubKeyPem))
+		block, _ := pem.Decode([]byte(pubKeyPem))
-	if block == nil || block.Type != "PUBLIC KEY" {
+		if block == nil || block.Type != "PUBLIC KEY" {
-		return nil, errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")
+			return nil, errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")
-	}
+		}
-	p, err := x509.ParsePKIXPublicKey(block.Bytes)
+		publicKey, err = x509.ParsePKIXPublicKey(block.Bytes)
-	if err != nil {
+		if err != nil {
-		return nil, fmt.Errorf("could not parse public key from block bytes: %s", err)
+			return nil, fmt.Errorf("could not parse public key from block bytes: %s", err)
 		}
 		// all good! we just need the URI of the key owner to return
 		pkOwnerProp := requestingPublicKey.GetW3IDSecurityV1Owner()
 		if pkOwnerProp == nil || !pkOwnerProp.IsIRI() {
 			return nil, errors.New("publicKeyOwner property is not provided or it is not embedded as a value")
 		}
 		pkOwnerURI = pkOwnerProp.GetIRI()
 	}
-	if p == nil {
+	if publicKey == nil {
 		return nil, errors.New("returned public key was empty")
 	}
 	// do the actual authentication here!
 	algo := httpsig.RSA_SHA256 // TODO: make this more robust
-	if err := verifier.Verify(p, algo); err != nil {
+	if err := verifier.Verify(publicKey, algo); err != nil {
 		return nil, fmt.Errorf("error verifying key %s: %s", requestingPublicKeyID.String(), err)
 	}
 	// all good! we just need the URI of the key owner to return
 	pkOwnerProp := requestingPublicKey.GetW3IDSecurityV1Owner()
 	if pkOwnerProp == nil || !pkOwnerProp.IsIRI() {
 		return nil, errors.New("publicKeyOwner property is not provided or it is not embedded as a value")
 	}
 	pkOwnerURI := pkOwnerProp.GetIRI()
 	return pkOwnerURI, nil
 }
@ -217,6 +235,12 @@ func (f *federator) DereferenceRemoteAccount(username string, remoteAccountID *u
 			return nil, errors.New("error resolving type as activitystreams application")
 		}
 		return p, nil
 	case string(gtsmodel.ActivityStreamsService):
 		p, ok := t.(vocab.ActivityStreamsService)
 		if !ok {
 			return nil, errors.New("error resolving type as activitystreams service")
 		}
 		return p, nil
 	}
 	return nil, fmt.Errorf("type name %s not supported", t.GetTypeName())
@ -243,3 +267,23 @@ func (f *federator) GetTransportForUser(username string) (transport.Transport, e
 	}
 	return transport, nil
 }
 func sameActor(activityActor vocab.ActivityStreamsActorProperty, followActor vocab.ActivityStreamsActorProperty) bool {
 	if activityActor == nil || followActor == nil {
 		return false
 	}
 	for aIter := activityActor.Begin(); aIter != activityActor.End(); aIter = aIter.Next() {
 		for fIter := followActor.Begin(); fIter != followActor.End(); fIter = fIter.Next() {
 			if aIter.GetIRI() == nil {
 				return false
 			}
 			if fIter.GetIRI() == nil {
 				return false
 			}
 			if aIter.GetIRI().String() == fIter.GetIRI().String() {
 				return true
 			}
 		}
 	}
 	return false
 }
--- a/internal/gotosocial/actions.go
+++ b/internal/gotosocial/actions.go
@ -83,6 +83,8 @@ var Run action.GTSAction = func(ctx context.Context, c *config.Config, log *logr
 		return fmt.Errorf("error creating dbservice: %s", err)
 	}
 	federatingDB := federation.NewFederatingDB(dbService, c, log)
 	router, err := router.New(c, log)
 	if err != nil {
 		return fmt.Errorf("error creating router: %s", err)
@ -100,7 +102,7 @@ var Run action.GTSAction = func(ctx context.Context, c *config.Config, log *logr
 	mediaHandler := media.New(c, dbService, storageBackend, log)
 	oauthServer := oauth.New(dbService, log)
 	transportController := transport.NewController(c, &federation.Clock{}, http.DefaultClient, log)
-	federator := federation.NewFederator(dbService, transportController, c, log, typeConverter)
+	federator := federation.NewFederator(dbService, federatingDB, transportController, c, log, typeConverter)
 	processor := message.NewProcessor(c, typeConverter, federator, oauthServer, mediaHandler, storageBackend, dbService, log)
 	if err := processor.Start(); err != nil {
 		return fmt.Errorf("error starting processor: %s", err)
--- a/internal/gtsmodel/account.go
+++ b/internal/gtsmodel/account.go
@ -76,13 +76,13 @@ type Account struct {
 	*/
 	// Does this account need an approval for new followers?
-	Locked bool `pg:",default:'true'"`
+	Locked bool
 	// Should this account be shown in the instance's profile directory?
 	Discoverable bool
 	// Default post privacy for this account
 	Privacy Visibility
 	// Set posts from this account to sensitive by default?
-	Sensitive bool `pg:",default:'false'"`
+	Sensitive bool
 	// What language does this account post in?
 	Language string `pg:",default:'en'"`
@ -107,7 +107,7 @@ type Account struct {
 	// URL for getting the featured collection list of this account
 	FeaturedCollectionURI string `pg:",unique"`
 	// What type of activitypub actor is this account?
-	ActorType ActivityStreamsActor
+	ActorType string
 	// This account is associated with x account id
 	AlsoKnownAs string
--- a/internal/gtsmodel/activitystreams.go
+++ b/internal/gtsmodel/activitystreams.go
@ -18,110 +18,101 @@
 package gtsmodel
 // ActivityStreamsObject refers to https://www.w3.org/TR/activitystreams-vocabulary/#object-types
 type ActivityStreamsObject string
 const (
 	// ActivityStreamsArticle https://www.w3.org/TR/activitystreams-vocabulary/#dfn-article
-	ActivityStreamsArticle ActivityStreamsObject = "Article"
+	ActivityStreamsArticle = "Article"
 	// ActivityStreamsAudio https://www.w3.org/TR/activitystreams-vocabulary/#dfn-audio
-	ActivityStreamsAudio ActivityStreamsObject = "Audio"
+	ActivityStreamsAudio = "Audio"
 	// ActivityStreamsDocument https://www.w3.org/TR/activitystreams-vocabulary/#dfn-document
-	ActivityStreamsDocument ActivityStreamsObject = "Event"
+	ActivityStreamsDocument = "Event"
 	// ActivityStreamsEvent https://www.w3.org/TR/activitystreams-vocabulary/#dfn-event
-	ActivityStreamsEvent ActivityStreamsObject = "Event"
+	ActivityStreamsEvent = "Event"
 	// ActivityStreamsImage https://www.w3.org/TR/activitystreams-vocabulary/#dfn-image
-	ActivityStreamsImage ActivityStreamsObject = "Image"
+	ActivityStreamsImage = "Image"
 	// ActivityStreamsNote https://www.w3.org/TR/activitystreams-vocabulary/#dfn-note
-	ActivityStreamsNote ActivityStreamsObject = "Note"
+	ActivityStreamsNote = "Note"
 	// ActivityStreamsPage https://www.w3.org/TR/activitystreams-vocabulary/#dfn-page
-	ActivityStreamsPage ActivityStreamsObject = "Page"
+	ActivityStreamsPage = "Page"
 	// ActivityStreamsPlace https://www.w3.org/TR/activitystreams-vocabulary/#dfn-place
-	ActivityStreamsPlace ActivityStreamsObject = "Place"
+	ActivityStreamsPlace = "Place"
 	// ActivityStreamsProfile https://www.w3.org/TR/activitystreams-vocabulary/#dfn-profile
-	ActivityStreamsProfile ActivityStreamsObject = "Profile"
+	ActivityStreamsProfile = "Profile"
 	// ActivityStreamsRelationship https://www.w3.org/TR/activitystreams-vocabulary/#dfn-relationship
-	ActivityStreamsRelationship ActivityStreamsObject = "Relationship"
+	ActivityStreamsRelationship = "Relationship"
 	// ActivityStreamsTombstone https://www.w3.org/TR/activitystreams-vocabulary/#dfn-tombstone
-	ActivityStreamsTombstone ActivityStreamsObject = "Tombstone"
+	ActivityStreamsTombstone = "Tombstone"
 	// ActivityStreamsVideo https://www.w3.org/TR/activitystreams-vocabulary/#dfn-video
-	ActivityStreamsVideo ActivityStreamsObject = "Video"
+	ActivityStreamsVideo = "Video"
 )
 // ActivityStreamsActor refers to https://www.w3.org/TR/activitystreams-vocabulary/#actor-types
 type ActivityStreamsActor string
 const (
 	// ActivityStreamsApplication https://www.w3.org/TR/activitystreams-vocabulary/#dfn-application
-	ActivityStreamsApplication ActivityStreamsActor = "Application"
+	ActivityStreamsApplication = "Application"
 	// ActivityStreamsGroup https://www.w3.org/TR/activitystreams-vocabulary/#dfn-group
-	ActivityStreamsGroup ActivityStreamsActor = "Group"
+	ActivityStreamsGroup = "Group"
 	// ActivityStreamsOrganization https://www.w3.org/TR/activitystreams-vocabulary/#dfn-organization
-	ActivityStreamsOrganization ActivityStreamsActor = "Organization"
+	ActivityStreamsOrganization = "Organization"
 	// ActivityStreamsPerson https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person
-	ActivityStreamsPerson ActivityStreamsActor = "Person"
+	ActivityStreamsPerson = "Person"
 	// ActivityStreamsService https://www.w3.org/TR/activitystreams-vocabulary/#dfn-service
-	ActivityStreamsService ActivityStreamsActor = "Service"
+	ActivityStreamsService = "Service"
 )
 // ActivityStreamsActivity refers to https://www.w3.org/TR/activitystreams-vocabulary/#activity-types
 type ActivityStreamsActivity string
 const (
 	// ActivityStreamsAccept https://www.w3.org/TR/activitystreams-vocabulary/#dfn-accept
-	ActivityStreamsAccept ActivityStreamsActivity = "Accept"
+	ActivityStreamsAccept = "Accept"
 	// ActivityStreamsAdd https://www.w3.org/TR/activitystreams-vocabulary/#dfn-add
-	ActivityStreamsAdd ActivityStreamsActivity = "Add"
+	ActivityStreamsAdd = "Add"
 	// ActivityStreamsAnnounce https://www.w3.org/TR/activitystreams-vocabulary/#dfn-announce
-	ActivityStreamsAnnounce ActivityStreamsActivity = "Announce"
+	ActivityStreamsAnnounce = "Announce"
 	// ActivityStreamsArrive https://www.w3.org/TR/activitystreams-vocabulary/#dfn-arrive
-	ActivityStreamsArrive ActivityStreamsActivity = "Arrive"
+	ActivityStreamsArrive = "Arrive"
 	// ActivityStreamsBlock https://www.w3.org/TR/activitystreams-vocabulary/#dfn-block
