refactor: move all methods in src/api/activitypub.js to src/activitypub.out.js

2025-11-02 12:05:57 +01:00 · 2025-10-22 12:51:50 -04:00
parent bb34b8c7a3
commit 3ede64d8a1
18 changed files with 364 additions and 451 deletions
--- a/src/activitypub/index.js
+++ b/src/activitypub/index.js
@@ -68,6 +68,7 @@ ActivityPub.instances = require('./instances');
 ActivityPub.feps = require('./feps');
 ActivityPub.rules = require('./rules');
 ActivityPub.relays = require('./relays');
 ActivityPub.out = require('./out');
 ActivityPub.startJobs = () => {
 	ActivityPub.helpers.log('[activitypub/jobs] Registering jobs.');
--- a/src/activitypub/notes.js
+++ b/src/activitypub/notes.js
@@ -265,7 +265,7 @@ Notes.assert = async (uid, input, options = { skipChecks: false }) => {
 		if (!hasTid && options.cid) {
 			// New topic, have category announce it
-			api.activitypub.announce.category({}, { tid });
+			activitypub.out.announce.category(tid);
 		}
 		return { tid, count };
--- a/src/activitypub/out.js
+++ b/src/activitypub/out.js
@@ -1,34 +1,34 @@
 'use strict';
 /**
- * DEVELOPMENT NOTE
+ * This method deals unilaterally with federating activities outward.
 * There _shouldn't_ be any activities sent out that don't go through this file
 * This _should_ be the only file that calls activitypub.send()
 *
- * THIS FILE IS UNDER ACTIVE DEVELOPMENT AND IS EXPLICITLY EXCLUDED FROM IMMUTABILITY GUARANTEES
+ * YMMV.
 *
 * If you use api methods in this file, be prepared that they may be removed or modified with no warning.
 */
 const nconf = require('nconf');
 const winston = require('winston');
 const nconf = require('nconf');
 const db = require('../database');
 const user = require('../user');
 const categories = require('../categories');
 const meta = require('../meta');
 const privileges = require('../privileges');
 const activitypub = require('../activitypub');
 const posts = require('../posts');
 const topics = require('../topics');
 const posts = require('../posts');
 const messaging = require('../messaging');
 const utils = require('../utils');
 const activitypub = module.parent.exports;
-const activitypubApi = module.exports;
+const Out = module.exports;
 function enabledCheck(next) {
-	return async function (caller, params) {
+	return async function (...args) {
 		if (meta.config.activitypubEnabled) {
 			try {
-				await next(caller, params);
+				await next.apply(null, args);
 			} catch (e) {
 				winston.error(`[activitypub/api] Error\n${e.stack}`);
 			}
@@ -36,7 +36,7 @@ function enabledCheck(next) {
 	};
 }
-activitypubApi.follow = enabledCheck(async (caller, { type, id, actor } = {}) => {
+Out.follow = enabledCheck(async (type, id, actor) => {
 	// Privilege checks should be done upstream
 	const acceptedTypes = ['uid', 'cid'];
 	const assertion = await activitypub.actors.assert(actor);
@@ -73,8 +73,302 @@ activitypubApi.follow = enabledCheck(async (caller, { type, id, actor } = {}) =>
 	}
 });
-// should be .undo.follow
+Out.create = {};
-activitypubApi.unfollow = enabledCheck(async (caller, { type, id, actor }) => {
+
 Out.create.note = enabledCheck(async (uid, post) => {
 	if (utils.isNumber(post)) {
 		post = (await posts.getPostSummaryByPids([post], uid, { stripTags: false })).pop();
 		if (!post) {
 			return;
 		}
 	}
 	const { pid } = post;
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { activity, targets } = await activitypub.mocks.activities.create(pid, uid, post);
 	await Promise.all([
 		activitypub.send('uid', uid, Array.from(targets), activity),
 		activitypub.feps.announce(pid, activity),
 		// utils.isNumber(post.cid) ? activitypubApi.add(caller, { pid }) : undefined,
 	]);
 });
 Out.create.privateNote = enabledCheck(async (messageObj) => {
 	const { roomId } = messageObj;
 	let targets = await messaging.getUidsInRoom(roomId, 0, -1);
 	targets = targets.filter(uid => !utils.isNumber(uid)); // remote uids only
 	const object = await activitypub.mocks.notes.private({ messageObj });
 	const payload = {
 		id: `${object.id}#activity/create/${Date.now()}`,
 		type: 'Create',
 		actor: object.attributedTo,
 		to: object.to,
 		object,
 	};
 	await activitypub.send('uid', messageObj.fromuid, targets, payload);
 });
 Out.update = {};
 Out.update.profile = enabledCheck(async (uid, actorUid) => {
 	// Local users only
 	if (!utils.isNumber(uid)) {
 		return;
 	}
 	const [object, targets] = await Promise.all([
 		activitypub.mocks.actors.user(uid),
 		db.getSortedSetMembers(`followersRemote:${uid}`),
 	]);
 	await activitypub.send('uid', actorUid || uid, targets, {
 		id: `${object.id}#activity/update/${Date.now()}`,
 		type: 'Update',
 		actor: object.id,
 		to: [activitypub._constants.publicAddress],
 		cc: [],
 		object,
 	});
 });
 Out.update.category = enabledCheck(async (cid) => {
 	// Local categories only
 	if (!utils.isNumber(cid)) {
 		return;
 	}
 	const [object, targets] = await Promise.all([
 		activitypub.mocks.actors.category(cid),
 		activitypub.notes.getCategoryFollowers(cid),
 	]);
