next step on the way to federation

2024-05-07 17:58:13 +02:00 · 2024-05-07 17:58:13 +02:00 · 1a76664d56
commit 1a76664d56
parent 99d1ae52fc
11 changed files with 1044 additions and 3 deletions
--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@ -1,6 +1,8 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

+// TODO: Think about whether this should be moved to services/activitypub (compare to exosy/services/activitypub/client.go)
 package activitypub

 import (
@ -10,11 +12,13 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 	"time"

 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/proxy"
 	"code.gitea.io/gitea/modules/setting"

@ -84,6 +88,7 @@ func NewClient(ctx context.Context, user *user_model.User, pubID string) (c *Cli
 			Transport: &http.Transport{
 				Proxy: proxy.Proxy(),
 			},
+			Timeout: 5 * time.Second,
 		},
 		algs:        setting.HttpsigAlgs,
 		digestAlg:   httpsig.DigestAlgorithm(setting.Federation.DigestAlgorithm),
@ -96,9 +101,9 @@ func NewClient(ctx context.Context, user *user_model.User, pubID string) (c *Cli
 }

 // NewRequest function
-func (c *Client) NewRequest(b []byte, to string) (req *http.Request, err error) {
+func (c *Client) NewRequest(method string, b []byte, to string) (req *http.Request, err error) {
 	buf := bytes.NewBuffer(b)
-	req, err = http.NewRequest(http.MethodPost, to, buf)
+	req, err = http.NewRequest(method, to, buf)
 	if err != nil {
 		return nil, err
 	}
@ -116,9 +121,52 @@ func (c *Client) NewRequest(b []byte, to string) (req *http.Request, err error)
 // Post function
 func (c *Client) Post(b []byte, to string) (resp *http.Response, err error) {
 	var req *http.Request
-	if req, err = c.NewRequest(b, to); err != nil {
+	if req, err = c.NewRequest(http.MethodPost, b, to); err != nil {
 		return nil, err
 	}
 	resp, err = c.client.Do(req)
 	return resp, err
 }
+
+// Create an http GET request with forgejo/gitea specific headers
+func (c *Client) Get(to string) (resp *http.Response, err error) { // ToDo: we might not need the b parameter
+	var req *http.Request
+	emptyBody := []byte{0}
+	if req, err = c.NewRequest(http.MethodGet, emptyBody, to); err != nil {
+		return nil, err
+	}
+	resp, err = c.client.Do(req)
+	return resp, err
+}
+
+// Create an http GET request with forgejo/gitea specific headers
+func (c *Client) GetBody(uri string) ([]byte, error) {
+	response, err := c.Get(uri)
+	if err != nil {
+		return nil, err
+	}
+	log.Debug("Client: got status: %v", response.Status)
+	if response.StatusCode != 200 {
+		err = fmt.Errorf("got non 200 status code for id: %v", uri)
+		return nil, err
+	}
+	defer response.Body.Close()
+	body, err := io.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+	log.Debug("Client: got body: %v", charLimiter(string(body), 120))
+	return body, nil
+}
+
+// Limit number of characters in a string (useful to prevent log injection attacks and overly long log outputs)
+// Thanks to https://www.socketloop.com/tutorials/golang-characters-limiter-example
+func charLimiter(s string, limit int) string {
+	reader := strings.NewReader(s)
+	buff := make([]byte, limit)
+	n, _ := io.ReadAtLeast(reader, buff, limit)
+	if n != 0 {
+		return fmt.Sprint(string(buff), "...")