-	ActivityStreamsBlock ActivityStreamsActivity = "Block"
+	ActivityStreamsBlock = "Block"
 	// ActivityStreamsCreate https://www.w3.org/TR/activitystreams-vocabulary/#dfn-create
-	ActivityStreamsCreate ActivityStreamsActivity = "Create"
+	ActivityStreamsCreate = "Create"
 	// ActivityStreamsDelete https://www.w3.org/TR/activitystreams-vocabulary/#dfn-delete
-	ActivityStreamsDelete ActivityStreamsActivity = "Delete"
+	ActivityStreamsDelete = "Delete"
 	// ActivityStreamsDislike https://www.w3.org/TR/activitystreams-vocabulary/#dfn-dislike
-	ActivityStreamsDislike ActivityStreamsActivity = "Dislike"
+	ActivityStreamsDislike = "Dislike"
 	// ActivityStreamsFlag https://www.w3.org/TR/activitystreams-vocabulary/#dfn-flag
-	ActivityStreamsFlag ActivityStreamsActivity = "Flag"
+	ActivityStreamsFlag = "Flag"
 	// ActivityStreamsFollow https://www.w3.org/TR/activitystreams-vocabulary/#dfn-follow
-	ActivityStreamsFollow ActivityStreamsActivity = "Follow"
+	ActivityStreamsFollow = "Follow"
 	// ActivityStreamsIgnore https://www.w3.org/TR/activitystreams-vocabulary/#dfn-ignore
-	ActivityStreamsIgnore ActivityStreamsActivity = "Ignore"
+	ActivityStreamsIgnore = "Ignore"
 	// ActivityStreamsInvite https://www.w3.org/TR/activitystreams-vocabulary/#dfn-invite
-	ActivityStreamsInvite ActivityStreamsActivity = "Invite"
+	ActivityStreamsInvite = "Invite"
 	// ActivityStreamsJoin https://www.w3.org/TR/activitystreams-vocabulary/#dfn-join
-	ActivityStreamsJoin ActivityStreamsActivity = "Join"
+	ActivityStreamsJoin = "Join"
 	// ActivityStreamsLeave https://www.w3.org/TR/activitystreams-vocabulary/#dfn-leave
-	ActivityStreamsLeave ActivityStreamsActivity = "Leave"
+	ActivityStreamsLeave = "Leave"
 	// ActivityStreamsLike https://www.w3.org/TR/activitystreams-vocabulary/#dfn-like
-	ActivityStreamsLike ActivityStreamsActivity = "Like"
+	ActivityStreamsLike = "Like"
 	// ActivityStreamsListen https://www.w3.org/TR/activitystreams-vocabulary/#dfn-listen
-	ActivityStreamsListen ActivityStreamsActivity = "Listen"
+	ActivityStreamsListen = "Listen"
 	// ActivityStreamsMove https://www.w3.org/TR/activitystreams-vocabulary/#dfn-move
-	ActivityStreamsMove ActivityStreamsActivity = "Move"
+	ActivityStreamsMove = "Move"
 	// ActivityStreamsOffer https://www.w3.org/TR/activitystreams-vocabulary/#dfn-offer
-	ActivityStreamsOffer ActivityStreamsActivity = "Offer"
+	ActivityStreamsOffer = "Offer"
 	// ActivityStreamsQuestion https://www.w3.org/TR/activitystreams-vocabulary/#dfn-question
-	ActivityStreamsQuestion ActivityStreamsActivity = "Question"
+	ActivityStreamsQuestion = "Question"
 	// ActivityStreamsReject https://www.w3.org/TR/activitystreams-vocabulary/#dfn-reject
-	ActivityStreamsReject ActivityStreamsActivity = "Reject"
+	ActivityStreamsReject = "Reject"
 	// ActivityStreamsRead https://www.w3.org/TR/activitystreams-vocabulary/#dfn-read
-	ActivityStreamsRead ActivityStreamsActivity = "Read"
+	ActivityStreamsRead = "Read"
 	// ActivityStreamsRemove https://www.w3.org/TR/activitystreams-vocabulary/#dfn-remove
-	ActivityStreamsRemove ActivityStreamsActivity = "Remove"
+	ActivityStreamsRemove = "Remove"
 	// ActivityStreamsTentativeReject https://www.w3.org/TR/activitystreams-vocabulary/#dfn-tentativereject
-	ActivityStreamsTentativeReject ActivityStreamsActivity = "TentativeReject"
+	ActivityStreamsTentativeReject = "TentativeReject"
 	// ActivityStreamsTentativeAccept https://www.w3.org/TR/activitystreams-vocabulary/#dfn-tentativeaccept
-	ActivityStreamsTentativeAccept ActivityStreamsActivity = "TentativeAccept"
+	ActivityStreamsTentativeAccept = "TentativeAccept"
 	// ActivityStreamsTravel https://www.w3.org/TR/activitystreams-vocabulary/#dfn-travel
-	ActivityStreamsTravel ActivityStreamsActivity = "Travel"
+	ActivityStreamsTravel = "Travel"
 	// ActivityStreamsUndo https://www.w3.org/TR/activitystreams-vocabulary/#dfn-undo
-	ActivityStreamsUndo ActivityStreamsActivity = "Undo"
+	ActivityStreamsUndo = "Undo"
 	// ActivityStreamsUpdate https://www.w3.org/TR/activitystreams-vocabulary/#dfn-update
-	ActivityStreamsUpdate ActivityStreamsActivity = "Update"
+	ActivityStreamsUpdate = "Update"
 	// ActivityStreamsView https://www.w3.org/TR/activitystreams-vocabulary/#dfn-view
-	ActivityStreamsView ActivityStreamsActivity = "View"
+	ActivityStreamsView = "View"
 )
--- a/internal/gtsmodel/mention.go
+++ b/internal/gtsmodel/mention.go
@ -38,6 +38,14 @@ type Mention struct {
 	TargetAccountID string `pg:",notnull"`
 	// Prevent this mention from generating a notification?
 	Silent bool
 	/*
 		NON-DATABASE CONVENIENCE FIELDS
 		These fields are just for convenience while passing the mention
 		around internally, to make fewer database calls and whatnot. They're
 		not meant to be put in the database!
 	*/
 	// NameString is for putting in the namestring of the mentioned user
 	// before the mention is dereferenced. Should be in a form along the lines of:
 	// @whatever_username@example.org
@ -48,4 +56,6 @@ type Mention struct {
 	//
 	// This will not be put in the database, it's just for convenience.
 	MentionedAccountURI string `pg:"-"`
 	// A pointer to the gtsmodel account of the mentioned account.
 	GTSAccount *Account `pg:"-"`
 }
--- a/internal/gtsmodel/messages.go
+++ b/internal/gtsmodel/messages.go
@ -9,9 +9,11 @@ package gtsmodel
 // FromClientAPI wraps a message that travels from client API into the processor
 type FromClientAPI struct {
-	APObjectType   ActivityStreamsObject
+	APObjectType   string
-	APActivityType ActivityStreamsActivity
+	APActivityType string
 	GTSModel       interface{}
 	OriginAccount  *Account
 	TargetAccount  *Account
 }
 // // ToFederator wraps a message that travels from the processor into the federator
@ -23,7 +25,8 @@ type FromClientAPI struct {
 // FromFederator wraps a message that travels from the federator into the processor
 type FromFederator struct {
-	APObjectType   ActivityStreamsObject
+	APObjectType     string
-	APActivityType ActivityStreamsActivity
+	APActivityType   string
-	GTSModel       interface{}
+	GTSModel         interface{}
 	ReceivingAccount *Account
 }
--- a/internal/gtsmodel/relationship.go
+++ b/internal/gtsmodel/relationship.go
@ -0,0 +1,49 @@
 /*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.
   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package gtsmodel
 // Relationship describes a requester's relationship with another account.
 type Relationship struct {
 	// The account id.
 	ID string
 	// Are you following this user?
 	Following bool
 	// Are you receiving this user's boosts in your home timeline?
 	ShowingReblogs bool
 	// Have you enabled notifications for this user?
 	Notifying bool
 	// Are you followed by this user?
 	FollowedBy bool
 	// Are you blocking this user?
 	Blocking bool
 	// Is this user blocking you?
 	BlockedBy bool
 	// Are you muting this user?
 	Muting bool
 	// Are you muting notifications from this user?
 	MutingNotifications bool
 	// Do you have a pending follow request for this user?
 	Requested bool
 	// Are you blocking this user's domain?
 	DomainBlocking bool
 	// Are you featuring this user on your profile?
 	Endorsed bool
 	// Your note on this account.
 	Note string
 }
--- a/internal/gtsmodel/status.go
+++ b/internal/gtsmodel/status.go
@ -66,7 +66,7 @@ type Status struct {
 	VisibilityAdvanced *VisibilityAdvanced
 	// What is the activitystreams type of this status? See: https://www.w3.org/TR/activitystreams-vocabulary/#object-types
 	// Will probably almost always be Note but who knows!.
-	ActivityStreamsType ActivityStreamsObject
+	ActivityStreamsType string
 	// Original text of the status without formatting
 	Text string
 	// Has this status been pinned by its owner?
--- a/internal/media/handler.go
+++ b/internal/media/handler.go
@ -67,7 +67,7 @@ type Handler interface {
 	// ProcessHeaderOrAvatar takes a new header image for an account, checks it out, removes exif data from it,
 	// puts it in whatever storage backend we're using, sets the relevant fields in the database for the new image,
 	// and then returns information to the caller about the new header.
-	ProcessHeaderOrAvatar(img []byte, accountID string, mediaType Type) (*gtsmodel.MediaAttachment, error)
+	ProcessHeaderOrAvatar(attachment []byte, accountID string, mediaType Type, remoteURL string) (*gtsmodel.MediaAttachment, error)
 	// ProcessLocalAttachment takes a new attachment and the requesting account, checks it out, removes exif data from it,
 	// puts it in whatever storage backend we're using, sets the relevant fields in the database for the new media,
@ -86,6 +86,8 @@ type Handler interface {
 	// information to the caller about the new attachment. It's the caller's responsibility to put the returned struct
 	// in the database.
 	ProcessRemoteAttachment(t transport.Transport, currentAttachment *gtsmodel.MediaAttachment, accountID string) (*gtsmodel.MediaAttachment, error)
 	ProcessRemoteHeaderOrAvatar(t transport.Transport, currentAttachment *gtsmodel.MediaAttachment, accountID string) (*gtsmodel.MediaAttachment, error)
 }
 type mediaHandler struct {
@ -112,7 +114,7 @@ func New(config *config.Config, database db.DB, storage storage.Storage, log *lo
 // ProcessHeaderOrAvatar takes a new header image for an account, checks it out, removes exif data from it,
 // puts it in whatever storage backend we're using, sets the relevant fields in the database for the new image,
 // and then returns information to the caller about the new header.