 	await activitypub.send('cid', cid, targets, {
 		id: `${object.id}#activity/update/${Date.now()}`,
 		type: 'Update',
 		actor: object.id,
 		to: [activitypub._constants.publicAddress],
 		cc: [],
 		object,
 	});
 });
 Out.update.note = enabledCheck(async (uid, post) => {
 	// Only applies to local posts
 	if (!utils.isNumber(post.pid)) {
 		return;
 	}
 	const object = await activitypub.mocks.notes.public(post);
 	const { to, cc, targets } = await activitypub.buildRecipients(object, { pid: post.pid, uid: post.user.uid });
 	object.to = to;
 	object.cc = cc;
 	const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const payload = {
 		id: `${object.id}#activity/update/${post.edited || Date.now()}`,
 		type: 'Update',
 		actor: object.attributedTo,
 		to,
 		cc,
 		object,
 	};
 	await Promise.all([
 		activitypub.send('uid', uid, Array.from(targets), payload),
 		activitypub.feps.announce(post.pid, payload),
 	]);
 });
 Out.update.privateNote = enabledCheck(async (uid, messageObj) => {
 	if (!utils.isNumber(messageObj.mid)) {
 		return;
 	}
 	const { roomId } = messageObj;
 	let uids = await messaging.getUidsInRoom(roomId, 0, -1);
 	uids = uids.filter(uid => String(uid) !== String(messageObj.fromuid)); // no author
 	const to = uids.map(uid => (utils.isNumber(uid) ? `${nconf.get('url')}/uid/${uid}` : uid));
 	const targets = uids.filter(uid => !utils.isNumber(uid)); // remote uids only
 	const object = await activitypub.mocks.notes.private({ messageObj });
 	const payload = {
 		id: `${object.id}#activity/create/${Date.now()}`,
 		type: 'Update',
 		actor: object.attributedTo,
 		to,
 		object,
 	};
 	await activitypub.send('uid', uid, targets, payload);
 });
 Out.delete = {};
 Out.delete.note = enabledCheck(async (uid, pid) => {
 	// Only applies to local posts
 	if (!utils.isNumber(pid)) {
 		return;
 	}
 	const id = `${nconf.get('url')}/post/${pid}`;
 	const post = (await posts.getPostSummaryByPids([pid], uid, { stripTags: false })).pop();
 	const object = await activitypub.mocks.notes.public(post);
 	const { to, cc, targets } = await activitypub.buildRecipients(object, { pid, uid: post.user.uid });
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating update of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const payload = {
 		id: `${id}#activity/delete/${Date.now()}`,
 		type: 'Delete',
 		actor: object.attributedTo,
 		to,
 		cc,
 		object: id,
 		origin: object.context,
 	};
 	await Promise.all([
 		activitypub.send('uid', uid, Array.from(targets), payload),
 		activitypub.feps.announce(pid, payload),
 	]);
 });
 Out.like = {};
 Out.like.note = enabledCheck(async (uid, pid) => {
 	const payload = {
 		id: `${nconf.get('url')}/uid/${uid}#activity/like/${encodeURIComponent(pid)}`,
 		type: 'Like',
 		actor: `${nconf.get('url')}/uid/${uid}`,
 		object: utils.isNumber(pid) ? `${nconf.get('url')}/post/${pid}` : pid,
 	};
 	if (!activitypub.helpers.isUri(pid)) { // only 1b12 announce for local likes
 		await activitypub.feps.announce(pid, payload);
 		return;
 	}
 	const recipient = await posts.getPostField(pid, 'uid');
 	if (!activitypub.helpers.isUri(recipient)) {
 		return;
 	}
 	await Promise.all([
 		activitypub.send('uid', uid, [recipient], payload),
 		activitypub.feps.announce(pid, payload),
 	]);
 });
 Out.announce = {};
 Out.announce.category = enabledCheck(async (tid) => {
 	const { mainPid: pid, cid } = await topics.getTopicFields(tid, ['mainPid', 'cid']);
 	// Only local categories can announce
 	if (!utils.isNumber(cid) || parseInt(cid, 10) < 1) {
 		return;
 	}
 	const uid = await posts.getPostField(pid, 'uid'); // author
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating announce of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { to, cc, targets } = await activitypub.buildRecipients({
 		id: pid,
 		to: [activitypub._constants.publicAddress],
 		cc: [`${nconf.get('url')}/category/${cid}/followers`, uid],
 	}, { cid, uid: utils.isNumber(uid) ? uid : undefined });
 	await activitypub.send('cid', cid, Array.from(targets), {
 		id: `${nconf.get('url')}/post/${encodeURIComponent(pid)}#activity/announce/${Date.now()}`,
 		type: 'Announce',
 		actor: `${nconf.get('url')}/category/${cid}`,
 		to,
 		cc,
 		object: pid,
 		target: `${nconf.get('url')}/category/${cid}`,
 	});
 });
 Out.flag = enabledCheck(async (uid, flag) => {
 	if (!activitypub.helpers.isUri(flag.targetId)) {
 		return;
 	}
 	const reportedIds = [flag.targetId];
 	if (flag.type === 'post' && activitypub.helpers.isUri(flag.targetUid)) {
 		reportedIds.push(flag.targetUid);
 	}
 	const reason = flag.reason ||
 		(flag.reports && flag.reports.filter(report => report.reporter.uid === uid).at(-1).value);
 	await activitypub.send('uid', uid, reportedIds, {
 		id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/flag/${uid}`,
 		type: 'Flag',
 		actor: `${nconf.get('url')}/uid/${uid}`,
 		object: reportedIds,
 		content: reason,
 	});
 	await db.sortedSetAdd(`flag:${flag.flagId}:remote`, Date.now(), uid);
