A place to cache linked articles (think custom and personal wayback machine)
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

index.md 18KB

před 1 rokem
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. title: A highly opinionated guide to learning about ActivityPub
  2. url: https://tinysubversions.com/notes/reading-activitypub/
  3. hash_url: 8440372c6df33b8f23cfce7a9eca5961
  4. <p><em>by Darius Kazemi, Jun 1, 2019</em></p>
  5. <p>This document is for programmers who take one look at <a href="https://activitypub.rocks">activitypub.rocks</a>, click on through to the documentation, and can't make heads or tails of it.</p>
  6. <p>In other words this document is for me, one year ago.</p>
  7. <p><strong>IMPORTANT NOTE: This document does not explain ActivityPub. It explains <em>how to learn about ActivityPub</em>.</strong></p>
  8. <p>If you want THE ULTIMATE TL;DR, just <a href="#the-ultimate-tl-dr">skip to that section</a>.</p>
  9. <h2 id="introduction">Introduction</h2>
  10. <p>The one big misunderstanding that a programmer can have when attempting to learn about ActivityPub is to assume that all the information you need is in the ActivityPub spec! Really, to learn about ActivityPub in such a way that it will be useful in a concrete sense, you need to be familiar with three specs:</p>
  11. <p>Those two extra documents are in fact mentioned in the ActivityPub spec itself, so I'm not claiming that they are somehow hidden. But I'm a lazy, impatient reader. When I'm given a spec like ActivityPub that is ~10,000 words of spec language... well. I'm going to try and take all the shortcuts I can.</p>
  12. <p>I thought I was the only programmer with this problem, but as I spoke to more and more people at conferences, I realized there are many others who, for example, look at ActivityPub and yet have no idea there exists an Activity Vocabulary spec.</p>
  13. <h3 id="start-with-activity-vocabulary">Start with Activity Vocabulary</h3>
  14. <p>I am a concrete thinker. I don't like reading about a system for passing messages between computers if I can't have some sort of understanding of <em>what exactly</em> is being passed around.</p>
  15. <p>Unfortunately, the ActivityPub spec is mostly all about the "publication" part and not the "what data are we sending around" part.</p>
  16. <p>For this reason, <strong>I recommend that you start your journey into ActivityPub by first reading the <a href="https://www.w3.org/TR/activitystreams-vocabulary/">Activity Vocabulary spec</a></strong>.</p>
  17. <h2 id="reading-activity-vocabulary">Reading Activity Vocabulary</h2>
  18. <p>This spec is in five non-appendix sections:</p>
  19. <ol>
  20. <li>Introduction</li>
  21. <li>Core Types</li>
  22. <li>Extended Types</li>
  23. <li>Properties</li>
  24. <li>Implementation Notes</li>
  25. </ol>
  26. <h3 id="introduction">Introduction</h3>
  27. <p>The intro is brief, and is your usual spec boilerplate about the definitions of MUST and SHOULD.</p>
  28. <h3 id="core-types">Core Types</h3>
  29. <p>"Core Types" is where you might think you should start. It's the core, right? Well, you're wrong. The first thing you're hit with is a definition of <strong>Object</strong>:</p>
  30. <blockquote>
  31. <p>Describes an object of any kind. The Object type serves as the base type for most of the other kinds of objects defined in the Activity Vocabulary, including other Core types such as Activity, IntransitiveActivity, Collection and OrderedCollection. </p>
  32. </blockquote>
  33. <p>The example given is:</p>
  34. <pre><code>{
  35. "@context": "https://www.w3.org/ns/activitystreams",
  36. "type": "Object",
  37. "id": "http://www.test.example/object/1",
  38. "name": "A Simple, non-specific object"
  39. }
  40. </code></pre><p>Wow. That's real useful. Now I know how to define a non-specific thing with no properties.</p>
  41. <p>(Aside: this "begin from first principles" thing is a problem with almost all spec writing. It is largely <em>how specs are written</em> and it fucking blows. The authors of these documents are just following tradition and I do not wish to paint these specs as particularly bad.)</p>
  42. <p>Just skip the Core Types for now and move onto section 3, Extended Types.</p>
  43. <h3 id="extended-types">Extended Types</h3>
  44. <p>Ah, Extended Types. Or as I like to call them: the actually-useful types. Something like 50% of the stuff you actually care about is in this section.</p>
  45. <p>We are given three major kinds of "types". (Um, by the way, this isn't quite a "type" as you may know it. It's really more like a JSON data format.)</p>
  46. <ul>
  47. <li>Activity Types</li>
  48. <li>Actor Types</li>
  49. <li>Object Types</li>
  50. </ul>
  51. <h4 id="activity-types">Activity Types</h4>
