commit 0dad0018e29a1b8650342cca187800e86c01a511 · bretton.dev/coves

+41 -23

cmd/server/main.go

···

       1
       1
        
       package main

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/api/handlers/oauth"

     

       5
       5
       +
       	"Coves/internal/api/middleware"

     

       6
       6
       +
       	"Coves/internal/api/routes"

     

       7
       7
       +
       	"Coves/internal/atproto/did"

     

       8
       8
       +
       	"Coves/internal/atproto/identity"

     

       9
       9
       +
       	"Coves/internal/atproto/jetstream"

     

       10
       10
       +
       	"Coves/internal/core/communities"

     

       11
       11
       +
       	"Coves/internal/core/users"

     

       4
       12
        
       	"bytes"

     

       5
       13
        
       	"context"

     

       6
       14
        
       	"database/sql"

     
···

       18
       26
        
       	_ "github.com/lib/pq"

     

       19
       27
        
       	"github.com/pressly/goose/v3"

     

       20
       28
        
       

     

       21
       21
       -
       	"Coves/internal/api/handlers/oauth"

     

       22
       22
       -
       	"Coves/internal/api/middleware"

     

       23
       23
       -
       	"Coves/internal/api/routes"

     

       24
       24
       -
       	"Coves/internal/atproto/did"

     

       25
       25
       -
       	"Coves/internal/atproto/identity"

     

       26
       26
       -
       	"Coves/internal/atproto/jetstream"

     

       27
       27
       -
       	"Coves/internal/core/communities"

     

       28
       29
        
       	oauthCore "Coves/internal/core/oauth"

     

       29
       29
       -
       	"Coves/internal/core/users"

     

       30
       30
       +
       

     

       30
       31
        
       	postgresRepo "Coves/internal/db/postgres"

     

       31
       32
        
       )

     

       32
       33
        
       

     
···

       48
       49
        
       	if err != nil {

     

       49
       50
        
       		log.Fatal("Failed to connect to database:", err)

     

       50
       51
        
       	}

     

       51
       51
       -
       	defer db.Close()

     

       52
       52
       +
       	defer func() {

     

       53
       53
       +
       		if closeErr := db.Close(); closeErr != nil {

     

       54
       54
       +
       			log.Printf("Failed to close database connection: %v", closeErr)

     

       55
       55
       +
       		}

     

       56
       56
       +
       	}()

     

       52
       57
        
       

     

       53
       53
       -
       	if err := db.Ping(); err != nil {

     

       58
       58
       +
       	if err = db.Ping(); err != nil {

     

       54
       59
        
       		log.Fatal("Failed to ping database:", err)

     

       55
       60
        
       	}

     

       56
       61
        
       

     

       57
       62
        
       	log.Println("Connected to AppView database")

     

       58
       63
        
       

     

       59
       64
        
       	// Run migrations

     

       60
       60
       -
       	if err := goose.SetDialect("postgres"); err != nil {

     

       65
       65
       +
       	if err = goose.SetDialect("postgres"); err != nil {

     

       61
       66
        
       		log.Fatal("Failed to set goose dialect:", err)

     

       62
       67
        
       	}

     

       63
       68
        
       

     

       64
       64
       -
       	if err := goose.Up(db, "internal/db/migrations"); err != nil {

     

       69
       69
       +
       	if err = goose.Up(db, "internal/db/migrations"); err != nil {

     

       65
       70
        
       		log.Fatal("Failed to run migrations:", err)

     

       66
       71
        
       	}

     

       67
       72
        
       

     
···

       84
       89
        
       		identityConfig.PLCURL = plcURL

     

       85
       90
        
       	}

     

       86
       91
        
       	if cacheTTL := os.Getenv("IDENTITY_CACHE_TTL"); cacheTTL != "" {

     

       87
       87
       -
       		if duration, err := time.ParseDuration(cacheTTL); err == nil {

     

       92
       92
       +
       		if duration, parseErr := time.ParseDuration(cacheTTL); parseErr == nil {

     

       88
       93
        
       			identityConfig.CacheTTL = duration

     

       89
       94
        
       		}

     

       90
       95
        
       	}

     
···

       154
       159
        
       	pdsPassword := os.Getenv("PDS_INSTANCE_PASSWORD")

     

       155
       160
        
       	if pdsHandle != "" && pdsPassword != "" {

     

       156
       161
        
       		log.Printf("Authenticating Coves instance (%s) with PDS...", instanceDID)

     

       157
       157
       -
       		accessToken, err := authenticateWithPDS(defaultPDS, pdsHandle, pdsPassword)

     

       158
       158
       -
       		if err != nil {

     

       159
       159
       -
       			log.Printf("Warning: Failed to authenticate with PDS: %v", err)

     

       162
       162
       +
       		accessToken, authErr := authenticateWithPDS(defaultPDS, pdsHandle, pdsPassword)

     

       163
       163
       +
       		if authErr != nil {

     

       164
       164
       +
       			log.Printf("Warning: Failed to authenticate with PDS: %v", authErr)

     

       160
       165
        
       			log.Println("Community creation will fail until PDS authentication is configured")

     

       161
       166
        
       		} else {

     

       162
       167
        
       			if svc, ok := communityService.(interface{ SetPDSAccessToken(string) }); ok {

     
···

       180
       185
        
       	userConsumer := jetstream.NewUserEventConsumer(userService, identityResolver, jetstreamURL, pdsFilter)

     

       181
       186
        
       	ctx := context.Background()

     

       182
       187
        
       	go func() {

     

       183
       183
       -
       		if err := userConsumer.Start(ctx); err != nil {

     

       184
       184
       -
       			log.Printf("Jetstream consumer stopped: %v", err)

     

       188
       188
       +
       		if startErr := userConsumer.Start(ctx); startErr != nil {

     

       189
       189
       +
       			log.Printf("Jetstream consumer stopped: %v", startErr)

     

       185
       190
        
       		}

     

       186
       191
        
       	}()

     

       187
       192
        
       

     
···

       199
       204
        
       		defer ticker.Stop()

     

       200
       205
        
       		for range ticker.C {

     

       201
       206
        
       			if pgStore, ok := sessionStore.(*oauthCore.PostgresSessionStore); ok {

     

       202
       202
       -
       				_ = pgStore.CleanupExpiredRequests(ctx)

     

       203
       203
       -
       				_ = pgStore.CleanupExpiredSessions(ctx)

     

       207
       207
       +
       				if cleanupErr := pgStore.CleanupExpiredRequests(ctx); cleanupErr != nil {

     

       208
       208
       +
       					log.Printf("Failed to cleanup expired OAuth requests: %v", cleanupErr)

     

       209
       209
       +
       				}

     

       210
       210
       +
       				if cleanupErr := pgStore.CleanupExpiredSessions(ctx); cleanupErr != nil {

     

       211
       211
       +
       					log.Printf("Failed to cleanup expired OAuth sessions: %v", cleanupErr)

     

       212
       212
       +
       				}

     

       204
       213
        
       				log.Println("OAuth cleanup completed")

     

       205
       214
        
       			}

     

       206
       215
        
       		}

     
···

       242
       251
        
       

     

       243
       252
        
       	r.Get("/health", func(w http.ResponseWriter, r *http.Request) {

     

       244
       253
        
       		w.WriteHeader(http.StatusOK)

     

       245
       245
       -
       		w.Write([]byte("OK"))

     

       254
       254
       +
       		if _, err := w.Write([]byte("OK")); err != nil {

     

       255
       255
       +
       			log.Printf("Failed to write health check response: %v", err)

     

       256
       256
       +
       		}

     

       246
       257
        
       	})

     

       247
       258
        
       

     

       248
       259
        
       	port := os.Getenv("APPVIEW_PORT")

     
···

       284
       295
        
       	if err != nil {

     

       285
       296
        
       		return "", fmt.Errorf("failed to call PDS: %w", err)

     

       286
       297
        
       	}

     

       287
       287
       -
       	defer resp.Body.Close()

     

       298
       298
       +
       	defer func() {

     

       299
       299
       +
       		if closeErr := resp.Body.Close(); closeErr != nil {

     

       300
       300
       +
       			log.Printf("Failed to close response body: %v", closeErr)

     

       301
       301
       +
       		}

     

       302
       302
       +
       	}()

     

       288
       303
        
       

     

       289
       304
        
       	if resp.StatusCode != http.StatusOK {

     

       290
       290
       -
       		body, _ := io.ReadAll(resp.Body)

     

       305
       305
       +
       		body, readErr := io.ReadAll(resp.Body)

     

       306
       306
       +
       		if readErr != nil {

     

       307
       307
       +
       			return "", fmt.Errorf("PDS returned status %d and failed to read body: %w", resp.StatusCode, readErr)

     

       308
       308
       +
       		}

     

       291
       309
        
       		return "", fmt.Errorf("PDS returned status %d: %s", resp.StatusCode, string(body))

     

       292
       310
        
       	}

     

       293
       311

+62 -53

cmd/validate-lexicon/main.go

···

       88
       88
        
       		// Only process .json files

     

       89
       89
        
       		if !info.IsDir() && filepath.Ext(path) == ".json" {

     

       90
       90
        
       			schemaFiles = append(schemaFiles, path)

     

       91
       91
       -
       			

     

       91
       91
       +
       

     

       92
       92
        
       			// Convert file path to schema ID

     

       93
       93
        
       			// e.g., internal/atproto/lexicon/social/coves/actor/profile.json -> social.coves.actor.profile

     

       94
       94
       -
       			relPath, _ := filepath.Rel(schemaPath, path)

     

       94
       94
       +
       			relPath, err := filepath.Rel(schemaPath, path)

     

       95
       95
       +
       			if err != nil {

     

       96
       96
       +
       				return fmt.Errorf("failed to compute relative path: %w", err)

     

       97
       97
       +
       			}

     

       95
       98
        
       			schemaID := filepath.ToSlash(relPath)

     

       96
       99
        
       			schemaID = schemaID[:len(schemaID)-5] // Remove .json extension

     

       97
       100
        
       			schemaID = strings.ReplaceAll(schemaID, "/", ".")

     
···

       99
       102
        
       		}

     

       100
       103
        
       		return nil

     

       101
       104
        
       	})

     

       102
       102
       -
       

     

       103
       105
        
       	if err != nil {

     

       104
       106
        
       		return fmt.Errorf("error walking schema directory: %w", err)

     

       105
       107
        
       	}

     
···

       157
       159
        
       		}

     

       158
       160
        
       		return nil

     

       159
       161
        
       	})

     

       160
       160
       -
       

     

       161
       162
        
       	if err != nil {

     

       162
       163
        
       		return fmt.Errorf("error walking schema directory: %w", err)

     

       163
       164
        
       	}

     
···

       182
       183
        
       // extractAllSchemaIDs walks the schema directory and returns all schema IDs

     

       183
       184
        
       func extractAllSchemaIDs(schemaPath string) []string {

     

       184
       185
        
       	var schemaIDs []string

     

       185
       185
       -
       	

     

       186
       186
       -
       	filepath.Walk(schemaPath, func(path string, info os.FileInfo, err error) error {

     

       186
       186
       +
       

     

       187
       187
       +
       	if err := filepath.Walk(schemaPath, func(path string, info os.FileInfo, err error) error {

     

       187
       188
        
       		if err != nil {

     

       188
       189
        
       			return err

     

       189
       190
        
       		}

     

       190
       190
       -
       		

     

       191
       191
       +
       

     

       191
       192
        
       		// Skip test-data directory

     

       192
       193
        
       		if info.IsDir() && info.Name() == "test-data" {

     

       193
       194
        
       			return filepath.SkipDir

     

       194
       195
        
       		}

     

       195
       195
       -
       		

     

       196
       196
       +
       

     

       196
       197
        
       		// Only process .json files

     

       197
       198
        
       		if !info.IsDir() && filepath.Ext(path) == ".json" {

     

       198
       199
        
       			// Convert file path to schema ID

     

       199
       199
       -
       			relPath, _ := filepath.Rel(schemaPath, path)

     

       200
       200
       +
       			relPath, err := filepath.Rel(schemaPath, path)

     

       201
       201
       +
       			if err != nil {

     

       202
       202
       +
       				return err

     

       203
       203
       +
       			}

     

       200
       204
        
       			schemaID := filepath.ToSlash(relPath)

     

       201
       205
        
       			schemaID = schemaID[:len(schemaID)-5] // Remove .json extension

     

       202
       206
        
       			schemaID = strings.ReplaceAll(schemaID, "/", ".")