 });
 Out.remove = {};
 Out.remove.context = enabledCheck(async (uid, tid) => {
 	// Federates Remove(Context); where Context is the tid
 	const now = new Date();
 	const cid = await topics.getTopicField(tid, 'oldCid');
 	// Only local categories
 	if (!utils.isNumber(cid) || parseInt(cid, 10) < 1) {
 		return;
 	}
 	const allowed = await privileges.categories.can('topics:read', cid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating deletion of tid ${tid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { to, cc, targets } = await activitypub.buildRecipients({
 		to: [activitypub._constants.publicAddress],
 		cc: [`${nconf.get('url')}/category/${cid}/followers`],
 	}, { cid });
 	// Remove(Context)
 	await activitypub.send('uid', uid, Array.from(targets), {
 		id: `${nconf.get('url')}/topic/${tid}#activity/remove/${now.getTime()}`,
 		type: 'Remove',
 		actor: `${nconf.get('url')}/uid/${uid}`,
 		to,
 		cc,
 		object: `${nconf.get('url')}/topic/${tid}`,
 		origin: `${nconf.get('url')}/category/${cid}`,
 	});
 });
 Out.undo = {};
 Out.undo.follow = enabledCheck(async (type, id, actor) => {
 	const acceptedTypes = ['uid', 'cid'];
 	const assertion = await activitypub.actors.assert(actor);
 	if (!acceptedTypes.includes(type) || !assertion) {
@@ -139,312 +433,35 @@ activitypubApi.unfollow = enabledCheck(async (caller, { type, id, actor }) => {
 	}
 });
-activitypubApi.create = {};
+Out.undo.like = enabledCheck(async (uid, pid) => {
 activitypubApi.create.note = enabledCheck(async (caller, { pid, post }) => {
 	if (!post) {
 		post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();
 		if (!post) {
 			return;
 		}
 	} else {
 		pid = post.pid;
 	}
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating creation of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { activity, targets } = await activitypub.mocks.activities.create(pid, caller.uid, post);
 	await Promise.all([
 		activitypub.send('uid', caller.uid, Array.from(targets), activity),
 		activitypub.feps.announce(pid, activity),
 		// utils.isNumber(post.cid) ? activitypubApi.add(caller, { pid }) : undefined,
 	]);
 });
 activitypubApi.create.privateNote = enabledCheck(async (caller, { messageObj }) => {
 	const { roomId } = messageObj;
 	let targets = await messaging.getUidsInRoom(roomId, 0, -1);
 	targets = targets.filter(uid => !utils.isNumber(uid)); // remote uids only
 	const object = await activitypub.mocks.notes.private({ messageObj });
 	const payload = {
 		id: `${object.id}#activity/create/${Date.now()}`,
 		type: 'Create',
 		actor: object.attributedTo,
 		to: object.to,
 		object,
 	};
 	await activitypub.send('uid', messageObj.fromuid, targets, payload);
 });
 activitypubApi.update = {};
 activitypubApi.update.profile = enabledCheck(async (caller, { uid }) => {
 	// Local users only
 	if (!utils.isNumber(uid)) {
 		return;
 	}
 	const [object, targets] = await Promise.all([
 		activitypub.mocks.actors.user(uid),
 		db.getSortedSetMembers(`followersRemote:${caller.uid}`),
 	]);
 	await activitypub.send('uid', caller.uid, targets, {
 		id: `${object.id}#activity/update/${Date.now()}`,
 		type: 'Update',
 		actor: object.id,
 		to: [activitypub._constants.publicAddress],
 		cc: [],
 		object,
 	});
 });
 activitypubApi.update.category = enabledCheck(async (caller, { cid }) => {
 	// Local categories only
 	if (!utils.isNumber(cid)) {
 		return;
 	}
 	const [object, targets] = await Promise.all([
 		activitypub.mocks.actors.category(cid),
 		activitypub.notes.getCategoryFollowers(cid),
 	]);
 	await activitypub.send('cid', cid, targets, {
 		id: `${object.id}#activity/update/${Date.now()}`,
 		type: 'Update',
 		actor: object.id,
 		to: [activitypub._constants.publicAddress],
 		cc: [],
 		object,
 	});
 });
 activitypubApi.update.note = enabledCheck(async (caller, { post }) => {
 	// Only applies to local posts
 	if (!utils.isNumber(post.pid)) {
 		return;
 	}
 	const object = await activitypub.mocks.notes.public(post);
 	const { to, cc, targets } = await activitypub.buildRecipients(object, { pid: post.pid, uid: post.user.uid });
 	object.to = to;
 	object.cc = cc;
 	const allowed = await privileges.posts.can('topics:read', post.pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating update of pid ${post.pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const payload = {
 		id: `${object.id}#activity/update/${post.edited || Date.now()}`,
 		type: 'Update',
 		actor: object.attributedTo,
 		to,
 		cc,
 		object,
 	};
 	await Promise.all([
 		activitypub.send('uid', caller.uid, Array.from(targets), payload),
 		activitypub.feps.announce(post.pid, payload),
 	]);
 });
 activitypubApi.update.privateNote = enabledCheck(async (caller, { messageObj }) => {
 	if (!utils.isNumber(messageObj.mid)) {
 		return;
 	}
 	const { roomId } = messageObj;
 	let uids = await messaging.getUidsInRoom(roomId, 0, -1);
 	uids = uids.filter(uid => String(uid) !== String(messageObj.fromuid)); // no author
