GKaszewski/k-ap
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: GKaszewski:4cb8efb6ce48cfd41d960752e63937d22d60cf9f
Branches Tags
GKaszewski:master
GKaszewski:v0.3.1 GKaszewski:v0.3.0 GKaszewski:v0.1.10 GKaszewski:v0.1.9 GKaszewski:v0.1.8 GKaszewski:v0.1.7 GKaszewski:v0.1.6 GKaszewski:v0.1.5 GKaszewski:v0.1.4 GKaszewski:v0.1.3 GKaszewski:v0.1.2 GKaszewski:v0.1.1 GKaszewski:v0.1.0
...
compare: GKaszewski:master
Branches Tags
GKaszewski:master
GKaszewski:v0.3.1 GKaszewski:v0.3.0 GKaszewski:v0.1.10 GKaszewski:v0.1.9 GKaszewski:v0.1.8 GKaszewski:v0.1.7 GKaszewski:v0.1.6 GKaszewski:v0.1.5 GKaszewski:v0.1.4 GKaszewski:v0.1.3 GKaszewski:v0.1.2 GKaszewski:v0.1.1 GKaszewski:v0.1.0

1 Commits
4cb8efb6ce ... master

Author SHA1 Message Date
Gabriel Kaszewski
d1ce277ff5 chore: bump to 0.4.0, update changelog
All checks were successful
CI / fmt (push) Successful in 21s
Details
CI / clippy (push) Successful in 2m51s
Details
CI / test (push) Successful in 3m49s
Details
2026-05-30 02:50:46 +02:00
3 changed files with 30 additions and 2 deletions
Expand all files Collapse all files

28
CHANGELOG.md
View File

@@ -1,5 +1,33 @@
# Changelog # Changelog
## [0.4.0] — 2026-05-30
### Breaking changes
**`RemoteActor` has a new required field `fetched_at: Option<DateTime<Utc>>`** — set to `Some(Utc::now())` when fetched from a remote instance, or `None` for locally-constructed actors. Consumers must add this column to their `upsert_remote_actor` / `get_remote_actor` implementations.
**`ApFederationConfig::new()` signature changed** — now takes an additional `signing_actor: Option<&DbActor>` parameter. Internal to consumers using `ApFederationConfig` directly; builder users are unaffected.
**`FederationData::new()` takes an additional `actor_cache_ttl: Duration` parameter** — only affects consumers constructing `FederationData` directly (e.g. tests).
---
### New features
**Signed fetch for authorized-fetch / Secure Mode** — set `.signed_fetch_actor_id(uuid)` on the builder to sign all outgoing GET requests with that actor's keypair. Call `service.signed_fetch(&url)` to fetch any remote AP resource with signatures.
**Actor cache TTL**`fetched_at` is now tracked on `RemoteActor`. Configure staleness via `.actor_cache_ttl_secs(secs)` (default: 24h). Use `get_or_refresh_remote_actor(actor_url)` for TTL-aware lookups that re-fetch stale actors from origin.
**SSRF protection** — all outgoing HTTP requests (federation fetches, WebFinger, backfill) now validate resolved IPs against private/reserved ranges (127/8, 10/8, 172.16/12, 192.168/16, 169.254/16, CGNAT 100.64/10, ::1, fc00::/7, fe80::/10). Debug mode bypasses this check.
---
### Bug fixes
**Inbound `Block` now persists to `BlocklistRepository`**`BlockActivity::receive()` calls `add_blocked_actor()` after removing follower/following relationships. `Undo(Block)` clears the record via `remove_blocked_actor()`.
---
## [0.3.1] — 2026-05-29 ## [0.3.1] — 2026-05-29
### Breaking changes ### Breaking changes

2
Cargo.lock generated
View File

@@ -1368,7 +1368,7 @@ dependencies = [
[[package]] [[package]]
name = "k-ap" name = "k-ap"
version = "0.3.1" version = "0.4.0"
dependencies = [ dependencies = [
"activitypub_federation", "activitypub_federation",
"anyhow", "anyhow",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "k-ap" name = "k-ap"
version = "0.3.1" version = "0.4.0"
edition = "2024" edition = "2024"
description = "Generic ActivityPub protocol layer" description = "Generic ActivityPub protocol layer"
license = "MIT" license = "MIT"