The most egregious one here is that we don't actually do anything when you send an Unfollow message, so we keep broadcasting to everyone who has ever been a follower. In general Mastodon seems smart enough to compare the incoming message to your actual local following list and just discard the message, but to be a good citizen we should stop doing that.

Also, it'd be great to allow people to set up their Fedimarks instance as a "request to follow" situation similar to what Mastodon supports. That'll involve handling those AP messages and also building an interface for it in the admin section of the site, though, so that's a bit more of a heavy lift.

We have the rudimentary import feature in the admin page but we should support an import that maintains custom metadata (title, description, tags) and possibly even datetime?

UPDATE: To be specific and make this ticket cleanly scoped, we should support the CSV export format from #118. Additional import formats from other tools should be filed as separate tickets so they can be prioritized based on demand.

I tried following my postmarks user from my account @[email protected] and got this error in the log on glitch:

The likely culprit is that hackers.town has AUTHORIZED_FETCH enabled as a Mastodon setting.

This means that fetching my actor data without HTTP signature headers in the GET request will result in a 401 Unauthorized status.

https://hackers.town/users/lmorchard.json

FWIW, it worked fine from my @[email protected] account, where AUTHORIZED_FETCH is not enabled.

so that you can get from the profile on Mastodon to the website

maybe someone just wants a nice bookmarking website that's easy to install on Glitch or self-hosting!

The current tag sidebar doesn't really scale very well. Are tag clouds still cool? or some other indication of tag popularity (font-weight/color intensity? is that an accessibility nightmare?)

It's not great right now, especially on my iPhone mini! We probably need to make the two-column design work more responsively, maybe putting the tags list behind a hamburger menu?

Some people may not want their following (and followers?) collections to be public. At a minimum, there should be a warning about that information being exposed to the public at the place where following addresses are added.

the workflow we use for following accounts relies on sending the Follow message and then waiting for the Accept response before we actually record it in the activitypub.db file. We should record somewhere that we SENT a message so that we can reflect in the UI that you successfully sent a request, and then upgrade that when it's complete. This will also help us implement the "request to follow" flow properly on locked Mastodon accounts.

if you type something and then hit save it should add that to the tag list

Not actually sure how to reliably do this given the fact that an @mention could be to any domain on the web. 🤔

This is the big movement to make Fedimarks into its own thing on the Fediverse instead of a Mastodon sidecar app. We probably need to fully flesh out our ActivityPub support and also look at any pitfalls that Bookwyrm or other apps might have experienced in doing this while also cross-posting to Mastodon.

You should be able to block followers if you don't want them. Full domain-block might be necessary, but at the very least a per-user blocklist, both blocking people from your list of followers as well as pre-emptively listing usernames you want to block, would be a start.

I think I'm not fully following the spec-- I should be using the notes from the ActivityPub DB, not the bookmark objects. If I swap that over, will that mean that the timeline on Mastodon of a newly-fetched Postmarks instance will be back-populated?

If someone attaches an image or other multimedia to a reply they send on Mastodon, or even just includes a URL in their post, should we render that? And how would we support caching the media locally? Do we need to include some kind of S3 bucket (or compatible service) support?

should this then also disable showing bookmarks on the logged-out website (and removing the Atom feed?)

Both by looking at what tags are already in the fedimarks instance and then also looking at any structured data we can find on the page? Opengraph tags exist, but not sure how common/useful they are? are there any other standard ways to encode suggested tags in the page that we should be scanning for?

I made a very bad logo so that I would be motivated to fix it before too long. Help. The only time I've made a good logo in my life it was by accident and for a joke project among friends.

Do we want to allow multiple copies of the same URL to be bookmarked? Should we allow it but display some kind of warning/message in the UI?

Port 3000 is common for local host, but once deployed, the port varies.

This should default to 3000 as it does now, but allow override using process.env.PORT

as of Feb 2023 if someone replies to a Fedimarks post on Mastodon it gets queued as a comment in Fedimarks, but if someone replies to that Mastodon reply, it doesn't.

To fix this, we'll need to index all existing replies and look those up as reply-to ids to check when determining what bookmark to file a comment under. We could retain this specific reply-to information and build threaded comments on the fedimarks side, or experiment with flattening it all, but we should at least keep enough information to try some things out on the frontend.