 	const to = uids.map(uid => (utils.isNumber(uid) ? `${nconf.get('url')}/uid/${uid}` : uid));
 	const targets = uids.filter(uid => !utils.isNumber(uid)); // remote uids only
 	const object = await activitypub.mocks.notes.private({ messageObj });
 	const payload = {
 		id: `${object.id}#activity/create/${Date.now()}`,
 		type: 'Update',
 		actor: object.attributedTo,
 		to,
 		object,
 	};
 	await activitypub.send('uid', caller.uid, targets, payload);
 });
 activitypubApi.delete = {};
 activitypubApi.delete.note = enabledCheck(async (caller, { pid }) => {
 	// Only applies to local posts
 	if (!utils.isNumber(pid)) {
 		return;
 	}
 	const id = `${nconf.get('url')}/post/${pid}`;
 	const post = (await posts.getPostSummaryByPids([pid], caller.uid, { stripTags: false })).pop();
 	const object = await activitypub.mocks.notes.public(post);
 	const { to, cc, targets } = await activitypub.buildRecipients(object, { pid, uid: post.user.uid });
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating update of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const payload = {
 		id: `${id}#activity/delete/${Date.now()}`,
 		type: 'Delete',
 		actor: object.attributedTo,
 		to,
 		cc,
 		object: id,
 		origin: object.context,
 	};
 	await Promise.all([
 		activitypub.send('uid', caller.uid, Array.from(targets), payload),
 		activitypub.feps.announce(pid, payload),
 	]);
 });
 activitypubApi.like = {};
 activitypubApi.like.note = enabledCheck(async (caller, { pid }) => {
 	const payload = {
 		id: `${nconf.get('url')}/uid/${caller.uid}#activity/like/${encodeURIComponent(pid)}`,
 		type: 'Like',
 		actor: `${nconf.get('url')}/uid/${caller.uid}`,
 		object: utils.isNumber(pid) ? `${nconf.get('url')}/post/${pid}` : pid,
 	};
 	if (!activitypub.helpers.isUri(pid)) { // only 1b12 announce for local likes
 		await activitypub.feps.announce(pid, payload);
 		return;
 	}
 	const uid = await posts.getPostField(pid, 'uid');
 	if (!activitypub.helpers.isUri(uid)) {
 		return;
 	}
 	await Promise.all([
 		activitypub.send('uid', caller.uid, [uid], payload),
 		activitypub.feps.announce(pid, payload),
 	]);
 });
 activitypubApi.announce = {};
 activitypubApi.announce.category = enabledCheck(async (_, { tid }) => {
 	const { mainPid: pid, cid } = await topics.getTopicFields(tid, ['mainPid', 'cid']);
 	// Only local categories can announce
 	if (!utils.isNumber(cid) || parseInt(cid, 10) < 1) {
 		return;
 	}
 	const uid = await posts.getPostField(pid, 'uid'); // author
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating announce of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { to, cc, targets } = await activitypub.buildRecipients({
 		id: pid,
 		to: [activitypub._constants.publicAddress],
 		cc: [`${nconf.get('url')}/category/${cid}/followers`, uid],
 	}, { cid, uid: utils.isNumber(uid) ? uid : undefined });
 	await activitypub.send('cid', cid, Array.from(targets), {
 		id: `${nconf.get('url')}/post/${encodeURIComponent(pid)}#activity/announce/${Date.now()}`,
 		type: 'Announce',
 		actor: `${nconf.get('url')}/category/${cid}`,
 		to,
 		cc,
 		object: pid,
 		target: `${nconf.get('url')}/category/${cid}`,
 	});
 });
 activitypubApi.announce.user = enabledCheck(async (caller, { tid }) => {
 	// ORPHANED, but will re-use when user announces are a thing.
 	const { mainPid: pid, cid } = await topics.getTopicFields(tid, ['mainPid', 'cid']);
 	// Only remote posts can be announced to local categories
 	if (utils.isNumber(pid) || parseInt(cid, 10) === -1) {
 		return;
 	}
 	const uid = await posts.getPostField(pid, 'uid'); // author
 	const allowed = await privileges.posts.can('topics:read', pid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating announce of pid ${pid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { to, cc, targets } = await activitypub.buildRecipients({
 		id: pid,
 		to: [activitypub._constants.publicAddress],
 		cc: [`${nconf.get('url')}/uid/${caller.uid}/followers`, uid],
 	}, { uid: caller.uid });
 	await activitypub.send('uid', caller.uid, Array.from(targets), {
 		id: `${nconf.get('url')}/post/${encodeURIComponent(pid)}#activity/announce/${Date.now()}`,
 		type: 'Announce',
 		actor: `${nconf.get('url')}/uid/${caller.uid}`,
 		to,
 		cc,
 		object: pid,
 		target: `${nconf.get('url')}/category/${cid}`,
 	});
 });
 activitypubApi.undo = {};
 // activitypubApi.undo.follow =
 activitypubApi.undo.like = enabledCheck(async (caller, { pid }) => {
 	if (!activitypub.helpers.isUri(pid)) {
 		return;
 	}
-	const uid = await posts.getPostField(pid, 'uid');
+	const author = await posts.getPostField(pid, 'uid');
-	if (!activitypub.helpers.isUri(uid)) {
+	if (!activitypub.helpers.isUri(author)) {
 		return;
 	}
 	const payload = {
-		id: `${nconf.get('url')}/uid/${caller.uid}#activity/undo:like/${encodeURIComponent(pid)}/${Date.now()}`,
+		id: `${nconf.get('url')}/uid/${uid}#activity/undo:like/${encodeURIComponent(pid)}/${Date.now()}`,
 		type: 'Undo',
-		actor: `${nconf.get('url')}/uid/${caller.uid}`,
+		actor: `${nconf.get('url')}/uid/${uid}`,
