commit 119c228a658ede39076c2db151353bc0a0de0afd · bretton.dev/coves

.beads/beads.left.jsonl

···

       1
       +
       {"id":"Coves-95q","content_hash":"8ec99d598f067780436b985f9ad57f0fa19632026981038df4f65f192186620b","title":"Add comprehensive API documentation","description":"","status":"open","priority":2,"issue_type":"task","created_at":"2025-11-17T20:30:34.835721854-08:00","updated_at":"2025-11-17T20:30:34.835721854-08:00","source_repo":".","dependencies":[{"issue_id":"Coves-95q","depends_on_id":"Coves-e16","type":"blocks","created_at":"2025-11-17T20:30:46.273899399-08:00","created_by":"daemon"}]}

     

       2
       +
       {"id":"Coves-e16","content_hash":"7c5d0fc8f0e7f626be3dad62af0e8412467330bad01a244e5a7e52ac5afff1c1","title":"Complete post creation and moderation features","description":"","status":"open","priority":1,"issue_type":"feature","created_at":"2025-11-17T20:30:12.885991306-08:00","updated_at":"2025-11-17T20:30:12.885991306-08:00","source_repo":"."}

     

       3
       +
       {"id":"Coves-fce","content_hash":"26b3e16b99f827316ee0d741cc959464bd0c813446c95aef8105c7fd1e6b09ff","title":"Implement aggregator feed federation","description":"","status":"open","priority":1,"issue_type":"feature","created_at":"2025-11-17T20:30:21.453326012-08:00","updated_at":"2025-11-17T20:30:21.453326012-08:00","source_repo":"."}

.beads/beads.left.meta.json

···

       0

···

       1
       +
       {"version":"0.23.1","timestamp":"2025-12-02T18:25:24.009187871-08:00","commit":"00d7d8d"}

+5 -28

cmd/server/main.go

···

       393
        
       	commentRepo := postgresRepo.NewCommentRepository(db)

     

       394
        
       	log.Println("✅ Comment repository initialized (Jetstream indexing only)")

     

       395
        
       

     

       396
       -
       	// Initialize subject validator for votes (checks posts and comments exist)

     

       397
       -
       	subjectValidator := votes.NewCompositeSubjectValidator(

     

       398
       -
       		// Post existence checker

     

       399
       -
       		func(ctx context.Context, uri string) (bool, error) {

     

       400
       -
       			_, err := postRepo.GetByURI(ctx, uri)

     

       401
       -
       			if err != nil {

     

       402
       -
       				if err == posts.ErrNotFound {

     

       403
       -
       					return false, nil

     

       404
       -
       				}

     

       405
       -
       				return false, err

     

       406
       -
       			}

     

       407
       -
       			return true, nil

     

       408
       -
       		},

     

       409
       -
       		// Comment existence checker

     

       410
       -
       		func(ctx context.Context, uri string) (bool, error) {

     

       411
       -
       			_, err := commentRepo.GetByURI(ctx, uri)

     

       412
       -
       			if err != nil {

     

       413
       -
       				if err == comments.ErrCommentNotFound {

     

       414
       -
       					return false, nil

     

       415
       -
       				}

     

       416
       -
       				return false, err

     

       417
       -
       			}

     

       418
       -
       			return true, nil

     

       419
       -
       		},

     

       420
       -
       	)

     

       421
       -
       

     

       422
        
       	// Initialize vote service (for XRPC API endpoints)

     

       423
       -
       	voteService := votes.NewService(voteRepo, subjectValidator, oauthClient, oauthStore, nil)

     

       424
       -
       	log.Println("✅ Vote service initialized (with OAuth authentication and subject validation)")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       425
        
       

     

       426
        
       	// Initialize comment service (for query API)

     

       427
        
       	// Requires user and community repos for proper author/community hydration per lexicon

···

       393
        
       	commentRepo := postgresRepo.NewCommentRepository(db)

     

       394
        
       	log.Println("✅ Comment repository initialized (Jetstream indexing only)")

     

       395
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       396
        
       	// Initialize vote service (for XRPC API endpoints)

     

       397
       +
       	// Note: We don't validate subject existence - the vote goes to the user's PDS regardless.

