Generic server vision / how to deal with weird activities

I was writing a long general description of my thought, deleted everything, I’ll just write a simple example :slight_smile:

In my web app, when the server receives an Undo activity via C2S, one of the things it can do is to verify that if the Undo is undoing a Follow, then the unfollowed object (or the actor managing it) is listed in the recipients. And I’m wondering whether to check for that, and for such details in all the activities received in C2S:

  • If I do, I write more code and think harder
  • If I don’t, I just need to code the side effects, and otherwise send the activity straight to asynchronous delivery system for S2S delivery etc.
  • If I do, I prevent the publishing of weird and useless activities, such as undoing a follow but not sending it to the actor you’re unfollowing
  • If I don’t, weird activities would be published, but, maybe that’s fine and it saves lines-of-code and coding time spent checking the tiny details of activities, details that are easy to miss anyway

I’m finding that the primary reason I do code the checks every time, is some fear of ruining the cleanliness of the application and the database, like, keeping out data that doesn’t make sense. Now that I’m more conscious of this tendency, I’m questioning it and considering to just mentally accept that ActivityPub is kind of like structured Email and I should just let the user publish whatever weird stuff they please, and leave those checks to the C2S client app.

Thoughts? :slight_smile:

I’m tempted to say that it’s good and responsible to not send out useless federation activities, if you can avoid it. If the client sends something that the server already notices should not need to be sent out, then those checks are worth it.

If I understood the question :wink:

I suppose it saves network usage and storage, but also I wonder if spam detection would handle such useless activities anyway, and then it doesn’t need to happen in the logic code.

I’ll try to gradually improve the checks, maybe even publish a document listing them! Those checks probably apply to many implementations and perhaps we could have a list? :slight_smile:

Not sure you meant something related to the C2S API, but if you did, then I’m not sure anyone has actually implemented or is planning to implement C2S? :wink: All platforms pretty much have their own API and just do S2S afaik.