Revert Object trait id() ref

* Accept Public aliases in URL deserializer

Update deserialize_one_or_many to deserialize recipient URL fields while
accepting `Public` and `as:Public` as aliases for the canonical
ActivityStreams public URL.

Add focused tests for single and array inputs, and verify that unrelated
string fields such as `content` are left unchanged.

https://github.com/LemmyNet/lemmy/issues/6465

* Deduplicate deserialized recipients

Drop repeated recipient URLs after deserialization so equivalent public
aliases such as `Public`, `as:Public`, and the canonical public URL do
not produce duplicate entries.

Update the helper documentation and tests to match the deduplicated
result.

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Nutomic @dessalines

.gitignore

@@ -1,6 +1,5 @@
 /target
 /.idea
-/Cargo.lock
 perf.data*
 flamegraph.svg
 

.rustfmt.toml

@@ -1,4 +1,4 @@
-edition="2021"
-imports_layout="HorizontalVertical"
-imports_granularity="Crate"
-reorder_imports=true
+edition = "2021"
+imports_layout = "HorizontalVertical"
+imports_granularity = "Crate"
+reorder_imports = true

.woodpecker.yml

@@ -1,5 +1,5 @@
 variables:
-  - &rust_image "rust:1.78-bullseye"
+  - &rust_image "rust:1.91-bullseye"
 
 steps:
   cargo_fmt:

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "activitypub_federation"
-version = "0.5.8"
+version = "0.7.0-beta.11"
 edition = "2021"
 description = "High-level Activitypub framework"
 keywords = ["activitypub", "activitystreams", "federation", "fediverse"]
@@ -10,13 +10,9 @@ documentation = "https://docs.rs/activitypub_federation/"
 
 [features]
 default = ["actix-web", "axum"]
-actix-web = ["dep:actix-web"]
-axum = ["dep:axum", "dep:tower", "dep:hyper", "dep:http-body-util"]
-diesel = ["dep:diesel"]
-
-[lints.rust]
-warnings = "deny"
-deprecated = "deny"
+actix-web = ["dep:actix-web", "dep:http02"]
+axum = ["dep:axum", "dep:tower"]
+axum-original-uri = ["dep:axum", "axum/original-uri"]
 
 [lints.clippy]
 perf = { level = "deny", priority = -1 }
@@ -32,79 +28,71 @@ redundant_closure_for_method_calls = "deny"
 unwrap_used = "deny"
 
 [dependencies]
-chrono = { version = "0.4.38", features = ["clock"], default-features = false }
-serde = { version = "1.0.204", features = ["derive"] }
-async-trait = "0.1.81"
-url = { version = "2.5.2", features = ["serde"] }
-serde_json = { version = "1.0.120", features = ["preserve_order"] }
-reqwest = { version = "0.11.27", default-features = false, features = [
+chrono = { version = "0.4.42", features = ["clock"], default-features = false }
+serde = { version = "1.0.228", features = ["derive"] }
+async-trait = "0.1.89"
+url = { version = "2.5.8", features = ["serde"] }
+serde_json = { version = "1.0.149", features = ["preserve_order"] }
+reqwest = { version = "0.13.1", default-features = false, features = [
   "json",
   "stream",
-  "rustls-tls",
 ] }
-reqwest-middleware = "0.2.5"
-tracing = "0.1.40"
+reqwest-middleware = "0.5.0"
+tracing = "0.1.44"
 base64 = "0.22.1"
 rand = "0.8.5"
-rsa = "0.9.6"
-once_cell = "1.19.0"
-http = "0.2.12"
-sha2 = { version = "0.10.8", features = ["oid"] }
-thiserror = "1.0.62"
-derive_builder = "0.20.0"
-itertools = "0.13.0"
-dyn-clone = "1.0.17"
+rsa = "0.9.10"
+http = "1.4.0"
+sha2 = { version = "0.10.9", features = ["oid"] }
+thiserror = "2.0.17"
+derive_builder = "0.20.2"
+itertools = "0.14.0"
+dyn-clone = "1.0.20"
 enum_delegate = "0.2.0"
 httpdate = "1.0.3"
-http-signature-normalization-reqwest = { version = "0.10.0", default-features = false, features = [
+http-signature-normalization-reqwest = { version = "0.14.0", default-features = false, features = [
   "sha-2",
   "middleware",
   "default-spawner",
 ] }
 http-signature-normalization = "0.7.0"
-bytes = "1.6.1"
-futures-core = { version = "0.3.30", default-features = false }
-pin-project-lite = "0.2.14"
+bytes = "1.11.0"
+futures-core = { version = "0.3.31", default-features = false }
+pin-project-lite = "0.2.16"
 activitystreams-kinds = "0.3.0"
-regex = { version = "1.10.5", default-features = false, features = [
+regex = { version = "1.12.2", default-features = false, features = [
   "std",
   "unicode",
 ] }
-tokio = { version = "1.38.0", features = [
+tokio = { version = "1.49.0", features = [
   "sync",
   "rt",
   "rt-multi-thread",
   "time",
 ] }
-diesel = { version = "2.2.1", features = [
-  "postgres",
-], default-features = false, optional = true }
-futures = "0.3.30"
-moka = { version = "0.12.8", features = ["future"] }
+futures = "0.3.31"
+moka = { version = "0.12.12", features = ["future"] }
+either = "1.15.0"
 
 # Actix-web
-actix-web = { version = "4.8.0", default-features = false, optional = true }
+actix-web = { version = "4.12.1", default-features = false, optional = true }
+http02 = { package = "http", version = "0.2.12", optional = true }
 
 # Axum
-axum = { version = "0.6.20", features = [
+axum = { version = "0.8.8", features = [
   "json",
-  "headers",
 ], default-features = false, optional = true }
-tower = { version = "0.4.13", optional = true }
-hyper = { version = "0.14", optional = true }
-http-body-util = { version = "0.1.2", optional = true }
+tower = { version = "0.5.2", optional = true }
 
 [dev-dependencies]
-anyhow = "1.0.86"
-env_logger = "0.11.3"
-tower-http = { version = "0.5.2", features = ["map-request-body", "util"] }
-axum = { version = "0.6.20", features = [
-  "http1",
-  "tokio",
-  "query",
-], default-features = false }
-axum-macros = "0.3.8"
-tokio = { version = "1.38.0", features = ["full"] }
+anyhow = "1.0.100"
+axum = { version = "0.8.8", features = ["macros"] }
+axum-extra = { version = "0.12.5", features = ["typed-header"] }
+env_logger = "0.11.8"
+tokio = { version = "1.49.0", features = ["full"] }
+reqwest = { version = "0.13.1",features = [
+  "rustls"
+] }
 
 [profile.dev]
 strip = "symbols"
@@ -117,3 +105,8 @@ path = "examples/local_federation/main.rs"
 [[example]]
 name = "live_federation"
 path = "examples/live_federation/main.rs"
+
+# Speedup RSA key generation
+# https://github.com/RustCrypto/RSA/blob/master/README.md#example
+[profile.dev.package.num-bigint-dig]
+opt-level = 3

README.md

@@ -10,7 +10,7 @@ A high-level framework for [ActivityPub](https://www.w3.org/TR/activitypub/) fed
 
 The ActivityPub protocol is a decentralized social networking protocol. It allows web servers to exchange data using JSON over HTTP. Data can be fetched on demand, and also delivered directly to inboxes for live updates.
 
-While Activitypub is not in widespread use yet, is has the potential to form the basis of the next generation of social media. This is because it has a number of major advantages compared to existing platforms and alternative technologies:
+Activitypub has the potential to form the basis of the next generation of social media. This is because it has a number of major advantages compared to existing platforms and alternative technologies:
 
 - **Interoperability**: Imagine being able to comment under a Youtube video directly from twitter.com, and having the comment shown under the video on youtube.com. Or following a Subreddit from Facebook. Such functionality is already available on the equivalent Fediverse platforms, thanks to common usage of Activitypub.
 - **Ease of use**: From a user perspective, decentralized social media works almost identically to existing websites: a website with email and password based login. Unlike pure peer-to-peer networks, it is not necessary to handle private keys or install any local software.

docs/06_http_endpoints_axum.md

@@ -15,9 +15,9 @@ The next step is to allow other servers to fetch our actors and objects. For thi
 # use activitypub_federation::config::FederationMiddleware;
 # use axum::routing::get;
 # use crate::activitypub_federation::traits::Object;
-# use axum::headers::ContentType;
+# use axum_extra::headers::ContentType;
 # use activitypub_federation::FEDERATION_CONTENT_TYPE;
-# use axum::TypedHeader;
+# use axum_extra::TypedHeader;
 # use axum::response::IntoResponse;
 # use http::HeaderMap;
 # async fn generate_user_html(_: String, _: Data<DbConnection>) -> axum::response::Response { todo!() }
@@ -34,10 +34,9 @@ async fn main() -> Result<(), Error> {
         .layer(FederationMiddleware::new(data));
 
     let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
+    let listener = tokio::net::TcpListener::bind(addr).await?;
     tracing::debug!("listening on {}", addr);
-    axum::Server::bind(&addr)
-        .serve(app.into_make_service())
-        .await?;
+    axum::serve(listener, app.into_make_service()).await?;
     Ok(())
 }
 

docs/07_fetching_data.md

@@ -39,4 +39,4 @@ let user: DbUser = webfinger_resolve_actor("ruud@lemmy.world", &data).await?;
 # }).unwrap();
 ```
 
-Note that webfinger queries don't contain a leading `@`. It is possible tha there are multiple Activitypub IDs returned for a single webfinger query in case of multiple actors with the same name (for example Lemmy permits group and person with the same name). In this case `webfinger_resolve_actor` automatically loops and returns the first item which can be dereferenced successfully to the given type.
+Note that webfinger queries don't contain a leading `@`. It is possible that there are multiple Activitypub IDs returned for a single webfinger query in case of multiple actors with the same name (for example Lemmy permits group and person with the same name). In this case `webfinger_resolve_actor` automatically loops and returns the first item which can be dereferenced successfully to the given type.

docs/08_receiving_activities.md

@@ -1,6 +1,6 @@
 ## Sending and receiving activities
 
-Activitypub propagates actions across servers using `Activities`. For this each actor has an inbox and a public/private key pair. We already defined a `Person` actor with keypair. Whats left is to define an activity. This is similar to the way we defined `Person` and `Note` structs before. In this case we need to implement the [ActivityHandler](trait@crate::traits::ActivityHandler) trait.
+Activitypub propagates actions across servers using `Activities`. For this each actor has an inbox and a public/private key pair. We already defined a `Person` actor with keypair. Whats left is to define an activity. This is similar to the way we defined `Person` and `Note` structs before. In this case we need to implement the [Activity](trait@crate::traits::Activity) trait.
 
 ```
 # use serde::{Deserialize, Serialize};
@@ -10,7 +10,7 @@ Activitypub propagates actions across servers using `Activities`. For this each
 # use activitypub_federation::fetch::object_id::ObjectId;
 # use activitypub_federation::traits::tests::{DbConnection, DbUser};
 # use activitystreams_kinds::activity::FollowType;
-# use activitypub_federation::traits::ActivityHandler;
+# use activitypub_federation::traits::Activity;
 # use activitypub_federation::config::Data;
 # async fn send_accept() -> Result<(), Error> { Ok(()) }
 
@@ -25,7 +25,7 @@ pub struct Follow {
 }
 
 #[async_trait]
-impl ActivityHandler for Follow {
+impl Activity for Follow {
     type DataType = DbConnection;
     type Error = Error;
 
@@ -59,14 +59,14 @@ Next its time to setup the actual HTTP handler for the inbox. For this we first
 # use activitypub_federation::axum::inbox::{ActivityData, receive_activity};
 # use activitypub_federation::config::Data;
 # use activitypub_federation::protocol::context::WithContext;
-# use activitypub_federation::traits::ActivityHandler;
+# use activitypub_federation::traits::Activity;
 # use activitypub_federation::traits::tests::{DbConnection, DbUser, Follow};
 # use serde::{Deserialize, Serialize};
 # use url::Url;
 
 #[derive(Deserialize, Serialize, Debug)]
 #[serde(untagged)]
-#[enum_delegate::implement(ActivityHandler)]
+#[enum_delegate::implement(Activity)]
 pub enum PersonAcceptedActivities {
     Follow(Follow),
 }

docs/10_fetching_objects_with_unknown_type.md

@@ -32,6 +32,13 @@ impl Object for SearchableDbObjects {
     type Kind = SearchableObjects;
     type Error = anyhow::Error;
 
+    fn id(&self) -> Url {
+        match self {
+            SearchableDbObjects::User(p) => p.federation_id.clone(),
+            SearchableDbObjects::Post(n) => n.federation_id.clone(),
+        }
+    }
+
     async fn read_from_id(
         object_id: Url,
         data: &Data<Self::DataType>,

examples/live_federation/activities/create_post.rs

@@ -11,7 +11,7 @@ use activitypub_federation::{
     fetch::object_id::ObjectId,
     kinds::activity::CreateType,
     protocol::{context::WithContext, helpers::deserialize_one_or_many},
-    traits::{ActivityHandler, Object},
+    traits::{Activity, Object},
 };
 use serde::{Deserialize, Serialize};
 use url::Url;
@@ -50,7 +50,7 @@ impl CreatePost {
 }
 
 #[async_trait::async_trait]
-impl ActivityHandler for CreatePost {
+impl Activity for CreatePost {
     type DataType = DatabaseHandle;
     type Error = crate::error::Error;
 

examples/live_federation/http.rs

@@ -14,11 +14,11 @@ use activitypub_federation::{
     traits::Object,
 };
 use axum::{
+    debug_handler,
     extract::{Path, Query},
     response::{IntoResponse, Response},
     Json,
 };
-use axum_macros::debug_handler;
 use http::StatusCode;
 use serde::Deserialize;
 

examples/live_federation/main.rs

@@ -55,8 +55,8 @@ async fn main() -> Result<(), Error> {
     info!("Listen with HTTP server on {BIND_ADDRESS}");
     let config = config.clone();
     let app = Router::new()
-        .route("/:user", get(http_get_user))
-        .route("/:user/inbox", post(http_post_user_inbox))
+        .route("/{user}", get(http_get_user))
+        .route("/{user}/inbox", post(http_post_user_inbox))
         .route("/.well-known/webfinger", get(webfinger))
         .layer(FederationMiddleware::new(config));
 