 		object: {
-			actor: `${nconf.get('url')}/uid/${caller.uid}`,
+			actor: `${nconf.get('url')}/uid/${uid}`,
-			id: `${nconf.get('url')}/uid/${caller.uid}#activity/like/${encodeURIComponent(pid)}`,
+			id: `${nconf.get('url')}/uid/${uid}#activity/like/${encodeURIComponent(pid)}`,
 			type: 'Like',
 			object: pid,
 		},
 	};
 	await Promise.all([
-		activitypub.send('uid', caller.uid, [uid], payload),
+		activitypub.send('uid', uid, [author], payload),
 		activitypub.feps.announce(pid, payload),
 	]);
 });
-activitypubApi.flag = enabledCheck(async (caller, flag) => {
+Out.undo.flag = enabledCheck(async (uid, flag) => {
 	if (!activitypub.helpers.isUri(flag.targetId)) {
 		return;
 	}
@@ -453,101 +470,18 @@ activitypubApi.flag = enabledCheck(async (caller, flag) => {
 		reportedIds.push(flag.targetUid);
 	}
 	const reason = flag.reason ||
-		(flag.reports && flag.reports.filter(report => report.reporter.uid === caller.uid).at(-1).value);
+		(flag.reports && flag.reports.filter(report => report.reporter.uid === uid).at(-1).value);
-	await activitypub.send('uid', caller.uid, reportedIds, {
+	await activitypub.send('uid', uid, reportedIds, {
-		id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/flag/${caller.uid}`,
+		id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/undo:flag/${uid}/${Date.now()}`,
 		type: 'Flag',
 		actor: `${nconf.get('url')}/uid/${caller.uid}`,
 		object: reportedIds,
 		content: reason,
 	});
 	await db.sortedSetAdd(`flag:${flag.flagId}:remote`, Date.now(), caller.uid);
 });
 /*
 activitypubApi.add = enabledCheck((async (_, { pid }) => {
 	let localId;
 	if (String(pid).startsWith(nconf.get('url'))) {
 		({ id: localId } = await activitypub.helpers.resolveLocalId(pid));
 	}
 	const tid = await posts.getPostField(localId || pid, 'tid');
 	const cid = await posts.getCidByPid(localId || pid);
 	if (!utils.isNumber(tid) || cid <= 0) { // `Add` only federated on categorized topics started locally
 		return;
 	}
 	let to = [activitypub._constants.publicAddress];
 	let cc = [];
 	let targets;
 	({ to, cc, targets } = await activitypub.buildRecipients({ to, cc }, { pid: localId || pid, cid }));
 	await activitypub.send('cid', cid, Array.from(targets), {
 		id: `${nconf.get('url')}/post/${encodeURIComponent(localId || pid)}#activity/add/${Date.now()}`,
 		type: 'Add',
 		to,
 		cc,
 		object: utils.isNumber(pid) ? `${nconf.get('url')}/post/${pid}` : pid,
 		target: `${nconf.get('url')}/topic/${tid}`,
 	});
 }));
 */
 activitypubApi.undo.flag = enabledCheck(async (caller, flag) => {
 	if (!activitypub.helpers.isUri(flag.targetId)) {
 		return;
 	}
 	const reportedIds = [flag.targetId];
 	if (flag.type === 'post' && activitypub.helpers.isUri(flag.targetUid)) {
 		reportedIds.push(flag.targetUid);
 	}
 	const reason = flag.reason ||
 		(flag.reports && flag.reports.filter(report => report.reporter.uid === caller.uid).at(-1).value);
 	await activitypub.send('uid', caller.uid, reportedIds, {
 		id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/undo:flag/${caller.uid}/${Date.now()}`,
 		type: 'Undo',
-		actor: `${nconf.get('url')}/uid/${caller.uid}`,
+		actor: `${nconf.get('url')}/uid/${uid}`,
 		object: {
-			id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/flag/${caller.uid}`,
+			id: `${nconf.get('url')}/${flag.type}/${encodeURIComponent(flag.targetId)}#activity/flag/${uid}`,
-			actor: `${nconf.get('url')}/uid/${caller.uid}`,
+			actor: `${nconf.get('url')}/uid/${uid}`,
 			type: 'Flag',
 			object: reportedIds,
 			content: reason,
 		},
 	});
-	await db.sortedSetRemove(`flag:${flag.flagId}:remote`, caller.uid);
+	await db.sortedSetRemove(`flag:${flag.flagId}:remote`, uid);
 });
 activitypubApi.remove = {};
 activitypubApi.remove.context = enabledCheck(async ({ uid }, { tid }) => {
 	// Federates Remove(Context); where Context is the tid
 	const now = new Date();
 	const cid = await topics.getTopicField(tid, 'oldCid');
 	// Only local categories
 	if (!utils.isNumber(cid) || parseInt(cid, 10) < 1) {
 		return;
 	}
 	const allowed = await privileges.categories.can('topics:read', cid, activitypub._constants.uid);
 	if (!allowed) {
 		activitypub.helpers.log(`[activitypub/api] Not federating deletion of tid ${tid} to the fediverse due to privileges.`);
 		return;
 	}
 	const { to, cc, targets } = await activitypub.buildRecipients({
 		to: [activitypub._constants.publicAddress],
 		cc: [`${nconf.get('url')}/category/${cid}/followers`],
 	}, { cid });
 	// Remove(Context)
 	await activitypub.send('uid', uid, Array.from(targets), {
 		id: `${nconf.get('url')}/topic/${tid}#activity/remove/${now.getTime()}`,
 		type: 'Remove',
 		actor: `${nconf.get('url')}/uid/${uid}`,
 		to,
 		cc,
 		object: `${nconf.get('url')}/topic/${tid}`,
 		origin: `${nconf.get('url')}/category/${cid}`,
 	});
 });
--- a/src/api/categories.js
+++ b/src/api/categories.js
@@ -7,10 +7,9 @@ const events = require('../events');
 const user = require('../user');
 const groups = require('../groups');