     

       203
       203
       -
       			

     

       207
       207
       +
       

     

       204
       208
        
       			// Only include record schemas (not procedures)

     

       205
       205
       -
       			if strings.Contains(schemaID, ".record") || 

     

       206
       206
       -
       			   strings.Contains(schemaID, ".profile") || 

     

       207
       207
       -
       			   strings.Contains(schemaID, ".rules") || 

     

       208
       208
       -
       			   strings.Contains(schemaID, ".wiki") || 

     

       209
       209
       -
       			   strings.Contains(schemaID, ".subscription") || 

     

       210
       210
       -
       			   strings.Contains(schemaID, ".membership") ||

     

       211
       211
       -
       			   strings.Contains(schemaID, ".vote") ||

     

       212
       212
       -
       			   strings.Contains(schemaID, ".tag") ||

     

       213
       213
       -
       			   strings.Contains(schemaID, ".comment") ||

     

       214
       214
       -
       			   strings.Contains(schemaID, ".share") ||

     

       215
       215
       -
       			   strings.Contains(schemaID, ".tribunalVote") ||

     

       216
       216
       -
       			   strings.Contains(schemaID, ".ruleProposal") ||

     

       217
       217
       -
       			   strings.Contains(schemaID, ".ban") {

     

       209
       209
       +
       			if strings.Contains(schemaID, ".record") ||

     

       210
       210
       +
       				strings.Contains(schemaID, ".profile") ||

     

       211
       211
       +
       				strings.Contains(schemaID, ".rules") ||

     

       212
       212
       +
       				strings.Contains(schemaID, ".wiki") ||

     

       213
       213
       +
       				strings.Contains(schemaID, ".subscription") ||

     

       214
       214
       +
       				strings.Contains(schemaID, ".membership") ||

     

       215
       215
       +
       				strings.Contains(schemaID, ".vote") ||

     

       216
       216
       +
       				strings.Contains(schemaID, ".tag") ||

     

       217
       217
       +
       				strings.Contains(schemaID, ".comment") ||

     

       218
       218
       +
       				strings.Contains(schemaID, ".share") ||

     

       219
       219
       +
       				strings.Contains(schemaID, ".tribunalVote") ||

     

       220
       220
       +
       				strings.Contains(schemaID, ".ruleProposal") ||

     

       221
       221
       +
       				strings.Contains(schemaID, ".ban") {

     

       218
       222
        
       				schemaIDs = append(schemaIDs, schemaID)

     

       219
       223
        
       			}

     

       220
       224
        
       		}

     

       221
       225
        
       		return nil

     

       222
       222
       -
       	})

     

       223
       223
       -
       	

     

       226
       226
       +
       	}); err != nil {

     

       227
       227
       +
       		log.Printf("Warning: failed to walk schema directory: %v", err)

     

       228
       228
       +
       	}

     

       229
       229
       +
       

     

       224
       230
        
       	return schemaIDs

     

       225
       231
        
       }

     

       226
       232
        
       

     

       227
       233
        
       // validateTestData validates test JSON data files against their corresponding schemas

     

       228
       228
       -
       func validateTestData(catalog *lexicon.BaseCatalog, testDataPath string, verbose bool, strict bool, allSchemas []string) error {

     

       234
       234
       +
       func validateTestData(catalog *lexicon.BaseCatalog, testDataPath string, verbose, strict bool, allSchemas []string) error {

     

       229
       235
        
       	// Check if test data directory exists

     

       230
       236
        
       	if _, err := os.Stat(testDataPath); os.IsNotExist(err) {

     

       231
       237
        
       		return fmt.Errorf("test data path does not exist: %s", testDataPath)

     
···

       248
       254
        
       		if !info.IsDir() && filepath.Ext(path) == ".json" {

     

       249
       255
        
       			filename := filepath.Base(path)

     

       250
       256
        
       			isInvalidTest := strings.Contains(filename, "-invalid-")

     

       251
       251
       -
       			

     

       257
       257
       +
       

     

       252
       258
        
       			if verbose {

     

       253
       259
        
       				if isInvalidTest {

     

       254
       260
        
       					fmt.Printf("\n  Testing (expect failure): %s\n", filename)

     
···

       263
       269
        
       				validationErrors = append(validationErrors, fmt.Sprintf("Failed to open %s: %v", path, err))

     

       264
       270
        
       				return nil

     

       265
       271
        
       			}

     

       266
       266
       -
       			defer file.Close()

     

       272
       272
       +
       			defer func() {

     

       273
       273
       +
       				if closeErr := file.Close(); closeErr != nil {

     

       274
       274
       +
       					validationErrors = append(validationErrors, fmt.Sprintf("Failed to close %s: %v", path, closeErr))

     

       275
       275
       +
       				}

     

       276
       276
       +
       			}()

     

       267
       277
        
       

     

       268
       268
       -
       			data, err := io.ReadAll(file)

     

       269
       269
       -
       			if err != nil {

     

       270
       270
       -
       				validationErrors = append(validationErrors, fmt.Sprintf("Failed to read %s: %v", path, err))

     

       278
       278
       +
       			data, readErr := io.ReadAll(file)

     

       279
       279
       +
       			if readErr != nil {

     

       280
       280
       +
       				validationErrors = append(validationErrors, fmt.Sprintf("Failed to read %s: %v", path, readErr))

     

       271
       281
        
       				return nil

     

       272
       282
        
       			}

     

       273
       283
        
       

     
···

       275
       285
        
       			var recordData map[string]interface{}

     

       276
       286
        
       			decoder := json.NewDecoder(bytes.NewReader(data))

     

       277
       287
        
       			decoder.UseNumber() // This preserves numbers as json.Number instead of float64

     

       278
       278
       -
       			if err := decoder.Decode(&recordData); err != nil {

     

       279
       279
       -
       				validationErrors = append(validationErrors, fmt.Sprintf("Failed to parse JSON in %s: %v", path, err))

     

       288
       288
       +
       			if decodeErr := decoder.Decode(&recordData); decodeErr != nil {

     

       289
       289
       +
       				validationErrors = append(validationErrors, fmt.Sprintf("Failed to parse JSON in %s: %v", path, decodeErr))

     

       280
       290
        
       				return nil

     

       281
       291
        
       			}

     

       282
       282
       -
       			

     

       292
       292
       +
       

     

       283
       293
        
       			// Convert json.Number values to appropriate types

     

       284
       294
        
       			recordData = convertNumbers(recordData).(map[string]interface{})

     

       285
       295
        
       

     
···

       299
       309
        
       			}

     

       300
       310
        
       

     

       301
       311
        
       			// Validate the record

     

       302
       302
       -
       			err = lexicon.ValidateRecord(catalog, recordData, recordType, flags)

     

       303
       303
       -
       			

     

       312
       312
       +
       			validateErr := lexicon.ValidateRecord(catalog, recordData, recordType, flags)

     

       313
       313
       +
       

     

       304
       314
        
       			if isInvalidTest {

     

       305
       315
        
       				// This file should fail validation

     

       306
       316
        
       				invalidFiles++

     

       307
       307
       -
       				if err != nil {

     

       317
       317
       +
       				if validateErr != nil {

     

       308
       318
        
       					invalidFailCount++

     

       309
       319
        
       					if verbose {

     

       310
       310
       -
       						fmt.Printf("    ✅ Correctly rejected invalid %s record: %v\n", recordType, err)

     

       320
       320
       +
       						fmt.Printf("    ✅ Correctly rejected invalid %s record: %v\n", recordType, validateErr)

     

       311
       321
        
       					}

     

       312
       322
        
       				} else {

     

       313
       323
        
       					validationErrors = append(validationErrors, fmt.Sprintf("Invalid test file %s passed validation when it should have failed", path))

     
···

       318
       328
        
       			} else {

     

       319
       329
        
       				// This file should pass validation

     

       320
       330
        
       				validFiles++

     

       321
       321
       -
       				if err != nil {

     

       322
       322
       -
       					validationErrors = append(validationErrors, fmt.Sprintf("Validation failed for %s (type: %s): %v", path, recordType, err))

     

       331
       331
       +
       				if validateErr != nil {

     

       332
       332
       +
       					validationErrors = append(validationErrors, fmt.Sprintf("Validation failed for %s (type: %s): %v", path, recordType, validateErr))

     

       323
       333
        
       					if verbose {

     

       324
       324
       -
       						fmt.Printf("    ❌ Failed: %v\n", err)

     

       334
       334
       +
       						fmt.Printf("    ❌ Failed: %v\n", validateErr)

     

       325
       335
        
       					}

     

       326
       336
        
       				} else {

     

       327
       337
        
       					validSuccessCount++

     
···

       334
       344
        
       		}

     

       335
       345
        
       		return nil

     

       336
       346
        
       	})

     

       337
       337
       -
       

     

       338
       347
        
       	if err != nil {

     

       339
       348
        
       		return fmt.Errorf("error walking test data directory: %w", err)

     

       340
       349
        
       	}

     
···

       355
       364
        
       		fmt.Printf("\n📋 Validation Summary:\n")

     

       356
       365
        
       		fmt.Printf("  Valid test files:   %d/%d passed\n", validSuccessCount, validFiles)

     

       357
       366
        
       		fmt.Printf("  Invalid test files: %d/%d correctly rejected\n", invalidFailCount, invalidFiles)

     

       358
       358
       -
       		

     

       367
       367
       +
       

     

       359
       368
        
       		if validSuccessCount == validFiles && invalidFailCount == invalidFiles {

     

       360
       369
        
       			fmt.Printf("\n  ✅ All test files behaved as expected!\n")

     

       361
       370
        
       		}

     

       362
       362
       -
       		

     

       371
       371
       +
       

     

       363
       372
        
       		// Show test coverage summary (only for valid files)

     

       364
       373
        
       		fmt.Printf("\n📊 Test Data Coverage Summary:\n")

     

       365
       374
        
       		fmt.Printf("  - Records with test data: %d types\n", len(testedTypes))

     

       366
       375
        
       		fmt.Printf("  - Valid test files: %d\n", validFiles)

     

       367
       376
        
       		fmt.Printf("  - Invalid test files: %d (for error validation)\n", invalidFiles)

     

       368
       368
       -
       		

     

       377
       377
       +
       

     

       369
       378
        
       		fmt.Printf("\n  Tested record types:\n")

     

       370
       379
        
       		for recordType := range testedTypes {

     

       371
       380
        
       			fmt.Printf("    ✓ %s\n", recordType)

     

       372
       381
        
       		}

     

       373
       373
       -
       		

     

       382
       382
       +
       

     

       374
       383
        
       		// Show untested schemas

     

       375
       384
        
       		untestedCount := 0

     

       376
       385
        
       		fmt.Printf("\n  ⚠️  Record types without test data:\n")

     
···

       380
       389
        
       				untestedCount++

     

       381
       390
        
       			}

     

       382
       391
        
       		}

     

       383
       383
       -
       		

     

       392
       392
       +
       

     

       384
       393
        
       		if untestedCount == 0 {

     

       385
       394
        
       			fmt.Println("    (None - full test coverage!)")

