activitypub: process Move activities and movedTo field on actors #309

Manually merged
Johann150 merged 10 commits from account-moving into main 2023-03-23 20:48:19 +00:00
Owner

This processes incoming Move activities and movedTo field on actors. The respective moved to actor is checked for the alsoKnownAs field, although this is not currently saved in the database.

When a Move activity is received, notifications are generated for followers of the moved-from actor. Those notifications will specify which account the actor has moved to and display a follow button for that new actor.

closes #88

This processes incoming `Move` activities and `movedTo` field on actors. The respective moved to actor is checked for the `alsoKnownAs` field, although this is not currently saved in the database. When a `Move` activity is received, notifications are generated for followers of the moved-from actor. Those notifications will specify which account the actor has moved to and display a follow button for that new actor. closes #88
Johann150 added this to the Account moves milestone 2022-12-28 22:26:20 +00:00
Johann150 added a new dependency 2022-12-28 22:38:44 +00:00
Johann150 added the
feature
label 2022-12-28 22:38:59 +00:00
Johann150 force-pushed account-moving from 2ab12dfebe to d1b768bd3a 2023-01-05 20:10:29 +00:00 Compare
Johann150 force-pushed account-moving from d1b768bd3a to 3b9a88f491 2023-01-09 17:01:43 +00:00 Compare
Johann150 force-pushed account-moving from 3b9a88f491 to 9fd2764bbd 2023-01-17 20:58:23 +00:00 Compare
Johann150 force-pushed account-moving from 9fd2764bbd to 27ddb2496c 2023-02-11 18:28:19 +00:00 Compare
First-time contributor

I'm curious what's blocking merging this? With the big mastodon.lol shutdown foundkey not processing these is kinda screwing up my experience 😔

I'm curious what's blocking merging this? With the big mastodon.lol shutdown foundkey not processing these is kinda screwing up my experience 😔
Author
Owner

See the contribution guide on contributors with push access.

[...] you can also proceed as for "without push access" above. In this case it will be assumed that you wish for a review of the changes you want to make.

Nobody has reviewed this pull request yet and I feel unable to review my own code.

See the [contribution guide on contributors with push access](https://akkoma.dev/FoundKeyGang/FoundKey/src/branch/main/CONTRIBUTING.md#with-push-access). > [...] you can also proceed as for "without push access" above. In this case it will be assumed that you wish for a review of the changes you want to make. Nobody has reviewed this pull request yet and I feel unable to review my own code.
First-time contributor

Nobody has reviewed this pull request yet and I feel unable to review my own code.

I've been getting familiar with the code and would be open to doing a code review for you if that would help get this merged. I'm obviously not a contributor, but I pinky promise I've got plenty of experience doing code reviews and that I'll do a real review and not just rubber stamp it.

> Nobody has reviewed this pull request yet and I feel unable to review my own code. I've been getting familiar with the code and would be open to doing a code review for you if that would help get this merged. I'm obviously not a contributor, but I pinky promise I've got plenty of experience doing code reviews and that I'll do a real review and not just rubber stamp it.
amybones requested changes 2023-03-21 23:07:21 +00:00
amybones left a comment
First-time contributor

Overall this looks good. There's only a couple things that stands out as a possible bugs to me.
Otherwise it's just questions about behavior. I didn't do anything like applying the PR to my local foundkey instance and then attempt to generate some account movements so I can't say definitively that this actually works on a separate deployment.

The only other overall thing, and this is just me confirming that I understand the order of things, is just to confirm that request signatures are being verified to confirm the moves are actually valid, right? I think they are handled in the inbox queue processor, but I'm not a 100% confident.

I'm requesting changes for the possible bug, but it's a soft request change I'm just looking for your view point.

Overall this looks good. There's only a couple things that stands out as a possible bugs to me. Otherwise it's just questions about behavior. I didn't do anything like applying the PR to my local foundkey instance and then attempt to generate some account movements so I can't say definitively that this actually works on a separate deployment. The only other overall thing, and this is just me confirming that I understand the order of things, is just to confirm that request signatures are being verified to confirm the moves are actually valid, right? I think they are handled in the inbox queue processor, but I'm not a 100% confident. I'm requesting changes for the possible bug, but it's a soft request change I'm just looking for your view point.
@ -0,0 +11,4 @@
if (activity.object == null || getApId(activity.object) !== actor.uri) return;
// actor already moved
if (actor.movedTo != null) return;
First-time contributor

This would prevent cycles of a -> b -> a, right? It's uncommon but I've seen people do cycles like this in the past when, e.g. they move and then the instance they move to winds up blocking an instance they have a lot of connections with, or in the case of mastodon.lol their new instance shuts down.