  52. <p>We are once again immediately hit over the head with this doozy of a sentence:</p>
  53. <blockquote>
  54. <p>All Activity Types inherit the properties of the base <strong>Activity</strong> type.</p>
  55. </blockquote>
  56. <p>While this does make sense in a highly specific way that is unique to specification writing, please just skip this sentence and all sentences like it (there is at least one other saying the same thing about Object Types).</p>
  57. <p>Best to avoid the near-tautological definitions required for writing things like parsers and instead skip to the concrete stuff. Scroll down and you'll see that Activity Types include things like:</p>
  58. <p>Hey!! This is good! This is like... stuff that users do on social networks. Now we're getting somewhere.</p>
  59. <p>Browse over all the activities. Look at the "Notes" section and glance at the example JSON object. There are some interesting activity types in there! For example, there's <strong>Question</strong>, which is the activity type that Mastodon uses in its implementation of polls. And there's <strong>Travel</strong>, which is meant to indicate movement from geographic (or even conceptual) point A to point B! You might make extensive use of this if your social network supported a Facebook style "I've checked in to New York City right now" post. There's even a <strong>View</strong> activity, which can be used for read receipts.</p>
  60. <p>Anyway, read 'em.</p>
  61. <h4 id="actor-types">Actor Types</h4>
  62. <p>An <strong>Actor</strong> is what you might think of as a user agent. It can be a person, a bot, a company, a group of people, and more. But the important thing is: an <strong>Actor</strong> is the <em>thing that is doing</em> an <strong>Activity</strong>.</p>
  63. <p>So a normal post to Mastodon is a <strong>Person</strong> actor doing a <strong>Create</strong> activity (what is being created is defined in the next section, Object types). Or if a company sent out discount codes to its followers, that would be an <strong>Organization</strong> doing an <strong>Offer</strong> activity.</p>
  64. <p>There aren't many <strong>Actor</strong> types listed so just read them all.</p>
  65. <h4 id="object-types">Object Types</h4>
  66. <p>Yeah. I know. "Object" is probably the most overloaded English word in programming and we're already on our second thing called an object in this one spec. I'm sorry. Deep breaths, we'll get through this.</p>
  67. <p>Anyhow. These are the meat and potatoes of what actually gets sent around these networks. Object types include:</p>
  68. <p>...and several more. So when you make a regular text post to Mastodon, that is a case where a <strong>Person</strong> will <strong>Create</strong> a <strong>Note</strong>.</p>
  69. <h4 id="putting-it-all-together">Putting it all together</h4>
  70. <p>Here's some code from <a href="https://github.com/dariusk/express-activitypub/">a small ActivityPub reference implementation I wrote</a></p>
  71. <pre><code> let noteMessage = {
  72. 'id': `https://${domain}/m/${guidNote}`,
  73. 'type': 'Note',
  74. 'published': d.toISOString(),
  75. 'attributedTo': `https://${domain}/u/${name}`,
  76. 'content': text,
  77. 'to': ['https://www.w3.org/ns/activitystreams#Public'],
  78. };
  79. let createMessage = {
  80. '@context': 'https://www.w3.org/ns/activitystreams',
  81. 'id': `https://${domain}/m/${guidCreate}`,
  82. 'type': 'Create',
  83. 'actor': `https://${domain}/u/${name}`,
  84. 'to': ['https://www.w3.org/ns/activitystreams#Public'],
  85. 'cc': [follower],
  86. 'object': noteMessage
  87. };
  88. </code></pre><p>I construct the <strong>Note</strong> object and the <strong>Create</strong> activity. The <strong>Note</strong> object gets embedded inside the <strong>Create</strong> activity, which indicates that we are <strong>Creat</strong>-ing a <strong>Note</strong>. What about the <strong>Person</strong>? That's implied in the 'actor' field of the <strong>Create</strong>, and that URL is the equivalent of passing the <strong>Person</strong> by reference. Any program parsing this out could query that URL and get the JSON of the <strong>Person</strong> from there.</p>
  89. <h3 id="properties">Properties</h3>
  90. <p>If you're wondering what those "id", "cc", and so on fields mean, you're in luck. Those are described in this section, which contains the <em>other</em> 50% of the stuff you care about.</p>
  91. <p>Read this section, if only to familiarize yourself with what's here. That way you'll know to come back here when you see something like "prev" in a JSON object and wonder how that's supposed to be constructed.</p>
  92. <h3 id="implementation-notes">Implementation Notes</h3>