@@ -64,9 +64,8 @@ async fn main() -> Result<(), Error> {
         .to_socket_addrs()?
         .next()
         .expect("Failed to lookup domain name");
-    axum::Server::bind(&addr)
-        .serve(app.into_make_service())
-        .await?;
+    let listener = tokio::net::TcpListener::bind(addr).await?;
+    axum::serve(listener, app.into_make_service()).await?;
 
     Ok(())
 }

examples/live_federation/objects/person.rs

@@ -5,7 +5,7 @@ use activitypub_federation::{
     http_signatures::generate_actor_keypair,
     kinds::actor::PersonType,
     protocol::{public_key::PublicKey, verification::verify_domains_match},
-    traits::{ActivityHandler, Actor, Object},
+    traits::{Activity, Actor, Object},
 };
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -29,7 +29,7 @@ pub struct DbUser {
 /// List of all activities which this actor can receive.
 #[derive(Deserialize, Serialize, Debug)]
 #[serde(untagged)]
-#[enum_delegate::implement(ActivityHandler)]
+#[enum_delegate::implement(Activity)]
 pub enum PersonAcceptedActivities {
     CreateNote(CreatePost),
 }
@@ -69,6 +69,10 @@ impl Object for DbUser {
     type Kind = Person;
     type Error = Error;
 
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
+    }
+
     fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
         Some(self.last_refreshed_at)
     }
@@ -122,10 +126,6 @@ impl Object for DbUser {
 }
 
 impl Actor for DbUser {
-    fn id(&self) -> Url {
-        self.ap_id.inner().clone()
-    }
-
     fn public_key_pem(&self) -> &str {
         &self.public_key
     }

examples/live_federation/objects/post.rs

@@ -50,6 +50,10 @@ impl Object for DbPost {
     type Kind = Note;
     type Error = Error;
 
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
+    }
+
     async fn read_from_id(
         _object_id: Url,
         _data: &Data<Self::DataType>,

examples/local_federation/activities/accept.rs

@@ -3,7 +3,7 @@ use activitypub_federation::{
     config::Data,
     fetch::object_id::ObjectId,
     kinds::activity::AcceptType,
-    traits::ActivityHandler,
+    traits::Activity,
 };
 use serde::{Deserialize, Serialize};
 use url::Url;
@@ -30,7 +30,7 @@ impl Accept {
 }
 
 #[async_trait::async_trait]
-impl ActivityHandler for Accept {
+impl Activity for Accept {
     type DataType = DatabaseHandle;
     type Error = crate::error::Error;
 

examples/local_federation/activities/create_post.rs

@@ -8,7 +8,7 @@ use activitypub_federation::{
     fetch::object_id::ObjectId,
     kinds::activity::CreateType,
     protocol::helpers::deserialize_one_or_many,
-    traits::{ActivityHandler, Object},
+    traits::{Activity, Object},
 };
 use serde::{Deserialize, Serialize};
 use url::Url;
@@ -38,7 +38,7 @@ impl CreatePost {
 }
 
 #[async_trait::async_trait]
-impl ActivityHandler for CreatePost {
+impl Activity for CreatePost {
     type DataType = DatabaseHandle;
     type Error = crate::error::Error;
 

examples/local_federation/activities/follow.rs

@@ -8,7 +8,7 @@ use activitypub_federation::{
     config::Data,
     fetch::object_id::ObjectId,
     kinds::activity::FollowType,
-    traits::{ActivityHandler, Actor},
+    traits::{Activity, Actor},
 };
 use serde::{Deserialize, Serialize};
 use url::Url;
@@ -35,7 +35,7 @@ impl Follow {
 }
 
 #[async_trait::async_trait]
-impl ActivityHandler for Follow {
+impl Activity for Follow {
     type DataType = DatabaseHandle;
     type Error = crate::error::Error;
 

examples/local_federation/actix_web/http.rs

@@ -8,7 +8,7 @@ use activitypub_federation::{
     config::{Data, FederationConfig, FederationMiddleware},
     fetch::webfinger::{build_webfinger_response, extract_webfinger_name},
     protocol::context::WithContext,
-    traits::{Actor, Object},
+    traits::Object,
     FEDERATION_CONTENT_TYPE,
 };
 use actix_web::{web, web::Bytes, App, HttpRequest, HttpResponse, HttpServer};

examples/local_federation/axum/http.rs

@@ -14,13 +14,13 @@ use activitypub_federation::{
     traits::Object,
 };
 use axum::{
+    debug_handler,
     extract::{Path, Query},
     response::IntoResponse,
     routing::{get, post},
     Json,
     Router,
 };
-use axum_macros::debug_handler;
 use serde::Deserialize;
 use std::net::ToSocketAddrs;
 use tracing::info;
@@ -29,9 +29,10 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
     let hostname = config.domain();
     info!("Listening with axum on {hostname}");
     let config = config.clone();
+
     let app = Router::new()
-        .route("/:user/inbox", post(http_post_user_inbox))
-        .route("/:user", get(http_get_user))
+        .route("/{user}/inbox", post(http_post_user_inbox))
+        .route("/{user}", get(http_get_user))
         .route("/.well-known/webfinger", get(webfinger))
         .layer(FederationMiddleware::new(config));
 
@@ -39,9 +40,14 @@ pub fn listen(config: &FederationConfig<DatabaseHandle>) -> Result<(), Error> {
         .to_socket_addrs()?
         .next()
         .expect("Failed to lookup domain name");
-    let server = axum::Server::bind(&addr).serve(app.into_make_service());
+    let fut = async move {
+        let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
+        axum::serve(listener, app.into_make_service())
+            .await
+            .unwrap();
+    };
 
-    tokio::spawn(server);
+    tokio::spawn(fut);
     Ok(())
 }
 

examples/local_federation/main.rs

@@ -7,6 +7,7 @@ use crate::{
 };
 use error::Error;
 use std::{env::args, str::FromStr};
+use tokio::try_join;
 use tracing::log::{info, LevelFilter};
 
 mod activities;
@@ -34,8 +35,10 @@ async fn main() -> Result<(), Error> {
         .map(|arg| Webserver::from_str(&arg).unwrap())
         .unwrap_or(Webserver::Axum);
 
-    let alpha = new_instance("localhost:8001", "alpha".to_string()).await?;
-    let beta = new_instance("localhost:8002", "beta".to_string()).await?;
+    let (alpha, beta) = try_join!(
+        new_instance("localhost:8001", "alpha".to_string()),
+        new_instance("localhost:8002", "beta".to_string())
+    )?;
     listen(&alpha, &webserver)?;
     listen(&beta, &webserver)?;
     info!("Local instances started");

examples/local_federation/objects/person.rs

@@ -13,7 +13,7 @@ use activitypub_federation::{
     http_signatures::generate_actor_keypair,
     kinds::actor::PersonType,
     protocol::{context::WithContext, public_key::PublicKey, verification::verify_domains_match},
-    traits::{ActivityHandler, Actor, Object},
+    traits::{Activity, Actor, Object},
 };
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -37,7 +37,7 @@ pub struct DbUser {
 /// List of all activities which this actor can receive.
 #[derive(Deserialize, Serialize, Debug)]
 #[serde(untagged)]
-#[enum_delegate::implement(ActivityHandler)]
+#[enum_delegate::implement(Activity)]
 pub enum PersonAcceptedActivities {
     Follow(Follow),
     Accept(Accept),
@@ -103,16 +103,16 @@ impl DbUser {
         Ok(())
     }
 
-    pub(crate) async fn send<Activity>(
+    pub(crate) async fn send<A>(
         &self,
-        activity: Activity,
+        activity: A,
         recipients: Vec<Url>,
         use_queue: bool,
         data: &Data<DatabaseHandle>,
     ) -> Result<(), Error>
     where
-        Activity: ActivityHandler + Serialize + Debug + Send + Sync,
-        <Activity as ActivityHandler>::Error: From<anyhow::Error> + From<serde_json::Error>,
+        A: Activity + Serialize + Debug + Send + Sync,
+        <A as Activity>::Error: From<anyhow::Error> + From<serde_json::Error>,
     {
         let activity = WithContext::new_default(activity);
         // Send through queue in some cases and bypass it in others to test both code paths
@@ -134,6 +134,10 @@ impl Object for DbUser {
     type Kind = Person;
     type Error = Error;
 
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
+    }
+
     fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
         Some(self.last_refreshed_at)
     }
@@ -187,10 +191,6 @@ impl Object for DbUser {
 }
 
 impl Actor for DbUser {
-    fn id(&self) -> Url {
-        self.ap_id.inner().clone()
-    }
-
     fn public_key_pem(&self) -> &str {
         &self.public_key
     }

examples/local_federation/objects/post.rs

@@ -47,6 +47,10 @@ impl Object for DbPost {
     type Kind = Note;
     type Error = Error;
 
+    fn id(&self) -> Url {
+        self.ap_id.inner().clone()
+    }
+
     async fn read_from_id(
         object_id: Url,
         data: &Data<Self::DataType>,

src/activity_queue.rs

@@ -6,7 +6,7 @@ use crate::{
     activity_sending::{build_tasks, SendActivityTask},
     config::Data,
     error::Error,
-    traits::{ActivityHandler, Actor},
+    traits::{Activity, Actor},
 };
 
 use futures_core::Future;
@@ -33,18 +33,18 @@ use url::Url;
 ///
 /// - `activity`: The activity to be sent, gets converted to json
 /// - `private_key`: Private key belonging to the actor who sends the activity, for signing HTTP
-///                  signature. Generated with [crate::http_signatures::generate_actor_keypair].
+///   signature. Generated with [crate::http_signatures::generate_actor_keypair].
 /// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
-///              inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
-///              for each target actor.
-pub async fn queue_activity<Activity, Datatype, ActorType>(
-    activity: &Activity,
+///   inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
+///   for each target actor.
+pub async fn queue_activity<A, Datatype, ActorType>(
+    activity: &A,
     actor: &ActorType,
     inboxes: Vec<Url>,
     data: &Data<Datatype>,
 ) -> Result<(), Error>
 where
-    Activity: ActivityHandler + Serialize + Debug,
+    A: Activity + Serialize + Debug,
     Datatype: Clone,
     ActorType: Actor,
 {
@@ -451,8 +451,8 @@ mod tests {
             .route("/", post(dodgy_handler))
             .with_state(state);
 
-        axum::Server::bind(&"0.0.0.0:8002".parse().unwrap())
-            .serve(app.into_make_service())
+        let listener = tokio::net::TcpListener::bind("0.0.0.0:8002").await.unwrap();
+        axum::serve(listener, app.into_make_service())
             .await
             .unwrap();
     }

src/activity_sending.rs

@@ -7,7 +7,7 @@ use crate::{
     error::Error,
     http_signatures::sign_request,
     reqwest_shim::ResponseExt,
-    traits::{ActivityHandler, Actor},
+    traits::{Activity, Actor},
     FEDERATION_CONTENT_TYPE,
 };
 use bytes::Bytes;
@@ -24,9 +24,9 @@ use rsa::{pkcs8::DecodePrivateKey, RsaPrivateKey};
 use serde::Serialize;
 use std::{
     fmt::{Debug, Display},
-    time::{Duration, SystemTime},
+    time::{Duration, Instant, SystemTime},
 };
-use tracing::debug;
+use tracing::{debug, warn};
 use url::Url;
 
 #[derive(Clone, Debug)]
@@ -52,16 +52,16 @@ impl SendActivityTask {
     ///
     /// - `activity`: The activity to be sent, gets converted to json
     /// - `inboxes`: List of remote actor inboxes that should receive the activity. Ignores local actor
-    ///              inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
-    ///              for each target actor.
-    pub async fn prepare<Activity, Datatype, ActorType>(
-        activity: &Activity,
+    ///   inboxes. Should be built by calling [crate::traits::Actor::shared_inbox_or_inbox]
+    ///   for each target actor.
+    pub async fn prepare<A, Datatype, ActorType>(
+        activity: &A,
         actor: &ActorType,
         inboxes: Vec<Url>,
         data: &Data<Datatype>,
     ) -> Result<Vec<SendActivityTask>, Error>
     where
-        Activity: ActivityHandler + Serialize + Debug,
+        A: Activity + Serialize + Debug,
         Datatype: Clone,
         ActorType: Actor,
     {
@@ -92,7 +92,17 @@ impl SendActivityTask {
             self.http_signature_compat,
         )
         .await?;
+
+        // Send the activity, and log a warning if its too slow.
+        let now = Instant::now();
         let response = client.execute(request).await?;
+        let elapsed = now.elapsed().as_secs();
+        if elapsed > 10 {
+            warn!(
+                "Sending activity {} to {} took {}s",
+                self.activity_id, self.inbox, elapsed
+            );
+        }
         self.handle_response(response).await
     }
 
@@ -126,14 +136,14 @@ impl SendActivityTask {
     }
 }
 
-pub(crate) async fn build_tasks<'a, Activity, Datatype, ActorType>(
-    activity: &'a Activity,
+pub(crate) async fn build_tasks<A, Datatype, ActorType>(
+    activity: &A,
     actor: &ActorType,
     inboxes: Vec<Url>,
     data: &Data<Datatype>,
 ) -> Result<Vec<SendActivityTask>, Error>
 where
-    Activity: ActivityHandler + Serialize + Debug,
+    A: Activity + Serialize + Debug,
     Datatype: Clone,
     ActorType: Actor,
 {
@@ -251,8 +261,8 @@ mod tests {
             .route("/", post(dodgy_handler))
             .with_state(state);
 
