A community based topic aggregation platform built on atproto
bretton.dev
1package routes
2
3import (
4 "Coves/internal/api/handlers/discover"
5 "Coves/internal/api/middleware"
6 discoverCore "Coves/internal/core/discover"
7 "Coves/internal/core/votes"
8
9 "github.com/go-chi/chi/v5"
10)
11
12// RegisterDiscoverRoutes registers discover-related XRPC endpoints
13//
14// SECURITY & RATE LIMITING:
15// - Discover feed is PUBLIC (works without authentication)
16// - Optional auth: if authenticated, includes viewer vote state on posts
17// - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)
18// - Query timeout enforced via context (prevents long-running queries)
19// - Result limit capped at 50 posts per request (validated in service layer)
20// - No caching currently implemented (future: 30-60s cache for hot feed)
21func RegisterDiscoverRoutes(
22 r chi.Router,
23 discoverService discoverCore.Service,
24 voteService votes.Service,
25 authMiddleware *middleware.OAuthAuthMiddleware,
26) {
27 // Create handlers
28 getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService, voteService)
29
30 // GET /xrpc/social.coves.feed.getDiscover
31 // Public endpoint with optional auth for viewer-specific state (vote state)
32 // Shows posts from ALL communities (not personalized)
33 // Rate limited: 100 req/min per IP via global middleware
34 r.With(authMiddleware.OptionalAuth).Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)
35}