-func (mh *mediaHandler) ProcessHeaderOrAvatar(attachment []byte, accountID string, mediaType Type) (*gtsmodel.MediaAttachment, error) {
+func (mh *mediaHandler) ProcessHeaderOrAvatar(attachment []byte, accountID string, mediaType Type, remoteURL string) (*gtsmodel.MediaAttachment, error) {
 	l := mh.log.WithField("func", "SetHeaderForAccountID")
 	if mediaType != Header && mediaType != Avatar {
@ -134,7 +136,7 @@ func (mh *mediaHandler) ProcessHeaderOrAvatar(attachment []byte, accountID strin
 	l.Tracef("read %d bytes of file", len(attachment))
 	// process it
-	ma, err := mh.processHeaderOrAvi(attachment, contentType, mediaType, accountID)
+	ma, err := mh.processHeaderOrAvi(attachment, contentType, mediaType, accountID, remoteURL)
 	if err != nil {
 		return nil, fmt.Errorf("error processing %s: %s", mediaType, err)
 	}
@ -315,3 +317,43 @@ func (mh *mediaHandler) ProcessRemoteAttachment(t transport.Transport, currentAt
 	return mh.ProcessAttachment(attachmentBytes, accountID, currentAttachment.RemoteURL)
 }
 func (mh *mediaHandler) ProcessRemoteHeaderOrAvatar(t transport.Transport, currentAttachment *gtsmodel.MediaAttachment, accountID string) (*gtsmodel.MediaAttachment, error) {
 	if !currentAttachment.Header && !currentAttachment.Avatar {
 		return nil, errors.New("provided attachment was set to neither header nor avatar")
 	}
 	if currentAttachment.Header && currentAttachment.Avatar {
 		return nil, errors.New("provided attachment was set to both header and avatar")
 	}
 	var headerOrAvi Type
 	if currentAttachment.Header {
 		headerOrAvi = Header
 	} else if currentAttachment.Avatar {
 		headerOrAvi = Avatar
 	}
 	if currentAttachment.RemoteURL == "" {
 		return nil, errors.New("no remote URL on media attachment to dereference")
 	}
 	remoteIRI, err := url.Parse(currentAttachment.RemoteURL)
 	if err != nil {
 		return nil, fmt.Errorf("error parsing attachment url %s: %s", currentAttachment.RemoteURL, err)
 	}
 	// for content type, we assume we don't know what to expect...
 	expectedContentType := "*/*"
 	if currentAttachment.File.ContentType != "" {
 		// ... and then narrow it down if we do
 		expectedContentType = currentAttachment.File.ContentType
 	}
 	attachmentBytes, err := t.DereferenceMedia(context.Background(), remoteIRI, expectedContentType)
 	if err != nil {
 		return nil, fmt.Errorf("dereferencing remote media with url %s: %s", remoteIRI.String(), err)
 	}
 	return mh.ProcessHeaderOrAvatar(attachmentBytes, accountID, headerOrAvi, currentAttachment.RemoteURL)
 }
--- a/internal/media/handler_test.go
+++ b/internal/media/handler_test.go
@ -147,7 +147,7 @@ func (suite *MediaTestSuite) TestSetHeaderOrAvatarForAccountID() {
 	f, err := ioutil.ReadFile("./test/test-jpeg.jpg")
 	assert.Nil(suite.T(), err)
-	ma, err := suite.mediaHandler.ProcessHeaderOrAvatar(f, "weeeeeee", "header")
+	ma, err := suite.mediaHandler.ProcessHeaderOrAvatar(f, "weeeeeee", "header", "")
 	assert.Nil(suite.T(), err)
 	suite.log.Debugf("%+v", ma)
--- a/internal/media/processicon.go
+++ b/internal/media/processicon.go
@ -28,7 +28,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
-func (mh *mediaHandler) processHeaderOrAvi(imageBytes []byte, contentType string, mediaType Type, accountID string) (*gtsmodel.MediaAttachment, error) {
+func (mh *mediaHandler) processHeaderOrAvi(imageBytes []byte, contentType string, mediaType Type, accountID string, remoteURL string) (*gtsmodel.MediaAttachment, error) {
 	var isHeader bool
 	var isAvatar bool
@ -96,7 +96,7 @@ func (mh *mediaHandler) processHeaderOrAvi(imageBytes []byte, contentType string
 		ID:        newMediaID,
 		StatusID:  "",
 		URL:       originalURL,
-		RemoteURL: "",
+		RemoteURL: remoteURL,
 		CreatedAt: time.Now(),
 		UpdatedAt: time.Now(),
 		Type:      gtsmodel.FileTypeImage,
--- a/internal/message/accountprocess.go
+++ b/internal/message/accountprocess.go
@ -78,6 +78,15 @@ func (p *processor) AccountGet(authed *oauth.Auth, targetAccountID string) (*api
 		return nil, fmt.Errorf("db error: %s", err)
 	}
 	// lazily dereference things on the account if it hasn't been done yet
 	var requestingUsername string
 	if authed.Account != nil {
 		requestingUsername = authed.Account.Username
 	}
 	if err := p.dereferenceAccountFields(targetAccount, requestingUsername); err != nil {
 		p.log.WithField("func", "AccountGet").Debugf("dereferencing account: %s", err)
 	}
 	var mastoAccount *apimodel.Account
 	var err error
 	if authed.Account != nil && targetAccount.ID == authed.Account.ID {
@ -285,6 +294,12 @@ func (p *processor) AccountFollowersGet(authed *oauth.Auth, targetAccountID stri
 			return nil, NewErrorInternalError(err)
 		}
 		// derefence account fields in case we haven't done it already
 		if err := p.dereferenceAccountFields(a, authed.Account.Username); err != nil {
 			// don't bail if we can't fetch them, we'll try another time
 			p.log.WithField("func", "AccountFollowersGet").Debugf("error dereferencing account fields: %s", err)
 		}
 		account, err := p.tc.AccountToMastoPublic(a)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
@ -293,3 +308,238 @@ func (p *processor) AccountFollowersGet(authed *oauth.Auth, targetAccountID stri
 	}
 	return accounts, nil
 }
 func (p *processor) AccountFollowingGet(authed *oauth.Auth, targetAccountID string) ([]apimodel.Account, ErrorWithCode) {
 	blocked, err := p.db.Blocked(authed.Account.ID, targetAccountID)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	if blocked {
 		return nil, NewErrorNotFound(fmt.Errorf("block exists between accounts"))
 	}
 	following := []gtsmodel.Follow{}
 	accounts := []apimodel.Account{}
 	if err := p.db.GetFollowingByAccountID(targetAccountID, &following); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return accounts, nil
 		}
 		return nil, NewErrorInternalError(err)
 	}
 	for _, f := range following {
 		blocked, err := p.db.Blocked(authed.Account.ID, f.AccountID)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
 		}
 		if blocked {
 			continue
 		}
 		a := &gtsmodel.Account{}
 		if err := p.db.GetByID(f.TargetAccountID, a); err != nil {
 			if _, ok := err.(db.ErrNoEntries); ok {
 				continue
 			}
 			return nil, NewErrorInternalError(err)
 		}
 		// derefence account fields in case we haven't done it already
 		if err := p.dereferenceAccountFields(a, authed.Account.Username); err != nil {
 			// don't bail if we can't fetch them, we'll try another time
 			p.log.WithField("func", "AccountFollowingGet").Debugf("error dereferencing account fields: %s", err)
 		}
 		account, err := p.tc.AccountToMastoPublic(a)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
 		}
 		accounts = append(accounts, *account)
 	}
 	return accounts, nil
 }
 func (p *processor) AccountRelationshipGet(authed *oauth.Auth, targetAccountID string) (*apimodel.Relationship, ErrorWithCode) {
 	if authed == nil || authed.Account == nil {
 		return nil, NewErrorForbidden(errors.New("not authed"))
 	}
 	gtsR, err := p.db.GetRelationship(authed.Account.ID, targetAccountID)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("error getting relationship: %s", err))
 	}
 	r, err := p.tc.RelationshipToMasto(gtsR)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("error converting relationship: %s", err))
 	}
 	return r, nil
 }
 func (p *processor) AccountFollowCreate(authed *oauth.Auth, form *apimodel.AccountFollowRequest) (*apimodel.Relationship, ErrorWithCode) {
 	// if there's a block between the accounts we shouldn't create the request ofc
 	blocked, err := p.db.Blocked(authed.Account.ID, form.TargetAccountID)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	if blocked {
 		return nil, NewErrorNotFound(fmt.Errorf("accountfollowcreate: block exists between accounts"))
 	}
 	// make sure the target account actually exists in our db
 	targetAcct := &gtsmodel.Account{}
 	if err := p.db.GetByID(form.TargetAccountID, targetAcct); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return nil, NewErrorNotFound(fmt.Errorf("accountfollowcreate: account %s not found in the db: %s", form.TargetAccountID, err))
 		}
 	}
 	// check if a follow exists already
 	follows, err := p.db.Follows(authed.Account, targetAcct)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("accountfollowcreate: error checking follow in db: %s", err))
 	}
 	if follows {
 		// already follows so just return the relationship
 		return p.AccountRelationshipGet(authed, form.TargetAccountID)
 	}
 	// check if a follow exists already
 	followRequested, err := p.db.FollowRequested(authed.Account, targetAcct)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("accountfollowcreate: error checking follow request in db: %s", err))
 	}
 	if followRequested {
 		// already follow requested so just return the relationship
 		return p.AccountRelationshipGet(authed, form.TargetAccountID)
 	}
 	// make the follow request
 	fr := &gtsmodel.FollowRequest{
 		AccountID:       authed.Account.ID,
 		TargetAccountID: form.TargetAccountID,
 		ShowReblogs:     true,
 		URI:             util.GenerateURIForFollow(authed.Account.Username, p.config.Protocol, p.config.Host),
 		Notify:          false,
 	}
 	if form.Reblogs != nil {
 		fr.ShowReblogs = *form.Reblogs
 	}
 	if form.Notify != nil {
 		fr.Notify = *form.Notify
 	}
 	// whack it in the database
 	if err := p.db.Put(fr); err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("accountfollowcreate: error creating follow request in db: %s", err))
 	}
 	// if it's a local account that's not locked we can just straight up accept the follow request
 	if !targetAcct.Locked && targetAcct.Domain == "" {
 		if _, err := p.db.AcceptFollowRequest(authed.Account.ID, form.TargetAccountID); err != nil {
 			return nil, NewErrorInternalError(fmt.Errorf("accountfollowcreate: error accepting folow request for local unlocked account: %s", err))
 		}
 		// return the new relationship
 		return p.AccountRelationshipGet(authed, form.TargetAccountID)
 	}
 	// otherwise we leave the follow request as it is and we handle the rest of the process asynchronously
 	p.fromClientAPI <- gtsmodel.FromClientAPI{
 		APObjectType:   gtsmodel.ActivityStreamsFollow,
 		APActivityType: gtsmodel.ActivityStreamsCreate,
 		GTSModel: &gtsmodel.Follow{
 			AccountID:       authed.Account.ID,
 			TargetAccountID: form.TargetAccountID,
 			URI:             fr.URI,
 		},
 		OriginAccount: authed.Account,
 		TargetAccount: targetAcct,
 	}
 	// return whatever relationship results from this
 	return p.AccountRelationshipGet(authed, form.TargetAccountID)
 }
 func (p *processor) AccountFollowRemove(authed *oauth.Auth, targetAccountID string) (*apimodel.Relationship, ErrorWithCode) {
 	// if there's a block between the accounts we shouldn't do anything
 	blocked, err := p.db.Blocked(authed.Account.ID, targetAccountID)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	if blocked {
 		return nil, NewErrorNotFound(fmt.Errorf("AccountFollowRemove: block exists between accounts"))
 	}
 	// make sure the target account actually exists in our db
 	targetAcct := &gtsmodel.Account{}
 	if err := p.db.GetByID(targetAccountID, targetAcct); err != nil {
 		if _, ok := err.(db.ErrNoEntries); ok {
 			return nil, NewErrorNotFound(fmt.Errorf("AccountFollowRemove: account %s not found in the db: %s", targetAccountID, err))
 		}
 	}
 	// check if a follow request exists, and remove it if it does (storing the URI for later)
 	var frChanged bool
 	var frURI string
 	fr := &gtsmodel.FollowRequest{}
 	if err := p.db.GetWhere([]db.Where{
 		{Key: "account_id", Value: authed.Account.ID},
 		{Key: "target_account_id", Value: targetAccountID},
 	}, fr); err == nil {
 		frURI = fr.URI
 		if err := p.db.DeleteByID(fr.ID, fr); err != nil {
 			return nil, NewErrorInternalError(fmt.Errorf("AccountFollowRemove: error removing follow request from db: %s", err))
 		}
 		frChanged = true
 	}
 	// now do the same thing for any existing follow
 	var fChanged bool
 	var fURI string
 	f := &gtsmodel.Follow{}
 	if err := p.db.GetWhere([]db.Where{
