refactor: 🔥 Remove Server Actors

2025-12-06 14:28:20 +01:00 · 2024-08-17 14:48:43 +02:00 · 2024-08-17 14:48:43 +02:00 · c074e6e38e
parent c1e94ce128
commit c074e6e38e
7 changed files with 28 additions and 11 deletions
--- a/app/changelog/page.mdx
+++ b/app/changelog/page.mdx
@ -31,3 +31,4 @@ This page lists changes since Working Draft 03. {{ className: 'lead' }}
 - Renamed `Undo` to [Delete](/entities/delete).
 - Added [Unfollow](/entities/unfollow) entity.
 - Completely rework [ServerMetadata](/entities/server-metadata).
+- Remove Server Actors, and move instance public keys to [ServerMetadata](/entities/server-metadata).
--- a/app/entities/delete/page.mdx
+++ b/app/entities/delete/page.mdx
@ -13,7 +13,7 @@ Implementations **must** ensure that the author of the `Delete` entity has the a

 Having the authorization is defined as:
 - The author is the creator of the target entity (including [delegation](/delegation)).
- The author is the server actor.
+- The author is the instance.

 ## Entity Definition

@ -23,8 +23,8 @@ Having the authorization is defined as:
            <Property name="uri" type="null" required={false}>
                This entity does not have a URI.
            </Property>
-            <Property name="author" type="URI" required={true} typeLink="/types#uri">
-                URI of the `User` who is deleting the entity.
+            <Property name="author" type="URI | null" required={true} typeLink="/types#uri">
+                URI of the `User` who is deleting the entity. [Can be set to `null` to represent the instance](/entities/server-metadata#the-null-author).
            </Property>
            <Property name="target" type="URI" required={true} typeLink="/types#uri">
                URI of the entity being deleted.
--- a/app/entities/page.mdx
+++ b/app/entities/page.mdx
@ -82,4 +82,4 @@ Any field in an entity not marked as `required` may be omitted or set to `null`.
 When serialized to a string, the JSON representation of an entity should follow the following rules:
 - Keys must be sorted lexicographically.
 - Should use UTF-8 encoding.
- Must be **signed** using the relevant [User](/entities/user)'s private key, or the [Server Actor](/entities/server-actor)'s private key if the entity is not associated with a particular user.
+- Must be **signed** using the relevant [User](/entities/user)'s private key, or the [instance's private key](/entities/server-metadata) if the entity is not associated with a particular user.
--- a/app/entities/server-metadata/page.mdx
+++ b/app/entities/server-metadata/page.mdx
@ -7,12 +7,14 @@ export const metadata = {

 Contains metadata about a Versia instance, such as capabilities and endpoints. {{ className: 'lead' }}

-Not to be confused with [Server Actor](/entities/server-actor), which is a User representing an instance in the federation.
-
 <Note>
    This entity is only used as part of [Server Discovery](/federation/discovery#server-discovery), and not as part of federation.
 </Note>

+## The `null` Author
+
+On all entities that have an `author` field, the `author` can be `null` to represent the instance itself as the author (like ActivityPub's Server Actors). In this case, the instance's public key should be used to verify the entity.
+
 ## Entity Definition

 <Row>
@ -63,6 +65,17 @@ Not to be confused with [Server Actor](/entities/server-actor), which is a User
            <Property name="shared_inbox" type="URI" required={false}>
                URI to the instance's shared inbox, if supported.
            </Property>
+            <Property name="public_key" type="PublicKey" required={true}>
+                Public key of the instance.
+
+                ```typescript
+                type PublicKey = {
+                    public_key: string;
+                }
+                ```
+
+                - `public_key`: Public key of the instance. Must follow the [Versia Public Key](/signatures) format.
+            </Property>
            <Property name="moderators" type="URI" required={false}>
                URI to [Collection](/structures/collection) of instance moderators.

@ -120,6 +133,9 @@ Not to be confused with [Server Actor](/entities/server-actor), which is a User
                "content": "https://social.jimjams.com/files/logo.webp"
            }
        },
+        "public_key": {
+            "public_key": "MCowBQYDK2VwAyEA9zhEMtQZetRl4QrLcz99i7jOa6ZVjX7aLfRUsMuKByI=" 
+        },
        "banner": null,
        "extensions": {
            "example.extension:monthly_active_users": 1000
--- a/app/federation/http/page.mdx
+++ b/app/federation/http/page.mdx
@ -8,7 +8,7 @@ export const metadata = {

 Versia uses the HTTP protocol for all communications between instances. HTTP requests must conform to certain standards to ensure compatibility between different implementations, as well as to ensure the security and integrity of the data being exchanged.

-ALL kinds of HTTP requests/responses between instances **MUST** include a [Signature](/signatures), signed with either the relevant [User](/entities/user)'s private key or the [Server Actor](/entities/server-actor)'s private key.
+ALL kinds of HTTP requests/responses between instances **MUST** include a [Signature](/signatures), signed with either the relevant [User](/entities/user)'s private key or the [instance's private key](/entities/server-metadata).

 ## Requests

--- a/app/signatures/page.mdx
+++ b/app/signatures/page.mdx
@ -18,7 +18,7 @@ Versia uses cryptographic signatures to ensure the integrity and authenticity of

 A signature consists of a series of headers in an HTTP request. The following headers are used:
 - **`X-Signature`**: The signature itself, encoded in base64.
- **`X-Signed-By`**: URI of the user who signed the request.
+- **`X-Signed-By`**: URI of the user who signed the request, [or the string `instance` to represent the instance](/entities/server-metadata#the-null-author).
 - **`X-Nonce`**: A random string generated by the client. This is used to prevent replay attacks.

 Signatures are **required on ALL federation traffic**. If a request does not have a signature, it **MUST** be rejected. Specifically, signatures must be put on:
--- a/app/structures/collection/page.mdx
+++ b/app/structures/collection/page.mdx
@ -18,8 +18,8 @@ Pages should be limited to a reasonable number of entities, such as 20 or 80.
 <Row>
    <Col>
        <Properties>
-            <Property name="author" type="URI" required={true} typeLink="/types#uri">
-                Author of the collection. Usually the user who owns the collection. Can be the server actor.
+            <Property name="author" type="URI | null" required={true} typeLink="/types#uri">
+                Author of the collection. Usually the user who owns the collection. [Can be set to `null` to represent the instance](/entities/server-metadata#the-null-author).
            </Property>
            <Property name="first" type="URI" required={true} typeLink="/types#uri">
                URI to the first page of the collection. Query parameters are allowed.