Tafarn

An ActivityPub home server written in Rust, implementing the Mastodon API.

At present no web UI is provided, the API is the only way to interact with the server.

Configuration

Tafarn is based on Rocket, as such the configuration is handled through the Rocket configuration system. An example configuration file is provided below:

[debug]
secret_key = "<secret key>"
jwt_secret = "<secret key>"
celery = { amqp_url = "amqp://localhost:5672/tafarn" }
uri = "<external uri>"
vapid_key = "./vapid_key.pem"
# The system actor private key
as_key = "./as_key.pem"
media_path = "./media"

[debug.databases.db]
url = "postgres://postgres@localhost/tafarn"

[debug.oidc]
issuer_url = "<oidc issuer url>"
client_id = "tafarn"
client_secret = "<client secret>"

Secret keys can be generated by openssl rand -base64 32. A VAPID key can be generated by openssl ecparam -genkey -name prime256v1 -outform pem -out vapid_key.pem. A system actor key can be generated by openssl genrsa 2048 -outform pem -out as_key.pem.

Authentication

Tafarn does not have its own authentication system, instead it uses an external OIDC provider. The OIDC provider must support the /.well-known/openid-configuration configuration endpoint. On first login the display name will be set to the name claim, and the username to either the preferred_username or given_name claim, if preferred_username is not available.

Localization

Tafarn uses the Fluent localization system. To add a new language copy the en-GB folder in i18n as a starting point.

Currently supported languages are:

• English (en-GB)
• Welsh (cy)
• Dutch (nl-NL); thanks flimpie.
• Russian (ru-RU); thanks Сергей Ворон.

ActivityPub implementation status

Events the server can receive

• Follow Person/Service/Organization/Application/Group
• Accept follow
• Reject follow
• Undo follow
• Update Person/Service/Organization/Application/Group
• Create note
• Announce note
• Undo announce
• Delete note
• Like note
• Undo like note

Events the server can send

• Follow Person/Service/Organization/Application/Group
• Accept follow
• Undo follow
• Update Person/Application/Group
• Create note
• Announce note
• Undo announce
• Like note
• Undo like note

API endpoints implementation status

apps

• POST /api/v1/apps
• GET /api/v1/apps/verify_credentials
• GET /oauth/authorize
• POST /oauth/token
• POST /oauth/revoke
• POST /api/v1/emails/confirmation

accounts

• POST /api/v1/accounts (likely never to be implemented)
• GET /api/v1/accounts/verify_credentials
• PATCH /api/v1/accounts/update_credentials
• GET /api/v1/accounts/:id
• GET /api/v1/accounts/:id/statuses
• GET /api/v1/accounts/:id/followers
• GET /api/v1/accounts/:id/following
• GET /api/v1/accounts/:id/featured_tags
• POST /api/v1/accounts/:id/follow
• POST /api/v1/accounts/:id/unfollow
• POST /api/v1/accounts/:id/remove_from_followers
• POST /api/v1/accounts/:id/note
• GET /api/v1/accounts/relationships
• GET /api/v1/accounts/familiar_followers
• GET /api/v1/accounts/search
• GET /api/v1/accounts/lookup
• GET /api/v1/accounts/:id/identity_proofs (likely never to be implemented)

bookmarks

• GET /api/v1/bookmarks
• POST /api/v1/statuses/:id/bookmark
• POST /api/v1/statuses/:id/unbookmark

favourites

• GET /api/v1/favourites
• POST /api/v1/statuses/:id/favourite
• POST /api/v1/statuses/:id/unfavourite

mutes

• GET /api/v1/mutes
• POST /api/v1/accounts/:id/mute
• POST /api/v1/accounts/:id/unmute

blocks

• GET /api/v1/blocks
• POST /api/v1/accounts/:id/block
• POST /api/v1/accounts/:id/unblock

domain blocks

• GET /api/v1/domain_blocks
• POST /api/v1/domain_blocks
• DELETE /api/v1/domain_blocks

filters

• GET /api/v2/filters
• GET /api/v2/filters/:id
• POST /api/v2/filters
• PUT /api/v2/filters/:id
• DELETE /api/v2/filters/:id
• GET /api/v2/filters/:filter_id/keywords
• POST /api/v2/filters/:filter_id/keywords
• GET /api/v2/filters/keywords/:id
• PUT /api/v2/filters/keywords/:id
• DELETE /api/v2/filters/keywords/:id
• GET /api/v2/filters/:filter_id/statuses
• POST /api/v2/filters/:filter_id/statuses
• GET /api/v2/filters/statuses/:id
• DELETE /api/v2/filters/statuses/:id
• GET /api/v1/filters
• GET /api/v1/filters/:id
• POST /api/v1/filters
• PUT /api/v1/filters/:id
• DELETE /api/v1/filters/:id

