fix phpcs via phpcbf

fix: make in_array comparison strict

.distignore

@@ -15,6 +15,8 @@ Makefile
 README.md
 readme.md
 CODE_OF_CONDUCT.md
+FEDERATION.md
+SECURITY.md
 LICENSE.md
 _site
 _config.yml

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,90 @@
+name: Bug Report
+description: Helps us improve our product!
+labels: "Needs triage, [Type] Bug"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ### Thanks for contributing!
+
+        Please write a clear title, then fill in the fields below and submit.
+
+        Please **do not** link to image hosting services such as Cloudup, Droplr, Imgur, etc…
+        Instead, directly embed screenshot(s) or recording(s) in any of the text areas below: click, then drag and drop.
+  - type: markdown
+    attributes:
+      value: |
+        ---
+        ## Core Information
+  - type: textarea
+    id: summary
+    attributes:
+        label: Quick summary
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      placeholder: |
+        1. Start at `site-domain.com/blog`.
+        2. Click on any blog post.
+        3. ...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: What you expected to happen
+      placeholder: |
+        e.g. The post should appear.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: What actually happened
+      placeholder: |
+        e.g. The post did not appear.
+    validations:
+      required: true
+  - type: dropdown
+    id: users-affected
+    attributes:
+      label: Impact
+      description: Approximately how many users are impacted?
+      options:
+        - One
+        - Some (< 50%)
+        - Most (> 50%)
+        - All
+    validations:
+      required: true
+  - type: dropdown
+    id: workarounds
+    attributes:
+      label: Available workarounds?
+      options:
+        - No and the platform is unusable
+        - No but the platform is still usable
+        - Yes, difficult to implement
+        - Yes, easy to implement
+        - There is no user impact
+    validations:
+      required: true
+
+  - type: markdown
+    attributes:
+      value: |
+        <br>
+
+        ## Optional Information
+
+        The following section is optional.
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs or notes
+      placeholder: |
+        Add any information that may be relevant, such as:
+          - Browser/Platform
+          - Theme
+          - Logs/Errors

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,34 @@
+name: Feature Request
+description: Suggest an idea for the ActivityPub plugin!
+title: "Feature Request:"
+labels: ["[Type] Feature Request"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please, be as descriptive as possible. Issues lacking detail, or for any other reason than to request a feature, may be closed without action.
+
+  - type: textarea
+    id: what
+    attributes:
+      label: What
+      description: Add a concise description of the feature being requested.
+      placeholder: eg. I would like a new dropdown at <xyz>...
+    validations:
+      required: true
+
+  - type: textarea
+    id: why
+    attributes:
+      label: Why
+      description: Add a description of the problem this feature solves.
+      placeholder: |
+        eg. This will solve my accessibility needs.
+    validations:
+      required: true
+
+  - type: textarea
+    id: how
+    attributes:
+      label: How
+      description: If applicable, add screenshots, mockup, animations and/or videos to help illustrate how the feature could be done.

.github/stale.yml

@@ -1,17 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 120
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-# Label to use when marking an issue as stale
-staleLabel: wontfix
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

.github/workflows/gardening.yml

@@ -0,0 +1,50 @@
+# Repo gardening. Automate some of the triage tasks in the repo.
+name: Repo Gardening
+
+on:
+  pull_request_target: # When a PR is opened, edited, updated, closed, or a label is added.
+    types: [opened, reopened, synchronize, edited, labeled, closed]
+  issues: # For auto-triage of issues.
+    types: [opened, labeled, reopened, edited, closed]
+  issue_comment: # To gather support references in issue comments.
+    types: [created]
+concurrency:
+  # For pull_request_target, cancel any concurrent jobs with the same type (e.g. "opened", "labeled") and branch.
+  # Don't cancel any for other events, accomplished by grouping on the unique run_id.
+  group: gardening-${{ github.event_name }}-${{ github.event.action }}-${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  repo-gardening:
+    name: 'Automated repo gardening.'
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request_target' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
+    timeout-minutes: 10
+
+    steps:
+     - name: Checkout
+       uses: actions/checkout@v3
+
+     - name: Setup Node
+       uses: actions/setup-node@v3
+       with:
+          node-version: lts/*
+
+     - name: Wait for prior instances of the workflow to finish
+       uses: softprops/turnstyle@v1
+       env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+     - name: 'Automate triage (add labels, clean labels, ...).'
+       uses: automattic/action-repo-gardening@trunk
+       with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          slack_token: ${{ secrets.SLACK_TOKEN }}
+          slack_team_channel: ${{ secrets.SLACK_TEAM_CHANNEL }}
+          slack_he_triage_channel: ${{ secrets.SLACK_HE_TRIAGE_CHANNEL }}
+          slack_quality_channel: ${{ secrets.SLACK_QUALITY_CHANNEL }}
+          tasks: 'addLabels,cleanLabels,assignIssues,flagOss,gatherSupportReferences,replyToCustomersReminder'
+          add_labels: '[
+              {"path": "src/followers", "label": "[Block] Followers"},
+              {"path": "src/follow-me", "label": "[Block] Follow Me"}
+            ]'

.github/workflows/stale.yml

@@ -0,0 +1,19 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v8
+        with:
+          stale-issue-message: 'This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+          days-before-stale: 120
+          days-before-close: 7
+          exempt-all-pr-assignees: true
+          exempt-all-assignees: true
+          exempt-all-pr-milestones: true
+          exempt-all-issue-milestones: true
+          start-date: '2019-02-01T00:00:00Z'

.php_cs

@@ -1,15 +0,0 @@
-<?php
-$finder = PhpCsFixer\Finder::create()
-    ->exclude('vendor')
-	->exclude('node_modules')
-	->exclude('bin')
-    ->in(__DIR__)
-;
-
-return PhpCsFixer\Config::create()
-    ->setRules([
-        'native_function_invocation' => ['include' => ['@all']],
-		'native_constant_invocation' => true,
-    ])
-    ->setFinder($finder)
-;

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+https://developer.wordpress.com/contact/?g21-subject=Code%20of%20Conduct.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

FEDERATION.md

@@ -0,0 +1,38 @@
+# Federation in WordPress
+
+The WordPress plugin largely follows ActivityPub's server-to-server specification, but makes use of some non-standard extensions, some of which are required to interact with the plugin. Most of these extensions are for the purpose of compatibility with other, sometimes very restrictive networks, such as Mastodon.
+
+## Supported federation protocols and standards
+
+- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
+- [WebFinger](https://webfinger.net/)
+- [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
+- [NodeInfo](https://nodeinfo.diaspora.software/)
+
+## Supported FEPs
+
+- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
+- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
+- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
+
+Partially supported FEPs
+
+- [FEP-1b12: Group federation](https://codeberg.org/fediverse/fep/src/branch/main/fep/1b12/fep-1b12.md)
+
+## ActivityPub
+
+### HTTP Signatures
+
+In order to authenticate activities, Mastodon relies on HTTP Signatures, signing every `POST` and `GET` request to other ActivityPub implementations on behalf of the user authoring an activity (for `POST` requests) or an actor representing the Mastodon server itself (for most `GET` requests).
+
+Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
+
+More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
+
+## Additional documentation
+
+- Plugin Description: https://github.com/Automattic/wordpress-activitypub?tab=readme-ov-file#description
+- Frequently Asked Questions: https://github.com/Automattic/wordpress-activitypub?tab=readme-ov-file#frequently-asked-questions
+- Installation Instructions: https://github.com/Automattic/wordpress-activitypub?tab=readme-ov-file#installation
+- Upgrade Notice: https://github.com/Automattic/wordpress-activitypub?tab=readme-ov-file#upgrade-notice
+- Changelog: https://github.com/Automattic/wordpress-activitypub?tab=readme-ov-file#changelog

LICENSE

@@ -1,6 +1,7 @@
 MIT License
 
 Copyright (c) 2019 Matthias Pfefferle
+Copyright (c) 2023 Automattic
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,9 +1,9 @@
 # ActivityPub #
-**Contributors:** [automattic](https://profiles.wordpress.org/automattic/), [pfefferle](https://profiles.wordpress.org/pfefferle/), [mediaformat](https://profiles.wordpress.org/mediaformat/), [mattwiebe](https://profiles.wordpress.org/mattwiebe/), [akirk](https://profiles.wordpress.org/akirk/), [jeherve](https://profiles.wordpress.org/jeherve/), [nuriapena](https://profiles.wordpress.org/nuriapena/)  
+**Contributors:** [automattic](https://profiles.wordpress.org/automattic/), [pfefferle](https://profiles.wordpress.org/pfefferle/), [mediaformat](https://profiles.wordpress.org/mediaformat/), [mattwiebe](https://profiles.wordpress.org/mattwiebe/), [akirk](https://profiles.wordpress.org/akirk/), [jeherve](https://profiles.wordpress.org/jeherve/), [nuriapena](https://profiles.wordpress.org/nuriapena/), [cavalierlife](https://profiles.wordpress.org/cavalierlife/)  
 **Tags:** OStatus, fediverse, activitypub, activitystream  
 **Requires at least:** 4.7  
-**Tested up to:** 6.3  
-**Stable tag:** 1.0.0  
+**Tested up to:** 6.4  
+**Stable tag:** 1.2.0  
 **Requires PHP:** 5.6  
 **License:** MIT  
 **License URI:** http://opensource.org/licenses/MIT  
@@ -36,7 +36,7 @@ The plugin works with the following tested federated platforms, but there may be
 Some things to note:
 
 1. The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.
-1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will duplicate content issues with search engines and will enable ActivityPub author profiles to work.
+1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will still resolve duplicate content issues with search engines and will enable ActivityPub author profiles to work.
 1. Once ActivityPub is installed, *only new posts going forward* will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site, will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.
 
 So what’s the process?
@@ -86,7 +86,7 @@ In order for webfinger to work, it must be mapped to the root directory of the U
 
 Add the following to the .htaccess file in the root directory:
 
-	RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" "\/blog\/\.well-known$1$2"
+	RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" /blog/.well-known/$1$2
 
 Where 'blog' is the path to the subdirectory at which your blog resides.
 
@@ -105,6 +105,97 @@ Where 'blog' is the path to the subdirectory at which your blog resides.
 
 Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub).
 
+### 1.2.0 ###
+
+* Add: Search and order followerer lists
+* Add: Have a filter to defer signature verification
+* Improved: "Follow Me" styles for dark themes
+* Improved: Allow `p` and `br` tags only for AP comments
+* Fixed: Deduplicate attachments earlier to prevent incorrect max_media
+
+
+### 1.1.0 ###
+
+* Improved: audio and video attachments are now supported!
+* Improved: better error messages if remote profile is not accessible
+* Improved: PHP 8.1 compatibility
+* Fixed: don't try to parse mentions or hashtags for very large (>1MB) posts to prevent timeouts
+* Fixed: better handling of ISO-639-1 locale codes
+* Improved: more reliable [ap_author], props @uk3
+* Improved: NodeInfo statistics
+
+### 1.0.10 ###
+
+* Improved: better error messages if remote profile is not accessible
+
+### 1.0.9 ###
+
+* Fixed: broken following endpoint
+
+### 1.0.8 ###
+
+* Fixed: blocking of HEAD requests
+* Fixed: PHP fatal error
+* Fixed: several typos
+* Fixed: error codes
+* Improved: loading of shortcodes
+* Updated: caching of followers
+* Updated: Application-User is no longer "indexable"
+* Updated: more consistent usage of the `application/activity+json` Content-Type
+* Removed: featured tags endpoint
+
+### 1.0.7 ###
+
+* Fixed: broken function call
+* Add: filter to hook into "is blog public" check
+
+### 1.0.6 ###
+
+* Fixed: more restrictive request verification
+
+### 1.0.5 ###
+
+* Fixed: compatibility with WebFinger and NodeInfo plugin
+
+### 1.0.4 ###
+
+* Fixed: Constants were not loaded early enough, resulting in a race condition
+* Fixed: Featured image was ignored when using the block editor
+
+### 1.0.3 ###
+
+* Fixed: compatibility with older WordPress/PHP versions
+* Update: refactoring of the Plugin init process
+* Update: better frontend UX and improved theme compat for blocks
+* Compatibility: add a ACTIVITYPUB_DISABLE_REWRITES constant
+* Compatibility: add pre-fetch hook to allow plugins to hang filters on
+
+### 1.0.2 ###
+
+* Updated: improved hashtag visibility in default template
+* Updated: reduced number of followers to be checked/updated via Cron, when System Cron is not set up
+* Updated: check if username of Blog-User collides with an Authors name
+* Compatibility: improved Group meta informations
+* Fixed: detection of single user mode
+* Fixed: remote delete
+* Fixed: styles in Follow-Me block
+* Fixed: various encoding and formatting issues
+* Fixed: (health) check Author URLs only if Authors are enabled
+
+### 1.0.1 ###
+
+* Update: improve image attachment detection using the block editor
+* Update: better error code handling for API responses
+* Update: use a tag stack instead of regex for protecting tags for Hashtags and @-Mentions
+* Compatibility: better signature support for subpath-installations
+* Compatibility: allow deactivating blocks registered by the plugin
+* Compatibility: avoid Fatal Errors when using ClassicPress
+* Compatibility: improve the Group-Actor to play nicely with existing implementations
+* Fixed: truncate long blog titles and handles for the "Follow me" block
+* Fixed: ensure that only a valid user can be selected for the "Follow me" block
+* Fixed: fix a typo in a hook name
+* Fixed: a problem with signatures when running WordPress in a sub-path
+
 ### 1.0.0 ###
 
 * Add: blog-wide Account (catchall, like `example.com@example.com`)
@@ -113,6 +204,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu
 * Add: a Followers Block (show off your Followers)
 * Add: Simple caching
 * Add: Collection endpoints for Featured Tags and Featured Posts
+* Add: Better handling of Hashtags in mobile apps
 * Update: Complete rewrite of the Follower-System based on Custom Post Types
 * Update: Improved linter (PHPCS)
 * Compatibility: Add a new conditional, `\Activitypub\is_activitypub_request()`, to allow third-party plugins to detect ActivityPub requests

SECURITY.md

@@ -0,0 +1,36 @@
+# Security Policy
+
+Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/).
+
+## Supported Versions
+
+Generally, only the latest version of the ActivityPub plugin has continued support. If a critical vulnerability is found in the current version of the ActivityPub plugin, we may opt to backport any patches to previous versions.
+
+## Reporting a Vulnerability
+
+[ActivityPub](https://wordpress.org/plugins/activitypub/) is an open-source plugin for WordPress. Our HackerOne program covers the plugin software, as well as a variety of related projects and infrastructure.
+
+**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**
+
+Our most critical targets are:
+
+* ActivityPub plugin (all within this repo)
+* wordpress.com -- hosted ActivityPub offering on WordPress.com.
+
+For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic).
+
+_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._
+
+## Guidelines
+
+We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:
+
+*   Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
+*   Pen-testing Production:
+    *   Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
+    *   If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
+    *   **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
+    *   To be eligible for a bounty, all of these guidelines must be followed.
+*   Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.
+
+We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.

activitypub.php

@@ -3,7 +3,7 @@
  * Plugin Name: ActivityPub
  * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/
  * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format.
- * Version: 1.0.0
+ * Version: 1.2.0
  * Author: Matthias Pfefferle & Automattic
  * Author URI: https://automattic.com/
  * License: MIT
@@ -15,31 +15,37 @@
 
 namespace Activitypub;
 
-\defined( 'ACTIVITYPUB_REST_NAMESPACE' ) || \define( 'ACTIVITYPUB_REST_NAMESPACE', 'activitypub/1.0' );
+use function Activitypub\is_blog_public;
+use function Activitypub\site_supports_blocks;
+
+require_once __DIR__ . '/includes/compat.php';
+require_once __DIR__ . '/includes/functions.php';
 
 /**
- * Initialize plugin
+ * Initialize the plugin constants.
  */
-function init() {
-	\defined( 'ACTIVITYPUB_EXCERPT_LENGTH' ) || \define( 'ACTIVITYPUB_EXCERPT_LENGTH', 400 );
-	\defined( 'ACTIVITYPUB_SHOW_PLUGIN_RECOMMENDATIONS' ) || \define( 'ACTIVITYPUB_SHOW_PLUGIN_RECOMMENDATIONS', true );
-	\defined( 'ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS' ) || \define( 'ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS', 3 );
-	\defined( 'ACTIVITYPUB_HASHTAGS_REGEXP' ) || \define( 'ACTIVITYPUB_HASHTAGS_REGEXP', '(?:(?<=\s)|(?<=<p>)|(?<=<br>)|^)#([A-Za-z0-9_]+)(?:(?=\s|[[:punct:]]|$))' );
-	\defined( 'ACTIVITYPUB_USERNAME_REGEXP' ) || \define( 'ACTIVITYPUB_USERNAME_REGEXP', '(?:([A-Za-z0-9_-]+)@((?:[A-Za-z0-9_-]+\.)+[A-Za-z]+))' );
-	\defined( 'ACTIVITYPUB_CUSTOM_POST_CONTENT' ) || \define( 'ACTIVITYPUB_CUSTOM_POST_CONTENT', "<strong>[ap_title]</strong>\n\n[ap_content]\n\n[ap_hashtags]\n\n[ap_shortlink]" );
-	\defined( 'ACTIVITYPUB_AUTHORIZED_FETCH' ) || \define( 'ACTIVITYPUB_AUTHORIZED_FETCH', false );
+\defined( 'ACTIVITYPUB_REST_NAMESPACE' ) || \define( 'ACTIVITYPUB_REST_NAMESPACE', 'activitypub/1.0' );
+\defined( 'ACTIVITYPUB_EXCERPT_LENGTH' ) || \define( 'ACTIVITYPUB_EXCERPT_LENGTH', 400 );
+\defined( 'ACTIVITYPUB_SHOW_PLUGIN_RECOMMENDATIONS' ) || \define( 'ACTIVITYPUB_SHOW_PLUGIN_RECOMMENDATIONS', true );
+\defined( 'ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS' ) || \define( 'ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS', 3 );
+\defined( 'ACTIVITYPUB_HASHTAGS_REGEXP' ) || \define( 'ACTIVITYPUB_HASHTAGS_REGEXP', '(?:(?<=\s)|(?<=<p>)|(?<=<br>)|^)#([A-Za-z0-9_]+)(?:(?=\s|[[:punct:]]|$))' );
+\defined( 'ACTIVITYPUB_USERNAME_REGEXP' ) || \define( 'ACTIVITYPUB_USERNAME_REGEXP', '(?:([A-Za-z0-9_-]+)@((?:[A-Za-z0-9_-]+\.)+[A-Za-z]+))' );
+\defined( 'ACTIVITYPUB_CUSTOM_POST_CONTENT' ) || \define( 'ACTIVITYPUB_CUSTOM_POST_CONTENT', "<strong>[ap_title]</strong>\n\n[ap_content]\n\n[ap_hashtags]\n\n[ap_shortlink]" );
+\defined( 'ACTIVITYPUB_AUTHORIZED_FETCH' ) || \define( 'ACTIVITYPUB_AUTHORIZED_FETCH', false );
+\defined( 'ACTIVITYPUB_DISABLE_REWRITES' ) || \define( 'ACTIVITYPUB_DISABLE_REWRITES', false );
+\defined( 'ACTIVITYPUB_DEFAULT_TRANSFORMER' ) || \define( 'ACTIVITYPUB_DEFAULT_TRANSFORMER', 'activitypub/default' );
 
-	\define( 'ACTIVITYPUB_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
-	\define( 'ACTIVITYPUB_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
-	\define( 'ACTIVITYPUB_PLUGIN_FILE', plugin_dir_path( __FILE__ ) . '/' . basename( __FILE__ ) );
-	\define( 'ACTIVITYPUB_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 
-	Migration::init();
-	Activitypub::init();
-	Activity_Dispatcher::init();
-	Collection\Followers::init();
+\define( 'ACTIVITYPUB_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
+\define( 'ACTIVITYPUB_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
+\define( 'ACTIVITYPUB_PLUGIN_FILE', plugin_dir_path( __FILE__ ) . '/' . basename( __FILE__ ) );
+\define( 'ACTIVITYPUB_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 
-	// Configure the REST API route
+
+/**
+ * Initialize REST routes.
+ */
+function rest_init() {
 	Rest\Users::init();
 	Rest\Outbox::init();
 	Rest\Inbox::init();
@@ -49,20 +55,49 @@ function init() {
 	Rest\Server::init();
 	Rest\Collection::init();
 
-	Admin::init();
-	Hashtag::init();
-	Shortcodes::init();
-	Blocks::init();
-	Mention::init();
-	Health_Check::init();
-	Scheduler::init();
+	// load NodeInfo endpoints only if blog is public
+	if ( is_blog_public() ) {
+		Rest\NodeInfo::init();
+	}
 }
-\add_action( 'init', __NAMESPACE__ . '\init' );
+\add_action( 'rest_api_init', __NAMESPACE__ . '\rest_init' );
+
+/**
+ * Initialize plugin.
+ */
+function plugin_init() {
+	\add_action( 'init', array( __NAMESPACE__ . '\Migration', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Activitypub', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Activity_Dispatcher', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Collection\Followers', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Admin', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Hashtag', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Mention', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Health_Check', 'init' ) );
+	\add_action( 'init', array( __NAMESPACE__ . '\Scheduler', 'init' ) );
+
+	if ( site_supports_blocks() ) {
+		\add_action( 'init', array( __NAMESPACE__ . '\Blocks', 'init' ) );
+	}
+
+	$debug_file = __DIR__ . '/includes/debug.php';
+	if ( \WP_DEBUG && file_exists( $debug_file ) && is_readable( $debug_file ) ) {
+		require_once $debug_file;
+		Debug::init();
+	}
+
+	require_once __DIR__ . '/integration/class-webfinger.php';
+	Integration\Webfinger::init();
+
+	require_once __DIR__ . '/integration/class-nodeinfo.php';
+	Integration\Nodeinfo::init();
+}
+\add_action( 'plugins_loaded', __NAMESPACE__ . '\plugin_init' );
 
 /**
  * Class Autoloader
  */
-spl_autoload_register(
+\spl_autoload_register(
 	function ( $full_class ) {
 		$base_dir = __DIR__ . '/includes/';
 		$base     = 'Activitypub\\';
@@ -95,19 +130,6 @@ spl_autoload_register(
 	}
 );
 
-require_once __DIR__ . '/includes/functions.php';
-
-// load NodeInfo endpoints only if blog is public
-if ( \get_option( 'blog_public', 1 ) ) {
-	Rest\NodeInfo::init();
-}
-
-$debug_file = __DIR__ . '/includes/debug.php';
-if ( \WP_DEBUG && file_exists( $debug_file ) && is_readable( $debug_file ) ) {
-	require_once $debug_file;
-	Debug::init();
-}
-
 /**
  * Add plugin settings link
  */

build/follow-me/block.json

@@ -24,6 +24,12 @@
       "width": true,
       "color": true,
       "style": true
+    },
+    "typography": {
+      "fontSize": true,
+      "__experimentalDefaultControls": {
+        "fontSize": true
+      }
     }
   },
   "attributes": {

build/follow-me/index.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '9d4af3528585afd49437');
+<?php return array('dependencies' => array('wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '2a185b1c488886051601');

build/follow-me/style-index.css

@@ -1 +1 @@
-.activitypub-follow-me-block-wrapper .activitypub-profile,.editor-styles-wrapper .activitypub-profile{align-items:self-start;display:flex;padding:1rem}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__avatar,.editor-styles-wrapper .activitypub-profile .activitypub-profile__avatar{border-radius:50%;height:75px;margin-right:1rem;width:75px}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name,.editor-styles-wrapper .activitypub-profile .activitypub-profile__name{font-size:var(--wp--preset--font-size--large);line-height:1;margin:0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__follow,.editor-styles-wrapper .activitypub-profile .activitypub-profile__follow{align-self:center;background-color:var(--wp--preset--color--black);color:var(--wp--preset--color--white);margin-left:auto}.activitypub-follow-me__dialog{max-width:30em}.activitypub-follow-me__dialog h4{line-height:1;margin:0}.activitypub-follow-me__dialog .apmfd__section{margin-bottom:2em}.activitypub-follow-me__dialog .apfmd-description{font-size:var(--wp--preset--font-size--normal,.75rem);margin:.33em 0 1em}.activitypub-follow-me__dialog .apfmd__button-group{display:flex;justify-content:flex-end}.activitypub-follow-me__dialog .apfmd__button-group svg{height:21px;margin-right:.5em;width:21px}.activitypub-follow-me__dialog .apfmd__button-group input{flex:1;padding-left:1em;padding-right:1em}
+.activitypub-follow-me-block-wrapper{width:100%}.activitypub-follow-me-block-wrapper.has-background .activitypub-profile,.activitypub-follow-me-block-wrapper.has-border-color .activitypub-profile{padding-left:1rem;padding-right:1rem}.activitypub-follow-me-block-wrapper .activitypub-profile{align-items:center;display:flex;padding:1rem 0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__avatar{border-radius:50%;height:75px;margin-right:1rem;width:75px}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__content{flex:1;min-width:0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__handle,.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{line-height:1.2;margin:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{font-size:1.25em}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__follow{align-self:center;background-color:var(--wp--preset--color--black);color:var(--wp--preset--color--white);margin-left:1rem}.activitypub-profile__confirm.components-modal__frame{background-color:#f7f7f7;color:#333}.activitypub-profile__confirm.components-modal__frame .components-modal__header-heading,.activitypub-profile__confirm.components-modal__frame h4{color:#333;letter-spacing:inherit;word-spacing:inherit}.activitypub-follow-me__dialog{max-width:30em}.activitypub-follow-me__dialog h4{line-height:1;margin:0}.activitypub-follow-me__dialog .apmfd__section{margin-bottom:2em}.activitypub-follow-me__dialog .apfmd-description{font-size:var(--wp--preset--font-size--normal,.75rem);margin:.33em 0 1em}.activitypub-follow-me__dialog .apfmd__button-group{align-items:flex-end;display:flex;justify-content:flex-end}.activitypub-follow-me__dialog .apfmd__button-group svg{height:21px;margin-right:.5em;width:21px}.activitypub-follow-me__dialog .apfmd__button-group input{background-color:var(--wp--preset--color--white);border:1px solid var(--wp--preset--color--black);color:var(--wp--preset--color--black);flex:1;padding:6px 12px}

build/follow-me/view.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-api-fetch', 'wp-components', 'wp-compose', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '06a922cf2e58c94b6431');
+<?php return array('dependencies' => array('wp-api-fetch', 'wp-components', 'wp-compose', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '17a158ceced1355cc8ea');

build/followers/index.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives', 'wp-url'), 'version' => 'a7adf2628fd43600eef6');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives', 'wp-url'), 'version' => '1cbd9cbfcbd7fc813429');

