Refactor: Extract Application from the shared actor pipeline#2926
Draft
pfefferle wants to merge 13 commits into
Draft
Refactor: Extract Application from the shared actor pipeline#2926pfefferle wants to merge 13 commits into
pfefferle wants to merge 13 commits into
Conversation
The Application actor is not a real actor — it cannot be followed, addressed, or interacted with. It exists only as a JSON-LD document and a signing identity for outbound HTTP GET requests. This introduces a standalone `Application` utility class with static methods for identity (`get_id()`, `get_url()`, `get_webfinger()`) and key management (`get_key_id()`, `get_public_key()`, `get_private_key()`). - Remove `APPLICATION_USER_ID` (-1) from `Actors` collection - Remove Application cases from `user_can_activitypub()`, Follow handler, Mailer, Outbox, CLI, Health Check, and Stream connector - Make `Application_Controller` delegate to the new `Application` class - Deprecate `Model\Application` (kept for backward compatibility) - Rename option from `activitypub_keypair_for_-1` to `activitypub_application_keypair` with migration - Add self-contained WebFinger discovery via `webfinger_data` filter, handling `acct:`, `/@application`, and REST API URL patterns
- Add missing backslash prefix on \_deprecated_class() call. - Fix WP_Query parameter from 'number' to 'posts_per_page'. - Guard strtotime() against false when post_date_gmt is empty. - Add 'invisible' property to Application REST schema. - Use pretty URL for Application 'url' field. - Add @SInCE unreleased tags to new Application class. - Add comment explaining @Application rewrite rule ordering.
- Remove Application user (ID -1) from Following test. - Add backslash prefix to wp_cache_flush() in Migration. - Add backslash prefix to is_string() in Application.
github-actions
Bot
added
[Feature] CLI
[Feature] Collections
[Feature] Health Check
[Feature] Notifications
[Feature] REST API
[Feature] WP Admin
[Focus] Compatibility
Run the Application WebFinger filter at priority 2 (after Integration\Webfinger::add_pseudo_user_discovery at priority 1) so the Application JRD is not overwritten by a WP_Error. Register a /application/outbox route returning an empty OrderedCollection to back the URL already advertised in the Application actor document.
- Backslash-prefix `is_string()` calls in Application::generate_key_pair(). - Use `update_option()` instead of `add_option()` to prevent keypair race. - Use Application::get_webfinger() in health check so it works regardless of actor mode or authentication context. - Add `@since unreleased` to generate_key_pair(), check_legacy_key_pair(), and Application_Controller::get_item(). - Add negative test for `acct:application@host` resolving to WP_Error in the Actors collection.
- Probe the Application endpoint (GET-readable) instead of the shared inbox (POST-only) in is_rest_api_accessible() health check. - Guard strrchr() return in is_application_resource() to avoid passing false to substr() (PHP 8 deprecation). - Fix migration docblock: clarify that legacy separate key options are migrated lazily, not by this function. Add missing @SInCE tag.
…lication-from-actor-system # Conflicts: # includes/class-migration.php # includes/class-router.php # tests/phpunit/tests/includes/class-test-migration.php # tests/phpunit/tests/includes/collection/class-test-following.php
- Restore Actors::APPLICATION_USER_ID as a deprecated back-compat constant (class-stats-image.php still references it; removing it caused a fatal). - Cover the activitypub_keypair_for_-1 option in check_legacy_key_pair() so the Application signing key is never regenerated when get_keypair() runs before the keypair migration. - Add changelog entry.
- following: drop the stray $accept_5 block (no $outbox_item_5 setup; left over from the trunk merge) that caused an undefined-variable error and phpcs warnings. - feature-request: resolve the Application id via \Activitypub\Application::get_id() instead of Actors::get_by_id( -1 ) (which now returns WP_Error → get_id() fatal). - interaction-policy: declare the expected Model\Application deprecation notice.
- stats-image: resolve the Application webfinger via the new \Activitypub\Application::get_webfinger() instead of instantiating the deprecated Model\Application (which emitted a deprecation notice). - application: move class constants to the top of the class. - migration: drop the orphaned activitypub_keypair_for_-1 row when the destination keypair option already exists (early get_keypair() read).
- Reserve the 'application' username in Actors::get_id_by_username() so the advertised /@Application handle can't be hijacked by a local user named 'application' during shared-inbox recipient resolution (the special-case was dropped when the Application left the Actors collection). - Re-apply the activitypub_activity_object_array and activitypub_activity_application_object_array filters in the /application endpoint so integrations that add actor fields via those hooks still apply.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #
Proposed changes:
\Activitypub\Application) and self-contained REST controller.-1flowing throughActors::get_by_id(). It exists only as a JSON-LD document and HTTP signing identity.Actors::APPLICATION_USER_IDconstant and all-1guard clauses from Mailer, Follow handler, CLI, Health Check, Outbox, Stream integration, etc.activitypub_keypair_for_-1toactivitypub_application_keypair, with legacy fallback.\Activitypub\Model\Applicationwith_deprecated_class()notice pointing to the new classes.@applicationrewrite rule so the pretty URL resolves outside the actor routing system.WP_Queryparameter (number→posts_per_page) and guardstrtotime()against emptypost_date_gmt.Other information:
Testing instructions:
https://example.com/wp-json/activitypub/1.0/applicationreturns a valid Application actor withpublicKey,inbox,outbox, and proper@context.https://example.com/@applicationredirects/resolves to the Application endpoint.acct:application@example.comreturns correct data.Changelog entry
Changelog Entry Details
Significance
Type
Message
Extract Application from the shared actor pipeline into a standalone utility class.