From 656b66c7804abff2db4e4980cb0433566c3d4b19 Mon Sep 17 00:00:00 2001
From: Ricardo <rick@rmendes.net>
Date: Thu, 19 Feb 2026 20:18:16 +0100
Subject: [PATCH] fix: add WebFinger handle mapper and Ed25519 key pair
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. mapHandle() — tells Fedify how to resolve WebFinger usernames to
   actor identifiers, suppressing the "No actor handle mapper is set"
   warning on every WebFinger lookup.

2. Ed25519 key pair — generated alongside the legacy RSA pair so Fedify
   can create Object Integrity Proofs on outbound activities. RSA is
   kept for HTTP Signatures backward compatibility.
---
 lib/federation-setup.js | 21 +++++++++++++++++----
 package.json            |  2 +-
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/lib/federation-setup.js b/lib/federation-setup.js
index 4ed866f..4fb21d9 100644
--- a/lib/federation-setup.js
+++ b/lib/federation-setup.js
@@ -15,6 +15,7 @@ import {
   Person,
   PropertyValue,
   createFederation,
+  generateCryptoKeyPair,
   importSpki,
 } from "@fedify/fedify";
 import { configure, getConsoleSink } from "@logtape/logtape";
@@ -134,23 +135,35 @@ export function setupFederation(options) {
         return new Person(personOptions);
       },
     )
+    .mapHandle((_ctx, username) => (username === handle ? handle : null))
     .setKeyPairsDispatcher(async (ctx, identifier) => {
       if (identifier !== handle) return [];
 
+      const keyPairs = [];
+
+      // Import legacy RSA key pair (for HTTP Signatures compatibility)
       const legacyKey = await collections.ap_keys.findOne({});
       if (legacyKey?.publicKeyPem && legacyKey?.privateKeyPem) {
         try {
-          const publicKey = await importSpki(legacyKey.publicKeyPem, "RSA");
+          const publicKey = await importSpki(legacyKey.publicKeyPem);
           const privateKey = await importPkcs8Pem(legacyKey.privateKeyPem);
-          return [{ publicKey, privateKey }];
+          keyPairs.push({ publicKey, privateKey });
         } catch {
           console.warn(
-            "[ActivityPub] Could not import legacy RSA keys, generating new key pairs",
+            "[ActivityPub] Could not import legacy RSA keys",
           );
         }
       }
 
-      return [];
+      // Generate Ed25519 key pair (for Object Integrity Proofs)
+      try {
+        const ed25519 = await generateCryptoKeyPair("Ed25519");
+        keyPairs.push(ed25519);
+      } catch (error) {
+        console.warn("[ActivityPub] Could not generate Ed25519 key pair:", error.message);
+      }
+
+      return keyPairs;
     });
 
   // --- Inbox listeners ---
diff --git a/package.json b/package.json
index 4d616cc..1d4a656 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@rmdes/indiekit-endpoint-activitypub",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
   "keywords": [
     "indiekit",