wordpress-activitypub icon indicating copy to clipboard operation
wordpress-activitypub copied to clipboard
verified publisher icon Automattic

Support for WP REST Cache

Open obenland opened this issue 8 months ago • 5 comments

See https://wordpress.org/support/topic/caching-activity-pub-endpoints/ See https://epiph.yt/en/blog/2025/accidental-ddos-through-activitypub-plugin/

Proposed changes:

  • Adds integration with Rest Cache plugin.
  • Adds Activitypub endpoints to allowlist and manages cache invalidation.

Other information:

  • [ ] Have you written new tests for your changes, if applicable?

Testing instructions:

  • Install the WP Rest Cache plugin and set it up.
  • Send requests to various Activitypub REST API endpoints and make sure they get cached.
  • Create a user update, something that doesn't create a new post, and make sure it flushes the cache.
  • Send requests to various Activitypub REST API endpoints and make sure they get cached.
  • Comment on a post and make sure it flushes the cache.

Changelog entry

  • [x] Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • [ ] Patch
  • [x] Minor
  • [ ] Major

Type

  • [x] Added - for new features
  • [ ] Changed - for changes in existing functionality
  • [ ] Deprecated - for soon-to-be removed features
  • [ ] Removed - for now removed features
  • [ ] Fixed - for any bug fixes
  • [ ] Security - in case of vulnerabilities

Message

Added support for the WP Rest Cache plugin to help with caching REST API responses.

/cc @MatzeKitt

obenland avatar Apr 30 '25 18:04 obenland

Proper cache invalidation will be the biggest challenge. New posts, new comments, user meta updates, blog user option updates, etc.

It would also be nice if we could avoid blanket-invalidating all cached ActivityPub endpoints for all of these, and be more targeted.

obenland avatar Apr 30 '25 18:04 obenland

So we need to keep track of any change regarding any of the endpoints? Also, do we need to check whether the change does actually change the API endpoint response or should we always invalidate the cache when it might change the response?

I guess we currently have no decorated list of changes we need to look for?

MatzeKitt avatar May 03 '25 08:05 MatzeKitt

Also, do we need to check whether the change does actually change the API endpoint response or should we always invalidate the cache when it might change the response?

Looking a bit more at the plugin, I think we'll have to be pretty broad about invalidating caches. Most of the endpoints are user/actor-based, and WP REST Cache doesn't have a concept for that. It's post type and post_id, and that seems to be pretty much it.

I think your approach of defining a custom type and invalidating all associated endpoints is probably the safest.

obenland avatar May 06 '25 13:05 obenland

Need to do a bit more testing before this is ready for review.

obenland avatar Jun 17 '25 16:06 obenland

What about user updates? Shouldn't we have hooks to invalideate the User endpoints on changes? Example: https://notiz.blog/wp-api/activitypub/1.0/actors/1

pfefferle avatar Jun 20 '25 16:06 pfefferle

What about user updates? Shouldn't we have hooks to invalideate the User endpoints on changes?

They should work, it's a step in the testing instructions "Create a user update, something that doesn't create a new post, and make sure it flushes the cache."

User updates should trigger a flush through the post status change in the Outbox post they produce.

obenland avatar Jun 23 '25 14:06 obenland