Single-file PHP ActivityPub server bridged to Bluesky via Bridgy Fed.
Forked from https://gitlab.com/edent/activity-bot/
Features added:
- Being able to follow/unfollow other users
Original README:
This is a single PHP file - and an .htaccess file - which acts as an extremely basic ActivityPub server for running automated accounts.
This bot can do the following:
- 🔍 Be discovered on the Fediverse
- 👉 Be followed by other accounts
- 🚫 Be unfollowed by accounts
- 📩 Send messages to the Fediverse
- 🖼️ Attach an image & alt text to a message
- 🕸️ Autolink URls, hashtags, and @ mentions
- 🔏 Verify cryptographic signatures
That's it! Here's what it doesn't do:
- ❌ Thread replies
- ❌ Delete or update a post
- ❌ Create Polls
- ❌ Attach multiple images
- ❌ Set focus point for images
- ❌ Set sensitivity for images / blur
- ❌ Set "Content Warning"
- ❌ Accurate support for converting user's text to HTML
This is designed to be a lightweight educational tool to show you the basics of how ActivityPub works.
There are no tests, no checks, no security features, no formal verifications, no containers, no gods, no masters.
- Edit the
index.phpfile to add a username, password, and keypair.- If you prefer, you can rename
.env.exampleto.envand place the details in there.
- If you prefer, you can rename
- Upload
index.phpand.htaccessto the root directory of your domain. For exampletest.example.com/. It will not work in a subdirectory.- If you are using a
.envfile for credentials, upload that as well.
- If you are using a
- Optionally, upload an
icon.pngto make the user look nice. - Visit
https://test.example.com/.well-known/webfingerand check that it shows a JSON file with your user's details. - Go to Mastodon or other Fediverse site and search for your user:
@username@test.example.com - Follow your user.
- Check your
/data/logs/directory to see if the follow request was received correctly. - To post a message, run this on the command line:
curl -X POST -F 'password=your-password-here' -F $'content=Testing!\nVisit https://example.com/ !\n\nThis post has a #hashtage and image including alt text' -F 'image=@banner.png' -F 'alt=A picture' https://test.example.com/action/send
- Check social media to see if the message appears.
- To read the messages that your server's has sent, visit
https://test.example.com/
- The
.htaccessfile transforms requests fromexample.com/whatevertoexample.com/index.php?path=whatever. - The
index.phpfile performs a specific action depending on the path requested. - Log files are saved as .txt in the
/data/logsdirectory. - Post files are saved as .json in the
/postsdirectory. - Details of accounts who follow you are saved as .json in the
/data/followersdirectory. - Details of accounts who you follow are saved as .json in the
/data/followingdirectory. - Messages sent to your inbox are saved as .json in the
/data/inboxdirectory. - This has sloppy support for sending posts with linked #hashtags, https:// URls, and @ mentions.
- HTTP Message Signatures are verified.
- PHP 8.3 (We live in the future now)
- The OpenSSL Extension (This is usually installed by default)
- HTTPS certificate (Let's Encrypt is fine)
- 100MB free disk space (ActivityPub is a very "chatty" protocol. Expect lots of logs.)
- Docker, Node, MongoDB, Wayland, GLaDOS, React, LLM, Adobe Creative Cloud, Maven (Absolutely none of these!)
This code is released to you under the GNU Affero General Public License v3.0 or later. This means, if you modify this code and let other people interact with it over a computer network, you must release the source code.
I actively do not want you to use this code in production. It is not suitable for anything other than educational use. The use of AGPL is designed to be an incentive for you to learn from this software and then write something better.
Please take note of CRAPL v0:
Any appearance of design in the Program is purely coincidental and should not in any way be mistaken for evidence of thoughtful software construction.
- Please raise issues at https://gitlab.com/edent/activity-bot/-/issues
- Or contact me on Mastodon @edent@mastodon.social
Moderation is hard. When someone replies to you, they store data on your server. That's fine if the data is "LOL! Cool post!" but it is bad if it is "Here is a link to buy an illegal substance http://..."
Do you want to check every message you've received to make sure you're not being a vector for spam?
What happens if someone posts something clearly illegal to your server and then calls the cops on you?
Dunno. Try it and find out. If your bot is ridiculously popular, you may want to find a better piece of software to host it.
Because you haven't sent a Pull Request.
I'm not magic. I'm just one person building small tools. I'm happy to help you understand the code I've written but, if you want something in this world, you have to build it yourself.
You don't. Every bot needs its own domain name.
This is a deliberate choice. Let each bot have its own space on the Internet.
I don't want you to go and buy lots of new domains - you should create free subdomains.
Because I hate you and want you to suffer.
But, more specifically, because everything supports PHP. You can FTP these files onto any host and be guaranteed they'll run. People don't want to faff around with an NPM install, or setting up a Python VENV.