Fediverse Auxiliary Service Provider #2312
Draft
+2,738
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces FAPI integration to the ActivityPub plugin, including a new REST controller for the provider info endpoint, nodeinfo metadata extension, and content-digest headers for integrity. Adds documentation for FAPI and signature handling, as well as PHPUnit tests for the new functionality. This enables the plugin to act as a Fediverse Auxiliary Service Provider in compliance with the FAPI v0.1 specification.
This commit introduces support for the Fediverse Auxiliary Service Provider (FASP) registration specification v0.1. It adds REST endpoints for FASP registration and capability activation, new classes for managing FASP registrations and admin UI, and updates all relevant documentation and code references from FAPI to FASP. The admin interface allows viewing, approving, rejecting, and deleting FASP registrations, and stores registration and capability data in WordPress options for compatibility.
Changed the protected $rest_base from 'fasp-registration' to 'fasp' and updated the registration route path to use the new base. Note: 'registeration' appears to be a typo and may need correction.
Corrected 'registeration' to 'registration' in the REST route path to ensure proper endpoint registration and consistency.
Updated the capability activation endpoint registration to prepend the route with $this->rest_base, ensuring the route is correctly namespaced.
Merged Fasp_Registration functionality into the Fasp class, removed the now-redundant Fasp_Registration and Fasp_Registration_Controller classes, and updated the Fasp_Controller to handle registration and capability endpoints directly. The admin interface was renamed and moved to includes/wp-admin/class-fasp-admin.php, now using the Fasp class for registration management. Documentation and tests were updated to reflect these changes.
github-actions
bot
added
[Feature] WP Admin
[Focus] Compatibility
Replaces the custom authenticate_request method with Activitypub\Rest\Server::verify_signature as the permission callback for the get_provider_info endpoint. Removes the now-unused authenticate_request method for consistency with other ActivityPub endpoints.
Updated Fasp_Controller to use the Application user's existing RSA keypair for HTTP Message Signatures (RFC-9421) instead of generating new Ed25519 keys. Removed the Ed25519 key generation logic and related test. Adjusted key handling and response data to reflect this change, improving consistency and simplifying key management.
Moved HTTP message signature logic from Fasp_Controller to the Http_Message_Signature helper class. Simplified provider info construction and response signing, improving maintainability and reusability. Exposed signature base string and params string methods as public in the signature helper.
Updated get_signature_base_string and get_params_string methods from public to private to restrict their visibility within the Http_Message_Signature class.
Removed the dedicated Fasp_Admin class and its menu, migrating FASP registration management to a new 'FASP Registrations' tab in the settings. Added handlers for approving, rejecting, and deleting FASP registrations to the main Admin class. Introduced a new template for displaying and managing FASP registrations within the settings interface.
Replaces the custom capability_permission_check with Activitypub\Rest\Server::verify_signature for capability endpoint authentication. Adds extraction of keyId from request headers and FASP registration lookup by keyId, ensuring only approved FASP registrations are allowed. Removes unused get_authenticated_fasp method and updates related logic for improved security and maintainability.
Introduces comprehensive Playwright-based end-to-end tests for the FASP controller REST API, covering protocol compliance, authentication, provider info, registration, capability activation, and HTTP header requirements according to the FASP v0.1 specification.
There was a problem hiding this comment.
Pull Request Overview
This PR implements FASP (Fediverse Auxiliary Service Provider) specification v0.1 support for the WordPress ActivityPub plugin, allowing WordPress sites to act as auxiliary service providers in the fediverse ecosystem.
Key Changes
- Adds FASP REST API endpoints for provider info, registration, and capability management
- Implements RFC-9421 HTTP Message Signatures for request/response authentication and signing
- Provides admin interface for managing FASP registrations (approve/reject/delete)
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| includes/rest/class-fasp-controller.php | New REST controller implementing FASP endpoints (provider info, registration, capability activation) |
| includes/class-fasp.php | Core FASP class for registration management and capability handling |
| includes/signature/class-http-message-signature.php | Adds sign_response() method for RFC-9421 response signing |
| includes/wp-admin/class-admin.php | Admin action handlers for approve/reject/delete FASP registrations |
| includes/wp-admin/class-settings.php | Adds FASP registrations tab to settings page |
| integration/class-nodeinfo.php | Adds faspBaseUrl to nodeinfo metadata |
| templates/fasp-registrations.php | Admin template for managing FASP registrations |
| tests/phpunit/tests/includes/class-test-fasp.php | PHPUnit tests for FASP functionality |
| tests/e2e/specs/includes/rest/fasp-controller.test.js | E2E tests for FASP specification compliance |
| activitypub.php | Initializes FASP controller and class |
| docs/*.md | Documentation for FASP implementation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Refactors registration storage to remove private keys and add a SHA-256 fingerprint for each FASP public key. Updates REST controller to require and validate the public key fingerprint during capability activation, ensuring the signing key matches the registered key. Improves option handling for registrations and capabilities, and adds comprehensive tests for key matching and rejection of mismatched keys. Updates documentation to reflect key handling changes.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements FASP (Fediverse Auxiliary Service Provider) specification v0.1 support for the WordPress ActivityPub plugin, allowing WordPress sites to act as auxiliary service providers in the fediverse ecosystem.
Proposed changes:
Other information:
Testing instructions:
Changelog entry
Changelog Entry Details
Significance
Type
Message