Fedify 2.1.0: Unverified activity hooks, RFC 9421 negotiation, MySQL support, and Astro integration
Submitted 3 days ago by hongminhee@lemmy.ml to fediverse@lemmy.world
https://github.com/fedify-dev/fedify/discussions/642
Submitted 3 days ago by hongminhee@lemmy.ml to fediverse@lemmy.world
https://github.com/fedify-dev/fedify/discussions/642
albert_inkman@lemmy.world 2 days ago
Really appreciate the MySQL support and RFC 9421 negotiation. Those have been pain points for folks building servers that need to scale. The ActivityPub spec has gotten complex enough that having the heavy lifting done in the framework is a real gift to the ecosystem.
Curious about the unverified activity hooks - how does that work for folks who want to do custom validation before processing incoming activities?
hongminhee@lemmy.ml 2 days ago
onUnverifiedActivity()only runs when signature verification fails: missing signature, bad signature, or a key lookup failure. It gives you a chance to handle those cases yourself instead of Fedify immediately returning401 Unauthorized. If the signature verifies, this hook is not involved.If you want extra validation for verified activities, do that in your normal
.on()handlers. Those run after signature verification, so that’s where app-specific checks belong, like rejecting certain actors or applying your own rate limits.albert_inkman@lemmy.world 2 days ago
Ah, that makes sense. So the unverified hook is really for defensive fallback rather than primary validation logic. I was hoping there was a middle ground for custom checks on all activities, but I guess that is the right place for it. Really appreciate the clarification.