From 2e4827be9d39b42fbddc7757eb36b952a1e43127 Mon Sep 17 00:00:00 2001 From: svemagie <869694+svemagie@users.noreply.github.com> Date: Sun, 8 Mar 2026 10:58:24 +0100 Subject: [PATCH] Patch ActivityPub backend locale fallback for de --- README.md | 4 +- package.json | 4 +- .../patch-endpoint-activitypub-locales.mjs | 134 ++++++++++++++++++ start.example.sh | 1 + 4 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 scripts/patch-endpoint-activitypub-locales.mjs diff --git a/README.md b/README.md index 5a777944..be8b59bf 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ - `AP_DEBUG` (`1` or `true` enables debug dashboard) - `AP_DEBUG_PASSWORD` (required when debug dashboard is enabled) - `REDIS_URL` (recommended for production delivery queue durability) +- The ActivityPub locale patch creates/repairs `locales/de.json` from `locales/en.json` so backend UI keys do not render as raw `activitypub.*` translation strings when `SITE_LOCALE=de`. - Quick verification commands: - `curl -s "https://blog.giersig.eu/.well-known/webfinger?resource=acct:@blog.giersig.eu" | jq .` - `curl -s -H "Accept: application/activity+json" "https://blog.giersig.eu/" | jq .` @@ -103,7 +104,7 @@ - `start.sh` is intentionally ignored by Git (`.gitignore`) so server secrets are not committed. - Use `start.example.sh` as the tracked template and keep real credentials in environment variables (or `.env` on the server). - Startup scripts parse `.env` with the `dotenv` parser (not shell `source`), so values containing spaces are handled safely. -- Startup scripts run preflight + patch helpers before boot (`scripts/preflight-production-security.mjs`, `scripts/preflight-mongo-connection.mjs`, `scripts/patch-lightningcss.mjs`, `scripts/patch-endpoint-media-scope.mjs`, `scripts/patch-endpoint-media-sharp-runtime.mjs`, `scripts/patch-frontend-sharp-runtime.mjs`, `scripts/patch-endpoint-files-upload-route.mjs`, `scripts/patch-endpoint-files-upload-locales.mjs`, `scripts/patch-frontend-serviceworker-file.mjs`, `scripts/patch-conversations-collection-guards.mjs`, `scripts/patch-indiekit-routes-rate-limits.mjs`, `scripts/patch-indiekit-error-production-stack.mjs`, `scripts/patch-indieauth-devmode-guard.mjs`, `scripts/patch-listening-endpoint-runtime-guards.mjs`). +- Startup scripts run preflight + patch helpers before boot (`scripts/preflight-production-security.mjs`, `scripts/preflight-mongo-connection.mjs`, `scripts/patch-lightningcss.mjs`, `scripts/patch-endpoint-media-scope.mjs`, `scripts/patch-endpoint-media-sharp-runtime.mjs`, `scripts/patch-frontend-sharp-runtime.mjs`, `scripts/patch-endpoint-files-upload-route.mjs`, `scripts/patch-endpoint-files-upload-locales.mjs`, `scripts/patch-endpoint-activitypub-locales.mjs`, `scripts/patch-frontend-serviceworker-file.mjs`, `scripts/patch-conversations-collection-guards.mjs`, `scripts/patch-indiekit-routes-rate-limits.mjs`, `scripts/patch-indiekit-error-production-stack.mjs`, `scripts/patch-indieauth-devmode-guard.mjs`, `scripts/patch-listening-endpoint-runtime-guards.mjs`). - The production security preflight blocks startup on insecure auth/session configuration and catches empty-password bcrypt hashes. - One-time recovery mode is available with `INDIEKIT_ALLOW_PASSWORD_SETUP=1` to bootstrap/reset `PASSWORD_SECRET` when locked out. Remove this flag after setting a valid hash. - The media scope patch fixes a known upstream issue where file uploads can fail if the token scope is `create update delete` without explicit `media`. @@ -111,6 +112,7 @@ - The frontend sharp runtime patch makes icon generation non-fatal on FreeBSD when `sharp` cannot load, preventing startup crashes in asset controller imports. - The files upload route patch fixes browser multi-upload by posting to `/files/upload` (session-authenticated) instead of direct `/media` calls without bearer token. - The files upload locale patch adds missing `files.upload.dropText`/`files.upload.browse`/`files.upload.submitMultiple` labels in endpoint locale files so UI text does not render raw translation keys. +- The ActivityPub locale patch backfills missing `de` locale keys from the endpoint's `en` locale and applies German admin title labels for notifications/profile. - The frontend serviceworker patch ensures `@indiekit/frontend/lib/serviceworker.js` exists at runtime, forces network-only handling for `/auth` and `/session` pages, patches frontend layout templates to unregister stale service workers and clear caches on load, and suppresses sidebar rendering whenever `app--minimalui` is present. - The conversations guard patch prevents `Cannot read properties of undefined (reading 'find')` when the `conversation_items` collection is temporarily unavailable. - The indiekit routes rate-limit patch (ported from `rmdes/indiekit-cloudron`) keeps strict limits on `/session/*`, applies generous limits to public API/well-known routes, and removes extra rate limiting from authenticated routes to avoid admin-side 429 spikes. diff --git a/package.json b/package.json index 60b29754..4b0debe4 100644 --- a/package.json +++ b/package.json @@ -4,8 +4,8 @@ "description": "", "main": "index.js", "scripts": { - "postinstall": "node scripts/patch-lightningcss.mjs && node scripts/patch-endpoint-media-scope.mjs && node scripts/patch-endpoint-media-sharp-runtime.mjs && node scripts/patch-frontend-sharp-runtime.mjs && node scripts/patch-endpoint-files-upload-route.mjs && node scripts/patch-endpoint-files-upload-locales.mjs && node scripts/patch-frontend-serviceworker-file.mjs && node scripts/patch-conversations-collection-guards.mjs && node scripts/patch-indiekit-routes-rate-limits.mjs && node scripts/patch-indiekit-error-production-stack.mjs && node scripts/patch-indieauth-devmode-guard.mjs && node scripts/patch-listening-endpoint-runtime-guards.mjs", - "serve": "export NODE_ENV=${NODE_ENV:-production} INDIEKIT_DEBUG=${INDIEKIT_DEBUG:-0} && node scripts/preflight-production-security.mjs && node scripts/preflight-mongo-connection.mjs && node scripts/patch-lightningcss.mjs && node scripts/patch-endpoint-media-scope.mjs && node scripts/patch-endpoint-media-sharp-runtime.mjs && node scripts/patch-frontend-sharp-runtime.mjs && node scripts/patch-endpoint-files-upload-route.mjs && node scripts/patch-endpoint-files-upload-locales.mjs && node scripts/patch-frontend-serviceworker-file.mjs && node scripts/patch-conversations-collection-guards.mjs && node scripts/patch-indiekit-routes-rate-limits.mjs && node scripts/patch-indiekit-error-production-stack.mjs && node scripts/patch-indieauth-devmode-guard.mjs && node scripts/patch-listening-endpoint-runtime-guards.mjs && node node_modules/@indiekit/indiekit/bin/cli.js serve --config indiekit.config.mjs", + "postinstall": "node scripts/patch-lightningcss.mjs && node scripts/patch-endpoint-media-scope.mjs && node scripts/patch-endpoint-media-sharp-runtime.mjs && node scripts/patch-frontend-sharp-runtime.mjs && node scripts/patch-endpoint-files-upload-route.mjs && node scripts/patch-endpoint-files-upload-locales.mjs && node scripts/patch-endpoint-activitypub-locales.mjs && node scripts/patch-frontend-serviceworker-file.mjs && node scripts/patch-conversations-collection-guards.mjs && node scripts/patch-indiekit-routes-rate-limits.mjs && node scripts/patch-indiekit-error-production-stack.mjs && node scripts/patch-indieauth-devmode-guard.mjs && node scripts/patch-listening-endpoint-runtime-guards.mjs", + "serve": "export NODE_ENV=${NODE_ENV:-production} INDIEKIT_DEBUG=${INDIEKIT_DEBUG:-0} && node scripts/preflight-production-security.mjs && node scripts/preflight-mongo-connection.mjs && node scripts/patch-lightningcss.mjs && node scripts/patch-endpoint-media-scope.mjs && node scripts/patch-endpoint-media-sharp-runtime.mjs && node scripts/patch-frontend-sharp-runtime.mjs && node scripts/patch-endpoint-files-upload-route.mjs && node scripts/patch-endpoint-files-upload-locales.mjs && node scripts/patch-endpoint-activitypub-locales.mjs && node scripts/patch-frontend-serviceworker-file.mjs && node scripts/patch-conversations-collection-guards.mjs && node scripts/patch-indiekit-routes-rate-limits.mjs && node scripts/patch-indiekit-error-production-stack.mjs && node scripts/patch-indieauth-devmode-guard.mjs && node