added artifacts

internal/api/handlers/federation.go

@@ -3,9 +3,11 @@ package handlers
 import (
 	"encoding/json"
 	"io"
+	"log"
 	"net/http"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/go-chi/chi/v5"
 	"xorm.io/xorm"
@@ -160,7 +162,81 @@ func (h *FederationHandler) Followers(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(coll) //nolint:errcheck
 }
 
-// Following handles GET /users/{username}/following
+// RepoActor handles GET /repos/{owner}/{repo}/actor — returns the ForgeFed
+// Repository actor document for cross-instance pull requests.
+func (h *FederationHandler) RepoActor(w http.ResponseWriter, r *http.Request) {
+	owner := chi.URLParam(r, "owner")
+	repoName := chi.URLParam(r, "repo")
+
+	var repo models.Repository
+	if found, _ := h.db.Where("name = ?", repoName).
+		Join("INNER", "user", "repository.owner_id = user.id AND user.username = ?", owner).
+		Get(&repo); !found {
+		http.NotFound(w, r)
+		return
+	}
+
+	doc := federation.RepoActorJSON(owner, repoName, repo.Description, h.cfg.InstanceURL)
+	w.Header().Set("Content-Type", activityJSONType)
+	json.NewEncoder(w).Encode(doc) //nolint:errcheck
+}
+
+// RepoInbox handles POST /repos/{owner}/{repo}/inbox — receive ForgeFed
+// activities for a repository (e.g. Create(PullRequest)).
+func (h *FederationHandler) RepoInbox(w http.ResponseWriter, r *http.Request) {
+	owner := chi.URLParam(r, "owner")
+	repoName := chi.URLParam(r, "repo")
+
+	var repo models.Repository
+	if found, _ := h.db.Where("name = ?", repoName).
+		Join("INNER", "user", "repository.owner_id = user.id AND user.username = ?", owner).
+		Get(&repo); !found {
+		http.NotFound(w, r)
+		return
+	}
+	_ = repo
+
+	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+	if err != nil {
+		http.Error(w, "could not read body", http.StatusBadRequest)
+		return
+	}
+
+	// Determine the local repo actor APID.
+	localActorAPID := federation.RepoAPID(h.cfg.InstanceURL, owner, repoName)
+
+	// For repository inbox, we need a local actor for the repo owner.
+	var ownerUser models.User
+	if found, _ := h.db.Where("username = ?", owner).Get(&ownerUser); !found {
+		http.Error(w, "owner not found", http.StatusInternalServerError)
+		return
+	}
+
+	if !h.cfg.Debug {
+		if err := federation.Verify(r, h.db, h.cfg.InstanceURL); err != nil {
+			http.Error(w, "signature verification failed: "+err.Error(), http.StatusUnauthorized)
+			return
+		}
+	}
+
+	// Persist the activity.
+	entry := &models.FederationActivity{
+		ActorAPID:   localActorAPID,
+		Type:        "Create",
+		ObjectJSON:  string(body),
+		Direction:   "inbound",
+		RemoteActor: localActorAPID,
+		Published:   time.Now().UTC(),
+	}
+	h.db.Insert(entry) //nolint:errcheck
+
+	// Handle Create(PullRequest).
+	if err := federation.HandleCreatePullRequest(h.db, body, h.cfg.InstanceURL); err != nil {
+		log.Printf("federation: repo inbox handle: %v", err)
+	}
+
+	w.WriteHeader(http.StatusAccepted)
+}
 func (h *FederationHandler) Following(w http.ResponseWriter, r *http.Request) {
 	username := chi.URLParam(r, "username")
 	var user models.User