build/followers/index.js

@@ -1,3 +1,3 @@
-(()=>{var e={184:(e,t)=>{var a;!function(){"use strict";var n={}.hasOwnProperty;function l(){for(var e=[],t=0;t<arguments.length;t++){var a=arguments[t];if(a){var r=typeof a;if("string"===r||"number"===r)e.push(a);else if(Array.isArray(a)){if(a.length){var o=l.apply(null,a);o&&e.push(o)}}else if("object"===r){if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]")){e.push(a.toString());continue}for(var i in a)n.call(a,i)&&a[i]&&e.push(i)}}}return e.join(" ")}e.exports?(l.default=l,e.exports=l):void 0===(a=function(){return l}.apply(t,[]))||(e.exports=a)}()}},t={};function a(n){var l=t[n];if(void 0!==l)return l.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,a),r.exports}a.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return a.d(t,{a:t}),t},a.d=(e,t)=>{for(var n in t)a.o(t,n)&&!a.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},a.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{"use strict";const e=window.wp.blocks,t=window.wp.element,n=window.wp.primitives,l=(0,t.createElement)(n.SVG,{xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 24 24"},(0,t.createElement)(n.Path,{d:"M15.5 9.5a1 1 0 100-2 1 1 0 000 2zm0 1.5a2.5 2.5 0 100-5 2.5 2.5 0 000 5zm-2.25 6v-2a2.75 2.75 0 00-2.75-2.75h-4A2.75 2.75 0 003.75 15v2h1.5v-2c0-.69.56-1.25 1.25-1.25h4c.69 0 1.25.56 1.25 1.25v2h1.5zm7-2v2h-1.5v-2c0-.69-.56-1.25-1.25-1.25H15v-1.5h2.5A2.75 2.75 0 0120.25 15zM9.5 8.5a1 1 0 11-2 0 1 1 0 012 0zm1.5 0a2.5 2.5 0 11-5 0 2.5 2.5 0 015 0z",fillRule:"evenodd"}));function r(){return r=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n])}return e},r.apply(this,arguments)}const o=window.wp.components,i=window.wp.blockEditor,c=window.wp.i18n,s=window.React,p=window.wp.apiFetch;var u=a.n(p);const v=window.wp.url;var m=a(184),b=a.n(m);function w(e){let{active:a,children:n,page:l,pageClick:r,className:o}=e;const i=b()("wp-block activitypub-pager",o,{current:a});return(0,t.createElement)("a",{className:i,onClick:e=>{e.preventDefault(),!a&&r(l)}},n)}const d={outlined:"outlined",minimal:"minimal"};function g(e){let{compact:a,nextLabel:n,page:l,pageClick:r,perPage:o,prevLabel:i,total:c,variant:s=d.outlined}=e;const p=((e,t)=>{let a=[1,e-2,e-1,e,e+1,e+2,t];a.sort(((e,t)=>e-t)),a=a.filter(((e,a,n)=>e>=1&&e<=t&&n.lastIndexOf(e)===a));for(let e=a.length-2;e>=0;e--)a[e]===a[e+1]&&a.splice(e+1,1);return a})(l,Math.ceil(c/o)),u=b()("alignwide wp-block-query-pagination is-content-justification-space-between is-layout-flex wp-block-query-pagination-is-layout-flex",`is-${s}`,{"is-compact":a});return(0,t.createElement)("nav",{className:u},i&&(0,t.createElement)(w,{key:"prev",page:l-1,pageClick:r,active:1===l,"aria-label":i,className:"wp-block-query-pagination-previous block-editor-block-list__block"},i),!a&&(0,t.createElement)("div",{className:"block-editor-block-list__block wp-block wp-block-query-pagination-numbers"},p.map((e=>(0,t.createElement)(w,{key:e,page:e,pageClick:r,active:e===l,className:"page-numbers"},e)))),n&&(0,t.createElement)(w,{key:"next",page:l+1,pageClick:r,active:l===Math.ceil(c/o),"aria-label":n,className:"wp-block-query-pagination-next block-editor-block-list__block"},n))}const{namespace:f}=window._activityPubOptions;function y(e){let{selectedUser:a,per_page:n,order:l,title:o,page:i,setPage:p,className:m="",followLinks:b=!0}=e;const w="site"===a?0:a,[d,y]=(0,s.useState)([]),[k,_]=(0,s.useState)(0),[E,x]=(0,s.useState)(0),[C,S]=function(){const[e,t]=(0,s.useState)(1);return[e,t]}(),O=i||C,N=p||S,P=(0,t.createInterpolateElement)(/* translators: arrow for previous followers link */
-(0,c.__)("<span>←</span> Less","activitypub"),{span:(0,t.createElement)("span",{class:"wp-block-query-pagination-previous-arrow is-arrow-arrow","aria-hidden":"true"})}),L=(0,t.createInterpolateElement)(/* translators: arrow for next followers link */
-(0,c.__)("More <span>→</span>","activitypub"),{span:(0,t.createElement)("span",{class:"wp-block-query-pagination-next-arrow is-arrow-arrow","aria-hidden":"true"})});return(0,s.useEffect)((()=>{const e=function(e,t,a,n){const l=`/${f}/users/${e}/followers`,r={per_page:t,order:a,page:n,context:"full"};return(0,v.addQueryArgs)(l,r)}(w,n,l,O);u()({path:e}).then((e=>{_(Math.ceil(e.totalItems/n)),x(e.totalItems),y(e.orderedItems)})).catch((()=>{}))}),[w,n,l,O]),(0,t.createElement)("div",{className:"activitypub-follower-block "+m},(0,t.createElement)("h3",null,o),(0,t.createElement)("ul",null,d&&d.map((e=>(0,t.createElement)("li",{key:e.url},(0,t.createElement)(h,r({},e,{followLinks:b})))))),k>1&&(0,t.createElement)(g,{page:O,perPage:n,total:E,pageClick:N,nextLabel:L,prevLabel:P,compact:"is-style-compact"===m}))}function h(e){let{name:a,icon:n,url:l,preferredUsername:i,followLinks:c=!0}=e;const s=`@${i}`,p={};return c||(p.onClick=e=>e.preventDefault()),(0,t.createElement)(o.ExternalLink,r({className:"activitypub-link",href:l,title:s},p),(0,t.createElement)("img",{width:"40",height:"40",src:n.url,class:"avatar activitypub-avatar"}),(0,t.createElement)("span",{class:"activitypub-actor"},(0,t.createElement)("strong",{className:"activitypub-name"},a),(0,t.createElement)("span",{class:"sep"},"/"),(0,t.createElement)("span",{class:"activitypub-handle"},s)))}const k=window.wp.data,_=window._activityPubOptions?.enabled;(0,e.registerBlockType)("activitypub/followers",{edit:function(e){let{attributes:a,setAttributes:n}=e;const{order:l,per_page:s,selectedUser:p,title:u}=a,v=(0,i.useBlockProps)(),[m,b]=(0,t.useState)(1),w=[{label:(0,c.__)("New to old","activitypub"),value:"desc"},{label:(0,c.__)("Old to new","activitypub"),value:"asc"}],d=function(){const e=_?.users?(0,k.useSelect)((e=>e("core").getUsers({who:"authors"}))):[];return(0,t.useMemo)((()=>{if(!e)return[];const t=_?.site?[{label:(0,c.__)("Whole Site","activitypub"),value:"site"}]:[];return e.reduce(((e,t)=>(e.push({label:t.name,value:t.id}),e)),t)}),[e])}(),g=e=>t=>{b(1),n({[e]:t})};return(0,t.createElement)("div",v,(0,t.createElement)(i.InspectorControls,{key:"setting"},(0,t.createElement)(o.PanelBody,{title:(0,c.__)("Followers Options","activitypub")},(0,t.createElement)(o.TextControl,{label:(0,c.__)("Title","activitypub"),help:(0,c.__)("Title to display above the list of followers. Blank for none.","activitypub"),value:u,onChange:e=>n({title:e})}),(0,t.createElement)(o.SelectControl,{label:(0,c.__)("Select User","activitypub"),value:p,options:d,onChange:g("selectedUser")}),(0,t.createElement)(o.SelectControl,{label:(0,c.__)("Sort","activitypub"),value:l,options:w,onChange:g("order")}),(0,t.createElement)(o.RangeControl,{label:(0,c.__)("Number of Followers","activitypub"),value:s,onChange:g("per_page"),min:1,max:10}))),(0,t.createElement)(y,r({},a,{page:m,setPage:b,followLinks:!1})))},save:()=>null,icon:l})})()})();
+(()=>{var e={184:(e,t)=>{var a;!function(){"use strict";var n={}.hasOwnProperty;function l(){for(var e=[],t=0;t<arguments.length;t++){var a=arguments[t];if(a){var r=typeof a;if("string"===r||"number"===r)e.push(a);else if(Array.isArray(a)){if(a.length){var o=l.apply(null,a);o&&e.push(o)}}else if("object"===r){if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]")){e.push(a.toString());continue}for(var i in a)n.call(a,i)&&a[i]&&e.push(i)}}}return e.join(" ")}e.exports?(l.default=l,e.exports=l):void 0===(a=function(){return l}.apply(t,[]))||(e.exports=a)}()}},t={};function a(n){var l=t[n];if(void 0!==l)return l.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,a),r.exports}a.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return a.d(t,{a:t}),t},a.d=(e,t)=>{for(var n in t)a.o(t,n)&&!a.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},a.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{"use strict";const e=window.wp.blocks,t=window.wp.element,n=window.wp.primitives,l=(0,t.createElement)(n.SVG,{xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 24 24"},(0,t.createElement)(n.Path,{d:"M15.5 9.5a1 1 0 100-2 1 1 0 000 2zm0 1.5a2.5 2.5 0 100-5 2.5 2.5 0 000 5zm-2.25 6v-2a2.75 2.75 0 00-2.75-2.75h-4A2.75 2.75 0 003.75 15v2h1.5v-2c0-.69.56-1.25 1.25-1.25h4c.69 0 1.25.56 1.25 1.25v2h1.5zm7-2v2h-1.5v-2c0-.69-.56-1.25-1.25-1.25H15v-1.5h2.5A2.75 2.75 0 0120.25 15zM9.5 8.5a1 1 0 11-2 0 1 1 0 012 0zm1.5 0a2.5 2.5 0 11-5 0 2.5 2.5 0 015 0z",fillRule:"evenodd"}));function r(){return r=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n])}return e},r.apply(this,arguments)}const o=window.wp.components,i=window.wp.blockEditor,c=window.wp.i18n,s=window.React,p=window.wp.apiFetch;var u=a.n(p);const v=window.wp.url;var m=a(184),b=a.n(m);function w(e){let{active:a,children:n,page:l,pageClick:r,className:o}=e;const i=b()("wp-block activitypub-pager",o,{current:a});return(0,t.createElement)("a",{className:i,onClick:e=>{e.preventDefault(),!a&&r(l)}},n)}const d={outlined:"outlined",minimal:"minimal"};function f(e){let{compact:a,nextLabel:n,page:l,pageClick:r,perPage:o,prevLabel:i,total:c,variant:s=d.outlined}=e;const p=((e,t)=>{let a=[1,e-2,e-1,e,e+1,e+2,t];a.sort(((e,t)=>e-t)),a=a.filter(((e,a,n)=>e>=1&&e<=t&&n.lastIndexOf(e)===a));for(let e=a.length-2;e>=0;e--)a[e]===a[e+1]&&a.splice(e+1,1);return a})(l,Math.ceil(c/o)),u=b()("alignwide wp-block-query-pagination is-content-justification-space-between is-layout-flex wp-block-query-pagination-is-layout-flex",`is-${s}`,{"is-compact":a});return(0,t.createElement)("nav",{className:u},i&&(0,t.createElement)(w,{key:"prev",page:l-1,pageClick:r,active:1===l,"aria-label":i,className:"wp-block-query-pagination-previous block-editor-block-list__block"},i),!a&&(0,t.createElement)("div",{className:"block-editor-block-list__block wp-block wp-block-query-pagination-numbers"},p.map((e=>(0,t.createElement)(w,{key:e,page:e,pageClick:r,active:e===l,className:"page-numbers"},e)))),n&&(0,t.createElement)(w,{key:"next",page:l+1,pageClick:r,active:l===Math.ceil(c/o),"aria-label":n,className:"wp-block-query-pagination-next block-editor-block-list__block"},n))}const{namespace:g}=window._activityPubOptions;function y(e){let{selectedUser:a,per_page:n,order:l,title:o,page:i,setPage:p,className:m="",followLinks:b=!0,followerData:w=!1}=e;const d="site"===a?0:a,[y,k]=(0,s.useState)([]),[E,_]=(0,s.useState)(0),[x,C]=(0,s.useState)(0),[S,O]=function(){const[e,t]=(0,s.useState)(1);return[e,t]}(),N=i||S,P=p||O,L=(0,t.createInterpolateElement)(/* translators: arrow for previous followers link */
+(0,c.__)("<span>←</span> Less","activitypub"),{span:(0,t.createElement)("span",{class:"wp-block-query-pagination-previous-arrow is-arrow-arrow","aria-hidden":"true"})}),j=(0,t.createInterpolateElement)(/* translators: arrow for next followers link */
+(0,c.__)("More <span>→</span>","activitypub"),{span:(0,t.createElement)("span",{class:"wp-block-query-pagination-next-arrow is-arrow-arrow","aria-hidden":"true"})}),M=(e,t)=>{k(e),C(t),_(Math.ceil(t/n))};return(0,s.useEffect)((()=>{if(w&&1===N)return M(w.followers,w.total);const e=function(e,t,a,n){const l=`/${g}/users/${e}/followers`,r={per_page:t,order:a,page:n,context:"full"};return(0,v.addQueryArgs)(l,r)}(d,n,l,N);u()({path:e}).then((e=>M(e.orderedItems,e.totalItems))).catch((()=>{}))}),[d,n,l,N,w]),(0,t.createElement)("div",{className:"activitypub-follower-block "+m},(0,t.createElement)("h3",null,o),(0,t.createElement)("ul",null,y&&y.map((e=>(0,t.createElement)("li",{key:e.url},(0,t.createElement)(h,r({},e,{followLinks:b})))))),E>1&&(0,t.createElement)(f,{page:N,perPage:n,total:x,pageClick:P,nextLabel:j,prevLabel:L,compact:"is-style-compact"===m}))}function h(e){let{name:a,icon:n,url:l,preferredUsername:i,followLinks:c=!0}=e;const s=`@${i}`,p={};return c||(p.onClick=e=>e.preventDefault()),(0,t.createElement)(o.ExternalLink,r({className:"activitypub-link",href:l,title:s},p),(0,t.createElement)("img",{width:"40",height:"40",src:n.url,class:"avatar activitypub-avatar"}),(0,t.createElement)("span",{class:"activitypub-actor"},(0,t.createElement)("strong",{className:"activitypub-name"},a),(0,t.createElement)("span",{class:"sep"},"/"),(0,t.createElement)("span",{class:"activitypub-handle"},s)))}const k=window.wp.data,E=window._activityPubOptions?.enabled;(0,e.registerBlockType)("activitypub/followers",{edit:function(e){let{attributes:a,setAttributes:n}=e;const{order:l,per_page:s,selectedUser:p,title:u}=a,v=(0,i.useBlockProps)(),[m,b]=(0,t.useState)(1),w=[{label:(0,c.__)("New to old","activitypub"),value:"desc"},{label:(0,c.__)("Old to new","activitypub"),value:"asc"}],d=function(){const e=E?.users?(0,k.useSelect)((e=>e("core").getUsers({who:"authors"}))):[];return(0,t.useMemo)((()=>{if(!e)return[];const t=E?.site?[{label:(0,c.__)("Whole Site","activitypub"),value:"site"}]:[];return e.reduce(((e,t)=>(e.push({label:t.name,value:`${t.id}`}),e)),t)}),[e])}(),f=e=>t=>{b(1),n({[e]:t})};return(0,t.useEffect)((()=>{d.length&&(d.find((e=>{let{value:t}=e;return t===p}))||n({selectedUser:d[0].value}))}),[p,d]),(0,t.createElement)("div",v,(0,t.createElement)(i.InspectorControls,{key:"setting"},(0,t.createElement)(o.PanelBody,{title:(0,c.__)("Followers Options","activitypub")},(0,t.createElement)(o.TextControl,{label:(0,c.__)("Title","activitypub"),help:(0,c.__)("Title to display above the list of followers. Blank for none.","activitypub"),value:u,onChange:e=>n({title:e})}),d.length>1&&(0,t.createElement)(o.SelectControl,{label:(0,c.__)("Select User","activitypub"),value:p,options:d,onChange:f("selectedUser")}),(0,t.createElement)(o.SelectControl,{label:(0,c.__)("Sort","activitypub"),value:l,options:w,onChange:f("order")}),(0,t.createElement)(o.RangeControl,{label:(0,c.__)("Number of Followers","activitypub"),value:s,onChange:f("per_page"),min:1,max:10}))),(0,t.createElement)(y,r({},a,{page:m,setPage:b,followLinks:!1})))},save:()=>null,icon:l})})()})();

build/followers/view.asset.php

@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-url'), 'version' => '6384e801c2802d2fecee');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-url'), 'version' => 'f0e21057f7ec615290d6');

build/followers/view.js

@@ -1,3 +1,3 @@
-(()=>{var e,t={189:(e,t,a)=>{"use strict";const r=window.wp.element;function n(){return n=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var r in a)Object.prototype.hasOwnProperty.call(a,r)&&(e[r]=a[r])}return e},n.apply(this,arguments)}const l=window.React,i=window.wp.apiFetch;var o=a.n(i);const c=window.wp.url,s=window.wp.i18n;var p=a(184),u=a.n(p);function m(e){let{active:t,children:a,page:n,pageClick:l,className:i}=e;const o=u()("wp-block activitypub-pager",i,{current:t});return(0,r.createElement)("a",{className:o,onClick:e=>{e.preventDefault(),!t&&l(n)}},a)}const v={outlined:"outlined",minimal:"minimal"};function b(e){let{compact:t,nextLabel:a,page:n,pageClick:l,perPage:i,prevLabel:o,total:c,variant:s=v.outlined}=e;const p=((e,t)=>{let a=[1,e-2,e-1,e,e+1,e+2,t];a.sort(((e,t)=>e-t)),a=a.filter(((e,a,r)=>e>=1&&e<=t&&r.lastIndexOf(e)===a));for(let e=a.length-2;e>=0;e--)a[e]===a[e+1]&&a.splice(e+1,1);return a})(n,Math.ceil(c/i)),b=u()("alignwide wp-block-query-pagination is-content-justification-space-between is-layout-flex wp-block-query-pagination-is-layout-flex",`is-${s}`,{"is-compact":t});return(0,r.createElement)("nav",{className:b},o&&(0,r.createElement)(m,{key:"prev",page:n-1,pageClick:l,active:1===n,"aria-label":o,className:"wp-block-query-pagination-previous block-editor-block-list__block"},o),!t&&(0,r.createElement)("div",{className:"block-editor-block-list__block wp-block wp-block-query-pagination-numbers"},p.map((e=>(0,r.createElement)(m,{key:e,page:e,pageClick:l,active:e===n,className:"page-numbers"},e)))),a&&(0,r.createElement)(m,{key:"next",page:n+1,pageClick:l,active:n===Math.ceil(c/i),"aria-label":a,className:"wp-block-query-pagination-next block-editor-block-list__block"},a))}const f=window.wp.components,{namespace:d}=window._activityPubOptions;function w(e){let{selectedUser:t,per_page:a,order:i,title:p,page:u,setPage:m,className:v="",followLinks:f=!0}=e;const w="site"===t?0:t,[y,k]=(0,l.useState)([]),[h,E]=(0,l.useState)(0),[O,x]=(0,l.useState)(0),[_,N]=function(){const[e,t]=(0,l.useState)(1);return[e,t]}(),j=u||_,S=m||N,C=(0,r.createInterpolateElement)(/* translators: arrow for previous followers link */
-(0,s.__)("<span>←</span> Less","activitypub"),{span:(0,r.createElement)("span",{class:"wp-block-query-pagination-previous-arrow is-arrow-arrow","aria-hidden":"true"})}),L=(0,r.createInterpolateElement)(/* translators: arrow for next followers link */
-(0,s.__)("More <span>→</span>","activitypub"),{span:(0,r.createElement)("span",{class:"wp-block-query-pagination-next-arrow is-arrow-arrow","aria-hidden":"true"})});return(0,l.useEffect)((()=>{const e=function(e,t,a,r){const n=`/${d}/users/${e}/followers`,l={per_page:t,order:a,page:r,context:"full"};return(0,c.addQueryArgs)(n,l)}(w,a,i,j);o()({path:e}).then((e=>{E(Math.ceil(e.totalItems/a)),x(e.totalItems),k(e.orderedItems)})).catch((()=>{}))}),[w,a,i,j]),(0,r.createElement)("div",{className:"activitypub-follower-block "+v},(0,r.createElement)("h3",null,p),(0,r.createElement)("ul",null,y&&y.map((e=>(0,r.createElement)("li",{key:e.url},(0,r.createElement)(g,n({},e,{followLinks:f})))))),h>1&&(0,r.createElement)(b,{page:j,perPage:a,total:O,pageClick:S,nextLabel:L,prevLabel:C,compact:"is-style-compact"===v}))}function g(e){let{name:t,icon:a,url:l,preferredUsername:i,followLinks:o=!0}=e;const c=`@${i}`,s={};return o||(s.onClick=e=>e.preventDefault()),(0,r.createElement)(f.ExternalLink,n({className:"activitypub-link",href:l,title:c},s),(0,r.createElement)("img",{width:"40",height:"40",src:a.url,class:"avatar activitypub-avatar"}),(0,r.createElement)("span",{class:"activitypub-actor"},(0,r.createElement)("strong",{className:"activitypub-name"},t),(0,r.createElement)("span",{class:"sep"},"/"),(0,r.createElement)("span",{class:"activitypub-handle"},c)))}const y=window.wp.domReady;a.n(y)()((()=>{[].forEach.call(document.querySelectorAll(".activitypub-follower-block"),(e=>{const t=JSON.parse(e.dataset.attrs);(0,r.render)((0,r.createElement)(w,t),e)}))}))},184:(e,t)=>{var a;!function(){"use strict";var r={}.hasOwnProperty;function n(){for(var e=[],t=0;t<arguments.length;t++){var a=arguments[t];if(a){var l=typeof a;if("string"===l||"number"===l)e.push(a);else if(Array.isArray(a)){if(a.length){var i=n.apply(null,a);i&&e.push(i)}}else if("object"===l){if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]")){e.push(a.toString());continue}for(var o in a)r.call(a,o)&&a[o]&&e.push(o)}}}return e.join(" ")}e.exports?(n.default=n,e.exports=n):void 0===(a=function(){return n}.apply(t,[]))||(e.exports=a)}()}},a={};function r(e){var n=a[e];if(void 0!==n)return n.exports;var l=a[e]={exports:{}};return t[e](l,l.exports,r),l.exports}r.m=t,e=[],r.O=(t,a,n,l)=>{if(!a){var i=1/0;for(p=0;p<e.length;p++){for(var[a,n,l]=e[p],o=!0,c=0;c<a.length;c++)(!1&l||i>=l)&&Object.keys(r.O).every((e=>r.O[e](a[c])))?a.splice(c--,1):(o=!1,l<i&&(i=l));if(o){e.splice(p--,1);var s=n();void 0!==s&&(t=s)}}return t}l=l||0;for(var p=e.length;p>0&&e[p-1][2]>l;p--)e[p]=e[p-1];e[p]=[a,n,l]},r.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return r.d(t,{a:t}),t},r.d=(e,t)=>{for(var a in t)r.o(t,a)&&!r.o(e,a)&&Object.defineProperty(e,a,{enumerable:!0,get:t[a]})},r.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{var e={638:0,962:0};r.O.j=t=>0===e[t];var t=(t,a)=>{var n,l,[i,o,c]=a,s=0;if(i.some((t=>0!==e[t]))){for(n in o)r.o(o,n)&&(r.m[n]=o[n]);if(c)var p=c(r)}for(t&&t(a);s<i.length;s++)l=i[s],r.o(e,l)&&e[l]&&e[l][0](),e[l]=0;return r.O(p)},a=globalThis.webpackChunkwordpress_activitypub=globalThis.webpackChunkwordpress_activitypub||[];a.forEach(t.bind(null,0)),a.push=t.bind(null,a.push.bind(a))})();var n=r.O(void 0,[962],(()=>r(189)));n=r.O(n)})();
+(()=>{var e,t={189:(e,t,a)=>{"use strict";const r=window.wp.element;function n(){return n=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var a=arguments[t];for(var r in a)Object.prototype.hasOwnProperty.call(a,r)&&(e[r]=a[r])}return e},n.apply(this,arguments)}const l=window.React,o=window.wp.apiFetch;var i=a.n(o);const c=window.wp.url,s=window.wp.i18n;var p=a(184),u=a.n(p);function m(e){let{active:t,children:a,page:n,pageClick:l,className:o}=e;const i=u()("wp-block activitypub-pager",o,{current:t});return(0,r.createElement)("a",{className:i,onClick:e=>{e.preventDefault(),!t&&l(n)}},a)}const v={outlined:"outlined",minimal:"minimal"};function f(e){let{compact:t,nextLabel:a,page:n,pageClick:l,perPage:o,prevLabel:i,total:c,variant:s=v.outlined}=e;const p=((e,t)=>{let a=[1,e-2,e-1,e,e+1,e+2,t];a.sort(((e,t)=>e-t)),a=a.filter(((e,a,r)=>e>=1&&e<=t&&r.lastIndexOf(e)===a));for(let e=a.length-2;e>=0;e--)a[e]===a[e+1]&&a.splice(e+1,1);return a})(n,Math.ceil(c/o)),f=u()("alignwide wp-block-query-pagination is-content-justification-space-between is-layout-flex wp-block-query-pagination-is-layout-flex",`is-${s}`,{"is-compact":t});return(0,r.createElement)("nav",{className:f},i&&(0,r.createElement)(m,{key:"prev",page:n-1,pageClick:l,active:1===n,"aria-label":i,className:"wp-block-query-pagination-previous block-editor-block-list__block"},i),!t&&(0,r.createElement)("div",{className:"block-editor-block-list__block wp-block wp-block-query-pagination-numbers"},p.map((e=>(0,r.createElement)(m,{key:e,page:e,pageClick:l,active:e===n,className:"page-numbers"},e)))),a&&(0,r.createElement)(m,{key:"next",page:n+1,pageClick:l,active:n===Math.ceil(c/o),"aria-label":a,className:"wp-block-query-pagination-next block-editor-block-list__block"},a))}const b=window.wp.components,{namespace:d}=window._activityPubOptions;function w(e){let{selectedUser:t,per_page:a,order:o,title:p,page:u,setPage:m,className:v="",followLinks:b=!0,followerData:w=!1}=e;const y="site"===t?0:t,[k,h]=(0,l.useState)([]),[E,O]=(0,l.useState)(0),[x,_]=(0,l.useState)(0),[N,j]=function(){const[e,t]=(0,l.useState)(1);return[e,t]}(),S=u||N,C=m||j,L=(0,r.createInterpolateElement)(/* translators: arrow for previous followers link */
+(0,s.__)("<span>←</span> Less","activitypub"),{span:(0,r.createElement)("span",{class:"wp-block-query-pagination-previous-arrow is-arrow-arrow","aria-hidden":"true"})}),q=(0,r.createInterpolateElement)(/* translators: arrow for next followers link */
+(0,s.__)("More <span>→</span>","activitypub"),{span:(0,r.createElement)("span",{class:"wp-block-query-pagination-next-arrow is-arrow-arrow","aria-hidden":"true"})}),P=(e,t)=>{h(e),_(t),O(Math.ceil(t/a))};return(0,l.useEffect)((()=>{if(w&&1===S)return P(w.followers,w.total);const e=function(e,t,a,r){const n=`/${d}/users/${e}/followers`,l={per_page:t,order:a,page:r,context:"full"};return(0,c.addQueryArgs)(n,l)}(y,a,o,S);i()({path:e}).then((e=>P(e.orderedItems,e.totalItems))).catch((()=>{}))}),[y,a,o,S,w]),(0,r.createElement)("div",{className:"activitypub-follower-block "+v},(0,r.createElement)("h3",null,p),(0,r.createElement)("ul",null,k&&k.map((e=>(0,r.createElement)("li",{key:e.url},(0,r.createElement)(g,n({},e,{followLinks:b})))))),E>1&&(0,r.createElement)(f,{page:S,perPage:a,total:x,pageClick:C,nextLabel:q,prevLabel:L,compact:"is-style-compact"===v}))}function g(e){let{name:t,icon:a,url:l,preferredUsername:o,followLinks:i=!0}=e;const c=`@${o}`,s={};return i||(s.onClick=e=>e.preventDefault()),(0,r.createElement)(b.ExternalLink,n({className:"activitypub-link",href:l,title:c},s),(0,r.createElement)("img",{width:"40",height:"40",src:a.url,class:"avatar activitypub-avatar"}),(0,r.createElement)("span",{class:"activitypub-actor"},(0,r.createElement)("strong",{className:"activitypub-name"},t),(0,r.createElement)("span",{class:"sep"},"/"),(0,r.createElement)("span",{class:"activitypub-handle"},c)))}const y=window.wp.domReady;a.n(y)()((()=>{[].forEach.call(document.querySelectorAll(".activitypub-follower-block"),(e=>{const t=JSON.parse(e.dataset.attrs);(0,r.render)((0,r.createElement)(w,t),e)}))}))},184:(e,t)=>{var a;!function(){"use strict";var r={}.hasOwnProperty;function n(){for(var e=[],t=0;t<arguments.length;t++){var a=arguments[t];if(a){var l=typeof a;if("string"===l||"number"===l)e.push(a);else if(Array.isArray(a)){if(a.length){var o=n.apply(null,a);o&&e.push(o)}}else if("object"===l){if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]")){e.push(a.toString());continue}for(var i in a)r.call(a,i)&&a[i]&&e.push(i)}}}return e.join(" ")}e.exports?(n.default=n,e.exports=n):void 0===(a=function(){return n}.apply(t,[]))||(e.exports=a)}()}},a={};function r(e){var n=a[e];if(void 0!==n)return n.exports;var l=a[e]={exports:{}};return t[e](l,l.exports,r),l.exports}r.m=t,e=[],r.O=(t,a,n,l)=>{if(!a){var o=1/0;for(p=0;p<e.length;p++){for(var[a,n,l]=e[p],i=!0,c=0;c<a.length;c++)(!1&l||o>=l)&&Object.keys(r.O).every((e=>r.O[e](a[c])))?a.splice(c--,1):(i=!1,l<o&&(o=l));if(i){e.splice(p--,1);var s=n();void 0!==s&&(t=s)}}return t}l=l||0;for(var p=e.length;p>0&&e[p-1][2]>l;p--)e[p]=e[p-1];e[p]=[a,n,l]},r.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return r.d(t,{a:t}),t},r.d=(e,t)=>{for(var a in t)r.o(t,a)&&!r.o(e,a)&&Object.defineProperty(e,a,{enumerable:!0,get:t[a]})},r.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{var e={638:0,962:0};r.O.j=t=>0===e[t];var t=(t,a)=>{var n,l,[o,i,c]=a,s=0;if(o.some((t=>0!==e[t]))){for(n in i)r.o(i,n)&&(r.m[n]=i[n]);if(c)var p=c(r)}for(t&&t(a);s<o.length;s++)l=o[s],r.o(e,l)&&e[l]&&e[l][0](),e[l]=0;return r.O(p)},a=globalThis.webpackChunkwordpress_activitypub=globalThis.webpackChunkwordpress_activitypub||[];a.forEach(t.bind(null,0)),a.push=t.bind(null,a.push.bind(a))})();var n=r.O(void 0,[962],(()=>r(189)));n=r.O(n)})();

includes/activity/class-activity.php

@@ -28,6 +28,7 @@ class Activity extends Base_Object {
 			'toot' => 'http://joinmastodon.org/ns#',
 			'webfinger' => 'https://webfinger.net/#',
 			'litepub' => 'http://litepub.social/ns#',
+			'lemmy' => 'https://join-lemmy.org/ns#',
 			'value' => 'schema:value',
 			'Hashtag' => 'as:Hashtag',
 			'featured' => array(
@@ -42,7 +43,13 @@ class Activity extends Base_Object {
 				'@id' => 'as:alsoKnownAs',
 				'@type' => '@id',
 			),
+			'moderators' => array(
+				'@id' => 'lemmy:moderators',
+				'@type' => '@id',
+			),
+			'postingRestrictedToMods' => 'lemmy:postingRestrictedToMods',
 			'discoverable' => 'toot:discoverable',
+			'indexable' => 'toot:indexable',
 			'sensitive' => 'as:sensitive',
 			'resource' => 'webfinger:resource',
 		),

includes/activity/class-base-object.php

@@ -450,7 +450,7 @@ class Base_Object {
 
 		if ( \strncasecmp( $method, 'get', 3 ) === 0 ) {
 			if ( ! $this->has( $var ) ) {
-				return new WP_Error( 'invalid_key', 'Invalid key' );
+				return new WP_Error( 'invalid_key', __( 'Invalid key', 'activitypub' ), array( 'status' => 404 ) );
 			}
 
 			return $this->$var;
@@ -492,7 +492,7 @@ class Base_Object {
 	 */
 	public function get( $key ) {
 		if ( ! $this->has( $key ) ) {
-			return new WP_Error( 'invalid_key', 'Invalid key' );
+			return new WP_Error( 'invalid_key', __( 'Invalid key', 'activitypub' ), array( 'status' => 404 ) );
 		}
 
 		return call_user_func( array( $this, 'get_' . $key ) );
@@ -519,7 +519,7 @@ class Base_Object {
 	 */
 	public function set( $key, $value ) {
 		if ( ! $this->has( $key ) ) {
-			return new WP_Error( 'invalid_key', 'Invalid key' );
+			return new WP_Error( 'invalid_key', __( 'Invalid key', 'activitypub' ), array( 'status' => 404 ) );
 		}
 