reports

• POST /api/v1/reports

follow requests

• GET /api/v1/follow_requests
• POST /api/v1/follow_requests/:account_id/authorize
• POST /api/v1/follow_requests/:account_id/reject

endorsements

• GET /api/v1/endorsements
• POST /api/v1/accounts/:id/pin
• POST /api/v1/accounts/:id/unpin

featured tags

• GET /api/v1/featured_tags
• POST /api/v1/featured_tags
• DELETE /api/v1/featured_tags/:id
• GET /api/v1/featured_tags/suggestions

preferences

• GET /api/v1/preferences

followed tags

• GET /api/v1/followed_tags
• POST /api/v1/tags/:id/follow
• POST /api/v1/tags/:id/unfollow

suggestions

• GET /api/v2/suggestions
• DELETE /api/v1/suggestions/:account_id
• GET /api/v1/suggestions

tags

• GET /api/v1/tags/:id

statuses

• POST /api/v1/statuses
• GET /api/v1/statuses/:id
• DELETE /api/v1/statuses/:id
• GET /api/v1/statuses/:id/context
• GET /api/v1/statuses/:id/reblogged_by
• GET /api/v1/statuses/:id/favourited_by
• POST /api/v1/statuses/:id/reblog
• POST /api/v1/statuses/:id/unreblog
• POST /api/v1/statuses/:id/mute
• POST /api/v1/statuses/:id/unmute
• POST /api/v1/statuses/:id/pin
• POST /api/v1/statuses/:id/unpin
• PUT /api/v1/statuses/:id
• GET /api/v1/statuses/:id/history
• GET /api/v1/statuses/:id/source

media

• POST /api/v2/media
• GET /api/v1/media/:id
• PUT /api/v1/media/:id
• POST /api/v1/media

Only image uploads are currently supported, videos and audio will result in a HTTP 422 Unprocessable Entity response.

polls

• GET /api/v1/polls/:id
• POST /api/v1/polls/:id/votes

scheduled statuses

• GET /api/v1/scheduled_statuses
• GET /api/v1/scheduled_statuses/:id
• PUT /api/v1/scheduled_statuses/:id
• DELETE /api/v1/scheduled_statuses/:id

timelines

• GET /api/v1/timelines/public
• GET /api/v1/timelines/tag/:hashtag
• GET /api/v1/timelines/home
• GET /api/v1/timelines/list/:list_id
• GET /api/v1/timelines/direct

conversations

• GET /api/v1/conversations
• DELETE /api/v1/conversations/:id
• POST /api/v1/conversations/:id/read

lists

• GET /api/v1/lists
• GET /api/v1/lists/:id
• POST /api/v1/lists
• PUT /api/v1/lists/:id
• DELETE /api/v1/lists/:id
• GET /api/v1/lists/:id/accounts
• POST /api/v1/lists/:id/accounts
• DELETE /api/v1/lists/:id/accounts
• GET /api/v1/accounts/:id/lists

markers

• GET /api/v1/markers
• POST /api/v1/markers

streaming

• GET /api/v1/streaming/health
• GET /api/v1/streaming/user
• GET /api/v1/streaming/user/notification
• GET /api/v1/streaming/public
• GET /api/v1/streaming/public/local
• GET /api/v1/streaming/public/remote
• GET /api/v1/streaming/hashtag
• GET /api/v1/streaming/hashtag/local
• GET /api/v1/streaming/list
• GET /api/v1/streaming/direct
• wss://<>/api/v1/streaming

notifications

• GET /api/v1/notifications
• GET /api/v1/notification/:id
• POST /api/v1/notifications/clear
• POST /api/v1/notifications/:id/dismiss

web push

• POST /api/v1/push/subscription
• GET /api/v1/push/subscription
• PUT /api/v1/push/subscription
• DELETE /api/v1/push/subscription

search

• GET /api/v2/search

Search currently only handles accounts, hashtags and statuses are always empty.

instance

• GET /api/v2/instance
• GET /api/v1/instance
• GET /api/v1/instance/peers
• GET /api/v1/instance/activity
• GET /api/v1/instance/rules
• GET /api/v1/instance/domain_blocks
• GET /api/v1/custom_emojis
• GET /api/v1/directory

trends

• GET /api/v1/trends/tags
• GET /api/v1/trends/statuses
• GET /api/v1/trends/links

announcements

• GET /api/v1/announcements
• POST /api/v1/announcements/:id/dismiss
• PUT /api/v1/announcements/:id/reactions/:name
• DELETE /api/v1/announcements/:id/reactions/:name

oembed

• GET /api/oembed

admin

No admin API endpoint is currently implemented.