[go: up one dir, main page]
Skip to content

Add ActivityPub server allowlist

Why are we doing this work

In the final version of ActivityPub support, we'll handle both allowlist and denylist, so that GitLab instance owner can select the mechanism by which they want to activate federation : by listing allowed servers (thus communicating with only those ones) or by listing denied server (acting as a ban of those servers). All of that provided the instance owner did activate federation, of course.

For releasing our first actor, we want to at least have the allowlist, as it will help us progressively rollout the feature, allowing a few servers in the Fediverse to subscribe to our resources, and seeing how the application responds, before adding a few more, checking the load again, etc.

In this early incarnation, we don't need a UI for this feature, adding allowed servers in the console will be enough.

Relevant links

Non-functional requirements

  • Documentation:
  • Testing:

Implementation plan

  1. add a persistent storage of the list of allowed servers
  2. make some sort of abstraction for sending out ActivityPub activities
  3. check before sending the activity if the allowlist is empty, and if not, if the targeted server is allowed

Verification steps

We have a Sinatra app to help test ActivityPub features by acting as a third-party ActivityPub server, allowing to perform against local GitLab dev install tasks specific to the various MRs we're implementing. This is be a good place to add a task that allow to test this feature.