-        axum::Server::bind(&"0.0.0.0:8001".parse().unwrap())
-            .serve(app.into_make_service())
+        let listener = tokio::net::TcpListener::bind("0.0.0.0:8001").await.unwrap();
+        axum::serve(listener, app.into_make_service())
             .await
             .unwrap();
     }

src/actix_web/http_compat.rs

@@ -0,0 +1,30 @@
+//! Remove these conversion helpers after actix-web upgrades to http 1.0
+
+use std::str::FromStr;
+
+pub fn header_value(v: &http02::HeaderValue) -> http::HeaderValue {
+    http::HeaderValue::from_bytes(v.as_bytes()).expect("can convert http types")
+}
+
+pub fn header_map<'a, H>(m: H) -> http::HeaderMap
+where
+    H: IntoIterator<Item = (&'a http02::HeaderName, &'a http02::HeaderValue)>,
+{
+    let mut new_map = http::HeaderMap::new();
+    for (n, v) in m {
+        new_map.insert(
+            http::HeaderName::from_lowercase(n.as_str().as_bytes())
+                .expect("can convert http types"),
+            header_value(v),
+        );
+    }
+    new_map
+}
+
+pub fn method(m: &http02::Method) -> http::Method {
+    http::Method::from_bytes(m.as_str().as_bytes()).expect("can convert http types")
+}
+
+pub fn uri(m: &http02::Uri) -> http::Uri {
+    http::Uri::from_str(&m.to_string()).expect("can convert http types")
+}

src/actix_web/inbox.rs

@@ -1,11 +1,12 @@
 //! Handles incoming activities, verifying HTTP signatures and other checks
 
+use super::http_compat;
 use crate::{
     config::Data,
     error::Error,
     http_signatures::{verify_body_hash, verify_signature},
     parse_received_activity,
-    traits::{ActivityHandler, Actor, Object},
+    traits::{Activity, Actor, Object},
 };
 use actix_web::{web::Bytes, HttpRequest, HttpResponse};
 use serde::de::DeserializeOwned;
@@ -13,31 +14,104 @@ use tracing::debug;
 
 /// Handles incoming activities, verifying HTTP signatures and other checks
 ///
-/// After successful validation, activities are passed to respective [trait@ActivityHandler].
-pub async fn receive_activity<Activity, ActorT, Datatype>(
+/// After successful validation, activities are passed to respective [trait@Activity].
+pub async fn receive_activity<A, ActorT, Datatype>(
     request: HttpRequest,
     body: Bytes,
     data: &Data<Datatype>,
-) -> Result<HttpResponse, <Activity as ActivityHandler>::Error>
+) -> Result<HttpResponse, <A as Activity>::Error>
 where
-    Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
-    ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
     for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
-    <Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
     <ActorT as Object>::Error: From<Error>,
     Datatype: Clone,
 {
-    verify_body_hash(request.headers().get("Digest"), &body)?;
+    let (activity, _) = do_stuff::<A, ActorT, Datatype>(request, body, data).await?;
 
-    let (activity, actor) = parse_received_activity::<Activity, ActorT, _>(&body, data).await?;
+    do_more_stuff(activity, data).await
+}
 
-    verify_signature(
-        request.headers(),
-        request.method(),
-        request.uri(),
-        actor.public_key_pem(),
-    )?;
+/// Workaround required so we can use references for the hook, instead of cloning data.
+pub trait ReceiveActivityHook<A, ActorT, Datatype>
+where
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Clone + 'static,
+    for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <ActorT as Object>::Error: From<Error>,
+    Datatype: Clone,
+{
+    /// Called when a new activity is recived
+    fn hook(
+        self,
+        activity: &A,
+        actor: &ActorT,
+        data: &Data<Datatype>,
+    ) -> impl std::future::Future<Output = Result<(), <A as Activity>::Error>>;
+}
 
+/// Same as [receive_activity], only that it calls the provided hook function before
+/// calling activity verify and receive functions.
+pub async fn receive_activity_with_hook<A, ActorT, Datatype>(
+    request: HttpRequest,
+    body: Bytes,
+    hook: impl ReceiveActivityHook<A, ActorT, Datatype>,
+    data: &Data<Datatype>,
+) -> Result<HttpResponse, <A as Activity>::Error>
+where
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Sync + Clone + 'static,
+    for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <ActorT as Object>::Error: From<Error>,
+    Datatype: Clone,
+{
+    let (activity, actor) = do_stuff::<A, ActorT, Datatype>(request, body, data).await?;
+
+    hook.hook(&activity, &actor, data).await?;
+
+    do_more_stuff(activity, data).await
+}
+
+async fn do_stuff<A, ActorT, Datatype>(
+    request: HttpRequest,
+    body: Bytes,
+    data: &Data<Datatype>,
+) -> Result<(A, ActorT), <A as Activity>::Error>
+where
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
+    for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <ActorT as Object>::Error: From<Error>,
+    Datatype: Clone,
+{
+    let digest_header = request
+        .headers()
+        .get("Digest")
+        .map(http_compat::header_value);
+    verify_body_hash(digest_header.as_ref(), &body)?;
+
+    let (activity, actor) = parse_received_activity::<A, ActorT, _>(&body, data).await?;
+
+    let headers = http_compat::header_map(request.headers());
+    let method = http_compat::method(request.method());
+    let uri = http_compat::uri(request.uri());
+    verify_signature(&headers, &method, &uri, actor.public_key_pem())?;
+
+    Ok((activity, actor))
+}
+
+async fn do_more_stuff<A, Datatype>(
+    activity: A,
+    data: &Data<Datatype>,
+) -> Result<HttpResponse, <A as Activity>::Error>
+where
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
+    Datatype: Clone,
+{
     debug!("Receiving activity {}", activity.id().to_string());
     activity.verify(data).await?;
     activity.receive(data).await?;
@@ -61,16 +135,49 @@ mod test {
     use serde_json::json;
     use url::Url;
 
+    /// Remove this conversion helper after actix-web upgrades to http 1.0
+    fn header_pair(
+        p: (&http::HeaderName, &http::HeaderValue),
+    ) -> (http02::HeaderName, http02::HeaderValue) {
+        (
+            http02::HeaderName::from_lowercase(p.0.as_str().as_bytes()).unwrap(),
+            http02::HeaderValue::from_bytes(p.1.as_bytes()).unwrap(),
+        )
+    }
+
     #[tokio::test]
-    async fn test_receive_activity() {
+    async fn test_receive_activity_hook() {
         let (body, incoming_request, config) = setup_receive_test().await;
-        receive_activity::<Follow, DbUser, DbConnection>(
+        let res = receive_activity_with_hook::<Follow, DbUser, DbConnection>(
             incoming_request.to_http_request(),
             body,
+            Dummy,
             &config.to_request_data(),
         )
-        .await
-        .unwrap();
+        .await;
+        assert_eq!(res.err(), Some(Error::Other("test-error".to_string())));
+    }
+
+    struct Dummy;
+
+    impl<A, ActorT, Datatype> ReceiveActivityHook<A, ActorT, Datatype> for Dummy
+    where
+        A: Activity<DataType = Datatype> + DeserializeOwned + Send + Clone + 'static,
+        ActorT: Object<DataType = Datatype> + Actor + Send + Clone + 'static,
+        for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
+        <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
+        <ActorT as Object>::Error: From<Error>,
+        Datatype: Clone,
+    {
+        async fn hook(
+            self,
+            _activity: &A,
+            _actor: &ActorT,
+            _data: &Data<Datatype>,
+        ) -> Result<(), <A as Activity>::Error> {
+            // ensure that hook gets called by returning this value
+            Err(Error::Other("test-error".to_string()).into())
+        }
     }
 
     #[tokio::test]
@@ -109,14 +216,14 @@ mod test {
         let (_, _, config) = setup_receive_test().await;
 
         let actor = Url::parse("http://ds9.lemmy.ml/u/lemmy_alpha").unwrap();
-        let id = "http://localhost:123/1";
+        let activity_id = "http://localhost:123/1";
         let activity = json!({
           "actor": actor.as_str(),
           "to": ["https://www.w3.org/ns/activitystreams#Public"],
           "object": "http://ds9.lemmy.ml/post/1",
           "cc": ["http://enterprise.lemmy.ml/c/main"],
           "type": "Delete",
-          "id": id
+          "id": activity_id
         }
         );
         let body: Bytes = serde_json::to_vec(&activity).unwrap().into();
@@ -131,8 +238,8 @@ mod test {
         .await;
 
         match res {
-            Err(Error::ParseReceivedActivity(_, url)) => {
-                assert_eq!(id, url.expect("has url").as_str());
+            Err(Error::ParseReceivedActivity { err: _, id }) => {
+                assert_eq!(activity_id, id.expect("has url").as_str());
             }
             _ => unreachable!(),
         }
@@ -155,7 +262,7 @@ mod test {
         .unwrap();
         let mut incoming_request = TestRequest::post().uri(outgoing_request.url().path());
         for h in outgoing_request.headers() {
-            incoming_request = incoming_request.append_header(h);
+            incoming_request = incoming_request.append_header(header_pair(h));
         }
         incoming_request
     }

src/actix_web/mod.rs

@@ -1,8 +1,10 @@
 //! Utilities for using this library with actix-web framework
 
+mod http_compat;
 pub mod inbox;
 #[doc(hidden)]
 pub mod middleware;
+pub mod response;
 
 use crate::{
     config::Data,
@@ -21,11 +23,18 @@ pub async fn signing_actor<A>(
     data: &Data<<A as Object>::DataType>,
 ) -> Result<A, <A as Object>::Error>
 where
-    A: Object + Actor,
+    A: Object + Actor + Send + Sync,
     <A as Object>::Error: From<Error>,
     for<'de2> <A as Object>::Kind: Deserialize<'de2>,
 {
-    verify_body_hash(request.headers().get("Digest"), &body.unwrap_or_default())?;
+    let digest_header = request
+        .headers()
+        .get("Digest")
+        .map(http_compat::header_value);
+    verify_body_hash(digest_header.as_ref(), &body.unwrap_or_default())?;
 
-    http_signatures::signing_actor(request.headers(), request.method(), request.uri(), data).await
+    let headers = http_compat::header_map(request.headers());
+    let method = http_compat::method(request.method());
+    let uri = http_compat::uri(request.uri());
+    http_signatures::signing_actor(&headers, &method, &uri, data).await
 }

src/actix_web/response.rs

@@ -0,0 +1,50 @@
+//! Generate HTTP responses for Activitypub ojects
+
+use crate::{
+    protocol::{context::WithContext, tombstone::Tombstone},
+    FEDERATION_CONTENT_TYPE,
+};
+use actix_web::HttpResponse;
+use http02::header::VARY;
+use serde::Serialize;
+use serde_json::Value;
+use url::Url;
+
+/// Generates HTTP response to serve the object for fetching from other instances.
+///
+/// If possible use [Object.http_response]
+/// which also handles redirects for remote objects and deletions.
+///
+/// `federation_context` is the value of `@context`.
+pub fn create_http_response<T: Serialize>(
+    data: T,
+    federation_context: &Value,
+) -> Result<HttpResponse, serde_json::Error> {
+    let json = serde_json::to_string_pretty(&WithContext::new(data, federation_context.clone()))?;
+
+    Ok(HttpResponse::Ok()
+        .content_type(FEDERATION_CONTENT_TYPE)
+        .insert_header((VARY, "Accept"))
+        .body(json))
+}
+
+pub(crate) fn create_tombstone_response(
+    id: Url,
+    federation_context: &Value,
+) -> Result<HttpResponse, serde_json::Error> {
+    let tombstone = Tombstone::new(id);
+    let json =
+        serde_json::to_string_pretty(&WithContext::new(tombstone, federation_context.clone()))?;
+
+    Ok(HttpResponse::Gone()
+        .content_type(FEDERATION_CONTENT_TYPE)
+        .status(actix_web::http::StatusCode::GONE)
+        .insert_header((VARY, "Accept"))
+        .body(json))
+}
+
+pub(crate) fn redirect_remote_object(url: &Url) -> HttpResponse {
+    let mut res = HttpResponse::PermanentRedirect();
+    res.insert_header((actix_web::http::header::LOCATION, url.as_str()));
+    res.finish()
+}

src/axum/inbox.rs

@@ -7,11 +7,10 @@ use crate::{
     error::Error,
     http_signatures::verify_signature,
     parse_received_activity,
-    traits::{ActivityHandler, Actor, Object},
+    traits::{Activity, Actor, Object},
 };
 use axum::{
-    async_trait,
-    body::{Bytes, HttpBody},
+    body::Body,
     extract::FromRequest,
     http::{Request, StatusCode},
     response::{IntoResponse, Response},
@@ -21,20 +20,20 @@ use serde::de::DeserializeOwned;
 use tracing::debug;
 
 /// Handles incoming activities, verifying HTTP signatures and other checks
-pub async fn receive_activity<Activity, ActorT, Datatype>(
+pub async fn receive_activity<A, ActorT, Datatype>(
     activity_data: ActivityData,
     data: &Data<Datatype>,
-) -> Result<(), <Activity as ActivityHandler>::Error>
+) -> Result<(), <A as Activity>::Error>
 where
-    Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
-    ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
     for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
-    <Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
     <ActorT as Object>::Error: From<Error>,
     Datatype: Clone,
 {
     let (activity, actor) =
-        parse_received_activity::<Activity, ActorT, _>(&activity_data.body, data).await?;
+        parse_received_activity::<A, ActorT, _>(&activity_data.body, data).await?;
 
     verify_signature(
         &activity_data.headers,
@@ -58,29 +57,38 @@ pub struct ActivityData {
     body: Vec<u8>,
 }
 
-#[async_trait]
-impl<S, B> FromRequest<S, B> for ActivityData
+impl<S> FromRequest<S> for ActivityData
 where
-    Bytes: FromRequest<S, B>,
-    B: HttpBody + Send + 'static,
     S: Send + Sync,
-    <B as HttpBody>::Error: std::fmt::Display,
-    <B as HttpBody>::Data: Send,
 {
     type Rejection = Response;
 
