fix: allow www. apex equivalence in actor domain verification

Threads serves actors at threads.net but their id field uses www.threads.net.
Extract apex_domain() helper and fall back to apex comparison when the
strict verify_domains_match check fails.

Cargo.lock

@@ -1368,7 +1368,7 @@ dependencies = [
 
 [[package]]
 name = "k-ap"
-version = "0.1.4"
+version = "0.1.5"
 dependencies = [
  "activitypub_federation",
  "anyhow",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "k-ap"
-version = "0.1.5"
+version = "0.1.6"
 edition = "2024"
 description = "Generic ActivityPub protocol layer"
 license = "MIT"

src/actors.rs

@@ -193,6 +193,11 @@ pub async fn get_local_actor(
     })
 }
 
+fn apex_domain(url: &Url) -> String {
+    let host = url.host_str().unwrap_or("");
+    host.strip_prefix("www.").unwrap_or(host).to_owned()
+}
+
 #[async_trait::async_trait]
 impl Object for DbActor {
     type DataType = FederationData;
@@ -319,8 +324,13 @@ impl Object for DbActor {
         expected_domain: &Url,
         _data: &Data<Self::DataType>,
     ) -> Result<(), Self::Error> {
-        verify_domains_match(json.id.inner(), expected_domain)?;
+        if verify_domains_match(json.id.inner(), expected_domain).is_ok() {
-        Ok(())
+            return Ok(());
+        }
+        if apex_domain(json.id.inner()) == apex_domain(expected_domain) {
+            return Ok(());
+        }
+        verify_domains_match(json.id.inner(), expected_domain).map_err(Error::from)
     }
 
     async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error> {