     

       386
       395
        
       		} else {

     

       387
       387
       -
       			fmt.Printf("\n  Coverage: %d/%d record types have test data (%.1f%%)\n", 

     

       388
       388
       -
       				len(testedTypes), len(allSchemas), 

     

       396
       396
       +
       			fmt.Printf("\n  Coverage: %d/%d record types have test data (%.1f%%)\n",

     

       397
       397
       +
       				len(testedTypes), len(allSchemas),

     

       389
       398
        
       				float64(len(testedTypes))/float64(len(allSchemas))*100)

     

       390
       399
        
       		}

     

       391
       400
        
       	}

     
···

       404
       413
        
       		"social.coves.richtext.facet#italic",

     

       405
       414
        
       		"social.coves.richtext.facet#strikethrough",

     

       406
       415
        
       		"social.coves.richtext.facet#spoiler",

     

       407
       407
       -
       		

     

       416
       416
       +
       

     

       408
       417
        
       		// Post types and views

     

       409
       418
        
       		"social.coves.post.get#postView",

     

       410
       419
        
       		"social.coves.post.get#authorView",

     
···

       414
       423
        
       		"social.coves.post.get#externalView",

     

       415
       424
        
       		"social.coves.post.get#postStats",

     

       416
       425
        
       		"social.coves.post.get#viewerState",

     

       417
       417
       -
       		

     

       426
       426
       +
       

     

       418
       427
        
       		// Post record types

     

       419
       428
        
       		"social.coves.post.record#originalAuthor",

     

       420
       420
       -
       		

     

       429
       429
       +
       

     

       421
       430
        
       		// Actor definitions

     

       422
       431
        
       		"social.coves.actor.profile#geoLocation",

     

       423
       423
       -
       		

     

       432
       432
       +
       

     

       424
       433
        
       		// Community definitions

     

       425
       434
        
       		"social.coves.community.rules#rule",

     

       426
       435
        
       	}

+6 -3

internal/api/handlers/community/create.go

···

       1
       1
        
       package community

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"net/http"

     

       6
       6
       -
       

     

       7
       7
       -
       	"Coves/internal/core/communities"

     

       8
       7
        
       )

     

       9
       8
        
       

     

       10
       9
        
       // CreateHandler handles community creation

     
···

       68
       67
        
       

     

       69
       68
        
       	w.Header().Set("Content-Type", "application/json")

     

       70
       69
        
       	w.WriteHeader(http.StatusOK)

     

       71
       71
       -
       	json.NewEncoder(w).Encode(response)

     

       70
       70
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       71
       71
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       72
       72
       +
       		// This follows Go's standard practice for HTTP handlers

     

       73
       73
       +
       		_ = err

     

       74
       74
       +
       	}

     

       72
       75
        
       }

+5 -4

internal/api/handlers/community/errors.go

···

       1
       1
        
       package community

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"log"

     

       6
       7
        
       	"net/http"

     

       7
       7
       -
       

     

       8
       8
       -
       	"Coves/internal/core/communities"

     

       9
       8
        
       )

     

       10
       9
        
       

     

       11
       10
        
       // XRPCError represents an XRPC error response

     
···

       18
       17
        
       func writeError(w http.ResponseWriter, status int, error, message string) {

     

       19
       18
        
       	w.Header().Set("Content-Type", "application/json")

     

       20
       19
        
       	w.WriteHeader(status)

     

       21
       21
       -
       	json.NewEncoder(w).Encode(XRPCError{

     

       20
       20
       +
       	if err := json.NewEncoder(w).Encode(XRPCError{

     

       22
       21
        
       		Error:   error,

     

       23
       22
        
       		Message: message,

     

       24
       24
       -
       	})

     

       23
       23
       +
       	}); err != nil {

     

       24
       24
       +
       		log.Printf("Failed to encode error response: %v", err)

     

       25
       25
       +
       	}

     

       25
       26
        
       }

     

       26
       27
        
       

     

       27
       28
        
       // handleServiceError converts service errors to appropriate HTTP responses

+6 -3

internal/api/handlers/community/get.go

···

       1
       1
        
       package community

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"net/http"

     

       6
       6
       -
       

     

       7
       7
       -
       	"Coves/internal/core/communities"

     

       8
       7
        
       )

     

       9
       8
        
       

     

       10
       9
        
       // GetHandler handles community retrieval

     
···

       44
       43
        
       	// Return community data

     

       45
       44
        
       	w.Header().Set("Content-Type", "application/json")

     

       46
       45
        
       	w.WriteHeader(http.StatusOK)

     

       47
       47
       -
       	json.NewEncoder(w).Encode(community)

     

       46
       46
       +
       	if err := json.NewEncoder(w).Encode(community); err != nil {

     

       47
       47
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       48
       48
       +
       		// This follows Go's standard practice for HTTP handlers

     

       49
       49
       +
       		_ = err

     

       50
       50
       +
       	}

     

       48
       51
        
       }

+6 -3

internal/api/handlers/community/list.go

···

       1
       1
        
       package community

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"net/http"

     

       6
       7
        
       	"strconv"

     

       7
       7
       -
       

     

       8
       8
       -
       	"Coves/internal/core/communities"

     

       9
       8
        
       )

     

       10
       9
        
       

     

       11
       10
        
       // ListHandler handles listing communities

     
···

       70
       69
        
       

     

       71
       70
        
       	w.Header().Set("Content-Type", "application/json")

     

       72
       71
        
       	w.WriteHeader(http.StatusOK)

     

       73
       73
       -
       	json.NewEncoder(w).Encode(response)

     

       72
       72
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       73
       73
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       74
       74
       +
       		// This follows Go's standard practice for HTTP handlers

     

       75
       75
       +
       		_ = err

     

       76
       76
       +
       	}

     

       74
       77
        
       }

+6 -3

internal/api/handlers/community/search.go

···

       1
       1
        
       package community

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"net/http"

     

       6
       7
        
       	"strconv"

     

       7
       7
       -
       

     

       8
       8
       -
       	"Coves/internal/core/communities"

     

       9
       8
        
       )

     

       10
       9
        
       

     

       11
       10
        
       // SearchHandler handles community search

     
···

       74
       73
        
       

     

       75
       74
        
       	w.Header().Set("Content-Type", "application/json")

     

       76
       75
        
       	w.WriteHeader(http.StatusOK)

     

       77
       77
       -
       	json.NewEncoder(w).Encode(response)

     

       76
       76
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       77
       77
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       78
       78
       +
       		// This follows Go's standard practice for HTTP handlers

     

       79
       79
       +
       		_ = err

     

       80
       80
       +
       	}

     

       78
       81
        
       }

+9 -4

internal/api/handlers/oauth/callback.go

···

       1
       1
        
       package oauth

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/oauth"

     

       4
       5
        
       	"log"

     

       5
       6
        
       	"net/http"

     

       6
       7
        
       	"os"

     

       7
       8
        
       	"strings"

     

       8
       9
        
       	"time"

     

       9
       10
        
       

     

       10
       10
       -
       	"Coves/internal/atproto/oauth"

     

       11
       11
        
       	oauthCore "Coves/internal/core/oauth"

     

       12
       12
        
       )

     

       13
       13
        
       

     
···

       154
       154
        
       		ExpiresAt:           expiresAt,

     

       155
       155
        
       	}

     

       156
       156
        
       

     

       157
       157
       -
       	if err := h.sessionStore.SaveSession(session); err != nil {

     

       158
       158
       -
       		log.Printf("Failed to save OAuth session: %v", err)

     

       157
       157
       +
       	if saveErr := h.sessionStore.SaveSession(session); saveErr != nil {

     

       158
       158
       +
       		log.Printf("Failed to save OAuth session: %v", saveErr)

     

       159
       159
        
       		http.Error(w, "Failed to save session", http.StatusInternalServerError)

     

       160
       160
        
       		return

     

       161
       161
        
       	}

     
···

       168
       168
        
       	if err != nil {

     

       169
       169
        
       		log.Printf("Failed to get cookie session: %v", err)

     

       170
       170
        
       		// Try to create a new session anyway

     

       171
       171
       -
       		httpSession, _ = cookieStore.New(r, sessionName)

     

       171
       171
       +
       		httpSession, err = cookieStore.New(r, sessionName)

     

       172
       172
       +
       		if err != nil {

     

       173
       173
       +
       			log.Printf("Failed to create new session: %v", err)

     

       174
       174
       +
       			http.Error(w, "Failed to create session", http.StatusInternalServerError)

     

       175
       175
       +
       			return

     

       176
       176
       +
       		}

     

       172
       177
        
       	}

     

       173
       178
        
       

     

       174
       179
        
       	httpSession.Values[sessionDID] = oauthReq.DID

+16 -4

internal/api/handlers/oauth/env_test.go

···

       62
       62
        
       		t.Run(tt.name, func(t *testing.T) {

     

       63
       63
        
       			// Set environment variable

     

       64
       64
        
       			if tt.envValue != "" {

     

       65
       65
       -
       				os.Setenv(tt.envKey, tt.envValue)

     

       66
       66
       -
       				defer os.Unsetenv(tt.envKey)

     

       65
       65
       +
       				if err := os.Setenv(tt.envKey, tt.envValue); err != nil {

     

       66
       66
       +
       					t.Fatalf("Failed to set env var: %v", err)

     

       67
       67
       +
       				}

     

       68
       68
       +
       				defer func() {

     

       69
       69
       +
       					if err := os.Unsetenv(tt.envKey); err != nil {

     

       70
       70
       +
       						t.Errorf("Failed to unset env var: %v", err)

     

       71
       71
       +
       					}

     

       72
       72
       +
       				}()

     

       67
       73
        
       			}

     

       68
       74
        
       

     

       69
       75
        
       			got, err := GetEnvBase64OrPlain(tt.envKey)

     
···

       103
       109
        
       

     

       104
       110
        
       	for _, tt := range tests {

     

       105
       111
        
       		t.Run(tt.name, func(t *testing.T) {

     

       106
       106
       -
       			os.Setenv("TEST_REAL_JWK", tt.envValue)

     

       107
       107
       -
       			defer os.Unsetenv("TEST_REAL_JWK")

     

       112
       112
       +
       			if err := os.Setenv("TEST_REAL_JWK", tt.envValue); err != nil {

     

       113
       113
       +
       				t.Fatalf("Failed to set env var: %v", err)

     

       114
       114
       +
       			}

     

       115
       115
       +
       			defer func() {

     

       116
       116
       +
       				if err := os.Unsetenv("TEST_REAL_JWK"); err != nil {

     

       117
       117
       +
       					t.Errorf("Failed to unset env var: %v", err)

     

       118
       118
       +
       				}

     

       119
       119
       +
       			}()

     

       108
       120
        
       

     

       109
       121
        
       			got, err := GetEnvBase64OrPlain("TEST_REAL_JWK")

     

       110
       122
        
       			if err != nil {

+5 -3

internal/api/handlers/oauth/jwks.go

···

       1
       1
        
       package oauth

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/oauth"

     

       4
       5
        
       	"encoding/json"

     

       6
       6
       +
       	"log"

     

       5
       7
        
       	"net/http"

     

       6
       6
       -
       

     

       7
       7
       -
       	"Coves/internal/atproto/oauth"

     

       8
       8
        
       

     

       9
       9
        
       	"github.com/lestrrat-go/jwx/v2/jwk"

     

       10
       10
        
       )

     
···

       47
       47
        
       	// Serve JWKS

     

       48
       48
        
       	w.Header().Set("Content-Type", "application/json")