     

       398
       +
       	// The Jetstream consumer handles orphaned votes correctly by only updating counts for

     

       399
       +
       	// non-deleted subjects. This avoids race conditions and eventual consistency issues.

     

       400
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       401
       +
       	log.Println("✅ Vote service initialized (with OAuth authentication)")

     

       402
        
       

     

       403
        
       	// Initialize comment service (for query API)

     

       404
        
       	// Requires user and community repos for proper author/community hydration per lexicon

+2 -8

internal/api/handlers/vote/create_vote_test.go

···

       344
        
       

     

       345
        
       func TestCreateVoteHandler_ServiceError(t *testing.T) {

     

       346
        
       	tests := []struct {

     

       0
        
       
     

       347
        
       		name           string

     

       348
       -
       		serviceError   error

     

       349
        
       		expectedStatus int

     

       350
       -
       		expectedError  string

     

       351
        
       	}{

     

       352
       -
       		{

     

       353
       -
       			name:           "subject not found",

     

       354
       -
       			serviceError:   votes.ErrSubjectNotFound,

     

       355
       -
       			expectedStatus: http.StatusNotFound,

     

       356
       -
       			expectedError:  "SubjectNotFound", // Per lexicon: social.coves.feed.vote.create#SubjectNotFound

     

       357
       -
       		},

     

       358
        
       		{

     

       359
        
       			name:           "invalid direction",

     

       360
        
       			serviceError:   votes.ErrInvalidDirection,

···

       344
        
       

     

       345
        
       func TestCreateVoteHandler_ServiceError(t *testing.T) {

     

       346
        
       	tests := []struct {

     

       347
       +
       		serviceError   error

     

       348
        
       		name           string

     

       349
       +
       		expectedError  string

     

       350
        
       		expectedStatus int

     

       0
        
       
     

       351
        
       	}{

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       352
        
       		{

     

       353
        
       			name:           "invalid direction",

     

       354
        
       			serviceError:   votes.ErrInvalidDirection,

+2 -8

internal/api/handlers/vote/delete_vote_test.go

···

       239
        
       

     

       240
        
       func TestDeleteVoteHandler_ServiceError(t *testing.T) {

     

       241
        
       	tests := []struct {

     

       242
       -
       		name           string

     

       243
        
       		serviceError   error

     

       244
       -
       		expectedStatus int

     

       245
        
       		expectedError  string

     

       0
        
       
     

       246
        
       	}{

     

       247
        
       		{

     

       248
        
       			name:           "vote not found",

     

       249
        
       			serviceError:   votes.ErrVoteNotFound,

     

       250
        
       			expectedStatus: http.StatusNotFound,

     

       251
        
       			expectedError:  "VoteNotFound", // Per lexicon: social.coves.feed.vote.delete#VoteNotFound

     

       252
       -
       		},

     

       253
       -
       		{

     

       254
       -
       			name:           "subject not found",

     

       255
       -
       			serviceError:   votes.ErrSubjectNotFound,

     

       256
       -
       			expectedStatus: http.StatusNotFound,

     

       257
       -
       			expectedError:  "SubjectNotFound", // Per lexicon: social.coves.feed.vote.create#SubjectNotFound

     

       258
        
       		},

     

       259
        
       		{

     

       260
        
       			name:           "invalid subject",

···

       239
        
       

     

       240
        
       func TestDeleteVoteHandler_ServiceError(t *testing.T) {

     

       241
        
       	tests := []struct {

     

       0
        
       
     

       242
        
       		serviceError   error

     

       243
       +
       		name           string

     

       244
        
       		expectedError  string

     

       245
       +
       		expectedStatus int

     

       246
        
       	}{

     

       247
        
       		{

     

       248
        
       			name:           "vote not found",

     

       249
        
       			serviceError:   votes.ErrVoteNotFound,

     

       250
        
       			expectedStatus: http.StatusNotFound,

     

       251
        
       			expectedError:  "VoteNotFound", // Per lexicon: social.coves.feed.vote.delete#VoteNotFound

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       252
        
       		},

     

       253
        
       		{

     

       254
        
       			name:           "invalid subject",

-3

internal/api/handlers/vote/errors.go

···

       34
        
       	case errors.Is(err, votes.ErrVoteNotFound):

     

