Moved ActivityPub API to frontend URL

ref https://linear.app/tryghost/issue/MOM-48

This required some structural changes to our NestJS setup so that we can mount
it on multiple parts of the Ghost express app.

We've used the RouterModule to allow adding submodules that are mounted on
different paths, and we've had to be explicit about the base path for each
module. We've also had to switch back to using the Module decorator, because
RouterModule doesn't work with DynamicModule definitions.

Now that the NestJS app has knowledge of the full path, we need to "reset" the
url & baseUrl when passing the request into NestJS so that it can correctly
match the path. This is probably needed for the frontend too, for subdirs, but
that causes further issues - as this in prototype stage, we'll look later

Another issue is that NestJS replaces the express app instance with its own,
which isn't an issue for the Admin API (though we've fixed it anyway for
consistency), but did cause problems for the frontend, because the express app
is where view engine and directory information is stored.

The fix for this is to save a reference to the original ghost express
application, and reattach it to the request if it is not handled by Nest

Now that we have the Nest app mounted on the frontend, we're able to have it
handle the /.well-known/webfinger route with a proper controller, which is nice!

ghost/core/core/boot.js

@@ -389,7 +389,7 @@ async function initNestDependencies() {
     const GhostNestApp = require('@tryghost/ghost');
     const providers = [];
     const urlUtils = require('./shared/url-utils');
-    const activityPubBaseUrl = new URL('activitypub', urlUtils.urlFor('api', {type: 'admin'}, true));
+    const activityPubBaseUrl = new URL('activitypub', urlUtils.urlFor('home', true));
     providers.push({
         provide: 'logger',
         useValue: require('@tryghost/logging')

ghost/core/core/frontend/web/site.js

@@ -50,6 +50,21 @@ module.exports = function setupSiteApp(routerConfig) {
     // enable CORS headers (allows admin client to hit front-end when configured on separate URLs)
     siteApp.use(mw.cors);
 
+    siteApp.use(async (req, res, next) => {
+        if (labs.isSet('NestPlayground') || labs.isSet('ActivityPub')) {
+            const originalExpressApp = req.app;
+            const app = await GhostNestApp.getApp();
+
+            const instance = app.getHttpAdapter().getInstance();
+            instance(req, res, function (err) {
+                req.app = originalExpressApp;
+                next(err);
+            });
+            return;
+        }
+        return next();
+    });
+
     siteApp.use(offersService.middleware);
 
     siteApp.use(linkRedirects.service.handleRequest);
@@ -103,20 +118,6 @@ module.exports = function setupSiteApp(routerConfig) {
     // Recommendations well-known
     siteApp.use(mw.servePublicFile('built', '.well-known/recommendations.json', 'application/json', config.get('caching:publicAssets:maxAge'), {disableServerCache: true}));
 
-    siteApp.get('/.well-known/webfinger', async function (req, res, next) {
-        if (!labs.isSet('ActivityPub')) {
-            return next();
-        }
-        const webfingerService = await GhostNestApp.resolve('WebFingerService');
-
-        try {
-            const result = await webfingerService.getResource(req.query.resource);
-            res.json(result);
-        } catch (err) {
-            next(err);
-        }
-    });
-
     // setup middleware for internal apps
     // @TODO: refactor this to be a proper app middleware hook for internal apps
     config.get('apps:internal').forEach((appName) => {

ghost/core/core/server/web/api/endpoints/admin/app.js

@@ -37,8 +37,17 @@ module.exports = function setupApiApp() {
 
     apiApp.use(async (req, res, next) => {
         if (labs.isSet('NestPlayground') || labs.isSet('ActivityPub')) {
+            const originalExpressApp = req.app;
             const app = await GhostNestApp.getApp();
-            app.getHttpAdapter().getInstance()(req, res, next);
+
+            const instance = app.getHttpAdapter().getInstance();
+            instance(Object.assign({}, req, {
+                url: req.originalUrl,
+                baseUrl: ''
+            }), res, function (err) {
+                req.app = originalExpressApp;
+                next(err);
+            });
             return;
         }
         return next();

ghost/ghost/src/http/admin/controllers/example.controller.ts

@@ -8,11 +8,18 @@
 import {
     Controller,
     Get,
-    Param
+    Param,
+    UseGuards,
+    UseInterceptors
 } from '@nestjs/common';
 import {Roles} from '../../../common/decorators/permissions.decorator';
 import {ExampleService} from '../../../core/example/example.service';
+import {LocationHeaderInterceptor} from '../../../nestjs/interceptors/location-header.interceptor';
+import {AdminAPIAuthentication} from '../../../nestjs/guards/admin-api-authentication.guard';
+import {PermissionsGuard} from '../../../nestjs/guards/permissions.guard';
 