I updated the src/utils file as described to reflect my personal domain. However, the username on the about page is still @localhost

Postmarks happily allowed me to type a tag name of "developer relations" with a space, showed #developer relations in the UI, but then reported an error about the format of the tag when I hit save. It would be better to validate and/or force the entry of compliant tag names.

the culprit is src/routes/core.js line 80.

• recommended tooling for linting etc
• suggestions re: how to vet approach before doing the work
• recommendations for debugging cross-instance or vs mastodon interop
• documentation requirements?
• credit (opt-out?)

Right now we don't broadcast deletes if you delete a bookmark and we don't accept deletes or edits if someone tries to manage a comment they made. All the ActivityPub support is hand-rolled, perhaps we should move to a separate library to handle the breadth of ActivityPub messages and then implement our functionality on top of that?

You should be able to have the user look like something-- both an avatar and a customizable display name, and probably a bio? -- on Mastodon

the file request_logs.txt logs all inbound requests. Good for dev, not for prod.

/tagged/music/youtube would show just bookmarks that are music + youtube

• related to #37, since if we're going to present organized releases we also need it to be expected that an upgrade path is possible
• semver, presumably.
• changelog format? github actions or similar integration with PR process?

If you hit "edit" and then hit "save" it re-broadcasts the bookmark. Maybe don't do that? Or at least add a cancel button to make it clearer?

Basic auth got me pretty far during initial development, but we should probably use something better if other people are going to use this software.

bookmarks show up as existing in the past on self-hosted instances

we will have more bare URLs in bookmark descriptions since they're part of the Quickadd template from the Network page. We should find those URLs and wrap them in <a> tags that href to that URL-- linkifyjs should be able to do this.

just a basic substring search of URL/title/description/tags. we can consider doing something fancier but I don’t want to make this impossible to deploy atomically on something like Glitch

it would be nice if it went to the /bookmark/{id} page. How should we handle this? Do we redirect URLs based on Accepts being application/activity+json vs text/html?

right now when things go wrong we just kinda spit out plain text/html with an error. It should instead redirect back to whatever you were doing and flash a message. Like a website.

It is set to this:
https://cdn.glitch.global/8eaf209c-2fa9-4353-9b99-e8d8f3a5f8d4/postmarks-logo-white-small.png?v=1693610556689

Doesn't seem valid.

I'd love to be able to programmatically add new entries from third party / external code.

For instance, I have a concept for an app that goes like this:

• I can bookmark a post on Mastodon
• app reads my bookmarks via the Mastodon API, checks for and extracts any links from those posts, and adds those link to my postmarks.
  • note that I'm not looking to directly replicate the Mastodon bookmarks experience so I don't want to bookmark the Mastodon post(s), I want to bookmark things that the post might contain
  • optionally, add any hashtags from the bookmarked toot, as tags on the postmark entry
  • optionally, mark the postmark with a #readlater tag

It may also be interesting to do the same thing with any posts that get liked on Mastodon, or (for example) posts I've saved on Lemmy, etc.

Since it's been just me using this software up until now, it's not a huge deal if I break things when I pull down new code-- I can figure out what happened and change the sqlite schema to match whatever changed in the DB setup code. But with other people installing the app and theoretically wanting to pull in new changes, I'm going to need to restructure the way that DB stuff is initialized so that it can figure out if anything's out of sync and update appropriately.

The bookmarklet technically works on iOS Safari but the ergonomics of setting it up are still annoying and it'd also be cool to be able to submit URLs from inside other apps, which a Shortcut would provide.

It'd be nice if instead of having to set up a whole profile, you could put your mastodon URL into the admin page and it would automatically pull your avatar/info and set your bio to something that explains what Fedimarks is but also points back to your Mastodon profile. And then it should also set up your mastodon URL as a <link rel="me"> in the site <head> so that your Fedimarks instances get the green check when you put them in your Mastodon bio!

Example: https://ra.co/features/3989

This would be a great site to make installable as a PWA for phones etc. Probably related to any other UI work that might be planned. Interested to help around these areas if I can, this is as much a note-to-self to look into as anything else.

Some people might enjoy it if bookmarks for things like Youtube videos, tweets, Mastodon posts, Bandcamp albums, etc would auto-include an embed for that along with the description. Maybe this is toggleable at the instance level?

In both the site-wide and per-bookmark settings, we should replace the generic text field with a user entry field that autocompletes using known usernames-- we have a list of everyone who follows and can generate one of everyone who has ever commented, regardless of their following status.