 		{Key: "account_id", Value: authed.Account.ID},
 		{Key: "target_account_id", Value: targetAccountID},
 	}, f); err == nil {
 		fURI = f.URI
 		if err := p.db.DeleteByID(f.ID, f); err != nil {
 			return nil, NewErrorInternalError(fmt.Errorf("AccountFollowRemove: error removing follow from db: %s", err))
 		}
 		fChanged = true
 	}
 	// follow request status changed so send the UNDO activity to the channel for async processing
 	if frChanged {
 		p.fromClientAPI <- gtsmodel.FromClientAPI{
 			APObjectType:   gtsmodel.ActivityStreamsFollow,
 			APActivityType: gtsmodel.ActivityStreamsUndo,
 			GTSModel: &gtsmodel.Follow{
 				AccountID:       authed.Account.ID,
 				TargetAccountID: targetAccountID,
 				URI:             frURI,
 			},
 			OriginAccount: authed.Account,
 			TargetAccount: targetAcct,
 		}
 	}
 	// follow status changed so send the UNDO activity to the channel for async processing
 	if fChanged {
 		p.fromClientAPI <- gtsmodel.FromClientAPI{
 			APObjectType:   gtsmodel.ActivityStreamsFollow,
 			APActivityType: gtsmodel.ActivityStreamsUndo,
 			GTSModel: &gtsmodel.Follow{
 				AccountID:       authed.Account.ID,
 				TargetAccountID: targetAccountID,
 				URI:             fURI,
 			},
 			OriginAccount: authed.Account,
 			TargetAccount: targetAcct,
 		}
 	}
 	// return whatever relationship results from all this
 	return p.AccountRelationshipGet(authed, targetAccountID)
 }
--- a/internal/message/fediprocess.go
+++ b/internal/message/fediprocess.go
@ -22,6 +22,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
 	"net/url"
 	"github.com/go-fed/activity/streams"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
@ -46,7 +47,7 @@ func (p *processor) authenticateAndDereferenceFediRequest(username string, r *ht
 	// we might already have an entry for this account so check that first
 	requestingAccount := &gtsmodel.Account{}
-	err = p.db.GetWhere("uri", requestingAccountURI.String(), requestingAccount)
+	err = p.db.GetWhere([]db.Where{{Key: "uri", Value: requestingAccountURI.String()}}, requestingAccount)
 	if err == nil {
 		// we do have it yay, return it
 		return requestingAccount, nil
@ -122,6 +123,89 @@ func (p *processor) GetFediUser(requestedUsername string, request *http.Request)
 	return data, nil
 }
 func (p *processor) GetFediFollowers(requestedUsername string, request *http.Request) (interface{}, ErrorWithCode) {
 	// get the account the request is referring to
 	requestedAccount := &gtsmodel.Account{}
 	if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
 		return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
 	}
 	// authenticate the request
 	requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)
 	if err != nil {
 		return nil, NewErrorNotAuthorized(err)
 	}
 	blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	if blocked {
 		return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}
 	requestedAccountURI, err := url.Parse(requestedAccount.URI)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
 	}
 	requestedFollowers, err := p.federator.FederatingDB().Followers(context.Background(), requestedAccountURI)
 	if err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("error fetching followers for uri %s: %s", requestedAccountURI.String(), err))
 	}
 	data, err := streams.Serialize(requestedFollowers)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	return data, nil
 }
 func (p *processor) GetFediStatus(requestedUsername string, requestedStatusID string, request *http.Request) (interface{}, ErrorWithCode) {
 		// get the account the request is referring to
 		requestedAccount := &gtsmodel.Account{}
 		if err := p.db.GetLocalAccountByUsername(requestedUsername, requestedAccount); err != nil {
 			return nil, NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
 		}
 		// authenticate the request
 		requestingAccount, err := p.authenticateAndDereferenceFediRequest(requestedUsername, request)
 		if err != nil {
 			return nil, NewErrorNotAuthorized(err)
 		}
 		blocked, err := p.db.Blocked(requestedAccount.ID, requestingAccount.ID)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
 		}
 		if blocked {
 			return nil, NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 		}
 		s := &gtsmodel.Status{}
 		if err := p.db.GetWhere([]db.Where{
 			{Key: "id", Value: requestedStatusID},
 			{Key: "account_id", Value: requestedAccount.ID},
 		}, s); err != nil {
 			return nil, NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
 		}
 		asStatus, err := p.tc.StatusToAS(s)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
 		}
 		data, err := streams.Serialize(asStatus)
 		if err != nil {
 			return nil, NewErrorInternalError(err)
 		}
 		return data, nil
 }
 func (p *processor) GetWebfingerAccount(requestedUsername string, request *http.Request) (*apimodel.WebfingerAccountResponse, ErrorWithCode) {
 	// get the account the request is referring to
 	requestedAccount := &gtsmodel.Account{}
--- a/internal/message/fromclientapiprocess.go
+++ b/internal/message/fromclientapiprocess.go
@ -19,55 +19,198 @@
 package message
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net/url"
 	"github.com/go-fed/activity/streams"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
 func (p *processor) processFromClientAPI(clientMsg gtsmodel.FromClientAPI) error {
-	switch clientMsg.APObjectType {
+	switch clientMsg.APActivityType {
-	case gtsmodel.ActivityStreamsNote:
+	case gtsmodel.ActivityStreamsCreate:
-		status, ok := clientMsg.GTSModel.(*gtsmodel.Status)
+		// CREATE
-		if !ok {
+		switch clientMsg.APObjectType {
-			return errors.New("note was not parseable as *gtsmodel.Status")
+		case gtsmodel.ActivityStreamsNote:
-		}
+			// CREATE NOTE
 			status, ok := clientMsg.GTSModel.(*gtsmodel.Status)
 			if !ok {
 				return errors.New("note was not parseable as *gtsmodel.Status")
 			}
-		if err := p.notifyStatus(status); err != nil {
+			if err := p.notifyStatus(status); err != nil {
-			return err
+				return err
-		}
+			}
-		if status.VisibilityAdvanced.Federated {
+			if status.VisibilityAdvanced.Federated {
-			return p.federateStatus(status)
+				return p.federateStatus(status)
 			}
 			return nil
 		case gtsmodel.ActivityStreamsFollow:
 			// CREATE FOLLOW (request)
 			follow, ok := clientMsg.GTSModel.(*gtsmodel.Follow)
 			if !ok {
 				return errors.New("follow was not parseable as *gtsmodel.Follow")
 			}
 			if err := p.notifyFollow(follow); err != nil {
 				return err
 			}
 			return p.federateFollow(follow, clientMsg.OriginAccount, clientMsg.TargetAccount)
 		}
 	case gtsmodel.ActivityStreamsUpdate:
 		// UPDATE
 	case gtsmodel.ActivityStreamsAccept:
 		// ACCEPT
 		switch clientMsg.APObjectType {
 		case gtsmodel.ActivityStreamsFollow:
 			// ACCEPT FOLLOW
 			follow, ok := clientMsg.GTSModel.(*gtsmodel.Follow)
 			if !ok {
 				return errors.New("accept was not parseable as *gtsmodel.Follow")
 			}
 			return p.federateAcceptFollowRequest(follow, clientMsg.OriginAccount, clientMsg.TargetAccount)
 		}
 	case gtsmodel.ActivityStreamsUndo:
 		// UNDO
 		switch clientMsg.APObjectType {
 		case gtsmodel.ActivityStreamsFollow:
 			// UNDO FOLLOW
 			follow, ok := clientMsg.GTSModel.(*gtsmodel.Follow)
 			if !ok {
 				return errors.New("undo was not parseable as *gtsmodel.Follow")
 			}
 			return p.federateUnfollow(follow, clientMsg.OriginAccount, clientMsg.TargetAccount)
 		}
 		return nil
 	}
-	return fmt.Errorf("message type unprocessable: %+v", clientMsg)
+	return nil
 }
 func (p *processor) federateStatus(status *gtsmodel.Status) error {
-	// // derive the sending account -- it might be attached to the status already
+	asStatus, err := p.tc.StatusToAS(status)
-	// sendingAcct := &gtsmodel.Account{}
+	if err != nil {
-	// if status.GTSAccount != nil {
+		return fmt.Errorf("federateStatus: error converting status to as format: %s", err)
-	// 	sendingAcct = status.GTSAccount
+	}
 	// } else {
 	// 	// it wasn't attached so get it from the db instead
 	// 	if err := p.db.GetByID(status.AccountID, sendingAcct); err != nil {
 	// 		return err
 	// 	}
 	// }
-	// outboxURI, err := url.Parse(sendingAcct.OutboxURI)
+	outboxIRI, err := url.Parse(status.GTSAccount.OutboxURI)
-	// if err != nil {
+	if err != nil {
-	// 	return err
+		return fmt.Errorf("federateStatus: error parsing outboxURI %s: %s", status.GTSAccount.OutboxURI, err)
-	// }
+	}
-	// // convert the status to AS format Note
+	_, err = p.federator.FederatingActor().Send(context.Background(), outboxIRI, asStatus)
-	// note, err := p.tc.StatusToAS(status)
+	return err
-	// if err != nil {
+}
-	// 	return err
+
-	// }
+func (p *processor) federateFollow(follow *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) error {
-
+	// if both accounts are local there's nothing to do here
-	// _, err = p.federator.FederatingActor().Send(context.Background(), outboxURI, note)
+	if originAccount.Domain == "" && targetAccount.Domain == "" {
-	return nil
+		return nil
 	}
 	asFollow, err := p.tc.FollowToAS(follow, originAccount, targetAccount)
 	if err != nil {
 		return fmt.Errorf("federateFollow: error converting follow to as format: %s", err)
 	}
 	outboxIRI, err := url.Parse(originAccount.OutboxURI)
 	if err != nil {
 		return fmt.Errorf("federateFollow: error parsing outboxURI %s: %s", originAccount.OutboxURI, err)
 	}
 	_, err = p.federator.FederatingActor().Send(context.Background(), outboxIRI, asFollow)
 	return err
 }
 func (p *processor) federateUnfollow(follow *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) error {
 	// if both accounts are local there's nothing to do here
 	if originAccount.Domain == "" && targetAccount.Domain == "" {
 		return nil
 	}
 	// recreate the follow
 	asFollow, err := p.tc.FollowToAS(follow, originAccount, targetAccount)
 	if err != nil {
 		return fmt.Errorf("federateUnfollow: error converting follow to as format: %s", err)
 	}
 	targetAccountURI, err := url.Parse(targetAccount.URI)
 	if err != nil {
 		return fmt.Errorf("error parsing uri %s: %s", targetAccount.URI, err)
 	}
 	// create an Undo and set the appropriate actor on it
 	undo := streams.NewActivityStreamsUndo()
 	undo.SetActivityStreamsActor(asFollow.GetActivityStreamsActor())
 	// Set the recreated follow as the 'object' property.
 	undoObject := streams.NewActivityStreamsObjectProperty()
 	undoObject.AppendActivityStreamsFollow(asFollow)
 	undo.SetActivityStreamsObject(undoObject)
 	// Set the To of the undo as the target of the recreated follow
 	undoTo := streams.NewActivityStreamsToProperty()
 	undoTo.AppendIRI(targetAccountURI)
 	undo.SetActivityStreamsTo(undoTo)
 	outboxIRI, err := url.Parse(originAccount.OutboxURI)
 	if err != nil {
 		return fmt.Errorf("federateUnfollow: error parsing outboxURI %s: %s", originAccount.OutboxURI, err)
 	}
 	// send off the Undo
 	_, err = p.federator.FederatingActor().Send(context.Background(), outboxIRI, undo)
 	return err
 }
 func (p *processor) federateAcceptFollowRequest(follow *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) error {
 	// if both accounts are local there's nothing to do here
 	if originAccount.Domain == "" && targetAccount.Domain == "" {
 		return nil
 	}
 	// recreate the AS follow
 	asFollow, err := p.tc.FollowToAS(follow, originAccount, targetAccount)
 	if err != nil {
 		return fmt.Errorf("federateUnfollow: error converting follow to as format: %s", err)
 	}
 	acceptingAccountURI, err := url.Parse(targetAccount.URI)
 	if err != nil {
 		return fmt.Errorf("error parsing uri %s: %s", targetAccount.URI, err)
 	}
 	requestingAccountURI, err := url.Parse(originAccount.URI)
 	if err != nil {
 		return fmt.Errorf("error parsing uri %s: %s", targetAccount.URI, err)
 	}
 	// create an Accept
 	accept := streams.NewActivityStreamsAccept()
 	// set the accepting actor on it
 	acceptActorProp := streams.NewActivityStreamsActorProperty()
 	acceptActorProp.AppendIRI(acceptingAccountURI)
 	accept.SetActivityStreamsActor(acceptActorProp)
 	// Set the recreated follow as the 'object' property.
