rose-ash/federation

Federation App

OAuth2 authorization server and ActivityPub social hub for the Rose Ash cooperative. Handles user authentication, fediverse federation, and social features (timeline, compose, follow, notifications).

Structure

app.py                  # Application factory (create_base_app + blueprints)
path_setup.py           # Adds project root + app dir to sys.path
entrypoint.sh           # Container entrypoint (optional migrations, Redis flush, start)
bp/
  auth/                 #   Login, magic link, logout, OAuth2 authorize endpoint
  identity/             #   Actor profile management
  social/               #   Timeline, compose, search, follow/unfollow,
                        #   like/boost, notifications, following/followers lists
  fragments/            #   Fragment endpoints
models/                 # Re-export stubs pointing to shared/models/
services/               # register_domain_services() — wires all domains
templates/              # Federation-specific templates (override shared/)

OAuth2 SSO

Federation is the authorization server for all Rose Ash apps:

• /oauth/authorize — authorization endpoint (PKCE supported)
• Magic link login (passwordless email)
• All client apps auto-get /auth/login, /auth/callback, /auth/logout via shared/infrastructure/oauth.py
• Per-app first-party session cookies (Safari ITP compatible)

ActivityPub

• Per-app actors: each app has its own AP actor (virtual projection of the same keypair)
• Actor endpoints: webfinger, actor profile, inbox, outbox, followers
• Social features: timeline, compose, search, follow/unfollow, like/boost, notifications
• Activities emitted to ap_activities table, processed by EventProcessor
• HTTP signatures + IPFS content addressing

Cross-domain communication

• services.blog.* — post queries for content federation
• services.calendar.* — event queries
• services.market.* — product queries
• services.cart.* — cart summary for context processor