 		$this->$key = $value;
@@ -537,7 +537,7 @@ class Base_Object {
 	 */
 	public function add( $key, $value ) {
 		if ( ! $this->has( $key ) ) {
-			return new WP_Error( 'invalid_key', 'Invalid key' );
+			return new WP_Error( 'invalid_key', __( 'Invalid key', 'activitypub' ), array( 'status' => 404 ) );
 		}
 
 		if ( ! isset( $this->$key ) ) {
@@ -562,6 +562,10 @@ class Base_Object {
 	public static function init_from_json( $json ) {
 		$array = \json_decode( $json, true );
 
+		if ( ! is_array( $array ) ) {
+			$array = array();
+		}
+
 		return self::init_from_array( $array );
 	}
 
@@ -573,6 +577,10 @@ class Base_Object {
 	 * @return \Activitypub\Activity\Base_Object An Object built from the JSON string.
 	 */
 	public static function init_from_array( $array ) {
+		if ( ! is_array( $array ) ) {
+			return new WP_Error( 'invalid_array', __( 'Invalid array', 'activitypub' ), array( 'status' => 404 ) );
+		}
+
 		$object = new static();
 
 		foreach ( $array as $key => $value ) {
@@ -636,7 +644,7 @@ class Base_Object {
 			}
 
 			// if value is still empty, ignore it for the array and continue.
-			if ( $value ) {
+			if ( isset( $value ) ) {
 				$array[ snake_to_camel_case( $key ) ] = $value;
 			}
 		}

includes/activity/class-event.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * Inspired by the PHP ActivityPub Library by @Landrok
+ *
+ * @link https://github.com/landrok/activitypub
+ */
+
+namespace Activitypub\Activity;
+
+use Activitypub\Activity\Base_Object;
+
+/**
+ * Event is an implementation of one of the
+ * Activity Streams Event object type
+ *
+ * The Object is the primary base type for the Activity Streams
+ * vocabulary.
+ *
+ * @see https://www.w3.org/TR/activitystreams-vocabulary/#dfn-event
+ */
+class Note extends Base_Object {
+	protected $type = 'Event';
+}

includes/activity/class-note.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * Inspired by the PHP ActivityPub Library by @Landrok
+ *
+ * @link https://github.com/landrok/activitypub
+ */
+
+namespace Activitypub\Activity;
+
+use Activitypub\Activity\Base_Object;
+
+/**
+ * Note is an implementation of one of the
+ * Activity Streams Note object type
+ *
+ * The Object is the primary base type for the Activity Streams
+ * vocabulary.
+ *
+ * @see https://www.w3.org/TR/activitystreams-vocabulary/#dfn-note
+ */
+class Note extends Base_Object {
+	protected $type = 'Note';
+}

includes/class-activity-dispatcher.php

@@ -5,7 +5,7 @@ use WP_Post;
 use Activitypub\Activity\Activity;
 use Activitypub\Collection\Users;
 use Activitypub\Collection\Followers;
-use Activitypub\Transformer\Post;
+use Activitypub\Transformer\Transformers_Manager;
 
 use function Activitypub\is_single_user;
 use function Activitypub\is_user_disabled;
@@ -65,7 +65,8 @@ class Activity_Dispatcher {
 			return;
 		}
 
-		$object = Post::transform( $wp_post )->to_object();
+		$transformer = Transformers_Manager::instance()->get_transformer( $wp_post );
+		$object = $transformer->to_object();
 
 		$activity = new Activity();
 		$activity->set_type( $type );
@@ -101,7 +102,8 @@ class Activity_Dispatcher {
 			return;
 		}
 
-		$object = Post::transform( $wp_post )->to_object();
+		$transformer = Transformers_Manager::instance()->get_transformer( $wp_post );
+		$object = $transformer->to_object();
 
 		$activity = new Activity();
 		$activity->set_type( 'Announce' );

includes/class-activitypub.php

@@ -20,9 +20,9 @@ class Activitypub {
 		\add_filter( 'get_comment_link', array( self::class, 'remote_comment_link' ), 11, 3 );
 
 		// Add support for ActivityPub to custom post types
-		$post_types = \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) ) ? \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) ) : array();
+		$transformer_mapping = \get_option( 'activitypub_transformer_mapping', array( 'post' => 'activitypub/default', 'page' => 'activitypub/default' ) ) ? \get_option( 'activitypub_transformer_mapping', array( 'post' => 'activitypub/default', 'page' => 'activitypub/default' ) ) : array();
 
-		foreach ( $post_types as $post_type ) {
+		foreach ( array_keys( $transformer_mapping ) as $post_type ) {
 			\add_post_type_support( $post_type, 'activitypub' );
 		}
 
@@ -227,6 +227,12 @@ class Activitypub {
 	 * Add rewrite rules
 	 */
 	public static function add_rewrite_rules() {
+		// If another system needs to take precedence over the ActivityPub rewrite rules,
+		// they can define their own and will manually call the appropriate functions as required.
+		if ( ACTIVITYPUB_DISABLE_REWRITES ) {
+			return;
+		}
+
 		if ( ! \class_exists( 'Webfinger' ) ) {
 			\add_rewrite_rule(
 				'^.well-known/webfinger',

includes/class-admin.php

@@ -1,6 +1,10 @@
 <?php
 namespace Activitypub;
 
+use WP_User_Query;
+use Activitypub\Model\Blog_User;
+use Activitypub\Base\Transformer\Base as Transformer_Base;
+
 /**
  * ActivityPub Admin Class
  *
@@ -19,6 +23,15 @@ class Admin {
 		if ( ! is_user_disabled( get_current_user_id() ) ) {
 			\add_action( 'show_user_profile', array( self::class, 'add_profile' ) );
 		}
+
+		add_filter(
+			'activitypub/transformers/is_transformer_enabled',
+			function( $should_register, Transformer_Base $transformer_instance ) {
+				return ! Options::is_transformer_disabled( $transformer_instance->get_name() );
+			},
+			10,
+			2
+		);
 	}
 
 	/**
@@ -151,14 +164,47 @@ class Admin {
 				'default' => '0',
 			)
 		);
-		\register_setting(
+
+		/**
+		 * Flexible activation of post_types together with mapping ActivityPub transformers.
+		 *
+		 * If a post-type is not mapped to any ActivtiyPub transformer it means it is not activated
+		 * for ActivityPub federation.
+		 *
+		 * @since version_number_transformer_management_placeholder
+		 */
+		register_setting(
 			'activitypub',
-			'activitypub_support_post_types',
+			'activitypub_transformer_mapping',
 			array(
-				'type'         => 'string',
-				'description'  => \esc_html__( 'Enable ActivityPub support for post types', 'activitypub' ),
-				'show_in_rest' => true,
-				'default'      => array( 'post', 'pages' ),
+				'type'         => 'array',
+				'default'      => array(
+					'post' => 'note',
+				),
+				'show_in_rest' => array(
+					'schema' => array(
+						'type'  => 'array',
+						'items' => array(
+							'type' => 'string',
+						),
+					),
+				),
+				'sanitize_callback' => function ( $value ) {
+					// Check if $value is an array
+					if ( ! is_array( $value ) ) {
+						return array();
+					}
+					$value_keys = array_keys( $value );
+
+					$all_public_post_types = \get_post_types( array( 'public' => true ), 'names' );
+
+					// Unset the keys that are missing in $keysToCheck
+					foreach ( array_diff( $value_keys, $all_public_post_types ) as $missing_key ) {
+						unset( $value[ $missing_key ] );
+					}
+					// var_dump($value);
+					return $value;
+				},
 			)
 		);
 		\register_setting(
@@ -168,7 +214,7 @@ class Admin {
 				'type'              => 'string',
 				'description'       => \esc_html__( 'The Identifier of the Blog-User', 'activitypub' ),
 				'show_in_rest'      => true,
-				'default'           => \Activitypub\Model\Blog_User::get_default_username(),
+				'default'           => Blog_User::get_default_username(),
 				'sanitize_callback' => function( $value ) {
 					// hack to allow dots in the username
 					$parts     = explode( '.', $value );
@@ -178,7 +224,31 @@ class Admin {
 						$sanitized[] = \sanitize_title( $part );
 					}
 
-					return implode( '.', $sanitized );
+					$sanitized = implode( '.', $sanitized );
+
+					// check for login or nicename.
+					$user = new WP_User_Query(
+						array(
+							'search'         => $sanitized,
+							'search_columns' => array( 'user_login', 'user_nicename' ),
+							'number'         => 1,
+							'hide_empty'     => true,
+							'fields'         => 'ID',
+						)
+					);
+
+					if ( $user->results ) {
+						add_settings_error(
+							'activitypub_blog_user_identifier',
+							'activitypub_blog_user_identifier',
+							\esc_html__( 'You cannot use an existing author\'s name for the blog profile ID.', 'activitypub' ),
+							'error'
+						);
+
+						return Blog_User::get_default_username();
+					}
+
+					return $sanitized;
 				},
 			)
 		);

includes/class-blocks.php

@@ -2,6 +2,7 @@
 namespace Activitypub;
 
 use Activitypub\Collection\Followers;
+use Activitypub\Collection\Users as User_Collection;
 use Activitypub\is_user_type_disabled;
 
 class Blocks {
@@ -51,12 +52,30 @@ class Blocks {
 		return 0;
 	}
 
+	/**
+	 * Filter an array by a list of keys.
+	 * @param array $array The array to filter.
+	 * @param array $keys The keys to keep.
+	 * @return array The filtered array.
+	 */
+	protected static function filter_array_by_keys( $array, $keys ) {
+		return array_intersect_key( $array, array_flip( $keys ) );
+	}
+
 	/**
 	 * Render the follow me block.
 	 * @param array $attrs The block attributes.
 	 * @return string The HTML to render.
 	 */
 	public static function render_follow_me_block( $attrs ) {
+		$user_id = self::get_user_id( $attrs['selectedUser'] );
+		$user = User_Collection::get_by_id( $user_id );
+		if ( ! is_wp_error( $user ) ) {
+			$attrs['profileData'] = self::filter_array_by_keys(
+				$user->to_array(),
+				array( 'icon', 'name', 'resource' )
+			);
+		}
 		$wrapper_attributes = get_block_wrapper_attributes(
 			array(
 				'aria-label' => __( 'Follow me on the Fediverse', 'activitypub' ),
@@ -71,8 +90,18 @@ class Blocks {
 	public static function render_follower_block( $attrs ) {
 		$followee_user_id = self::get_user_id( $attrs['selectedUser'] );
 		$per_page = absint( $attrs['per_page'] );
-		$followers = Followers::get_followers( $followee_user_id, $per_page );
-		$title = $attrs['title'];
+		$follower_data = Followers::get_followers_with_count( $followee_user_id, $per_page );
+
+		$attrs['followerData']['total'] = $follower_data['total'];
+		$attrs['followerData']['followers'] = array_map(
+			function( $follower ) {
+				return self::filter_array_by_keys(
+					$follower->to_array(),
+					array( 'icon', 'name', 'preferredUsername', 'url' )
+				);
+			},
+			$follower_data['followers']
+		);
 		$wrapper_attributes = get_block_wrapper_attributes(
 			array(
 				'aria-label' => __( 'Fediverse Followers', 'activitypub' ),
@@ -82,11 +111,11 @@ class Blocks {
 		);
 
 		$html = '<div ' . $wrapper_attributes . '>';
-		if ( $title ) {
-			$html .= '<h3>' . $title . '</h3>';
+		if ( $attrs['title'] ) {
+			$html .= '<h3>' . esc_html( $attrs['title'] ) . '</h3>';
 		}
 		$html .= '<ul>';
-		foreach ( $followers as $follower ) {
+		foreach ( $follower_data['followers'] as $follower ) {
 			$html .= '<li>' . self::render_follower( $follower ) . '</li>';
 		}
 		// We are only pagination on the JS side. Could be revisited but we gotta ship!

includes/class-hashtag.php

@@ -43,38 +43,60 @@ class Hashtag {
 	 * @return string the filtered post-content
 	 */
 	public static function the_content( $the_content ) {
-		$protected_tags = array();
-		$protect = function( $m ) use ( &$protected_tags ) {
-			$c = \wp_rand( 100000, 999999 );
-			$protect = '!#!#PROTECT' . $c . '#!#!';
-			while ( isset( $protected_tags[ $protect ] ) ) {
-				$c = \wp_rand( 100000, 999999 );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
+		// small protection against execution timeouts: limit to 1 MB
+		if ( mb_strlen( $the_content ) > MB_IN_BYTES ) {
+			return $the_content;
+		}
+		$tag_stack = array();
+		$protected_tags = array(
+			'pre',
+			'code',
+			'textarea',
+			'style',
+			'a',
+		);
+		$content_with_links = '';
+		$in_protected_tag = false;
+		foreach ( wp_html_split( $the_content ) as $chunk ) {
+			if ( preg_match( '#^<!--[\s\S]*-->$#i', $chunk, $m ) ) {
+				$content_with_links .= $chunk;
+				continue;
 			}
-			$protected_tags[ $protect ] = $m[0];
-			return $protect;
-		};
-		$the_content = preg_replace_callback(
-			'#<!\[CDATA\[.*?\]\]>#is',
-			$protect,
-			$the_content
-		);
-		$the_content = preg_replace_callback(
-			'#<(pre|code|textarea|style)\b[^>]*>.*?</\1[^>]*>#is',
-			$protect,
-			$the_content
-		);
-		$the_content = preg_replace_callback(
-			'#<[^>]+>#i',
-			$protect,
-			$the_content
-		);
 
-		$the_content = \preg_replace_callback( '/' . ACTIVITYPUB_HASHTAGS_REGEXP . '/i', array( '\Activitypub\Hashtag', 'replace_with_links' ), $the_content );
+			if ( preg_match( '#^<(/)?([a-z-]+)\b[^>]*>$#i', $chunk, $m ) ) {
+				$tag = strtolower( $m[2] );
+				if ( '/' === $m[1] ) {
+					// Closing tag.
+					$i = array_search( $tag, $tag_stack );
+					// We can only remove the tag from the stack if it is in the stack.
+					if ( false !== $i ) {
+						$tag_stack = array_slice( $tag_stack, 0, $i );
+					}
+				} else {
+					// Opening tag, add it to the stack.
+					$tag_stack[] = $tag;
+				}
 
-		$the_content = str_replace( array_reverse( array_keys( $protected_tags ) ), array_reverse( array_values( $protected_tags ) ), $the_content );
+				// If we're in a protected tag, the tag_stack contains at least one protected tag string.
+				// The protected tag state can only change when we encounter a start or end tag.
+				$in_protected_tag = array_intersect( $tag_stack, $protected_tags );
 
-		return $the_content;
+				// Never inspect tags.
+				$content_with_links .= $chunk;
+				continue;
+			}
+
+			if ( $in_protected_tag ) {
+				// Don't inspect a chunk inside an inspected tag.
+				$content_with_links .= $chunk;
+				continue;
+			}
+
+			// Only reachable when there is no protected tag in the stack.
+			$content_with_links .= \preg_replace_callback( '/' . ACTIVITYPUB_HASHTAGS_REGEXP . '/i', array( '\Activitypub\Hashtag', 'replace_with_links' ), $chunk );
+		}
+
+		return $content_with_links;
 	}
 
 	/**

includes/class-health-check.php

@@ -1,6 +1,14 @@
 <?php
 namespace Activitypub;
 
+use WP_Error;
+use Activitypub\Webfinger;
+use Activitypub\Collection\Users;
+
+use function Activitypub\get_plugin_version;
+use function Activitypub\is_user_type_disabled;
+use function Activitypub\get_webfinger_resource;
+
 /**
  * ActivityPub Health_Check Class
  *
@@ -19,16 +27,23 @@ class Health_Check {
 	}
 
 	public static function add_tests( $tests ) {
-		$tests['direct']['activitypub_test_author_url'] = array(
-			'label' => \__( 'Author URL test', 'activitypub' ),
-			'test'  => array( self::class, 'test_author_url' ),
-		);
+		if ( ! is_user_type_disabled( 'user' ) ) {
+			$tests['direct']['activitypub_test_author_url'] = array(
+				'label' => \__( 'Author URL test', 'activitypub' ),
+				'test'  => array( self::class, 'test_author_url' ),
+			);
+		}
 
 		$tests['direct']['activitypub_test_webfinger'] = array(
 			'label' => __( 'WebFinger Test', 'activitypub' ),
 			'test'  => array( self::class, 'test_webfinger' ),
 		);
 
+		$tests['direct']['activitypub_test_system_cron'] = array(
+			'label' => __( 'System Cron Test', 'activitypub' ),
+			'test'  => array( self::class, 'test_system_cron' ),
+		);
+
 		return $tests;
 	}
 
@@ -70,6 +85,49 @@ class Health_Check {
 		return $result;
 	}
 
+	/**
+	 * System Cron tests
+	 *
+	 * @return array
+	 */
+	public static function test_system_cron() {
+		$result = array(
+			'label'       => \__( 'System Task Scheduler configured', 'activitypub' ),
+			'status'      => 'good',
+			'badge'       => array(
+				'label' => \__( 'ActivityPub', 'activitypub' ),
+				'color' => 'green',
+			),
+			'description' => \sprintf(
+				'<p>%s</p>',
+				\esc_html__( 'You seem to use the System Task Scheduler to process WP_Cron tasks.', 'activitypub' )
+			),
+			'actions'     => '',
+			'test'        => 'test_system_cron',
+		);
+
+		if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
+			return $result;
+		}
+
+		$result['status']         = 'recommended';
+		$result['label']          = \__( 'System Task Scheduler not configured', 'activitypub' );
+		$result['badge']['color'] = 'orange';
+		$result['description']    = \sprintf(
+			'<p>%s</p>',
+			\__( 'Enhance your WordPress site’s performance and mitigate potential heavy loads caused by plugins like ActivityPub by setting up a system cron job to run WP Cron. This ensures scheduled tasks are executed consistently and reduces the reliance on website traffic for trigger events.', 'activitypub' )
+		);
+		$result['actions'] .= sprintf(
+			'<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+			__( 'https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/', 'activitypub' ),
+			__( 'Learn how to hook the WP-Cron into the System Task Scheduler.', 'activitypub' ),
+			/* translators: Hidden accessibility text. */
+			__( '(opens in a new tab)', 'activitypub' )
+		);
+
+		return $result;
+	}
+
 	/**
 	 * WebFinger tests
 	 *
@@ -111,7 +169,7 @@ class Health_Check {
 	/**
 	 * Check if `author_posts_url` is accessible and that request returns correct JSON
 	 *
-	 * @return boolean|\WP_Error
+	 * @return boolean|WP_Error
 	 */
 	public static function is_author_url_accessible() {
 		$user = \wp_get_current_user();
@@ -120,7 +178,7 @@ class Health_Check {
 
 		// check for "author" in URL
 		if ( $author_url !== $reference_author_url ) {
-			return new \WP_Error(
+			return new WP_Error(
 				'author_url_not_accessible',
 				\sprintf(
 					// translators: %s: Author URL
@@ -143,7 +201,7 @@ class Health_Check {
 		);
 
 		if ( \is_wp_error( $response ) ) {
-			return new \WP_Error(
+			return new WP_Error(
 				'author_url_not_accessible',
 				\sprintf(
 					// translators: %s: Author URL
@@ -160,7 +218,7 @@ class Health_Check {
 
 		// check for redirects
 		if ( \in_array( $response_code, array( 301, 302, 307, 308 ), true ) ) {
-			return new \WP_Error(
+			return new WP_Error(
 				'author_url_not_accessible',
 				\sprintf(
 					// translators: %s: Author URL
@@ -177,7 +235,7 @@ class Health_Check {
 		$body = \wp_remote_retrieve_body( $response );
 
 		if ( ! \is_string( $body ) || ! \is_array( \json_decode( $body, true ) ) ) {
-			return new \WP_Error(
+			return new WP_Error(
 				'author_url_not_accessible',
 				\sprintf(
 					// translators: %s: Author URL
@@ -196,13 +254,20 @@ class Health_Check {
 	/**
 	 * Check if WebFinger endpoint is accessible and profile request returns correct JSON
 	 *
-	 * @return boolean|\WP_Error
+	 * @return boolean|WP_Error
 	 */
 	public static function is_webfinger_endpoint_accessible() {
-		$user    = \wp_get_current_user();
-		$account = \Activitypub\get_webfinger_resource( $user->ID );
+		$user = \wp_get_current_user();
 
-		$url = \Activitypub\Webfinger::resolve( $account );
+		if ( ! is_user_type_disabled( 'blog' ) ) {
+			$account = get_webfinger_resource( $user->ID );
+		} elseif ( ! is_user_type_disabled( 'user' ) ) {
+			$account = get_webfinger_resource( Users::BLOG_USER_ID );
+		} else {
+			$account = '';
+		}
+
+		$url = Webfinger::resolve( $account );
 		if ( \is_wp_error( $url ) ) {
 			$allowed = array( 'code' => array() );
 			$not_accessible = wp_kses(
@@ -237,7 +302,7 @@ class Health_Check {
 			if ( isset( $health_messages[ $url->get_error_code() ] ) ) {
 				$message = $health_messages[ $url->get_error_code() ];
 			}
-			return new \WP_Error(
+			return new WP_Error(
 				$url->get_error_code(),
 				$message,
 				$url->get_error_data()
@@ -291,7 +356,7 @@ class Health_Check {
 			'fields' => array(
 				'webfinger' => array(
 					'label'   => __( 'WebFinger Resource', 'activitypub' ),
-					'value'   => \Activitypub\Webfinger::get_user_resource( wp_get_current_user()->ID ),
+					'value'   => Webfinger::get_user_resource( wp_get_current_user()->ID ),
 					'private' => true,
 				),
 				'author_url' => array(
@@ -299,6 +364,11 @@ class Health_Check {
 					'value'   => get_author_posts_url( wp_get_current_user()->ID ),
 					'private' => true,
 				),
+				'plugin_version' => array(
+					'label'   => __( 'Plugin Version', 'activitypub' ),
+					'value'   => get_plugin_version(),
+					'private' => true,
+				),
 			),
 		);
 

includes/class-http.php

@@ -53,7 +53,7 @@ class Http {
 		$code     = \wp_remote_retrieve_response_code( $response );
 
 		if ( $code >= 400 ) {
-			$response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ) );
+			$response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ), array( 'status' => $code ) );
 		}
 
 		\do_action( 'activitypub_safe_remote_post_response', $response, $url, $body, $user_id );
@@ -101,7 +101,7 @@ class Http {
 		$code     = \wp_remote_retrieve_response_code( $response );
 
 		if ( $code >= 400 ) {
-			$response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ) );
+			$response = new WP_Error( $code, __( 'Failed HTTP Request', 'activitypub' ), array( 'status' => $code ) );
 		}
 
 		\do_action( 'activitypub_safe_remote_get_response', $response, $url );

includes/class-mention.php

@@ -2,6 +2,7 @@
 namespace Activitypub;
 
 use WP_Error;
+use Activitypub\Webfinger;
 
 /**
  * ActivityPub Mention Class
@@ -25,43 +26,60 @@ class Mention {
 	 * @return string the filtered post-content
 	 */
 	public static function the_content( $the_content ) {
-		$protected_tags = array();
-		$protect = function( $m ) use ( &$protected_tags ) {
-			$c = \wp_rand( 100000, 999999 );
-			$protect = '!#!#PROTECT' . $c . '#!#!';
-			while ( isset( $protected_tags[ $protect ] ) ) {
-				$c = \wp_rand( 100000, 999999 );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
+		// small protection against execution timeouts: limit to 1 MB
+		if ( mb_strlen( $the_content ) > MB_IN_BYTES ) {
+			return $the_content;
+		}
+		$tag_stack = array();
+		$protected_tags = array(
+			'pre',
+			'code',
+			'textarea',
+			'style',
+			'a',
+		);
+		$content_with_links = '';
+		$in_protected_tag = false;
+		foreach ( wp_html_split( $the_content ) as $chunk ) {
+			if ( preg_match( '#^<!--[\s\S]*-->$#i', $chunk, $m ) ) {
+				$content_with_links .= $chunk;
+				continue;
 			}
-			$protected_tags[ $protect ] = $m[0];
-			return $protect;
-		};
-		$the_content = preg_replace_callback(
-			'#<!\[CDATA\[.*?\]\]>#is',
-			$protect,
-			$the_content
-		);
-		$the_content = preg_replace_callback(
-			'#<(pre|code|textarea|style)\b[^>]*>.*?</\1[^>]*>#is',
-			$protect,
-			$the_content
-		);
-		$the_content = preg_replace_callback(
-			'#<a.*?href=[^>]+>.*?</a>#i',
-			$protect,
-			$the_content
-		);
 
-		$the_content = preg_replace_callback(
-			'#<img.*?[^>]+>#i',
-			$protect,
-			$the_content
-		);
+			if ( preg_match( '#^<(/)?([a-z-]+)\b[^>]*>$#i', $chunk, $m ) ) {
+				$tag = strtolower( $m[2] );
+				if ( '/' === $m[1] ) {
+					// Closing tag.
+					$i = array_search( $tag, $tag_stack );
+					// We can only remove the tag from the stack if it is in the stack.
+					if ( false !== $i ) {
+						$tag_stack = array_slice( $tag_stack, 0, $i );
+					}
+				} else {
+					// Opening tag, add it to the stack.
+					$tag_stack[] = $tag;
+				}
 
-		$the_content = \preg_replace_callback( '/@' . ACTIVITYPUB_USERNAME_REGEXP . '/', array( self::class, 'replace_with_links' ), $the_content );
-		$the_content = \str_replace( array_reverse( array_keys( $protected_tags ) ), array_reverse( array_values( $protected_tags ) ), $the_content );
+				// If we're in a protected tag, the tag_stack contains at least one protected tag string.
+				// The protected tag state can only change when we encounter a start or end tag.
+				$in_protected_tag = array_intersect( $tag_stack, $protected_tags );
 
-		return $the_content;
+				// Never inspect tags.
+				$content_with_links .= $chunk;
+				continue;
+			}
+
+			if ( $in_protected_tag ) {
+				// Don't inspect a chunk inside an inspected tag.
+				$content_with_links .= $chunk;
+				continue;
+			}
+
+			// Only reachable when there is no protected tag in the stack.
+			$content_with_links .= \preg_replace_callback( '/@' . ACTIVITYPUB_USERNAME_REGEXP . '/', array( self::class, 'replace_with_links' ), $chunk );
+		}
+
+		return $content_with_links;
 	}
 
 	/**
@@ -74,7 +92,7 @@ class Mention {
 	public static function replace_with_links( $result ) {
 		$metadata = get_remote_metadata_by_actor( $result[0] );
 
-		if ( ! is_wp_error( $metadata ) && ! empty( $metadata['url'] ) ) {
+		if ( ! empty( $metadata ) && ! is_wp_error( $metadata ) && ! empty( $metadata['url'] ) ) {
 			$username = ltrim( $result[0], '@' );
 			if ( ! empty( $metadata['name'] ) ) {
 				$username = $metadata['name'];

includes/class-migration.php

@@ -4,6 +4,7 @@ namespace Activitypub;
 use Activitypub\Activitypub;
 use Activitypub\Model\Blog_User;
 use Activitypub\Collection\Followers;
+use Activitypub\Admin;
 