+	}
+	return s
+}
--- a/modules/activitypub/client_test.go
+++ b/modules/activitypub/client_test.go
@ -1,4 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2023 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

 package activitypub
@ -14,11 +15,87 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
+
+	_ "github.com/mattn/go-sqlite3"
 )

+/* ToDo: Set Up tests for http get requests
+
+Set up an expected response for GET on api with user-id = 1:
+{
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1"
+  ],
+  "id": "http://localhost:3000/api/v1/activitypub/user-id/1",
+  "type": "Person",
+  "icon": {
+    "type": "Image",
+    "mediaType": "image/png",
+    "url": "http://localhost:3000/avatar/3120fd0edc57d5d41230013ad88232e2"
+  },
+  "url": "http://localhost:3000/me",
+  "inbox": "http://localhost:3000/api/v1/activitypub/user-id/1/inbox",
+  "outbox": "http://localhost:3000/api/v1/activitypub/user-id/1/outbox",
+  "preferredUsername": "me",
+  "publicKey": {
+    "id": "http://localhost:3000/api/v1/activitypub/user-id/1#main-key",
+    "owner": "http://localhost:3000/api/v1/activitypub/user-id/1",
+    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAo1VDZGWQBDTWKhpWiPQp\n7nD94UsKkcoFwDQVuxE3bMquKEHBomB4cwUnVou922YkL3AmSOr1sX2yJQGqnCLm\nOeKS74/mCIAoYlu0d75bqY4A7kE2VrQmQLZBbmpCTfrPqDaE6Mfm/kXaX7+hsrZS\n4bVvzZCYq8sjtRxdPk+9ku2QhvznwTRlWLvwHmFSGtlQYPRu+f/XqoVM/DVRA/Is\nwDk9yiNIecV+Isus0CBq1jGQkfuVNu1GK2IvcSg9MoDm3VH/tCayAP+xWm0g7sC8\nKay6Y/khvTvE7bWEKGQsJGvi3+4wITLVLVt+GoVOuCzdbhTV2CHBzn7h30AoZD0N\nY6eyb+Q142JykoHadcRwh1a36wgoG7E496wPvV3ST8xdiClca8cDNhOzCj8woY+t\nTFCMl32U3AJ4e/cAsxKRocYLZqc95dDqdNQiIyiRMMkf5NaA/QvelY4PmFuHC0WR\nVuJ4A3mcti2QLS9j0fSwSJdlfolgW6xaPgjdvuSQsgX1AgMBAAE=\n-----END PUBLIC KEY-----\n"
+  }
+}
+
+Set up a user called "me" for all tests
+
+
+
+*/
+
+func TestNewClientReturnsClient(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	pubID := "myGpgId"
+	c, err := NewClient(db.DefaultContext, user, pubID)
+
+	log.Debug("Client: %v\nError: %v", c, err)
+	assert.NoError(t, err)
+}
+
+/* TODO: bring this test to work or delete
+func TestActivityPubSignedGet(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1, Name: "me"})
+	pubID := "myGpgId"
+	c, err := NewClient(db.DefaultContext, user, pubID)
+	assert.NoError(t, err)
+
+	expected := "TestActivityPubSignedGet"
+
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Regexp(t, regexp.MustCompile("^"+setting.Federation.DigestAlgorithm), r.Header.Get("Digest"))
+		assert.Contains(t, r.Header.Get("Signature"), pubID)
+		assert.Equal(t, r.Header.Get("Content-Type"), ActivityStreamsContentType)
+		body, err := io.ReadAll(r.Body)
+		assert.NoError(t, err)
+		assert.Equal(t, expected, string(body))
+		fmt.Fprint(w, expected)
+	}))
+	defer srv.Close()
+
+	r, err := c.Get(srv.URL)
+	assert.NoError(t, err)
+	defer r.Body.Close()
+	body, err := io.ReadAll(r.Body)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(body))
+
+}
+*/
+
 func TestActivityPubSignedPost(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
--- a/modules/forgefed/actor.go
+++ b/modules/forgefed/actor.go
@ -0,0 +1,226 @@
+// Copyright 2023, 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgefed
+
+import (
+	"fmt"
+	"net/url"
+	"strings"
+
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/validation"
+
+	ap "github.com/go-ap/activitypub"
+)
+
+// ----------------------------- ActorID --------------------------------------------
+type ActorID struct {
+	ID               string
+	Source           string
+	Schema           string
+	Path             string
+	Host             string
+	Port             string
+	UnvalidatedInput string
+}
+
+// Factory function for ActorID. Created struct is asserted to be valid
+func NewActorID(uri string) (ActorID, error) {
+	result, err := newActorID(uri)
+	if err != nil {
+		return ActorID{}, err
+	}
+
+	if valid, outcome := validation.IsValid(result); !valid {
+		return ActorID{}, outcome
+	}
+
+	return result, nil
+}
+
+func (id ActorID) AsURI() string {
+	var result string
+	if id.Port == "" {
+		result = fmt.Sprintf("%s://%s/%s/%s", id.Schema, id.Host, id.Path, id.ID)
+	} else {
+		result = fmt.Sprintf("%s://%s:%s/%s/%s", id.Schema, id.Host, id.Port, id.Path, id.ID)
+	}
+	return result
+}
+
+func (id ActorID) Validate() []string {
+	var result []string
+	result = append(result, validation.ValidateNotEmpty(id.ID, "userId")...)