 const privileges = require('../privileges');
 const activitypub = require('../activitypub');
 const utils = require('../utils');
 const activitypubApi = require('./activitypub');
 const categoriesAPI = module.exports;
 const hasAdminPrivilege = async (uid, privilege = 'categories') => {
@@ -66,7 +65,7 @@ categoriesAPI.update = async function (caller, data) {
 	const payload = {};
 	payload[cid] = values;
 	await categories.update(payload);
-	activitypubApi.update.category(caller, { cid }); // background
+	activitypub.out.update.category(cid); // background
 };
 categoriesAPI.delete = async function (caller, { cid }) {
--- a/src/api/helpers.js
+++ b/src/api/helpers.js
@@ -6,6 +6,7 @@ const topics = require('../topics');
 const posts = require('../posts');
 const privileges = require('../privileges');
 const plugins = require('../plugins');
 const activitypub = require('../activitypub');
 const socketHelpers = require('../socket.io/helpers');
 const websockets = require('../socket.io');
 const events = require('../events');
@@ -129,7 +130,6 @@ exports.postCommand = async function (caller, command, eventName, notification,
 };
 async function executeCommand(caller, command, eventName, notification, data) {
 	const api = require('.');
 	const result = await posts[command](data.pid, caller.uid);
 	if (result && eventName) {
 		websockets.in(`uid_${caller.uid}`).emit(`posts.${command}`, result);
@@ -137,12 +137,12 @@ async function executeCommand(caller, command, eventName, notification, data) {
 	}
 	if (result && command === 'upvote') {
 		socketHelpers.upvote(result, notification);
-		await api.activitypub.like.note(caller, { pid: data.pid });
+		await activitypub.out.like.note(caller.uid, data.pid);
 	} else if (result && notification) {
 		socketHelpers.sendNotificationToPostOwner(data.pid, caller.uid, command, notification);
 	} else if (result && command === 'unvote') {
 		socketHelpers.rescindUpvoteNotification(data.pid, caller.uid);
-		await api.activitypub.undo.like(caller, { pid: data.pid });
+		await activitypub.out.undo.like(caller.uid, data.pid);
 	}
 	return result;
 }
--- a/src/api/index.js
+++ b/src/api/index.js
@@ -11,7 +11,6 @@ module.exports = {
 	categories: require('./categories'),
 	search: require('./search'),
 	flags: require('./flags'),
 	activitypub: require('./activitypub'),
 	files: require('./files'),
 	utils: require('./utils'),
 };
--- a/src/api/posts.js
+++ b/src/api/posts.js
@@ -151,7 +151,7 @@ postsAPI.edit = async function (caller, data) {
 	if (!editResult.post.deleted) {
 		websockets.in(`topic_${editResult.topic.tid}`).emit('event:post_edited', editResult);
 		setTimeout(() => {
-			require('.').activitypub.update.note(caller, { post: postObj[0] });
+			activitypub.out.update.note(caller.uid, postObj[0]);
 		}, 5000);
 		return returnData;
@@ -208,7 +208,7 @@ async function deleteOrRestore(caller, data, params) {
 	// Explicitly non-awaited
 	posts.getPostSummaryByPids([data.pid], caller.uid, { extraFields: ['edited'] }).then(([post]) => {
-		require('.').activitypub.update.note(caller, { post });
+		activitypub.out.update.note(caller.uid, post);
 	});
 }
@@ -254,7 +254,7 @@ postsAPI.purge = async function (caller, data) {
 	posts.clearCachedPost(data.pid);
 	await Promise.all([
 		posts.purge(data.pid, caller.uid),
-		require('.').activitypub.delete.note(caller, { pid: data.pid }),
+		activitypub.out.delete.note(caller.uid, data.pid),
 	]);
 	websockets.in(`topic_${postData.tid}`).emit('event:post_purged', postData);
--- a/src/api/topics.js
+++ b/src/api/topics.js
@@ -8,9 +8,9 @@ const meta = require('../meta');
 const privileges = require('../privileges');
 const events = require('../events');
 const batch = require('../batch');
 const activitypub = require('../activitypub');
 const utils = require('../utils');
 const activitypubApi = require('./activitypub');
 const apiHelpers = require('./helpers');
 const { doTopicAction } = apiHelpers;
@@ -80,7 +80,7 @@ topicsAPI.create = async function (caller, data) {
 	socketHelpers.notifyNew(caller.uid, 'newTopic', { posts: [result.postData], topic: result.topicData });
 	if (!isScheduling) {
-		await activitypubApi.create.note(caller, { pid: result.postData.pid });
+		await activitypub.out.create.note(caller.uid, result.postData.pid);
 	}
 	return result.topicData;
@@ -116,7 +116,7 @@ topicsAPI.reply = async function (caller, data) {
 	}
 	socketHelpers.notifyNew(caller.uid, 'newPost', result);
-	await activitypubApi.create.note(caller, { post: postData });
+	await activitypub.out.create.note(caller.uid, postData);
 	return postData;
 };
@@ -323,11 +323,11 @@ topicsAPI.move = async (caller, { tid, cid }) => {
 				socketHelpers.sendNotificationToTopicOwner(tid, caller.uid, 'move', 'notifications:moved-your-topic');
 				if (utils.isNumber(cid) && parseInt(cid, 10) === -1) {
-					activitypubApi.remove.context(caller, { tid });
+					activitypub.out.remove.context(caller.uid, tid);
 					// tbd: activitypubApi.undo.announce?
