Bob Mottram
258fa7abf3
|
||
|---|---|---|
| img | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| acceptreject.py | ||
| announce.py | ||
| auth.py | ||
| cache.py | ||
| capabilities.py | ||
| code-of-conduct.md | ||
| config.py | ||
| daemon.py | ||
| epicyon.py | ||
| follow.py | ||
| httpsig.py | ||
| inbox.py | ||
| like.py | ||
| person.py | ||
| posts.py | ||
| session.py | ||
| tests.py | ||
| threads.py | ||
| utils.py | ||
| webfinger.py | ||
README.md
A minimal ActivityPub server.
Based on the specification: https://www.w3.org/TR/activitypub
Also: https://raw.githubusercontent.com/w3c/activitypub/gh-pages/activitypub-tutorial.txt
https://blog.dereferenced.org/what-is-ocap-and-why-should-i-care
https://alexcastano.com/what-is-activity-pub
This project is currently pre alpha and not recommended for any real world uses.
Goals
- A minimal ActivityPub server, comparable to an email MTA.
- AGPLv3+
- Server-to-server and client-to-server protocols supported.
- Implemented in a common language (Python 3)
- Opt-in federation. Federate with a well-defined list of instances.
- Keyword filtering.
- Being able to define roles and skills, similar to the Pursuance project.
- Sharings collection, similar to the gnusocial sharings plugin
- Resistant to flooding, hellthreads, etc.
- Support content warnings, reporting and blocking.
- http signatures and basic auth.
- Compatible with http (onion addresses), https and dat.
- Minimal dependencies.
- Capabilities based security
- Data minimization principle. Configurable post expiry time.
- Commandline interface. If there's a GUI it should be a separate project.
- Designed for intermittent connectivity. Assume network disruptions.
- Suitable for single board computers.
Object capabilities workflow
This is one proposed way that OCAP could work.
Default capabilities are initially set up when a follow request is made. The Accept activity sent back from a follow request can be received by any instance. A capabilities accept activity is attached to the follow accept.
Actor A
|
V
Follow Request
|
V
Actor B
|
V
Create/store default Capabilities
for Actor A
|
V
Follow Accept + default Capabilities
|
V
Actor A
|
V
Store Granted Capabilities
The default capabilities could be any preferred policy of the instance. They could be no capabilities at all, read only or full access to everything.
When posts are subsequently sent from the following instance (server-to-server) they should have the corresponding capability id string attached within the Create wrapper.
Actor A
|
V
Send Post
Attach id from Stored Capabilities
granted by Actor B
|
V
Actor B
|
V
Check Capability id matches
stored capabilities
|
V
http signature and other checks
|
V
Accept or reject incoming post
Subsequently Actor B could change the stored capabilities for Actor A in its database, giving the new object a different id. This could be sent back to Actor A, perhaps as another follow Accept activity with attached capabilities. This could then change the way in which Actor A can interact with Actor B, for example by adding or removing the ability to like or reply to posts.
Install
sudo pacman -S tor python-pip python-pysocks python-pycryptodome python-beautifulsoup4
sudo pip install commentjson
Running Tests
To run the unit tests:
python3 epicyon.py --tests
To run the network tests. These simulate instances exchanging messages.
python3 epicyon.py --testsnetwork
Viewing Public Posts
To view the public posts for a person:
python3 epicyon.py --posts nickname@domain
If you want to view the raw json:
python3 epicyon.py --postsraw nickname@domain
Account Management
To add a new account:
python3 epicyon.py --addaccount nickname@domain --password [yourpassword]
To remove an account (be careful!):
python3 epicyon.py --rmaccount nickname@domain
To change the password for an account:
python3 epicyon.py --changepassword nickname@domain newpassword
Running the Server
To run with defaults:
python3 epicyon.py
In a browser of choice (but not Tor browser) you can then navigate to:
http://localhost:8085/users/admin
If it's working then you should see the json actor for the default admin account.
For a more realistic installation you can run on a defined domain and port:
python3 epicyon.py --domain [name] --port 8000 --https
You will need to proxy port 8000 through your web server and set up CA certificates as needed.
By default data will be stored in the directory in which you run the server, but you can also specify a directory:
python3 epicyon.py --domain [name] --port 8000 --https --path [data directory]
By default the server will federate with any others. You can limit this to a well-defined list with the --federate option.
python3 epicyon.py --domain [name] --port 8000 --https --federate domain1.net domain2.org domain3.co.uk