 /**
  * ActivityPub Migration Class
@@ -114,12 +115,30 @@ class Migration {
 		if ( version_compare( $version_from_db, '1.0.0', '<' ) ) {
 			self::migrate_from_0_17();
 		}
+		if ( version_compare( $version_from_db, 'version_number_transformer_management_placeholder', '<' ) ) {
+			self::migrate_from_version_number_transformer_management_placeholder();
+		}
 
 		update_option( 'activitypub_db_version', self::get_target_version() );
 
 		self::unlock();
 	}
 
+	/**
+	 * Updates the supported post type settings to the mapped transformer setting.
+	 * TODO: Test this
+	 * @return void
+	 */
+	private static function migrate_from_version_number_transformer_management_placeholder() {
+		$supported_post_types = \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) );
+		Admin::register_settings();
+		$transformer_mapping = array();
+		foreach ( $supported_post_types as $supported_post_type ) {
+			$transformer_mapping[ $supported_post_type ] = ACTIVITYPUB_DEFAULT_TRANSFORMER;
+		}
+		update_option( 'activitypub_transformer_mapping', $transformer_mapping );
+	}
+
 	/**
 	 * Updates the DB-schema of the followers-list
 	 *

includes/class-scheduler.php

@@ -4,7 +4,6 @@ namespace Activitypub;
 
 use Activitypub\Collection\Users;
 use Activitypub\Collection\Followers;
-use Activitypub\Transformer\Post;
 
 /**
  * ActivityPub Scheduler Class
@@ -105,10 +104,16 @@ class Scheduler {
 	 * @return void
 	 */
 	public static function update_followers() {
-		$followers = Followers::get_outdated_followers();
+		$number = 5;
+
+		if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
+			$number = 50;
+		}
+
+		$followers = Followers::get_outdated_followers( $number );
 
 		foreach ( $followers as $follower ) {
-			$meta = get_remote_metadata_by_actor( $follower->get_url(), true );
+			$meta = get_remote_metadata_by_actor( $follower->get_url(), false );
 
 			if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
 				Followers::add_error( $follower->get__id(), $meta );
@@ -125,10 +130,16 @@ class Scheduler {
 	 * @return void
 	 */
 	public static function cleanup_followers() {
-		$followers = Followers::get_faulty_followers();
+		$number = 5;
+
+		if ( defined( 'DISABLE_WP_CRON' ) && DISABLE_WP_CRON ) {
+			$number = 50;
+		}
+
+		$followers = Followers::get_faulty_followers( $number );
 
 		foreach ( $followers as $follower ) {
-			$meta = get_remote_metadata_by_actor( $follower->get_url(), true );
+			$meta = get_remote_metadata_by_actor( $follower->get_url(), false );
 
 			if ( is_tombstone( $meta ) ) {
 				$follower->delete();

includes/class-shortcodes.php

@@ -5,14 +5,9 @@ use function Activitypub\esc_hashtag;
 
 class Shortcodes {
 	/**
-	 * Class constructor, registering WordPress then Shortcodes
+	 * Register the shortcodes
 	 */
-	public static function init() {
-		// do not load on admin pages
-		if ( is_admin() ) {
-			return;
-		}
-
+	public static function register() {
 		foreach ( get_class_methods( self::class ) as $shortcode ) {
 			if ( 'init' !== $shortcode ) {
 				add_shortcode( 'ap_' . $shortcode, array( self::class, $shortcode ) );
@@ -20,6 +15,17 @@ class Shortcodes {
 		}
 	}
 
+	/**
+	 * Unregister the shortcodes
+	 */
+	public static function unregister() {
+		foreach ( get_class_methods( self::class ) as $shortcode ) {
+			if ( 'init' !== $shortcode ) {
+				remove_shortcode( 'ap_' . $shortcode );
+			}
+		}
+	}
+
 	/**
 	 * Generates output for the 'ap_hashtags' shortcode
 	 *
@@ -46,7 +52,7 @@ class Shortcodes {
 
 		foreach ( $tags as $tag ) {
 			$hash_tags[] = \sprintf(
-				'<a rel="tag" class="u-tag u-category" href="%s">%s</a>',
+				'<a rel="tag" class="hashtag u-tag u-category" href="%s">%s</a>',
 				\esc_url( \get_tag_link( $tag ) ),
 				esc_hashtag( $tag->name )
 			);
@@ -114,7 +120,7 @@ class Shortcodes {
 
 				/** This filter is documented in wp-includes/post-template.php */
 				$excerpt = \apply_filters( 'the_content', $excerpt );
-				$excerpt = \str_replace( ']]>', ']]>', $excerpt );
+				$excerpt = \str_replace( ']]>', ']]&gt;', $excerpt );
 			}
 		}
 
@@ -384,7 +390,8 @@ class Shortcodes {
 			return '';
 		}
 
-		$name = \get_the_author_meta( 'display_name', $item->post_author );
+		$author_id = \get_post_field( 'post_author', $item->ID );
+		$name = \get_the_author_meta( 'display_name', $author_id );
 
 		if ( ! $name ) {
 			return '';
@@ -409,7 +416,8 @@ class Shortcodes {
 			return '';
 		}
 
-		$url = \get_the_author_meta( 'user_url', $item->post_author );
+		$author_id = \get_post_field( 'post_author', $item->ID );
+		$url = \get_the_author_meta( 'user_url', $author_id );
 
 		if ( ! $url ) {
 			return '';

includes/class-signature.php

@@ -4,7 +4,7 @@ namespace Activitypub;
 use WP_Error;
 use DateTime;
 use DateTimeZone;
-use Activitypub\Model\User;
+use WP_REST_Request;
 use Activitypub\Collection\Users;
 
 /**
@@ -23,22 +23,14 @@ class Signature {
 	 *
 	 * @return mixed The public key.
 	 */
-	public static function get_public_key( $user_id, $force = false ) {
+	public static function get_public_key_for( $user_id, $force = false ) {
 		if ( $force ) {
-			self::generate_key_pair( $user_id );
+			self::generate_key_pair_for( $user_id );
 		}
 
-		if ( User::APPLICATION_USER_ID === $user_id ) {
-			$key = \get_option( 'activitypub_magic_sig_public_key' );
-		} else {
-			$key = \get_user_meta( $user_id, 'magic_sig_public_key', true );
-		}
+		$key_pair = self::get_keypair_for( $user_id );
 
-		if ( ! $key ) {
-			return self::get_public_key( $user_id, true );
-		}
-
-		return $key;
+		return $key_pair['public_key'];
 	}
 
 	/**
@@ -49,22 +41,32 @@ class Signature {
 	 *
 	 * @return mixed The private key.
 	 */
-	public static function get_private_key( $user_id, $force = false ) {
+	public static function get_private_key_for( $user_id, $force = false ) {
 		if ( $force ) {
-			self::generate_key_pair( $user_id );
+			self::generate_key_pair_for( $user_id );
 		}
 
-		if ( User::APPLICATION_USER_ID === $user_id ) {
-			$key = \get_option( 'activitypub_magic_sig_private_key' );
-		} else {
-			$key = \get_user_meta( $user_id, 'magic_sig_private_key', true );
+		$key_pair = self::get_keypair_for( $user_id );
+
+		return $key_pair['private_key'];
+	}
+
+	/**
+	 * Return the key pair for a given user.
+	 *
+	 * @param int $user_id The WordPress User ID.
+	 *
+	 * @return array The key pair.
+	 */
+	public static function get_keypair_for( $user_id ) {
+		$option_key = self::get_signature_options_key_for( $user_id );
+		$key_pair = \get_option( $option_key );
+
+		if ( ! $key_pair ) {
+			$key_pair = self::generate_key_pair_for( $user_id );
 		}
 
-		if ( ! $key ) {
-			return self::get_private_key( $user_id, true );
-		}
-
-		return $key;
+		return $key_pair;
 	}
 
 	/**
@@ -72,9 +74,18 @@ class Signature {
 	 *
 	 * @param int $user_id The WordPress User ID.
 	 *
-	 * @return void
+	 * @return array The key pair.
 	 */
-	public static function generate_key_pair() {
+	protected static function generate_key_pair_for( $user_id ) {
+		$option_key = self::get_signature_options_key_for( $user_id );
+		$key_pair = self::check_legacy_key_pair_for( $user_id );
+
+		if ( $key_pair ) {
+			\add_option( $option_key, $key_pair );
+
+			return $key_pair;
+		}
+
 		$config = array(
 			'digest_alg' => 'sha512',
 			'private_key_bits' => 2048,
@@ -88,10 +99,78 @@ class Signature {
 
 		$detail = \openssl_pkey_get_details( $key );
 
-		return array(
+		// check if keys are valid
+		if (
+			empty( $priv_key ) || ! is_string( $priv_key ) ||
+			! isset( $detail['key'] ) || ! is_string( $detail['key'] )
+		) {
+			return array(
+				'private_key' => null,
+				'public_key'  => null,
+			);
+		}
+
+		$key_pair = array(
 			'private_key' => $priv_key,
 			'public_key'  => $detail['key'],
 		);
+
+		// persist keys
+		\add_option( $option_key, $key_pair );
+
+		return $key_pair;
+	}
+
+	/**
+	 * Return the option key for a given user.
+	 *
+	 * @param int $user_id The WordPress User ID.
+	 *
+	 * @return string The option key.
+	 */
+	protected static function get_signature_options_key_for( $user_id ) {
+		$id = $user_id;
+
+		if ( $user_id > 0 ) {
+			$user = \get_userdata( $user_id );
+			// sanatize username because it could include spaces and special chars
+			$id = sanitize_title( $user->user_login );
+		}
+
+		return 'activitypub_keypair_for_' . $id;
+	}
+
+	/**
+	 * Check if there is a legacy key pair
+	 *
+	 * @param int $user_id The WordPress User ID.
+	 *
+	 * @return array|bool The key pair or false.
+	 */
+	protected static function check_legacy_key_pair_for( $user_id ) {
+		switch ( $user_id ) {
+			case 0:
+				$public_key = \get_option( 'activitypub_blog_user_public_key' );
+				$private_key = \get_option( 'activitypub_blog_user_private_key' );
+				break;
+			case -1:
+				$public_key = \get_option( 'activitypub_application_user_public_key' );
+				$private_key = \get_option( 'activitypub_application_user_private_key' );
+				break;
+			default:
+				$public_key = \get_user_meta( $user_id, 'magic_sig_public_key', true );
+				$private_key = \get_user_meta( $user_id, 'magic_sig_private_key', true );
+				break;
+		}
+
+		if ( ! empty( $public_key ) && is_string( $public_key ) && ! empty( $private_key ) && is_string( $private_key ) ) {
+			return array(
+				'private_key' => $private_key,
+				'public_key'  => $public_key,
+			);
+		}
+
+		return false;
 	}
 
 	/**
@@ -107,7 +186,7 @@ class Signature {
 	 */
 	public static function generate_signature( $user_id, $http_method, $url, $date, $digest = null ) {
 		$user = Users::get_by_id( $user_id );
-		$key  = $user->get__private_key();
+		$key  = self::get_private_key_for( $user->get__id() );
 
 		$url_parts = \wp_parse_url( $url );
 
@@ -136,7 +215,6 @@ class Signature {
 		\openssl_sign( $signed_string, $signature, $key, \OPENSSL_ALGO_SHA256 );
 		$signature = \base64_encode( $signature ); // phpcs:ignore
 
-		$user   = Users::get_by_id( $user_id );
 		$key_id = $user->get_url() . '#main-key';
 
 		if ( ! empty( $digest ) ) {
@@ -149,7 +227,7 @@ class Signature {
 	/**
 	 * Verifies the http signatures
 	 *
-	 * @param WP_REQUEST|array $request The request object or $_SERVER array.
+	 * @param WP_REST_Request|array $request The request object or $_SERVER array.
 	 *
 	 * @return mixed A boolean or WP_Error.
 	 */
@@ -161,6 +239,18 @@ class Signature {
 			} else {
 				$route = '/' . rest_get_url_prefix() . '/' . ltrim( $request->get_route(), '/' );
 			}
+
+			// fix route for subdirectory installs
+			$path = \wp_parse_url( \get_home_url(), PHP_URL_PATH );
+
+			if ( \is_string( $path ) ) {
+				$path = trim( $path, '/' );
+			}
+
+			if ( $path ) {
+				$route = '/' . $path . $route;
+			}
+
 			$headers = $request->get_headers();
 			$headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' ' . $route;
 		} else {
@@ -170,7 +260,7 @@ class Signature {
 		}
 
 		if ( ! isset( $headers['signature'] ) ) {
-			return new WP_Error( 'activitypub_signature', 'Request not signed', array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		if ( array_key_exists( 'signature', $headers ) ) {
@@ -180,7 +270,7 @@ class Signature {
 		}
 
 		if ( ! isset( $signature_block ) || ! $signature_block ) {
-			return new WP_Error( 'activitypub_signature', 'Incompatible request signature. keyId and signature are required', array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		$signed_headers = $signature_block['headers'];
@@ -190,12 +280,12 @@ class Signature {
 
 		$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );
 		if ( ! $signed_data ) {
-			return new WP_Error( 'activitypub_signature', 'Signed request date outside acceptable time window', array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		$algorithm = self::get_signature_algorithm( $signature_block );
 		if ( ! $algorithm ) {
-			return new WP_Error( 'activitypub_signature', 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		if ( \in_array( 'digest', $signed_headers, true ) && isset( $body ) ) {
@@ -211,7 +301,7 @@ class Signature {
 			}
 
 			if ( \base64_encode( \hash( $hashalg, $body, true ) ) !== $digest[1] ) { // phpcs:ignore
-				return new WP_Error( 'activitypub_signature', 'Invalid Digest header', array( 'status' => 403 ) );
+				return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 401 ) );
 			}
 		}
 
@@ -224,7 +314,7 @@ class Signature {
 		$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;
 
 		if ( ! $verified ) {
-			return new WP_Error( 'activitypub_signature', 'Invalid signature', array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 401 ) );
 		}
 		return $verified;
 	}
@@ -234,17 +324,25 @@ class Signature {
 	 *
 	 * @param string $key_id The URL to the public key.
 	 *
-	 * @return string The public key.
+	 * @return WP_Error|string The public key or WP_Error.
 	 */
 	public static function get_remote_key( $key_id ) { // phpcs:ignore
 		$actor = get_remote_metadata_by_actor( strip_fragment_from_url( $key_id ) ); // phpcs:ignore
 		if ( \is_wp_error( $actor ) ) {
-			return $actor;
+			return new WP_Error(
+				'activitypub_no_remote_profile_found',
+				__( 'No Profile found or Profile not accessible', 'activitypub' ),
+				array( 'status' => 401 )
+			);
 		}
 		if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {
 			return \rtrim( $actor['publicKey']['publicKeyPem'] ); // phpcs:ignore
 		}
-		return null;
+		return new WP_Error(
+			'activitypub_no_remote_key_found',
+			__( 'No Public-Key found', 'activitypub' ),
+			array( 'status' => 401 )
+		);
 	}
 
 	/**

includes/class-webfinger.php

@@ -41,9 +41,14 @@ class Webfinger {
 	 * @return string|WP_Error The URL or WP_Error
 	 */
 	public static function resolve( $resource ) {
+		if ( ! $resource ) {
+			return null;
+		}
+
 		if ( ! preg_match( '/^@?' . ACTIVITYPUB_USERNAME_REGEXP . '$/i', $resource, $m ) ) {
 			return null;
 		}
+
 		$transient_key = 'activitypub_resolve_' . ltrim( $resource, '@' );
 
 		$link = \get_transient( $transient_key );
@@ -63,7 +68,7 @@ class Webfinger {
 			$url,
 			array(
 				'headers' => array( 'Accept' => 'application/jrd+json' ),
-				'redirection' => 0,
+				'redirection' => 2,
 				'timeout' => 2,
 			)
 		);

includes/collection/class-followers.php

@@ -160,7 +160,7 @@ class Followers {
 	 * @param int    $user_id The ID of the WordPress User
 	 * @param string $actor   The Actor URL
 	 *
-	 * @return array|WP_Error The Follower (WP_Term array) or an WP_Error
+	 * @return array|WP_Error The Follower (WP_Post array) or an WP_Error
 	 */
 	public static function add_follower( $user_id, $actor ) {
 		$meta = get_remote_metadata_by_actor( $actor );
@@ -169,29 +169,24 @@ class Followers {
 			return $meta;
 		}
 
-		$error = null;
+		if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
+			return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
+		}
 
 		$follower = new Follower();
+		$follower->from_array( $meta );
 
-		if ( empty( $meta ) || ! is_array( $meta ) || is_wp_error( $meta ) ) {
-			$follower->set_id( $actor );
-			$follower->set_url( $actor );
-			$error = $meta;
-		} else {
-			$follower->from_array( $meta );
+		$id = $follower->upsert();
+
+		if ( is_wp_error( $id ) ) {
+			return $id;
 		}
 
-		$follower->upsert();
-
-		$meta = get_post_meta( $follower->get__id(), 'activitypub_user_id' );
-
-		if ( $error ) {
-			self::add_error( $follower->get__id(), $error );
-		}
+		$post_meta = get_post_meta( $id, 'activitypub_user_id' );
 
 		// phpcs:ignore WordPress.PHP.StrictInArray.MissingTrueStrict
-		if ( is_array( $meta ) && ! in_array( $user_id, $meta ) ) {
-			add_post_meta( $follower->get__id(), 'activitypub_user_id', $user_id );
+		if ( is_array( $post_meta ) && ! in_array( $user_id, $post_meta ) ) {
+			add_post_meta( $id, 'activitypub_user_id', $user_id );
 			wp_cache_delete( sprintf( self::CACHE_KEY_INBOXES, $user_id ), 'activitypub' );
 		}
 
@@ -360,7 +355,17 @@ class Followers {
 	public static function get_all_followers() {
 		$args = array(
 			// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
-			'meta_query' => array(),
+			'meta_query' => array(
+				'relation' => 'AND',
+				array(
+					'key'     => 'activitypub_inbox',
+					'compare' => 'EXISTS',
+				),
+				array(
+					'key'     => 'activitypub_actor_json',
+					'compare' => 'EXISTS',
+				),
+			),
 		);
 		return self::get_followers( null, null, null, $args );
 	}
@@ -379,10 +384,19 @@ class Followers {
 				'fields'     => 'ids',
 				// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 				'meta_query' => array(
+					'relation' => 'AND',
 					array(
 						'key'   => 'activitypub_user_id',
 						'value' => $user_id,
 					),
+					array(
+						'key'     => 'activitypub_inbox',
+						'compare' => 'EXISTS',
+					),
+					array(
+						'key'     => 'activitypub_actor_json',
+						'compare' => 'EXISTS',
+					),
 				),
 			)
 		);
@@ -412,6 +426,7 @@ class Followers {
 				'fields'     => 'ids',
 				// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 				'meta_query' => array(
+					'relation' => 'AND',
 					array(
 						'key'     => 'activitypub_inbox',
 						'compare' => 'EXISTS',
@@ -420,6 +435,11 @@ class Followers {
 						'key'   => 'activitypub_user_id',
 						'value' => $user_id,
 					),
+					array(
+						'key'     => 'activitypub_inbox',
+						'value'   => '',
+						'compare' => '!=',
+					),
 				),
 			)
 		);
@@ -462,7 +482,7 @@ class Followers {
 			'post_type'      => self::POST_TYPE,
 			'posts_per_page' => $number,
 			'orderby'        => 'modified',
-			'order'          => 'DESC',
+			'order'          => 'ASC',
 			'post_status'    => 'any', // 'any' includes 'trash
 			'date_query'     => array(
 				array(
@@ -490,16 +510,35 @@ class Followers {
 	 *
 	 * @return mixed The Term list of Followers, the format depends on $output.
 	 */
-	public static function get_faulty_followers( $number = 10 ) {
+	public static function get_faulty_followers( $number = 20 ) {
 		$args = array(
 			'post_type'      => self::POST_TYPE,
 			'posts_per_page' => $number,
 			// phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
 			'meta_query'     => array(
+				'relation' => 'OR',
 				array(
 					'key'     => 'activitypub_errors',
 					'compare' => 'EXISTS',
 				),
+				array(
+					'key'     => 'activitypub_inbox',
+					'compare' => 'NOT EXISTS',
+				),
+				array(
+					'key'     => 'activitypub_actor_json',
+					'compare' => 'NOT EXISTS',
+				),
+				array(
+					'key'     => 'activitypub_inbox',
+					'value'   => '',
+					'compare' => '=',
+				),
+				array(
+					'key'     => 'activitypub_actor_json',
+					'value'   => '',
+					'compare' => '=',
+				),
 			),
 		);
 

includes/compat.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * ActivityPub implementation for WordPress/PHP functions either missing from older WordPress/PHP versions or not included by default.
+ */
+
+if ( ! function_exists( 'str_starts_with' ) ) {
+	/**
+	 * Polyfill for `str_starts_with()` function added in PHP 8.0.
+	 *
+	 * Performs a case-sensitive check indicating if
+	 * the haystack begins with needle.
+	 *
+	 * @param string $haystack The string to search in.
+	 * @param string $needle   The substring to search for in the `$haystack`.
+	 * @return bool True if `$haystack` starts with `$needle`, otherwise false.
+	 */
+	function str_starts_with( $haystack, $needle ) {
+		if ( '' === $needle ) {
+			return true;
+		}
+
+		return 0 === strpos( $haystack, $needle );
+	}
+}
+
+if ( ! function_exists( 'get_self_link' ) ) {
+	/**
+	 * Returns the link for the currently displayed feed.
+	 *
+	 * @return string Correct link for the atom:self element.
+	 */
+	function get_self_link() {
+		$host = wp_parse_url( home_url() );
+		$path = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '';
+		return esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . $path ) ) );
+	}
+}
+
+if ( ! function_exists( 'is_countable' ) ) {
+	/**
+	 * Polyfill for `is_countable()` function added in PHP 7.3.
+	 *
+	 * @param mixed $value The value to check.
+	 * @return bool True if `$value` is countable, otherwise false.
+	 */
+	function is_countable( $value ) {
+			return is_array( $value ) || $value instanceof \Countable;
+	}
+}

includes/functions.php

@@ -5,6 +5,7 @@ use WP_Error;
 use Activitypub\Http;
 use Activitypub\Activity\Activity;
 use Activitypub\Collection\Followers;
+use Activitypub\Collection\Users;
 
 /**
  * Returns the ActivityPub default JSON-context
@@ -42,7 +43,7 @@ function get_webfinger_resource( $user_id ) {
  * @param string $actor  The Actor URL.
  * @param bool   $cached If the result should be cached.
  *
- * @return array The Actor profile as array
+ * @return array|WP_Error The Actor profile as array or WP_Error on failure.
  */
 function get_remote_metadata_by_actor( $actor, $cached = true ) {
 	$pre = apply_filters( 'pre_get_remote_metadata_by_actor', false, $actor );
@@ -54,7 +55,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
 	}
 
 	if ( ! $actor ) {
-		return null;
+		return new WP_Error( 'activitypub_no_valid_actor_identifier', \__( 'The "actor" identifier is not valid', 'activitypub' ), array( 'status' => 404, 'actor' => $actor ) );
 	}
 
 	if ( is_wp_error( $actor ) ) {
@@ -73,33 +74,26 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
 	}
 
 	if ( ! \wp_http_validate_url( $actor ) ) {
-		$metadata = new \WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), $actor );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
+		$metadata = new WP_Error( 'activitypub_no_valid_actor_url', \__( 'The "actor" is no valid URL', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
 		return $metadata;
 	}
 
-	$short_timeout = function() {
-		return 3;
-	};
-	add_filter( 'activitypub_remote_get_timeout', $short_timeout );
 	$response = Http::get( $actor );
-	remove_filter( 'activitypub_remote_get_timeout', $short_timeout );
+
 	if ( \is_wp_error( $response ) ) {
-		\set_transient( $transient_key, $response, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
 		return $response;
 	}
 
 	$metadata = \wp_remote_retrieve_body( $response );
 	$metadata = \json_decode( $metadata, true );
 
-	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
-
 	if ( ! $metadata ) {
-		$metadata = new \WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), $actor );
-		\set_transient( $transient_key, $metadata, HOUR_IN_SECONDS ); // Cache the error for a shorter period.
+		$metadata = new WP_Error( 'activitypub_invalid_json', \__( 'No valid JSON data', 'activitypub' ), array( 'status' => 400, 'actor' => $actor ) );
 		return $metadata;
 	}
 
+	\set_transient( $transient_key, $metadata, WEEK_IN_SECONDS );
+
 	return $metadata;
 }
 
@@ -285,6 +279,16 @@ function is_activitypub_request() {
 		return false;
 	}
 
+	// Check if the current post type supports ActivityPub.
+	if ( \is_singular() ) {
+		$queried_object = \get_queried_object();
+		$post_type      = \get_post_type( $queried_object );
+
+		if ( ! \post_type_supports( $post_type, 'activitypub' ) ) {
+			return false;
+		}
+	}
+
 	// One can trigger an ActivityPub request by adding ?activitypub to the URL.
 	// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.VariableRedeclaration
 	global $wp_query;
@@ -416,7 +420,7 @@ function is_user_type_disabled( $type ) {
 			$return = false;
 			break;
 		default:
-			$return = new WP_Error( 'activitypub_wrong_user_type', __( 'Wrong user type', 'activitypub' ) );
+			$return = new WP_Error( 'activitypub_wrong_user_type', __( 'Wrong user type', 'activitypub' ), array( 'status' => 400 ) );
 			break;
 	}
 
@@ -429,31 +433,127 @@ function is_user_type_disabled( $type ) {
  * @return boolean True if the blog is in single-user mode, false otherwise.
  */
 function is_single_user() {
-	$return = false;
-
-	if ( \defined( 'ACTIVITYPUB_SINGLE_USER_MODE' ) ) {
-		if ( ACTIVITYPUB_SINGLE_USER_MODE ) {
-			$return = true;
-		}
-	} elseif (
+	if (
 		false === is_user_type_disabled( 'blog' ) &&
 		true === is_user_type_disabled( 'user' )
 	) {
-		$return = true;
+		return true;
 	}
 
-	return $return;
+	return false;
 }
 
-if ( ! function_exists( 'get_self_link' ) ) {
+/**
+ * Check if a site supports the block editor.
+ *
+ * @return boolean True if the site supports the block editor, false otherwise.
+ */
+function site_supports_blocks() {
+	if ( \version_compare( \get_bloginfo( 'version' ), '5.9', '<' ) ) {
+		return false;
+	}
+
+	if ( ! \function_exists( 'register_block_type_from_metadata' ) ) {
+		return false;
+	}
+
 	/**
-	 * Returns the link for the currently displayed feed.
+	 * Allow plugins to disable block editor support,
+	 * thus disabling blocks registered by the ActivityPub plugin.
 	 *
-	 * @return string Correct link for the atom:self element.
+	 * @param boolean $supports_blocks True if the site supports the block editor, false otherwise.
 	 */
-	function get_self_link() {
-		$host = wp_parse_url( home_url() );
-		$path = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : '';
-		return esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . $path ) ) );
-	}
+	return apply_filters( 'activitypub_site_supports_blocks', true );
+}
+
+/**
+ * Check if data is valid JSON.
+ *
+ * @param string $data The data to check.
+ *
+ * @return boolean True if the data is JSON, false otherwise.
+ */
+function is_json( $data ) {
+	return \is_array( \json_decode( $data, true ) ) ? true : false;
+}
+
+/**
+ * Check if a blog is public based on the `blog_public` option
+ *
+ * @return bollean True if public, false if not
+ */
+function is_blog_public() {
+	return (bool) apply_filters( 'activitypub_is_blog_public', \get_option( 'blog_public', 1 ) );
+}
+
+/**
+ * Get active users based on a given duration
+ *
+ * @param int $duration The duration to check in month(s)
+ *
+ * @return int The number of active users
+ */
+function get_active_users( $duration = 1 ) {
+
+	$duration = intval( $duration );
+	$transient_key = sprintf( 'monthly_active_users_%d', $duration );
+	$count = get_transient( $transient_key );
+
+	if ( false === $count ) {
+		global $wpdb;
+		$query = "SELECT COUNT( DISTINCT post_author ) FROM {$wpdb->posts} WHERE post_type = 'post' AND post_status = 'publish' AND post_date <= DATE_SUB( NOW(), INTERVAL %d MONTH )";
+		$query = $wpdb->prepare( $query, $duration );
+		$count = $wpdb->get_var( $query ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		set_transient( $transient_key, $count, DAY_IN_SECONDS );
+	}
+
+	// if 0 authors where active
+	if ( 0 === $count ) {
+		return 0;
+	}
+
+	// if single user mode
+	if ( is_single_user() ) {
+		return 1;
+	}
+
+	// if blog user is disabled
+	if ( is_user_disabled( Users::BLOG_USER_ID ) ) {
+		return $count;
+	}
+
+	// also count blog user
+	return $count + 1;
+}
+
+/**
+ * Get the total number of users
+ *
+ * @return int The total number of users
+ */
+function get_total_users() {
+	// if single user mode
+	if ( is_single_user() ) {
+		return 1;
+	}
+
+	$users = \get_users(
+		array(
+			'capability__in' => array( 'publish_posts' ),
+		)
+	);
+
+	if ( is_array( $users ) ) {
+		$users = count( $users );
+	} else {
+		$users = 1;
+	}
+
+	// if blog user is disabled
+	if ( is_user_disabled( Users::BLOG_USER_ID ) ) {
+		return $users;
+	}
+
+	return $users + 1;
 }

includes/help.php

@@ -11,7 +11,7 @@
 				'<dd>' . \wp_kses( __( 'The post\'s title.', 'activitypub' ), array( 'code' => array() ) ) . '</dd>' .
 				'<dt><code>[ap_content apply_filters="yes"]</code></dt>' .
 				'<dd>' . \wp_kses( __( 'The post\'s content. With <code>apply_filters</code> you can decide if filters (<code>apply_filters( \'the_content\', $content )</code>) should be applied or not (default is <code>yes</code>). The values can be <code>yes</code> or <code>no</code>. <code>apply_filters</code> attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '</dd>' .
-				'<dt><code>[ap_excerpt lenght="400"]</code></dt>' .
+				'<dt><code>[ap_excerpt length="400"]</code></dt>' .
 				'<dd>' . \wp_kses( __( 'The post\'s excerpt (default 400 chars). <code>length</code> attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '</dd>' .
 				'<dt><code>[ap_permalink type="url"]</code></dt>' .
 				'<dd>' . \wp_kses( __( 'The post\'s permalink. <code>type</code> can be either: <code>url</code> or <code>html</code> (an &lt;a /&gt; tag). <code>type</code> attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '</dd>' .