This would prevent cycles of `a -> b -> a`, right? It's uncommon but I've seen people do cycles like this in the past when, e.g. they move and then the instance they move to winds up blocking an instance they have a lot of connections with, or in the case of mastodon.lol their new instance shuts down.
Author
Owner

This would stop a -> b, a -> c which also comes from previous discussion in the Misskey issue. If a really wanted to do that, they would have to make sure that the instance updates their data in between. For example by sending an Update activity where the object is the actor themself.

This would stop `a -> b, a -> c` which also comes from previous discussion in the Misskey issue. If `a` really wanted to do that, they would have to make sure that the instance updates their data in between. For example by sending an `Update` activity where the object is the actor themself.
First-time contributor

Got it. Thanks for clarifying the data model, I see now what's happening there :) As I said, I'm still getting familiar with the code base.

Got it. Thanks for clarifying the data model, I see now what's happening there :) As I said, I'm still getting familiar with the code base.
Johann150 marked this conversation as resolved
@ -0,0 +14,4 @@
if (actor.movedTo != null) return;
// no move target
if (activity.target == null) return;
First-time contributor

Do we expect this to be a common case? If no, it might be worth adding a warning log so that some data about how often this happens can be collected. The log can always be removed if it appears to be frequent. I bring this up since in my deployment of foundkey I've added some warning logs to a place to try and help me track down (which I'm not done doing so no PRs here) what I think are some bugs.

My expectation in general, and it's tooootally fine if this isn't how foundkey approaches these things, is to add warnings or errors for conditions that are foreseeable but it's unclear if they happen in practice. That way there's an ability to collect some data to inform what to do with the code in the future.

Do we expect this to be a common case? If no, it might be worth adding a warning log so that some data about how often this happens can be collected. The log can always be removed if it appears to be frequent. I bring this up since in my deployment of foundkey I've added some warning logs to a place to try and help me track down (which I'm not done doing so no PRs here) what I think are some bugs. My expectation in general, and it's tooootally fine if this isn't how foundkey approaches these things, is to add warnings or errors for conditions that are foreseeable but it's unclear if they happen in practice. That way there's an ability to collect some data to inform what to do with the code in the future.
Author
Owner

I don't expect this to be a common case, it's just a sanity check. If the target attribute of a Move activity that is intended to be used for account moves is not included, the activity does not make sense. Or maybe this is a Move activity that has different semantics in which case it does also not make sense to process it in this handler. I also don't think it would be necessary to log a malformed Activity.

I don't expect this to be a common case, it's just a sanity check. If the `target` attribute of a `Move` activity that is intended to be used for account moves is not included, the activity does not make sense. Or maybe this is a `Move` activity that has different semantics in which case it does also not make sense to process it in this handler. I also don't think it would be necessary to log a malformed Activity.
@ -0,0 +51,4 @@
movedToId: movedTo.id,
}),
...followings.map(async (following) => {
// TODO: autoAcceptMove?
First-time contributor

The only reason I can think of to not auto accept is if the local user has follow requests turned on, right? But even then, if they already accepted the original request, then it feels silly to make them accept again. If it's technically difficult to do here for some reason, in which case it seems fine to leave this as a todo.

The only reason I can think of to not auto accept is if the local user has follow requests turned on, right? But even then, if they already accepted the original request, then it feels silly to make them accept again. If it's technically difficult to do here for some reason, in which case it seems fine to leave this as a todo.
Author
Owner

What you are talking about is the new/moved actor following someone. But this comment is about the other direction.

There is already a separate issue for this, see #311. Due to concerns raised in the issue when this was discussed for Misskey, we decided that there should be a separate option for this.

What you are talking about is the new/moved actor following someone. But this comment is about the other direction. There is already a separate issue for this, see #311. Due to concerns raised in the issue when this was discussed for Misskey, we decided that there should be a separate option for this.
Johann150 marked this conversation as resolved
@ -64,0 +76,4 @@
// Can't find the move target for some reason.
// Don't treat the actor as invalid, just ignore the movedTo.
logger.warn(`cannot find move target "${x.movedTo}", error: ${err.toString()}`);
delete x.movedTo;
First-time contributor

I understand having a warning in the log, but I'm not totally convinced that deleting the movedTo information makes sense to me?

Things that I think of: It could be that the destination isn't resolvable because it's a fedi server that possibly somehow conforms to the account moving spec, but not the lookup part, which doesn't make a ton of sense to me. Or, the destination is temporarily unreachable at the time an attempt to resolve the new account is made.

For the first case, it's unlikely that the new account is going to properly broadcast updates over activitypub, so sure. But for the second case, this means that the foundkey database is going to be inconsistent. The user is going to lose that follow silently, as well as have no indication that there's something amiss, since if they go look at the profile page for the old follow wondering where they went, it'll just show up normally, and they won't have a chance to go find the person or manually re-follow.