     

       49
       49
        
       	w.WriteHeader(http.StatusOK)

     

       50
       50
       -
       	json.NewEncoder(w).Encode(jwks)

     

       50
       50
       +
       	if err := json.NewEncoder(w).Encode(jwks); err != nil {

     

       51
       51
       +
       		log.Printf("Failed to encode JWKS response: %v", err)

     

       52
       52
       +
       	}

     

       51
       53
        
       }

+7 -5

internal/api/handlers/oauth/login.go

···

       1
       1
        
       package oauth

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/identity"

     

       5
       5
       +
       	"Coves/internal/atproto/oauth"

     

       4
       6
        
       	"encoding/json"

     

       5
       7
        
       	"log"

     

       6
       8
        
       	"net/http"

     

       7
       9
        
       	"net/url"

     

       8
       10
        
       	"strings"

     

       9
       11
        
       

     

       10
       10
       -
       	"Coves/internal/atproto/identity"

     

       11
       11
       -
       	"Coves/internal/atproto/oauth"

     

       12
       12
        
       	oauthCore "Coves/internal/core/oauth"

     

       13
       13
        
       )

     

       14
       14
        
       

     
···

       144
       144
        
       		ReturnURL:           req.ReturnURL,

     

       145
       145
        
       	}

     

       146
       146
        
       

     

       147
       147
       -
       	if err := h.sessionStore.SaveRequest(oauthReq); err != nil {

     

       148
       148
       -
       		log.Printf("Failed to save OAuth request: %v", err)

     

       147
       147
       +
       	if saveErr := h.sessionStore.SaveRequest(oauthReq); saveErr != nil {

     

       148
       148
       +
       		log.Printf("Failed to save OAuth request: %v", saveErr)

     

       149
       149
        
       		http.Error(w, "Failed to save authorization state", http.StatusInternalServerError)

     

       150
       150
        
       		return

     

       151
       151
        
       	}

     
···

       171
       171
        
       

     

       172
       172
        
       	w.Header().Set("Content-Type", "application/json")

     

       173
       173
        
       	w.WriteHeader(http.StatusOK)

     

       174
       174
       -
       	json.NewEncoder(w).Encode(resp)

     

       174
       174
       +
       	if err := json.NewEncoder(w).Encode(resp); err != nil {

     

       175
       175
       +
       		log.Printf("Failed to encode response: %v", err)

     

       176
       176
       +
       	}

     

       175
       177
        
       }

+10 -6

internal/api/handlers/oauth/metadata.go

···

       13
       13
        
       	ClientID                    string   `json:"client_id"`

     

       14
       14
        
       	ClientName                  string   `json:"client_name"`

     

       15
       15
        
       	ClientURI                   string   `json:"client_uri"`

     

       16
       16
       -
       	RedirectURIs                []string `json:"redirect_uris"`

     

       17
       17
       -
       	GrantTypes                  []string `json:"grant_types"`

     

       18
       18
       -
       	ResponseTypes               []string `json:"response_types"`

     

       19
       16
        
       	Scope                       string   `json:"scope"`

     

       20
       17
        
       	TokenEndpointAuthMethod     string   `json:"token_endpoint_auth_method"`

     

       21
       18
        
       	TokenEndpointAuthSigningAlg string   `json:"token_endpoint_auth_signing_alg"`

     

       22
       22
       -
       	DpopBoundAccessTokens       bool     `json:"dpop_bound_access_tokens"`

     

       23
       19
        
       	ApplicationType             string   `json:"application_type"`

     

       24
       24
       -
       	JwksURI                     string   `json:"jwks_uri,omitempty"` // Only in production

     

       20
       20
       +
       	JwksURI                     string   `json:"jwks_uri,omitempty"`

     

       21
       21
       +
       	RedirectURIs                []string `json:"redirect_uris"`

     

       22
       22
       +
       	GrantTypes                  []string `json:"grant_types"`

     

       23
       23
       +
       	ResponseTypes               []string `json:"response_types"`

     

       24
       24
       +
       	DpopBoundAccessTokens       bool     `json:"dpop_bound_access_tokens"`

     

       25
       25
        
       }

     

       26
       26
        
       

     

       27
       27
        
       // HandleClientMetadata serves the OAuth client metadata

     
···

       55
       55
        
       

     

       56
       56
        
       	w.Header().Set("Content-Type", "application/json")

     

       57
       57
        
       	w.WriteHeader(http.StatusOK)

     

       58
       58
       -
       	json.NewEncoder(w).Encode(metadata)

     

       58
       58
       +
       	if err := json.NewEncoder(w).Encode(metadata); err != nil {

     

       59
       59
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       60
       60
       +
       		// This follows Go's standard practice for HTTP handlers

     

       61
       61
       +
       		_ = err

     

       62
       62
       +
       	}

     

       59
       63
        
       }

     

       60
       64
        
       

     

       61
       65
        
       // getAppViewURL returns the public URL of the AppView

+13 -6

internal/api/routes/user.go

···

       1
       1
        
       package routes

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/users"

     

       4
       5
        
       	"encoding/json"

     

       5
       6
        
       	"errors"

     

       7
       7
       +
       	"log"

     

       6
       8
        
       	"net/http"

     

       7
       9
        
       	"time"

     

       8
       10
        
       

     

       9
       9
       -
       	"Coves/internal/core/users"

     

       10
       11
        
       	"github.com/go-chi/chi/v5"

     

       11
       12
        
       )

     

       12
       13
        
       

     
···

       73
       74
        
       

     

       74
       75
        
       	w.Header().Set("Content-Type", "application/json")

     

       75
       76
        
       	w.WriteHeader(http.StatusOK)

     

       76
       76
       -
       	json.NewEncoder(w).Encode(response)

     

       77
       77
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       78
       78
       +
       		log.Printf("Failed to encode response: %v", err)

     

       79
       79
       +
       	}

     

       77
       80
        
       }

     

       78
       81
        
       

     

       79
       82
        
       // Signup handles social.coves.actor.signup

     
···

       106
       109
        
       

     

       107
       110
        
       	w.Header().Set("Content-Type", "application/json")

     

       108
       111
        
       	w.WriteHeader(http.StatusOK)

     

       109
       109
       -
       	json.NewEncoder(w).Encode(response)

     

       112
       112
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       113
       113
       +
       		log.Printf("Failed to encode response: %v", err)

     

       114
       114
       +
       	}

     

       110
       115
        
       }

     

       111
       116
        
       

     

       112
       117
        
       // respondWithLexiconError maps domain errors to lexicon error types and HTTP status codes

     
···

       168
       173
        
       	// XRPC error response format

     

       169
       174
        
       	w.Header().Set("Content-Type", "application/json")

     

       170
       175
        
       	w.WriteHeader(statusCode)

     

       171
       171
       -
       	json.NewEncoder(w).Encode(map[string]interface{}{

     

       176
       176
       +
       	if err := json.NewEncoder(w).Encode(map[string]interface{}{

     

       172
       177
        
       		"error":   errorName,

     

       173
       178
        
       		"message": message,

     

       174
       174
       -
       	})

     

       175
       175
       -
       }
     

       179
       179
       +
       	}); err != nil {

     

       180
       180
       +
       		log.Printf("Failed to encode error response: %v", err)

     

       181
       181
       +
       	}

     

       182
       182
       +
       }

+7 -6

internal/atproto/did/generator.go

···

       9
       9
        
       

     

       10
       10
        
       // Generator creates DIDs for Coves entities

     

       11
       11
        
       type Generator struct {

     

       12
       12
       -
       	isDevEnv        bool   // true = generate without registering, false = register with PLC

     

       13
       13
       -
       	plcDirectoryURL string // PLC directory URL (only used when isDevEnv=false)

     

       12
       12
       +
       	plcDirectoryURL string

     

       13
       13
       +
       	isDevEnv        bool

     

       14
       14
        
       }

     

       15
       15
        
       

     

       16
       16
        
       // NewGenerator creates a new DID generator

     
···

       51
       51
        
       	// 4. Store keypair securely for future DID updates

     

       52
       52
        
       	//

     

       53
       53
        
       	// For now, we just generate the identifier (works fine for local dev)

     

       54
       54
       -
       	if !g.isDevEnv {

     

       55
       55
       -
       		// Future: implement PLC registration here

     

       56
       56
       -
       		// return "", fmt.Errorf("PLC registration not yet implemented")

     

       57
       57
       -
       	}

     

       54
       54
       +
       	// Production PLC registration is not yet implemented - DIDs are generated

     

       55
       55
       +
       	// locally but not registered with the PLC directory. This is acceptable

     

       56
       56
       +
       	// for development and private instances, but production deployments should

     

       57
       57
       +
       	// implement full PLC registration to ensure DIDs are globally resolvable.

     

       58
       58
       +
       	_ = g.isDevEnv // Acknowledge that isDevEnv will be used when PLC registration is implemented

     

       58
       59
        
       

     

       59
       60
        
       	return did, nil

     

       60
       61
        
       }

+2 -2

internal/atproto/identity/postgres_cache.go

···

       143
       143
        
       		return fmt.Errorf("failed to purge identity cache: %w", err)

     

       144
       144
        
       	}

     

       145
       145
        
       

     

       146
       146
       -
       	rowsAffected, _ := result.RowsAffected()

     

       147
       147
       -
       	if rowsAffected > 0 {

     

       146
       146
       +
       	rowsAffected, err := result.RowsAffected()

     

       147
       147
       +
       	if err == nil && rowsAffected > 0 {

     

       148
       148
        
       		log.Printf("[identity-cache] Purged %d entries for: %s", rowsAffected, identifier)

     

       149
       149
        
       	}

     

       150
       150

+21 -39

internal/atproto/jetstream/community_consumer.go

···

       1
       1
        
       package jetstream

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"context"

     

       5
       6
        
       	"encoding/json"

     

       6
       7
        
       	"fmt"

     

       7
       8
        
       	"log"

     

       8
       8
       -
       	"strings"

     

       9
       9
        
       	"time"

     

       10
       10
       -
       

     

       11
       11
       -
       	"Coves/internal/core/communities"

     

       12
       10
        
       )

     

       13
       11
        
       

     

       14
       12
        
       // CommunityEventConsumer consumes community-related events from Jetstream

     
···

       124
       122
        
       

     

       125
       123
        
       	// Handle description facets (rich text)

     

       126
       124
        
       	if profile.DescriptionFacets != nil {

     

       127
       127
       -
       		facetsJSON, err := json.Marshal(profile.DescriptionFacets)

     

       128
       128
       -
       		if err == nil {

     

       125
       125
       +
       		facetsJSON, marshalErr := json.Marshal(profile.DescriptionFacets)

     

       126
       126
       +
       		if marshalErr == nil {

     

       129
       127
        
       			community.DescriptionFacets = facetsJSON

     

       130
       128
        
       		}

     

       131
       129
        
       	}

     
···

       195
       193
        
       

     

       196
       194
        
       	// Update description facets

     

       197
       195
        
       	if profile.DescriptionFacets != nil {

     

       198
       198
       -
       		facetsJSON, err := json.Marshal(profile.DescriptionFacets)

     

       199
       199
       -
       		if err == nil {

     

       196
       196
       +
       		facetsJSON, marshalErr := json.Marshal(profile.DescriptionFacets)

     

       197
       197
       +
       		if marshalErr == nil {

     

       200
       198
        
       			existing.DescriptionFacets = facetsJSON

     

       201
       199
        
       		}

     

       202
       200
        
       	}

     
···

       296
       294
        
       // Helper types and functions

     

       297
       295
        
       

     

       298
       296
        
       type CommunityProfile struct {

     

       299
       299
       -
       	// V2 ONLY: No DID field (repo DID is authoritative)