 	acceptObject := streams.NewActivityStreamsObjectProperty()
 	acceptObject.AppendActivityStreamsFollow(asFollow)
 	accept.SetActivityStreamsObject(acceptObject)
 	// Set the To of the accept as the originator of the follow
 	acceptTo := streams.NewActivityStreamsToProperty()
 	acceptTo.AppendIRI(requestingAccountURI)
 	accept.SetActivityStreamsTo(acceptTo)
 	outboxIRI, err := url.Parse(targetAccount.OutboxURI)
 	if err != nil {
 		return fmt.Errorf("federateAcceptFollowRequest: error parsing outboxURI %s: %s", originAccount.OutboxURI, err)
 	}
 	// send off the accept using the accepter's outbox
 	_, err = p.federator.FederatingActor().Send(context.Background(), outboxIRI, accept)
 	return err
 }
--- a/internal/message/fromcommonprocess.go
+++ b/internal/message/fromcommonprocess.go
@ -23,3 +23,7 @@ import "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 func (p *processor) notifyStatus(status *gtsmodel.Status) error {
 	return nil
 }
 func (p *processor) notifyFollow(follow *gtsmodel.Follow) error {
   return nil
 }
--- a/internal/message/fromfederatorprocess.go
+++ b/internal/message/fromfederatorprocess.go
@ -38,24 +38,60 @@ func (p *processor) processFromFederator(federatorMsg gtsmodel.FromFederator) er
 	l.Debug("entering function PROCESS FROM FEDERATOR")
-	switch federatorMsg.APObjectType {
+	switch federatorMsg.APActivityType {
-	case gtsmodel.ActivityStreamsNote:
+	case gtsmodel.ActivityStreamsCreate:
 		// CREATE
 		switch federatorMsg.APObjectType {
 		case gtsmodel.ActivityStreamsNote:
 			// CREATE A STATUS
 			incomingStatus, ok := federatorMsg.GTSModel.(*gtsmodel.Status)
 			if !ok {
 				return errors.New("note was not parseable as *gtsmodel.Status")
 			}
-		incomingStatus, ok := federatorMsg.GTSModel.(*gtsmodel.Status)
+			l.Debug("will now derefence incoming status")
-		if !ok {
+			if err := p.dereferenceStatusFields(incomingStatus); err != nil {
-			return errors.New("note was not parseable as *gtsmodel.Status")
+				return fmt.Errorf("error dereferencing status from federator: %s", err)
-		}
+			}
 			if err := p.db.UpdateByID(incomingStatus.ID, incomingStatus); err != nil {
 				return fmt.Errorf("error updating dereferenced status in the db: %s", err)
 			}
-		l.Debug("will now derefence incoming status")
+			if err := p.notifyStatus(incomingStatus); err != nil {
-		if err := p.dereferenceStatusFields(incomingStatus); err != nil {
+				return err
-			return fmt.Errorf("error dereferencing status from federator: %s", err)
+			}
-		}
+		case gtsmodel.ActivityStreamsProfile:
-		if err := p.db.UpdateByID(incomingStatus.ID, incomingStatus); err != nil {
+			// CREATE AN ACCOUNT
-			return fmt.Errorf("error updating dereferenced status in the db: %s", err)
+			incomingAccount, ok := federatorMsg.GTSModel.(*gtsmodel.Account)
-		}
+			if !ok {
 				return errors.New("profile was not parseable as *gtsmodel.Account")
 			}
-		if err := p.notifyStatus(incomingStatus); err != nil {
+			l.Debug("will now derefence incoming account")
-			return err
+			if err := p.dereferenceAccountFields(incomingAccount, ""); err != nil {
 				return fmt.Errorf("error dereferencing account from federator: %s", err)
 			}
 			if err := p.db.UpdateByID(incomingAccount.ID, incomingAccount); err != nil {
 				return fmt.Errorf("error updating dereferenced account in the db: %s", err)
 			}
 		}
 	case gtsmodel.ActivityStreamsUpdate:
 		// UPDATE
 		switch federatorMsg.APObjectType {
 		case gtsmodel.ActivityStreamsProfile:
 			// UPDATE AN ACCOUNT
 			incomingAccount, ok := federatorMsg.GTSModel.(*gtsmodel.Account)
 			if !ok {
 				return errors.New("profile was not parseable as *gtsmodel.Account")
 			}
 			l.Debug("will now derefence incoming account")
 			if err := p.dereferenceAccountFields(incomingAccount, ""); err != nil {
 				return fmt.Errorf("error dereferencing account from federator: %s", err)
 			}
 			if err := p.db.UpdateByID(incomingAccount.ID, incomingAccount); err != nil {
 				return fmt.Errorf("error updating dereferenced account in the db: %s", err)
 			}
 		}
 	}
@ -121,7 +157,7 @@ func (p *processor) dereferenceStatusFields(status *gtsmodel.Status) error {
 		// it might have been processed elsewhere so check first if it's already in the database or not
 		maybeAttachment := &gtsmodel.MediaAttachment{}
-		err := p.db.GetWhere("remote_url", a.RemoteURL, maybeAttachment)
+		err := p.db.GetWhere([]db.Where{{Key: "remote_url", Value: a.RemoteURL}}, maybeAttachment)
 		if err == nil {
 			// we already have it in the db, dereferenced, no need to do it again
 			l.Debugf("attachment already exists with id %s", maybeAttachment.ID)
@ -170,7 +206,7 @@ func (p *processor) dereferenceStatusFields(status *gtsmodel.Status) error {
 		m.OriginAccountURI = status.GTSAccount.URI
 		targetAccount := &gtsmodel.Account{}
-		if err := p.db.GetWhere("uri", uri.String(), targetAccount); err != nil {
+		if err := p.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String()}}, targetAccount); err != nil {
 			// proper error
 			if _, ok := err.(db.ErrNoEntries); !ok {
 				return fmt.Errorf("db error checking for account with uri %s", uri.String())
@ -206,3 +242,27 @@ func (p *processor) dereferenceStatusFields(status *gtsmodel.Status) error {
 	return nil
 }
 func (p *processor) dereferenceAccountFields(account *gtsmodel.Account, requestingUsername string) error {
 	l := p.log.WithFields(logrus.Fields{
 		"func":               "dereferenceAccountFields",
 		"requestingUsername": requestingUsername,
 	})
 	t, err := p.federator.GetTransportForUser(requestingUsername)
 	if err != nil {
 		return fmt.Errorf("error getting transport for user: %s", err)
 	}
 	// fetch the header and avatar
 	if err := p.fetchHeaderAndAviForAccount(account, t); err != nil {
 		// if this doesn't work, just skip it -- we can do it later
 		l.Debugf("error fetching header/avi for account: %s", err)
 	}
 	if err := p.db.UpdateByID(account.ID, account); err != nil {
 		return fmt.Errorf("error updating account in database: %s", err)
 	}
 	return nil
 }
--- a/internal/message/frprocess.go
+++ b/internal/message/frprocess.go
@ -48,11 +48,28 @@ func (p *processor) FollowRequestsGet(auth *oauth.Auth) ([]apimodel.Account, Err
 	return accts, nil
 }
-func (p *processor) FollowRequestAccept(auth *oauth.Auth, accountID string) ErrorWithCode {
+func (p *processor) FollowRequestAccept(auth *oauth.Auth, accountID string) (*apimodel.Relationship, ErrorWithCode) {
-	if err := p.db.AcceptFollowRequest(accountID, auth.Account.ID); err != nil {
+	follow, err := p.db.AcceptFollowRequest(accountID, auth.Account.ID)
-		return NewErrorNotFound(err)
+	if err != nil {
 		return nil, NewErrorNotFound(err)
 	}
-	return nil
+
 	p.fromClientAPI <- gtsmodel.FromClientAPI{
 		APActivityType: gtsmodel.ActivityStreamsAccept,
 		GTSModel: follow,
 	}
 	gtsR, err := p.db.GetRelationship(auth.Account.ID, accountID)
 	if err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	r, err := p.tc.RelationshipToMasto(gtsR)
 	if  err != nil {
 		return nil, NewErrorInternalError(err)
 	}
 	return r, nil
 }
 func (p *processor) FollowRequestDeny(auth *oauth.Auth) ErrorWithCode {
--- a/internal/message/instanceprocess.go
+++ b/internal/message/instanceprocess.go
@ -22,12 +22,13 @@ import (
 	"fmt"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
 func (p *processor) InstanceGet(domain string) (*apimodel.Instance, ErrorWithCode) {
 	i := &gtsmodel.Instance{}
-	if err := p.db.GetWhere("domain", domain, i); err != nil {
+	if err := p.db.GetWhere([]db.Where{{Key: "domain", Value: domain}}, i); err != nil {
 		return nil, NewErrorInternalError(fmt.Errorf("db error fetching instance %s: %s", p.config.Host, err))
 	}
--- a/internal/message/processor.go
+++ b/internal/message/processor.go
@ -71,8 +71,16 @@ type Processor interface {
 	// AccountStatusesGet fetches a number of statuses (in time descending order) from the given account, filtered by visibility for
 	// the account given in authed.
 	AccountStatusesGet(authed *oauth.Auth, targetAccountID string, limit int, excludeReplies bool, maxID string, pinned bool, mediaOnly bool) ([]apimodel.Status, ErrorWithCode)
-	// AccountFollowersGet
+	// AccountFollowersGet fetches a list of the target account's followers.
 	AccountFollowersGet(authed *oauth.Auth, targetAccountID string) ([]apimodel.Account, ErrorWithCode)
 	// AccountFollowingGet fetches a list of the accounts that target account is following.
 	AccountFollowingGet(authed *oauth.Auth, targetAccountID string) ([]apimodel.Account, ErrorWithCode)
 	// AccountRelationshipGet returns a relationship model describing the relationship of the targetAccount to the Authed account.
 	AccountRelationshipGet(authed *oauth.Auth, targetAccountID string) (*apimodel.Relationship, ErrorWithCode)
 	// AccountFollowCreate handles a follow request to an account, either remote or local.
 	AccountFollowCreate(authed *oauth.Auth, form *apimodel.AccountFollowRequest) (*apimodel.Relationship, ErrorWithCode)
 	// AccountFollowRemove handles the removal of a follow/follow request to an account, either remote or local.
 	AccountFollowRemove(authed *oauth.Auth, targetAccountID string) (*apimodel.Relationship, ErrorWithCode)
 	// AdminEmojiCreate handles the creation of a new instance emoji by an admin, using the given form.
 	AdminEmojiCreate(authed *oauth.Auth, form *apimodel.EmojiCreateRequest) (*apimodel.Emoji, error)
@ -86,7 +94,7 @@ type Processor interface {
 	// FollowRequestsGet handles the getting of the authed account's incoming follow requests
 	FollowRequestsGet(auth *oauth.Auth) ([]apimodel.Account, ErrorWithCode)
 	// FollowRequestAccept handles the acceptance of a follow request from the given account ID
-	FollowRequestAccept(auth *oauth.Auth, accountID string) ErrorWithCode
+	FollowRequestAccept(auth *oauth.Auth, accountID string) (*apimodel.Relationship, ErrorWithCode)
 	// InstanceGet retrieves instance information for serving at api/v1/instance
 	InstanceGet(domain string) (*apimodel.Instance, ErrorWithCode)
@ -125,6 +133,14 @@ type Processor interface {
 	// before returning a JSON serializable interface to the caller.
