im trying to think of how to properly do read/write authorization on a pure activitypub server, but specifically how to manage that in a standardized way
sure you could request oauth and then require a header, that's pretty bog-standard i guess... but how to manage which tokens have access to which directories on the server? some kind of admin panel / cli? fallback to uid-based access control? ehhh...
@Gargron apps should have full access but only to the directories they need maybe? doesnt seem like a good idea to say you can point any client at any server and have r/w access to everything under /
i'm just trying to conceptualize how much the server actually needs to do (as little as i can possibly get away with, tldr) and how to expose a standard interface (webfinger + maybe oauth + idk what else)
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!