     

       300
       300
       -
       	Handle            string                 `json:"handle"`        // Scoped handle (!gaming@coves.social)

     

       301
       301
       -
       	AtprotoHandle     string                 `json:"atprotoHandle"` // Real atProto handle (gaming.communities.coves.social)

     

       297
       297
       +
       	CreatedAt         time.Time              `json:"createdAt"`

     

       298
       298
       +
       	Avatar            map[string]interface{} `json:"avatar"`

     

       299
       299
       +
       	Banner            map[string]interface{} `json:"banner"`

     

       300
       300
       +
       	CreatedBy         string                 `json:"createdBy"`

     

       301
       301
       +
       	Visibility        string                 `json:"visibility"`

     

       302
       302
       +
       	AtprotoHandle     string                 `json:"atprotoHandle"`

     

       303
       303
       +
       	DisplayName       string                 `json:"displayName"`

     

       302
       304
        
       	Name              string                 `json:"name"`

     

       303
       303
       -
       	DisplayName       string                 `json:"displayName"`

     

       305
       305
       +
       	Handle            string                 `json:"handle"`

     

       306
       306
       +
       	HostedBy          string                 `json:"hostedBy"`

     

       304
       307
        
       	Description       string                 `json:"description"`

     

       308
       308
       +
       	FederatedID       string                 `json:"federatedId"`

     

       309
       309
       +
       	ModerationType    string                 `json:"moderationType"`

     

       310
       310
       +
       	FederatedFrom     string                 `json:"federatedFrom"`

     

       311
       311
       +
       	ContentWarnings   []string               `json:"contentWarnings"`

     

       305
       312
        
       	DescriptionFacets []interface{}          `json:"descriptionFacets"`

     

       306
       306
       -
       	Avatar            map[string]interface{} `json:"avatar"`

     

       307
       307
       -
       	Banner            map[string]interface{} `json:"banner"`

     

       308
       308
       -
       	// Owner field removed - V2 communities ALWAYS self-own (owner == repo DID)

     

       309
       309
       -
       	CreatedBy       string           `json:"createdBy"`

     

       310
       310
       -
       	HostedBy        string           `json:"hostedBy"`

     

       311
       311
       -
       	Visibility      string           `json:"visibility"`

     

       312
       312
       -
       	Federation      FederationConfig `json:"federation"`

     

       313
       313
       -
       	ModerationType  string           `json:"moderationType"`

     

       314
       314
       -
       	ContentWarnings []string         `json:"contentWarnings"`

     

       315
       315
       -
       	MemberCount     int              `json:"memberCount"`

     

       316
       316
       -
       	SubscriberCount int              `json:"subscriberCount"`

     

       317
       317
       -
       	FederatedFrom   string           `json:"federatedFrom"`

     

       318
       318
       -
       	FederatedID     string           `json:"federatedId"`

     

       319
       319
       -
       	CreatedAt       time.Time        `json:"createdAt"`

     

       313
       313
       +
       	MemberCount       int                    `json:"memberCount"`

     

       314
       314
       +
       	SubscriberCount   int                    `json:"subscriberCount"`

     

       315
       315
       +
       	Federation        FederationConfig       `json:"federation"`

     

       320
       316
        
       }

     

       321
       317
        
       

     

       322
       318
        
       type FederationConfig struct {

     
···

       365
       361
        
       

     

       366
       362
        
       	return link, true

     

       367
       363
        
       }

     

       368
       368
       -
       

     

       369
       369
       -
       // validateHandle checks if a handle matches expected format (!name@instance)

     

       370
       370
       -
       func validateHandle(handle string) bool {

     

       371
       371
       -
       	if !strings.HasPrefix(handle, "!") {

     

       372
       372
       -
       		return false

     

       373
       373
       -
       	}

     

       374
       374
       -
       

     

       375
       375
       -
       	parts := strings.Split(handle, "@")

     

       376
       376
       -
       	if len(parts) != 2 {

     

       377
       377
       -
       		return false

     

       378
       378
       -
       	}

     

       379
       379
       -
       

     

       380
       380
       -
       	return true

     

       381
       381
       -
       }

+23 -13

internal/atproto/jetstream/user_consumer.go

···

       1
       1
        
       package jetstream

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/identity"

     

       5
       5
       +
       	"Coves/internal/core/users"

     

       4
       6
        
       	"context"

     

       5
       7
        
       	"encoding/json"

     

       6
       8
        
       	"fmt"

     

       7
       9
        
       	"log"

     

       8
       10
        
       	"time"

     

       9
       11
        
       

     

       10
       10
       -
       	"Coves/internal/atproto/identity"

     

       11
       11
       -
       	"Coves/internal/core/users"

     

       12
       12
        
       	"github.com/gorilla/websocket"

     

       13
       13
        
       )

     

       14
       14
        
       

     

       15
       15
        
       // JetstreamEvent represents an event from the Jetstream firehose

     

       16
       16
        
       // Jetstream documentation: https://docs.bsky.app/docs/advanced-guides/jetstream

     

       17
       17
        
       type JetstreamEvent struct {

     

       18
       18
       -
       	Did      string         `json:"did"`

     

       19
       19
       -
       	TimeUS   int64          `json:"time_us"`

     

       20
       20
       -
       	Kind     string         `json:"kind"` // "account", "commit", "identity"

     

       21
       18
        
       	Account  *AccountEvent  `json:"account,omitempty"`

     

       22
       19
        
       	Identity *IdentityEvent `json:"identity,omitempty"`

     

       23
       20
        
       	Commit   *CommitEvent   `json:"commit,omitempty"`

     

       21
       21
       +
       	Did      string         `json:"did"`

     

       22
       22
       +
       	Kind     string         `json:"kind"`

     

       23
       23
       +
       	TimeUS   int64          `json:"time_us"`

     

       24
       24
        
       }

     

       25
       25
        
       

     

       26
       26
        
       type AccountEvent struct {

     

       27
       27
       -
       	Active bool   `json:"active"`

     

       28
       27
        
       	Did    string `json:"did"`

     

       28
       28
       +
       	Time   string `json:"time"`

     

       29
       29
        
       	Seq    int64  `json:"seq"`

     

       30
       30
       -
       	Time   string `json:"time"`

     

       30
       30
       +
       	Active bool   `json:"active"`

     

       31
       31
        
       }

     

       32
       32
        
       

     

       33
       33
        
       type IdentityEvent struct {

     

       34
       34
        
       	Did    string `json:"did"`

     

       35
       35
        
       	Handle string `json:"handle"`

     

       36
       36
       -
       	Seq    int64  `json:"seq"`

     

       37
       36
        
       	Time   string `json:"time"`

     

       37
       37
       +
       	Seq    int64  `json:"seq"`

     

       38
       38
        
       }

     

       39
       39
        
       

     

       40
       40
        
       // CommitEvent represents a record commit from Jetstream

     
···

       56
       56
        
       }

     

       57
       57
        
       

     

       58
       58
        
       // NewUserEventConsumer creates a new Jetstream consumer for user events

     

       59
       59
       -
       func NewUserEventConsumer(userService users.UserService, identityResolver identity.Resolver, wsURL string, pdsFilter string) *UserEventConsumer {

     

       59
       59
       +
       func NewUserEventConsumer(userService users.UserService, identityResolver identity.Resolver, wsURL, pdsFilter string) *UserEventConsumer {

     

       60
       60
        
       	return &UserEventConsumer{

     

       61
       61
        
       		userService:      userService,

     

       62
       62
        
       		identityResolver: identityResolver,

     
···

       91
       91
        
       	if err != nil {

     

       92
       92
        
       		return fmt.Errorf("failed to connect to Jetstream: %w", err)

     

       93
       93
        
       	}

     

       94
       94
       -
       	defer conn.Close()

     

       94
       94
       +
       	defer func() {

     

       95
       95
       +
       		if err := conn.Close(); err != nil {

     

       96
       96
       +
       			log.Printf("Failed to close WebSocket connection: %v", err)

     

       97
       97
       +
       		}

     

       98
       98
       +
       	}()

     

       95
       99
        
       

     

       96
       100
        
       	log.Println("Connected to Jetstream")

     

       97
       101
        
       

     

       98
       102
        
       	// Set read deadline to detect connection issues

     

       99
       99
       -
       	conn.SetReadDeadline(time.Now().Add(60 * time.Second))

     

       103
       103
       +
       	if err := conn.SetReadDeadline(time.Now().Add(60 * time.Second)); err != nil {

     

       104
       104
       +
       		log.Printf("Failed to set read deadline: %v", err)

     

       105
       105
       +
       	}

     

       100
       106
        
       

     

       101
       107
        
       	// Set pong handler to keep connection alive

     

       102
       108
        
       	conn.SetPongHandler(func(string) error {

     

       103
       103
       -
       		conn.SetReadDeadline(time.Now().Add(60 * time.Second))

     

       109
       109
       +
       		if err := conn.SetReadDeadline(time.Now().Add(60 * time.Second)); err != nil {

     

       110
       110
       +
       			log.Printf("Failed to set read deadline in pong handler: %v", err)

     

       111
       111
       +
       		}

     

       104
       112
        
       		return nil

     

       105
       113
        
       	})

     

       106
       114
        
       

     
···

       146
       154
        
       			}

     

       147
       155
        
       

     

       148
       156
        
       			// Reset read deadline on successful read

     

       149
       149
       -
       			conn.SetReadDeadline(time.Now().Add(60 * time.Second))

     

       157
       157
       +
       			if err := conn.SetReadDeadline(time.Now().Add(60 * time.Second)); err != nil {

     

       158
       158
       +
       				log.Printf("Failed to set read deadline: %v", err)

     

       159
       159
       +
       			}

     

       150
       160
        
       

     

       151
       161
        
       			if err := c.handleEvent(ctx, message); err != nil {

     

       152
       162
        
       				log.Printf("Error handling event: %v", err)

+6 -6

internal/atproto/oauth/dpop.go

···

       92
       92
        
       	// Create headers with DPoP-specific fields

     

       93
       93
        
       	// RFC 9449 requires the "jwk" header to contain the public key as a JSON object

     

       94
       94
        
       	headers := jws.NewHeaders()

     

       95
       95
       -
       	if err := headers.Set(jws.AlgorithmKey, jwa.ES256); err != nil {

     

       96
       96
       -
       		return "", fmt.Errorf("failed to set algorithm: %w", err)

     

       95
       95
       +
       	if setErr := headers.Set(jws.AlgorithmKey, jwa.ES256); setErr != nil {

     

       96
       96
       +
       		return "", fmt.Errorf("failed to set algorithm: %w", setErr)

     

       97
       97
        
       	}

     

       98
       98
       -
       	if err := headers.Set(jws.TypeKey, "dpop+jwt"); err != nil {

     

       99
       99
       -
       		return "", fmt.Errorf("failed to set type: %w", err)

     

       98
       98
       +
       	if setErr := headers.Set(jws.TypeKey, "dpop+jwt"); setErr != nil {

     

       99
       99
       +
       		return "", fmt.Errorf("failed to set type: %w", setErr)

     

       100
       100
        
       	}

     

       101
       101
        
       	// Set the public JWK directly - jwx library will handle serialization

     

       102
       102
       -
       	if err := headers.Set(jws.JWKKey, pubKey); err != nil {

     

       103
       103
       -
       		return "", fmt.Errorf("failed to set JWK: %w", err)

     

       102
       102
       +
       	if setErr := headers.Set(jws.JWKKey, pubKey); setErr != nil {

     

       103
       103
       +
       		return "", fmt.Errorf("failed to set JWK: %w", setErr)

     

       104
       104
        
       	}

     

       105
       105
        
       

     

       106
       106
        
       	// Sign using jws.Sign to preserve custom headers

+19 -9

internal/atproto/oauth/dpop_test.go

···

       28
       28
        
       	}

     

       29
       29
        
       

     

       30
       30
        
       	// Decode and inspect the header

     

       31
       31
       -
       	headerJSON, err := base64.RawURLEncoding.DecodeString(parts[0])

     

       32
       32
       -
       	if err != nil {

     

       33
       33
       -
       		t.Fatalf("Failed to decode header: %v", err)

     

       31
       31
       +
       	headerJSON, decodeErr := base64.RawURLEncoding.DecodeString(parts[0])

     

       32
       32
       +
       	if decodeErr != nil {

     

       33
       33
       +
       		t.Fatalf("Failed to decode header: %v", decodeErr)

     

       34
       34
        
       	}

     

       35
       35
        
       

     

       36
       36
        
       	var header map[string]interface{}

     

       37
       37
       -
       	if err := json.Unmarshal(headerJSON, &header); err != nil {

     

       38
       38
       -
       		t.Fatalf("Failed to unmarshal header: %v", err)

     

       37
       37
       +
       	if unmarshalErr := json.Unmarshal(headerJSON, &header); unmarshalErr != nil {

     

       38
       38
       +
       		t.Fatalf("Failed to unmarshal header: %v", unmarshalErr)

     

       39
       39
        
       	}

     

       40
       40
        
       

     

       41
       41
        
       	t.Logf("DPoP Header: %s", string(headerJSON))

     
···

       122
       122
        
       

     

       123
       123
        
       	// Decode payload

     

       124
       124
        
       	parts := strings.Split(proof, ".")