  93. <p>This is where the concrete examples of things like "how to represent a friend request" live. Definitely worth reading this section as well, though on a first run through you really only need to read:</p>
  94. <ul>
  95. <li>5.1: Audience targeting (not about advertising, this is about what the "to" and "cc" fields mean. It's the difference between a direct message and a public message, for example.)</li>
  96. <li>5.2.1: Modeling a "friend request"</li>
  97. <li>5.5: How <strong>Undo</strong> does and does not work</li>
  98. <li>5.8: A nice conceptual grouping of what circumstances you might use different Activities in</li>
  99. </ul>
  100. <h2 id="reading-activitypub">Reading ActivityPub</h2>
  101. <p>Next, read <a href="https://www.w3.org/TR/activitypub/">the ActivityPub spec</a>. It's in seven major sections:</p>
  102. <ol>
  103. <li>Overview</li>
  104. <li>Conformance</li>
  105. <li>Objects</li>
  106. <li>Actors</li>
  107. <li>Collections</li>
  108. <li>Client to Server Interactions</li>
  109. <li>Server to Server Interactions</li>
  110. </ol>
  111. <p>But first, a word about JSON-LD.</p>
  112. <h3 id="a-note-on-json-ld">A note on JSON-LD</h3>
  113. <p>Starting with the ActivityPub spec, you're going to see <a href="https://json-ld.org/">JSON-LD</a> mentioned a bunch. You don't have to care about this at all. For our purposes it's JSON with some specific property names in it, and where you follow links to complete the content of an object. Is this technically 100% correct? No. But if you were the kind of person who cared about the difference between JSON-LD and JSON, you'd probably be writing your own spec right now instead of reading this article.</p>
  114. <h4 id="following-links-in-json">Following links in JSON</h4>
  115. <p>One important thing to note about the kind of JSON stuff you'll be seeing is that you'll often see a URI embedded in a JSON object. Take the following example of an object with no URI anywhere in it:</p>
  116. <pre><code>{
  117. "id": 1234,
  118. "object": {
  119. "type": "Note",
  120. "content": "Hello world."
  121. }
  122. }
  123. </code></pre><p>Other times you'll see something like:</p>
  124. <pre><code>{
  125. "id": 1234,
  126. "object": "https://example.com/5678"
  127. }
  128. </code></pre><p>But then if you do a GET request with the appropriate headers to "<a href="https://example.com/5678">https://example.com/5678</a>", you'll get</p>
  129. <pre><code>{
  130. "type": "Note",
  131. "content": "Hello world."
  132. }
  133. </code></pre><p>These two JSON things comprise the exact same information as that first JSON thing. It's just split across two HTTP requests. When you encounter a URI in one of these JSON objects, the idea is to follow the URI in order to resolve it into plain JSON and consider that the sub-object.</p>
  134. <h3 id="overview">Overview</h3>
  135. <p>Read this whole thing. You probably tried to read this once, before reading the Vocabulary spec, and if you're anything like me you were extremely confused. I promise it will be less confusing this time.</p>
  136. <p>Basically it explains that you're taking these JSON things described in the Vocabulary spec and POSTing them to specific API endpoints, which process them.</p>
  137. <h3 id="conformance">Conformance</h3>
  138. <p>A short section that you might as well read. This is where it's made clear that this document actually describes <em>two separate protocols</em>. There is a Client to Server (C2S) and Server to Server (S2S).</p>
  139. <p>In order to make your service "federated" via ActivityPub, <em>the only protocol you really care about is the server to server protocol</em>. S2S is how a Mastodon server can talk to a Pleroma server can talk to a Pixelfed server etc etc. Federation as we know it.</p>
  140. <p>The C2S protocol is about <em>user choice</em>. It's a good thing, but it has nothing to do with federation. It's a standard way for user client software, like a phone app, to talk to a server. If we lived in a world where Mastodon and Pleroma and Pixelfed all used the C2S protocol, then in theory I could easily write a phone app that connects to all three of those services, and users could mix and match clients with servers to their heart's delight. A new service could pop up that I didn't even know about, but if it used C2S my phone app would be minimally compatible with it. (We do not live in this world, most federated services do not implement C2S, but this is the vision, to my understanding.)</p>
  141. <h3 id="objects">Objects</h3>
  142. <p>This will be a much easier read now that you've read over the Vocabulary document.</p>
