Major changes:
- Restructure plugin architecture: moved federation logic into a dedicated `federation` plugin with Better Auth integration, defining schemas for server registry, key rotation, and blacklist management
- Extract encryption layer: new `oven` plugin handles end-to-end encryption (E2EE) with OLM client/server implementations
- Reorganize social features: consolidated social endpoints (posts, follows, blocks, mutes) and removed legacy plugin patterns in favor of unified plugin structure
- Decentralized key management: refactored `keytools` and `keygen` to support federation key rotation with challenge tokens and health checks
Infrastructure updates:
- Upgrade dependencies: bump Better Auth to 1.6.9, React to 19.2.5, Next.js to 16.2.3, Tailwind to 4.2.4
- Add cryptographic libraries: @scure/bip39, @signalapp/libsignal-client, @matrix-org/matrix-sdk-crypto-wasm for enhanced federation security
- Add utilities: base58-js, uuid for federation identifier handling
- Update database schema with new federation tables (serverRegistry, rotateChallengeTokens, blacklistedServers)
Minor updates: test suite alignment, storage client cleanup, PostFederationSchema refinements
Co-authored-by: Cursor <cursoragent@cursor.com>
- Added a new proxy route to relay encrypted federation traffic between servers, allowing for better communication in restricted environments.
- Implemented health check mechanisms for server registration, including tracking health status and scheduling health checks.
- Updated the database schema to include health check attempts and unhealthy reasons for servers.
- Enhanced the federation fetch logic to handle errors more gracefully and support proxying requests.
- Improved README documentation with a new section explaining public/private data handling and added links to mirrors.
- Refactored existing code for better organization and clarity, including updates to various federation-related modules.
#3
This should all be tested throughly, the workers are messy and poluted, a rework is needed and should be prioritized.
They work, but the code is poorly documented and there is no proper testing of the workers, some of them run twice and there are major issues on them.
- Added new environment variables for MinIO configuration in .env.local.example.
- Updated package.json and bun.lock to include new dependencies for key management and encryption.
- Refactored server and route handling to support Ed25519 and X25519 key pairs for improved security during key rotation.
- Implemented validation for public keys and enhanced error handling in the discovery routes.
- Introduced new challenges for key rotation, ensuring secure communication between federations.
- Updated README with additional instructions for the new key rotation process.
- Added a new test suite for attack vectors targeting the /discover federation routes, ensuring (known) vulnerabilities are addressed.
- Implemented a proxy function to check for blacklisted servers, enhancing security measures.
- Introduced URL validation to prevent SSRF attacks by blocking internal addresses.
- Updated package.json with a new test command for the attack tests.
- Refactored server and route handling to improve type safety and error handling.
- Added new middleware for blacklist checks and URL validation to prevent unauthorized access.
- Introduced a new test suite for server discovery functionality, ensuring proper registration and response handling.
- Enhanced public key validation logic to include detailed error messages for invalid keys.
- Updated package.json with a new test command for the discovery tests.
- Removed outdated Playwright CI workflow configuration.
- Added new routes for server discovery and key rotation, including challenge issuance and confirmation processes.
- Introduced database schema for managing server registrations and rotation challenges.
- Implemented encryption and decryption utilities for secure communication between servers.
- Updated package dependencies and added new client and server plugins for social features.
- Enhanced user management with additional fields and relations in the database schema.