includes/model/class-application-user.php

@@ -46,46 +46,6 @@ class Application_User extends Blog_User {
 		return $this::get_name();
 	}
 
-	public function get__public_key() {
-		$key = \get_option( 'activitypub_application_user_public_key' );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		$key = \get_option( 'activitypub_application_user_public_key' );
-
-		return $key;
-	}
-
-	/**
-	 * @param int $user_id
-	 *
-	 * @return mixed
-	 */
-	public function get__private_key() {
-		$key = \get_option( 'activitypub_application_user_private_key' );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		return \get_option( 'activitypub_application_user_private_key' );
-	}
-
-	private function generate_key_pair() {
-		$key_pair = Signature::generate_key_pair();
-
-		if ( ! is_wp_error( $key_pair ) ) {
-			\update_option( 'activitypub_application_user_public_key', $key_pair['public_key'] );
-			\update_option( 'activitypub_application_user_private_key', $key_pair['private_key'] );
-		}
-	}
-
 	public function get_followers() {
 		return null;
 	}
@@ -95,14 +55,18 @@ class Application_User extends Blog_User {
 	}
 
 	public function get_attachment() {
-		return array();
-	}
-
-	public function get_featured_tags() {
-		return array();
+		return null;
 	}
 
 	public function get_featured() {
-		return array();
+		return null;
+	}
+
+	public function get_moderators() {
+		return null;
+	}
+
+	public function get_indexable() {
+		return false;
 	}
 }

includes/model/class-blog-user.php

@@ -7,6 +7,7 @@ use Activitypub\Collection\Users;
 
 use function Activitypub\is_single_user;
 use function Activitypub\is_user_disabled;
+use function Activitypub\get_rest_url_by_path;
 
 class Blog_User extends User {
 	/**
@@ -21,7 +22,7 @@ class Blog_User extends User {
 	 *
 	 * @var string
 	 */
-	protected $type = 'Group';
+	protected $type = null;
 
 	/**
 	 * Is Account discoverable?
@@ -45,13 +46,34 @@ class Blog_User extends User {
 		return $object;
 	}
 
+	/**
+	 * Get the type of the object.
+	 *
+	 * If the Blog is in "single user" mode, return "Person" insted of "Group".
+	 *
+	 * @return string The type of the object.
+	 */
+	public function get_type() {
+		if ( is_single_user() ) {
+			return 'Person';
+		} else {
+			return 'Group';
+		}
+	}
+
 	/**
 	 * Get the User-Name.
 	 *
 	 * @return string The User-Name.
 	 */
 	public function get_name() {
-		return \esc_html( \get_bloginfo( 'name' ) );
+		return \wp_strip_all_tags(
+			\html_entity_decode(
+				\get_bloginfo( 'name' ),
+				\ENT_QUOTES,
+				'UTF-8'
+			)
+		);
 	}
 
 	/**
@@ -187,48 +209,6 @@ class Blog_User extends User {
 		return \gmdate( 'Y-m-d\TH:i:s\Z', $time );
 	}
 
-	public function get__public_key() {
-		$key = \get_option( 'activitypub_blog_user_public_key' );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		$key = \get_option( 'activitypub_blog_user_public_key' );
-
-		return $key;
-	}
-
-	/**
-	 * Get the User-Private-Key.
-	 *
-	 * @param int $user_id
-	 *
-	 * @return mixed
-	 */
-	public function get__private_key() {
-		$key = \get_option( 'activitypub_blog_user_private_key' );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		return \get_option( 'activitypub_blog_user_private_key' );
-	}
-
-	private function generate_key_pair() {
-		$key_pair = Signature::generate_key_pair();
-
-		if ( ! is_wp_error( $key_pair ) ) {
-			\update_option( 'activitypub_blog_user_public_key', $key_pair['public_key'] );
-			\update_option( 'activitypub_blog_user_private_key', $key_pair['private_key'] );
-		}
-	}
-
 	public function get_attachment() {
 		return array();
 	}
@@ -237,18 +217,27 @@ class Blog_User extends User {
 		return \home_url();
 	}
 
-	/**
-	 * Get the type of the object.
-	 *
-	 * If the Blog is in "single user" mode, return "Person" insted of "Group".
-	 *
-	 * @return string The type of the object.
-	 */
-	public function get_type() {
-		if ( is_single_user() ) {
-			return 'Person';
-		} else {
-			return $this->type;
+	public function get_moderators() {
+		if ( is_single_user() || 'Group' !== $this->get_type() ) {
+			return null;
 		}
+
+		return get_rest_url_by_path( 'collections/moderators' );
+	}
+
+	public function get_attributed_to() {
+		if ( is_single_user() || 'Group' !== $this->get_type() ) {
+			return null;
+		}
+
+		return get_rest_url_by_path( 'collections/moderators' );
+	}
+
+	public function get_posting_restricted_to_mods() {
+		if ( 'Group' === $this->get_type() ) {
+			return true;
+		}
+
+		return null;
 	}
 }

includes/model/class-follower.php

@@ -1,6 +1,7 @@
 <?php
 namespace Activitypub\Model;
 
+use WP_Error;
 use WP_Query;
 use Activitypub\Activity\Actor;
 use Activitypub\Collection\Followers;
@@ -110,12 +111,40 @@ class Follower extends Actor {
 		$this->save();
 	}
 
+	/**
+	 * Validate the current Follower-Object.
+	 *
+	 * @return boolean True if the verification was successful.
+	 */
+	public function is_valid() {
+		// the minimum required attributes
+		$required_attributes = array(
+			'id',
+			'preferredUsername',
+			'inbox',
+			'publicKey',
+			'publicKeyPem',
+		);
+
+		foreach ( $required_attributes as $attribute ) {
+			if ( ! $this->get( $attribute ) ) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
 	/**
 	 * Save the current Follower-Object.
 	 *
-	 * @return void
+	 * @return int|WP_Error The Post-ID or an WP_Error.
 	 */
 	public function save() {
+		if ( ! $this->is_valid() ) {
+			return new WP_Error( 'activitypub_invalid_follower', __( 'Invalid Follower', 'activitypub' ), array( 'status' => 400 ) );
+		}
+
 		if ( ! $this->get__id() ) {
 			global $wpdb;
 
@@ -147,15 +176,17 @@ class Follower extends Actor {
 
 		$post_id = wp_insert_post( $args );
 		$this->_id = $post_id;
+
+		return $post_id;
 	}
 
 	/**
 	 * Upsert the current Follower-Object.
 	 *
-	 * @return void
+	 * @return int|WP_Error The Post-ID or an WP_Error.
 	 */
 	public function upsert() {
-		$this->save();
+		return $this->save();
 	}
 
 	/**
@@ -284,7 +315,7 @@ class Follower extends Actor {
 		$object->set_id( $post->guid );
 		$object->set_name( $post->post_title );
 		$object->set_summary( $post->post_excerpt );
-		$object->set_published( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_published ) ) );
+		$object->set_published( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_date ) ) );
 		$object->set_updated( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_modified ) ) );
 
 		return $object;

includes/model/class-post.php

@@ -1,7 +1,7 @@
 <?php
 namespace Activitypub\Model;
 
-use Activitypub\Transformer\Post as Post_Transformer;
+use Activitypub\Transformer\Post as Transformer_Post;
 
 /**
  * ActivityPub Post Class
@@ -33,8 +33,9 @@ class Post {
 	public function __construct( $post, $post_author = null ) {
 		_deprecated_function( __CLASS__, '1.0.0', '\Activitypub\Transformer\Post' );
 
-		$this->post   = $post;
-		$this->object = Post_Transformer::transform( $post )->to_object();
+		$this->post = $post;
+		$transformer = new Transformer_Post();
+		$this->object = $transformer->set_wp_post( $post )->to_object();
 	}
 
 	/**

includes/model/class-user.php

@@ -18,15 +18,6 @@ class User extends Actor {
 	 */
 	protected $_id; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore
 
-	/**
-	 * The Featured-Tags.
-	 *
-	 * @see https://docs.joinmastodon.org/spec/activitypub/#featuredTags
-	 *
-	 * @var string
-	 */
-	protected $featured_tags;
-
 	/**
 	 * The Featured-Posts.
 	 *
@@ -36,6 +27,15 @@ class User extends Actor {
 	 */
 	protected $featured;
 
+	/**
+	 * Moderators endpoint.
+	 *
+	 * @see https://join-lemmy.org/docs/contributors/05-federation.html
+	 *
+	 * @var string
+	 */
+	protected $moderators;
+
 	/**
 	 * The User-Type
 	 *
@@ -46,10 +46,19 @@ class User extends Actor {
 	/**
 	 * If the User is discoverable.
 	 *
+	 * @see https://docs.joinmastodon.org/spec/activitypub/#discoverable
+	 *
 	 * @var boolean
 	 */
 	protected $discoverable = true;
 
+	/**
+	 * If the User is indexable.
+	 *
+	 * @var boolean
+	 */
+	protected $indexable;
+
 	/**
 	 * The WebFinger Resource.
 	 *
@@ -57,6 +66,15 @@ class User extends Actor {
 	 */
 	protected $resource;
 
+	/**
+	 * Restrict posting to mods
+	 *
+	 * @see https://join-lemmy.org/docs/contributors/05-federation.html
+	 *
+	 * @var boolean
+	 */
+	protected $posting_restricted_to_mods = null;
+
 	public static function from_wp_user( $user_id ) {
 		if ( is_user_disabled( $user_id ) ) {
 			return new WP_Error(
@@ -159,53 +177,10 @@ class User extends Actor {
 		return array(
 			'id'       => $this->get_id() . '#main-key',
 			'owner'    => $this->get_id(),
-			'publicKeyPem' => $this->get__public_key(),
+			'publicKeyPem' => Signature::get_public_key_for( $this->get__id() ),
 		);
 	}
 
-	/**
-	 * @param int $this->get__id()
-	 *
-	 * @return mixed
-	 */
-	public function get__public_key() {
-		$key = \get_user_meta( $this->get__id(), 'magic_sig_public_key', true );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		return \get_user_meta( $this->get__id(), 'magic_sig_public_key', true );
-	}
-
-	/**
-	 * @param int $this->get__id()
-	 *
-	 * @return mixed
-	 */
-	public function get__private_key() {
-		$key = \get_user_meta( $this->get__id(), 'magic_sig_private_key', true );
-
-		if ( $key ) {
-			return $key;
-		}
-
-		$this->generate_key_pair();
-
-		return \get_user_meta( $this->get__id(), 'magic_sig_private_key', true );
-	}
-
-	private function generate_key_pair() {
-		$key_pair = Signature::generate_key_pair();
-
-		if ( ! is_wp_error( $key_pair ) ) {
-			\update_user_meta( $this->get__id(), 'magic_sig_public_key', $key_pair['public_key'], true );
-			\update_user_meta( $this->get__id(), 'magic_sig_private_key', $key_pair['private_key'], true );
-		}
-	}
-
 	/**
 	 * Returns the Inbox-API-Endpoint.
 	 *
@@ -251,15 +226,6 @@ class User extends Actor {
 		return get_rest_url_by_path( sprintf( 'users/%d/collections/featured', $this->get__id() ) );
 	}
 
-	/**
-	 * Returns the Featured-Tags-API-Endpoint.
-	 *
-	 * @return string The Featured-Tags-Endpoint.
-	 */
-	public function get_featured_tags() {
-		return get_rest_url_by_path( sprintf( 'users/%d/collections/tags', $this->get__id() ) );
-	}
-
 	/**
 	 * Extend the User-Output with Attachments.
 	 *
@@ -315,4 +281,20 @@ class User extends Actor {
 	public function get_canonical_url() {
 		return $this->get_url();
 	}
+
+	public function get_streams() {
+		return null;
+	}
+
+	public function get_tag() {
+		return array();
+	}
+
+	public function get_indexable() {
+		if ( \get_option( 'blog_public', 1 ) ) {
+			return true;
+		} else {
+			return false;
+		}
+	}
 }

includes/rest/class-collection.php

@@ -1,9 +1,10 @@
 <?php
 namespace Activitypub\Rest;
 
+use WP_Error;
 use WP_REST_Server;
 use WP_REST_Response;
-use Activitypub\Transformer\Post;
+use Activitypub\Transformer\Transformers_Manager;
 use Activitypub\Activity\Activity;
 use Activitypub\Collection\Users as User_Collection;
 
@@ -24,7 +25,7 @@ class Collection {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
 	}
 
 	/**
@@ -56,6 +57,18 @@ class Collection {
 				),
 			)
 		);
+
+		\register_rest_route(
+			ACTIVITYPUB_REST_NAMESPACE,
+			'/collections/moderators',
+			array(
+				array(
+					'methods'             => WP_REST_Server::READABLE,
+					'callback'            => array( self::class, 'moderators_get' ),
+					'permission_callback' => '__return_true',
+				),
+			)
+		);
 	}
 
 	/**
@@ -92,7 +105,7 @@ class Collection {
 			'@context'   => Activity::CONTEXT,
 			'id'         => get_rest_url_by_path( sprintf( 'users/%d/collections/tags', $user->get__id() ) ),
 			'type'       => 'Collection',
-			'totalItems' => count( $tags ),
+			'totalItems' => is_countable( $tags ) ? count( $tags ) : 0,
 			'items'      => array(),
 		);
 
@@ -104,7 +117,10 @@ class Collection {
 			);
 		}
 
-		return new WP_REST_Response( $response, 200 );
+		$rest_response = new WP_REST_Response( $response, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
+
+		return $rest_response;
 	}
 
 	/**
@@ -147,15 +163,45 @@ class Collection {
 			'@context'     => Activity::CONTEXT,
 			'id'           => get_rest_url_by_path( sprintf( 'users/%d/collections/featured', $user_id ) ),
 			'type'         => 'OrderedCollection',
-			'totalItems'   => count( $posts ),
+			'totalItems'   => is_countable( $posts ) ? count( $posts ) : 0,
 			'orderedItems' => array(),
 		);
 
 		foreach ( $posts as $post ) {
-			$response['orderedItems'][] = Post::transform( $post )->to_object()->to_array();
+			$response['orderedItems'][] = Transformers_Manager::instance()->get_transformer( $post )->to_object()->to_array();
 		}
 
-		return new WP_REST_Response( $response, 200 );
+		$rest_response = new WP_REST_Response( $response, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
+
+		return $rest_response;
+	}
+
+	/**
+	 * Moderators endpoint
+	 *
+	 * @param WP_REST_Request $request The request object.
+	 *
+	 * @return WP_REST_Response The response object.
+	 */
+	public static function moderators_get( $request ) {
+		$response = array(
+			'@context'     => Activity::CONTEXT,
+			'id'           => get_rest_url_by_path( 'collections/moderators' ),
+			'type'         => 'OrderedCollection',
+			'orderedItems' => array(),
+		);
+
+		$users = User_Collection::get_collection();
+
+		foreach ( $users as $user ) {
+			$response['orderedItems'][] = $user->get_url();
+		}
+
+		$rest_response = new WP_REST_Response( $response, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
+
+		return $rest_response;
 	}
 
 	/**

includes/rest/class-followers.php

@@ -22,7 +22,7 @@ class Followers {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
 	}
 
 	/**
@@ -103,10 +103,10 @@ class Followers {
 			$data['followers']
 		);
 
-		$response = new WP_REST_Response( $json, 200 );
-		$response->header( 'Content-Type', 'application/activity+json' );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		return $response;
+		return $rest_response;
 	}
 
 	/**

includes/rest/class-following.php

@@ -1,6 +1,7 @@
 <?php
 namespace Activitypub\Rest;
 
+use WP_REST_Response;
 use Activitypub\Collection\Users as User_Collection;
 
 use function Activitypub\is_single_user;
@@ -18,7 +19,8 @@ class Following {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
+
 		\add_filter( 'activitypub_rest_following', array( self::class, 'default_following' ), 10, 2 );
 	}
 
@@ -73,15 +75,15 @@ class Following {
 
 		$items = apply_filters( 'activitypub_rest_following', array(), $user ); // phpcs:ignore
 
-		$json->totalItems = count( $items ); // phpcs:ignore
+		$json->totalItems = is_countable( $items ) ? count( $items ) : 0; // phpcs:ignore
 		$json->orderedItems = $items; // phpcs:ignore
 
 		$json->first = $json->partOf; // phpcs:ignore
 
-		$response = new \WP_REST_Response( $json, 200 );
-		$response->header( 'Content-Type', 'application/activity+json' );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		return $response;
+		return $rest_response;
 	}
 
 	/**

includes/rest/class-inbox.php

@@ -24,7 +24,7 @@ class Inbox {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
 
 		\add_action( 'activitypub_inbox_create', array( self::class, 'handle_create' ), 10, 2 );
 	}
@@ -38,7 +38,7 @@ class Inbox {
 			'/inbox',
 			array(
 				array(
-					'methods'             => WP_REST_Server::EDITABLE,
+					'methods'             => WP_REST_Server::CREATABLE,
 					'callback'            => array( self::class, 'shared_inbox_post' ),
 					'args'                => self::shared_inbox_post_parameters(),
 					'permission_callback' => '__return_true',
@@ -51,7 +51,7 @@ class Inbox {
 			'/users/(?P<user_id>[\w\-\.]+)/inbox',
 			array(
 				array(
-					'methods'             => WP_REST_Server::EDITABLE,
+					'methods'             => WP_REST_Server::CREATABLE,
 					'callback'            => array( self::class, 'user_inbox_post' ),
 					'args'                => self::user_inbox_post_parameters(),
 					'permission_callback' => '__return_true',
@@ -109,11 +109,10 @@ class Inbox {
 		 */
 		\do_action( 'activitypub_inbox_post' );
 
-		$response = new WP_REST_Response( $json, 200 );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		$response->header( 'Content-Type', 'application/activity+json' );
-
-		return $response;
+		return $rest_response;
 	}
 
 	/**
@@ -131,14 +130,17 @@ class Inbox {
 			return $user;
 		}
 
-		$data = $request->get_params();
+		$data = $request->get_json_params();
 		$type = $request->get_param( 'type' );
 		$type = \strtolower( $type );
 
 		\do_action( 'activitypub_inbox', $data, $user->get__id(), $type );
 		\do_action( "activitypub_inbox_{$type}", $data, $user->get__id() );
 
-		return new WP_REST_Response( array(), 202 );
+		$rest_response = new WP_REST_Response( array(), 202 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
+
+		return $rest_response;
 	}
 
 	/**
@@ -149,7 +151,7 @@ class Inbox {
 	 * @return WP_REST_Response
 	 */
 	public static function shared_inbox_post( $request ) {
-		$data = $request->get_params();
+		$data = $request->get_json_params();
 		$type = $request->get_param( 'type' );
 		$users = self::extract_recipients( $data );
 
@@ -158,7 +160,7 @@ class Inbox {
 				'rest_invalid_param',
 				\__( 'No recipients found', 'activitypub' ),
 				array(
-					'status' => 404,
+					'status' => 400,
 					'params' => array(
 						'to' => \__( 'Please check/validate "to" field', 'activitypub' ),
 						'bto' => \__( 'Please check/validate "bto" field', 'activitypub' ),
@@ -183,7 +185,10 @@ class Inbox {
 			\do_action( "activitypub_inbox_{$type}", $data, $user->ID );
 		}
 
-		return new WP_REST_Response( array(), 202 );
+		$rest_response = new WP_REST_Response( array(), 202 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
+
+		return $rest_response;
 	}
 
 	/**
@@ -231,8 +236,12 @@ class Inbox {
 		$params['actor'] = array(
 			'required' => true,
 			'sanitize_callback' => function( $param, $request, $key ) {
-				if ( ! \is_string( $param ) ) {
-					$param = $param['id'];
+				if ( \is_array( $param ) ) {
+					if ( isset( $param['id'] ) ) {
+						$param = $param['id'];
+					} else {
+						$param = $param['url'];
+					}
 				}
 				return \esc_url_raw( $param );
 			},
@@ -331,61 +340,6 @@ class Inbox {
 		return $params;
 	}
 
-	/**
-	 * Handles "Reaction" requests
-	 *
-	 * @param  array $object  The activity-object
-	 * @param  int   $user_id The id of the local blog-user
-	 */
-	public static function handle_reaction( $object, $user_id ) {
-		$meta = get_remote_metadata_by_actor( $object['actor'] );
-
-		$comment_post_id = \url_to_postid( $object['object'] );
-
-		// save only replys and reactions
-		if ( ! $comment_post_id ) {
-			return false;
-		}
-
-		$commentdata = array(
-			'comment_post_ID' => $comment_post_id,
-			'comment_author' => \esc_attr( $meta['name'] ),
-			'comment_author_email' => '',
-			'comment_author_url' => \esc_url_raw( $object['actor'] ),
-			'comment_content' => \esc_url_raw( $object['actor'] ),
-			'comment_type' => \esc_attr( \strtolower( $object['type'] ) ),
-			'comment_parent' => 0,
-			'comment_meta' => array(
-				'source_url' => \esc_url_raw( $object['id'] ),
-				'avatar_url' => \esc_url_raw( $meta['icon']['url'] ),
-				'protocol' => 'activitypub',
-			),
-		);
-
-		// disable flood control
-		\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
-
-		// do not require email for AP entries
-		\add_filter( 'pre_option_require_name_email', '__return_false' );
-
-		// No nonce possible for this submission route
-		\add_filter(
-			'akismet_comment_nonce',
-			function() {
-				return 'inactive';
-			}
-		);
-
-		$state = \wp_new_comment( $commentdata, true );
-
-		\remove_filter( 'pre_option_require_name_email', '__return_false' );
-
-		// re-add flood control
-		\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
-
-		do_action( 'activitypub_handled_reaction', $object, $user_id, $state, $commentdata );
-	}
-
 	/**
 	 * Handles "Create" requests
 	 *
@@ -416,7 +370,7 @@ class Inbox {
 			'comment_post_ID' => $comment_post_id,
 			'comment_author' => \esc_attr( $meta['name'] ),
 			'comment_author_url' => \esc_url_raw( $object['actor'] ),
-			'comment_content' => \wp_filter_kses( $object['object']['content'] ),
+			'comment_content' => addslashes( \wp_kses( $object['object']['content'], 'pre_comment_content' ) ),
 			'comment_type' => 'comment',
 			'comment_author_email' => '',
 			'comment_parent' => 0,
@@ -441,8 +395,11 @@ class Inbox {
 			}
 		);
 
+		\add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 );
+
 		$state = \wp_new_comment( $commentdata, true );
 
+		\remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ) );
 		\remove_filter( 'pre_option_require_name_email', '__return_false' );
 
 		// re-add flood control
@@ -471,7 +428,7 @@ class Inbox {
 				$recipient_items = array_merge( $recipient_items, $recipient );
 			}
 
-			if ( array_key_exists( $i, $data['object'] ) ) {
+			if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) {
 				if ( is_array( $data['object'][ $i ] ) ) {
 					$recipient = $data['object'][ $i ];
 				} else {
@@ -533,4 +490,29 @@ class Inbox {
 
 		return in_array( 'https://www.w3.org/ns/activitystreams#Public', $recipients, true );
 	}
+
+	/**
+	 * Adds line breaks to the list of allowed comment tags.
+	 *
+	 * @param  array  $allowedtags Allowed HTML tags.
+	 * @param  string $context     Context.
+	 * @return array               Filtered tag list.
+	 */
+	public static function allowed_comment_html( $allowedtags, $context = '' ) {
+		if ( 'pre_comment_content' !== $context ) {
+			// Do nothing.
+			return $allowedtags;
+		}
+
+		// Add `p` and `br` to the list of allowed tags.
+		if ( ! array_key_exists( 'br', $allowedtags ) ) {
+			$allowedtags['br'] = array();
+		}
+
+		if ( ! array_key_exists( 'p', $allowedtags ) ) {
+			$allowedtags['p'] = array();
+		}
+
+		return $allowedtags;
+	}
 }

includes/rest/class-nodeinfo.php

@@ -3,6 +3,8 @@ namespace Activitypub\Rest;
 
 use WP_REST_Response;
 
+use function Activitypub\get_total_users;
+use function Activitypub\get_active_users;
 use function Activitypub\get_rest_url_by_path;
 
 /**
@@ -17,9 +19,7 @@ class Nodeinfo {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
-		\add_filter( 'nodeinfo_data', array( self::class, 'add_nodeinfo_discovery' ), 10, 2 );
-		\add_filter( 'nodeinfo2_data', array( self::class, 'add_nodeinfo2_discovery' ), 10 );
+		self::register_routes();
 	}
 
 	/**
@@ -84,24 +84,14 @@ class Nodeinfo {
 			'version' => \get_bloginfo( 'version' ),
 		);
 
-		$users = \get_users(
-			array(
-				'capability__in' => array( 'publish_posts' ),
-			)
-		);
-
-		if ( is_array( $users ) ) {
-			$users = count( $users );
-		} else {
-			$users = 1;
-		}
-
 		$posts = \wp_count_posts();
 		$comments = \wp_count_comments();
 
 		$nodeinfo['usage'] = array(
 			'users' => array(
-				'total' => $users,
+				'total'          => get_total_users(),
+				'activeMonth'    => get_active_users( '1 month ago' ),
+				'activeHalfyear' => get_active_users( '6 month ago' ),
 			),
 			'localPosts' => (int) $posts->publish,
 			'localComments' => (int) $comments->approved,
@@ -141,24 +131,14 @@ class Nodeinfo {
 			'version' => \get_bloginfo( 'version' ),
 		);
 
-		$users = \get_users(
-			array(
-				'capability__in' => array( 'publish_posts' ),
-			)
-		);
-
-		if ( is_array( $users ) ) {
-			$users = count( $users );
-		} else {
-			$users = 1;
-		}
-
 		$posts = \wp_count_posts();
 		$comments = \wp_count_comments();
 
 		$nodeinfo['usage'] = array(
 			'users' => array(
-				'total' => (int) $users,
+				'total'          => get_total_users(),
+				'activeMonth'    => get_active_users( 1 ),
+				'activeHalfyear' => get_active_users( 6 ),
 			),
 			'localPosts' => (int) $posts->publish,
 			'localComments' => (int) $comments->approved,
@@ -193,36 +173,4 @@ class Nodeinfo {
 
 		return new \WP_REST_Response( $discovery, 200 );
 	}
-
-	/**
-	 * Extend NodeInfo data
-	 *
-	 * @param array  $nodeinfo NodeInfo data
-	 * @param string           The NodeInfo Version
-	 *
-	 * @return array           The extended array
-	 */
-	public static function add_nodeinfo_discovery( $nodeinfo, $version ) {
-		if ( '2.0' === $version ) {
-			$nodeinfo['protocols'][] = 'activitypub';
-		} else {
-			$nodeinfo['protocols']['inbound'][]  = 'activitypub';
-			$nodeinfo['protocols']['outbound'][] = 'activitypub';
-		}
-
-		return $nodeinfo;
-	}
-
-	/**
-	 * Extend NodeInfo2 data
-	 *
-	 * @param  array $nodeinfo NodeInfo2 data
-	 *
-	 * @return array           The extended array
-	 */
-	public static function add_nodeinfo2_discovery( $nodeinfo ) {
-		$nodeinfo['protocols'][] = 'activitypub';
-
-		return $nodeinfo;
-	}
 }

includes/rest/class-ostatus.php

@@ -1,33 +0,0 @@
-<?php
-namespace Activitypub\Rest;
-
-/**
- * ActivityPub OStatus REST-Class
- *
- * @author Matthias Pfefferle
- *
- * @see https://www.w3.org/community/ostatus/
- */
-class Ostatus {
-	/**
-	 * Register routes
-	 */
-	public static function register_routes() {
-		\register_rest_route(
-			ACTIVITYPUB_REST_NAMESPACE,
-			'/ostatus/remote-follow',
-			array(
-				array(
-					'methods'             => \WP_REST_Server::READABLE,
-					'callback'            => array( '\Activitypub\Rest\Ostatus', 'get' ),
-					// 'args'     => self::request_parameters(),
-					'permission_callback' => '__return_true',
-				),
-			)
-		);
-	}
-
-	public static function get() {
-		// @todo implement
-	}
-}

includes/rest/class-outbox.php

@@ -5,7 +5,7 @@ use stdClass;
 use WP_Error;
 use WP_REST_Server;
 use WP_REST_Response;
-use Activitypub\Transformer\Post;
+use Activitypub\Transformer\Transformers_Manager;
 use Activitypub\Activity\Activity;
 use Activitypub\Collection\Users as User_Collection;
 
@@ -24,7 +24,7 @@ class Outbox {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
 	}
 