     

       125
       125
       -
       	payloadJSON, _ := base64.RawURLEncoding.DecodeString(parts[1])

     

       125
       125
       +
       	payloadJSON, err := base64.RawURLEncoding.DecodeString(parts[1])

     

       126
       126
       +
       	if err != nil {

     

       127
       127
       +
       		t.Fatalf("Failed to decode payload: %v", err)

     

       128
       128
       +
       	}

     

       126
       129
        
       	var payload map[string]interface{}

     

       127
       127
       -
       	json.Unmarshal(payloadJSON, &payload)

     

       130
       130
       +
       	if err := json.Unmarshal(payloadJSON, &payload); err != nil {

     

       131
       131
       +
       		t.Fatalf("Failed to unmarshal payload: %v", err)

     

       132
       132
       +
       	}

     

       128
       133
        
       

     

       129
       134
        
       	if payload["nonce"] != testNonce {

     

       130
       135
        
       		t.Errorf("Expected nonce=%s, got %v", testNonce, payload["nonce"])

     
···

       146
       151
        
       

     

       147
       152
        
       	// Decode payload

     

       148
       153
        
       	parts := strings.Split(proof, ".")

     

       149
       149
       -
       	payloadJSON, _ := base64.RawURLEncoding.DecodeString(parts[1])

     

       154
       154
       +
       	payloadJSON, err := base64.RawURLEncoding.DecodeString(parts[1])

     

       155
       155
       +
       	if err != nil {

     

       156
       156
       +
       		t.Fatalf("Failed to decode payload: %v", err)

     

       157
       157
       +
       	}

     

       150
       158
        
       	var payload map[string]interface{}

     

       151
       151
       -
       	json.Unmarshal(payloadJSON, &payload)

     

       159
       159
       +
       	if err := json.Unmarshal(payloadJSON, &payload); err != nil {

     

       160
       160
       +
       		t.Fatalf("Failed to unmarshal payload: %v", err)

     

       161
       161
       +
       	}

     

       152
       162
        
       

     

       153
       163
        
       	ath, hasATH := payload["ath"]

     

       154
       164
        
       	if !hasATH {

+16 -9

internal/atproto/xrpc/dpop_transport.go

···

       1
       1
        
       package xrpc

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/oauth"

     

       4
       5
        
       	"fmt"

     

       6
       6
       +
       	"log"

     

       5
       7
        
       	"net/http"

     

       6
       8
        
       	"sync"

     

       7
       9
        
       

     

       8
       8
       -
       	"Coves/internal/atproto/oauth"

     

       9
       10
        
       	oauthCore "Coves/internal/core/oauth"

     

       10
       11
        
       

     

       11
       12
        
       	"github.com/lestrrat-go/jwx/v2/jwk"

     
···

       18
       19
        
       // 3. Handles nonce rotation (retries on 401 with new nonce)

     

       19
       20
        
       // 4. Updates nonces in session store

     

       20
       21
        
       type DPoPTransport struct {

     

       21
       21
       -
       	base            http.RoundTripper      // Underlying transport (usually http.DefaultTransport)

     

       22
       22
       -
       	session         *oauthCore.OAuthSession // User's OAuth session

     

       23
       23
       -
       	sessionStore    oauthCore.SessionStore  // For updating nonces

     

       24
       24
       -
       	dpopKey         jwk.Key                 // Parsed DPoP private key

     

       25
       25
       -
       	mu              sync.Mutex              // Protects nonce updates

     

       22
       22
       +
       	base         http.RoundTripper       // Underlying transport (usually http.DefaultTransport)

     

       23
       23
       +
       	session      *oauthCore.OAuthSession // User's OAuth session

     

       24
       24
       +
       	sessionStore oauthCore.SessionStore  // For updating nonces

     

       25
       25
       +
       	dpopKey      jwk.Key                 // Parsed DPoP private key

     

       26
       26
       +
       	mu           sync.Mutex              // Protects nonce updates

     

       26
       27
        
       }

     

       27
       28
        
       

     

       28
       29
        
       // NewDPoPTransport creates a new DPoP-enabled HTTP transport

     
···

       87
       88
        
       			t.updateDPoPNonce(req.URL.String(), newNonce)

     

       88
       89
        
       

     

       89
       90
        
       			// Close the 401 response body

     

       90
       90
       -
       			_ = resp.Body.Close()

     

       91
       91
       +
       			if err := resp.Body.Close(); err != nil {

     

       92
       92
       +
       				log.Printf("Failed to close response body: %v", err)

     

       93
       93
       +
       			}

     

       91
       94
        
       

     

       92
       95
        
       			// Retry with new nonce

     

       93
       96
        
       			return t.retryWithNewNonce(req, newNonce)

     
···

       134
       137
        
       		t.mu.Unlock()

     

       135
       138
        
       		// Persist to database (async, best-effort)

     

       136
       139
        
       		go func() {

     

       137
       137
       -
       			_ = t.sessionStore.UpdatePDSNonce(did, newNonce)

     

       140
       140
       +
       			if err := t.sessionStore.UpdatePDSNonce(did, newNonce); err != nil {

     

       141
       141
       +
       				log.Printf("Failed to update PDS nonce: %v", err)

     

       142
       142
       +
       			}

     

       138
       143
        
       		}()

     

       139
       144
        
       		return

     

       140
       145
        
       	}

     
···

       145
       150
        
       		t.mu.Unlock()

     

       146
       151
        
       		// Persist to database (async, best-effort)

     

       147
       152
        
       		go func() {

     

       148
       148
       -
       			_ = t.sessionStore.UpdateAuthServerNonce(did, newNonce)

     

       153
       153
       +
       			if err := t.sessionStore.UpdateAuthServerNonce(did, newNonce); err != nil {

     

       154
       154
       +
       				log.Printf("Failed to update auth server nonce: %v", err)

     

       155
       155
       +
       			}

     

       149
       156
        
       		}()

     

       150
       157
        
       		return

     

       151
       158
        
       	}

+15 -46

internal/core/communities/service.go

···

       1
       1
        
       package communities

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/did"

     

       4
       5
        
       	"bytes"

     

       5
       6
        
       	"context"

     

       6
       7
        
       	"encoding/json"

     

       7
       8
        
       	"fmt"

     

       8
       9
        
       	"io"

     

       10
       10
       +
       	"log"

     

       9
       11
        
       	"net/http"

     

       10
       12
        
       	"regexp"

     

       11
       13
        
       	"strings"

     

       12
       14
        
       	"time"

     

       13
       13
       -
       

     

       14
       14
       -
       	"Coves/internal/atproto/did"

     

       15
       15
        
       )

     

       16
       16
        
       

     

       17
       17
        
       // Community handle validation regex (DNS-valid handle: name.communities.instance.com)

     
···

       21
       21
        
       type communityService struct {

     

       22
       22
        
       	repo           Repository

     

       23
       23
        
       	didGen         *did.Generator

     

       24
       24
       -
       	pdsURL         string                 // PDS URL for write-forward operations

     

       25
       25
       -
       	instanceDID    string                 // DID of this Coves instance

     

       26
       26
       -
       	instanceDomain string                 // Domain of this instance (for handles)

     

       27
       27
       -
       	pdsAccessToken string                 // Access token for authenticating to PDS as the instance

     

       28
       28
       -
       	provisioner    *PDSAccountProvisioner // V2: Creates PDS accounts for communities

     

       24
       24
       +
       	provisioner    *PDSAccountProvisioner

     

       25
       25
       +
       	pdsURL         string

     

       26
       26
       +
       	instanceDID    string

     

       27
       27
       +
       	instanceDomain string

     

       28
       28
       +
       	pdsAccessToken string

     

       29
       29
        
       }

     

       30
       30
        
       

     

       31
       31
        
       // NewCommunityService creates a new community service

     

       32
       32
       -
       func NewCommunityService(repo Repository, didGen *did.Generator, pdsURL string, instanceDID string, instanceDomain string, provisioner *PDSAccountProvisioner) Service {

     

       32
       32
       +
       func NewCommunityService(repo Repository, didGen *did.Generator, pdsURL, instanceDID, instanceDomain string, provisioner *PDSAccountProvisioner) Service {

     

       33
       33
        
       	return &communityService{

     

       34
       34
        
       		repo:           repo,

     

       35
       35
        
       		didGen:         didGen,

     
···

       81
       81
        
       	}

     

       82
       82
        
       

     

       83
       83
        
       	// Validate the atProto handle

     

       84
       84
       -
       	if err := s.ValidateHandle(pdsAccount.Handle); err != nil {

     

       85
       85
       -
       		return nil, fmt.Errorf("generated atProto handle is invalid: %w", err)

     

       84
       84
       +
       	if validateErr := s.ValidateHandle(pdsAccount.Handle); validateErr != nil {

     

       85
       85
       +
       		return nil, fmt.Errorf("generated atProto handle is invalid: %w", validateErr)

     

       86
       86
        
       	}

     

       87
       87
        
       

     

       88
       88
        
       	// Build community profile record

     
···

       580
       580
        
       	return s.callPDSWithAuth(ctx, "POST", endpoint, payload, accessToken)

     

       581
       581
        
       }

     

       582
       582
        
       

     

       583
       583
       -
       func (s *communityService) putRecordOnPDS(ctx context.Context, repoDID, collection, rkey string, record map[string]interface{}) (string, string, error) {

     

       584
       584
       -
       	endpoint := fmt.Sprintf("%s/xrpc/com.atproto.repo.putRecord", strings.TrimSuffix(s.pdsURL, "/"))

     

       585
       585
       -
       

     

       586
       586
       -
       	payload := map[string]interface{}{

     

       587
       587
       -
       		"repo":       repoDID,

     

       588
       588
       -
       		"collection": collection,

     

       589
       589
       -
       		"rkey":       rkey,

     

       590
       590
       -
       		"record":     record,

     

       591
       591
       -
       	}

     

       592
       592
       -
       

     

       593
       593
       -
       	return s.callPDS(ctx, "POST", endpoint, payload)

     

       594
       594
       -
       }

     

       595
       595
       -
       

     

       596
       583
        
       // putRecordOnPDSAs updates a record with a specific access token (for V2 community auth)

