Add `-A`/`--authorized-fetch` option to `fedify inbox` command

[dahlia]

Description

Add an option to make the ephemeral ActivityPub server created by fedify inbox run in AUTHORIZED_FETCH mode, where HTTP Signatures are required for all incoming requests.

Implementation details

• Add -A/--authorized-fetch flag to the fedify inbox command
• When enabled, verify HTTP Signatures on all incoming requests
• Return 401 Unauthorized responses for requests without valid signatures
• Log signature verification failures with details for debugging
• Update help text and documentation to explain the option

Benefits

This feature will help developers:

• Test HTTP Signatures implementation in a controlled environment
• Debug issues related to authorized fetch requirements
• Verify server's ability to handle secured federation connections
• Simulate behavior of instances like Mastodon that enforce HTTP Signatures

[w8385]

I'd like to work on this issue.

[dahlia]

@w8385 Assigned it to you!

[dahlia]

Hi @w8385! It's been about two months since you took on this issue. I was wondering how the implementation of the -A/--authorized-fetch option for the fedify inbox command is going?

This seems like a relatively straightforward CLI enhancement. If you've started working on it or have any code ready, feel free to open a draft PR and I can help with feedback! If you're stuck on anything or need clarification about the implementation, please let me know. 😊

[w8385]

I’m sorry for the delay. I’ve looked into this issue occasionally, but haven’t been able to focus on it at all in the past few weeks. If you could grant me an extra week, I’ll resume working on it.