+	result = append(result, validation.ValidateNotEmpty(id.Schema, "schema")...)
+	result = append(result, validation.ValidateNotEmpty(id.Path, "path")...)
+	result = append(result, validation.ValidateNotEmpty(id.Host, "host")...)
+	result = append(result, validation.ValidateNotEmpty(id.UnvalidatedInput, "unvalidatedInput")...)
+
+	if id.UnvalidatedInput != id.AsURI() {
+		result = append(result, fmt.Sprintf("not all input was parsed, \nUnvalidated Input:%q \nParsed URI: %q", id.UnvalidatedInput, id.AsURI()))
+	}
+
+	return result
+}
+
+// ----------------------------- PersonID --------------------------------------------
+type PersonID struct {
+	ActorID
+}
+
+// Factory function for PersonID. Created struct is asserted to be valid
+func NewPersonID(uri, source string) (PersonID, error) {
+	// TODO: remove after test
+	//if !validation.IsValidExternalURL(uri) {
+	//	return PersonId{}, fmt.Errorf("uri %s is not a valid external url", uri)
+	//}
+	result, err := newActorID(uri)
+	if err != nil {
+		return PersonID{}, err
+	}
+	result.Source = source
+
+	// validate Person specific path
+	personID := PersonID{result}
+	if valid, outcome := validation.IsValid(personID); !valid {
+		return PersonID{}, outcome
+	}
+
+	return personID, nil
+}
+
+func (id PersonID) AsWebfinger() string {
+	result := fmt.Sprintf("@%s@%s", strings.ToLower(id.ID), strings.ToLower(id.Host))
+	return result
+}
+
+func (id PersonID) AsLoginName() string {
+	result := fmt.Sprintf("%s%s", strings.ToLower(id.ID), id.HostSuffix())
+	return result
+}
+
+func (id PersonID) HostSuffix() string {
+	result := fmt.Sprintf("-%s", strings.ToLower(id.Host))
+	return result
+}
+
+func (id PersonID) Validate() []string {
+	result := id.ActorID.Validate()
+	result = append(result, validation.ValidateNotEmpty(id.Source, "source")...)
+	result = append(result, validation.ValidateOneOf(id.Source, []any{"forgejo", "gitea"}, "Source")...)
+	switch id.Source {
+	case "forgejo", "gitea":
+		if strings.ToLower(id.Path) != "api/v1/activitypub/user-id" && strings.ToLower(id.Path) != "api/activitypub/user-id" {
+			result = append(result, fmt.Sprintf("path: %q has to be a person specific api path", id.Path))
+		}
+	}
+	return result
+}
+
+// ----------------------------- RepositoryID --------------------------------------------
+
+type RepositoryID struct {
+	ActorID
+}
+
+// Factory function for RepositoryID. Created struct is asserted to be valid.
+func NewRepositoryID(uri, source string) (RepositoryID, error) {
+	if !validation.IsAPIURL(uri) {
+		return RepositoryID{}, fmt.Errorf("uri %s is not a valid repo url on this host %s", uri, setting.AppURL+"api")
+	}
+	result, err := newActorID(uri)
+	if err != nil {
+		return RepositoryID{}, err
+	}
+	result.Source = source
+
+	// validate Person specific path
+	repoID := RepositoryID{result}
+	if valid, outcome := validation.IsValid(repoID); !valid {
+		return RepositoryID{}, outcome
+	}
+
+	return repoID, nil
+}
+
+func (id RepositoryID) Validate() []string {
+	result := id.ActorID.Validate()
+	result = append(result, validation.ValidateNotEmpty(id.Source, "source")...)
