#15 @context security vocab: actor JSON now uses actor_ap_context()
which includes W3C security vocab + Mastodon toot extensions
(manuallyApprovesFollowers, discoverable, featured).
Applied to actor_handler, actor_json(), broadcast_actor_update().
Activity JSON keeps plain AS context (no security vocab needed).
#17 HTTP Digest (documented, no code change): production mode
(debug=false) REQUIRES Digest header on inbound POSTs via
require_digest() in the non-compat normalization config.
Added doc comment to ApFederationConfig::new() to clarify.
#26 Integration tests: 3 new tokio tests in src/tests/integration.rs
using in-memory trait stubs. Tests cover:
- check_guards idempotency (duplicate activity rejected)
- check_guards domain block (blocked domain skipped)
- extract_and_dispatch_mentions (on_mention called for local actor)
#18 featured collection: add featured_url to ApUser/DbActor/Person;
serialized as featured field in AP JSON when set by consumer.
#19 Tombstone in Delete: broadcast_delete_to_followers now sends
{"type":"Tombstone","id":"..."} instead of bare URL string.
#21 Backfill pagination: run_backfill uses get_local_objects_page
with cursor-based loop — avoids loading all posts into memory;
delivers newest-to-oldest in BATCH_SIZE chunks.
Breaking changes to FederationRepository, ApObjectHandler, ApUser:
FederationRepository:
- add is_activity_processed / mark_activity_processed (inbox idempotency)
- add get_accepted_follower_inboxes (DB-side dedup/filtering, replaces in-memory load-all)
ApObjectHandler:
- add on_announce_of_remote (cross-server boosts, previously silently dropped)
ApUser:
- add manually_approves_followers: bool
- add actor_type: ApActorType (was hardcoded Person)
Security:
- block check before actor HTTP fetch in Follow (prevents SSRF on blocked actors)
- 4xx responses use generic "not found"/"bad request" (no internal leak)
- 1 MB DefaultBodyLimit on inbox routes
- zeroize private key after generation
Delivery:
- all broadcasts are now non-blocking (tokio::spawn fallback, or EventPublisher queue)
- EventPublisher redesigned with typed FederationEvent enum (DeliveryRequested/DeliveryFailed)
- new deliver_to_inbox() public method for queue consumers
- configurable delivery_max_attempts and delivery_initial_delay_secs via builder
- Follow saved as Pending BEFORE delivery (race condition fix)
Router:
- GET /users/{id} (actor), GET /users/{id}/followers, GET /users/{id}/following now mounted
Protocol:
- mention extraction from Create/Update tag arrays → on_mention() dispatched
- WebFinger: add aliases field (acct: URI + AP actor URL)
- outbox: add last link, use count_local_posts for totalItems
- idempotency guard added to every inbound activity receive()
- actor serializes display_name and configurable actor_type/manually_approves_followers
Bump: 0.1.10 → 0.2.0
Threads serves actors at threads.net but their id field uses www.threads.net.
Extract apex_domain() helper and fall back to apex comparison when the
strict verify_domains_match check fails.
Person struct now deserializes gracefully when outbox, followers, or
following are absent (Threads omits them for some actors). Accepts
Service/Application/Organization/Group in addition to Person.
manually_approves_followers defaults to false when absent.
Add display_name field to DbActor, populated from AP Person.name in
from_json. Expose LookedUpActor type and lookup_actor_by_handle method
on ActivityPubService — uses the existing signed webfinger_https path
so strict instances (Threads, etc.) return full actor data.