-    async fn from_request(req: Request<B>, _state: &S) -> Result<Self, Self::Rejection> {
-        let (parts, body) = req.into_parts();
+    async fn from_request(req: Request<Body>, _state: &S) -> Result<Self, Self::Rejection> {
+        #[allow(unused_mut)]
+        let (mut parts, body) = req.into_parts();
+
+        // take the full URI to handle nested routers
+        // OriginalUri::from_request_parts has an Infallible error type
+        #[cfg(feature = "axum-original-uri")]
+        let uri = {
+            use axum::extract::{FromRequestParts, OriginalUri};
+            OriginalUri::from_request_parts(&mut parts, _state)
+                .await
+                .expect("infallible")
+                .0
+        };
+        #[cfg(not(feature = "axum-original-uri"))]
+        let uri = parts.uri;
 
         // this wont work if the body is an long running stream
-        let bytes = hyper::body::to_bytes(body)
+        let bytes = axum::body::to_bytes(body, usize::MAX)
             .await
             .map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()).into_response())?;
 
         Ok(Self {
             headers: parts.headers,
             method: parts.method,
-            uri: parts.uri,
+            uri,
             body: bytes.to_vec(),
         })
     }

src/axum/middleware.rs

@@ -1,5 +1,5 @@
 use crate::config::{Data, FederationConfig, FederationMiddleware};
-use axum::{async_trait, body::Body, extract::FromRequestParts, http::Request, response::Response};
+use axum::{body::Body, extract::FromRequestParts, http::Request, response::Response};
 use http::{request::Parts, StatusCode};
 use std::task::{Context, Poll};
 use tower::{Layer, Service};
@@ -43,7 +43,6 @@ where
     }
 }
 
-#[async_trait]
 impl<S, T: Clone + 'static> FromRequestParts<S> for Data<T>
 where
     S: Send + Sync,

src/config.rs

@@ -17,14 +17,19 @@
 use crate::{
     activity_queue::{create_activity_queue, ActivityQueue},
     error::Error,
+    http_signatures::sign_request,
     protocol::verification::verify_domains_match,
-    traits::{ActivityHandler, Actor},
+    traits::{Activity, Actor},
+    utils::validate_ip,
 };
 use async_trait::async_trait;
+use bytes::Bytes;
 use derive_builder::Builder;
 use dyn_clone::{clone_trait_object, DynClone};
 use moka::future::Cache;
-use reqwest_middleware::ClientWithMiddleware;
+use regex::Regex;
+use reqwest::{redirect::Policy, Client, Request};
+use reqwest_middleware::{ClientWithMiddleware, RequestBuilder};
 use rsa::{pkcs8::DecodePrivateKey, RsaPrivateKey};
 use serde::de::DeserializeOwned;
 use std::{
@@ -32,6 +37,7 @@ use std::{
     sync::{
         atomic::{AtomicU32, Ordering},
         Arc,
+        OnceLock,
     },
     time::Duration,
 };
@@ -51,9 +57,14 @@ pub struct FederationConfig<T: Clone> {
     /// [crate::fetch::object_id::ObjectId] for more details.
     #[builder(default = "20")]
     pub(crate) http_fetch_limit: u32,
-    #[builder(default = "reqwest::Client::default().into()")]
-    /// HTTP client used for all outgoing requests. Middleware can be used to add functionality
-    /// like log tracing or retry of failed requests.
+    #[builder(default = "default_client()")]
+    /// HTTP client used for all outgoing requests. When passing a custom client here you should
+    /// also disable redirects and set timeouts.
+    ///
+    /// Middleware can be used to add functionality like log tracing or retry of failed requests.
+    /// Redirects are disabled by default, because automatic redirect URLs can't be validated.
+    /// Instead a single redirect is handled manually. The default client sets a timeout of 10s
+    ///  to avoid excessive resource usage when connecting to dead servers.
     pub(crate) client: ClientWithMiddleware,
     /// Run library in debug mode. This allows usage of http and localhost urls. It also sends
     /// outgoing activities synchronously, not in background thread. This helps to make tests
@@ -102,18 +113,20 @@ pub struct FederationConfig<T: Clone> {
     pub(crate) queue_retry_count: usize,
 }
 
+pub(crate) fn domain_regex() -> &'static Regex {
+    static DOMAIN_REGEX: OnceLock<Regex> = OnceLock::new();
+    DOMAIN_REGEX.get_or_init(|| Regex::new(r"^[a-zA-Z0-9.-]*$").expect("compile regex"))
+}
+
 impl<T: Clone> FederationConfig<T> {
     /// Returns a new config builder with default values.
     pub fn builder() -> FederationConfigBuilder<T> {
         FederationConfigBuilder::default()
     }
 
-    pub(crate) async fn verify_url_and_domain<Activity, Datatype>(
-        &self,
-        activity: &Activity,
-    ) -> Result<(), Error>
+    pub(crate) async fn verify_url_and_domain<A, Datatype>(&self, activity: &A) -> Result<(), Error>
     where
-        Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
+        A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
     {
         verify_domains_match(activity.id(), activity.actor())?;
         self.verify_url_valid(activity.id()).await?;
@@ -156,17 +169,35 @@ impl<T: Clone> FederationConfig<T> {
             return Ok(());
         }
 
-        if url.domain().is_none() {
+        let Some(domain) = url.domain() else {
             return Err(Error::UrlVerificationError("Url must have a domain"));
+        };
+        if !domain_regex().is_match(domain) {
+            return Err(Error::UrlVerificationError("Invalid characters in domain"));
         }
 
-        if url.domain() == Some("localhost") && !self.debug {
-            return Err(Error::UrlVerificationError(
-                "Localhost is only allowed in debug mode",
-            ));
+        // Extra checks only for production mode
+        if !self.debug {
+            if url.port().is_some() {
+                return Err(Error::UrlVerificationError("Explicit port is not allowed"));
+            }
+
+            let allow_local = std::env::var("DANGER_FEDERATION_ALLOW_LOCAL_IP").is_ok();
+            if !allow_local && validate_ip(&url).await.is_err() {
+                return Err(Error::DomainResolveError(domain.to_string()));
+            }
         }
 
-        self.url_verifier.verify(url).await?;
+        // It is valid but uncommon for domains to end with `.` char. Drop this so it cant be used
+        // to bypass domain blocklist. Avoid cloning url in common case.
+        if domain.ends_with('.') {
+            let mut url = url.clone();
+            let domain = &domain[0..domain.len() - 1];
+            url.set_host(Some(domain))?;
+            self.url_verifier.verify(&url).await?;
+        } else {
+            self.url_verifier.verify(url).await?;
+        }
 
         Ok(())
     }
@@ -202,7 +233,7 @@ impl<T: Clone> FederationConfigBuilder<T> {
 
         let private_key =
             RsaPrivateKey::from_pkcs8_pem(&private_key_pem).expect("Could not decode PEM data");
-        self.signed_fetch_actor = Some(Some(Arc::new((actor.id(), private_key))));
+        self.signed_fetch_actor = Some(Some(Arc::new((actor.id().clone(), private_key))));
         self
     }
 
@@ -300,9 +331,10 @@ clone_trait_object!(UrlVerifier);
 /// prevent denial of service attacks, where an attacker triggers fetching of recursive objects.
 ///
 /// <https://www.w3.org/TR/activitypub/#security-recursive-objects>
+#[derive(Clone)]
 pub struct Data<T: Clone> {
     pub(crate) config: FederationConfig<T>,
-    pub(crate) request_counter: AtomicU32,
+    pub(crate) request_counter: RequestCounter,
 }
 
 impl<T: Clone> Data<T> {
@@ -325,7 +357,35 @@ impl<T: Clone> Data<T> {
     }
     /// Total number of outgoing HTTP requests made with this data.
     pub fn request_count(&self) -> u32 {
-        self.request_counter.load(Ordering::Relaxed)
+        self.request_counter.0.load(Ordering::Relaxed)
+    }
+
+    /// Add HTTP signature to arbitrary request
+    pub async fn sign_request(&self, req: RequestBuilder, body: Bytes) -> Result<Request, Error> {
+        let (actor_id, private_key_pem) =
+            self.config
+                .signed_fetch_actor
+                .as_deref()
+                .ok_or(Error::Other(
+                    "config value signed_fetch_actor is none".to_string(),
+                ))?;
+        sign_request(
+            req,
+            actor_id,
+            body,
+            private_key_pem.clone(),
+            self.config.http_signature_compat,
+        )
+        .await
+    }
+
+    /// Resolve domain of the url and throw error if it points to local/private IP.
+    pub async fn is_valid_ip(&self, url: &Url) -> Result<(), Error> {
+        if self.config.debug {
+            return Ok(());
+        }
+
+        validate_ip(url).await
     }
 }
 
@@ -337,6 +397,16 @@ impl<T: Clone> Deref for Data<T> {
     }
 }
 
+/// Wrapper to implement `Clone`
+#[derive(Default)]
+pub(crate) struct RequestCounter(pub(crate) AtomicU32);
+
+impl Clone for RequestCounter {
+    fn clone(&self) -> Self {
+        RequestCounter(self.0.load(Ordering::Relaxed).into())
+    }
+}
+
 /// Middleware for HTTP handlers which provides access to [Data]
 #[derive(Clone)]
 pub struct FederationMiddleware<T: Clone>(pub(crate) FederationConfig<T>);
@@ -348,6 +418,17 @@ impl<T: Clone> FederationMiddleware<T> {
     }
 }
 
+fn default_client() -> ClientWithMiddleware {
+    let timeout = Duration::from_secs(10);
+    Client::builder()
+        .redirect(Policy::none())
+        .timeout(timeout)
+        .connect_timeout(timeout)
+        .build()
+        .unwrap_or_else(|_| Client::default())
+        .into()
+}
+
 #[cfg(test)]
 #[allow(clippy::unwrap_used)]
 mod test {

src/error.rs

@@ -28,6 +28,9 @@ pub enum Error {
     /// url verification error
     #[error("URL failed verification: {0}")]
     UrlVerificationError(&'static str),
+    /// Resolving domain points to local IP.
+    #[error("Resolving domain {0} points to local IP address. This may indicate an attacker attempting to access internal services. If intentional, you can ignore this error by setting DANGER_FEDERATION_ALLOW_LOCAL_IP=1")]
+    DomainResolveError(String),
     /// Incoming activity has invalid digest for body
     #[error("Incoming activity has invalid digest for body")]
     ActivityBodyDigestInvalid,
@@ -44,11 +47,16 @@ pub enum Error {
     #[error("Failed to parse object {1} with content {2}: {0}")]
     ParseFetchedObject(serde_json::Error, Url, String),
     /// Failed to parse an activity received from another instance
-    #[error("Failed to parse incoming activity {}: {0}", match .1 {
+    #[error("Failed to parse incoming activity {}: {0}", match .id {
         Some(t) => format!("with id {t}"),
         None => String::new(),
     })]
-    ParseReceivedActivity(serde_json::Error, Option<Url>),
+    ParseReceivedActivity {
+        /// The parse error
+        err: serde_json::Error,
+        /// ID of the Activitypub object which caused this error
+        id: Option<Url>,
+    },
     /// Reqwest Middleware Error
     #[error(transparent)]
     ReqwestMiddleware(#[from] reqwest_middleware::Error),
@@ -78,6 +86,9 @@ pub enum Error {
     /// Attempted to fetch object but the response's id field doesn't match
     #[error("Attempted to fetch object from {0} but the response's id field doesn't match")]
     FetchWrongId(Url),
+    /// I/O error from OS
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
     /// Other generic errors
     #[error("{0}")]
     Other(String),

src/fetch/collection_id.rs

@@ -102,92 +102,3 @@ where
         self.0.eq(&other.0) && self.1 == other.1
     }
 }
-
-#[cfg(feature = "diesel")]
-const _IMPL_DIESEL_NEW_TYPE_FOR_COLLECTION_ID: () = {
-    use diesel::{
-        backend::Backend,
-        deserialize::{FromSql, FromStaticSqlRow},
-        expression::AsExpression,
-        internal::derives::as_expression::Bound,
-        pg::Pg,
-        query_builder::QueryId,
-        serialize,
-        serialize::{Output, ToSql},
-        sql_types::{HasSqlType, SingleValue, Text},
-        Expression,
-        Queryable,
-    };
-
-    // TODO: this impl only works for Postgres db because of to_string() call which requires reborrow
-    impl<Kind, ST> ToSql<ST, Pg> for CollectionId<Kind>
-    where
-        Kind: Collection,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-        String: ToSql<ST, Pg>,
-    {
-        fn to_sql<'b>(&'b self, out: &mut Output<'b, '_, Pg>) -> serialize::Result {
-            let v = self.0.to_string();
-            <String as ToSql<Text, Pg>>::to_sql(&v, &mut out.reborrow())
-        }
-    }
-    impl<'expr, Kind, ST> AsExpression<ST> for &'expr CollectionId<Kind>
-    where
-        Kind: Collection,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-        Bound<ST, String>: Expression<SqlType = ST>,
-        ST: SingleValue,
-    {
-        type Expression = Bound<ST, &'expr str>;
-        fn as_expression(self) -> Self::Expression {
-            Bound::new(self.0.as_str())
-        }
-    }
-    impl<Kind, ST> AsExpression<ST> for CollectionId<Kind>
-    where
-        Kind: Collection,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-        Bound<ST, String>: Expression<SqlType = ST>,
-        ST: SingleValue,
-    {
-        type Expression = Bound<ST, String>;
-        fn as_expression(self) -> Self::Expression {
-            Bound::new(self.0.to_string())
-        }
-    }
-    impl<Kind, ST, DB> FromSql<ST, DB> for CollectionId<Kind>
-    where
-        Kind: Collection + Send + 'static,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-        String: FromSql<ST, DB>,
-        DB: Backend,
-        DB: HasSqlType<ST>,
-    {
-        fn from_sql(
-            raw: DB::RawValue<'_>,
-        ) -> Result<Self, Box<dyn ::std::error::Error + Send + Sync>> {
-            let string: String = FromSql::<ST, DB>::from_sql(raw)?;
-            Ok(CollectionId::parse(&string)?)
-        }
-    }
-    impl<Kind, ST, DB> Queryable<ST, DB> for CollectionId<Kind>
-    where
-        Kind: Collection + Send + 'static,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-        String: FromStaticSqlRow<ST, DB>,
-        DB: Backend,
-        DB: HasSqlType<ST>,
-    {
-        type Row = String;
-        fn build(row: Self::Row) -> diesel::deserialize::Result<Self> {
-            Ok(CollectionId::parse(&row)?)
-        }
-    }
-    impl<Kind> QueryId for CollectionId<Kind>
-    where
-        Kind: Collection + 'static,
-        for<'de2> <Kind as Collection>::Kind: Deserialize<'de2>,
-    {
-        type QueryId = Self;
-    }
-};

src/fetch/mod.rs

@@ -11,7 +11,7 @@ use crate::{
     FEDERATION_CONTENT_TYPE,
 };
 use bytes::Bytes;
-use http::{HeaderValue, StatusCode};
+use http::{header::LOCATION, HeaderValue, StatusCode};
 use serde::de::DeserializeOwned;
 use std::sync::atomic::Ordering;
 use tracing::info;
@@ -59,7 +59,7 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
         r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#, // activitypub standard
         r#"application/activity+json; charset=utf-8"#,                             // mastodon
     ];
-    let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE).await?;
+    let res = fetch_object_http_with_accept(url, data, &FETCH_CONTENT_TYPE, false).await?;
 