+	result = append(result, validation.ValidateOneOf(id.Source, []any{"forgejo", "gitea"}, "Source")...)
+	switch id.Source {
+	case "forgejo", "gitea":
+		if strings.ToLower(id.Path) != "api/v1/activitypub/repository-id" && strings.ToLower(id.Path) != "api/activitypub/repository-id" {
+			result = append(result, fmt.Sprintf("path: %q has to be a repo specific api path", id.Path))
+		}
+	}
+	return result
+}
+
+func containsEmptyString(ar []string) bool {
+	for _, elem := range ar {
+		if elem == "" {
+			return true
+		}
+	}
+	return false
+}
+
+func removeEmptyStrings(ls []string) []string {
+	var rs []string
+	for _, str := range ls {
+		if str != "" {
+			rs = append(rs, str)
+		}
+	}
+	return rs
+}
+
+func newActorID(uri string) (ActorID, error) {
+	validatedURI, err := url.ParseRequestURI(uri)
+	if err != nil {
+		return ActorID{}, err
+	}
+	pathWithActorID := strings.Split(validatedURI.Path, "/")
+	if containsEmptyString(pathWithActorID) {
+		pathWithActorID = removeEmptyStrings(pathWithActorID)
+	}
+	length := len(pathWithActorID)
+	pathWithoutActorID := strings.Join(pathWithActorID[0:length-1], "/")
+	id := pathWithActorID[length-1]
+
+	result := ActorID{}
+	result.ID = id
+	result.Schema = validatedURI.Scheme
+	result.Host = validatedURI.Hostname()
+	result.Path = pathWithoutActorID
+	result.Port = validatedURI.Port()
+	result.UnvalidatedInput = uri
+	return result, nil
+}
+
+// ----------------------------- ForgePerson -------------------------------------
+
+// ForgePerson activity data type
+// swagger:model
+type ForgePerson struct {
+	// swagger:ignore
+	ap.Actor
+}
+
+func (s ForgePerson) MarshalJSON() ([]byte, error) {
+	return s.Actor.MarshalJSON()
+}
+
+func (s *ForgePerson) UnmarshalJSON(data []byte) error {
+	return s.Actor.UnmarshalJSON(data)
+}
+
+func (s ForgePerson) Validate() []string {
+	var result []string
+	result = append(result, validation.ValidateNotEmpty(string(s.Type), "Type")...)
+	result = append(result, validation.ValidateOneOf(string(s.Type), []any{string(ap.PersonType)}, "Type")...)
+	result = append(result, validation.ValidateNotEmpty(s.PreferredUsername.String(), "PreferredUsername")...)
+
+	return result
+}
--- a/modules/forgefed/actor_test.go
+++ b/modules/forgefed/actor_test.go
@ -0,0 +1,223 @@
+// Copyright 2023, 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgefed
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/validation"
+
+	ap "github.com/go-ap/activitypub"
+)
+
+func TestNewPersonId(t *testing.T) {
+	expected := PersonID{}
+	expected.ID = "1"
+	expected.Source = "forgejo"
+	expected.Schema = "https"
+	expected.Path = "api/v1/activitypub/user-id"
+	expected.Host = "an.other.host"
+	expected.Port = ""
+	expected.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1"
+	sut, _ := NewPersonID("https://an.other.host/api/v1/activitypub/user-id/1", "forgejo")
+	if sut != expected {
+		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
+	}
+
+	expected = PersonID{}
+	expected.ID = "1"
+	expected.Source = "forgejo"
+	expected.Schema = "https"
+	expected.Path = "api/v1/activitypub/user-id"
+	expected.Host = "an.other.host"
+	expected.Port = "443"
+	expected.UnvalidatedInput = "https://an.other.host:443/api/v1/activitypub/user-id/1"
