FEP-044f quote authorization

CHANGES.md

@@ -6,6 +6,39 @@ Version 0.9.0
 
 To be released.
 
+ -  Added FEP-044f quote authorization and policy support on top of the
+    Mastodon-compatible quote APIs.  [[#457]]
+
+     -  Added persistent quote states for `pending`, `accepted`, `rejected`,
+        `revoked`, and `unauthorized` quotes, plus quote target and
+        authorization IRIs for federation.
+     -  Hollo now enforces quote policy, quote target visibility, block
+        relationships, follower-only quote permissions, and direct-message
+        mention requirements when creating a quote through
+        `POST /api/v1/statuses`.
+     -  Implemented `quote_approval_policy` handling on status creation and
+        editing, and added `PUT /api/v1/statuses/:id/interaction_policy` for
+        updating a status' quote policy after publication.
+     -  `quotes_count` now includes only accepted quotes and is updated when
+        quotes are accepted, rejected, revoked, created, deleted, or received
+        through federation.
+     -  `GET /api/v1/statuses/:id/quotes` now lists only accepted quotes, and
+        quote revocation keeps quote target metadata while removing the quote
+        from accepted quote lists and counts.
+     -  Published outbound FEP-044f `quote`, `quoteAuthorization`, and
+        `interactionPolicy.canQuote` properties on ActivityPub objects, while
+        keeping the legacy `quoteUrl` property for compatibility.
+     -  Parsed inbound FEP-044f `quote` targets and quote approval policies
+        from remote objects, including support for the legacy `quoteUrl`
+        property.
+     -  Added federation handling for `QuoteRequest`, `Accept(QuoteRequest)`,
+        `Reject(QuoteRequest)`, and `Delete(QuoteAuthorization)`, allowing
+        Hollo to request quote authorization from remote servers, accept or
+        reject incoming quote requests, and revoke quotes when a remote quote
+        authorization is deleted.
+     -  Added dereferenceable local `QuoteAuthorization` ActivityPub objects
+        for accepted quotes.
+
  -  Added an ActivityPub `quote-inline` fallback to the `content` of explicit
     quote posts created through the Mastodon API.  Software that does not
     support quote posts can now still show the quoted post permalink, while
@@ -16,6 +49,10 @@ To be released.
     post.  If the quoted post is unavailable, the fallback link remains
     visible so the quoted URL is not lost.
 
+ -  Upgraded Fedify to 2.2.0.
+
+[#457]: https://github.com/fedify-dev/hollo/pull/457
+
 
 Version 0.8.1
 -------------

drizzle/0086_quote_controls.sql

@@ -0,0 +1,25 @@
+CREATE TYPE "public"."quote_state" AS ENUM(
+  'pending',
+  'accepted',
+  'rejected',
+  'revoked',
+  'unauthorized'
+);--> statement-breakpoint
+CREATE TYPE "public"."quote_approval_policy" AS ENUM(
+  'public',
+  'followers',
+  'nobody'
+);--> statement-breakpoint
+ALTER TABLE "posts" ADD COLUMN "quote_target_iri" text;--> statement-breakpoint
+ALTER TABLE "posts" ADD COLUMN "quote_state" "quote_state";--> statement-breakpoint
+ALTER TABLE "posts" ADD COLUMN "quote_authorization_iri" text;--> statement-breakpoint
+ALTER TABLE "posts" ADD COLUMN "quote_approval_policy" "quote_approval_policy" DEFAULT 'public' NOT NULL;--> statement-breakpoint
+UPDATE "posts" AS "post"
+SET
+  "quote_target_iri" = "target"."iri",
+  "quote_state" = 'accepted'
+FROM "posts" AS "target"
+WHERE "post"."quote_target_id" = "target"."id";--> statement-breakpoint
+UPDATE "posts"
+SET "quote_approval_policy" = 'nobody'
+WHERE "visibility" IN ('private', 'direct');

drizzle/meta/_journal.json

@@ -603,6 +603,13 @@
       "when": 1777191395619,
       "tag": "0085_optimize_follower_visibility",
       "breakpoints": true
+    },
+    {
+      "idx": 86,
+      "version": "7",
+      "when": 1777358526000,
+      "tag": "0086_quote_controls",
+      "breakpoints": true
     }
   ]
-}
+}

package.json

@@ -29,14 +29,14 @@
   },
   "dependencies": {
     "@aws-sdk/credential-providers": "^3.1037.0",
-    "@fedify/debugger": "^2.1.10",
-    "@fedify/fedify": "^2.1.10",
-    "@fedify/hono": "^2.1.10",
+    "@fedify/debugger": "^2.2.0",
+    "@fedify/fedify": "^2.2.0",
+    "@fedify/hono": "^2.2.0",
     "@fedify/markdown-it-hashtag": "~0.3.0",
     "@fedify/markdown-it-mention": "~0.3.0",
-    "@fedify/postgres": "^2.1.10",
-    "@fedify/vocab": "^2.1.10",
-    "@fedify/webfinger": "^2.1.10",
+    "@fedify/postgres": "^2.2.0",
+    "@fedify/vocab": "^2.2.0",
+    "@fedify/webfinger": "^2.2.0",
     "@hexagon/base64": "^2.0.4",
     "@hono/node-server": "^1.19.13",
     "@hono/zod-validator": "^0.7.6",
@@ -82,7 +82,7 @@
   },
   "devDependencies": {
     "@dotenvx/dotenvx": "^1.52.0",
-    "@fedify/lint": "^2.1.10",
+    "@fedify/lint": "^2.2.0",
     "@reporters/github": "^1.13.1",
     "@types/fluent-ffmpeg": "^2.1.28",
     "@types/markdown-it": "^14.1.2",