     // Ensure correct content-type to prevent vulnerabilities, with case insensitive comparison.
     let content_type = res
@@ -73,6 +73,15 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
 
     // Ensure id field matches final url after redirect
     if res.object_id.as_ref() != Some(&res.url) {
+        if let Some(res_object_id) = res.object_id {
+            data.config.verify_url_valid(&res_object_id).await?;
+            // If id is different but still on the same domain, attempt to request object
+            // again from url in id field.
+            if res_object_id.domain() == res.url.domain() {
+                return Box::pin(fetch_object_http(&res_object_id, data)).await;
+            }
+        }
+        // Failed to fetch the object from its specified id
         return Err(Error::FetchWrongId(res.url));
     }
 
@@ -91,12 +100,13 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
     url: &Url,
     data: &Data<T>,
     content_type: &HeaderValue,
+    recursive: bool,
 ) -> Result<FetchObjectResponse<Kind>, Error> {
     let config = &data.config;
     config.verify_url_valid(url).await?;
     info!("Fetching remote object {}", url.to_string());
 
-    let mut counter = data.request_counter.fetch_add(1, Ordering::SeqCst);
+    let mut counter = data.request_counter.0.fetch_add(1, Ordering::SeqCst);
     // fetch_add returns old value so we need to increment manually here
     counter += 1;
     if counter > config.http_fetch_limit {
@@ -123,6 +133,19 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
         req.send().await?
     };
 
+    // Allow a single redirect using recursion. Further redirects are ignored.
+    let location = res.headers().get(LOCATION).and_then(|l| l.to_str().ok());
+    if let (Some(location), false) = (location, recursive) {
+        let location = location.parse()?;
+        return Box::pin(fetch_object_http_with_accept(
+            &location,
+            data,
+            content_type,
+            true,
+        ))
+        .await;
+    }
+
     if res.status() == StatusCode::GONE {
         return Err(Error::ObjectDeleted(url.clone()));
     }
@@ -146,3 +169,34 @@ async fn fetch_object_http_with_accept<T: Clone, Kind: DeserializeOwned>(
         )),
     }
 }
+
+#[cfg(test)]
+#[allow(clippy::unwrap_used)]
+mod tests {
+    use super::*;
+    use crate::{
+        config::FederationConfig,
+        traits::tests::{DbConnection, Person},
+    };
+
+    #[tokio::test]
+    async fn test_request_limit() -> Result<(), Error> {
+        let config = FederationConfig::builder()
+            .domain("example.com")
+            .app_data(DbConnection)
+            .http_fetch_limit(0)
+            .build()
+            .await
+            .unwrap();
+        let data = config.to_request_data();
+
+        let fetch_url = "https://example.net/".to_string();
+
+        let res: Result<FetchObjectResponse<Person>, Error> =
+            fetch_object_http(&Url::parse(&fetch_url).map_err(Error::UrlParse)?, &data).await;
+
+        assert_eq!(res.err(), Some(Error::RequestLimit));
+
+        Ok(())
+    }
+}

src/fetch/object_id.rs

@@ -10,7 +10,7 @@ use url::Url;
 
 impl<T> FromStr for ObjectId<T>
 where
-    T: Object + Send + Debug + 'static,
+    T: Object + Send + Sync + Debug + 'static,
     for<'de2> <T as Object>::Kind: Deserialize<'de2>,
 {
     type Err = url::ParseError;
@@ -61,7 +61,7 @@ where
 
 impl<Kind> ObjectId<Kind>
 where
-    Kind: Object + Send + Debug + 'static,
+    Kind: Object + Send + Sync + Debug + 'static,
     for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
 {
     /// Construct a new objectid instance
@@ -92,7 +92,7 @@ where
         // object found in database
         if let Some(object) = db_object {
             if let Some(last_refreshed_at) = object.last_refreshed_at() {
-                let is_local = data.config.is_local_url(&self.0);
+                let is_local = self.is_local(data);
                 if !is_local && should_refetch_object(last_refreshed_at) {
                     // object is outdated and should be refetched
                     return self.dereference_from_http(data, Some(object)).await;
@@ -120,6 +120,7 @@ where
                 .await
                 .map(|o| o.ok_or(Error::NotFound.into()))?
         } else {
+            // Don't pass in any db object, otherwise it would be returned in case http fetch fails
             self.dereference_from_http(data, None).await
         }
     }
@@ -146,6 +147,10 @@ where
         Object::read_from_id(*id, data).await
     }
 
+    /// Fetch object from origin instance over HTTP, then verify and parse it.
+    ///
+    /// Uses Box::pin to wrap futures to reduce stack size and avoid stack overflow when
+    /// when fetching objects recursively.
     async fn dereference_from_http(
         &self,
         data: &Data<<Kind as Object>::DataType>,
@@ -154,20 +159,33 @@ where
     where
         <Kind as Object>::Error: From<Error>,
     {
-        let res = fetch_object_http(&self.0, data).await;
+        let res = Box::pin(fetch_object_http(&self.0, data)).await;
 
         if let Err(Error::ObjectDeleted(url)) = res {
             if let Some(db_object) = db_object {
                 db_object.delete(data).await?;
+                return Ok(db_object);
             }
             return Err(Error::ObjectDeleted(url).into());
         }
 
+        // If fetch failed, return the existing object from local database
+        if let (Err(_), Some(db_object)) = (&res, db_object) {
+            return Ok(db_object);
+        }
         let res = res?;
         let redirect_url = &res.url;
 
-        Kind::verify(&res.object, redirect_url, data).await?;
-        Kind::from_json(res.object, data).await
+        // Prevent overwriting local object
+        if data.config.is_local_url(redirect_url) {
+            return self
+                .dereference_from_db(data)
+                .await?
+                .ok_or(Error::NotFound.into());
+        }
+
+        Box::pin(Kind::verify(&res.object, redirect_url, data)).await?;
+        Box::pin(Kind::from_json(res.object, data)).await
     }
 
     /// Returns true if the object's domain matches the one defined in [[FederationConfig.domain]].
@@ -254,95 +272,7 @@ where
     }
 }
 
-#[cfg(feature = "diesel")]
-const _IMPL_DIESEL_NEW_TYPE_FOR_OBJECT_ID: () = {
-    use diesel::{
-        backend::Backend,
-        deserialize::{FromSql, FromStaticSqlRow},
-        expression::AsExpression,
-        internal::derives::as_expression::Bound,
-        pg::Pg,
-        query_builder::QueryId,
-        serialize,
-        serialize::{Output, ToSql},
-        sql_types::{HasSqlType, SingleValue, Text},
-        Expression,
-        Queryable,
-    };
-
-    // TODO: this impl only works for Postgres db because of to_string() call which requires reborrow
-    impl<Kind, ST> ToSql<ST, Pg> for ObjectId<Kind>
-    where
-        Kind: Object,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-        String: ToSql<ST, Pg>,
-    {
-        fn to_sql<'b>(&'b self, out: &mut Output<'b, '_, Pg>) -> serialize::Result {
-            let v = self.0.to_string();
-            <String as ToSql<Text, Pg>>::to_sql(&v, &mut out.reborrow())
-        }
-    }
-    impl<'expr, Kind, ST> AsExpression<ST> for &'expr ObjectId<Kind>
-    where
-        Kind: Object,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-        Bound<ST, String>: Expression<SqlType = ST>,
-        ST: SingleValue,
-    {
-        type Expression = Bound<ST, &'expr str>;
-        fn as_expression(self) -> Self::Expression {
-            Bound::new(self.0.as_str())
-        }
-    }
-    impl<Kind, ST> AsExpression<ST> for ObjectId<Kind>
-    where
-        Kind: Object,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-        Bound<ST, String>: Expression<SqlType = ST>,
-        ST: SingleValue,
-    {
-        type Expression = Bound<ST, String>;
-        fn as_expression(self) -> Self::Expression {
-            Bound::new(self.0.to_string())
-        }
-    }
-    impl<Kind, ST, DB> FromSql<ST, DB> for ObjectId<Kind>
-    where
-        Kind: Object + Send + 'static,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-        String: FromSql<ST, DB>,
-        DB: Backend,
-        DB: HasSqlType<ST>,
-    {
-        fn from_sql(
-            raw: DB::RawValue<'_>,
-        ) -> Result<Self, Box<dyn ::std::error::Error + Send + Sync>> {
-            let string: String = FromSql::<ST, DB>::from_sql(raw)?;
-            Ok(ObjectId::parse(&string)?)
-        }
-    }
-    impl<Kind, ST, DB> Queryable<ST, DB> for ObjectId<Kind>
-    where
-        Kind: Object + Send + 'static,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-        String: FromStaticSqlRow<ST, DB>,
-        DB: Backend,
-        DB: HasSqlType<ST>,
-    {
-        type Row = String;
-        fn build(row: Self::Row) -> diesel::deserialize::Result<Self> {
-            Ok(ObjectId::parse(&row)?)
-        }
-    }
-    impl<Kind> QueryId for ObjectId<Kind>
-    where
-        Kind: Object + 'static,
-        for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
-    {
-        type QueryId = Self;
-    }
-};
-
+/// Internal only
 #[cfg(test)]
 #[allow(clippy::unwrap_used)]
 pub mod tests {

src/fetch/webfinger.rs

@@ -1,5 +1,5 @@
 use crate::{
-    config::Data,
+    config::{domain_regex, Data},
     error::Error,
     fetch::{fetch_object_http_with_accept, object_id::ObjectId},
     traits::{Actor, Object},
@@ -7,10 +7,9 @@ use crate::{
 };
 use http::HeaderValue;
 use itertools::Itertools;
-use once_cell::sync::Lazy;
 use regex::Regex;
 use serde::{Deserialize, Serialize};
-use std::{collections::HashMap, fmt::Display};
+use std::{collections::HashMap, fmt::Display, sync::LazyLock};
 use tracing::debug;
 use url::Url;
 
@@ -46,7 +45,7 @@ pub async fn webfinger_resolve_actor<T: Clone, Kind>(
     data: &Data<T>,
 ) -> Result<Kind, <Kind as Object>::Error>
 where
-    Kind: Object + Actor + Send + 'static + Object<DataType = T>,
+    Kind: Object + Actor + Send + Sync + 'static + Object<DataType = T>,
     for<'de2> <Kind as Object>::Kind: serde::Deserialize<'de2>,
     <Kind as Object>::Error: From<crate::error::Error> + Send + Sync + Display,
 {
@@ -54,21 +53,31 @@ where
         .splitn(2, '@')
         .collect_tuple()
         .ok_or(WebFingerError::WrongFormat.into_crate_error())?;
+
+    // For production mode make sure that domain doesnt contain any port or path.
+    if !data.config.debug && !domain_regex().is_match(domain) {
+        return Err(Error::UrlVerificationError("Invalid characters in domain").into());
+    }
+
     let protocol = if data.config.debug { "http" } else { "https" };
     let fetch_url =
         format!("{protocol}://{domain}/.well-known/webfinger?resource=acct:{identifier}");
     debug!("Fetching webfinger url: {}", &fetch_url);
 
-    let res: Webfinger = fetch_object_http_with_accept(
+    let res = fetch_object_http_with_accept::<_, Webfinger>(
         &Url::parse(&fetch_url).map_err(Error::UrlParse)?,
         data,
         &WEBFINGER_CONTENT_TYPE,
+        false,
     )
-    .await?
-    .object;
+    .await?;
+    if res.url.as_str() != fetch_url {
+        data.config.verify_url_valid(&res.url).await?;
+    }
 
-    debug_assert_eq!(res.subject, format!("acct:{identifier}"));
+    debug_assert_eq!(res.object.subject, format!("acct:{identifier}"));
     let links: Vec<Url> = res
+        .object
         .links
         .iter()
         .filter(|link| {
@@ -79,6 +88,7 @@ where
             }
         })
         .filter_map(|l| l.href.clone())
+        .rev()
         .collect();
 
     for l in links {
@@ -120,8 +130,8 @@ pub fn extract_webfinger_name<'i, T>(query: &'i str, data: &Data<T>) -> Result<&
 where
     T: Clone,
 {
-    static WEBFINGER_REGEX: Lazy<Regex> =
-        Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
+    static WEBFINGER_REGEX: LazyLock<Regex> =
+        LazyLock::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
     // Regex to extract usernames from webfinger query. Supports different alphabets using `\p{L}`.
     // TODO: This should use a URL parser
     let captures = WEBFINGER_REGEX
@@ -213,7 +223,7 @@ pub fn build_webfinger_response_with_type(
 }
 