+	sut, _ = NewPersonID("https://an.other.host:443/api/v1/activitypub/user-id/1", "forgejo")
+	if sut != expected {
+		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
+	}
+}
+
+func TestNewRepositoryId(t *testing.T) {
+	setting.AppURL = "http://localhost:3000/"
+	expected := RepositoryID{}
+	expected.ID = "1"
+	expected.Source = "forgejo"
+	expected.Schema = "http"
+	expected.Path = "api/activitypub/repository-id"
+	expected.Host = "localhost"
+	expected.Port = "3000"
+	expected.UnvalidatedInput = "http://localhost:3000/api/activitypub/repository-id/1"
+	sut, _ := NewRepositoryID("http://localhost:3000/api/activitypub/repository-id/1", "forgejo")
+	if sut != expected {
+		t.Errorf("expected: %v\n but was: %v\n", expected, sut)
+	}
+}
+
+func TestActorIdValidation(t *testing.T) {
+	sut := ActorID{}
+	sut.Source = "forgejo"
+	sut.Schema = "https"
+	sut.Path = "api/v1/activitypub/user-id"
+	sut.Host = "an.other.host"
+	sut.Port = ""
+	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/"
+	if sut.Validate()[0] != "userId should not be empty" {
+		t.Errorf("validation error expected but was: %v\n", sut.Validate())
+	}
+
+	sut = ActorID{}
+	sut.ID = "1"
+	sut.Source = "forgejo"
+	sut.Schema = "https"
+	sut.Path = "api/v1/activitypub/user-id"
+	sut.Host = "an.other.host"
+	sut.Port = ""
+	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1?illegal=action"
+	if sut.Validate()[0] != "not all input was parsed, \nUnvalidated Input:\"https://an.other.host/api/v1/activitypub/user-id/1?illegal=action\" \nParsed URI: \"https://an.other.host/api/v1/activitypub/user-id/1\"" {
+		t.Errorf("validation error expected but was: %v\n", sut.Validate()[0])
+	}
+}
+
+func TestPersonIdValidation(t *testing.T) {
+	sut := PersonID{}
+	sut.ID = "1"
+	sut.Source = "forgejo"
+	sut.Schema = "https"
+	sut.Path = "path"
+	sut.Host = "an.other.host"
+	sut.Port = ""
+	sut.UnvalidatedInput = "https://an.other.host/path/1"
+	if _, err := validation.IsValid(sut); err.Error() != "path: \"path\" has to be a person specific api path" {
+		t.Errorf("validation error expected but was: %v\n", err)
+	}
+
+	sut = PersonID{}
+	sut.ID = "1"
+	sut.Source = "forgejox"
+	sut.Schema = "https"
+	sut.Path = "api/v1/activitypub/user-id"
+	sut.Host = "an.other.host"
+	sut.Port = ""
+	sut.UnvalidatedInput = "https://an.other.host/api/v1/activitypub/user-id/1"
+	if sut.Validate()[0] != "Value forgejox is not contained in allowed values [forgejo gitea]" {
+		t.Errorf("validation error expected but was: %v\n", sut.Validate()[0])
+	}
+}
+
+func TestWebfingerId(t *testing.T) {
+	sut, _ := NewPersonID("https://codeberg.org/api/v1/activitypub/user-id/12345", "forgejo")
+	if sut.AsWebfinger() != "@12345@codeberg.org" {
+		t.Errorf("wrong webfinger: %v", sut.AsWebfinger())
+	}
+
+	sut, _ = NewPersonID("https://Codeberg.org/api/v1/activitypub/user-id/12345", "forgejo")
+	if sut.AsWebfinger() != "@12345@codeberg.org" {
+		t.Errorf("wrong webfinger: %v", sut.AsWebfinger())
+	}
+}
+
+func TestShouldThrowErrorOnInvalidInput(t *testing.T) {
+	var err any
+	// TODO: remove after test
+	//_, err = NewPersonId("", "forgejo")
+	//if err == nil {
+	//	t.Errorf("empty input should be invalid.")