+@UseInterceptors(LocationHeaderInterceptor)
+@UseGuards(AdminAPIAuthentication, PermissionsGuard)
 @Controller('greetings')
 export class ExampleController {
     constructor(private readonly service: ExampleService) {}

ghost/ghost/src/http/admin/controllers/webfinger.controller.ts

@@ -0,0 +1,17 @@
+import {Controller, Get, Query} from '@nestjs/common';
+import {WebFingerService} from '../../../core/activitypub/webfinger.service';
+
+@Controller('.well-known/webfinger')
+export class WebFingerController {
+    constructor(
+        private readonly service: WebFingerService
+    ) {}
+
+    @Get('')
+    async getResource(@Query('resource') resource: unknown) {
+        if (typeof resource !== 'string') {
+            throw new Error('Bad Request');
+        }
+        return await this.service.getResource(resource);
+    }
+}

ghost/ghost/src/nestjs/modules/activitypub.module.ts

@@ -0,0 +1,20 @@
+import {Module} from '@nestjs/common';
+import {ActorRepositoryInMemory} from '../../db/in-memory/actor.repository.in-memory';
+import {ActivityPubController} from '../../http/admin/controllers/activitypub.controller';
+import {WebFingerService} from '../../core/activitypub/webfinger.service';
+import {JSONLDService} from '../../core/activitypub/jsonld.service';
+import {WebFingerController} from '../../http/admin/controllers/webfinger.controller';
+
+@Module({
+    controllers: [ActivityPubController, WebFingerController],
+    exports: [],
+    providers: [
+        {
+            provide: 'ActorRepository',
+            useClass: ActorRepositoryInMemory
+        },
+        WebFingerService,
+        JSONLDService
+    ]
+})
+export class ActivityPubModule {}

ghost/ghost/src/nestjs/modules/admin-api.module.ts

@@ -1,30 +1,17 @@
-import {DynamicModule} from '@nestjs/common';
+import {Module} from '@nestjs/common';
 import {ExampleController} from '../../http/admin/controllers/example.controller';
 import {ExampleService} from '../../core/example/example.service';
 import {ExampleRepositoryInMemory} from '../../db/in-memory/example.repository.in-memory';
-import {ActorRepositoryInMemory} from '../../db/in-memory/actor.repository.in-memory';
-import {ActivityPubController} from '../../http/admin/controllers/activitypub.controller';
-import {WebFingerService} from '../../core/activitypub/webfinger.service';
-import {JSONLDService} from '../../core/activitypub/jsonld.service';
 
-class AdminAPIModuleClass {}
-
-export const AdminAPIModule: DynamicModule = {
-    module: AdminAPIModuleClass,
-    controllers: [ExampleController, ActivityPubController],
-    exports: [ExampleService, 'WebFingerService'],
+@Module({
+    controllers: [ExampleController],
+    exports: [ExampleService],
     providers: [
         ExampleService,
         {
             provide: 'ExampleRepository',
             useClass: ExampleRepositoryInMemory
-        }, {
-            provide: 'ActorRepository',
-            useClass: ActorRepositoryInMemory
-        }, {
-            provide: 'WebFingerService',
-            useClass: WebFingerService
-        },
-        JSONLDService
+        }
     ]
-};
+})
+export class AdminAPIModule {}

ghost/ghost/src/nestjs/modules/app.module.ts

@@ -1,19 +1,29 @@
 import {DynamicModule} from '@nestjs/common';
-import {APP_FILTER, APP_GUARD, APP_INTERCEPTOR} from '@nestjs/core';
+import {APP_FILTER, RouterModule} from '@nestjs/core';
 import {AdminAPIModule} from './admin-api.module';
 import {NotFoundFallthroughExceptionFilter} from '../filters/not-found-fallthrough.filter';
 import {ExampleListener} from '../../listeners/example.listener';
-import {AdminAPIAuthentication} from '../guards/admin-api-authentication.guard';
-import {PermissionsGuard} from '../guards/permissions.guard';
-import {LocationHeaderInterceptor} from '../interceptors/location-header.interceptor';
 import {GlobalExceptionFilter} from '../filters/global-exception.filter';
+import {ActivityPubModule} from './activitypub.module';
 
 class AppModuleClass {}
 
 export const AppModule: DynamicModule = {
     global: true,
     module: AppModuleClass,
-    imports: [AdminAPIModule],
+    imports: [
+        RouterModule.register([
+            {
+                path: 'ghost/api/admin',
+                module: AdminAPIModule
+            }, {
+                path: '',
+                module: ActivityPubModule
+            }
+        ]),
+        AdminAPIModule,
+        ActivityPubModule
+    ],
     exports: [],
     controllers: [],
     providers: [
@@ -24,15 +34,6 @@ export const AppModule: DynamicModule = {
         }, {
             provide: APP_FILTER,
             useClass: NotFoundFallthroughExceptionFilter
-        }, {
-            provide: APP_GUARD,
-            useClass: AdminAPIAuthentication
-        }, {
-            provide: APP_GUARD,
-            useClass: PermissionsGuard
-        }, {
-            provide: APP_INTERCEPTOR,
-            useClass: LocationHeaderInterceptor
         }
     ]
 };