 	GetFediUser(requestedUsername string, request *http.Request) (interface{}, ErrorWithCode)
 	// GetFediFollowers handles the getting of a fedi/activitypub representation of a user/account's followers, performing appropriate
 	// authentication before returning a JSON serializable interface to the caller.
 	GetFediFollowers(requestedUsername string, request *http.Request) (interface{}, ErrorWithCode)
 	// GetFediStatus handles the getting of a fedi/activitypub representation of a particular status, performing appropriate
 	// authentication before returning a JSON serializable interface to the caller.
 	GetFediStatus(requestedUsername string, requestedStatusID string, request *http.Request) (interface{}, ErrorWithCode)
 	// GetWebfingerAccount handles the GET for a webfinger resource. Most commonly, it will be used for returning account lookups.
 	GetWebfingerAccount(requestedUsername string, request *http.Request) (*apimodel.WebfingerAccountResponse, ErrorWithCode)
@ -200,15 +216,11 @@ func (p *processor) Start() error {
 	DistLoop:
 		for {
 			select {
 			// case clientMsg := <-p.toClientAPI:
 			// 	p.log.Infof("received message TO client API: %+v", clientMsg)
 			case clientMsg := <-p.fromClientAPI:
 				p.log.Infof("received message FROM client API: %+v", clientMsg)
 				if err := p.processFromClientAPI(clientMsg); err != nil {
 					p.log.Error(err)
 				}
 			// case federatorMsg := <-p.toFederator:
 			// 	p.log.Infof("received message TO federator: %+v", federatorMsg)
 			case federatorMsg := <-p.fromFederator:
 				p.log.Infof("received message FROM federator: %+v", federatorMsg)
 				if err := p.processFromFederator(federatorMsg); err != nil {
--- a/internal/message/processorutil.go
+++ b/internal/message/processorutil.go
@ -29,6 +29,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/transport"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
@ -205,7 +206,7 @@ func (p *processor) processMentions(form *apimodel.AdvancedStatusCreateForm, acc
 		if err := p.db.Put(menchie); err != nil {
 			return fmt.Errorf("error putting mentions in db: %s", err)
 		}
-		menchies = append(menchies, menchie.TargetAccountID)
+		menchies = append(menchies, menchie.ID)
 	}
 	// add full populated gts menchies to the status for passing them around conveniently
 	status.GTSMentions = gtsMenchies
@ -280,7 +281,7 @@ func (p *processor) updateAccountAvatar(avatar *multipart.FileHeader, accountID
 	}
 	// do the setting
-	avatarInfo, err := p.mediaHandler.ProcessHeaderOrAvatar(buf.Bytes(), accountID, media.Avatar)
+	avatarInfo, err := p.mediaHandler.ProcessHeaderOrAvatar(buf.Bytes(), accountID, media.Avatar, "")
 	if err != nil {
 		return nil, fmt.Errorf("error processing avatar: %s", err)
 	}
@ -313,10 +314,42 @@ func (p *processor) updateAccountHeader(header *multipart.FileHeader, accountID
 	}
 	// do the setting
-	headerInfo, err := p.mediaHandler.ProcessHeaderOrAvatar(buf.Bytes(), accountID, media.Header)
+	headerInfo, err := p.mediaHandler.ProcessHeaderOrAvatar(buf.Bytes(), accountID, media.Header, "")
 	if err != nil {
 		return nil, fmt.Errorf("error processing header: %s", err)
 	}
 	return headerInfo, f.Close()
 }
 // fetchHeaderAndAviForAccount fetches the header and avatar for a remote account, using a transport
 // on behalf of requestingUsername.
 //
 // targetAccount's AvatarMediaAttachmentID and HeaderMediaAttachmentID will be updated as necessary.
 //
 // SIDE EFFECTS: remote header and avatar will be stored in local storage, and the database will be updated
 // to reflect the creation of these new attachments.
 func (p *processor) fetchHeaderAndAviForAccount(targetAccount *gtsmodel.Account, t transport.Transport) error {
 	if targetAccount.AvatarRemoteURL != "" && targetAccount.AvatarMediaAttachmentID == "" {
 		a, err := p.mediaHandler.ProcessRemoteHeaderOrAvatar(t, &gtsmodel.MediaAttachment{
 			RemoteURL: targetAccount.AvatarRemoteURL,
 			Avatar:    true,
 		}, targetAccount.ID)
 		if err != nil {
 			return fmt.Errorf("error processing avatar for user: %s", err)
 		}
 		targetAccount.AvatarMediaAttachmentID = a.ID
 	}
 	if targetAccount.HeaderRemoteURL != "" && targetAccount.HeaderMediaAttachmentID == "" {
 		a, err := p.mediaHandler.ProcessRemoteHeaderOrAvatar(t, &gtsmodel.MediaAttachment{
 			RemoteURL: targetAccount.HeaderRemoteURL,
 			Header:    true,
 		}, targetAccount.ID)
 		if err != nil {
 			return fmt.Errorf("error processing header for user: %s", err)
 		}
 		targetAccount.HeaderMediaAttachmentID = a.ID
 	}
 	return nil
 }
--- a/internal/oauth/tokenstore.go
+++ b/internal/oauth/tokenstore.go
@ -106,17 +106,17 @@ func (pts *tokenStore) Create(ctx context.Context, info oauth2.TokenInfo) error
 // RemoveByCode deletes a token from the DB based on the Code field
 func (pts *tokenStore) RemoveByCode(ctx context.Context, code string) error {
-	return pts.db.DeleteWhere("code", code, &Token{})
+	return pts.db.DeleteWhere([]db.Where{{Key: "code", Value: code}}, &Token{})
 }
 // RemoveByAccess deletes a token from the DB based on the Access field
 func (pts *tokenStore) RemoveByAccess(ctx context.Context, access string) error {
-	return pts.db.DeleteWhere("access", access, &Token{})
+	return pts.db.DeleteWhere([]db.Where{{Key: "access", Value: access}}, &Token{})
 }
 // RemoveByRefresh deletes a token from the DB based on the Refresh field
 func (pts *tokenStore) RemoveByRefresh(ctx context.Context, refresh string) error {
-	return pts.db.DeleteWhere("refresh", refresh, &Token{})
+	return pts.db.DeleteWhere([]db.Where{{Key: "refresh", Value: refresh}}, &Token{})
 }
 // GetByCode selects a token from the DB based on the Code field
@ -127,7 +127,7 @@ func (pts *tokenStore) GetByCode(ctx context.Context, code string) (oauth2.Token
 	pgt := &Token{
 		Code: code,
 	}
-	if err := pts.db.GetWhere("code", code, pgt); err != nil {
+	if err := pts.db.GetWhere([]db.Where{{Key: "code", Value: code}}, pgt); err != nil {
 		return nil, err
 	}
 	return TokenToOauthToken(pgt), nil
@ -141,7 +141,7 @@ func (pts *tokenStore) GetByAccess(ctx context.Context, access string) (oauth2.T
 	pgt := &Token{
 		Access: access,
 	}
-	if err := pts.db.GetWhere("access", access, pgt); err != nil {
+	if err := pts.db.GetWhere([]db.Where{{Key: "access", Value: access}}, pgt); err != nil {
 		return nil, err
 	}
 	return TokenToOauthToken(pgt), nil
@ -155,7 +155,7 @@ func (pts *tokenStore) GetByRefresh(ctx context.Context, refresh string) (oauth2
 	pgt := &Token{
 		Refresh: refresh,
 	}
-	if err := pts.db.GetWhere("refresh", refresh, pgt); err != nil {
+	if err := pts.db.GetWhere([]db.Where{{Key: "refresh", Value: refresh}}, pgt); err != nil {
 		return nil, err
 	}
 	return TokenToOauthToken(pgt), nil
--- a/internal/transport/controller.go
+++ b/internal/transport/controller.go
@ -39,6 +39,7 @@ type controller struct {
 	clock    pub.Clock
 	client   pub.HttpClient
 	appAgent string
 	log      *logrus.Logger
 }
 // NewController returns an implementation of the Controller interface for creating new transports
@ -48,6 +49,7 @@ func NewController(config *config.Config, clock pub.Clock, client pub.HttpClient
 		clock:    clock,
 		client:   client,
 		appAgent: fmt.Sprintf("%s %s", config.ApplicationName, config.Host),
 		log:      log,
 	}
 }
@ -80,5 +82,6 @@ func (c *controller) NewTransport(pubKeyID string, privkey crypto.PrivateKey) (T
 		sigTransport: sigTransport,
 		getSigner:    getSigner,
 		getSignerMu:  &sync.Mutex{},
 		log:          c.log,
 	}, nil
 }
--- a/internal/transport/transport.go
+++ b/internal/transport/transport.go
@ -11,6 +11,7 @@ import (
 	"github.com/go-fed/activity/pub"
 	"github.com/go-fed/httpsig"
 	"github.com/sirupsen/logrus"
 )
 // Transport wraps the pub.Transport interface with some additional
@ -31,6 +32,7 @@ type transport struct {
 	sigTransport *pub.HttpSigTransport
 	getSigner    httpsig.Signer
 	getSignerMu  *sync.Mutex
 	log          *logrus.Logger
 }
 func (t *transport) BatchDeliver(c context.Context, b []byte, recipients []*url.URL) error {
@ -38,14 +40,20 @@ func (t *transport) BatchDeliver(c context.Context, b []byte, recipients []*url.
 }
 func (t *transport) Deliver(c context.Context, b []byte, to *url.URL) error {
 	l := t.log.WithField("func", "Deliver")
 	l.Debugf("performing POST to %s", to.String())
 	return t.sigTransport.Deliver(c, b, to)
 }
 func (t *transport) Dereference(c context.Context, iri *url.URL) ([]byte, error) {
 	l := t.log.WithField("func", "Dereference")
 	l.Debugf("performing GET to %s", iri.String())
 	return t.sigTransport.Dereference(c, iri)
 }
 func (t *transport) DereferenceMedia(c context.Context, iri *url.URL, expectedContentType string) ([]byte, error) {
 	l := t.log.WithField("func", "DereferenceMedia")
 	l.Debugf("performing GET to %s", iri.String())
 	req, err := http.NewRequest("GET", iri.String(), nil)
 	if err != nil {
 		return nil, err
--- a/internal/typeutils/astointernal.go
+++ b/internal/typeutils/astointernal.go
@ -37,7 +37,7 @@ func (c *converter) ASRepresentationToAccount(accountable Accountable) (*gtsmode
 	uri := uriProp.GetIRI()
 	acct := &gtsmodel.Account{}
-	err := c.db.GetWhere("uri", uri.String(), acct)
+	err := c.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String()}}, acct)
 	if err == nil {
 		// we already know this account so we can skip generating it
 		return acct, nil
@ -90,7 +90,7 @@ func (c *converter) ASRepresentationToAccount(accountable Accountable) (*gtsmode
 	}
 	// check for bot and actor type
-	switch gtsmodel.ActivityStreamsActor(accountable.GetTypeName()) {
+	switch accountable.GetTypeName() {
 	case gtsmodel.ActivityStreamsPerson, gtsmodel.ActivityStreamsGroup, gtsmodel.ActivityStreamsOrganization:
 		// people, groups, and organizations aren't bots
 		acct.Bot = false
@ -101,7 +101,7 @@ func (c *converter) ASRepresentationToAccount(accountable Accountable) (*gtsmode
 		// we don't know what this is!