       35
        
       		// Matches: social.coves.feed.vote.delete#VoteNotFound

     

       36
        
       		writeError(w, http.StatusNotFound, "VoteNotFound", "No vote found for this subject")

     

       37
       -
       	case errors.Is(err, votes.ErrSubjectNotFound):

     

       38
       -
       		// Matches: social.coves.feed.vote.create#SubjectNotFound

     

       39
       -
       		writeError(w, http.StatusNotFound, "SubjectNotFound", "The subject post or comment was not found")

     

       40
        
       	case errors.Is(err, votes.ErrInvalidDirection):

     

       41
        
       		writeError(w, http.StatusBadRequest, "InvalidRequest", "Vote direction must be 'up' or 'down'")

     

       42
        
       	case errors.Is(err, votes.ErrInvalidSubject):

···

       34
        
       	case errors.Is(err, votes.ErrVoteNotFound):

     

       35
        
       		// Matches: social.coves.feed.vote.delete#VoteNotFound

     

       36
        
       		writeError(w, http.StatusNotFound, "VoteNotFound", "No vote found for this subject")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       37
        
       	case errors.Is(err, votes.ErrInvalidDirection):

     

       38
        
       		writeError(w, http.StatusBadRequest, "InvalidRequest", "Vote direction must be 'up' or 'down'")

     

       39
        
       	case errors.Is(err, votes.ErrInvalidSubject):

+4 -4

internal/atproto/oauth/handlers_security.go

···

       25
        
       // - Android: Verified via /.well-known/assetlinks.json

     

       26
        
       var allowedMobileRedirectURIs = map[string]bool{

     

       27
        
       	// Custom scheme per atproto spec (reverse-domain of coves.social)

     

       28
       -
       	"social.coves:/callback":                  true,

     

       29
       -
       	"social.coves://callback":                 true, // Some platforms add double slash

     

       30
       -
       	"social.coves:/oauth/callback":            true, // Alternative path

     

       31
       -
       	"social.coves://oauth/callback":           true,

     

       32
        
       	// Universal Links - cryptographically bound to app (preferred for security)

     

       33
        
       	"https://coves.social/app/oauth/callback": true,

     

       34
        
       }

···

       25
        
       // - Android: Verified via /.well-known/assetlinks.json

     

       26
        
       var allowedMobileRedirectURIs = map[string]bool{

     

       27
        
       	// Custom scheme per atproto spec (reverse-domain of coves.social)

     

       28
       +
       	"social.coves:/callback":        true,

     

       29
       +
       	"social.coves://callback":       true, // Some platforms add double slash

     

       30
       +
       	"social.coves:/oauth/callback":  true, // Alternative path

     

       31
       +
       	"social.coves://oauth/callback": true,

     

       32
        
       	// Universal Links - cryptographically bound to app (preferred for security)

     

       33
        
       	"https://coves.social/app/oauth/callback": true,

     

       34
        
       }

-3

internal/core/votes/errors.go

···

       6
        
       	// ErrVoteNotFound indicates the requested vote doesn't exist

     

       7
        
       	ErrVoteNotFound = errors.New("vote not found")

     

       8
        
       

     

       9
       -
       	// ErrSubjectNotFound indicates the post/comment being voted on doesn't exist

     

       10
       -
       	ErrSubjectNotFound = errors.New("subject not found")

     

       11
       -
       

     

       12
        
       	// ErrInvalidDirection indicates the vote direction is not "up" or "down"

     

       13
        
       	ErrInvalidDirection = errors.New("invalid vote direction: must be 'up' or 'down'")

     

       14

···

       6
        
       	// ErrVoteNotFound indicates the requested vote doesn't exist

     

       7
        
       	ErrVoteNotFound = errors.New("vote not found")

     

       8
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       9
        
       	// ErrInvalidDirection indicates the vote direction is not "up" or "down"

     

       10
        
       	ErrInvalidDirection = errors.New("invalid vote direction: must be 'up' or 'down'")

     

       11

+10 -6

internal/core/votes/service.go

···

       10
        
       // Implements write-forward pattern: validates requests, then forwards to user's PDS

     

       11
        
       //

     

       12
        
       // Architecture:

     

       13
       -
       // - Service validates input and checks authorization

     