 	/**
@@ -59,7 +59,7 @@ class Outbox {
 			return $user;
 		}
 
-		$post_types = \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) );
+		$post_types = array_keys( \get_option( 'activitypub_transformer_mapping', array( 'post' => 'activitypub/default', 'page' => 'activitypub/default' ) ) );
 
 		$page = $request->get_param( 'page', 1 );
 
@@ -105,7 +105,8 @@ class Outbox {
 			);
 
 			foreach ( $posts as $post ) {
-				$post = Post::transform( $post )->to_object();
+				$transformer = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( $post );
+				$post = $transformer->to_object();
 				$activity = new Activity();
 				$activity->set_type( 'Create' );
 				$activity->set_context( null );
@@ -123,11 +124,10 @@ class Outbox {
 		 */
 		\do_action( 'activitypub_outbox_post' );
 
-		$response = new WP_REST_Response( $json, 200 );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		$response->header( 'Content-Type', 'application/activity+json' );
-
-		return $response;
+		return $rest_response;
 	}
 
 	/**

includes/rest/class-server.php

@@ -2,6 +2,7 @@
 namespace Activitypub\Rest;
 
 use stdClass;
+use WP_Error;
 use WP_REST_Response;
 use Activitypub\Signature;
 use Activitypub\Model\Application_User;
@@ -18,7 +19,8 @@ class Server {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
+
 		\add_filter( 'rest_request_before_callbacks', array( self::class, 'authorize_activitypub_requests' ), 10, 3 );
 	}
 
@@ -53,11 +55,10 @@ class Server {
 
 		$json = $user->to_array();
 
-		$response = new WP_REST_Response( $json, 200 );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		$response->header( 'Content-Type', 'application/activity+json' );
-
-		return $response;
+		return $rest_response;
 	}
 
 	/**
@@ -73,6 +74,10 @@ class Server {
 	 * @return mixed|WP_Error The response, error, or modified response.
 	 */
 	public static function authorize_activitypub_requests( $response, $handler, $request ) {
+		if ( 'HEAD' === $request->get_method() ) {
+			return $response;
+		}
+
 		$route = $request->get_route();
 
 		// check if it is an activitypub request and exclude webfinger and nodeinfo endpoints
@@ -84,17 +89,34 @@ class Server {
 			return $response;
 		}
 
+		/**
+		 * Filter to defer signature verification
+		 *
+		 * Skip signature verification for debugging purposes or to reduce load for
+		 * certain Activity-Types, like "Delete".
+		 *
+		 * @param bool            $defer   Whether to defer signature verification.
+		 * @param WP_REST_Request $request The request used to generate the response.
+		 *
+		 * @return bool Whether to defer signature verification.
+		 */
+		$defer = \apply_filters( 'activitypub_defer_signature_verification', false, $request );
+
+		if ( $defer ) {
+			return $response;
+		}
+
 		// POST-Requets are always signed
-		if ( 'post' === \strtolower( $request->get_method() ) ) {
+		if ( 'GET' !== $request->get_method() ) {
 			$verified_request = Signature::verify_http_signature( $request );
 			if ( \is_wp_error( $verified_request ) ) {
-				return $verified_request;
+				return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) );
 			}
-		} elseif ( 'get' === \strtolower( $request->get_method() ) ) { // GET-Requests are only signed in secure mode
+		} elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode
 			if ( ACTIVITYPUB_AUTHORIZED_FETCH ) {
 				$verified_request = Signature::verify_http_signature( $request );
 				if ( \is_wp_error( $verified_request ) ) {
-					return $verified_request;
+					return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) );
 				}
 			}
 		}

includes/rest/class-users.php

@@ -23,7 +23,7 @@ class Users {
 	 * Initialize the class, registering WordPress hooks
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
+		self::register_routes();
 	}
 
 	/**
@@ -95,10 +95,10 @@ class Users {
 
 		$json = $user->to_array();
 
-		$response = new WP_REST_Response( $json, 200 );
-		$response->header( 'Content-Type', 'application/activity+json' );
+		$rest_response = new WP_REST_Response( $json, 200 );
+		$rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) );
 
-		return $response;
+		return $rest_response;
 	}
 
 

includes/rest/class-webfinger.php

@@ -19,9 +19,7 @@ class Webfinger {
 	 * @return void
 	 */
 	public static function init() {
-		\add_action( 'rest_api_init', array( self::class, 'register_routes' ) );
-		\add_filter( 'webfinger_user_data', array( self::class, 'add_user_discovery' ), 10, 3 );
-		\add_filter( 'webfinger_data', array( self::class, 'add_pseudo_user_discovery' ), 99, 2 );
+		self::register_routes();
 	}
 
 	/**
@@ -80,44 +78,6 @@ class Webfinger {
 		return $params;
 	}
 
-	/**
-	 * Add WebFinger discovery links
-	 *
-	 * @param array   $array    the jrd array
-	 * @param string  $resource the WebFinger resource
-	 * @param WP_User $user     the WordPress user
-	 *
-	 * @return array the jrd array
-	 */
-	public static function add_user_discovery( $array, $resource, $user ) {
-		$user = User_Collection::get_by_id( $user->ID );
-
-		$array['links'][] = array(
-			'rel'  => 'self',
-			'type' => 'application/activity+json',
-			'href' => $user->get_url(),
-		);
-
-		return $array;
-	}
-
-	/**
-	 * Add WebFinger discovery links
-	 *
-	 * @param array   $array    the jrd array
-	 * @param string  $resource the WebFinger resource
-	 * @param WP_User $user     the WordPress user
-	 *
-	 * @return array the jrd array
-	 */
-	public static function add_pseudo_user_discovery( $array, $resource ) {
-		if ( $array ) {
-			return $array;
-		}
-
-		return self::get_profile( $resource );
-	}
-
 	/**
 	 * Get the WebFinger profile.
 	 *

includes/table/class-followers.php

@@ -30,19 +30,24 @@ class Followers extends WP_List_Table {
 
 	public function get_columns() {
 		return array(
-			'cb'           => '<input type="checkbox" />',
-			'avatar'       => \__( 'Avatar', 'activitypub' ),
-			'name'         => \__( 'Name', 'activitypub' ),
-			'username'     => \__( 'Username', 'activitypub' ),
-			'url'          => \__( 'URL', 'activitypub' ),
-			'updated'      => \__( 'Last updated', 'activitypub' ),
-			//'errors'       => \__( 'Errors', 'activitypub' ),
-			//'latest-error' => \__( 'Latest Error Message', 'activitypub' ),
+			'cb'         => '<input type="checkbox" />',
+			'avatar'     => \__( 'Avatar', 'activitypub' ),
+			'post_title' => \__( 'Name', 'activitypub' ),
+			'username'   => \__( 'Username', 'activitypub' ),
+			'url'        => \__( 'URL', 'activitypub' ),
+			'published'  => \__( 'Followed', 'activitypub' ),
+			'modified'   => \__( 'Last updated', 'activitypub' ),
 		);
 	}
 
 	public function get_sortable_columns() {
-		return array();
+		$sortable_columns = array(
+			'post_title' => array( 'post_title', true ),
+			'modified'   => array( 'modified', false ),
+			'published'  => array( 'published', false ),
+		);
+
+		return $sortable_columns;
 	}
 
 	public function prepare_items() {
@@ -55,8 +60,32 @@ class Followers extends WP_List_Table {
 		$page_num = $this->get_pagenum();
 		$per_page = 20;
 
-		$followers = FollowerCollection::get_followers( $this->user_id, $per_page, $page_num );
-		$counter   = FollowerCollection::count_followers( $this->user_id );
+		$args = array();
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['orderby'] ) ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$args['orderby'] = sanitize_text_field( wp_unslash( $_GET['orderby'] ) );
+		}
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['order'] ) ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$args['order'] = sanitize_text_field( wp_unslash( $_GET['order'] ) );
+		}
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['s'] ) && isset( $_REQUEST['_wpnonce'] ) ) {
+			$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
+			if ( wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) {
+				// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+				$args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) );
+			}
+		}
+
+		$followers_with_count = FollowerCollection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args );
+		$followers            = $followers_with_count['followers'];
+		$counter              = $followers_with_count['total'];
 
 		$this->items = array();
 		$this->set_pagination_args(
@@ -69,14 +98,13 @@ class Followers extends WP_List_Table {
 
 		foreach ( $followers as $follower ) {
 			$item = array(
-				'icon'         => esc_attr( $follower->get_icon_url() ),
-				'name'         => esc_attr( $follower->get_name() ),
-				'username'     => esc_attr( $follower->get_preferred_username() ),
-				'url'          => esc_attr( $follower->get_url() ),
-				'identifier'   => esc_attr( $follower->get_id() ),
-				'updated'      => esc_attr( $follower->get_updated() ),
-				'errors'       => $follower->count_errors(),
-				'latest-error' => $follower->get_latest_error_message(),
+				'icon'       => esc_attr( $follower->get_icon_url() ),
+				'post_title' => esc_attr( $follower->get_name() ),
+				'username'   => esc_attr( $follower->get_preferred_username() ),
+				'url'        => esc_attr( $follower->get_url() ),
+				'identifier' => esc_attr( $follower->get_id() ),
+				'published'  => esc_attr( $follower->get_published() ),
+				'modified'   => esc_attr( $follower->get_updated() ),
 			);
 
 			$this->items[] = $item;
@@ -116,11 +144,11 @@ class Followers extends WP_List_Table {
 	}
 
 	public function process_action() {
-		if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_apnonce'] ) ) {
+		if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_wpnonce'] ) ) {
 			return false;
 		}
-		$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_apnonce'] ) );
-		if ( ! wp_verify_nonce( $nonce, 'activitypub-followers-list' ) ) {
+		$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
+		if ( ! wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) {
 			return false;
 		}
 

includes/transformer/class-base.php

@@ -0,0 +1,619 @@
+<?php
+/**
+ * Inspired by the PHP ActivityPub Library by @Landrok
+ *
+ * @link https://github.com/landrok/activitypub
+ */
+namespace Activitypub\Transformer;
+
+use WP_Post;
+use Activitypub\Collection\Users;
+use Activitypub\Model\Blog_User;
+use Activitypub\Activity\Base_Object;
+use Activitypub\Shortcodes;
+
+use function Activitypub\esc_hashtag;
+use function Activitypub\is_single_user;
+use function Activitypub\get_rest_url_by_path;
+use function Activitypub\site_supports_blocks;
+
+/**
+ * Base class to implement WordPress to ActivityPub transformers.
+ */
+abstract class Base {
+	/**
+	 * The WP_Post object.
+	 *
+	 * @var WP_Post
+	 */
+	protected $wp_post;
+
+	/**
+	 * Assign WP_Post Object to a specific transformer instance.
+	 *
+	 * This helps to chain the output of the Transformer.
+	 *
+	 * @param WP_Post $wp_post The WP_Post object.
+	 * @return void
+	 */
+	public function set_wp_post( WP_Post $wp_post ) {
+		$post_type = get_post_type( $wp_post );
+		if ( ! $this->supports_post_type( $post_type ) ) {
+			_doing_it_wrong(
+				__METHOD__,
+				/* translators: %s: Block name. */
+				sprintf( 'The Transformer "%s" does not support the post type "%s".', esc_html( $this->get_label() ), esc_html( $post_type ) ),
+				'version_number_transformer_management_placeholder'
+			);
+		}
+		$this->wp_post = $wp_post;
+	}
+
+	/**
+	 * Get the supported WP post types that the transformer can use as an input.
+	 *
+	 * By default all post types are supported.
+	 * You may very likely wish to override this function.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @return string[] An array containing all the supported post types.
+	 */
+	public function get_supported_post_types() {
+		return \get_post_types( array( 'public' => true ), 'names' );
+	}
+
+	/**
+	 * Get the name of the plugin that registered the transformer.
+	 *
+	 * @see Forked from the WordPress elementor plugin.
+	 * @since version_number_transformer_management_placeholder
+	 * @return string Plugin name
+	 */
+	private function get_plugin_name_from_transformer_instance( $transformer ) {
+		$class_reflection = new \ReflectionClass( $transformer );
+
+		$plugin_basename = plugin_basename( $class_reflection->getFileName() );
+
+		$plugin_directory = strtok( $plugin_basename, '/' );
+
+		$plugins_data = get_plugins( '/' . $plugin_directory );
+		$plugin_data  = array_shift( $plugins_data );
+
+		if ( isset( $plugin_data['Name'] ) ) {
+			return $plugin_data['Name'];
+		} else {
+			return esc_html__( 'Unknown', 'activitypub' );
+		}
+	}
+
+	/**
+	 * Return whether the transformer supports a post type.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @return string post_type Post type name.
+	 */
+	final public function supports_post_type( $post_type ) {
+		return in_array( $post_type, $this->get_supported_post_types(), true );
+	}
+
+	/**
+	 * Get the name used for registering the transformer with the ActivityPub plugin.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @return string name
+	 */
+	abstract public function get_name();
+
+	/**
+	 * Get the display name for the ActivityPub transformer.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @return string display name
+	 */
+	abstract public function get_label();
+
+	/**
+	 * Returns the ActivityStreams 2.0 Object-Type for a Post.
+	 *
+	 * @see https://www.w3.org/TR/activitystreams-vocabulary/#activity-types
+	 *
+	 * @return string The Object-Type.
+	 */
+	abstract protected function get_object_type();
+
+	/**
+	 * Returns the content for the ActivityPub Item.
+	 *
+	 * The content will be generated based on the user settings.
+	 *
+	 * @return string The content.
+	 */
+	protected function get_content() {
+		global $post;
+
+		/**
+		 * Provides an action hook so plugins can add their own hooks/filters before AP content is generated.
+		 *
+		 * Example: if a plugin adds a filter to `the_content` to add a button to the end of posts, it can also remove that filter here.
+		 *
+		 * @param WP_Post $post The post object.
+		 */
+		do_action( 'activitypub_before_get_content', $post );
+
+		// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
+		$post    = $this->wp_post;
+		$content = $this->get_post_content_template();
+
+		// Register our shortcodes just in time.
+		Shortcodes::register();
+		// Fill in the shortcodes.
+		setup_postdata( $post );
+		$content = do_shortcode( $content );
+		wp_reset_postdata();
+
+		$content = \wpautop( $content );
+		$content = \preg_replace( '/[\n\r\t]/', '', $content );
+		$content = \trim( $content );
+
+		$content = \apply_filters( 'activitypub_the_content', $content, $post );
+
+		// Don't need these any more, should never appear in a post.
+		Shortcodes::unregister();
+
+		return $content;
+	}
+
+	/**
+	 * Gets the template to use to generate the content of the activitypub item.
+	 *
+	 * @return string The Template.
+	 */
+	protected function get_post_content_template() {
+		if ( 'excerpt' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
+			return "[ap_excerpt]\n\n[ap_permalink type=\"html\"]";
+		}
+
+		if ( 'title' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
+			return "[ap_title]\n\n[ap_permalink type=\"html\"]";
+		}
+
+		if ( 'content' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
+			return "[ap_content]\n\n[ap_permalink type=\"html\"]\n\n[ap_hashtags]";
+		}
+
+		return \get_option( 'activitypub_custom_post_content', ACTIVITYPUB_CUSTOM_POST_CONTENT );
+	}
+
+	/**
+	 * Returns the ID of the Post.
+	 *
+	 * @return string The Posts ID.
+	 */
+	public function get_id() {
+		return $this->get_url();
+	}
+
+	/**
+	 * Returns the URL of the Post.
+	 *
+	 * @return string The Posts URL.
+	 */
+	public function get_url() {
+		$post = $this->wp_post;
+
+		if ( 'trash' === get_post_status( $post ) ) {
+			$permalink = \get_post_meta( $post->ID, 'activitypub_canonical_url', true );
+		} else {
+			$permalink = \get_permalink( $post );
+		}
+
+		return \esc_url( $permalink );
+	}
+
+	/**
+	 * Returns the User-URL of the Author of the Post.
+	 *
+	 * If `single_user` mode is enabled, the URL of the Blog-User is returned.
+	 *
+	 * @return string The User-URL.
+	 */
+	protected function get_attributed_to() {
+		if ( is_single_user() ) {
+			$user = new Blog_User();
+			return $user->get_url();
+		}
+
+		return Users::get_by_id( $this->wp_post->post_author )->get_url();
+	}
+
+	/**
+	 * Generates all Media Attachments for a Post.
+	 *
+	 * @return array The Attachments.
+	 */
+	protected function get_attachments() {
+		// Once upon a time we only supported images, but we now support audio/video as well.
+		// We maintain the image-centric naming for backwards compatibility.
+		$max_media = intval( \apply_filters( 'activitypub_max_image_attachments', \get_option( 'activitypub_max_image_attachments', ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS ) ) );
+
+		if ( site_supports_blocks() && \has_blocks( $this->wp_post->post_content ) ) {
+			return $this->get_block_attachments( $max_media );
+		}
+
+		return $this->get_classic_editor_images( $max_media );
+	}
+
+	/**
+	 * Get media attachments from blocks. They will be formatted as ActivityPub attachments, not as WP attachments.
+	 *
+	 * @param int $max_media The maximum number of attachments to return.
+	 *
+	 * @return array The attachments.
+	 */
+	protected function get_block_attachments( $max_media ) {
+		// max media can't be negative or zero
+		if ( $max_media <= 0 ) {
+			return array();
+		}
+
+		$id = $this->wp_post->ID;
+
+		$media_ids = array();
+
+		// list post thumbnail first if this post has one
+		if ( \function_exists( 'has_post_thumbnail' ) && \has_post_thumbnail( $id ) ) {
+			$media_ids[] = \get_post_thumbnail_id( $id );
+		}
+
+		if ( $max_media > 0 ) {
+			$blocks    = \parse_blocks( $this->wp_post->post_content );
+			$media_ids = self::get_media_ids_from_blocks( $blocks, $media_ids, $max_media );
+		}
+
+		return \array_filter( \array_map( array( self::class, 'wp_attachment_to_activity_attachment' ), $media_ids ) );
+	}
+
+	/**
+	 * Get image attachments from the classic editor.
+	 * Note that audio/video attachments are only supported in the block editor.
+	 *
+	 * @param int $max_images The maximum number of images to return.
+	 *
+	 * @return array The attachments.
+	 */
+	protected function get_classic_editor_images( $max_images ) {
+		// max images can't be negative or zero
+		if ( $max_images <= 0 ) {
+			return array();
+		}
+
+		$id = $this->wp_post->ID;
+
+		$image_ids = array();
+
+		// list post thumbnail first if this post has one
+		if ( \function_exists( 'has_post_thumbnail' ) && \has_post_thumbnail( $id ) ) {
+			$image_ids[] = \get_post_thumbnail_id( $id );
+			--$max_images;
+		}
+
+		if ( $max_images > 0 ) {
+			$query = new \WP_Query(
+				array(
+					'post_parent'    => $id,
+					'post_status'    => 'inherit',
+					'post_type'      => 'attachment',
+					'post_mime_type' => 'image',
+					'order'          => 'ASC',
+					'orderby'        => 'menu_order ID',
+					'posts_per_page' => $max_images,
+				)
+			);
+			foreach ( $query->get_posts() as $attachment ) {
+				if ( ! \in_array( $attachment->ID, $image_ids, true ) ) {
+					$image_ids[] = $attachment->ID;
+				}
+			}
+		}
+		$image_ids = \array_unique( $image_ids );
+
+		return \array_filter( \array_map( array( self::class, 'wp_attachment_to_activity_attachment' ), $image_ids ) );
+	}
+
+	/**
+	 * Recursively get media IDs from blocks.
+	 *
+	 * @param array $blocks The blocks to search for media IDs
+	 * @param array $media_ids The media IDs to append new IDs to
+	 * @param int   $max_media The maximum number of media to return.
+	 *
+	 * @return array The image IDs.
+	 */
+	protected static function get_media_ids_from_blocks( $blocks, $media_ids, $max_media ) {
+
+		foreach ( $blocks as $block ) {
+			// recurse into inner blocks
+			if ( ! empty( $block['innerBlocks'] ) ) {
+				$media_ids = self::get_media_ids_from_blocks( $block['innerBlocks'], $media_ids, $max_media );
+			}
+
+			switch ( $block['blockName'] ) {
+				case 'core/image':
+				case 'core/cover':
+				case 'core/audio':
+				case 'core/video':
+				case 'videopress/video':
+					if ( ! empty( $block['attrs']['id'] ) ) {
+						$media_ids[] = $block['attrs']['id'];
+					}
+					break;
+				case 'jetpack/slideshow':
+				case 'jetpack/tiled-gallery':
+					if ( ! empty( $block['attrs']['ids'] ) ) {
+						$media_ids = array_merge( $media_ids, $block['attrs']['ids'] );
+					}
+					break;
+				case 'jetpack/image-compare':
+					if ( ! empty( $block['attrs']['beforeImageId'] ) ) {
+						$media_ids[] = $block['attrs']['beforeImageId'];
+					}
+					if ( ! empty( $block['attrs']['afterImageId'] ) ) {
+						$media_ids[] = $block['attrs']['afterImageId'];
+					}
+					break;
+			}
+
+			// depupe
+			$media_ids = \array_unique( $media_ids );
+
+			// stop doing unneeded work
+			if ( count( $media_ids ) >= $max_media ) {
+				break;
+			}
+		}
+
+		// still need to slice it because one gallery could knock us over the limit
+		return array_slice( $media_ids, 0, $max_media );
+	}
+
+	/**
+	 * Converts a WordPress Attachment to an ActivityPub Attachment.
+	 *
+	 * @param int $id The Attachment ID.
+	 *
+	 * @return array The ActivityPub Attachment.
+	 */
+	public static function wp_attachment_to_activity_attachment( $id ) {
+		$attachment      = array();
+		$mime_type       = \get_post_mime_type( $id );
+		$mime_type_parts = \explode( '/', $mime_type );
+		// switching on image/audio/video
+		switch ( $mime_type_parts[0] ) {
+			case 'image':
+				$image_size = 'full';
+
+				/**
+				 * Filter the image URL returned for each post.
+				 *
+				 * @param array|false $thumbnail The image URL, or false if no image is available.
+				 * @param int         $id        The attachment ID.
+				 * @param string      $image_size The image size to retrieve. Set to 'full' by default.
+				 */
+				$thumbnail = apply_filters(
+					'activitypub_get_image',
+					self::get_image( $id, $image_size ),
+					$id,
+					$image_size
+				);
+
+				if ( $thumbnail ) {
+					$alt   = \get_post_meta( $id, '_wp_attachment_image_alt', true );
+					$image = array(
+						'type'      => 'Image',
+						'url'       => $thumbnail[0],
+						'mediaType' => $mime_type,
+					);
+
+					if ( $alt ) {
+						$image['name'] = $alt;
+					}
+					$attachment = $image;
+				}
+				break;
+
+			case 'audio':
+			case 'video':
+				$attachment = array(
+					'type'      => 'Document',
+					'mediaType' => $mime_type,
+					'url'       => \wp_get_attachment_url( $id ),
+					'name'      => \get_the_title( $id ),
+				);
+				$meta       = wp_get_attachment_metadata( $id );
+				// height and width for videos
+				if ( isset( $meta['width'] ) && isset( $meta['height'] ) ) {
+					$attachment['width']  = $meta['width'];
+					$attachment['height'] = $meta['height'];
+				}
+				// @todo: add `icon` support for audio/video attachments. Maybe use post thumbnail?
+				break;
+		}
+
+		return \apply_filters( 'activitypub_attachment', $attachment, $id );
+	}
+
+	/**
+	 * Return details about an image attachment.
+	 *
+	 * @param int    $id         The attachment ID.
+	 * @param string $image_size The image size to retrieve. Set to 'full' by default.
+	 *
+	 * @return array|false Array of image data, or boolean false if no image is available.
+	 */
+	protected static function get_image( $id, $image_size = 'full' ) {
+		/**
+		 * Hook into the image retrieval process. Before image retrieval.
+		 *
+		 * @param int    $id         The attachment ID.
+		 * @param string $image_size The image size to retrieve. Set to 'full' by default.
+		 */
+		do_action( 'activitypub_get_image_pre', $id, $image_size );
+
+		$image = \wp_get_attachment_image_src( $id, $image_size );
+
+		/**
+		 * Hook into the image retrieval process. After image retrieval.
+		 *
+		 * @param int    $id         The attachment ID.
+		 * @param string $image_size The image size to retrieve. Set to 'full' by default.
+		 */
+		do_action( 'activitypub_get_image_post', $id, $image_size );
+
+		return $image;
+	}
+
+
+	/**
+	 * Helper function to get the @-Mentions from the post content.
+	 *
+	 * @return array The list of @-Mentions.
+	 */
+	protected function get_mentions() {
+		return apply_filters( 'activitypub_extract_mentions', array(), $this->wp_post->post_content, $this->wp_post );
+	}
+
+		/**
+		 * Returns a list of Mentions, used in the Post.
+		 *
+		 * @see https://docs.joinmastodon.org/spec/activitypub/#Mention
+		 *
+		 * @return array The list of Mentions.
+		 */
+	protected function get_cc() {
+		$cc = array();
+
+		$mentions = $this->get_mentions();
+		if ( $mentions ) {
+			foreach ( $mentions as $url ) {
+				$cc[] = $url;
+			}
+		}
+
+		return $cc;
+	}
+
+	/**
+	 * Returns a list of Tags, used in the Post.
+	 *
+	 * This includes Hash-Tags and Mentions.
+	 *
+	 * @return array The list of Tags.
+	 */
+	protected function get_tags() {
+		$tags = array();
+
+		$post_tags = \get_the_tags( $this->wp_post->ID );
+		if ( $post_tags ) {
+			foreach ( $post_tags as $post_tag ) {
+				$tag    = array(
+					'type' => 'Hashtag',
+					'href' => \esc_url( \get_tag_link( $post_tag->term_id ) ),
+					'name' => esc_hashtag( $post_tag->name ),
+				);
+				$tags[] = $tag;
+			}
+		}
+
+		$mentions = $this->get_mentions();
+		if ( $mentions ) {
+			foreach ( $mentions as $mention => $url ) {
+				$tag    = array(
+					'type' => 'Mention',
+					'href' => \esc_url( $url ),
+					'name' => \esc_html( $mention ),
+				);
+				$tags[] = $tag;
+			}
+		}
+
+		return $tags;
+	}
+
+
+	/**
+	 * Returns the locale of the post.
+	 *
+	 * @return string The locale of the post.
+	 */
+	public function get_locale() {
+		$post_id = $this->wp_post->ID;
+		$lang    = \strtolower( \strtok( \get_locale(), '_-' ) );
+
+		/**
+		 * Filter the locale of the post.
+		 *
+		 * @param string  $lang    The locale of the post.
+		 * @param int     $post_id The post ID.
+		 * @param WP_Post $post    The post object.
+		 *
+		 * @return string The filtered locale of the post.
+		 */
+		return apply_filters( 'activitypub_post_locale', $lang, $post_id, $this->wp_post );
+	}
+
+	/**
+	 * Gets the contentMap
+	 *
+	 * @see https://www.w3.org/TR/activitystreams-vocabulary/#dfn-contentmap
+	 *
+	 * @return array the contenmap
+	 */
+	protected function get_content_map() {
+		return array(
+			$this->get_locale() => $this->get_content(),
+		);
+	}
+
+	/**
+	 * Transforms the WP_Post object to an ActivityPub Object
+	 *
+	 * @see \Activitypub\Activity\Base_Object
+	 *
+	 * @return \Activitypub\Activity\Base_Object The ActivityPub Object
+	 */
+	public function to_object() {
+		$wp_post = $this->wp_post;
+		$object  = new Base_Object();
+
+		$object->set_id( $this->get_id() );
+		$object->set_url( $this->get_url() );
+		$object->set_type( $this->get_object_type() );
+
+		$published = \strtotime( $wp_post->post_date_gmt );
+
+		$object->set_published( \gmdate( 'Y-m-d\TH:i:s\Z', $published ) );
+
+		$updated = \strtotime( $wp_post->post_modified_gmt );
+
+		if ( $updated > $published ) {
+			$object->set_updated( \gmdate( 'Y-m-d\TH:i:s\Z', $updated ) );
+		}
+
+		$object->set_attributed_to( $this->get_attributed_to() );
+		$object->set_content( $this->get_content() );
+		$object->set_content_map( $this->get_content_map );
+		$path = sprintf( 'users/%d/followers', intval( $wp_post->post_author ) );
+
+		$object->set_to(
+			array(
+				'https://www.w3.org/ns/activitystreams#Public',
+				get_rest_url_by_path( $path ),
+			)
+		);
+		$object->set_cc( $this->get_cc() );
+		$object->set_attachment( $this->get_attachments() );
+		$object->set_tag( $this->get_tags() );
+
+		return $object;
+	}
+}

includes/transformer/class-post.php

@@ -5,279 +5,39 @@ use WP_Post;
 use Activitypub\Collection\Users;
 use Activitypub\Model\Blog_User;
 use Activitypub\Activity\Base_Object;
+use Activitypub\Shortcodes;
+use Activitypub\Transformer\Base;
 
 use function Activitypub\esc_hashtag;
 use function Activitypub\is_single_user;
 use function Activitypub\get_rest_url_by_path;
+use function Activitypub\site_supports_blocks;
 