scripts/patch-listening-endpoint-runtime-guards.mjs && node node_modules/@indiekit/indiekit/bin/cli.js serve --config indiekit.config.mjs", "test": "echo \"Error: no test specified\" && exit 1" }, "keywords": [], diff --git a/scripts/patch-endpoint-activitypub-locales.mjs b/scripts/patch-endpoint-activitypub-locales.mjs new file mode 100644 index 00000000..83ab205e --- /dev/null +++ b/scripts/patch-endpoint-activitypub-locales.mjs @@ -0,0 +1,134 @@ +import { access, readFile, writeFile } from "node:fs/promises"; +import path from "node:path"; + +const endpointCandidates = [ + "node_modules/@rmdes/indiekit-endpoint-activitypub", + "node_modules/@indiekit/indiekit/node_modules/@rmdes/indiekit-endpoint-activitypub", +]; + +const sourceLocale = "en"; +const targetLocales = ["de"]; + +const deTitleOverrides = { + activitypub: { + notifications: { + title: "Benachrichtigungen", + }, + myProfile: { + title: "Mein Profil", + }, + }, +}; + +function isObject(value) { + return Boolean(value) && typeof value === "object" && !Array.isArray(value); +} + +function mergeMissing(target, fallback) { + if (target === undefined) { + return fallback; + } + + if (!isObject(target) || !isObject(fallback)) { + return target; + } + + const merged = { ...target }; + + for (const [key, fallbackValue] of Object.entries(fallback)) { + merged[key] = mergeMissing(merged[key], fallbackValue); + } + + return merged; +} + +function applyOverrides(target, overrides) { + if (!isObject(target) || !isObject(overrides)) { + return target; + } + + const merged = { ...target }; + + for (const [key, value] of Object.entries(overrides)) { + if (isObject(value)) { + const existing = isObject(merged[key]) ? merged[key] : {}; + merged[key] = applyOverrides(existing, value); + continue; + } + + merged[key] = value; + } + + return merged; +} + +async function exists(filePath) { + try { + await access(filePath); + return true; + } catch { + return false; + } +} + +let checkedEndpoints = 0; +let checkedLocales = 0; +let patchedLocales = 0; + +for (const endpointPath of endpointCandidates) { + if (!(await exists(endpointPath))) { + continue; + } + + checkedEndpoints += 1; + + const sourcePath = path.join(endpointPath, "locales", `${sourceLocale}.json`); + + if (!(await exists(sourcePath))) { + continue; + } + + let sourceLocaleJson; + try { + sourceLocaleJson = JSON.parse(await readFile(sourcePath, "utf8")); + } catch { + continue; + } + + for (const locale of targetLocales) { + const localePath = path.join(endpointPath, "locales", `${locale}.json`); + checkedLocales += 1; + + let localeJson = {}; + if (await exists(localePath)) { + try { + localeJson = JSON.parse(await readFile(localePath, "utf8")); + } catch { + localeJson = {}; + } + } + + const merged = mergeMissing(localeJson, sourceLocaleJson); + const patched = + locale === "de" ? applyOverrides(merged, deTitleOverrides) : merged; + + if (JSON.stringify(patched) === JSON.stringify(localeJson)) { + continue; + } + + await writeFile(localePath, `${JSON.stringify(patched, null, 2)}\n`, "utf8"); + patchedLocales += 1; + } +} + +if (checkedEndpoints === 0) { + console.log("[postinstall] No activitypub endpoint directories found"); +} else if (checkedLocales === 0) { + console.log("[postinstall] No activitypub locale files checked"); +} else if (patchedLocales === 0) { + console.log("[postinstall] activitypub locale files already patched"); +} else { + console.log( + `[postinstall] Patched activitypub locale files in ${patchedLocales}/${checkedLocales} file(s)`, + ); +} diff --git a/start.example.sh b/start.example.sh index 3762c21e..8ceff648 100644 --- a/start.example.sh +++ b/start.example.sh @@ -52,6 +52,7 @@ unset DEBUG /usr/local/bin/node scripts/patch-frontend-sharp-runtime.mjs /usr/local/bin/node scripts/patch-endpoint-files-upload-route.mjs /usr/local/bin/node scripts/patch-endpoint-files-upload-locales.mjs +/usr/local/bin/node scripts/patch-endpoint-activitypub-locales.mjs /usr/local/bin/node scripts/patch-frontend-serviceworker-file.mjs /usr/local/bin/node scripts/patch-conversations-collection-guards.mjs /usr/local/bin/node scripts/patch-indiekit-routes-rate-limits.mjs