I understand having a warning in the log, but I'm not totally convinced that deleting the movedTo information makes sense to me? Things that I think of: It could be that the destination isn't resolvable because it's a fedi server that possibly somehow conforms to the account moving spec, but not the lookup part, which doesn't make a ton of sense to me. Or, the destination is temporarily unreachable at the time an attempt to resolve the new account is made. For the first case, it's unlikely that the new account is going to properly broadcast updates over activitypub, so sure. But for the second case, this means that the foundkey database is going to be inconsistent. The user is going to lose that follow silently, as well as have no indication that there's something amiss, since if they go look at the profile page for the old follow wondering where they went, it'll just show up normally, and they won't have a chance to go find the person or manually re-follow.
Author
Owner

I agree with you for the 2nd case, it should be an atomic operation.

The correct behaviour is to throw an error there. Since there is no try/catch statement around resolvePerson in the move handler this would cause the queue handler to retry this incoming activity at a later time.

I agree with you for the 2nd case, it should be an atomic operation. The correct behaviour is to throw an error there. Since there is no try/catch statement around `resolvePerson` in the move handler this would cause the queue handler to retry this incoming activity at a later time.
First-time contributor

Aha. Okay, I missed that bubbling up to a retry, thanks!

Aha. Okay, I missed that bubbling up to a retry, thanks!
Johann150 marked this conversation as resolved
@ -86,6 +87,14 @@
<button class="_textButton" @click="rejectGroupInvitation()">{{ i18n.ts.reject }}</button>
</div>
</span>
<span v-if="notification.type === 'move'" class="text" style="opacity: 0.6;">
First-time contributor

Something that might be worth refactoring in this PR but is otherwise fine: The CSS class text is used several times with a local override of opacity: 0.6 it might be worth factoring out a dedicated CSS class for this like dim-notification-text or even just a class that only applies the opacity. IIRC this will help a bit with rendering performance.

Something that might be worth refactoring in this PR but is otherwise fine: The CSS class `text` is used several times with a local override of `opacity: 0.6` it might be worth factoring out a dedicated CSS class for this like `dim-notification-text` or even just a class that only applies the opacity. IIRC this will help a bit with rendering performance.
Author
Owner

Good idea in general, but this has nothing to do with Move activities so it should be done outside of this PR.

Good idea in general, but this has nothing to do with `Move` activities so it should be done outside of this PR.
Johann150 marked this conversation as resolved
Johann150 added 1 commit 2023-03-22 20:28:21 +00:00
properly handle unresolvable move target
Some checks failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/push/lint-sw Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline failed
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-sw Pipeline failed
eb2f8cae13
amybones approved these changes 2023-03-22 21:53:49 +00:00
amybones left a comment
First-time contributor

Per discussion in preview review everything looks good to me, for whatever that's worth :)

Per discussion in preview review everything looks good to me, for whatever that's worth :)
Author
Owner

Thanks for your review!

re: the order of things - I have updated the READING.md file with a bit more details about how incoming (and outgoing) activities are being processed and where to look. Hopefully that helps.

tl;dr about your specific question: signatures are verified in the handler for the inbox queue, specifically starting from this line

Thanks for your review! re: the order of things - I have updated the [READING.md file](https://akkoma.dev/FoundKeyGang/FoundKey/src/branch/main/READING.md) with a bit more details about how incoming (and outgoing) activities are being processed and where to look. Hopefully that helps. tl;dr about your specific question: signatures are verified in the handler for the inbox queue, specifically [starting from this line](https://akkoma.dev/FoundKeyGang/FoundKey/src/commit/f1d7357e752a4e28cc5a955be729a7194cc08a57/packages/backend/src/queue/processors/inbox.ts#L66)
First-time contributor

tl;dr about your specific question: signatures are verified in the handler for the inbox queue, specifically starting from this line

Aha yeah, I was 99% sure that was verifying things, but again, still familiarizing myself with the code base.

> tl;dr about your specific question: signatures are verified in the handler for the inbox queue, specifically [starting from this line](https://akkoma.dev/FoundKeyGang/FoundKey/src/commit/f1d7357e752a4e28cc5a955be729a7194cc08a57/packages/backend/src/queue/processors/inbox.ts#L66) Aha yeah, I was 99% sure that was verifying things, but again, still familiarizing myself with the code base.
Johann150 manually merged commit bc51450fea into main 2023-03-23 20:48:19 +00:00
Johann150 deleted branch account-moving 2023-03-23 20:48:25 +00:00
Sign in to join this conversation.
No reviewers
No labels
feature
fix
upkeep
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference: FoundKeyGang/FoundKey#309
No description provided.