feat: Implement WebFinger discovery and ActivityPub user actor endpoint

- Added a new router for handling well-known endpoints, specifically WebFinger. - Implemented the `webfinger` function to respond to WebFinger queries. - Created a new route for WebFinger in the router. - Refactored user retrieval logic to support both user ID and username in a single endpoint. - Updated user router to use the new `get_user_by_param` function. - Added tests for WebFinger discovery and ActivityPub user actor endpoint. - Updated dependencies in Cargo.toml files to include necessary libraries.
2025-09-06 01:18:04 +02:00
parent 3d73c7f198
commit c7c573f3f4
11 changed files with 935 additions and 70 deletions
--- a/thoughts-backend/Cargo.lock
+++ b/thoughts-backend/Cargo.lock
--- a/thoughts-backend/Cargo.toml
+++ b/thoughts-backend/Cargo.toml
@@ -19,7 +19,7 @@ axum = { version = "0.8.4", default-features = false }
 sea-orm = { version = "1.1.12" }
 sea-query = { version = "0.32.6" }                              # Added sea-query dependency
 serde = { version = "1.0.219", features = ["derive"] }
-serde_json = { version = "1.0.140" }
+serde_json = { version = "1.0.140", features = ["raw_value"] }
 tracing = "0.1.41"
 utoipa = { version = "5.4.0", features = ["macros", "chrono"] }
 validator = { version = "0.20.0", default-features = false }
--- a/thoughts-backend/api/Cargo.toml
+++ b/thoughts-backend/api/Cargo.toml
@@ -22,6 +22,8 @@ tower-http = { version = "0.6.6", features = ["fs", "cors"] }
 tower-cookies = "0.11.0"
 anyhow = "1.0.98"
 dotenvy = "0.15.7"
+activitypub_federation = "0.6.5"
+url = "2.5.7"

 # db
 sea-orm = { workspace = true }
@@ -29,8 +31,11 @@ sea-orm = { workspace = true }
 # doc
 utoipa = { workspace = true }

+serde_json = { workspace = true }
+
 # local dependencies
 app = { path = "../app" }
 models = { path = "../models" }

+
 [dev-dependencies]
--- a/thoughts-backend/api/src/routers/mod.rs
+++ b/thoughts-backend/api/src/routers/mod.rs
@@ -5,8 +5,9 @@ pub mod feed;
 pub mod root;
 pub mod thought;
 pub mod user;
+pub mod well_known;

-use crate::routers::auth::create_auth_router;
+use crate::routers::{auth::create_auth_router, well_known::create_well_known_router};
 use app::state::AppState;
 use root::create_root_router;
 use tower_http::cors::CorsLayer;
@@ -19,6 +20,7 @@ pub fn create_router(state: AppState) -> Router {

    Router::new()
        .merge(create_root_router())
+        .nest("/.well-known", create_well_known_router())
        .nest("/auth", create_auth_router())
        .nest("/users", create_user_router())
        .nest("/thoughts", create_thought_router())
--- a/thoughts-backend/api/src/routers/user.rs
+++ b/thoughts-backend/api/src/routers/user.rs
@@ -1,10 +1,11 @@
 use axum::{
    extract::{Path, Query, State},
    http::StatusCode,
-    response::IntoResponse,
+    response::{IntoResponse, Response},
    routing::{get, post},
    Router,
 };
+use serde_json::json;

 use app::persistence::{
    follow,
@@ -44,28 +45,6 @@ async fn users_get(
    Ok(Json(UserListSchema::from(users)))
 }

-#[utoipa::path(
-    get,
-    path = "/{id}",
-    params(
-        ("id" = i32, Path, description = "User id")
-    ),
-    responses(
-        (status = 200, description = "Get user", body = UserSchema),
-        (status = 404, description = "Not found", body = ApiErrorResponse),
-        (status = 500, description = "Internal server error", body = ApiErrorResponse),
-    )
-)]
-async fn users_id_get(
-    state: State<AppState>,
-    Path(id): Path<i32>,
-) -> Result<impl IntoResponse, ApiError> {
-    let user = get_user(&state.conn, id).await.map_err(ApiError::from)?;
-
-    user.map(|user| Json(UserSchema::from(user)))
-        .ok_or_else(|| UserError::NotFound.into())
-}
-
 #[utoipa::path(
    get,
    path = "/{username}/thoughts",
@@ -165,10 +144,84 @@ async fn user_follow_delete(
    Ok(StatusCode::NO_CONTENT)
 }