 				} else {
 					// tbd: activitypubApi.move
-					activitypubApi.announce.category(caller, { tid });
+					activitypub.out.announce.category(tid);
 				}
 			}
--- a/src/controllers/write/categories.js
+++ b/src/controllers/write/categories.js
@@ -2,6 +2,7 @@
 const categories = require('../../categories');
 const meta = require('../../meta');
 const activitypub = require('../../activitypub');
 const api = require('../../api');
 const helpers = require('../helpers');
@@ -107,6 +108,7 @@ Categories.setModerator = async (req, res) => {
 };
 Categories.follow = async (req, res, next) => {
 	// Priv check done in route middleware
 	const { actor } = req.body;
 	const id = parseInt(req.params.cid, 10);
@@ -114,11 +116,7 @@ Categories.follow = async (req, res, next) => {
 		return next();
 	}
-	await api.activitypub.follow(req, {
+	await activitypub.out.follow('cid', id, actor);
 		type: 'cid',
 		id,
 		actor,
 	});
 	helpers.formatApiResponse(200, res, {});
 };
@@ -131,11 +129,6 @@ Categories.unfollow = async (req, res, next) => {
 		return next();
 	}
-	await api.activitypub.unfollow(req, {
+	await activitypub.out.undo.follow('cid', id, actor);
 		type: 'cid',
 		id,
 		actor,
 	});
 	helpers.formatApiResponse(200, res, {});
 };
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@@ -5,6 +5,7 @@ const path = require('path');
 const crypto = require('crypto');
 const api = require('../../api');
 const activitypub = require('../../activitypub');
 const user = require('../../user');
 const helpers = require('../helpers');
@@ -94,11 +95,7 @@ Users.changePassword = async (req, res) => {
 Users.follow = async (req, res) => {
 	const remote = String(req.params.uid).includes('@');
 	if (remote) {
-		await api.activitypub.follow(req, {
+		await activitypub.out.follow('uid', req.uid, req.params.uid);
 			type: 'uid',
 			id: req.uid,
 			actor: req.params.uid,
 		});
 	} else {
 		await api.users.follow(req, req.params);
 	}
@@ -109,11 +106,7 @@ Users.follow = async (req, res) => {
 Users.unfollow = async (req, res) => {
 	const remote = String(req.params.uid).includes('@');
 	if (remote) {
-		await api.activitypub.unfollow(req, {
+		await activitypub.out.undo.follow('uid', req.uid, req.params.uid);
 			type: 'uid',
 			id: req.uid,
 			actor: req.params.uid,
 		});
 	} else {
 		await api.users.unfollow(req, req.params);
 	}
--- a/src/flags.js
+++ b/src/flags.js
@@ -5,7 +5,6 @@ const winston = require('winston');
 const validator = require('validator');
 const activitypub = require('./activitypub');
 const activitypubApi = require('./api/activitypub');
 const db = require('./database');
 const user = require('./user');
 const groups = require('./groups');
@@ -477,8 +476,7 @@ Flags.create = async function (type, id, uid, reason, timestamp, forceFlag = fal
 	const flagObj = await Flags.get(flagId);
 	if (notifyRemote && activitypub.helpers.isUri(id)) {
-		const caller = await user.getUserData(uid);
+		activitypub.out.flag(uid, { ...flagObj, reason });
 		activitypubApi.flag(caller, { ...flagObj, reason });
 	}
 	plugins.hooks.fire('action:flags.create', { flag: flagObj });
@@ -531,7 +529,7 @@ Flags.purge = async function (flagIds) {
 		flagData.flatMap(
 			async (flagObj, i) => allReporterUids[i].map(async (uid) => {
 				if (await db.isSortedSetMember(`flag:${flagObj.flagId}:remote`, uid)) {
-					await activitypubApi.undo.flag({ uid }, flagObj);
+					await activitypub.out.undo.flag(uid, flagObj);
 				}
 			})
 		),
@@ -569,7 +567,7 @@ Flags.addReport = async function (flagId, type, id, uid, reason, timestamp, targ
 	]);
 	if (notifyRemote && activitypub.helpers.isUri(id)) {
-		await activitypubApi.flag({ uid }, { flagId, type, targetId: id, targetUid, uid, reason, timestamp });
+		await activitypub.out.flag(uid, { flagId, type, targetId: id, targetUid, uid, reason, timestamp });
 	}
 	plugins.hooks.fire('action:flags.addReport', { flagId, type, id, uid, reason, timestamp });
@@ -599,7 +597,7 @@ Flags.rescindReport = async (type, id, uid) => {
 	if (await db.isSortedSetMember(`flag:${flagId}:remote`, uid)) {
 		const flag = await Flags.get(flagId);
-		await activitypubApi.undo.flag({ uid }, flag);
+		await activitypub.out.undo.flag(uid, flag);
 	}
 	await db.sortedSetRemoveBulk([
--- a/src/messaging/delete.js
+++ b/src/messaging/delete.js
@@ -2,7 +2,7 @@
 const sockets = require('../socket.io');
 const plugins = require('../plugins');
-const api = require('../api');
+const activitypub = require('../activitypub');
 module.exports = function (Messaging) {
 	Messaging.deleteMessage = async (mid, uid) => await doDeleteRestore(mid, 1, uid);
@@ -30,6 +30,6 @@ module.exports = function (Messaging) {
 			plugins.hooks.fire('action:messaging.restore', { message: msgData });