       14
       -
       // - Queries user's PDS directly via com.atproto.repo.listRecords to check existing votes

     

       15
       -
       //   (avoids eventual consistency issues with AppView database)

     

       16
       -
       // - Creates/deletes vote records via com.atproto.repo.createRecord/deleteRecord

     

       17
       -
       // - AppView indexes resulting records from Jetstream firehose for aggregate counts

     

       18
        
       type Service interface {

     

       19
        
       	// CreateVote creates a new vote or toggles off an existing vote

     

       20
        
       	// Returns URI and CID of created vote, or empty strings if toggled off

     
···

       22
        
       	// Validation:

     

       23
        
       	// - Direction must be "up" or "down" (returns ErrInvalidDirection)

     

       24
        
       	// - Subject URI must be valid AT-URI (returns ErrInvalidSubject)

     

       25
       -
       	// - Subject must exist (returns ErrSubjectNotFound)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       26
        
       	//

     

       27
        
       	// Behavior:

     

       28
        
       	// - If no vote exists: creates new vote with given direction

···

       10
        
       // Implements write-forward pattern: validates requests, then forwards to user's PDS

     

       11
        
       //

     

       12
        
       // Architecture:

     

       13
       +
       //   - Service validates input and checks authorization

     

       14
       +
       //   - Queries user's PDS directly via com.atproto.repo.listRecords to check existing votes

     

       15
       +
       //     (avoids eventual consistency issues with AppView database)

     

       16
       +
       //   - Creates/deletes vote records via com.atproto.repo.createRecord/deleteRecord

     

       17
       +
       //   - AppView indexes resulting records from Jetstream firehose for aggregate counts

     

       18
        
       type Service interface {

     

       19
        
       	// CreateVote creates a new vote or toggles off an existing vote

     

       20
        
       	// Returns URI and CID of created vote, or empty strings if toggled off

     
···

       22
        
       	// Validation:

     

       23
        
       	// - Direction must be "up" or "down" (returns ErrInvalidDirection)

     

       24
        
       	// - Subject URI must be valid AT-URI (returns ErrInvalidSubject)

     

       25
       +
       	// - Subject CID must be provided (returns ErrInvalidSubject)

     

       26
       +
       	//

     

       27
       +
       	// Note: Subject existence is NOT validated. Votes on non-existent or deleted

     

       28
       +
       	// subjects are allowed - the Jetstream consumer handles orphaned votes correctly

     

       29
       +
       	// by only updating counts for non-deleted subjects.

     

       30
        
       	//

     

       31
        
       	// Behavior:

     

       32
        
       	// - If no vote exists: creates new vote with given direction

+14 -27

internal/core/votes/service_impl.go

···

       19
        
       

     

       20
        
       // voteService implements the Service interface for vote operations

     

       21
        
       type voteService struct {

     

       22
       -
       	repo             Repository

     

       23
       -
       	subjectValidator SubjectValidator

     

       24
       -
       	oauthClient      *oauthclient.OAuthClient

     

       25
       -
       	oauthStore       oauth.ClientAuthStore

     

       26
       -
       	logger           *slog.Logger

     

       27
        
       }

     

       28
        
       

     

       29
        
       // NewService creates a new vote service instance

     

       30
       -
       // subjectValidator can be nil to skip subject existence checks (not recommended for production)

     

       31
       -
       func NewService(repo Repository, subjectValidator SubjectValidator, oauthClient *oauthclient.OAuthClient, oauthStore oauth.ClientAuthStore, logger *slog.Logger) Service {

     

       32
        
       	if logger == nil {

     

       33
        
       		logger = slog.Default()

     

       34
        
       	}

     

       35
        
       	return &voteService{

     

       36
       -
       		repo:             repo,

     

       37
       -
       		subjectValidator: subjectValidator,

     

       38
       -
       		oauthClient:      oauthClient,

     

       39
       -
       		oauthStore:       oauthStore,

     

       40
       -
       		logger:           logger,

     

       41
        
       	}

     

       42
        
       }

     

       43
        
       

     
···

       65
        
       		return nil, ErrInvalidSubject

     

       66
        
       	}

     

       67
        
       

     

       68
       -
       	// Validate subject exists in AppView (post or comment)

     

       69
       -
       	// This prevents creating votes on non-existent content

     