 /// A webfinger response with information about a `Person` or other type of actor.
-#[derive(Serialize, Deserialize, Debug, Default)]
+#[derive(Serialize, Deserialize, Debug, Default, PartialEq)]
 pub struct Webfinger {
     /// The actor which is described here, for example `acct:LemmyDev@mastodon.social`
     pub subject: String,
@@ -228,7 +238,7 @@ pub struct Webfinger {
 }
 
 /// A single link included as part of a [Webfinger] response.
-#[derive(Serialize, Deserialize, Debug, Default)]
+#[derive(Serialize, Deserialize, Debug, Default, PartialEq)]
 pub struct WebfingerLink {
     /// Relationship of the link, such as `self` or `http://webfinger.net/rel/profile-page`
     pub rel: Option<String>,

src/http_signatures.rs

@@ -19,7 +19,6 @@ use http_signature_normalization_reqwest::{
     prelude::{Config, SignExt},
     DefaultSpawner,
 };
-use once_cell::sync::Lazy;
 use reqwest::Request;
 use reqwest_middleware::RequestBuilder;
 use rsa::{
@@ -30,7 +29,7 @@ use rsa::{
 };
 use serde::Deserialize;
 use sha2::{Digest, Sha256};
-use std::{collections::BTreeMap, fmt::Debug, time::Duration};
+use std::{collections::BTreeMap, fmt::Debug, sync::LazyLock, time::Duration};
 use tracing::debug;
 use url::Url;
 
@@ -54,6 +53,10 @@ impl Keypair {
 }
 
 /// Generate a random asymmetric keypair for ActivityPub HTTP signatures.
+///
+/// Note that this method is very slow in debug mode. To make it faster, follow
+/// instructions in the RSA crate's readme.
+/// <https://github.com/RustCrypto/RSA/blob/master/README.md>
 pub fn generate_actor_keypair() -> Result<Keypair, Error> {
     let mut rng = rand::thread_rng();
     let rsa = RsaPrivateKey::new(&mut rng, 2048)?;
@@ -82,9 +85,9 @@ pub(crate) async fn sign_request(
     private_key: RsaPrivateKey,
     http_signature_compat: bool,
 ) -> Result<Request, Error> {
-    static CONFIG: Lazy<Config<DefaultSpawner>> =
-        Lazy::new(|| Config::new().set_expiration(EXPIRES_AFTER));
-    static CONFIG_COMPAT: Lazy<Config> = Lazy::new(|| {
+    static CONFIG: LazyLock<Config<DefaultSpawner>> =
+        LazyLock::new(|| Config::new().set_expiration(EXPIRES_AFTER));
+    static CONFIG_COMPAT: LazyLock<Config> = LazyLock::new(|| {
         Config::new()
             .mastodon_compat()
             .set_expiration(EXPIRES_AFTER)
@@ -146,7 +149,7 @@ pub(crate) async fn signing_actor<'a, A, H>(
     data: &Data<<A as Object>::DataType>,
 ) -> Result<A, <A as Object>::Error>
 where
-    A: Object + Actor,
+    A: Object + Actor + Send + Sync,
     <A as Object>::Error: From<Error>,
     for<'de2> <A as Object>::Kind: Deserialize<'de2>,
     H: IntoIterator<Item = (&'a HeaderName, &'a HeaderValue)>,
@@ -185,7 +188,7 @@ fn verify_signature_inner(
     uri: &Uri,
     public_key: &str,
 ) -> Result<(), Error> {
-    static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
+    static CONFIG: LazyLock<http_signature_normalization::Config> = LazyLock::new(|| {
         http_signature_normalization::Config::new()
             .set_expiration(EXPIRES_AFTER)
             .require_digest()
@@ -277,6 +280,7 @@ pub(crate) fn verify_body_hash(
     Ok(())
 }
 
+/// Internal only
 #[cfg(test)]
 #[allow(clippy::unwrap_used)]
 pub mod test {
@@ -287,9 +291,10 @@ pub mod test {
     use rsa::{pkcs1::DecodeRsaPrivateKey, pkcs8::DecodePrivateKey};
     use std::str::FromStr;
 
-    static ACTOR_ID: Lazy<Url> = Lazy::new(|| Url::parse("https://example.com/u/alice").unwrap());
-    static INBOX_URL: Lazy<Url> =
-        Lazy::new(|| Url::parse("https://example.com/u/alice/inbox").unwrap());
+    static ACTOR_ID: LazyLock<Url> =
+        LazyLock::new(|| Url::parse("https://example.com/u/alice").unwrap());
+    static INBOX_URL: LazyLock<Url> =
+        LazyLock::new(|| Url::parse("https://example.com/u/alice/inbox").unwrap());
 
     #[tokio::test]
     async fn test_sign() {
@@ -378,6 +383,7 @@ pub mod test {
         assert_eq!(invalid, Err(Error::ActivityBodyDigestInvalid));
     }
 
+    /// Internal only, return hardcoded keypair for testing
     pub fn test_keypair() -> Keypair {
         let rsa = RsaPrivateKey::from_pkcs1_pem(PRIVATE_KEY).unwrap();
         let pkey = RsaPublicKey::from(&rsa);

src/lib.rs

@@ -23,12 +23,13 @@ pub mod http_signatures;
 pub mod protocol;
 pub(crate) mod reqwest_shim;
 pub mod traits;
+mod utils;
 
 use crate::{
     config::Data,
     error::Error,
     fetch::object_id::ObjectId,
-    traits::{ActivityHandler, Actor, Object},
+    traits::{Activity, Actor, Object},
 };
 pub use activitystreams_kinds as kinds;
 
@@ -40,22 +41,22 @@ pub const FEDERATION_CONTENT_TYPE: &str = "application/activity+json";
 
 /// Deserialize incoming inbox activity to the given type, perform basic
 /// validation and extract the actor.
-async fn parse_received_activity<Activity, ActorT, Datatype>(
+async fn parse_received_activity<A, ActorT, Datatype>(
     body: &[u8],
     data: &Data<Datatype>,
-) -> Result<(Activity, ActorT), <Activity as ActivityHandler>::Error>
+) -> Result<(A, ActorT), <A as Activity>::Error>
 where
-    Activity: ActivityHandler<DataType = Datatype> + DeserializeOwned + Send + 'static,
-    ActorT: Object<DataType = Datatype> + Actor + Send + 'static,
+    A: Activity<DataType = Datatype> + DeserializeOwned + Send + 'static,
+    ActorT: Object<DataType = Datatype> + Actor + Send + Sync + 'static,
     for<'de2> <ActorT as Object>::Kind: serde::Deserialize<'de2>,
-    <Activity as ActivityHandler>::Error: From<Error> + From<<ActorT as Object>::Error>,
+    <A as Activity>::Error: From<Error> + From<<ActorT as Object>::Error>,
     <ActorT as Object>::Error: From<Error>,
     Datatype: Clone,
 {
-    let activity: Activity = serde_json::from_slice(body).map_err(|e| {
+    let activity: A = serde_json::from_slice(body).map_err(|err| {
         // Attempt to include activity id in error message
         let id = extract_id(body).ok();
-        Error::ParseReceivedActivity(e, id)
+        Error::ParseReceivedActivity { err, id }
     })?;
     data.config.verify_url_and_domain(&activity).await?;
     let actor = ObjectId::<ActorT>::from(activity.actor().clone())

src/protocol/context.rs

@@ -19,7 +19,7 @@
 //! Ok::<(), serde_json::error::Error>(())
 //! ```
 
-use crate::{config::Data, traits::ActivityHandler};
+use crate::{config::Data, traits::Activity};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 use url::Url;
@@ -55,12 +55,12 @@ impl<T> WithContext<T> {
 }
 
 #[async_trait::async_trait]
-impl<T> ActivityHandler for WithContext<T>
+impl<T> Activity for WithContext<T>
 where
-    T: ActivityHandler + Send + Sync,
+    T: Activity + Send + Sync,
 {
-    type DataType = <T as ActivityHandler>::DataType;
-    type Error = <T as ActivityHandler>::Error;
+    type DataType = <T as Activity>::DataType;
+    type Error = <T as Activity>::Error;
 
     fn id(&self) -> &Url {
         self.inner.id()

src/protocol/helpers.rs

@@ -1,13 +1,22 @@
 //! Serde deserialization functions which help to receive differently shaped data
 
-use serde::{Deserialize, Deserializer};
+use activitystreams_kinds::public;
+use itertools::Itertools;
+use serde::{de::Error, Deserialize, Deserializer};
+use serde_json::Value;
+use url::Url;
 
-/// Deserialize JSON single value or array into Vec.
+/// Deserialize JSON single value or array into `Vec<Url>`.
 ///
 /// Useful if your application can handle multiple values for a field, but another federated
 /// platform only sends a single one.
 ///
+/// Also accepts common `Public` aliases for recipient fields. Some implementations send `Public`
+/// or `as:Public` instead of the canonical `https://www.w3.org/ns/activitystreams#Public` URL
+/// in fields such as `to` and `cc`.
+///
 /// ```
+/// # use activitypub_federation::kinds::public;
 /// # use activitypub_federation::protocol::helpers::deserialize_one_or_many;
 /// # use url::Url;
 /// #[derive(serde::Deserialize)]
@@ -25,24 +34,39 @@ use serde::{Deserialize, Deserializer};
 ///      "https://lemmy.ml/u/bob"
 /// ]}"#)?;
 /// assert_eq!(multiple.to.len(), 2);
-/// Ok::<(), anyhow::Error>(())
-pub fn deserialize_one_or_many<'de, T, D>(deserializer: D) -> Result<Vec<T>, D::Error>
+///
+/// let note: Note = serde_json::from_str(r#"{"to": ["Public", "as:Public"]}"#)?;
+/// assert_eq!(note.to, vec![public()]);
+/// # Ok::<(), anyhow::Error>(())
+/// ```
+pub fn deserialize_one_or_many<'de, D>(deserializer: D) -> Result<Vec<Url>, D::Error>
 where
-    T: Deserialize<'de>,
     D: Deserializer<'de>,
 {
     #[derive(Deserialize)]
     #[serde(untagged)]
-    enum OneOrMany<T> {
-        One(T),
-        Many(Vec<T>),
+    enum OneOrMany {
+        Many(Vec<Value>),
+        One(Value),
     }
 
-    let result: OneOrMany<T> = Deserialize::deserialize(deserializer)?;
-    Ok(match result {
-        OneOrMany::Many(list) => list,
+    let result: OneOrMany = Deserialize::deserialize(deserializer)?;
+    let values = match result {
         OneOrMany::One(value) => vec![value],
-    })
+        OneOrMany::Many(values) => values,
+    };
+
+    values
+        .into_iter()
+        .map(|value| match value {
+            Value::String(value) if matches!(value.as_str(), "Public" | "as:Public") => {
+                Ok(public())
+            }
+            Value::String(value) => Url::parse(&value).map_err(D::Error::custom),
+            value => Url::deserialize(value).map_err(D::Error::custom),
+        })
+        .collect::<Result<Vec<_>, _>>()
+        .map(|values| values.into_iter().unique().collect())
 }
 
 /// Deserialize JSON single value or single element array into single value.
@@ -116,8 +140,35 @@ where
     Ok(inner)
 }
 
+/// Deserialize either single value or last item from an array into an optional field.
+pub fn deserialize_last<'de, T, D>(deserializer: D) -> Result<Option<T>, D::Error>
+where
+    T: Deserialize<'de>,
+    D: Deserializer<'de>,
+{
+    #[derive(Deserialize)]
+    #[serde(untagged)]
+    enum MaybeArray<T> {
+        Simple(T),
+        Array(Vec<T>),
+        None,
+    }
+
+    let result = Deserialize::deserialize(deserializer)?;
+    Ok(match result {
+        MaybeArray::Simple(value) => Some(value),
+        MaybeArray::Array(value) => value.into_iter().last(),
+        MaybeArray::None => None,
+    })
+}
+
 #[cfg(test)]
 mod tests {
+    use super::deserialize_one_or_many;
+    use activitystreams_kinds::public;
+    use anyhow::Result;
+    use serde::Deserialize;
+
     #[test]
     fn deserialize_one_multiple_values() {
         use crate::protocol::helpers::deserialize_one;
@@ -133,4 +184,70 @@ mod tests {
         );
         assert!(note.is_err());
     }
+
+    #[test]
+    fn deserialize_one_or_many_single_public_aliases() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+        }
+
+        for alias in ["Public", "as:Public"] {
+            let note = serde_json::from_str::<Note>(&format!(r#"{{"to": "{alias}"}}"#))?;
+            assert_eq!(note.to, vec![public()]);
+        }
+
+        Ok(())
+    }
+
+    #[test]
+    fn deserialize_one_or_many_array() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+        }
+
+        let note = serde_json::from_str::<Note>(
+            r#"{
+                "to": [
+                    "https://example.com/c/main",
+                    "Public",
+                    "as:Public",
+                    "https://www.w3.org/ns/activitystreams#Public"
+                ]
+            }"#,
+        )?;
+
+        assert_eq!(
+            note.to,
+            vec![Url::parse("https://example.com/c/main")?, public(),]
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn deserialize_one_or_many_leaves_other_strings_unchanged() -> Result<()> {
+        use url::Url;
+
+        #[derive(Deserialize)]
+        struct Note {
+            #[serde(deserialize_with = "deserialize_one_or_many")]
+            to: Vec<Url>,
+            content: String,
+        }
+
+        let note = serde_json::from_str::<Note>(r#"{"to": "Public", "content": "Public"}"#)?;
+
+        assert_eq!(note.to, vec![public()]);
+        assert_eq!(note.content, "Public");
+
+        Ok(())
+    }
 }

src/protocol/mod.rs

@@ -3,5 +3,6 @@
 pub mod context;
 pub mod helpers;
 pub mod public_key;
+pub mod tombstone;
 pub mod values;
 pub mod verification;

src/protocol/tombstone.rs

@@ -0,0 +1,27 @@
+//! Tombstone is used to serve deleted objects
+
+use crate::kinds::object::TombstoneType;
+use serde::{Deserialize, Serialize};
+use url::Url;
+
+/// Represents a local object that was deleted
+///
+/// <https://www.w3.org/TR/activitystreams-vocabulary/#dfn-tombstone>
+#[derive(Clone, Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct Tombstone {
+    /// Id of the deleted object
+    pub id: Url,
+    #[serde(rename = "type")]
+    pub(crate) kind: TombstoneType,
+}
+
+impl Tombstone {
+    /// Create a new tombstone for the given object id
+    pub fn new(id: Url) -> Tombstone {
+        Tombstone {
+            id,
+            kind: TombstoneType::Tombstone,
+        }
+    }
+}

src/protocol/verification.rs

@@ -1,6 +1,7 @@
 //! Verify that received data is valid
 
-use crate::error::Error;
+use crate::{config::Data, error::Error, fetch::object_id::ObjectId, traits::Object};
+use serde::Deserialize;
 use url::Url;
 