 		}
-		api.activitypub.update.privateNote({ uid }, { messageObj: msgData });
+		activitypub.out.update.privateNote(uid, msgData);
 	}
 };
--- a/src/messaging/edit.js
+++ b/src/messaging/edit.js
@@ -4,7 +4,7 @@ const db = require('../database');
 const meta = require('../meta');
 const user = require('../user');
 const plugins = require('../plugins');
-const api = require('../api');
+const activitypub = require('../activitypub');
 const privileges = require('../privileges');
 const utils = require('../utils');
@@ -39,7 +39,7 @@ module.exports = function (Messaging) {
 			});
 			if (!isPublic && utils.isNumber(messages[0].fromuid)) {
-				api.activitypub.update.privateNote({ uid: messages[0].fromuid }, { messageObj: messages[0] });
+				activitypub.out.update.privateNote(messages[0].fromuid, messages[0]);
 			}
 		}
--- a/src/messaging/notifications.js
+++ b/src/messaging/notifications.js
@@ -8,7 +8,7 @@ const db = require('../database');
 const notifications = require('../notifications');
 const user = require('../user');
 const io = require('../socket.io');
-const api = require('../api');
+const activitypub = require('../activitypub');
 const plugins = require('../plugins');
 const utils = require('../utils');
@@ -83,7 +83,7 @@ module.exports = function (Messaging) {
 			await Promise.all([
 				sendNotification(fromUid, roomId, messageObj),
 				!isPublic && utils.isNumber(fromUid) ?
-					api.activitypub.create.privateNote({ uid: fromUid }, { messageObj }) : null,
+					activitypub.out.create.privateNote(messageObj) : null,
 			]);
 		} catch (err) {
 			winston.error(`[messaging/notifications] Unabled to send notification\n${err.stack}`);
--- a/src/topics/delete.js
+++ b/src/topics/delete.js
@@ -8,7 +8,7 @@ const categories = require('../categories');
 const flags = require('../flags');
 const plugins = require('../plugins');
 const batch = require('../batch');
-const api = require('../api');
+const activitypub = require('../activitypub');
 const utils = require('../utils');
 module.exports = function (Topics) {
@@ -25,7 +25,7 @@ module.exports = function (Topics) {
 				deleterUid: uid,
 				deletedTimestamp: Date.now(),
 			}),
-			api.activitypub.remove.context({ uid }, { tid }),
+			activitypub.out.remove.context(uid, tid),
 		]);
 		await categories.updateRecentTidForCid(cid);
--- a/src/topics/scheduled.js
+++ b/src/topics/scheduled.js
@@ -11,7 +11,7 @@ const topics = require('./index');
 const categories = require('../categories');
 const groups = require('../groups');
 const user = require('../user');
-const api = require('../api');
+const activitypub = require('../activitypub');
 const plugins = require('../plugins');
 const Scheduled = module.exports;
@@ -175,7 +175,7 @@ function federatePosts(uids, topicData) {
 	topicData.forEach(({ mainPid: pid }, idx) => {
 		const uid = uids[idx];
-		api.activitypub.create.note({ uid }, { pid });
+		activitypub.out.create.note(uid, pid);
 	});
 }
--- a/src/user/categories.js
+++ b/src/user/categories.js
@@ -5,8 +5,8 @@ const _ = require('lodash');
 const db = require('../database');
 const meta = require('../meta');
 const categories = require('../categories');
 const activitypub = require('../activitypub');
 const plugins = require('../plugins');
 const api = require('../api');
 const utils = require('../utils');
 module.exports = function (User) {
@@ -30,12 +30,8 @@ module.exports = function (User) {
 			throw new Error('[[error:no-category]]');
 		}
-		const apiMethod = state >= categories.watchStates.tracking ? 'follow' : 'unfollow';
+		const apiMethod = state >= categories.watchStates.tracking ? activitypub.out.follow : activitypub.out.undo.follow;
-		const follows = cids.filter(cid => !utils.isNumber(cid)).map(cid => api.activitypub[apiMethod]({ uid }, {
+		const follows = cids.filter(cid => !utils.isNumber(cid)).map(cid => apiMethod('uid', uid, cid)); // returns promises
 			type: 'uid',
 			id: uid,
 			actor: cid,
 		})); // returns promises
 		await Promise.all([
 			db.sortedSetsAdd(cids.map(cid => `cid:${cid}:uid:watch:state`), state, uid),
--- a/src/user/profile.js
+++ b/src/user/profile.js
@@ -11,7 +11,7 @@ const meta = require('../meta');
 const db = require('../database');
 const groups = require('../groups');
 const plugins = require('../plugins');
-const api = require('../api');
+const activitypub = require('../activitypub');
 const tx = require('../translator');
 module.exports = function (User) {
@@ -68,7 +68,7 @@ module.exports = function (User) {
 			fields: fields,
 			oldData: oldData,
 		});
-		api.activitypub.update.profile({ uid }, { uid: updateUid });
+		activitypub.out.update.profile(updateUid, uid);
 		return await User.getUserFields(updateUid, [
 			'email', 'username', 'userslug',