+#[utoipa::path(
+    get,
+    path = "/{param}",
+    params(
+        ("param" = String, Path, description = "User ID or username")
+    ),
+    responses(
+        (status = 200, description = "User profile or ActivityPub actor", body = UserSchema, content_type = "application/json"),
+        (status = 200, description = "ActivityPub actor", body = Object, content_type = "application/activity+json"),
+        (status = 404, description = "User not found", body = ApiErrorResponse),
+        (status = 500, description = "Internal server error", body = ApiErrorResponse),
+    ),
+    security(
+        ("api_key" = []),
+        ("bearer_auth" = [])
+    )
+)]
+async fn get_user_by_param(
+    State(state): State<AppState>,
+    headers: axum::http::HeaderMap,
+    Path(param): Path<String>,
+) -> Response {
+    // First, try to handle it as a numeric ID.
+    if let Ok(id) = param.parse::<i32>() {
+        return match get_user(&state.conn, id).await {
+            Ok(Some(user)) => Json(UserSchema::from(user)).into_response(),
+            Ok(None) => ApiError::from(UserError::NotFound).into_response(),
+            Err(db_err) => ApiError::from(db_err).into_response(),
+        };
+    }
+
+    // If it's not a number, treat it as a username and perform content negotiation.
+    let username = param;
+    let is_activitypub_request = headers
+        .get(axum::http::header::ACCEPT)
+        .and_then(|v| v.to_str().ok())
+        .map_or(false, |s| s.contains("application/activity+json"));
+
+    if is_activitypub_request {
+        // This is the logic from `user_actor_get`.
+        match get_user_by_username(&state.conn, &username).await {
+            Ok(Some(user)) => {
+                let base_url = "http://localhost:3000";
+                let user_url = format!("{}/users/{}", base_url, user.username);
+                let actor = json!({
+                    "@context": [
+                        "https://www.w3.org/ns/activitystreams",
+                        "https://w3id.org/security/v1"
+                    ],
+                    "id": user_url,
+                    "type": "Person",
+                    "preferredUsername": user.username,
+                    "inbox": format!("{}/inbox", user_url),
+                    "outbox": format!("{}/outbox", user_url),
+                });
+                let mut headers = axum::http::HeaderMap::new();
+                headers.insert(
+                    axum::http::header::CONTENT_TYPE,
+                    "application/activity+json".parse().unwrap(),
+                );
+                (headers, Json(actor)).into_response()
+            }
+            Ok(None) => ApiError::from(UserError::NotFound).into_response(),
+            Err(e) => ApiError::from(e).into_response(),
+        }
+    } else {
+        match get_user_by_username(&state.conn, &username).await {
+            Ok(Some(user)) => Json(UserSchema::from(user)).into_response(),
+            Ok(None) => ApiError::from(UserError::NotFound).into_response(),
+            Err(e) => ApiError::from(e).into_response(),
+        }
+    }
+}
+
 pub fn create_user_router() -> Router<AppState> {
    Router::new()
        .route("/", get(users_get))
-        .route("/{id}", get(users_id_get))
+        .route("/{param}", get(get_user_by_param))
        .route("/{username}/thoughts", get(user_thoughts_get))
        .route(
            "/{username}/follow",
--- a/thoughts-backend/api/src/routers/well_known.rs
+++ b/thoughts-backend/api/src/routers/well_known.rs
@@ -0,0 +1,71 @@
+use app::state::AppState;
+use axum::{
+    extract::{Query, State},
+    response::{IntoResponse, Json},
+};
+use serde::{Deserialize, Serialize};
+use url::Url;
+
+#[derive(Deserialize)]
+pub struct WebFingerQuery {
+    resource: String,
+}
+
+#[derive(Serialize)]
+pub struct WebFingerLink {
+    rel: String,
+    #[serde(rename = "type")]
+    type_: String,
+    href: Url,
+}
+
+#[derive(Serialize)]
+pub struct WebFingerResponse {
+    subject: String,
+    links: Vec<WebFingerLink>,
+}
+
+pub async fn webfinger(
+    State(state): State<AppState>,
+    Query(query): Query<WebFingerQuery>,
+) -> Result<impl IntoResponse, impl IntoResponse> {
+    if let Some((scheme, account_info)) = query.resource.split_once(':') {
+        if scheme != "acct" {
+            return Err((
+                axum::http::StatusCode::BAD_REQUEST,
+                "Invalid resource scheme",
+            ));
+        }
+
+        let account_parts: Vec<&str> = account_info.split('@').collect();
+        let username = account_parts[0];
+
+        let user = match app::persistence::user::get_user_by_username(&state.conn, username).await {
+            Ok(Some(user)) => user,
+            _ => return Err((axum::http::StatusCode::NOT_FOUND, "User not found")),
+        };
+
+        let base_url = "http://localhost:3000";
