Published a blog about the new Social Inbox tool we've made at which makes it easy to add to your static websites.

@mauve this is fucking sick and I've wanted something approaching this for a while!

@aynish Yeah feel free to poke me if you'd like to dig into it together :)

@mauve Great work! I too wanted a simple #ActivityPub implementation written in typescript for my artwork website.

What I find most frustrating right now is that there's no single node / deno / bun agnostic server that's easily "pluginable".

Your index file is a executable

I do wish we had a javascript runtime-independent pluginable server. Like wordpress plugins, instagram-like gallery, microblog, blog, newsletter, even ecommerce all plugins.

@thomasreggi Yeah it's rough that the most "standard" js is for talking to external services rather than adding extra ones the way people do with Apache and the such. I guess one could plug node into a CGI script though :P

Personally I'm aiming to reduce the use of webservers in the first place and to rely more on static site publishing and client side rendering.

@mauve I do feel pretty jaded with servers too and static hosting just feels so good. I just kinda think that databases and dynamism is key for real-world apps, queries and stuff like that.

I did just go down a "Ranger Mauve" rabbit hole and watched your youtube videos 😜. I've been thinking alot about worker-owned cooperatives and "ethical software hosting". P2P could be a way out of all of that, really exciting stuff. Really like the android-device-mesh idea and Agregore in general 💜💚.

@thomasreggi @mauve It's not a "pluginable JS server" but I'm hoping my project will help fulfill that need at some point.

Running something like the above "AP for static sites" is just the kind of use case I envisioned for Dropserver.

(Right now it would not be possible to implement this because Dropserver doesn't support outbound requests, which I am sure is a requirement here. But I will add this at some point for sure.)

@teleclimber @mauve seems we're on the same page. Both inspired by deno's 👀.

I've been thinking about about self-hosting and how much of a pain it is, ram cost, cpu cost. Would love a single. port, process, server that can run everything. Tinkering around with

Ideally you just have one personal postgres database and can use that for personal data / read-writes. I've been working on an agnostic json-schema-based system

@teleclimber @mauve good but i'm afraid to share the sites with others because it's a commitment 😭

@mauve Really cool idea!

Quick question on branch hygiene. From looking at the pull requests, it seems as though various feature branches have been hanging around in the repo after getting merged into initial.

However, nothing has yet landed on main (the default). Is that just a way of telling outsiders this isn't ready to look at yet?

@pevohr Ah! We're putting in some last minute changes that might be breaking apis but I'm hoping to tag 1.0 within a week or two. Main thing right now is indexing replies so you can pull them into your post metadata.

It should be *mostly* stable :P

@mauve Nice! It's not that hard to figure out what's going on if you happen to click the branches link:

But if you don't, anyone new to the project winds up on the "main" branch (default) + thinks nothing has happened since July because all the active work is being done on the (non-default) "initial" branch.

@mauve This looks really cool. I've managed to get the static part working with my hugo site: @site

However, got stuck on registering the account on the inbox server. Any chance for a more user friendly interface or better documentation how to do it for example with curl?

@rra @site Hmm are you self hosting your inbox instance? We have swagger docs generated at /v1/docs

Sadly swagger doesn't have the HTTP auth stuff built in so we don't have an out of the box UI yet.

We use the http signature spec for authentication so you shoukd sign yout request with the private key corresponding to your actor's public key:

@mauve ah the swagger docs are really handy. So if I understand correctly I won't be able to complete my post request with curl, but need to use client.setInfo() instead?

@rra sadly the client API is still a WIP but my colleague should be getting to it next week ish. I'll see if I can get a lil somethin done before then though.

technically it should be possible to do it witg curl, you just need to do the digest calculation and signing stuff with openssl or similar. Sadly I don't have ready examples of it cause we did it in js.

Here's how we do it so far:

@mauve Hi thanks for the suggestion! Together with @cblgh we managed to recreate the signing code pretty close before you sent it! However we get Bad Request but we're also unsure whether we're overlooking something. Maybe you have an idea?

@rra @cblgh Oh I think you're missing the `Content-Type` header indicating the body is JSON

@mauve @cblgh I'm still getting a 400 ("message": "\"[object Object]\" is not valid JSON") so I'm guessing our script doesnt send something yours likes. Anyway I'm out of ideas. If you have a moment to make a script based on the repos code to request an account that would be appreciated. Otherwise I'll wait for a later stage of the release.

@rra @cblgh ah that's due to your code passing in the parsed object of the credwntials instead of the credentials atrinf. Fetch doesn't automatically json stringify sadly

@rra @cblgh K! We had a bug in how we authenticated methods which I just fixed today. I also added an account creation script to my staticpub example:

Should all be working now!

@mauve Great! I get a 200 indeed (both with your code and the one @cblgh wrote).

This seems to indicate success, but when I then query the user account or do any other action (list admins for instance) I get 500 with "Cannot read properties of undefined (reading 'matchAll')"

I can see that the post request has added something to the store, so the account is there.

This is the path:

This is the actor:

@cblgh let us know whether you want to be untagged from this :)

@rra @mauve i don't mind :) it's fun to ambiently know how it's going

@rra @cblgh K! We had some bugs that came from overhauling our auth code, it should be working again for real. :P Make sure your requests are all signed!

@mauve @cblgh ah good! Will try it one of these days. Should I also sign my GETs?

@rra @cblgh Yup! At the moment all the APIs are only available to admins or inbox owners other than a POST to `/v1/:actor/inbox` which requires the author of the activity to sign their request.

Sign in to participate in the conversation

Escape ship from centralized social media run by Mauve.