[watchdogtimer]

Before you go to the trouble of writing your own software, consider using one that's already been written. There are many[0] out there already besides Mastodon.

[0]- https://delightful.club/delightful-fediverse-apps/

[Timja]

Thanks, will look through these. But all of the ones I have looked at so far seem pretty complex with hundreds of files.

I don't know the fediverse protocol yet, but I would hope I can get away with just two files like this:

receive.php

    <?php
    if (!isset(servers_i_talk_to[$_SERVER['REMOTE_ADDR']]) die();
    $data = $_POST['msg']
    $file = 'log/' + time().'-'.mt_rand();
    file_put_contents($file, $data);

send.php

    <?php
    $data=$_POST['data'];
    for ($servers_i_talk_to as $server) {
        $url = "https://$server/receive.php";
        $msg = ['msg'=>$data];
        $opts = [
            'http' => [
                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
                'method'  => 'POST',
                'content' => http_build_query($msg)
             ]
        ];
        $context  = stream_context_create($opts);
        file_get_contents($url, false, $context);
    }

Where receive.php is openly accessible and send.php is protected by a password.

The endpoints are surely called differently than receive.php and send.php. But this is how I would hope ActivityPub works in principle.

Of course, this would be very bare. To read, I would have to read the raw log of ActivityPub messages and to post, I would have to manualy put together an ActivityPub message.

But I would be in the Fediverse and could add more convenience functionality later.

[half-kh-hacker]

It's not so simple.

In order to federate an object you must:

- send requests with proper 'HTTP Signatures' (many AP nodes have strict enforcement here)

- which requires you to have an actor with an attached signing pubkey

- so you have to host the LD-JSON actor descriptor on another endpoint

- actors MUST have an attached inbox & outbox, your receive endpoint will need to sit at your actor's inbox (on POST). both of these are OrderedCollections of Activities

- and in order to be properly interoperable you will probably need to maintain follow relations & write an endpoint which can ACK/NAK follows, etc etc

[Timja]

What do those "HTTP Signatures" do?

If admin of serverA decides to add serverB to the servers_i_talk_to array, they also ask serverB to give them a public key and from then on serverA only accepts messages from serverB if they are signed with the corresponding private key?

Is that so that serverB can change its IP without interrupting the communication with serverA?

[ryukafalz]

The fediverse is (generally) an open federation, not a closed one like you're describing. There is no manually-curated list of instances that you federate with.

[Timja]

I would expect "Open Federation" does not mean you need to talk to every instance out there directly. But that it works like a web where messages are routed around. I could be wrong. But I would expect the "servers_i_talk_to" array is what the instances output at the "peers" endpoint:

https://fosstodon.org/api/v1/instance/peers

[easrng]

There's not really any routing, but you don't need to send posts to every instance, just every instance that has users following your instance's users.

[half-kh-hacker]

HTTP signatures ensure that you can't send a message and spoof the user/instance that it's coming from. Think of it like DKIM for AP.

They commonly include the specific actor who is interacting with the network (via the instance), so we can also achieve correct-side enforcement of blocks.

[Timja]

With "actor" you mean "user"?

Every user has their own private key?

[easrng]

Sure an actor is basically a user, there's usually an "instance actor" though too that does some other things but I don't think having one is required. Every actor has a private key but it's kept on the server, it's basically an implementation detail.

[danielheath]

If you want something lightweight, consider https://humungus.tedunangst.com/r/honk - despite the “whimsical” UI, it’s very easy to run.

[Timja]

The download goes to tgz files. No GitHub or GitLab repo?

[danielheath]

No, although the author also maintains his own SCM host ( https://humungus.tedunangst.com/ ) where you can clone the repo.

[vedranm]

If you want a more lightweight server-side software that can access Fediverse, I found two good candidates (I am looking for other suggestions):

- GoToSocial: https://docs.gotosocial.org/

- Pleroma: https://pleroma.social/

[Timja]

    GoToSocial: 6849 files plus dependencies

    Pleroma: 2289 files plus dependencies

I might miss my target of 2 files. But I will surely not get the filecount go up to these extremes :)

[vedranm]

How about https://github.com/landrok/activitypub ? It's not two files, but it's PHP at least.

[Timja]

Nice!

283 files

Still crazy many, but I will look a into it in case https://microblog.pub turns out to be not what I am looking for.