+        let user_url = Url::parse(&format!("{}/users/{}", base_url, user.username)).unwrap();
+
+        let response = WebFingerResponse {
+            subject: query.resource,
+            links: vec![WebFingerLink {
+                rel: "self".to_string(),
+                type_: "application/activity+json".to_string(),
+                href: user_url,
+            }],
+        };
+
+        Ok(Json(response))
+    } else {
+        Err((
+            axum::http::StatusCode::BAD_REQUEST,
+            "Invalid resource format",
+        ))
+    }
+}
+
+pub fn create_well_known_router() -> axum::Router<AppState> {
+    axum::Router::new().route("/webfinger", axum::routing::get(webfinger))
+}
--- a/thoughts-backend/doc/src/user.rs
+++ b/thoughts-backend/doc/src/user.rs
@@ -12,7 +12,7 @@ use models::schemas::{
 #[openapi(
    paths(
        users_get,
-        users_id_get,
+        get_user_by_param,
        user_thoughts_get,
        user_follow_post,
        user_follow_delete
--- a/thoughts-backend/tests/api/activitypub.rs
+++ b/thoughts-backend/tests/api/activitypub.rs
@@ -0,0 +1,59 @@
+use crate::api::main::{create_user_with_password, setup};
+use axum::http::{header, StatusCode};
+use http_body_util::BodyExt;
+use serde_json::Value;
+use utils::testing::{make_get_request, make_request_with_headers};
+
+#[tokio::test]
+async fn test_webfinger_discovery() {
+    let app = setup().await;
+    create_user_with_password(&app.db, "testuser", "password123").await;
+
+    // 1. Valid WebFinger lookup for existing user
+    let url = "/.well-known/webfinger?resource=acct:testuser@localhost:3000";
+    let response = make_get_request(app.router.clone(), url, None).await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let body = response.into_body().collect().await.unwrap().to_bytes();
+    let v: Value = serde_json::from_slice(&body).unwrap();
+    assert_eq!(v["subject"], "acct:testuser@localhost:3000");
+    assert_eq!(
+        v["links"][0]["href"],
+        "http://localhost:3000/users/testuser"
+    );
+
+    // 2. WebFinger lookup for a non-existent user
+    let response = make_get_request(
+        app.router.clone(),
+        "/.well-known/webfinger?resource=acct:nobody@localhost:3000",
+        None,
+    )
+    .await;
+    assert_eq!(response.status(), StatusCode::NOT_FOUND);
+}
+
+#[tokio::test]
+async fn test_user_actor_endpoint() {
+    let app = setup().await;
+    create_user_with_password(&app.db, "testuser", "password123").await;
+
+    let response = make_request_with_headers(
+        app.router.clone(),
+        "/users/testuser",
+        "GET",
+        None,
+        vec![(
+            header::ACCEPT,
+            "application/activity+json, application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
+        )],
+    ).await;
+
+    assert_eq!(response.status(), StatusCode::OK);
+    let content_type = response.headers().get(header::CONTENT_TYPE).unwrap();
+    assert_eq!(content_type, "application/activity+json");
+
+    let body = response.into_body().collect().await.unwrap().to_bytes();
+    let v: Value = serde_json::from_slice(&body).unwrap();
+    assert_eq!(v["type"], "Person");
+    assert_eq!(v["preferredUsername"], "testuser");
+    assert_eq!(v["id"], "http://localhost:3000/users/testuser");
+}
--- a/thoughts-backend/tests/api/mod.rs
+++ b/thoughts-backend/tests/api/mod.rs
@@ -1,3 +1,4 @@
+mod activitypub;
 mod auth;
 mod feed;
 mod follow;
--- a/thoughts-backend/utils/src/testing/api/mod.rs
+++ b/thoughts-backend/utils/src/testing/api/mod.rs
@@ -1,4 +1,9 @@
-use axum::{body::Body, http::Request, response::Response, Router};
+use axum::{
+    body::Body,
+    http::{header, Request},
+    response::Response,
+    Router,
+};
 use tower::ServiceExt;

 pub async fn make_get_request(app: Router, url: &str, user_id: Option<i32>) -> Response {
@@ -68,3 +73,25 @@ pub async fn make_jwt_request(
        .await
        .unwrap()
 }
+
+pub async fn make_request_with_headers(
+    app: Router,
+    url: &str,
+    method: &str,
+    body: Option<String>,
+    headers: Vec<(header::HeaderName, &str)>,
+) -> Response {
+    let mut builder = Request::builder()
+        .method(method)
+        .uri(url)
+        .header("Content-Type", "application/json");
+
+    for (key, value) in headers {
+        builder = builder.header(key, value);
+    }
+
+    let request_body = body.unwrap_or_default();
+    app.oneshot(builder.body(Body::from(request_body)).unwrap())
+        .await
+        .unwrap()
+}
--- a/thoughts-backend/utils/src/testing/mod.rs
+++ b/thoughts-backend/utils/src/testing/mod.rs
@@ -1,5 +1,8 @@
 mod api;
 mod db;

-pub use api::{make_delete_request, make_get_request, make_jwt_request, make_post_request};
+pub use api::{
+    make_delete_request, make_get_request, make_jwt_request, make_post_request,
+    make_request_with_headers,
+};
 pub use db::setup_test_db;