 /// Check that both urls have the same domain. If not, return UrlVerificationError.
@@ -36,3 +37,38 @@ pub fn verify_urls_match(a: &Url, b: &Url) -> Result<(), Error> {
     }
     Ok(())
 }
+
+/// Check that the given ID doesn't match the local domain.
+///
+/// It is important to verify this to avoid local objects from being overwritten. In general
+/// locally created objects should be considered authorative, while incoming federated data
+/// is untrusted. Lack of such a check could allow an attacker to rewrite local posts. It could
+/// also result in an `object.local` field being overwritten with `false` for local objects, resulting in invalid data.
+///
+/// ```
+/// # use activitypub_federation::fetch::object_id::ObjectId;
+/// # use activitypub_federation::config::FederationConfig;
+/// # use activitypub_federation::protocol::verification::verify_is_remote_object;
+/// # use activitypub_federation::traits::tests::{DbConnection, DbUser};
+/// # tokio::runtime::Runtime::new().unwrap().block_on(async {
+/// # let config = FederationConfig::builder().domain("example.com").app_data(DbConnection).build().await?;
+/// # let data = config.to_request_data();
+/// let id = ObjectId::<DbUser>::parse("https://remote.com/u/name")?;
+/// assert!(verify_is_remote_object(&id, &data).is_ok());
+/// # Ok::<(), anyhow::Error>(())
+/// # }).unwrap();
+/// ```
+pub fn verify_is_remote_object<Kind, R: Clone>(
+    id: &ObjectId<Kind>,
+    data: &Data<<Kind as Object>::DataType>,
+) -> Result<(), Error>
+where
+    Kind: Object<DataType = R> + Send + Sync + 'static,
+    for<'de2> <Kind as Object>::Kind: Deserialize<'de2>,
+{
+    if id.is_local(data) {
+        Err(Error::UrlVerificationError("Object is not remote"))
+    } else {
+        Ok(())
+    }
+}

src/reqwest_shim.rs

@@ -10,8 +10,8 @@ use std::{
     task::{Context, Poll},
 };
 
-/// 200KB
-const MAX_BODY_SIZE: usize = 204800;
+/// 1 MB
+const MAX_BODY_SIZE: usize = 1024 * 1024;
 
 pin_project! {
     pub struct BytesFuture {
@@ -66,7 +66,7 @@ impl Future for TextFuture {
 /// Reqwest doesn't limit the response body size by default nor does it offer an option to configure one.
 /// Since we have to fetch data from untrusted sources, not restricting the maximum size is a DoS hazard for us.
 ///
-/// This shim reimplements the `bytes`, `json`, and `text` functions and restricts the bodies to 100KB.
+/// This shim reimplements the `bytes`, `json`, and `text` functions and restricts the bodies length.
 ///
 /// TODO: Remove this shim as soon as reqwest gets support for size-limited bodies.
 pub trait ResponseExt {

src/traits/either.rs

@@ -0,0 +1,133 @@
+use super::{Actor, Object};
+use crate::{config::Data, error::Error};
+use async_trait::async_trait;
+use chrono::{DateTime, Utc};
+use either::Either;
+use serde::{Deserialize, Serialize};
+use std::fmt::Debug;
+use url::Url;
+
+#[doc(hidden)]
+#[derive(Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum UntaggedEither<L, R> {
+    Left(L),
+    Right(R),
+}
+
+#[async_trait]
+impl<T, R, E, D> Object for Either<T, R>
+where
+    T: Object + Object<Error = E, DataType = D> + Send + Sync,
+    R: Object + Object<Error = E, DataType = D> + Send + Sync,
+    <T as Object>::Kind: Send + Sync,
+    <R as Object>::Kind: Send + Sync,
+    D: Sync + Send + Clone,
+    E: From<Error> + Debug,
+{
+    type DataType = D;
+    type Kind = UntaggedEither<T::Kind, R::Kind>;
+    type Error = E;
+
+    /// `id` field of the object
+    fn id(&self) -> Url {
+        match self {
+            Either::Left(l) => l.id(),
+            Either::Right(r) => r.id(),
+        }
+    }
+
+    fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
+        match self {
+            Either::Left(l) => l.last_refreshed_at(),
+            Either::Right(r) => r.last_refreshed_at(),
+        }
+    }
+
+    async fn read_from_id(
+        object_id: Url,
+        data: &Data<Self::DataType>,
+    ) -> Result<Option<Self>, Self::Error> {
+        let l = T::read_from_id(object_id.clone(), data).await?;
+        if let Some(l) = l {
+            return Ok(Some(Either::Left(l)));
+        }
+        let r = R::read_from_id(object_id.clone(), data).await?;
+        if let Some(r) = r {
+            return Ok(Some(Either::Right(r)));
+        }
+        Ok(None)
+    }
+
+    async fn delete(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        match self {
+            Either::Left(l) => l.delete(data).await,
+            Either::Right(r) => r.delete(data).await,
+        }
+    }
+
+    fn is_deleted(&self) -> bool {
+        match self {
+            Either::Left(l) => l.is_deleted(),
+            Either::Right(r) => r.is_deleted(),
+        }
+    }
+
+    async fn into_json(self, data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
+        Ok(match self {
+            Either::Left(l) => UntaggedEither::Left(l.into_json(data).await?),
+            Either::Right(r) => UntaggedEither::Right(r.into_json(data).await?),
+        })
+    }
+
+    async fn verify(
+        json: &Self::Kind,
+        expected_domain: &Url,
+        data: &Data<Self::DataType>,
+    ) -> Result<(), Self::Error> {
+        match json {
+            UntaggedEither::Left(l) => T::verify(l, expected_domain, data).await?,
+            UntaggedEither::Right(r) => R::verify(r, expected_domain, data).await?,
+        };
+        Ok(())
+    }
+
+    async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error> {
+        Ok(match json {
+            UntaggedEither::Left(l) => Either::Left(T::from_json(l, data).await?),
+            UntaggedEither::Right(r) => Either::Right(R::from_json(r, data).await?),
+        })
+    }
+}
+
+#[async_trait]
+impl<T, R, E, D> Actor for Either<T, R>
+where
+    T: Actor + Object + Object<Error = E, DataType = D> + Send + Sync + 'static,
+    R: Actor + Object + Object<Error = E, DataType = D> + Send + Sync + 'static,
+    <T as Object>::Kind: Send + Sync,
+    <R as Object>::Kind: Send + Sync,
+    D: Sync + Send + Clone,
+    E: From<Error> + Debug,
+{
+    fn public_key_pem(&self) -> &str {
+        match self {
+            Either::Left(l) => l.public_key_pem(),
+            Either::Right(r) => r.public_key_pem(),
+        }
+    }
+
+    fn private_key_pem(&self) -> Option<String> {
+        match self {
+            Either::Left(l) => l.private_key_pem(),
+            Either::Right(r) => r.private_key_pem(),
+        }
+    }
+
+    fn inbox(&self) -> Url {
+        match self {
+            Either::Left(l) => l.inbox(),
+            Either::Right(r) => r.inbox(),
+        }
+    }
+}

src/traits/mod.rs

@@ -7,6 +7,10 @@ use serde::Deserialize;
 use std::{fmt::Debug, ops::Deref};
 use url::Url;
 
+/// `Either` implementations for traits
+pub mod either;
+pub mod tests;
+
 /// Helper for converting between database structs and federated protocol structs.
 ///
 /// ```
@@ -49,6 +53,8 @@ use url::Url;
 ///     type Kind = Note;
 ///     type Error = anyhow::Error;
 ///
+/// fn id(&self) -> Url { self.ap_id.inner().clone() }
+///
 /// async fn read_from_id(object_id: Url, data: &Data<Self::DataType>) -> Result<Option<Self>, Self::Error> {
 ///         // Attempt to read object from local database. Return Ok(None) if not found.
 ///         let post: Option<DbPost> = data.read_post_from_json_id(object_id).await?;
@@ -103,6 +109,9 @@ pub trait Object: Sized + Debug {
     /// Error type returned by handler methods
     type Error;
 
+    /// `id` field of the object
+    fn id(&self) -> Url;
+
     /// Returns the last time this object was updated.
     ///
     /// If this returns `Some` and the value is too long ago, the object is refetched from the
@@ -127,10 +136,15 @@ pub trait Object: Sized + Debug {
     /// Mark remote object as deleted in local database.
     ///
     /// Called when a `Delete` activity is received, or if fetch returns a `Tombstone` object.
-    async fn delete(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    async fn delete(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         Ok(())
     }
 
+    /// Returns true if the object was deleted
+    fn is_deleted(&self) -> bool {
+        false
+    }
+
     /// Convert database type to Activitypub type.
     ///
     /// Called when a local object gets fetched by another instance over HTTP, or when an object
@@ -156,6 +170,40 @@ pub trait Object: Sized + Debug {
     /// should write the received object to database. Note that there is no distinction between
     /// create and update, so an `upsert` operation should be used.
     async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error>;
+
+    /// Generates HTTP response to serve the object for fetching from other instances.
+    ///
+    /// - If the object has a remote domain, sends a redirect to the original instance.
+    /// - If [Object.is_deleted] returns true, returns a [crate::protocol::tombstone::Tombstone] instead.
+    /// - Otherwise serves the object JSON using [Object.into_json] and pretty-print
+    ///
+    /// `federation_context` is the value of `@context`.
+    #[cfg(feature = "actix-web")]
+    async fn http_response(
+        self,
+        federation_context: &serde_json::Value,
+        data: &Data<Self::DataType>,
+    ) -> Result<actix_web::HttpResponse, Self::Error>
+    where
+        Self::Error: From<serde_json::Error>,
+        Self::Kind: serde::Serialize + Send,
+    {
+        use crate::actix_web::response::{
+            create_http_response,
+            create_tombstone_response,
+            redirect_remote_object,
+        };
+        let id = self.id();
+        let res = if !data.config.is_local_url(&id) {
+            redirect_remote_object(&id)
+        } else if !self.is_deleted() {
+            let json = self.into_json(data).await?;
+            create_http_response(json, federation_context)?
+        } else {
+            create_tombstone_response(id.clone(), federation_context)?
+        };
+        Ok(res)
+    }
 }
 
 /// Handler for receiving incoming activities.
@@ -165,7 +213,7 @@ pub trait Object: Sized + Debug {
 /// # use url::Url;
 /// # use activitypub_federation::fetch::object_id::ObjectId;
 /// # use activitypub_federation::config::Data;
-/// # use activitypub_federation::traits::ActivityHandler;
+/// # use activitypub_federation::traits::Activity;
 /// # use activitypub_federation::traits::tests::{DbConnection, DbUser};
 /// #[derive(serde::Deserialize)]
 /// struct Follow {
@@ -177,7 +225,7 @@ pub trait Object: Sized + Debug {
 /// }
 ///
 /// #[async_trait::async_trait]
-/// impl ActivityHandler for Follow {
+/// impl Activity for Follow {
 ///     type DataType = DbConnection;
 ///     type Error = anyhow::Error;
 ///
@@ -203,7 +251,7 @@ pub trait Object: Sized + Debug {
 /// ```
 #[async_trait]
 #[enum_delegate::register]
-pub trait ActivityHandler {
+pub trait Activity {
     /// App data type passed to handlers. Must be identical to
     /// [crate::config::FederationConfigBuilder::app_data] type.
     type DataType: Clone + Send + Sync;
@@ -231,9 +279,6 @@ pub trait ActivityHandler {
 
 /// Trait to allow retrieving common Actor data.
 pub trait Actor: Object + Send + 'static {
-    /// `id` field of the actor
-    fn id(&self) -> Url;
-
     /// The actor's public key for verifying signatures of incoming activities.
     ///
     /// Use [generate_actor_keypair](crate::http_signatures::generate_actor_keypair) to create the
@@ -251,7 +296,7 @@ pub trait Actor: Object + Send + 'static {
 
     /// Generates a public key struct for use in the actor json representation
     fn public_key(&self) -> PublicKey {
-        PublicKey::new(self.id(), self.public_key_pem().to_string())
+        PublicKey::new(self.id().clone(), self.public_key_pem().to_string())
     }
 
     /// The actor's shared inbox, if any
@@ -267,9 +312,9 @@ pub trait Actor: Object + Send + 'static {
 