     

       597
       584
        
       func (s *communityService) putRecordOnPDSAs(ctx context.Context, repoDID, collection, rkey string, record map[string]interface{}, accessToken string) (string, string, error) {

     

       598
       585
        
       	endpoint := fmt.Sprintf("%s/xrpc/com.atproto.repo.putRecord", strings.TrimSuffix(s.pdsURL, "/"))

     
···

       660
       647
        
       	if err != nil {

     

       661
       648
        
       		return "", "", fmt.Errorf("failed to call PDS: %w", err)

     

       662
       649
        
       	}

     

       663
       663
       -
       	defer resp.Body.Close()

     

       650
       650
       +
       	defer func() {

     

       651
       651
       +
       		if closeErr := resp.Body.Close(); closeErr != nil {

     

       652
       652
       +
       			log.Printf("Failed to close response body: %v", closeErr)

     

       653
       653
       +
       		}

     

       654
       654
       +
       	}()

     

       664
       655
        
       

     

       665
       656
        
       	body, err := io.ReadAll(resp.Body)

     

       666
       657
        
       	if err != nil {

     
···

       688
       679
        
       }

     

       689
       680
        
       

     

       690
       681
        
       // Helper functions

     

       691
       691
       -
       

     

       692
       692
       -
       func extractDomain(didOrURL string) string {

     

       693
       693
       -
       	// For did:web:example.com -> example.com

     

       694
       694
       -
       	if strings.HasPrefix(didOrURL, "did:web:") {

     

       695
       695
       -
       		parts := strings.Split(didOrURL, ":")

     

       696
       696
       -
       		if len(parts) >= 3 {

     

       697
       697
       -
       			return parts[2]

     

       698
       698
       -
       		}

     

       699
       699
       -
       	}

     

       700
       700
       -
       

     

       701
       701
       -
       	// For URLs, extract domain

     

       702
       702
       -
       	if strings.Contains(didOrURL, "://") {

     

       703
       703
       -
       		parts := strings.Split(didOrURL, "://")

     

       704
       704
       -
       		if len(parts) >= 2 {

     

       705
       705
       -
       			domain := strings.Split(parts[1], "/")[0]

     

       706
       706
       -
       			domain = strings.Split(domain, ":")[0] // Remove port

     

       707
       707
       -
       			return domain

     

       708
       708
       -
       		}

     

       709
       709
       -
       	}

     

       710
       710
       -
       

     

       711
       711
       -
       	return ""

     

       712
       712
       -
       }

     

       713
       682
        
       

     

       714
       683
        
       func extractRKeyFromURI(uri string) string {

     

       715
       684
        
       	// at://did/collection/rkey -> rkey

+4 -3

internal/core/oauth/auth_service.go

···

       1
       1
        
       package oauth

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/oauth"

     

       4
       5
        
       	"context"

     

       5
       6
        
       	"fmt"

     

       6
       7
        
       	"time"

     

       7
       7
       -
       

     

       8
       8
       -
       	"Coves/internal/atproto/oauth"

     

       9
       8
        
       

     

       10
       9
        
       	"github.com/lestrrat-go/jwx/v2/jwk"

     

       11
       10
        
       )

     
···

       71
       70
        
       	// Update nonce if provided (best effort - non-critical)

     

       72
       71
        
       	if tokenResp.DpopAuthserverNonce != "" {

     

       73
       72
        
       		session.DPoPAuthServerNonce = tokenResp.DpopAuthserverNonce

     

       74
       74
       -
       		if err := s.sessionStore.UpdateAuthServerNonce(session.DID, tokenResp.DpopAuthserverNonce); err != nil {

     

       73
       73
       +
       		if updateErr := s.sessionStore.UpdateAuthServerNonce(session.DID, tokenResp.DpopAuthserverNonce); updateErr != nil {

     

       75
       74
        
       			// Log but don't fail - nonce will be updated on next request

     

       75
       75
       +
       			// (We ignore the error here intentionally as nonce updates are non-critical)

     

       76
       76
       +
       			_ = updateErr

     

       76
       77
        
       		}

     

       77
       78
        
       	}

     

       78
       79

+8 -4

internal/core/users/service.go

···

       1
       1
        
       package users

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/atproto/identity"

     

       4
       5
        
       	"bytes"

     

       5
       6
        
       	"context"

     

       6
       7
        
       	"encoding/json"

     

       7
       8
        
       	"fmt"

     

       8
       9
        
       	"io"

     

       10
       10
       +
       	"log"

     

       9
       11
        
       	"net/http"

     

       10
       12
        
       	"regexp"

     

       11
       13
        
       	"strings"

     

       12
       14
        
       	"time"

     

       13
       13
       -
       

     

       14
       14
       -
       	"Coves/internal/atproto/identity"

     

       15
       15
        
       )

     

       16
       16
        
       

     

       17
       17
        
       // atProto handle validation regex (per official atProto spec: https://atproto.com/specs/handle)

     
···

       187
       187
        
       	if err != nil {

     

       188
       188
        
       		return nil, fmt.Errorf("failed to call PDS: %w", err)

     

       189
       189
        
       	}

     

       190
       190
       -
       	defer resp.Body.Close()

     

       190
       190
       +
       	defer func() {

     

       191
       191
       +
       		if closeErr := resp.Body.Close(); closeErr != nil {

     

       192
       192
       +
       			log.Printf("Failed to close response body: %v", closeErr)

     

       193
       193
       +
       		}

     

       194
       194
       +
       	}()

     

       191
       195
        
       

     

       192
       196
        
       	body, err := io.ReadAll(resp.Body)

     

       193
       197
        
       	if err != nil {

     
···

       293
       297
        
       	}

     

       294
       298
        
       

     

       295
       299
        
       	return nil

     

       296
       296
       -
       }
     

       300
       300
       +
       }

+20 -19

internal/db/postgres/community_repo.go

···

       1
       1
        
       package postgres

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"context"

     

       5
       6
        
       	"database/sql"

     

       6
       7
        
       	"fmt"

     

       8
       8
       +
       	"log"

     

       7
       9
        
       	"strings"

     

       8
       10
        
       

     

       9
       9
       -
       	"Coves/internal/core/communities"

     

       10
       11
        
       	"github.com/lib/pq"

     

       11
       12
        
       )

     

       12
       13
        
       

     
···

       44
       45
        
       

     

       45
       46
        
       	// Handle JSONB field - use sql.NullString with valid JSON or NULL

     

       46
       47
        
       	var descFacets interface{}

     

       47
       47
       -
       	if community.DescriptionFacets != nil && len(community.DescriptionFacets) > 0 {

     

       48
       48
       +
       	if len(community.DescriptionFacets) > 0 {

     

       48
       49
        
       		descFacets = community.DescriptionFacets

     

       49
       50
        
       	} else {

     

       50
       51
        
       		descFacets = nil

     
···

       82
       83
        
       		nullString(community.RecordURI),

     

       83
       84
        
       		nullString(community.RecordCID),

     

       84
       85
        
       	).Scan(&community.ID, &community.CreatedAt, &community.UpdatedAt)

     

       85
       85
       -
       

     

       86
       86
        
       	if err != nil {

     

       87
       87
        
       		// Check for unique constraint violations

     

       88
       88
        
       		if strings.Contains(err.Error(), "duplicate key") {

     
···

       240
       240
        
       

     

       241
       241
        
       	// Handle JSONB field - use sql.NullString with valid JSON or NULL

     

       242
       242
        
       	var descFacets interface{}

     

       243
       243
       -
       	if community.DescriptionFacets != nil && len(community.DescriptionFacets) > 0 {

     

       243
       243
       +
       	if len(community.DescriptionFacets) > 0 {

     

       244
       244
        
       		descFacets = community.DescriptionFacets

     

       245
       245
        
       	} else {

     

       246
       246
        
       		descFacets = nil

     
···

       358
       358
        
       	if err != nil {

     

       359
       359
        
       		return nil, 0, fmt.Errorf("failed to list communities: %w", err)

     

       360
       360
        
       	}

     

       361
       361
       -
       	defer rows.Close()

     

       361
       361
       +
       	defer func() {

     

       362
       362
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       363
       363
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       364
       364
       +
       		}

     

       365
       365
       +
       	}()

     

       362
       366
        
       

     

       363
       367
        
       	result := []*communities.Community{}

     

       364
       368
        
       	for rows.Next() {

     
···

       368
       372
        
       		var descFacets []byte

     

       369
       373
        
       		var contentWarnings []string

     

       370
       374
        
       

     

       371
       371
       -
       		err := rows.Scan(

     

       375
       375
       +
       		scanErr := rows.Scan(

     

       372
       376
        
       			&community.ID, &community.DID, &community.Handle, &community.Name,

     

       373
       377
        
       			&displayName, &description, &descFacets,

     

       374
       378
        
       			&avatarCID, &bannerCID,

     
···

       380
       384
        
       			&community.CreatedAt, &community.UpdatedAt,

     

       381
       385
        
       			&recordURI, &recordCID,

     

       382
       386
        
       		)

     

       383
       383
       -
       		if err != nil {

     

       384
       384
       -
       			return nil, 0, fmt.Errorf("failed to scan community: %w", err)

     

       387
       387
       +
       		if scanErr != nil {

     

       388
       388
       +
       			return nil, 0, fmt.Errorf("failed to scan community: %w", scanErr)

     

       385
       389
        
       		}

     

       386
       390
        
       

     

       387
       391
        
       		// Map nullable fields

     
···

       456
       460
        
       	if err != nil {

     

       457
       461
        
       		return nil, 0, fmt.Errorf("failed to search communities: %w", err)

     

       458
       462
        
       	}

     

       459
       459
       -
       	defer rows.Close()

     

       463
       463
       +
       	defer func() {

     

       464
       464
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       465
       465
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       466
       466
       +
       		}

     

       467
       467
       +
       	}()

     

       460
       468
        
       

     

       461
       469
        
       	result := []*communities.Community{}

     

       462
       470
        
       	for rows.Next() {

     
···

       467
       475
        
       		var contentWarnings []string

     

       468
       476
        
       		var relevance float64

     

       469
       477
        
       

     

       470
       470
       -
       		err := rows.Scan(

     

       478
       478
       +
       		scanErr := rows.Scan(

     

       471
       479
        
       			&community.ID, &community.DID, &community.Handle, &community.Name,

     

       472
       480
        
       			&displayName, &description, &descFacets,

     

       473
       481
        
       			&avatarCID, &bannerCID,

     
···

       480
       488
        
       			&recordURI, &recordCID,

     

       481
       489
        
       			&relevance,

     

       482
       490
        
       		)

     

       483
       483
       -
       		if err != nil {

     

       484
       484
       -
       			return nil, 0, fmt.Errorf("failed to scan community: %w", err)

     

       491
       491
       +
       		if scanErr != nil {

     

       492
       492
       +
       			return nil, 0, fmt.Errorf("failed to scan community: %w", scanErr)

     

       485
       493
        
       		}

     

       486
       494
        
       

     

       487
       495
        
       		// Map nullable fields

     
···

       513
       521
        
       func nullString(s string) sql.NullString {

     

       514
       522
        
       	return sql.NullString{String: s, Valid: s != ""}

     

       515
       523
        
       }

     

       516
       516
       -
       

     

       517
       517
       -
       func nullBytes(b []byte) []byte {

     

       518
       518
       -
       	if b == nil || len(b) == 0 {

     

       519
       519
       -
       		return nil

     

       520
       520
       -
       	}

     

       521
       521
       -
       	return b

     

       522
       522
       -
       }

+18 -12

internal/db/postgres/community_repo_memberships.go

···

       1
       1
        
       package postgres

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"context"

     

