Button Button
  • 000003 by useradmin on 2019/10/21 at 21:01 GMT
  • 000002 by useradmin on 2019/07/19 at 23:55 GMT

Page Content

# All you need to start is a server with GET and POST handling

This also implies permanent storage, at least for most applications. Since we'll be targeting compatibility with existing platforms, this also means using http. We'll eventually require secure a secure transport layer, but this can be provided by a proxy if it's not available natively in your development toolkit

Throughout this series, I'll be making an effort to use *searchable* terms. If you experience a difference of opinion with me about what constitutes "searchable," please contact me or check back in a week. I'll provide linked definitions as necessary to accommodate the needs of readers as I become aware of them 

## Some notes about OAuth

Some implementations may also want OAuth2. ThisOAuth2 is neithermuch an ActivityPub requirement nor a requirement for interactivity with current implementations. You'llsimpler usethan OAuth2OAuth client1.0 ifbecause youit providemakes a publicsecure facing website and want implementations that use OAuth2 server to be able to interact with yourtransport Objectsa fromrequirement. yourOAuth websiteis asnot theiran ActivityPub identity,requirement, without the Object necessarily being in their feed. You'll want to implement OAuth2 server if your implementation provides accounts and you want to enable clients running untrusted code, like other websites, to perform actionsnor onis theirit streams

Youa *can*requirement usefor OAuthinteractivity with desktopcurrent and mobileimplementations, clientsbut andit doingis sobest willpractice providefor asecuring moreclient secureconnections. experienceYou incan appview ecosystemsthe wherehistory peopleof arethis forceddocument to runsee untrusted code. I probably won't be addressing OAuth implementation in this series beyond the recommendationchanges that youI've use an existing library with sufficient documentation for your needs. We *will* share several patterns to address many waysmade. OAuthSome isof usedthose inassertions theare wildincorrect

## Establish your http server

HTTP over a non-privileged port run as a local user with direct access to console output is usually the easiest way to troubleshoot a web application. If you don't need that or appreciate the convenience, I'm happy for you. Seriously, do what you know if you know what to do. If this is your first web app, however, and this project is an appropriate first web app, then use any license you have to make things easy on yourself. The built-in web server of many programming languages is quite slow and fragile compared to a dedicated web server. That's fine. You can run it behind a proxy or refactor later

Set up the default project, do the "hello, world" tutorial, or otherwise get the "It works!" page showing in your web server project and verify that you can access in your browser

## Save and serve a JSON file

Next you'll save some JSON dummy data in your data store and verify that it gets served. As JSON. Firefox is helpful in this regard. No idea about Chrome. (Don't care)

It's efficient to save your data as JSON text, but saving it in another format with lossless conversion to JSON is also viable. This is a short list of formats that may be readily converted into JSON:
 - Lua tables
 - S-expressions
 - YAML
 - Several metadata formats for Markdown

We'll be making Objects in our store immutable in this project in order to provide access and concurrency patterns that are safe and consistent over a variety of architectures. This means that you'll be able to use a proxy server or statically generate a store of JSON objects to serve from the file system if that suits your purposes. Just make sure that you either have the conversion tools available for you toolkit or the ability to build them

If you want to support rich text, this is the place to implement that. You'll find a rich text example in the [description of the source property in the ActivityPub spec](https://www.w3.org/TR/activitypub/#source-property). At some point before presenting objects to clients or federation, you'll verify the structure of the source and content properties, because that's where the message payload lives. For Objects that are not also Activities or Collections, you'll have a source object that consists of a mediaType and content. The mediaType will be a string describing the media type, generally from [the IANA list of media types](https://www.iana.org/assignments/media-types/media-types.xhtml). The content property of the source attribute will be the original message, a string of text that could be transformed into HTML using a markdown parser

## POST a JSON file

The final step in this week's session is to create a POST handler and target it (from another web page or with curl) with some arbitrary JSON

The handler needs to:
 - Receive data from the web server formatted as a POST
 - Inject the contents of the POST into the data store
 - Translate the contents into JSON (if submitted in a different format)
 - Return the JSON representation to the submitter with an URL that can be used to GET the object

## Contact and feedback

The purpose of this project is to provide positive guidance and a way forward for those considering building an ActivityPub implementation that allows for consistent progress while emphasizing freedom and expressiveness. If you'd like to ask questions or have a more detailed discussion, please look for discussions with the [#swaps](https://banana.dog/web/timelines/tag/swaps) or [#swaps000002](https://banana.dog/web/timelines/tag/swaps000002) tag on the fediverse, or start your own discussion and tag [@yaaps@bananadog](https://banana.dog/web/accounts/68905)