Relationship between fedeproxy and Mastodon

dachary · January 22, 2021, 9:33am

Let say a fedeproxy installation is made of two servers:

A Mastodon server in which user accounts represent a software project
- The URL of the user is for instance https://github.com/ceph/ceph
- The user logs in Mastodon using OAuth2 on github.com and if Mastodon see the user is an admin of https://github.com/ceph/ceph it allows the user to control this account otherwise it does not
- The Mastodon user account for https://github.com/ceph/ceph can be set to follow https://mygitlab.com/myuser/ceph
A fedeproxy server that is a client of the Mastodon server:
- Listening when it receives a “commit push” activity notification from a Mastodon user, for instance https://github.com/ceph/ceph
  - It gets the list of software projects it follows
  - For each of them it fetches the latest state of the repository which contains not only code but also the representation of tickets, merge requests etc.
  - Pushes the newer commits on https://github.com/ceph/ceph
  - Interprets the data and uses the forge API to keep it up to date (i.e. reads the file describing an issue and uses the API to update the issue with new comments)
- Periodically fetches the state of https://github.com/ceph/ceph and publishes a “commit push” activity if there is something new

In other words, there is no need for fedeproxy to know more about ActivityPub than what a well behaved client would. It should not be an ActivityPub server. It cannot, however, rely on a vanilla Mastodon server because it needs the OAuth2 token obtained from GitHub / GitLab to act on behalf of the user. And Mastodon must also be able to only allow users that are admins of a given software project to control the account. The list of projects that are followed is assumed to be consistent because the admins update it.

I should look into Mastodon to see how / if it can be extended with plugins, what is the state of the OAuth2 implementation, if there are plugins or extensions.

dachary · January 22, 2021, 9:54pm

This does not suggest there are “mastodon plugins” that could help with modifying mastodon. Also, there currently is no way for mastodon to use an external OAuth2 provider, such as GitHub or GitLab. There are third party apps and a mastodon API to implement them. But there are a few and all of them provide functionalities that are very similar to the default web application.

dachary · January 22, 2021, 10:04pm

Gargon wrote:

f you want to contribute to Mastodon without using GitHub, you can export your git commits from your local repository as patch files and send them to hello@joinmastodon.org. I will create a pull request on your behalf and the commits will be authored by you.

dachary · January 22, 2021, 10:59pm

Gargron

Mastodon includes the omniauth gem, through which e.g. CAS and SAML systems are connected. Using omniauth it should be possible to support sign up through any OAuth service.

However, I don’t see how I could make this any easier to integrate since every service requires some level of customization. It might be as easy as adding a new line in here for some: https://github.com/tootsuite/mastodon/blob/master/config/initializers/omniauth.rb I haven’t tried.

aschrijver · January 23, 2021, 7:50am

If you decide on a close alignment with Mastodon, then you should be aware of places where Mastodon - as the early adopter and leading project on the Fediverse - made implementation choices to fill in blanks of the AP specification, that are less desirable to be kept around as the fediverse evolves.

Many AP devs, out of convenience, model their projects on Mastodon concepts and code, and with that are deviating from directions that the spec authors (Christopher Lemmer Webber et al) intended the specs to evolve. Most prominent choice here is to support the Mastodon API for client interaction, instead of implementing a spec-compliant AP Client 2 Server API.

Just a heads up, as I am not in the know of the full technical intricacies you may encounter. The true danger is a split in the Fediverse with one part following the Mastodon way, and the other part following the specs.

dachary · January 23, 2021, 8:00am

I would prefer to use a conformant ActivityPub client 2 server library, thanks for the warning. D you know of a library (any language, not just python although I would prefer python) that is well maintained and conformant?

dachary · January 23, 2021, 8:07am

This is where I’ll find answers, thanks for the link! I’m still very interested in your opinion though.

aschrijver · January 23, 2021, 8:10am

Besides the aforementioned Go-Fed, there’s another Go project FedBox with a C2S implementation, and I believe Bonfire (formerly CommonsPub) also has a C2S implementation.

Other than that I strongly recommend joining SocialHub and participate in the discussions there. Here’s a search for C2S:

The AndStatus client has a nice issue going of stuff they encountered implementing C2S from the client-side:

dachary · January 23, 2021, 8:35pm

Since Mastodon is not very flexible with regard to how it handles user permissions / authentication or additional functionalities, it would make more sense for a proof-of-concept to embed Mastodon rather than making it the UI.