1
0
Fork 0
forked from alemi/upub
micro social network, federated
Find a file
alemi 5a57fd69b9 fix: remove excessive instruments, check actor
before we were checking only for server match, now check whole uid match
on inbox activities
2024-05-31 15:55:38 +02:00
apb chore: BIG refactor into smaller crates 2024-05-31 04:07:39 +02:00
upub fix: remove excessive instruments, check actor 2024-05-31 15:55:38 +02:00
utils feat!: merge branch 'betterdb' into dev 2024-05-31 01:57:21 +02:00
web feat(web): filter updated, more readable filter code 2024-05-31 15:54:22 +02:00
.editorconfig chore: initial commit with environment 2023-12-30 05:07:49 +01:00
.gitignore chore: gitignored trunk dist 2024-04-14 17:23:48 +02:00
.rustfmt.toml chore: initial commit with environment 2023-12-30 05:07:49 +01:00
.tci ci: new db new me 2024-05-27 06:28:04 +02:00
Cargo.lock chore: BIG refactor into smaller crates 2024-05-31 04:07:39 +02:00
Cargo.toml chore: BIG refactor into smaller crates 2024-05-31 04:07:39 +02:00
main.rs chore: BIG refactor into smaller crates 2024-05-31 04:07:39 +02:00
README.md fix: more rebrandinggg 2024-05-27 06:54:57 +02:00

μpub

micro social network, federated

screenshot of upub simple frontend

μpub aims to be a private, lightweight, modular and secure ActivityPub server

μpub is usable as a very simple ActivityPub project: it has a home and server timeline, it allows to browse threads, star notes and leave replies, it renders remote media of any kind and can be used to browse and follow remote users

all interactions happen with ActivityPub's client-server methods (basically POST your activities to your outbox), with appropriate extensions: μpub doesn't want to invent another API!

development is still active, so expect more stuff to come! since most fediverse software uses Mastodon's API, μpub plans to implement it as an optional feature, becoming eventually compatible with most existing frontends and mobile applications, but focus right now is on producing something specific to μpub needs

a test instance is usually available at upub.alemi.dev

about the database schema

im going to be very real i tried to do migrations but its getting super messy so until further notice assume db to be volatile. next change may be a migration (easy!) or a whole db rebuild (aaaaaaaaaa...), so if you're not comfortable with either manually exporting/importing or dropping and starting from scratch, you really shouldn't put upub in prod yet!

about security

most activitypub implementations don't really validate fetches: knowing an activity/object id will allow anyone to resolve it on most fedi software. this is of course unacceptable: "security through obscurity" just doesn't work

μpub correctly and rigorously implements and enforces access control on each object based on its addressing

most instances will have "authorized fetch" which kind of makes the issue less bad, but anyone can host an actor, have any server download their pubkey and then start fetching

μpub may be considered to have "authorized fetch" permanently on, except it depends on each post:

  • all posts marked public (meaning, addressed to "https://www.w3.org/ns/activitystreams#Public"), will be fetchable without any authorization
  • all posts not public will require explicit addressing and authentication: for example if post A is addressed to example.net/actor
    • anonymous fetchers will receive 404 on GET /posts/A
    • local users must authenticate and will be given said post only if it's addressed to them
    • remote servers will be given access to all posts from any of their users once they have authenticated themselves (with http signing)

note that followers get expanded: addressing to example.net/actor/followers will address to anyone following actor that the server knows of, at that time

contributing

all help is extremely welcome! development mostly happens on moonlit.technology, but there's a github mirror available too

if you prefer a forge-less development you can browse the repo on my cgit, and send me patches on any contact listed on my site

don't hesitate to get in touch, i'd be thrilled to showcase the project to you!

progress

  • barebone actors
  • barebone activities and objects
  • activitystreams/activitypub compliance (well mostly)
  • process barebones feeds
  • process barebones inbox
  • process barebones outbox
  • http signatures
  • privacy, targets, scopes
  • simple web client
  • announce (boosts)
  • threads
  • remote media
  • editing via api
  • advanced composer
  • api for fetching
  • like, share, reply via frontend
  • backend config
  • frontend config
  • optimize addressing database schema
  • mentions, notifications
  • hashtags
  • public vs unlisted for discovery
  • mastodon-like search bar
  • polls
  • better editing via web frontend
  • remote media proxy
  • upload media
  • user fields
  • lists
  • full mastodon api
  • get rid of internal ids from code

what about the name?

μpub (or simply upub) means "micro-pub", but could also be read "upub", "you-pub" or "mu-pub"