AP: reject incoming DMs

[snarfed]

Bridgy Fed only handles fully public data, so it doesn't bridge DMs. It happily accepts them though, and then ignores them, which isn't great, since it means people can DM bridged users and have no idea their DMs didn't go through. We should return HTTP 501 Not Implemented or something similar to inbox deliveries of DMs.

[qazmlp]

You'll also need to check how Fediverse software behaves if it receives that error. To my knowledge, Mastodon happily returns a 200 OK when receiving objects it does not support, and then silently ignores them. I don't think it will notify a user if it can't deliver an outbound object either.

Not saying that you shouldn't send a 501 Not Implemented since that's helpful for other software/in the future, but it may be a good idea to bounce back a reply-DM with instructions to only the sender.

[snarfed]

True! Mastodon and most other fediverse servers generally check signatures synchronously during inbox delivery requests, and then return 202 and do all other processing async, so sending servers don't see failures there. The idea here would be to return eg 501 synchronously, but you're right, I have no idea whether/how different servers would surface that to users, if at all.

[snarfed]

The more sophisticated approach here might be to send a DM back saying, "sorry, DMs aren't supported, feel free to send them that message another way."

[snarfed]

Subsumed by #966 etc