 		return nil, fmt.Errorf("type name %s not recognised or not convertible to gtsmodel.ActivityStreamsActor", accountable.GetTypeName())
 	}
-	acct.ActorType = gtsmodel.ActivityStreamsActor(accountable.GetTypeName())
+	acct.ActorType = accountable.GetTypeName()
 	// TODO: locked aka manuallyApprovesFollowers
@ -220,7 +220,7 @@ func (c *converter) ASStatusToStatus(statusable Statusable) (*gtsmodel.Status, e
 	status.APStatusOwnerURI = attributedTo.String()
 	statusOwner := &gtsmodel.Account{}
-	if err := c.db.GetWhere("uri", attributedTo.String(), statusOwner); err != nil {
+	if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: attributedTo.String()}}, statusOwner); err != nil {
 		return nil, fmt.Errorf("couldn't get status owner from db: %s", err)
 	}
 	status.AccountID = statusOwner.ID
@ -235,7 +235,7 @@ func (c *converter) ASStatusToStatus(statusable Statusable) (*gtsmodel.Status, e
 		// now we can check if we have the replied-to status in our db already
 		inReplyToStatus := &gtsmodel.Status{}
-		if err := c.db.GetWhere("uri", inReplyToURI.String(), inReplyToStatus); err == nil {
+		if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: inReplyToURI.String()}}, inReplyToStatus); err == nil {
 			// we have the status in our database already
 			// so we can set these fields here and then...
 			status.InReplyToID = inReplyToStatus.ID
@ -281,7 +281,10 @@ func (c *converter) ASStatusToStatus(statusable Statusable) (*gtsmodel.Status, e
 	// if it's CC'ed to public, it's public or unlocked
 	// mentioned SPECIFIC ACCOUNTS also get added to CC'es if it's not a direct message
-	if isPublic(cc) || isPublic(to) {
+	if isPublic(cc) {
 		visibility = gtsmodel.VisibilityUnlocked
 	}
 	if isPublic(to) {
 		visibility = gtsmodel.VisibilityPublic
 	}
@ -301,7 +304,7 @@ func (c *converter) ASStatusToStatus(statusable Statusable) (*gtsmodel.Status, e
 	// we might be able to extract this from the contentMap field
 	// ActivityStreamsType
-	status.ActivityStreamsType = gtsmodel.ActivityStreamsObject(statusable.GetTypeName())
+	status.ActivityStreamsType = statusable.GetTypeName()
 	return status, nil
 }
@ -319,7 +322,7 @@ func (c *converter) ASFollowToFollowRequest(followable Followable) (*gtsmodel.Fo
 		return nil, errors.New("error extracting actor property from follow")
 	}
 	originAccount := &gtsmodel.Account{}
-	if err := c.db.GetWhere("uri", origin.String(), originAccount); err != nil {
+	if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: origin.String()}}, originAccount); err != nil {
 		return nil, fmt.Errorf("error extracting account with uri %s from the database: %s", origin.String(), err)
 	}
@ -328,7 +331,7 @@ func (c *converter) ASFollowToFollowRequest(followable Followable) (*gtsmodel.Fo
 		return nil, errors.New("error extracting object property from follow")
 	}
 	targetAccount := &gtsmodel.Account{}
-	if err := c.db.GetWhere("uri", target.String(), targetAccount); err != nil {
+	if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: target.String()}}, targetAccount); err != nil {
 		return nil, fmt.Errorf("error extracting account with uri %s from the database: %s", origin.String(), err)
 	}
@ -341,6 +344,40 @@ func (c *converter) ASFollowToFollowRequest(followable Followable) (*gtsmodel.Fo
 	return followRequest, nil
 }
 func (c *converter) ASFollowToFollow(followable Followable) (*gtsmodel.Follow, error) {
 	idProp := followable.GetJSONLDId()
 	if idProp == nil || !idProp.IsIRI() {
 		return nil, errors.New("no id property set on follow, or was not an iri")
 	}
 	uri := idProp.GetIRI().String()
 	origin, err := extractActor(followable)
 	if err != nil {
 		return nil, errors.New("error extracting actor property from follow")
 	}
 	originAccount := &gtsmodel.Account{}
 	if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: origin.String()}}, originAccount); err != nil {
 		return nil, fmt.Errorf("error extracting account with uri %s from the database: %s", origin.String(), err)
 	}
 	target, err := extractObject(followable)
 	if err != nil {
 		return nil, errors.New("error extracting object property from follow")
 	}
 	targetAccount := &gtsmodel.Account{}
 	if err := c.db.GetWhere([]db.Where{{Key: "uri", Value: target.String()}}, targetAccount); err != nil {
 		return nil, fmt.Errorf("error extracting account with uri %s from the database: %s", origin.String(), err)
 	}
 	follow := &gtsmodel.Follow{
 		URI:             uri,
 		AccountID:       originAccount.ID,
 		TargetAccountID: targetAccount.ID,
 	}
 	return follow, nil
 }
 func isPublic(tos []*url.URL) bool {
 	for _, entry := range tos {
 		if strings.EqualFold(entry.String(), "https://www.w3.org/ns/activitystreams#Public") {
--- a/internal/typeutils/converter.go
+++ b/internal/typeutils/converter.go
@ -26,6 +26,10 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
 const (
 	asPublicURI = "https://www.w3.org/ns/activitystreams#Public"
 )
 // TypeConverter is an interface for the common action of converting between apimodule (frontend, serializable) models,
 // internal gts models used in the database, and activitypub models used in federation.
 //
@ -77,6 +81,9 @@ type TypeConverter interface {
 	// InstanceToMasto converts a gts instance into its mastodon equivalent for serving at /api/v1/instance
 	InstanceToMasto(i *gtsmodel.Instance) (*model.Instance, error)
 	// RelationshipToMasto converts a gts relationship into its mastodon equivalent for serving in various places
 	RelationshipToMasto(r *gtsmodel.Relationship) (*model.Relationship, error)
 	/*
 		FRONTEND (mastodon) MODEL TO INTERNAL (gts) MODEL
 	*/
@ -94,6 +101,8 @@ type TypeConverter interface {
 	ASStatusToStatus(statusable Statusable) (*gtsmodel.Status, error)
 	// ASFollowToFollowRequest converts a remote activitystreams `follow` representation into gts model follow request.
 	ASFollowToFollowRequest(followable Followable) (*gtsmodel.FollowRequest, error)
 	// ASFollowToFollowRequest converts a remote activitystreams `follow` representation into gts model follow.
 	ASFollowToFollow(followable Followable) (*gtsmodel.Follow, error)
 	/*
 		INTERNAL (gts) MODEL TO ACTIVITYSTREAMS MODEL
@ -104,6 +113,15 @@ type TypeConverter interface {
 	// StatusToAS converts a gts model status into an activity streams note, suitable for federation
 	StatusToAS(s *gtsmodel.Status) (vocab.ActivityStreamsNote, error)
 	// FollowToASFollow converts a gts model Follow into an activity streams Follow, suitable for federation
 	FollowToAS(f *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) (vocab.ActivityStreamsFollow, error)
 	// MentionToAS converts a gts model mention into an activity streams Mention, suitable for federation
 	MentionToAS(m *gtsmodel.Mention) (vocab.ActivityStreamsMention, error)
 	// AttachmentToAS converts a gts model media attachment into an activity streams Attachment, suitable for federation
 	AttachmentToAS(a *gtsmodel.MediaAttachment) (vocab.ActivityStreamsDocument, error)
 }
 type converter struct {
--- a/internal/typeutils/internaltoas.go
+++ b/internal/typeutils/internaltoas.go
@ -21,10 +21,12 @@ package typeutils
 import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
 	"net/url"
 	"github.com/go-fed/activity/streams"
 	"github.com/go-fed/activity/streams/vocab"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
@ -256,5 +258,304 @@ func (c *converter) AccountToAS(a *gtsmodel.Account) (vocab.ActivityStreamsPerso
 }
 func (c *converter) StatusToAS(s *gtsmodel.Status) (vocab.ActivityStreamsNote, error) {
-	return nil, nil
+	// ensure prerequisites here before we get stuck in
 	// check if author account is already attached to status and attach it if not
 	// if we can't retrieve this, bail here already because we can't attribute the status to anyone
 	if s.GTSAccount == nil {
 		a := &gtsmodel.Account{}
 		if err := c.db.GetByID(s.AccountID, a); err != nil {
 			return nil, fmt.Errorf("StatusToAS: error retrieving author account from db: %s", err)
 		}
 		s.GTSAccount = a
 	}
 	// create the Note!
