We did the next step. We now use a plain Like Activity for expressing the Star action. In addition we fixed some bugs, made error responses more meaningful, improved security by validating every input we get on federation & mitigate identified threats (SlowLories, Replay Attacks, Block by future StartTime).

DOS attacks we now mitigate in our k8s ingress. Find the code in our PR for c4k-forgejo.

At https://federated-repo.prod.meissa.de/me/star-me you can try out the current code the same way as described above with the following activity (maybe find an unused user by alternating the actors user-id).

{
  "id": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/1/outbox/12",
  "type": "Like",
  "actor": "https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/12",
  "object": "https://federated-repo.prod.meissa.de/api/v1/activitypub/repository-id/1",
  "startTime": "2024-01-05T23:00:00-08:00"
}

Please consider to increment the startTime for each api-request - maybe use the current time is a good idea.

In case of interest find the current roadmap at: https://codeberg.org/forgejo/forgejo/pulls/1680