       70
       -
       	if s.subjectValidator != nil {

     

       71
       -
       		exists, err := s.subjectValidator.SubjectExists(ctx, req.Subject.URI)

     

       72
       -
       		if err != nil {

     

       73
       -
       			s.logger.Error("failed to validate subject existence",

     

       74
       -
       				"error", err,

     

       75
       -
       				"subject", req.Subject.URI)

     

       76
       -
       			return nil, fmt.Errorf("failed to validate subject: %w", err)

     

       77
       -
       		}

     

       78
       -
       		if !exists {

     

       79
       -
       			return nil, ErrSubjectNotFound

     

       80
       -
       		}

     

       81
       -
       	}

     

       82
        
       

     

       83
        
       	// Check for existing vote by querying PDS directly (source of truth)

     

       84
        
       	// This avoids eventual consistency issues with the AppView database

     
···

       284
        
       

     

       285
        
       		// Parse the listRecords response

     

       286
        
       		var result struct {

     

       0
        
       
     

       287
        
       			Records []struct {

     

       288
        
       				URI   string `json:"uri"`

     

       289
        
       				CID   string `json:"cid"`

     
···

       297
        
       					CreatedAt string `json:"createdAt"`

     

       298
        
       				} `json:"value"`

     

       299
        
       			} `json:"records"`

     

       300
       -
       			Cursor string `json:"cursor"`

     

       301
        
       		}

     

       302
        
       

     

       303
        
       		if err := json.Unmarshal(body, &result); err != nil {

···

       19
        
       

     

       20
        
       // voteService implements the Service interface for vote operations

     

       21
        
       type voteService struct {

     

       22
       +
       	repo        Repository

     

       23
       +
       	oauthClient *oauthclient.OAuthClient

     

       24
       +
       	oauthStore  oauth.ClientAuthStore

     

       25
       +
       	logger      *slog.Logger

     

       0
        
       
     

       26
        
       }

     

       27
        
       

     

       28
        
       // NewService creates a new vote service instance

     

       29
       +
       func NewService(repo Repository, oauthClient *oauthclient.OAuthClient, oauthStore oauth.ClientAuthStore, logger *slog.Logger) Service {

     

       0
        
       
     

       30
        
       	if logger == nil {

     

       31
        
       		logger = slog.Default()

     

       32
        
       	}

     

       33
        
       	return &voteService{

     

       34
       +
       		repo:        repo,

     

       35
       +
       		oauthClient: oauthClient,

     

       36
       +
       		oauthStore:  oauthStore,

     

       37
       +
       		logger:      logger,

     

       0
        
       
     

       38
        
       	}

     

       39
        
       }

     

       40
        
       

     
···

       62
        
       		return nil, ErrInvalidSubject

     

       63
        
       	}

     

       64
        
       

     

       65
       +
       	// Note: We intentionally don't validate subject existence here.

     

       66
       +
       	// The vote record goes to the user's PDS regardless. The Jetstream consumer

     

       67
       +
       	// handles orphaned votes correctly by only updating counts for non-deleted subjects.

     

       68
       +
       	// This avoids race conditions and eventual consistency issues.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       69
        
       

     

       70
        
       	// Check for existing vote by querying PDS directly (source of truth)

     

       71
        
       	// This avoids eventual consistency issues with the AppView database

     
···

       271
        
       

     

       272
        
       		// Parse the listRecords response

     

       273
        
       		var result struct {

     

       274
       +
       			Cursor  string `json:"cursor"`

     

       275
        
       			Records []struct {

     

       276
        
       				URI   string `json:"uri"`

     

       277
        
       				CID   string `json:"cid"`

     
···

       285
        
       					CreatedAt string `json:"createdAt"`

     

       286
        
       				} `json:"value"`

     

       287
        
       			} `json:"records"`

     

       0
        
       
     

       288
        
       		}

     

       289
        
       

     

       290
        
       		if err := json.Unmarshal(body, &result); err != nil {

-50

internal/core/votes/subject_validator.go

···

       1
       -
       package votes

     

       2
       -
       

     

       3
       -
       import (

     

       4
       -
       	"context"

     

       5
       -
       	"strings"

     

       6
       -
       )

     

       7
       -
       

     