 	status := streams.NewActivityStreamsNote()
 	// id
 	statusURI, err := url.Parse(s.URI)
 	if err != nil {
 		return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", s.URI, err)
 	}
 	statusIDProp := streams.NewJSONLDIdProperty()
 	statusIDProp.SetIRI(statusURI)
 	status.SetJSONLDId(statusIDProp)
 	// type
 	// will be set automatically by go-fed
 	// summary aka cw
 	statusSummaryProp := streams.NewActivityStreamsSummaryProperty()
 	statusSummaryProp.AppendXMLSchemaString(s.ContentWarning)
 	status.SetActivityStreamsSummary(statusSummaryProp)
 	// inReplyTo
 	if s.InReplyToID != "" {
 		// fetch the replied status if we don't have it on hand already
 		if s.GTSReplyToStatus == nil {
 			rs := &gtsmodel.Status{}
 			if err := c.db.GetByID(s.InReplyToID, rs); err != nil {
 				return nil, fmt.Errorf("StatusToAS: error retrieving replied-to status from db: %s", err)
 			}
 			s.GTSReplyToStatus = rs
 		}
 		rURI, err := url.Parse(s.GTSReplyToStatus.URI)
 		if err != nil {
 			return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", s.GTSReplyToStatus.URI, err)
 		}
 		inReplyToProp := streams.NewActivityStreamsInReplyToProperty()
 		inReplyToProp.AppendIRI(rURI)
 		status.SetActivityStreamsInReplyTo(inReplyToProp)
 	}
 	// published
 	publishedProp := streams.NewActivityStreamsPublishedProperty()
 	publishedProp.Set(s.CreatedAt)
 	status.SetActivityStreamsPublished(publishedProp)
 	// url
 	if s.URL != "" {
 		sURL, err := url.Parse(s.URL)
 		if err != nil {
 			return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", s.URL, err)
 		}
 		urlProp := streams.NewActivityStreamsUrlProperty()
 		urlProp.AppendIRI(sURL)
 		status.SetActivityStreamsUrl(urlProp)
 	}
 	// attributedTo
 	authorAccountURI, err := url.Parse(s.GTSAccount.URI)
 	if err != nil {
 		return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", s.GTSAccount.URI, err)
 	}
 	attributedToProp := streams.NewActivityStreamsAttributedToProperty()
 	attributedToProp.AppendIRI(authorAccountURI)
 	status.SetActivityStreamsAttributedTo(attributedToProp)
 	// tags
 	tagProp := streams.NewActivityStreamsTagProperty()
 	// tag -- mentions
 	for _, m := range s.GTSMentions {
 		asMention, err := c.MentionToAS(m)
 		if err != nil {
 			return nil, fmt.Errorf("StatusToAS: error converting mention to AS mention: %s", err)
 		}
 		tagProp.AppendActivityStreamsMention(asMention)
 	}
 	// tag -- emojis
 	// TODO
 	// tag -- hashtags
 	// TODO
 	status.SetActivityStreamsTag(tagProp)
 	// parse out some URIs we need here
 	authorFollowersURI, err := url.Parse(s.GTSAccount.FollowersURI)
 	if err != nil {
 		return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", s.GTSAccount.FollowersURI, err)
 	}
 	publicURI, err := url.Parse(asPublicURI)
 	if err != nil {
 		return nil, fmt.Errorf("StatusToAS: error parsing url %s: %s", asPublicURI, err)
 	}
 	// to and cc
 	toProp := streams.NewActivityStreamsToProperty()
 	ccProp := streams.NewActivityStreamsCcProperty()
 	switch s.Visibility {
 	case gtsmodel.VisibilityDirect:
 		// if DIRECT, then only mentioned users should be added to TO, and nothing to CC
 		for _, m := range s.GTSMentions {
 			iri, err := url.Parse(m.GTSAccount.URI)
 			if err != nil {
 				return nil, fmt.Errorf("StatusToAS: error parsing uri %s: %s", m.GTSAccount.URI, err)
 			}
 			toProp.AppendIRI(iri)
 		}
 	case gtsmodel.VisibilityMutualsOnly:
 		// TODO
 	case gtsmodel.VisibilityFollowersOnly:
 		// if FOLLOWERS ONLY then we want to add followers to TO, and mentions to CC
 		toProp.AppendIRI(authorFollowersURI)
 		for _, m := range s.GTSMentions {
 			iri, err := url.Parse(m.GTSAccount.URI)
 			if err != nil {
 				return nil, fmt.Errorf("StatusToAS: error parsing uri %s: %s", m.GTSAccount.URI, err)
 			}
 			ccProp.AppendIRI(iri)
 		}
 	case gtsmodel.VisibilityUnlocked:
 		// if UNLOCKED, we want to add followers to TO, and public and mentions to CC
 		toProp.AppendIRI(authorFollowersURI)
 		ccProp.AppendIRI(publicURI)
 		for _, m := range s.GTSMentions {
 			iri, err := url.Parse(m.GTSAccount.URI)
 			if err != nil {
 				return nil, fmt.Errorf("StatusToAS: error parsing uri %s: %s", m.GTSAccount.URI, err)
 			}
 			ccProp.AppendIRI(iri)
 		}
 	case gtsmodel.VisibilityPublic:
 		// if PUBLIC, we want to add public to TO, and followers and mentions to CC
 		toProp.AppendIRI(publicURI)
 		ccProp.AppendIRI(authorFollowersURI)
 		for _, m := range s.GTSMentions {
 			iri, err := url.Parse(m.GTSAccount.URI)
 			if err != nil {
 				return nil, fmt.Errorf("StatusToAS: error parsing uri %s: %s", m.GTSAccount.URI, err)
 			}
 			ccProp.AppendIRI(iri)
 		}
 	}
 	status.SetActivityStreamsTo(toProp)
 	status.SetActivityStreamsCc(ccProp)
 	// conversation
 	// TODO
 	// content -- the actual post itself
 	contentProp := streams.NewActivityStreamsContentProperty()
 	contentProp.AppendXMLSchemaString(s.Content)
 	status.SetActivityStreamsContent(contentProp)
 	// attachment
 	attachmentProp := streams.NewActivityStreamsAttachmentProperty()
 	for _, a := range s.GTSMediaAttachments {
 		doc, err := c.AttachmentToAS(a)
 		if err != nil {
 			return nil, fmt.Errorf("StatusToAS: error converting attachment: %s", err)
 		}
 		attachmentProp.AppendActivityStreamsDocument(doc)
 	}
 	status.SetActivityStreamsAttachment(attachmentProp)
 	// replies
 	// TODO
 	return status, nil
 }
 func (c *converter) FollowToAS(f *gtsmodel.Follow, originAccount *gtsmodel.Account, targetAccount *gtsmodel.Account) (vocab.ActivityStreamsFollow, error) {
 	// parse out the various URIs we need for this
 	// origin account (who's doing the follow)
 	originAccountURI, err := url.Parse(originAccount.URI)
 	if err != nil {
 		return nil, fmt.Errorf("followtoasfollow: error parsing origin account uri: %s", err)
 	}
 	originActor := streams.NewActivityStreamsActorProperty()
 	originActor.AppendIRI(originAccountURI)
 	// target account (who's being followed)
 	targetAccountURI, err := url.Parse(targetAccount.URI)
 	if err != nil {
 		return nil, fmt.Errorf("followtoasfollow: error parsing target account uri: %s", err)
 	}
 	// uri of the follow activity itself
 	followURI, err := url.Parse(f.URI)
 	if err != nil {
 		return nil, fmt.Errorf("followtoasfollow: error parsing follow uri: %s", err)
 	}
 	// start preparing the follow activity
 	follow := streams.NewActivityStreamsFollow()
 	// set the actor
 	follow.SetActivityStreamsActor(originActor)
 	// set the id
 	followIDProp := streams.NewJSONLDIdProperty()
 	followIDProp.SetIRI(followURI)
 	follow.SetJSONLDId(followIDProp)
 	// set the object
 	followObjectProp := streams.NewActivityStreamsObjectProperty()
 	followObjectProp.AppendIRI(targetAccountURI)
 	follow.SetActivityStreamsObject(followObjectProp)
 	// set the To property
 	followToProp := streams.NewActivityStreamsToProperty()
 	followToProp.AppendIRI(targetAccountURI)
 	follow.SetActivityStreamsTo(followToProp)
 	return follow, nil
 }
 func (c *converter) MentionToAS(m *gtsmodel.Mention) (vocab.ActivityStreamsMention, error) {
 	if m.GTSAccount == nil {
 		a := &gtsmodel.Account{}
 		if err := c.db.GetWhere([]db.Where{{Key: "target_account_id", Value: m.TargetAccountID}}, a); err != nil {
 			return nil, fmt.Errorf("MentionToAS: error getting target account from db: %s", err)
 		}
 		m.GTSAccount = a
 	}
 	// create the mention
 	mention := streams.NewActivityStreamsMention()
 	// href -- this should be the URI of the mentioned user
 	hrefProp := streams.NewActivityStreamsHrefProperty()
 	hrefURI, err := url.Parse(m.GTSAccount.URI)
 	if err != nil {
 		return nil, fmt.Errorf("MentionToAS: error parsing uri %s: %s", m.GTSAccount.URI, err)
 	}
 	hrefProp.SetIRI(hrefURI)
 	mention.SetActivityStreamsHref(hrefProp)
 	// name -- this should be the namestring of the mentioned user, something like @whatever@example.org
 	var domain string
 	if m.GTSAccount.Domain == "" {
 		domain = c.config.Host
 	} else {
 		domain = m.GTSAccount.Domain
 	}
 	username := m.GTSAccount.Username
 	nameString := fmt.Sprintf("@%s@%s", username, domain)
 	nameProp := streams.NewActivityStreamsNameProperty()
 	nameProp.AppendXMLSchemaString(nameString)
 	mention.SetActivityStreamsName(nameProp)
 	return mention, nil
 }
 func (c *converter) AttachmentToAS(a *gtsmodel.MediaAttachment) (vocab.ActivityStreamsDocument, error) {
 	// type -- Document
 	doc := streams.NewActivityStreamsDocument()
 	// mediaType aka mime content type
 	mediaTypeProp := streams.NewActivityStreamsMediaTypeProperty()
 	mediaTypeProp.Set(a.File.ContentType)
 	doc.SetActivityStreamsMediaType(mediaTypeProp)
 	// url -- for the original image not the thumbnail
 	urlProp := streams.NewActivityStreamsUrlProperty()
 	imageURL, err := url.Parse(a.URL)
 	if err != nil {
 		return nil, fmt.Errorf("AttachmentToAS: error parsing uri %s: %s", a.URL, err)
 	}
 	urlProp.AppendIRI(imageURL)
 	doc.SetActivityStreamsUrl(urlProp)
 	// name -- aka image description
 	nameProp := streams.NewActivityStreamsNameProperty()
 	nameProp.AppendXMLSchemaString(a.Description)
 	doc.SetActivityStreamsName(nameProp)
 	// blurhash
 	blurProp := streams.NewTootBlurhashProperty()
 	blurProp.Set(a.Blurhash)
 	doc.SetTootBlurhash(blurProp)
 	// focalpoint
 	// TODO
 	return doc, nil
 }
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@ -572,3 +572,21 @@ func (c *converter) InstanceToMasto(i *gtsmodel.Instance) (*model.Instance, erro
 	return mi, nil
 }
 func (c *converter) RelationshipToMasto(r *gtsmodel.Relationship) (*model.Relationship, error) {
 	return &model.Relationship{
 		ID: r.ID,
 		Following: r.Following,
 		ShowingReblogs: r.ShowingReblogs,
 		Notifying: r.Notifying,
 		FollowedBy: r.FollowedBy,
 		Blocking: r.Blocking,
 		BlockedBy: r.BlockedBy,
 		Muting: r.Muting,
 		MutingNotifications: r.MutingNotifications,
 		Requested: r.Requested,
 		DomainBlocking: r.DomainBlocking,
 		Endorsed: r.Endorsed,
 		Note: r.Note,
 	}, nil
 }
--- a/internal/util/uri.go
+++ b/internal/util/uri.go
@ -22,6 +22,8 @@ import (
 	"fmt"
 	"net/url"
 	"strings"
 	"github.com/google/uuid"
 )
 const (
@ -47,6 +49,8 @@ const (
 	FeaturedPath = "featured"
 	// PublicKeyPath is for serving an account's public key
 	PublicKeyPath = "main-key"
 	// FollowPath used to generate the URI for an individual follow or follow request
 	FollowPath = "follow"
 )
 // APContextKey is a type used specifically for settings values on contexts within go-fed AP request chains
@ -103,6 +107,12 @@ type UserURIs struct {
 	PublicKeyURI string
 }
 // GenerateURIForFollow returns the AP URI for a new follow -- something like:
 // https://example.org/users/whatever_user/follow/41c7f33f-1060-48d9-84df-38dcb13cf0d8
 func GenerateURIForFollow(username string, protocol string, host string) string {
 	return fmt.Sprintf("%s://%s/%s/%s/%s", protocol, host, UsersPath, FollowPath, uuid.NewString())
 }
 // GenerateURIsForAccount throws together a bunch of URIs for the given username, with the given protocol and host.
 func GenerateURIsForAccount(username string, protocol string, host string) *UserURIs {
 	// The below URLs are used for serving web requests
--- a/testrig/actions.go
+++ b/testrig/actions.go
@ -48,6 +48,7 @@ import (
 var Run action.GTSAction = func(ctx context.Context, _ *config.Config, log *logrus.Logger) error {
 	c := NewTestConfig()
 	dbService := NewTestDB()
 	federatingDB := NewTestFederatingDB(dbService)
 	router := NewTestRouter()
 	storageBackend := NewTestStorage()
@ -59,7 +60,7 @@ var Run action.GTSAction = func(ctx context.Context, _ *config.Config, log *logr
 			Body:       r,
 		}, nil
 	}))
-	federator := federation.NewFederator(dbService, transportController, c, log, typeConverter)
+	federator := federation.NewFederator(dbService, federatingDB, transportController, c, log, typeConverter)
 	processor := NewTestProcessor(dbService, storageBackend, federator)
 	if err := processor.Start(); err != nil {
 		return fmt.Errorf("error starting processor: %s", err)
--- a/testrig/federatingdb.go
+++ b/testrig/federatingdb.go
@ -0,0 +1,11 @@
 package testrig
 import (
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation"
 )
 // NewTestFederatingDB returns a federating DB with the underlying db
 func NewTestFederatingDB(db db.DB) federation.FederatingDB {
 	return federation.NewFederatingDB(db, NewTestConfig(), NewTestLog())
 }
--- a/testrig/federator.go
+++ b/testrig/federator.go
@ -26,5 +26,5 @@ import (
 // NewTestFederator returns a federator with the given database and (mock!!) transport controller.
 func NewTestFederator(db db.DB, tc transport.Controller) federation.Federator {
-	return federation.NewFederator(db, tc, NewTestConfig(), NewTestLog(), NewTestTypeConverter(db))
+	return federation.NewFederator(db, NewTestFederatingDB(db), tc, NewTestConfig(), NewTestLog(), NewTestTypeConverter(db))
 }