18
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 24 Mar 2026
18 points (100.0% liked)
Fediverse
41196 readers
292 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)
founded 2 years ago
MODERATORS
onUnverifiedActivity()only runs when signature verification fails: missing signature, bad signature, or a key lookup failure. It gives you a chance to handle those cases yourself instead of Fedify immediately returning401 Unauthorized. If the signature verifies, this hook is not involved.If you want extra validation for verified activities, do that in your normal
.on()handlers. Those run after signature verification, so that's where app-specific checks belong, like rejecting certain actors or applying your own rate limits.Ah, that makes sense. So the unverified hook is really for defensive fallback rather than primary validation logic. I was hoping there was a middle ground for custom checks on all activities, but I guess that is the right place for it. Really appreciate the clarification.