+	//}
+
+	_, err = NewPersonID("http://localhost:3000/api/v1/something", "forgejo")
+	if err == nil {
+		t.Errorf("localhost uris are not external")
+	}
+	_, err = NewPersonID("./api/v1/something", "forgejo")
+	if err == nil {
+		t.Errorf("relative uris are not allowed")
+	}
+	_, err = NewPersonID("http://1.2.3.4/api/v1/something", "forgejo")
+	if err == nil {
+		t.Errorf("uri may not be ip-4 based")
+	}
+	_, err = NewPersonID("http:///[fe80::1ff:fe23:4567:890a%25eth0]/api/v1/something", "forgejo")
+	if err == nil {
+		t.Errorf("uri may not be ip-6 based")
+	}
+	_, err = NewPersonID("https://codeberg.org/api/v1/activitypub/../activitypub/user-id/12345", "forgejo")
+	if err == nil {
+		t.Errorf("uri may not contain relative path elements")
+	}
+	_, err = NewPersonID("https://myuser@an.other.host/api/v1/activitypub/user-id/1", "forgejo")
+	if err == nil {
+		t.Errorf("uri may not contain unparsed elements")
+	}
+
+	_, err = NewPersonID("https://an.other.host/api/v1/activitypub/user-id/1", "forgejo")
+	if err != nil {
+		t.Errorf("this uri should be valid but was: %v", err)
+	}
+}
+
+func Test_PersonMarshalJSON(t *testing.T) {
+	sut := ForgePerson{}
+	sut.Type = "Person"
+	sut.PreferredUsername = ap.NaturalLanguageValuesNew()
+	sut.PreferredUsername.Set("en", ap.Content("MaxMuster"))
+	result, _ := sut.MarshalJSON()
+	if string(result) != "{\"type\":\"Person\",\"preferredUsername\":\"MaxMuster\"}" {
+		t.Errorf("MarshalJSON() was = %q", result)
+	}
+}
+
+func Test_PersonUnmarshalJSON(t *testing.T) {
+	expected := &ForgePerson{
+		Actor: ap.Actor{
+			Type: "Person",
+			PreferredUsername: ap.NaturalLanguageValues{
+				ap.LangRefValue{Ref: "en", Value: []byte("MaxMuster")},
+			},
+		},
+	}
+	sut := new(ForgePerson)
+	err := sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`))
+	if err != nil {
+		t.Errorf("UnmarshalJSON() unexpected error: %v", err)
+	}
+	x, _ := expected.MarshalJSON()
+	y, _ := sut.MarshalJSON()
+	if !reflect.DeepEqual(x, y) {
+		t.Errorf("UnmarshalJSON() expected: %q got: %q", x, y)
+	}
+
+	expectedStr := strings.ReplaceAll(strings.ReplaceAll(`{
+		"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
+		"type":"Person",
+		"icon":{"type":"Image","mediaType":"image/png","url":"https://federated-repo.prod.meissa.de/avatar/fa7f9c4af2a64f41b1bef292bf872614"},
+		"url":"https://federated-repo.prod.meissa.de/stargoose9",
+		"inbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/inbox",
+		"outbox":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10/outbox",
+		"preferredUsername":"stargoose9",
+		"publicKey":{"id":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10#main-key",
+			"owner":"https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/10",
+			"publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBoj...XAgMBAAE=\n-----END PUBLIC KEY-----\n"}}`,
+		"\n", ""),
+		"\t", "")
+	err = sut.UnmarshalJSON([]byte(expectedStr))
+	if err != nil {
+		t.Errorf("UnmarshalJSON() unexpected error: %v", err)
+	}
+	result, _ := sut.MarshalJSON()
+	if expectedStr != string(result) {
+		t.Errorf("UnmarshalJSON() expected: %q got: %q", expectedStr, result)
+	}
+}
+
+func TestForgePersonValidation(t *testing.T) {
+	sut := new(ForgePerson)
+	sut.UnmarshalJSON([]byte(`{"type":"Person","preferredUsername":"MaxMuster"}`))
+	if res, _ := validation.IsValid(sut); !res {
+		t.Errorf("sut expected to be valid: %v\n", sut.Validate())
+	}
+}
--- a/modules/forgefed/nodeinfo.go
+++ b/modules/forgefed/nodeinfo.go
@ -0,0 +1,19 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgefed
+
+import (
+	"fmt"
+)
+
+func (id ActorID) AsWellKnownNodeInfoURI() string {
+	wellKnownPath := ".well-known/nodeinfo"
+	var result string
+	if id.Port == "" {
+		result = fmt.Sprintf("%s://%s/%s", id.Schema, id.Host, wellKnownPath)
+	} else {
+		result = fmt.Sprintf("%s://%s:%s/%s", id.Schema, id.Host, id.Port, wellKnownPath)
+	}
+	return result
+}