 /**
  * WordPress Post Transformer
- *
  * The Post Transformer is responsible for transforming a WP_Post object into different othe
  * Object-Types.
  *
  * Currently supported are:
- *
  * - Activitypub\Activity\Base_Object
  */
-class Post {
-
+class Post extends Base {
 	/**
-	 * The WP_Post object.
+	 * Getter function for the name of the transformer.
 	 *
-	 * @var WP_Post
+	 * @return string name
 	 */
-	protected $wp_post;
-
-	/**
-	 * The Allowed Tags, used in the content.
-	 *
-	 * @var array
-	 */
-	protected $allowed_tags = array(
-		'a' => array(
-			'href' => array(),
-			'title' => array(),
-			'class' => array(),
-			'rel' => array(),
-		),
-		'br' => array(),
-		'p' => array(
-			'class' => array(),
-		),
-		'span' => array(
-			'class' => array(),
-		),
-		'div' => array(
-			'class' => array(),
-		),
-		'ul' => array(),
-		'ol' => array(
-			'reversed' => array(),
-			'start'    => array(),
-		),
-		'li' => array(
-			'value' => array(),
-		),
-		'strong' => array(
-			'class' => array(),
-		),
-		'b' => array(
-			'class' => array(),
-		),
-		'i' => array(
-			'class' => array(),
-		),
-		'em' => array(
-			'class' => array(),
-		),
-		'blockquote' => array(),
-		'cite' => array(),
-		'code' => array(
-			'class' => array(),
-		),
-		'pre' => array(
-			'class' => array(),
-		),
-	);
-
-	/**
-	 * Static function to Transform a WP_Post Object.
-	 *
-	 * This helps to chain the output of the Transformer.
-	 *
-	 * @param WP_Post $wp_post The WP_Post object
-	 *
-	 * @return void
-	 */
-	public static function transform( WP_Post $wp_post ) {
-		return new static( $wp_post );
+	public function get_name() {
+		return 'activitypub/default';
 	}
 
 	/**
+	 * Getter function for the display name (label/title) of the transformer.
 	 *
-	 *
-	 * @param WP_Post $wp_post
+	 * @return string name
 	 */
-	public function __construct( WP_Post $wp_post ) {
-		$this->wp_post = $wp_post;
-	}
-
-	/**
-	 * Transforms the WP_Post object to an ActivityPub Object
-	 *
-	 * @see \Activitypub\Activity\Base_Object
-	 *
-	 * @return \Activitypub\Activity\Base_Object The ActivityPub Object
-	 */
-	public function to_object() {
-		$wp_post = $this->wp_post;
-		$object = new Base_Object();
-
-		$object->set_id( \esc_url( \get_permalink( $wp_post->ID ) ) );
-		$object->set_url( \esc_url( \get_permalink( $wp_post->ID ) ) );
-		$object->set_type( $this->get_object_type() );
-
-		$published = \strtotime( $wp_post->post_date_gmt );
-
-		$object->set_published( \gmdate( 'Y-m-d\TH:i:s\Z', $published ) );
-
-		$updated = \strtotime( $wp_post->post_modified_gmt );
-
-		if ( $updated > $published ) {
-			$object->set_updated( \gmdate( 'Y-m-d\TH:i:s\Z', $updated ) );
-		}
-
-		$object->set_attributed_to( $this->get_attributed_to() );
-		$object->set_content( $this->get_content() );
-		$object->set_content_map(
-			array(
-				\strstr( \get_locale(), '_', true ) => $this->get_content(),
-			)
-		);
-		$path = sprintf( 'users/%d/followers', intval( $wp_post->post_author ) );
-
-		$object->set_to(
-			array(
-				'https://www.w3.org/ns/activitystreams#Public',
-				get_rest_url_by_path( $path ),
-			)
-		);
-		$object->set_cc( $this->get_cc() );
-		$object->set_attachment( $this->get_attachments() );
-		$object->set_tag( $this->get_tags() );
-
-		return $object;
-	}
-
-	/**
-	 * Returns the User-URL of the Author of the Post.
-	 *
-	 * If `single_user` mode is enabled, the URL of the Blog-User is returned.
-	 *
-	 * @return string The User-URL.
-	 */
-	protected function get_attributed_to() {
-		if ( is_single_user() ) {
-			$user = new Blog_User();
-			return $user->get_url();
-		}
-
-		return Users::get_by_id( $this->wp_post->post_author )->get_url();
-	}
-
-	/**
-	 * Generates all Image Attachments for a Post.
-	 *
-	 * @return array The Image Attachments.
-	 */
-	protected function get_attachments() {
-		$max_images = intval( \apply_filters( 'activitypub_max_image_attachments', \get_option( 'activitypub_max_image_attachments', ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS ) ) );
-
-		$images = array();
-
-		// max images can't be negative or zero
-		if ( $max_images <= 0 ) {
-			return $images;
-		}
-
-		$id = $this->wp_post->ID;
-
-		$image_ids = array();
-
-		// list post thumbnail first if this post has one
-		if ( \function_exists( 'has_post_thumbnail' ) && \has_post_thumbnail( $id ) ) {
-			$image_ids[] = \get_post_thumbnail_id( $id );
-			--$max_images;
-		}
-
-		if ( $max_images > 0 ) {
-			// then list any image attachments
-			$query = new \WP_Query(
-				array(
-					'post_parent' => $id,
-					'post_status' => 'inherit',
-					'post_type' => 'attachment',
-					'post_mime_type' => 'image',
-					'order' => 'ASC',
-					'orderby' => 'menu_order ID',
-					'posts_per_page' => $max_images,
-				)
-			);
-			foreach ( $query->get_posts() as $attachment ) {
-				if ( ! \in_array( $attachment->ID, $image_ids, true ) ) {
-					$image_ids[] = $attachment->ID;
-				}
-			}
-		}
-
-		$image_ids = \array_unique( $image_ids );
-
-		// get URLs for each image
-		foreach ( $image_ids as $id ) {
-			$image_size = 'full';
-
-			/**
-			 * Filter the image URL returned for each post.
-			 *
-			 * @param array|false $thumbnail The image URL, or false if no image is available.
-			 * @param int         $id        The attachment ID.
-			 * @param string      $image_size The image size to retrieve. Set to 'full' by default.
-			 */
-			$thumbnail = apply_filters(
-				'activitypub_get_image',
-				$this->get_image( $id, $image_size ),
-				$id,
-				$image_size
-			);
-
-			if ( $thumbnail ) {
-				$mimetype = \get_post_mime_type( $id );
-				$alt      = \get_post_meta( $id, '_wp_attachment_image_alt', true );
-				$image    = array(
-					'type'      => 'Image',
-					'url'       => $thumbnail[0],
-					'mediaType' => $mimetype,
-				);
-
-				if ( $alt ) {
-					$image['name'] = $alt;
-				}
-				$images[] = $image;
-			}
-		}
-
-		return $images;
-	}
-
-	/**
-	 * Return details about an image attachment.
-	 *
-	 * @param int    $id         The attachment ID.
-	 * @param string $image_size The image size to retrieve. Set to 'full' by default.
-	 *
-	 * @return array|false Array of image data, or boolean false if no image is available.
-	 */
-	protected function get_image( $id, $image_size = 'full' ) {
-		/**
-		 * Hook into the image retrieval process. Before image retrieval.
-		 *
-		 * @param int    $id         The attachment ID.
-		 * @param string $image_size The image size to retrieve. Set to 'full' by default.
-		 */
-		do_action( 'activitypub_get_image_pre', $id, $image_size );
-
-		$thumbnail = \wp_get_attachment_image_src( $id, $image_size );
-
-		/**
-		 * Hook into the image retrieval process. After image retrieval.
-		 *
-		 * @param int    $id         The attachment ID.
-		 * @param string $image_size The image size to retrieve. Set to 'full' by default.
-		 */
-		do_action( 'activitypub_get_image_pre', $id, $image_size );
-
-		return $thumbnail;
+	public function get_label() {
+		return 'Built-In';
 	}
 
 	/**
@@ -293,7 +53,9 @@ class Post {
 			return \ucfirst( \get_option( 'activitypub_object_type', 'note' ) );
 		}
 
-		$post_type = \get_post_type( $this->wp_post );
+		// Default to Article.
+		$object_type = 'Article';
+		$post_type   = \get_post_type( $this->wp_post );
 		switch ( $post_type ) {
 			case 'post':
 				$post_format = \get_post_format( $this->wp_post );
@@ -323,7 +85,7 @@ class Post {
 				$object_type = 'Page';
 				break;
 			case 'attachment':
-				$mime_type = \get_post_mime_type();
+				$mime_type  = \get_post_mime_type();
 				$media_type = \preg_replace( '/(\/[a-zA-Z]+)/i', '', $mime_type );
 				switch ( $media_type ) {
 					case 'audio':
@@ -344,121 +106,4 @@ class Post {
 
 		return $object_type;
 	}
-
-	/**
-	 * Returns a list of Mentions, used in the Post.
-	 *
-	 * @see https://docs.joinmastodon.org/spec/activitypub/#Mention
-	 *
-	 * @return array The list of Mentions.
-	 */
-	protected function get_cc() {
-		$cc = array();
-
-		$mentions = $this->get_mentions();
-		if ( $mentions ) {
-			foreach ( $mentions as $url ) {
-				$cc[] = $url;
-			}
-		}
-
-		return $cc;
-	}
-
-	/**
-	 * Returns a list of Tags, used in the Post.
-	 *
-	 * This includes Hash-Tags and Mentions.
-	 *
-	 * @return array The list of Tags.
-	 */
-	protected function get_tags() {
-		$tags = array();
-
-		$post_tags = \get_the_tags( $this->wp_post->ID );
-		if ( $post_tags ) {
-			foreach ( $post_tags as $post_tag ) {
-				$tag = array(
-					'type' => 'Hashtag',
-					'href' => \esc_url( \get_tag_link( $post_tag->term_id ) ),
-					'name' => esc_hashtag( $post_tag->name ),
-				);
-				$tags[] = $tag;
-			}
-		}
-
-		$mentions = $this->get_mentions();
-		if ( $mentions ) {
-			foreach ( $mentions as $mention => $url ) {
-				$tag = array(
-					'type' => 'Mention',
-					'href' => \esc_url( $url ),
-					'name' => \esc_html( $mention ),
-				);
-				$tags[] = $tag;
-			}
-		}
-
-		return $tags;
-	}
-
-	/**
-	 * Returns the content for the ActivityPub Item.
-	 *
-	 * The content will be generated based on the user settings.
-	 *
-	 * @return string The content.
-	 */
-	protected function get_content() {
-		global $post;
-
-		// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
-		$post    = $this->wp_post;
-		$content = $this->get_post_content_template();
-
-		// Fill in the shortcodes.
-		setup_postdata( $post );
-		$content = do_shortcode( $content );
-		wp_reset_postdata();
-
-		$content = \wp_kses( $content, $this->allowed_tags );
-		$content = \wpautop( $content );
-		$content = \preg_replace( '/[\n\r\t]/', '', $content );
-		$content = \trim( $content );
-
-		$content = \apply_filters( 'activitypub_the_content', $content, $post );
-		$content = \html_entity_decode( $content, \ENT_QUOTES, 'UTF-8' );
-
-		return $content;
-	}
-
-	/**
-	 * Gets the template to use to generate the content of the activitypub item.
-	 *
-	 * @return string The Template.
-	 */
-	protected function get_post_content_template() {
-		if ( 'excerpt' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
-			return "[ap_excerpt]\n\n[ap_permalink type=\"html\"]";
-		}
-
-		if ( 'title' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
-			return "[ap_title]\n\n[ap_permalink type=\"html\"]";
-		}
-
-		if ( 'content' === \get_option( 'activitypub_post_content_type', 'content' ) ) {
-			return "[ap_content]\n\n[ap_hashtags]\n\n[ap_permalink type=\"html\"]";
-		}
-
-		return \get_option( 'activitypub_custom_post_content', ACTIVITYPUB_CUSTOM_POST_CONTENT );
-	}
-
-	/**
-	 * Helper function to get the @-Mentions from the post content.
-	 *
-	 * @return array The list of @-Mentions.
-	 */
-	protected function get_mentions() {
-		return apply_filters( 'activitypub_extract_mentions', array(), $this->wp_post->post_content, $this->wp_post );
-	}
 }

includes/transformer/class-transformers-manager.php

@@ -0,0 +1,292 @@
+<?php
+/**
+ * Inspired by the way elementor handles addons.
+ *
+ * @link https://github.com/elementor/elementor/
+ * @package Activitypub
+ */
+
+namespace Activitypub\Transformer;
+
+use WP_Post;
+use WP_Comment;
+
+use function Activitypub\camel_to_snake_case;
+use function Activitypub\snake_to_camel_case;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit; // Exit if accessed directly.
+}
+
+/**
+ * ActivityPub transformers manager.
+ *
+ * ActivityPub transformers manager handler class is responsible for registering and
+ * initializing all the supported WP-Pobject to ActivityPub transformers.
+ *
+ * @since version_number_transformer_management_placeholder
+ */
+class Transformers_Manager {
+	const DEFAULT_TRANSFORMER_MAPPING = array(
+		'post' => ACTIVITYPUB_DEFAULT_TRANSFORMER,
+		'page' => ACTIVITYPUB_DEFAULT_TRANSFORMER,
+	);
+
+	/**
+	 * Transformers.
+	 *
+	 * Holds the list of all the ActivityPub transformers. Default is `null`.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access private
+	 *
+	 * @var \ActivityPub\Transformer\Base[]
+	 */
+	private $transformers = null;
+
+	/**
+	 * Transformer_Manager instance.
+	 *
+	 * Holds the transformer instance.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access protected
+	 *
+	 * @var Transformer_Manager
+	 */
+	protected static $_instances = [];
+
+
+	/**
+	 * Instance.
+	 *
+	 * Ensures only one instance of the transformer manager class is loaded or can be loaded.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 * @static
+	 *
+	 * @return Transformer_Manager An instance of the class.
+	 */
+	public static function instance() {
+		$class_name = static::class_name();
+
+		if ( empty( static::$_instances[ $class_name ] ) ) {
+			static::$_instances[ $class_name ] = new static();
+		}
+
+		return static::$_instances[ $class_name ];
+	}
+
+	/**
+	 * Class name.
+	 *
+	 * Retrieve the name of the class.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 * @static
+	 */
+	public static function class_name() {
+		return get_called_class();
+	}
+
+	/**
+	 * Transformers manager constructor.
+	 *
+	 * Initializing ActivityPub transformers manager.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 */
+	public function __construct() {
+		$this->require_files();
+	}
+
+	/**
+	 * Require files.
+	 *
+	 * Require ActivityPub transformer base class.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access private
+	 */
+	private function require_files() {
+		require ACTIVITYPUB_PLUGIN_DIR . 'includes/transformer/class-base.php';
+	}
+
+	/**
+	 * Checks if a transformer is registered.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 *
+	 * @param string $name Transformer name including namespace.
+	 * @return bool True if the block type is registered, false otherwise.
+	 */
+	public function is_registered( $name ) {
+		return isset( $this->transformers[ $name ] );
+	}
+
+	/**
+	 * Register a transformer.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 *
+	 * @param \ActivityPub\Transformer\Base $transformer_instance ActivityPub Transformer.
+	 *
+	 * @return bool True if the ActivityPub transformer was registered.
+	 */
+	public function register( \ActivityPub\Transformer\Base $transformer_instance ) {
+
+		if ( ! $transformer_instance instanceof \ActivityPub\Transformer\Base ) {
+			_doing_it_wrong(
+				__METHOD__,
+				\esc_html__( 'ActivityPub transformer instance must be a of \ActivityPub\Transformer_Base class.' ),
+				'version_number_transformer_management_placeholder'
+			);
+			return false;
+		}
+
+		$transformer_name = $transformer_instance->get_name();
+		if ( preg_match( '/[A-Z]+/', $transformer_name ) ) {
+			_doing_it_wrong(
+				__METHOD__,
+				\esc_html__( 'ActivityPub transformer names must not contain uppercase characters.' ),
+				'version_number_transformer_management_placeholder'
+			);
+			return false;
+		}
+
+		$name_matcher = '/^[a-z0-9-]+\/[a-z0-9-]+$/';
+		if ( ! preg_match( $name_matcher, $transformer_name ) ) {
+			_doing_it_wrong(
+				__METHOD__,
+				\esc_html__( 'ActivityPub transformer names must contain a namespace prefix. Example: my-plugin/my-custom-transformer' ),
+				'version_number_transformer_management_placeholder'
+			);
+			return false;
+		}
+
+		if ( $this->is_registered( $transformer_name ) ) {
+			_doing_it_wrong(
+				__METHOD__,
+				/* translators: %s: Block name. */
+				sprintf( 'ActivityPub transformer with name "%s" is already registered.', esc_html( $transformer_name ) ),
+				'version_number_transformer_management_placeholder'
+			);
+			return false;
+		}
+
+		/**
+		 * Should the ActivityPub transformer be registered.
+		 *
+		 * @since version_number_transformer_management_placeholder
+		 *
+		 * @param bool $should_register Should the ActivityPub transformer be registered. Default is `true`.
+		 * @param \ActivityPub\Transformer\Base $transformer_instance Widget instance.
+		 */
+		// TODO: does not implementing this slow down the website? -> compare with gutenberg block registration.
+		// $should_register = apply_filters( 'activitypub/transformers/is_transformer_enabled', true, $transformer_instance );
+
+		// if ( ! $should_register ) {
+		//  return false;
+		// }
+
+		$this->transformers[ $transformer_name ] = $transformer_instance;
+
+		return true;
+	}
+
+	/**
+	 * Init transformers.
+	 *
+	 * Initialize ActivityPub transformer manager.
+	 * Include the builtin transformers by default and add third party ones.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access private
+	 */
+	private function init_transformers() {
+		$builtin_transformers = [
+			'post',
+		];
+
+		$this->transformers = [];
+
+		foreach ( $builtin_transformers as $transformer_name ) {
+			include ACTIVITYPUB_PLUGIN_DIR . 'includes/transformer/class-' . $transformer_name . '.php';
+
+			$class_name = ucfirst( $transformer_name );
+
+			$class_name = '\Activitypub\Transformer\\' . $class_name;
+
+			$this->register( new $class_name() );
+		}
+
+		/**
+		 * Let other transformers register.
+		 *
+		 * Fires after the built-in Activitypub transformers are registered.
+		 *
+		 * @since version_number_transformer_management_placeholder
+		 *
+		 * @param Transformers_Manager $this The widgets manager.
+		 */
+		do_action( 'activitypub_transformers_register', $this );
+	}
+
+	/**
+	 * Get available ActivityPub transformers.
+	 *
+	 * Retrieve the registered transformers list. If given a transformer name
+	 * it returns the given transformer if it is registered.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 *
+	 * @param string $transformer_name Optional. Transformer name. Default is null.
+	 *
+	 * @return Base|Base[]|null Registered transformers.
+	 */
+	public function get_transformers( $transformer_name = null ) {
+		if ( is_null( $this->transformers ) ) {
+			$this->init_transformers();
+		}
+
+		if ( null !== $transformer_name ) {
+			return isset( $this->transformers[ $transformer_name ] ) ? $this->transformers[ $transformer_name ] : null;
+		}
+
+		return $this->transformers;
+	}
+
+	/**
+	 * Get the mapped ActivityPub transformer.
+	 *
+	 * Returns a new instance of the needed WordPress to ActivityPub transformer.
+	 *
+	 * @since version_number_transformer_management_placeholder
+	 * @access public
+	 *
+	 * @param WP_Post|WP_Comment $object The WordPress Post/Comment.
+	 *
+	 * @return \ActivityPub\Transformer\Base|null Registered transformers.
+	 */
+	public function get_transformer( $object ) {
+		switch ( get_class( $object ) ) {
+			case 'WP_Post':
+				$post_type = get_post_type( $object );
+				$transformer_mapping = \get_option( 'activitypub_transformer_mapping', self::DEFAULT_TRANSFORMER_MAPPING );
+				$transformer_name = $transformer_mapping[ $post_type ];
+				$transformer_class = $this->get_transformers( $transformer_name );
+				$transformer_instance = new $transformer_class();
+				$transformer_instance->set_wp_post( $object );
+				return $transformer_instance;
+			case 'WP_Comment':
+				return new Comment( $object );
+			default:
+				return apply_filters( 'activitypub_transformer', null, $object, get_class( $object ) );
+		}
+	}
+}

integration/class-buddypress.php

@@ -1,7 +1,15 @@
 <?php
 namespace Activitypub\Integration;
 
+/**
+ * Compatibility with the BuddyPress plugin
+ *
+ * @see https://buddypress.org/
+ */
 class Buddypress {
+	/**
+	 * Initialize the class, registering WordPress hooks
+	 */
 	public static function init() {
 		\add_filter( 'activitypub_json_author_array', array( self::class, 'add_user_metadata' ), 11, 2 );
 	}

integration/class-nodeinfo.php

@@ -0,0 +1,64 @@
+<?php
+namespace Activitypub\Integration;
+
+use function Activitypub\get_total_users;
+use function Activitypub\get_active_users;
+
+/**
+ * Compatibility with the NodeInfo plugin
+ *
+ * @see https://wordpress.org/plugins/nodeinfo/
+ */
+class Nodeinfo {
+	/**
+	 * Initialize the class, registering WordPress hooks
+	 */
+	public static function init() {
+		\add_filter( 'nodeinfo_data', array( self::class, 'add_nodeinfo_discovery' ), 10, 2 );
+		\add_filter( 'nodeinfo2_data', array( self::class, 'add_nodeinfo2_discovery' ), 10 );
+	}
+
+	/**
+	 * Extend NodeInfo data
+	 *
+	 * @param array  $nodeinfo NodeInfo data
+	 * @param string           The NodeInfo Version
+	 *
+	 * @return array The extended array
+	 */
+	public static function add_nodeinfo_discovery( $nodeinfo, $version ) {
+		if ( $version >= '2.0' ) {
+			$nodeinfo['protocols'][] = 'activitypub';
+		} else {
+			$nodeinfo['protocols']['inbound'][]  = 'activitypub';
+			$nodeinfo['protocols']['outbound'][] = 'activitypub';
+		}
+
+		$nodeinfo['usage']['users'] = array(
+			'total'          => get_total_users(),
+			'activeMonth'    => get_active_users( '1 month ago' ),
+			'activeHalfyear' => get_active_users( '6 month ago' ),
+		);
+
+		return $nodeinfo;
+	}
+
+	/**
+	 * Extend NodeInfo2 data
+	 *
+	 * @param  array $nodeinfo NodeInfo2 data
+	 *
+	 * @return array The extended array
+	 */
+	public static function add_nodeinfo2_discovery( $nodeinfo ) {
+		$nodeinfo['protocols'][] = 'activitypub';
+
+		$nodeinfo['usage']['users'] = array(
+			'total'          => get_total_users(),
+			'activeMonth'    => get_active_users( '1 month ago' ),
+			'activeHalfyear' => get_active_users( '6 month ago' ),
+		);
+
+		return $nodeinfo;
+	}
+}

integration/class-webfinger.php

@@ -0,0 +1,62 @@
+<?php
+namespace Activitypub\Integration;
+
+use Activitypub\Rest\Webfinger as Webfinger_Rest;
+use Activitypub\Collection\Users as User_Collection;
+
+/**
+ * Compatibility with the WebFinger plugin
+ *
+ * @see https://wordpress.org/plugins/webfinger/
+ */
+class Webfinger {
+	/**
+	 * Initialize the class, registering WordPress hooks
+	 */
+	public static function init() {
+		\add_filter( 'webfinger_user_data', array( self::class, 'add_user_discovery' ), 10, 3 );
+		\add_filter( 'webfinger_data', array( self::class, 'add_pseudo_user_discovery' ), 99, 2 );
+	}
+
+	/**
+	 * Add WebFinger discovery links
+	 *
+	 * @param array   $array    the jrd array
+	 * @param string  $resource the WebFinger resource
+	 * @param WP_User $user     the WordPress user
+	 *
+	 * @return array the jrd array
+	 */
+	public static function add_user_discovery( $array, $resource, $user ) {
+		$user = User_Collection::get_by_id( $user->ID );
+
+		if ( ! $user || is_wp_error( $user ) ) {
+			return $array;
+		}
+
+		$array['links'][] = array(
+			'rel'  => 'self',
+			'type' => 'application/activity+json',
+			'href' => $user->get_url(),
+		);
+
+		return $array;
+	}
+
+	/**
+	 * Add WebFinger discovery links
+	 *
+	 * @param array   $array    the jrd array
+	 * @param string  $resource the WebFinger resource
+	 * @param WP_User $user     the WordPress user
+	 *
+	 * @return array the jrd array
+	 */
+	public static function add_pseudo_user_discovery( $array, $resource ) {
+		if ( $array ) {
+			return $array;
+		}
+
+		return Webfinger_Rest::get_profile( $resource );
+	}
+}

readme.txt

@@ -1,9 +1,9 @@
 === ActivityPub ===
-Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena
+Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena, cavalierlife
 Tags: OStatus, fediverse, activitypub, activitystream
 Requires at least: 4.7
-Tested up to: 6.3
-Stable tag: 1.0.0
+Tested up to: 6.4
+Stable tag: 1.2.0
 Requires PHP: 5.6
 License: MIT
 License URI: http://opensource.org/licenses/MIT
@@ -36,7 +36,7 @@ The plugin works with the following tested federated platforms, but there may be
 Some things to note:
 
 1. The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.
-1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will duplicate content issues with search engines and will enable ActivityPub author profiles to work.
+1. Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will still resolve duplicate content issues with search engines and will enable ActivityPub author profiles to work.
 1. Once ActivityPub is installed, *only new posts going forward* will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site, will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.
 
 So what’s the process?
@@ -86,7 +86,7 @@ In order for webfinger to work, it must be mapped to the root directory of the U
 
 Add the following to the .htaccess file in the root directory:
 
-	RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" "\/blog\/\.well-known$1$2"
+	RedirectMatch "^\/\.well-known/(webfinger|nodeinfo|x-nodeinfo2)(.*)$" /blog/.well-known/$1$2
 
 Where 'blog' is the path to the subdirectory at which your blog resides.
 
@@ -105,6 +105,97 @@ Where 'blog' is the path to the subdirectory at which your blog resides.
 
 Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub).
 