 /// Allow for boxing of enum variants
 #[async_trait]
-impl<T> ActivityHandler for Box<T>
+impl<T> Activity for Box<T>
 where
-    T: ActivityHandler + Send + Sync,
+    T: Activity + Send + Sync,
 {
     type DataType = T::DataType;
     type Error = T::Error;
@@ -331,207 +376,3 @@ pub trait Collection: Sized {
         data: &Data<Self::DataType>,
     ) -> Result<Self, Self::Error>;
 }
-
-/// Some impls of these traits for use in tests. Dont use this from external crates.
-///
-/// TODO: Should be using `cfg[doctest]` but blocked by <https://github.com/rust-lang/rust/issues/67295>
-#[doc(hidden)]
-#[allow(clippy::unwrap_used)]
-pub mod tests {
-    use super::*;
-    use crate::{
-        error::Error,
-        fetch::object_id::ObjectId,
-        http_signatures::{generate_actor_keypair, Keypair},
-        protocol::verification::verify_domains_match,
-    };
-    use activitystreams_kinds::{activity::FollowType, actor::PersonType};
-    use once_cell::sync::Lazy;
-    use serde::{Deserialize, Serialize};
-
-    #[derive(Clone)]
-    pub struct DbConnection;
-
-    impl DbConnection {
-        pub async fn read_post_from_json_id<T>(&self, _: Url) -> Result<Option<T>, Error> {
-            Ok(None)
-        }
-        pub async fn read_local_user(&self, _: &str) -> Result<DbUser, Error> {
-            todo!()
-        }
-        pub async fn upsert<T>(&self, _: &T) -> Result<(), Error> {
-            Ok(())
-        }
-        pub async fn add_follower(&self, _: DbUser, _: DbUser) -> Result<(), Error> {
-            Ok(())
-        }
-    }
-
-    #[derive(Clone, Debug, Deserialize, Serialize)]
-    #[serde(rename_all = "camelCase")]
-    pub struct Person {
-        #[serde(rename = "type")]
-        pub kind: PersonType,
-        pub preferred_username: String,
-        pub id: ObjectId<DbUser>,
-        pub inbox: Url,
-        pub public_key: PublicKey,
-    }
-    #[derive(Debug, Clone)]
-    pub struct DbUser {
-        pub name: String,
-        pub federation_id: Url,
-        pub inbox: Url,
-        pub public_key: String,
-        #[allow(dead_code)]
-        private_key: Option<String>,
-        pub followers: Vec<Url>,
-        pub local: bool,
-    }
-
-    pub static DB_USER_KEYPAIR: Lazy<Keypair> = Lazy::new(|| generate_actor_keypair().unwrap());
-
-    pub static DB_USER: Lazy<DbUser> = Lazy::new(|| DbUser {
-        name: String::new(),
-        federation_id: "https://localhost/123".parse().unwrap(),
-        inbox: "https://localhost/123/inbox".parse().unwrap(),
-        public_key: DB_USER_KEYPAIR.public_key.clone(),
-        private_key: Some(DB_USER_KEYPAIR.private_key.clone()),
-        followers: vec![],
-        local: false,
-    });
-
-    #[async_trait]
-    impl Object for DbUser {
-        type DataType = DbConnection;
-        type Kind = Person;
-        type Error = Error;
-
-        async fn read_from_id(
-            _object_id: Url,
-            _data: &Data<Self::DataType>,
-        ) -> Result<Option<Self>, Self::Error> {
-            Ok(Some(DB_USER.clone()))
-        }
-
-        async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
-            Ok(Person {
-                preferred_username: self.name.clone(),
-                kind: Default::default(),
-                id: self.federation_id.clone().into(),
-                inbox: self.inbox.clone(),
-                public_key: self.public_key(),
-            })
-        }
-
-        async fn verify(
-            json: &Self::Kind,
-            expected_domain: &Url,
-            _data: &Data<Self::DataType>,
-        ) -> Result<(), Self::Error> {
-            verify_domains_match(json.id.inner(), expected_domain)?;
-            Ok(())
-        }
-
-        async fn from_json(
-            json: Self::Kind,
-            _data: &Data<Self::DataType>,
-        ) -> Result<Self, Self::Error> {
-            Ok(DbUser {
-                name: json.preferred_username,
-                federation_id: json.id.into(),
-                inbox: json.inbox,
-                public_key: json.public_key.public_key_pem,
-                private_key: None,
-                followers: vec![],
-                local: false,
-            })
-        }
-    }
-
-    impl Actor for DbUser {
-        fn id(&self) -> Url {
-            self.federation_id.clone()
-        }
-
-        fn public_key_pem(&self) -> &str {
-            &self.public_key
-        }
-
-        fn private_key_pem(&self) -> Option<String> {
-            self.private_key.clone()
-        }
-
-        fn inbox(&self) -> Url {
-            self.inbox.clone()
-        }
-    }
-
-    #[derive(Deserialize, Serialize, Clone, Debug)]
-    #[serde(rename_all = "camelCase")]
-    pub struct Follow {
-        pub actor: ObjectId<DbUser>,
-        pub object: ObjectId<DbUser>,
-        #[serde(rename = "type")]
-        pub kind: FollowType,
-        pub id: Url,
-    }
-
-    #[async_trait]
-    impl ActivityHandler for Follow {
-        type DataType = DbConnection;
-        type Error = Error;
-
-        fn id(&self) -> &Url {
-            &self.id
-        }
-
-        fn actor(&self) -> &Url {
-            self.actor.inner()
-        }
-
-        async fn verify(&self, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
-            Ok(())
-        }
-
-        async fn receive(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
-            Ok(())
-        }
-    }
-
-    #[derive(Clone, Debug, Deserialize, Serialize)]
-    #[serde(rename_all = "camelCase")]
-    pub struct Note {}
-    #[derive(Debug, Clone)]
-    pub struct DbPost {}
-
-    #[async_trait]
-    impl Object for DbPost {
-        type DataType = DbConnection;
-        type Kind = Note;
-        type Error = Error;
-
-        async fn read_from_id(
-            _: Url,
-            _: &Data<Self::DataType>,
-        ) -> Result<Option<Self>, Self::Error> {
-            todo!()
-        }
-
-        async fn into_json(self, _: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
-            todo!()
-        }
-
-        async fn verify(
-            _: &Self::Kind,
-            _: &Url,
-            _: &Data<Self::DataType>,
-        ) -> Result<(), Self::Error> {
-            todo!()
-        }
-
-        async fn from_json(_: Self::Kind, _: &Data<Self::DataType>) -> Result<Self, Self::Error> {
-            todo!()
-        }
-    }
-}

src/traits/tests.rs

@@ -0,0 +1,201 @@
+#![doc(hidden)]
+#![allow(clippy::unwrap_used)]
+//! Some impls of these traits for use in tests. Dont use this from external crates.
+//!
+//! TODO: Should be using `cfg[doctest]` but blocked by <https://github.com/rust-lang/rust/issues/67295>
+
+use super::{async_trait, Activity, Actor, Data, Debug, Object, PublicKey, Url};
+use crate::{
+    error::Error,
+    fetch::object_id::ObjectId,
+    http_signatures::{generate_actor_keypair, Keypair},
+    protocol::verification::verify_domains_match,
+};
+use activitystreams_kinds::{activity::FollowType, actor::PersonType};
+use serde::{Deserialize, Serialize};
+use std::sync::LazyLock;
+
+#[derive(Clone)]
+pub struct DbConnection;
+
+impl DbConnection {
+    pub async fn read_post_from_json_id<T>(&self, _: Url) -> Result<Option<T>, Error> {
+        Ok(None)
+    }
+    pub async fn read_local_user(&self, _: &str) -> Result<DbUser, Error> {
+        todo!()
+    }
+    pub async fn upsert<T>(&self, _: &T) -> Result<(), Error> {
+        Ok(())
+    }
+    pub async fn add_follower(&self, _: DbUser, _: DbUser) -> Result<(), Error> {
+        Ok(())
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct Person {
+    #[serde(rename = "type")]
+    pub kind: PersonType,
+    pub preferred_username: String,
+    pub id: ObjectId<DbUser>,
+    pub inbox: Url,
+    pub public_key: PublicKey,
+}
+#[derive(Debug, Clone)]
+pub struct DbUser {
+    pub name: String,
+    pub federation_id: Url,
+    pub inbox: Url,
+    pub public_key: String,
+    #[allow(dead_code)]
+    private_key: Option<String>,
+    pub followers: Vec<Url>,
+    pub local: bool,
+}
+
+pub static DB_USER_KEYPAIR: LazyLock<Keypair> = LazyLock::new(|| generate_actor_keypair().unwrap());
+
+pub static DB_USER: LazyLock<DbUser> = LazyLock::new(|| DbUser {
+    name: String::new(),
+    federation_id: "https://localhost/123".parse().unwrap(),
+    inbox: "https://localhost/123/inbox".parse().unwrap(),
+    public_key: DB_USER_KEYPAIR.public_key.clone(),
+    private_key: Some(DB_USER_KEYPAIR.private_key.clone()),
+    followers: vec![],
+    local: false,
+});
+
+#[async_trait]
+impl Object for DbUser {
+    type DataType = DbConnection;
+    type Kind = Person;
+    type Error = Error;
+
+    fn id(&self) -> Url {
+        self.federation_id.clone()
+    }
+
+    async fn read_from_id(
+        _object_id: Url,
+        _data: &Data<Self::DataType>,
+    ) -> Result<Option<Self>, Self::Error> {
+        Ok(Some(DB_USER.clone()))
+    }
+
+    async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
+        Ok(Person {
+            preferred_username: self.name.clone(),
+            kind: Default::default(),
+            id: self.federation_id.clone().into(),
+            inbox: self.inbox.clone(),
+            public_key: self.public_key(),
+        })
+    }
+
+    async fn verify(
+        json: &Self::Kind,
+        expected_domain: &Url,
+        _data: &Data<Self::DataType>,
+    ) -> Result<(), Self::Error> {
+        verify_domains_match(json.id.inner(), expected_domain)?;
+        Ok(())
+    }
+
+    async fn from_json(
+        json: Self::Kind,
+        _data: &Data<Self::DataType>,
+    ) -> Result<Self, Self::Error> {
+        Ok(DbUser {
+            name: json.preferred_username,
+            federation_id: json.id.into(),
+            inbox: json.inbox,
+            public_key: json.public_key.public_key_pem,
+            private_key: None,
+            followers: vec![],
+            local: false,
+        })
+    }
+}
+
+impl Actor for DbUser {
+    fn public_key_pem(&self) -> &str {
+        &self.public_key
+    }
+
+    fn private_key_pem(&self) -> Option<String> {
+        self.private_key.clone()
+    }
+
+    fn inbox(&self) -> Url {
+        self.inbox.clone()
+    }
+}
+
+#[derive(Deserialize, Serialize, Clone, Debug)]
+#[serde(rename_all = "camelCase")]
+pub struct Follow {
+    pub actor: ObjectId<DbUser>,
+    pub object: ObjectId<DbUser>,
+    #[serde(rename = "type")]
+    pub kind: FollowType,
+    pub id: Url,
+}
+
+#[async_trait]
+impl Activity for Follow {
+    type DataType = DbConnection;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct Note {}
+#[derive(Debug, Clone)]
+pub struct DbPost {
+    pub federation_id: Url,
+}
+
+#[async_trait]
+impl Object for DbPost {
+    type DataType = DbConnection;
+    type Kind = Note;
+    type Error = Error;
+
+    fn id(&self) -> Url {
+        todo!()
+    }
+
+    async fn read_from_id(_: Url, _: &Data<Self::DataType>) -> Result<Option<Self>, Self::Error> {
+        todo!()
+    }
+
+    async fn into_json(self, _: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
+        todo!()
+    }
+
+    async fn verify(_: &Self::Kind, _: &Url, _: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        todo!()
+    }
+
+    async fn from_json(_: Self::Kind, _: &Data<Self::DataType>) -> Result<Self, Self::Error> {
+        todo!()
+    }
+}

src/utils.rs

@@ -0,0 +1,78 @@
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+
+use crate::error::Error;
+use tokio::net::lookup_host;
+use url::{Host, Url};
+
+// TODO: Use is_global() once stabilized
+//       https://doc.rust-lang.org/std/net/enum.IpAddr.html#method.is_global
+pub(crate) async fn validate_ip(url: &Url) -> Result<(), Error> {
+    let mut ip = vec![];
+    let host = url
+        .host()
+        .ok_or(Error::UrlVerificationError("Url must have a domain"))?;
+    match host {
+        Host::Domain(domain) => ip.extend(
+            lookup_host((domain.to_owned(), 80))
+                .await?
+                .map(|s| s.ip().to_canonical()),
+        ),
+        Host::Ipv4(ipv4) => ip.push(ipv4.into()),
+        Host::Ipv6(ipv6) => ip.push(ipv6.into()),
+    };
+
+    let invalid_ip = ip.into_iter().any(|addr| match addr {
+        IpAddr::V4(addr) => v4_is_invalid(addr),
+        IpAddr::V6(addr) => v6_is_invalid(addr),
+    });
+    if invalid_ip {
+        return Err(Error::DomainResolveError(host.to_string()));
+    }
+    Ok(())
+}
+
+fn v4_is_invalid(v4: Ipv4Addr) -> bool {
+    v4.is_private()
+        || v4.is_loopback()
+        || v4.is_link_local()
+        || v4.is_multicast()
+        || v4.is_documentation()
+        || v4.is_unspecified()
+        || v4.is_broadcast()
+}
+
+fn v6_is_invalid(v6: Ipv6Addr) -> bool {
+    v6.is_loopback()
+        || v6.is_multicast()
+        || v6.is_unique_local()
+        || v6.is_unicast_link_local()
+        || v6.is_unspecified()
+        || v6_is_documentation(v6)
+        || v6.to_ipv4_mapped().is_some_and(v4_is_invalid)
+}
+
+fn v6_is_documentation(v6: std::net::Ipv6Addr) -> bool {
+    matches!(
+        v6.segments(),
+        [0x2001, 0xdb8, ..] | [0x3fff, 0..=0x0fff, ..]
+    )
+}
+
+#[cfg(test)]
+#[allow(clippy::unwrap_used)]
+mod test {
+    use super::*;
+
+    #[tokio::test]
+    async fn test_is_valid_ip() -> Result<(), Error> {
+        assert!(validate_ip(&Url::parse("http://example.com")?)
+            .await
+            .is_ok());
+        assert!(validate_ip(&Url::parse("http://172.66.147.243")?)
+            .await
+            .is_ok());
+        assert!(validate_ip(&Url::parse("http://localhost")?).await.is_err());
+        assert!(validate_ip(&Url::parse("http://127.0.0.1")?).await.is_err());
+        Ok(())
+    }
+}