       5
       6
        
       	"database/sql"

     

       6
       7
        
       	"fmt"

     

       8
       8
       +
       	"log"

     

       7
       9
        
       	"strings"

     

       8
       8
       -
       

     

       9
       9
       -
       	"Coves/internal/core/communities"

     

       10
       10
        
       )

     

       11
       11
        
       

     

       12
       12
        
       // CreateMembership creates a new membership record

     
···

       29
       29
        
       		membership.IsBanned,

     

       30
       30
        
       		membership.IsModerator,

     

       31
       31
        
       	).Scan(&membership.ID, &membership.JoinedAt, &membership.LastActiveAt)

     

       32
       32
       -
       

     

       33
       32
        
       	if err != nil {

     

       34
       33
        
       		if strings.Contains(err.Error(), "duplicate key") {

     

       35
       34
        
       			return nil, fmt.Errorf("membership already exists")

     
···

       120
       119
        
       	if err != nil {

     

       121
       120
        
       		return nil, fmt.Errorf("failed to list members: %w", err)

     

       122
       121
        
       	}

     

       123
       123
       -
       	defer rows.Close()

     

       122
       122
       +
       	defer func() {

     

       123
       123
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       124
       124
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       125
       125
       +
       		}

     

       126
       126
       +
       	}()

     

       124
       127
        
       

     

       125
       128
        
       	result := []*communities.Membership{}

     

       126
       129
        
       	for rows.Next() {

     

       127
       130
        
       		membership := &communities.Membership{}

     

       128
       131
        
       

     

       129
       129
       -
       		err := rows.Scan(

     

       132
       132
       +
       		scanErr := rows.Scan(

     

       130
       133
        
       			&membership.ID,

     

       131
       134
        
       			&membership.UserDID,

     

       132
       135
        
       			&membership.CommunityDID,

     
···

       137
       140
        
       			&membership.IsBanned,

     

       138
       141
        
       			&membership.IsModerator,

     

       139
       142
        
       		)

     

       140
       140
       -
       		if err != nil {

     

       141
       141
       -
       			return nil, fmt.Errorf("failed to scan member: %w", err)

     

       143
       143
       +
       		if scanErr != nil {

     

       144
       144
       +
       			return nil, fmt.Errorf("failed to scan member: %w", scanErr)

     

       142
       145
        
       		}

     

       143
       146
        
       

     

       144
       147
        
       		result = append(result, membership)

     
···

       169
       172
        
       		action.CreatedAt,

     

       170
       173
        
       		action.ExpiresAt,

     

       171
       174
        
       	).Scan(&action.ID, &action.CreatedAt)

     

       172
       172
       -
       

     

       173
       175
        
       	if err != nil {

     

       174
       176
        
       		if strings.Contains(err.Error(), "foreign key") {

     

       175
       177
        
       			return nil, communities.ErrCommunityNotFound

     
···

       193
       195
        
       	if err != nil {

     

       194
       196
        
       		return nil, fmt.Errorf("failed to list moderation actions: %w", err)

     

       195
       197
        
       	}

     

       196
       196
       -
       	defer rows.Close()

     

       198
       198
       +
       	defer func() {

     

       199
       199
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       200
       200
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       201
       201
       +
       		}

     

       202
       202
       +
       	}()

     

       197
       203
        
       

     

       198
       204
        
       	result := []*communities.ModerationAction{}

     

       199
       205
        
       	for rows.Next() {

     

       200
       206
        
       		action := &communities.ModerationAction{}

     

       201
       207
        
       		var reason sql.NullString

     

       202
       208
        
       

     

       203
       203
       -
       		err := rows.Scan(

     

       209
       209
       +
       		scanErr := rows.Scan(

     

       204
       210
        
       			&action.ID,

     

       205
       211
        
       			&action.CommunityDID,

     

       206
       212
        
       			&action.Action,

     
···

       210
       216
        
       			&action.CreatedAt,

     

       211
       217
        
       			&action.ExpiresAt,

     

       212
       218
        
       		)

     

       213
       213
       -
       		if err != nil {

     

       214
       214
       -
       			return nil, fmt.Errorf("failed to scan moderation action: %w", err)

     

       219
       219
       +
       		if scanErr != nil {

     

       220
       220
       +
       			return nil, fmt.Errorf("failed to scan moderation action: %w", scanErr)

     

       215
       221
        
       		}

     

       216
       222
        
       

     

       217
       223
        
       		action.Reason = reason.String

+32 -17

internal/db/postgres/community_repo_subscriptions.go

···

       1
       1
        
       package postgres

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/core/communities"

     

       4
       5
        
       	"context"

     

       5
       6
        
       	"database/sql"

     

       6
       7
        
       	"fmt"

     

       8
       8
       +
       	"log"

     

       7
       9
        
       	"strings"

     

       8
       8
       -
       

     

       9
       9
       -
       	"Coves/internal/core/communities"

     

       10
       10
        
       )

     

       11
       11
        
       

     

       12
       12
        
       // Subscribe creates a new subscription record

     
···

       23
       23
        
       		nullString(subscription.RecordURI),

     

       24
       24
        
       		nullString(subscription.RecordCID),

     

       25
       25
        
       	).Scan(&subscription.ID, &subscription.SubscribedAt)

     

       26
       26
       -
       

     

       27
       26
        
       	if err != nil {

     

       28
       27
        
       		if strings.Contains(err.Error(), "duplicate key") {

     

       29
       28
        
       			return nil, communities.ErrSubscriptionAlreadyExists

     
···

       44
       43
        
       	if err != nil {

     

       45
       44
        
       		return nil, fmt.Errorf("failed to begin transaction: %w", err)

     

       46
       45
        
       	}

     

       47
       47
       -
       	defer tx.Rollback()

     

       46
       46
       +
       	defer func() {

     

       47
       47
       +
       		if rollbackErr := tx.Rollback(); rollbackErr != nil && rollbackErr != sql.ErrTxDone {

     

       48
       48
       +
       			log.Printf("Failed to rollback transaction: %v", rollbackErr)

     

       49
       49
       +
       		}

     

       50
       50
       +
       	}()

     

       48
       51
        
       

     

       49
       52
        
       	// Insert subscription with ON CONFLICT DO NOTHING for idempotency

     

       50
       53
        
       	query := `

     
···

       70
       73
        
       			return nil, fmt.Errorf("failed to get existing subscription: %w", err)

     

       71
       74
        
       		}

     

       72
       75
        
       		// Don't increment count - subscription already existed

     

       73
       73
       -
       		if err := tx.Commit(); err != nil {

     

       74
       74
       -
       			return nil, fmt.Errorf("failed to commit transaction: %w", err)

     

       76
       76
       +
       		if commitErr := tx.Commit(); commitErr != nil {

     

       77
       77
       +
       			return nil, fmt.Errorf("failed to commit transaction: %w", commitErr)

     

       75
       78
        
       		}

     

       76
       79
        
       		return subscription, nil

     

       77
       80
        
       	}

     
···

       129
       132
        
       	if err != nil {

     

       130
       133
        
       		return fmt.Errorf("failed to begin transaction: %w", err)

     

       131
       134
        
       	}

     

       132
       132
       -
       	defer tx.Rollback()

     

       135
       135
       +
       	defer func() {

     

       136
       136
       +
       		if rollbackErr := tx.Rollback(); rollbackErr != nil && rollbackErr != sql.ErrTxDone {

     

       137
       137
       +
       			log.Printf("Failed to rollback transaction: %v", rollbackErr)

     

       138
       138
       +
       		}

     

       139
       139
       +
       	}()

     

       133
       140
        
       

     

       134
       141
        
       	// Delete subscription

     

       135
       142
        
       	deleteQuery := `DELETE FROM community_subscriptions WHERE user_did = $1 AND community_did = $2`

     
···

       145
       152
        
       

     

       146
       153
        
       	// If no rows deleted, subscription didn't exist (idempotent - not an error)

     

       147
       154
        
       	if rowsAffected == 0 {

     

       148
       148
       -
       		if err := tx.Commit(); err != nil {

     

       149
       149
       -
       			return fmt.Errorf("failed to commit transaction: %w", err)

     

       155
       155
       +
       		if commitErr := tx.Commit(); commitErr != nil {

     

       156
       156
       +
       			return fmt.Errorf("failed to commit transaction: %w", commitErr)

     

       150
       157
        
       		}

     

       151
       158
        
       		return nil

     

       152
       159
        
       	}

     
···

       214
       221
        
       	if err != nil {

     

       215
       222
        
       		return nil, fmt.Errorf("failed to list subscriptions: %w", err)

     

       216
       223
        
       	}

     

       217
       217
       -
       	defer rows.Close()

     

       224
       224
       +
       	defer func() {

     

       225
       225
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       226
       226
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       227
       227
       +
       		}

     

       228
       228
       +
       	}()

     

       218
       229
        
       

     

       219
       230
        
       	result := []*communities.Subscription{}

     

       220
       231
        
       	for rows.Next() {

     

       221
       232
        
       		subscription := &communities.Subscription{}

     

       222
       233
        
       		var recordURI, recordCID sql.NullString

     

       223
       234
        
       

     

       224
       224
       -
       		err := rows.Scan(

     

       235
       235
       +
       		scanErr := rows.Scan(

     

       225
       236
        
       			&subscription.ID,

     

       226
       237
        
       			&subscription.UserDID,

     

       227
       238
        
       			&subscription.CommunityDID,

     
···

       229
       240
        
       			&recordURI,

     

       230
       241
        
       			&recordCID,

     

       231
       242
        
       		)

     

       232
       232
       -
       		if err != nil {

     

       233
       233
       -
       			return nil, fmt.Errorf("failed to scan subscription: %w", err)

     

       243
       243
       +
       		if scanErr != nil {

     

       244
       244
       +
       			return nil, fmt.Errorf("failed to scan subscription: %w", scanErr)

     

       234
       245
        
       		}

     

       235
       246
        
       

     

       236
       247
        
       		subscription.RecordURI = recordURI.String

     
···

       259
       270
        
       	if err != nil {

     

       260
       271
        
       		return nil, fmt.Errorf("failed to list subscribers: %w", err)

     

       261
       272
        
       	}

     

       262
       262
       -
       	defer rows.Close()

     

       273
       273
       +
       	defer func() {

     

       274
       274
       +
       		if closeErr := rows.Close(); closeErr != nil {

     

       275
       275
       +
       			log.Printf("Failed to close rows: %v", closeErr)

     

       276
       276
       +
       		}

     

       277
       277
       +
       	}()

     

       263
       278
        
       

     

       264
       279
        
       	result := []*communities.Subscription{}

     

       265
       280
        
       	for rows.Next() {

     

       266
       281
        
       		subscription := &communities.Subscription{}

     

       267
       282
        
       		var recordURI, recordCID sql.NullString

     

       268
       283
        
       

     

       269
       269
       -
       		err := rows.Scan(

     

       284
       284
       +
       		scanErr := rows.Scan(

     

       270
       285
        
       			&subscription.ID,

     

       271
       286
        
       			&subscription.UserDID,

     

       272
       287
        
       			&subscription.CommunityDID,

     
···

       274
       289
        
       			&recordURI,

     

       275
       290
        
       			&recordCID,

     

       276
       291
        
       		)

     

       277
       277
       -
       		if err != nil {

     

       278
       278
       -
       			return nil, fmt.Errorf("failed to scan subscriber: %w", err)

     

       292
       292
       +
       		if scanErr != nil {

     

       293
       293
       +
       			return nil, fmt.Errorf("failed to scan subscriber: %w", scanErr)

     

       279
       294
        
       		}

     

       280
       295
        
       

     

       281
       296
        
       		subscription.RecordURI = recordURI.String