  143. <p>Specifically, sections 3, 3.1, and 3.2 are really important and discuss why, for example, if you send a message to a remote server, it should have some way of querying your server to confirm the message. I originally thought that I could get away with just sending messages into the void and not storing them in a local database, but I was wrong, because remote servers need to confirm that it's not just some random person claiming to send content from my own origin.</p>
  144. <h3 id="actors">Actors</h3>
  145. <p>So an ActivityPub actor is an Activity Vocabulary actor, with the mandatory addition of an inbox and and outbox, which are typically URIs that you either GET or POST to depending on what you want to do with them. For example, you can GET from a user's outbox URI and receive a JSON list of posts. Try it on my outbox from Friend Camp right now in your web browser by <a href="https://friend.camp/users/darius/outbox">browsing to this URL</a>. You should see something like this:</p>
  146. <pre><code>{
  147. "@context":"https://www.w3.org/ns/activitystreams",
  148. "id":"https://friend.camp/users/darius/outbox",
  149. "type":"OrderedCollection",
  150. "totalItems":5688,
  151. "first":"https://friend.camp/users/darius/outbox?page=true",
  152. "last":"https://friend.camp/users/darius/outbox?min_id=0&amp;page=true"
  153. }
  154. </code></pre><p>If you click through to <a href="https://friend.camp/users/darius/outbox?min_id=0&amp;page=true">the "last" URI</a>, you'll get 20 of my oldest posts from Friend Camp, including <a href="https://friend.camp/@darius/100538943364185987">this charmer</a>.</p>
  155. <p>Anyway, read this whole section too. It's short.</p>
  156. <h3 id="collections">Collections</h3>
  157. <p>Skip this for now. You'll absolutely want to come back to this later but you can probably figure out what collections are in context of their usage (hint: that outbox JSON is a type of collection; it contains paging data for iterating through collections of stuff).</p>
  158. <p>But seriously just skip this for now, you don't need to muddy your brain with it.</p>
  159. <h3 id="client-to-server-interactions">Client to Server Interactions</h3>
  160. <p>Look. If you want to support a universal client ecosystem, go ahead and read this section. But if you just want to write a federated service, skip it and come back to it later.</p>
  161. <h3 id="server-to-server-interactions">Server to Server Interactions</h3>
  162. <p>Read this whole thing. This one section, combined with the Activity Vocabulary spec, forms the absolute basics of getting a federated service up and running. The Vocabulary spec tells you <em>what</em> to send, and this section tells you <em>how</em> to send it.</p>
  163. <p>Among other things, it discusses the difference between an <code>inbox</code> and a <code>sharedInbox</code>. It talks about how to <strong>Follow</strong> an <strong>Actor</strong>, and how someone might <strong>Accept</strong> or <strong>Reject</strong> a follow request. It talks about <strong>Announce</strong>, which in addition to literally being for announcements, is also your standard "sharing" activity, like an RT on Twitter or a boost on Mastodon.</p>
  164. <h2 id="reading-activitystreams-2-0">Reading ActivityStreams 2.0</h2>
  165. <p>Eh. Don't read it now. Skim the table of contents. There will be bits of ActivityPub that don't make sense without the ActivityStreams 2.0 spec, but those will be more advanced questions you'll have later.</p>
  166. <h2 id="the-ultimate-tl-dr">THE ULTIMATE TL;DR</h2>
  167. <ul>
  168. <li>Read the <a href="https://www.w3.org/TR/activitystreams-vocabulary/">Activity Vocabulary spec</a>, sections 3, 4, 5.1, 5.2.1, 5.5, and 5.8</li>
  169. <li>Read the <a href="https://www.w3.org/TR/activitypub/">ActivityPub spec</a>, sections 1, 2, 3, 4, and 7</li>
  170. <li>Familiarize yourself with the table of contents for the <a href="https://www.w3.org/TR/activitystreams-core/">ActivityStreams 2.0 spec</a>.</li>
  171. </ul>
  172. <h2 id="go-forth-and-make-stuff">Go forth and make stuff</h2>
  173. <p>Assuming you&#39;ve done all this reading, the knowledge you have right now should hopefully be enough to start hacking on sending simple messages via ActivityPub.</p>
  174. <p>I recommend reading these two articles by Eugen Rochko, the creator of Mastodon:</p>
  175. <ul>
  176. <li><a href="https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/">How to implement a basic ActivityPub server</a></li>
  177. <li><a href="https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/">How to make friends and verify requests</a></li>
  178. </ul>
  179. <p>If you&#39;re like me and you enjoy poking around at a simple implementation, I have written a bare bones JavaScript ActivityPub server using the popular Express application framework:</p>
  180. <ul>
  181. <li><a href="https://github.com/dariusk/express-activitypub">Express ActivityPub Server</a></li>
  182. </ul>