+= 1.2.0 =
+
+* Add: Search and order followerer lists
+* Add: Have a filter to defer signature verification
+* Improved: "Follow Me" styles for dark themes
+* Improved: Allow `p` and `br` tags only for AP comments
+* Fixed: Deduplicate attachments earlier to prevent incorrect max_media
+
+
+= 1.1.0 =
+
+* Improved: audio and video attachments are now supported!
+* Improved: better error messages if remote profile is not accessible
+* Improved: PHP 8.1 compatibility
+* Fixed: don't try to parse mentions or hashtags for very large (>1MB) posts to prevent timeouts
+* Fixed: better handling of ISO-639-1 locale codes
+* Improved: more reliable [ap_author], props @uk3
+* Improved: NodeInfo statistics
+
+= 1.0.10 =
+
+* Improved: better error messages if remote profile is not accessible
+
+= 1.0.9 =
+
+* Fixed: broken following endpoint
+
+= 1.0.8 =
+
+* Fixed: blocking of HEAD requests
+* Fixed: PHP fatal error
+* Fixed: several typos
+* Fixed: error codes
+* Improved: loading of shortcodes
+* Updated: caching of followers
+* Updated: Application-User is no longer "indexable"
+* Updated: more consistent usage of the `application/activity+json` Content-Type
+* Removed: featured tags endpoint
+
+= 1.0.7 =
+
+* Fixed: broken function call
+* Add: filter to hook into "is blog public" check
+
+= 1.0.6 =
+
+* Fixed: more restrictive request verification
+
+= 1.0.5 =
+
+* Fixed: compatibility with WebFinger and NodeInfo plugin
+
+= 1.0.4 =
+
+* Fixed: Constants were not loaded early enough, resulting in a race condition
+* Fixed: Featured image was ignored when using the block editor
+
+= 1.0.3 =
+
+* Fixed: compatibility with older WordPress/PHP versions
+* Update: refactoring of the Plugin init process
+* Update: better frontend UX and improved theme compat for blocks
+* Compatibility: add a ACTIVITYPUB_DISABLE_REWRITES constant
+* Compatibility: add pre-fetch hook to allow plugins to hang filters on
+
+= 1.0.2 =
+
+* Updated: improved hashtag visibility in default template
+* Updated: reduced number of followers to be checked/updated via Cron, when System Cron is not set up
+* Updated: check if username of Blog-User collides with an Authors name
+* Compatibility: improved Group meta informations
+* Fixed: detection of single user mode
+* Fixed: remote delete
+* Fixed: styles in Follow-Me block
+* Fixed: various encoding and formatting issues
+* Fixed: (health) check Author URLs only if Authors are enabled
+
+= 1.0.1 =
+
+* Update: improve image attachment detection using the block editor
+* Update: better error code handling for API responses
+* Update: use a tag stack instead of regex for protecting tags for Hashtags and @-Mentions
+* Compatibility: better signature support for subpath-installations
+* Compatibility: allow deactivating blocks registered by the plugin
+* Compatibility: avoid Fatal Errors when using ClassicPress
+* Compatibility: improve the Group-Actor to play nicely with existing implementations
+* Fixed: truncate long blog titles and handles for the "Follow me" block
+* Fixed: ensure that only a valid user can be selected for the "Follow me" block
+* Fixed: fix a typo in a hook name
+* Fixed: a problem with signatures when running WordPress in a sub-path
+
 = 1.0.0 =
 
 * Add: blog-wide Account (catchall, like `example.com@example.com`)
@@ -113,6 +204,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu
 * Add: a Followers Block (show off your Followers)
 * Add: Simple caching
 * Add: Collection endpoints for Featured Tags and Featured Posts
+* Add: Better handling of Hashtags in mobile apps
 * Update: Complete rewrite of the Follower-System based on Custom Post Types
 * Update: Improved linter (PHPCS)
 * Compatibility: Add a new conditional, `\Activitypub\is_activitypub_request()`, to allow third-party plugins to detect ActivityPub requests

src/follow-me/block.json

@@ -24,6 +24,12 @@
 			"width": true,
 			"color": true,
 			"style": true
+		},
+		"typography": {
+			"fontSize": true,
+			"__experimentalDefaultControls": {
+				"fontSize": true
+			}
 		}
 	},
 	"attributes": {

src/follow-me/edit.js

@@ -3,23 +3,40 @@ import { __ } from '@wordpress/i18n';
 import { SelectControl, PanelBody } from '@wordpress/components';
 import { useUserOptions } from '../shared/use-user-options';
 import FollowMe from './follow-me';
+import { useEffect } from '@wordpress/element';
 
 export default function Edit( { attributes, setAttributes } ) {
-	const blockProps = useBlockProps();
+	const blockProps = useBlockProps( {
+		className: 'activitypub-follow-me-block-wrapper',
+	} );
 	const usersOptions = useUserOptions();
+	const { selectedUser } = attributes;
+
+	useEffect( () => {
+		// if there are no users yet, do nothing
+		if ( ! usersOptions.length ) {
+			return;
+		}
+		// ensure that the selected user is in the list of options, if not, select the first available user
+		if ( ! usersOptions.find( ( { value } ) => value === selectedUser ) ) {
+			setAttributes( { selectedUser: usersOptions[ 0 ].value } );
+		}
+	}, [ selectedUser, usersOptions ] );
 
 	return (
 		<div { ...blockProps }>
-			<InspectorControls key="setting">
-				<PanelBody title={ __( 'Followers Options', 'activitypub' ) }>
-					<SelectControl
-						label= { __( 'Select User', 'activitypub' ) }
-						value={ attributes.selectedUser }
-						options={ usersOptions }
-						onChange={ ( value ) => setAttributes( { selectedUser: value } ) }
-					/>
-				</PanelBody>
-			</InspectorControls>
+			{ usersOptions.length > 1 && (
+				<InspectorControls key="setting">
+					<PanelBody title={ __( 'Followers Options', 'activitypub' ) }>
+						<SelectControl
+							label= { __( 'Select User', 'activitypub' ) }
+							value={ attributes.selectedUser }
+							options={ usersOptions }
+							onChange={ ( value ) => setAttributes( { selectedUser: value } ) }
+						/>
+					</PanelBody>
+				</InspectorControls>
+			) }
 			<FollowMe { ...attributes } id={ blockProps.id } />
 		</div>
 	);

src/follow-me/follow-me.js

@@ -40,7 +40,7 @@ function Profile( { profile, popupStyles, userId } ) {
 			<img className="activitypub-profile__avatar" src={ avatar } />
 			<div className="activitypub-profile__content">
 				<div className="activitypub-profile__name">{ name }</div>
-				<div className="activitypub-profile__handle">{ resource }</div>
+				<div className="activitypub-profile__handle" title={ resource }>{ resource }</div>
 			</div>
 			<Follow profile={ profile } popupStyles={ popupStyles } userId={ userId } />
 		</div>
@@ -157,7 +157,7 @@ function Dialog( { profile, userId } ) {
 	);
 }
 
-export default function FollowMe( { selectedUser, style, backgroundColor, id, useId = false } ) {
+export default function FollowMe( { selectedUser, style, backgroundColor, id, useId = false, profileData = false } ) {
 	const [ profile, setProfile ] = useState( getNormalizedProfile() );
 	const userId = selectedUser === 'site' ? 0 : selectedUser;
 	const popupStyles = getPopupStyles( style );
@@ -166,8 +166,11 @@ export default function FollowMe( { selectedUser, style, backgroundColor, id, us
 		setProfile( getNormalizedProfile( profile ) );
 	}
 	useEffect( () => {
+		if ( profileData ) {
+			return setProfileData( profileData );
+		}
 		fetchProfile( userId ).then( setProfileData );
-	}, [ userId ] );
+	}, [ userId, profileData ] );
 
 	return(
 		<div { ...wrapperProps }>

src/follow-me/style.scss

@@ -1,8 +1,20 @@
-.editor-styles-wrapper, .activitypub-follow-me-block-wrapper {
+.activitypub-follow-me-block-wrapper {
+	width: 100%;
+
+	// extra side padding for border/background colors
+	&.has-border-color, &.has-background {
+		.activitypub-profile {
+			padding-left: 1rem;
+			padding-right: 1rem;
+		}
+	}
+
 	.activitypub-profile {
+
 		display: flex;
-		align-items: self-start;
-		padding: 1rem;
+		align-items: center;
+		// right/left padding overridden above for border/background colors
+		padding: 1rem 0;
 
 		.activitypub-profile__avatar {
 			height: 75px;
@@ -10,13 +22,22 @@
 			margin-right: 1rem;
 			border-radius: 50%;
 		}
-		.activitypub-profile__name {
+		.activitypub-profile__content {
+			flex: 1;
+			min-width: 0;
+		}
+		.activitypub-profile__name, .activitypub-profile__handle {
 			margin: 0;
-			line-height: 1;
-			font-size: var( --wp--preset--font-size--large );
+			line-height: 1.2;
+			white-space: nowrap;
+			overflow: hidden;
+			text-overflow: ellipsis;
+		}
+		.activitypub-profile__name {
+			font-size: 1.25em;
 		}
 		.activitypub-profile__follow {
-			margin-left: auto;
+			margin-left: 1rem;
 			align-self: center;
 			background-color: var(--wp--preset--color--black);
 			color: var(--wp--preset--color--white);
@@ -24,6 +45,18 @@
 	}
 }
 
+.activitypub-profile__confirm.components-modal__frame {
+	// @todo: play more nicely with dark background themes. the dialog is hardcoded to white bg in core, we go #eee here.
+	color: #333;
+	background-color: #f7f7f7;
+	.components-modal__header-heading, h4 {
+		color: #333;
+		// resets against potential theme weirdness
+		letter-spacing: inherit;
+		word-spacing: inherit;
+	}
+}
+
 .activitypub-follow-me__dialog {
 	max-width: 30em;
 	h4 {
@@ -40,6 +73,7 @@
 	.apfmd__button-group {
 		display: flex;
 		justify-content: flex-end;
+		align-items: flex-end;
 
 		svg {
 			margin-right: .5em;
@@ -49,10 +83,11 @@
 
 		input {
 			flex: 1;
-			padding: {
-				left: 1em;
-				right: 1em;
-			}
+			padding: 6px 12px;
+			background-color: var( --wp--preset--color--white );
+			color: var( --wp--preset--color--black );
+			border: 1px solid var( --wp--preset--color--black );
 		}
+
 	}
 }

src/followers/edit.js

@@ -1,5 +1,5 @@
 import { SelectControl, RangeControl, PanelBody, TextControl } from '@wordpress/components';
-import { useState } from '@wordpress/element';
+import { useState, useEffect } from '@wordpress/element';
 import { InspectorControls, useBlockProps } from '@wordpress/block-editor';
 import { __ } from '@wordpress/i18n';
 import { Followers } from './followers';
@@ -21,6 +21,17 @@ export default function Edit( { attributes, setAttributes } ) {
 		};
 	}
 
+	useEffect( () => {
+		// if there are no users yet, do nothing
+		if ( ! usersOptions.length ) {
+			return;
+		}
+		// ensure that the selected user is in the list of options, if not, select the first available user
+		if ( ! usersOptions.find( ( { value } ) => value === selectedUser ) ) {
+			setAttributes( { selectedUser: usersOptions[ 0 ].value } );
+		}
+	}, [ selectedUser, usersOptions ] );
+
 	return (
 		<div { ...blockProps }>
 			<InspectorControls key="setting">
@@ -31,12 +42,14 @@ export default function Edit( { attributes, setAttributes } ) {
 						value={ title }
 						onChange={ value => setAttributes( { title: value } ) }
 					/>
-					<SelectControl
-						label= { __( 'Select User', 'activitypub' ) }
-						value={ selectedUser }
-						options={ usersOptions }
-						onChange={ setAttributestAndResetPage( 'selectedUser' ) }
-					/>
+					{ usersOptions.length > 1 && (
+						<SelectControl
+							label= { __( 'Select User', 'activitypub' ) }
+							value={ selectedUser }
+							options={ usersOptions }
+							onChange={ setAttributestAndResetPage( 'selectedUser' ) }
+						/>
+					) }
 					<SelectControl
 						label={ __( 'Sort', 'activitypub' ) }
 						value={ order }

src/followers/followers.js

@@ -32,7 +32,8 @@ export function Followers( {
 	page: passedPage,
 	setPage: passedSetPage,
 	className = '',
-	followLinks = true
+	followLinks = true,
+	followerData = false
 } ) {
 	const userId = selectedUser === 'site' ? 0 : selectedUser;
 	const [ followers, setFollowers ] = useState( [] );
@@ -56,16 +57,22 @@ export function Followers( {
 		}
 	);
 
+	const setData = ( followers, total ) => {
+		setFollowers( followers );
+		setTotal( total );
+		setPages( Math.ceil( total / per_page ) );
+	}
+
 	useEffect( () => {
+		if ( followerData && page === 1 ) {
+			return setData( followerData.followers, followerData.total );
+		}
+
 		const path = getPath( userId, per_page, order, page );
 		apiFetch( { path } )
-			.then( ( data ) => {
-				setPages( Math.ceil( data.totalItems / per_page ) );
-				setTotal( data.totalItems );
-				setFollowers( data.orderedItems );
-			} )
+			.then( ( data ) => setData( data.orderedItems, data.totalItems ) )
 			.catch( () => {} );
-	}, [ userId, per_page, order, page ] );
+	}, [ userId, per_page, order, page, followerData ] );
 	return (
 		<div className={ "activitypub-follower-block " + className }>
 			<h3>{ title }</h3>

src/shared/use-user-options.js

@@ -16,7 +16,7 @@ export function useUserOptions() {
 		return users.reduce( ( acc, user ) => {
 			acc.push({
 				label: user.name,
-				value: user.id
+				value: `${ user.id }` // casting to string because that's how the attribute is stored by Gutenberg
 			} );
 			return acc;
 		}, withBlogUser );

templates/blog-user-followers-list.php

@@ -21,8 +21,8 @@ $followers_template = _n( 'Your blog profile currently has %s follower.', 'Your
 		<input type="hidden" name="tab" value="followers" />
 		<?php
 		$table->prepare_items();
+		$table->search_box( 'Search', 'search' );
 		$table->display();
 		?>
-		<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
 		</form>
 </div>

templates/post-json.php

@@ -2,8 +2,9 @@
 // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
 $post = \get_post();
 
-$object = new \Activitypub\Transformer\Post( $post );
-$json = \array_merge( array( '@context' => \Activitypub\get_context() ), $object->to_object()->to_array() );
+$transformer = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( $post );
+
+$json = \array_merge( array( '@context' => \Activitypub\get_context() ), $transformer->to_object()->to_array() );
 
 // filter output
 $json = \apply_filters( 'activitypub_json_post_array', $json );

templates/settings.php

@@ -55,6 +55,11 @@
 							<p class="description">
 								<?php \esc_html_e( 'This profile name will federate all posts written on your blog, regardless of the author who posted it.', 'activitypub' ); ?>
 							</p>
+							<p>
+								<strong>
+									<?php \esc_html_e( 'Please avoid using an existing author’s name as the blog profile ID. Fediverse platforms might use caching and this could break the functionality completely.', 'activitypub' ); ?>
+								</strong>
+							</p>
 						</td>
 					</tr>
 				</tbody>
@@ -133,7 +138,7 @@
 					</tr>
 					<tr>
 						<th scope="row">
-							<?php \esc_html_e( 'Number of images', 'activitypub' ); ?>
+							<?php \esc_html_e( 'Media attachments', 'activitypub' ); ?>
 						</th>
 						<td>
 							<input value="<?php echo esc_attr( \get_option( 'activitypub_max_image_attachments', ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS ) ); ?>" name="activitypub_max_image_attachments" id="activitypub_max_image_attachments" type="number" min="0" />
@@ -142,13 +147,20 @@
 								echo \wp_kses(
 									\sprintf(
 										// translators:
-										\__( 'The number of images to attach to posts. Default: <code>%s</code>', 'activitypub' ),
+										\__( 'The number of media (images, audio, video) to attach to posts. Default: <code>%s</code>', 'activitypub' ),
 										\esc_html( ACTIVITYPUB_MAX_IMAGE_ATTACHMENTS )
 									),
 									'default'
 								);
 								?>
 							</p>
+							<p class="description">
+								<em>
+									<?php
+										esc_html_e( 'Note: audio and video attachments are only supported from Block Editor.', 'activitypub' );
+									?>
+								</em>
+							</p>
 						</td>
 					</tr>
 					<tr>
@@ -189,26 +201,6 @@
 							</p>
 						</td>
 					</tr>
-					<tr>
-						<th scope="row"><?php \esc_html_e( 'Supported post types', 'activitypub' ); ?></th>
-						<td>
-							<fieldset>
-								<?php \esc_html_e( 'Enable ActivityPub support for the following post types:', 'activitypub' ); ?>
-
-								<?php $post_types = \get_post_types( array( 'public' => true ), 'objects' ); ?>
-								<?php $support_post_types = \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) ) ? \get_option( 'activitypub_support_post_types', array( 'post', 'page' ) ) : array(); ?>
-								<ul>
-								<?php // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited ?>
-								<?php foreach ( $post_types as $post_type ) { ?>
-									<li>
-										<input type="checkbox" id="activitypub_support_post_type_<?php echo \esc_attr( $post_type->name ); ?>" name="activitypub_support_post_types[]" value="<?php echo \esc_attr( $post_type->name ); ?>" <?php echo \checked( \in_array( $post_type->name, $support_post_types, true ) ); ?> />
-										<label for="activitypub_support_post_type_<?php echo \esc_attr( $post_type->name ); ?>"><?php echo \esc_html( $post_type->label ); ?></label>
-									</li>
-								<?php } ?>
-								</ul>
-							</fieldset>
-						</td>
-					</tr>
 					<tr>
 						<th scope="row">
 							<?php \esc_html_e( 'Hashtags (beta)', 'activitypub' ); ?>
@@ -225,6 +217,93 @@
 			<?php \do_settings_fields( 'activitypub', 'activity' ); ?>
 		</div>
 
+		<!-- OUR FORK HERE -->
+		<div class="box">
+		<h3><?php \esc_html_e( 'Enable ActivityPub support for post type', 'activitypub' ); ?></h3>
+
+		<table class="form-table">
+				<tbody>
+					<tr>
+						<th scope="row">
+							<?php \esc_html_e( 'Mapping', 'activitypub' ); ?>
+						</th>
+						<td>
+						<?php \esc_html_e( 'Enable ActivityPub support for a certain post type by selecting one of the available ActivityPub transformers.', 'activitypub' ); ?>
+
+				<?php $all_public_post_types = \get_post_types( array( 'public' => true ), 'objects' );
+				$transformer_mapping =  \get_option( 'activitypub_transformer_mapping', array( 'default' => 'note' ) );
+
+				$all_public_post_type_names = array_map(function ($object) {
+					return $object->name;
+				}, $all_public_post_types);
+
+				$transformer_manager = \Activitypub\Transformer\Transformers_Manager::instance();
+				$transformers = $transformer_manager->get_transformers();
+
+				?>
+
+
+				<script>
+					// TODO Probably we should use checkboxes and not select and make this less buggy and insert the js at the right place.
+					document.addEventListener('DOMContentLoaded', function () {
+						var radioGroups = {};
+
+						var radioButtons = document.querySelectorAll('input[type="radio"]');
+
+						radioButtons.forEach(function (radioButton) {
+							radioButton.addEventListener('click', function () {
+								var name = this.name;
+
+								if (!radioGroups[name]) {
+									radioGroups[name] = this;
+								} else {
+									radioGroups[name].checked = false;
+									radioGroups[name] = this;
+								}
+							});
+						});
+					});
+				</script>
+
+				<table>
+					<thead>
+					<tr>
+						<th></th>
+						<?php
+						// Generate column headers based on transformer objects
+						foreach ($transformers as $transformer) {
+							echo '<th>' . htmlspecialchars($transformer->get_label()) . '</th>';
+						}
+						?>
+					</tr>
+					</thead>
+					<tbody>
+					<?php
+					// Generate rows based on post types and transformers
+					foreach ($all_public_post_types as $post_type) {
+						echo '<tr>';
+						echo '<td><strong>' . htmlspecialchars($post_type->label) . '</strong></td>';
+						// Generate radio inputs for each transformer, considering support for the post type
+						foreach ($transformers as $transformer) {
+							$disabled_attribute = $transformer->supports_post_type( $post_type->name ) ? '' : ' disabled';
+							$is_selected = ( is_array( $transformer_mapping ) && isset( $transformer_mapping[ $post_type->name ] ) && $transformer_mapping[ $post_type->name ] === $transformer->get_name() ) ? ' checked ' : '';
+							echo '<td><input type="radio" name="activitypub_transformer_mapping[' . $post_type->name . ']" value="' . $transformer->get_name() . '"' . $is_selected . $disabled_attribute . '></td>';
+						}
+
+						echo '</tr>';
+					}
+					?>
+					</tbody>
+				</table>
+
+
+				</td>
+			</tr>
+				</tbody>
+				</table>
+		</div>
+		<!-- OUR FORK ENDS HERE -->
+
 		<div class="box">
 			<h3><?php \esc_html_e( 'Server', 'activitypub' ); ?></h3>
 			<table class="form-table">

templates/user-followers-list.php

@@ -14,8 +14,8 @@ $followers_template = _n( 'Your author profile currently has %s follower.', 'You
 		<input type="hidden" name="page" value="activitypub-followers-list" />
 		<?php
 		$table->prepare_items();
+		$table->search_box( 'Search', 'search' );
 		$table->display();
 		?>
-		<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
 		</form>
 </div>

tests/test-class-activitypub-activity.php

@@ -17,7 +17,8 @@ class Test_Activitypub_Activity extends WP_UnitTestCase {
 			10
 		);
 
-		$activitypub_post = \Activitypub\Transformer\Post::transform( get_post( $post ) )->to_object();
+		$wp_post = get_post( $post );
+		$activitypub_post = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( $post )->to_object();
 
 		$activitypub_activity = new \Activitypub\Activity\Activity();
 		$activitypub_activity->set_type( 'Create' );

tests/test-class-activitypub-hashtag.php

@@ -41,8 +41,9 @@ ENDPRE;
 			array( 'hallo <a href="http://test.test/#object">#test</a> test', 'hallo <a href="http://test.test/#object">#test</a> test' ),
 			array( '<div>hallo #object test</div>', '<div>hallo <a rel="tag" class="hashtag u-tag u-category" href="%s">#object</a> test</div>' ),
 			array( '<div>hallo #object</div>', '<div>hallo <a rel="tag" class="hashtag u-tag u-category" href="%s">#object</a></div>' ),
-			array( '<div>#object</div>', '<div>#object</div>' ),
+			array( '<div>#object</div>', '<div><a rel="tag" class="hashtag u-tag u-category" href="%s">#object</a></div>' ),
 			array( '<a>#object</a>', '<a>#object</a>' ),
+			array( '<!-- #object -->', '<!-- #object -->' ),
 			array( '<div style="color: #ccc;">object</a>', '<div style="color: #ccc;">object</a>' ),
 			array( $code, $code ),
 			array( $style, $style ),

tests/test-class-activitypub-mention.php

@@ -33,6 +33,7 @@ ENDPRE;
 			array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test' ),
 			array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test' ),
 			array( 'hallo <img src="abc" alt="https://notiz.blog/@pfefferle/" title="@pfefferle@notiz.blog"/> test', 'hallo <img src="abc" alt="https://notiz.blog/@pfefferle/" title="@pfefferle@notiz.blog"/> test' ),
+			array( '<!-- @pfefferle@notiz.blog -->', '<!-- @pfefferle@notiz.blog -->' ),
 			array( $code, $code ),
 			array( $pre, $pre ),
 		);

tests/test-class-activitypub-post.php

@@ -10,14 +10,18 @@ class Test_Activitypub_Post extends WP_UnitTestCase {
 
 		$permalink = \get_permalink( $post );
 
-		$activitypub_post = \Activitypub\Transformer\Post::transform( get_post( $post ) )->to_object();
+		$activitypub_post = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( get_post( $post ) )->to_object();
 
 		$this->assertEquals( $permalink, $activitypub_post->get_id() );
 
 		\wp_trash_post( $post );
 
-		$activitypub_post = \Activitypub\Transformer\Post::transform( get_post( $post ) )->to_object();
+		$activitypub_post = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( get_post( $post ) )->to_object();
 
 		$this->assertEquals( $permalink, $activitypub_post->get_id() );
+
+		$cached = \get_post_meta( $post, 'activitypub_canonical_url', true );
+
+		$this->assertEquals( $cached, $activitypub_post->get_id() );
 	}
 }

tests/test-class-activitypub-rest-post-signature-verification.php

@@ -10,7 +10,7 @@ class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {
 			)
 		);
 		$remote_actor = \get_author_posts_url( 2 );
-		$activitypub_post = \Activitypub\Transformer\Post::transform( get_post( $post ) )->to_object();
+		$activitypub_post = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( get_post( $post ) )->to_object();
 		$activitypub_activity = new Activitypub\Activity\Activity( 'Create' );
 		$activitypub_activity->set_type( 'Create' );
 		$activitypub_activity->set_object( $activitypub_post );
@@ -45,7 +45,7 @@ class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {
 
 		$user = Activitypub\Collection\Users::get_by_id( 1 );
 
-		$public_key = $user->get__public_key();
+		$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );
 
 		// signature_verification
 		$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, 'rsa-sha256' ) > 0;
@@ -57,7 +57,7 @@ class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {
 			'pre_get_remote_metadata_by_actor',
 			function( $json, $actor ) {
 				$user = Activitypub\Collection\Users::get_by_id( 1 );
-				$public_key = $user->get__public_key();
+				$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );
 				// return ActivityPub Profile with signature
 				return array(
 					'id' => $actor,
@@ -82,7 +82,7 @@ class Test_Activitypub_Signature_Verification extends WP_UnitTestCase {
 		);
 		$remote_actor = \get_author_posts_url( 2 );
 		$remote_actor_inbox = Activitypub\get_rest_url_by_path( '/inbox' );
-		$activitypub_post = \Activitypub\Transformer\Post::transform( \get_post( $post ) )->to_object();
+		$activitypub_post = \Activitypub\Transformer\Transformers_Manager::instance()->get_transformer( get_post( $post )  )->to_object();
 		$activitypub_activity = new Activitypub\Activity\Activity();
 		$activitypub_activity->set_type( 'Create' );
 		$activitypub_activity->set_object( $activitypub_post );

tests/test-class-activitypub-shortcodes.php

@@ -1,6 +1,10 @@
 <?php
+use Activitypub\Shortcodes;
+
 class Test_Activitypub_Shortcodes extends WP_UnitTestCase {
+
 	public function test_content() {
+		Shortcodes::register();
 		global $post;
 
 		$post_id = -99; // negative ID, to avoid clash with a valid post
@@ -26,9 +30,11 @@ class Test_Activitypub_Shortcodes extends WP_UnitTestCase {
 		wp_reset_postdata();
 
 		$this->assertEquals( '<p>hallo</p>', $content );
+		Shortcodes::unregister();
 	}
 
 	public function test_password_protected_content() {
+		Shortcodes::register();
 		global $post;
 
 		$post_id = -98; // negative ID, to avoid clash with a valid post
@@ -54,5 +60,6 @@ class Test_Activitypub_Shortcodes extends WP_UnitTestCase {
 		wp_reset_postdata();
 
 		$this->assertEquals( '', $content );
+		Shortcodes::unregister();
 	}
 }

tests/test-class-activitypub-signature.php

@@ -0,0 +1,110 @@
+<?php
+
+class Test_Activitypub_Signature extends WP_UnitTestCase {
+	public function test_signature_creation() {
+		$user = Activitypub\Collection\Users::get_by_id( 1 );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+		$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );
+		$private_key = Activitypub\Signature::get_private_key_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+	}
+
+	public function test_signature_legacy() {
+		// check user
+		$user = Activitypub\Collection\Users::get_by_id( 1 );
+
+		$public_key = 'public key ' . $user->get__id();
+		$private_key = 'private key ' . $user->get__id();
+
+		update_user_meta( $user->get__id(), 'magic_sig_public_key', $public_key );
+		update_user_meta( $user->get__id(), 'magic_sig_private_key', $private_key );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+
+		// check application user
+		$user = Activitypub\Collection\Users::get_by_id( -1 );
+
+		$public_key = 'public key ' . $user->get__id();
+		$private_key = 'private key ' . $user->get__id();
+
+		add_option( 'activitypub_application_user_public_key', $public_key );
+		add_option( 'activitypub_application_user_private_key', $private_key );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+
+		// check blog user
+		\define( 'ACTIVITYPUB_DISABLE_BLOG_USER', false );
+		$user = Activitypub\Collection\Users::get_by_id( 0 );
+
+		$public_key = 'public key ' . $user->get__id();
+		$private_key = 'private key ' . $user->get__id();
+
+		add_option( 'activitypub_blog_user_public_key', $public_key );
+		add_option( 'activitypub_blog_user_private_key', $private_key );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+	}
+
+	public function test_signature_consistancy() {
+		// check user
+		$user = Activitypub\Collection\Users::get_by_id( 1 );
+
+		$public_key = 'public key ' . $user->get__id();
+		$private_key = 'private key ' . $user->get__id();
+
+		update_user_meta( $user->get__id(), 'magic_sig_public_key', $public_key );
+		update_user_meta( $user->get__id(), 'magic_sig_private_key', $private_key );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+
+		update_user_meta( $user->get__id(), 'magic_sig_public_key', $public_key . '-update' );
+		update_user_meta( $user->get__id(), 'magic_sig_private_key', $private_key . '-update' );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+	}
+
+	public function test_signature_consistancy2() {
+		$user = Activitypub\Collection\Users::get_by_id( 1 );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+		$public_key = Activitypub\Signature::get_public_key_for( $user->get__id() );
+		$private_key = Activitypub\Signature::get_private_key_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+
+		update_user_meta( $user->get__id(), 'magic_sig_public_key', 'test' );
+		update_user_meta( $user->get__id(), 'magic_sig_private_key', 'test' );
+
+		$key_pair = Activitypub\Signature::get_keypair_for( $user->get__id() );
+
+		$this->assertNotEmpty( $key_pair );
+		$this->assertEquals( $key_pair['public_key'], $public_key );
+		$this->assertEquals( $key_pair['private_key'], $private_key );
+	}
+}

tests/test-class-db-activitypub-followers.php

@@ -43,6 +43,11 @@ class Test_Db_Activitypub_Followers extends WP_UnitTestCase {
 			'name'  => 'úser2',
 			'preferredUsername'  => 'user2',
 		),
+		'error@example.com' => array(
+			'url' => 'https://error.example.com',
+			'name'  => 'error',
+			'preferredUsername'  => 'error',
+		),
 	);
 
 	public function set_up() {
@@ -97,6 +102,27 @@ class Test_Db_Activitypub_Followers extends WP_UnitTestCase {
 		$this->assertContains( $follower2, $db_followers2 );
 	}
 
+	public function test_add_follower_error() {
+		$pre_http_request = new MockAction();
+		add_filter( 'pre_http_request', array( $pre_http_request, 'filter' ), 10, 3 );
+
+		$follower = 'error@example.com';
+
+		$result = \Activitypub\Collection\Followers::add_follower( 1, $follower );
+
+		$this->assertTrue( is_wp_error( $result ) );
+
+		$follower2 = 'https://error.example.com';
+
+		$result = \Activitypub\Collection\Followers::add_follower( 1, $follower2 );
+
+		$this->assertTrue( is_wp_error( $result ) );
+
+		$db_followers = \Activitypub\Collection\Followers::get_followers( 1 );
+
+		$this->assertEmpty( $db_followers );
+	}
+
 	public function test_get_follower() {
 		$followers = array( 'https://example.com/author/jon' );
 		$followers2 = array( 'https://user2.example.com' );
@@ -268,6 +294,30 @@ class Test_Db_Activitypub_Followers extends WP_UnitTestCase {
 		$this->assertCount( 1, $meta );
 	}
 
+	public function test_migration() {
+		$pre_http_request = new MockAction();
+		add_filter( 'pre_http_request', array( $pre_http_request, 'filter' ), 10, 3 );
+
+		$followers = array(
+			'https://example.com/author/jon',
+			'https://example.og/errors',
+			'https://example.org/author/doe',
+			'http://sally.example.org',
+			'https://error.example.com',
+			'https://example.net/error',
+		);
+
+		$user_id = 1;
+
+		add_user_meta( $user_id, 'activitypub_followers', $followers, true );
+
+		\Activitypub\Migration::maybe_migrate();
+
+		$db_followers = \Activitypub\Collection\Followers::get_followers( 1 );
+
+		$this->assertCount( 3, $db_followers );
+	}
+
 	/**
 	 * @dataProvider extract_name_from_uri_content_provider
 	 */