       8
       -
       // SubjectExistsFunc is a function type that checks if a subject exists

     

       9
       -
       type SubjectExistsFunc func(ctx context.Context, uri string) (bool, error)

     

       10
       -
       

     

       11
       -
       // CompositeSubjectValidator validates subjects by checking both posts and comments

     

       12
       -
       type CompositeSubjectValidator struct {

     

       13
       -
       	postExists    SubjectExistsFunc

     

       14
       -
       	commentExists SubjectExistsFunc

     

       15
       -
       }

     

       16
       -
       

     

       17
       -
       // NewCompositeSubjectValidator creates a validator that checks both posts and comments

     

       18
       -
       // Pass nil for either function to skip validation for that type

     

       19
       -
       func NewCompositeSubjectValidator(postExists, commentExists SubjectExistsFunc) *CompositeSubjectValidator {

     

       20
       -
       	return &CompositeSubjectValidator{

     

       21
       -
       		postExists:    postExists,

     

       22
       -
       		commentExists: commentExists,

     

       23
       -
       	}

     

       24
       -
       }

     

       25
       -
       

     

       26
       -
       // SubjectExists checks if a post or comment exists at the given URI

     

       27
       -
       // Determines type from the collection in the URI (e.g., social.coves.feed.post vs social.coves.feed.comment)

     

       28
       -
       func (v *CompositeSubjectValidator) SubjectExists(ctx context.Context, uri string) (bool, error) {

     

       29
       -
       	// Parse collection from AT-URI: at://did/collection/rkey

     

       30
       -
       	// Example: at://did:plc:xxx/social.coves.feed.post/abc123

     

       31
       -
       	if strings.Contains(uri, "/social.coves.feed.post/") {

     

       32
       -
       		if v.postExists != nil {

     

       33
       -
       			return v.postExists(ctx, uri)

     

       34
       -
       		}

     

       35
       -
       		// If no post checker, assume exists (for testing)

     

       36
       -
       		return true, nil

     

       37
       -
       	}

     

       38
       -
       

     

       39
       -
       	if strings.Contains(uri, "/social.coves.feed.comment/") {

     

       40
       -
       		if v.commentExists != nil {

     

       41
       -
       			return v.commentExists(ctx, uri)

     

       42
       -
       		}

     

       43
       -
       		// If no comment checker, assume exists (for testing)

     

       44
       -
       		return true, nil

     

       45
       -
       	}

     

       46
       -
       

     

       47
       -
       	// Unknown collection type - could be from another app

     

       48
       -
       	// For now, allow voting on unknown types (future-proofing)

     

       49
       -
       	return true, nil

     

       50
       -
       }

-9

internal/core/votes/vote.go

···

       1
        
       package votes

     

       2
        
       

     

       3
        
       import (

     

       4
       -
       	"context"

     

       5
        
       	"time"

     

       6
        
       )

     

       7
       -
       

     

       8
       -
       // SubjectValidator validates that vote subjects (posts/comments) exist

     

       9
       -
       // This prevents creating votes on non-existent content

     

       10
       -
       type SubjectValidator interface {

     

       11
       -
       	// SubjectExists checks if a post or comment exists at the given URI

     

       12
       -
       	// Returns true if found, false if not found

     

       13
       -
       	SubjectExists(ctx context.Context, uri string) (bool, error)

     

       14
       -
       }

     

       15
        
       

     

       16
        
       // Vote represents a vote in the AppView database

     

       17
        
       // Votes are indexed from the firehose after being written to user repositories

···

       1
        
       package votes

     

       2
        
       

     

       3
        
       import (

     

       0
        
       
     

       4
        
       	"time"

     

       5
        
       )

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       6
        
       

     

       7
        
       // Vote represents a vote in the AppView database

     

       8
        
       // Votes are indexed from the firehose after being written to user repositories

+77 -27

tests/integration/vote_e2e_test.go

···

       85
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       86
        
       

     

       87
        
       	// Setup services

     

       88
       -
       	voteService := votes.NewService(voteRepo, nil, oauthClient, oauthStore, nil)

     

       89
        
       

     

       90
        
       	// Create test user on PDS

     

       91
        
       	testUserHandle := fmt.Sprintf("voter-%d.local.coves.dev", time.Now().Unix())

     
···

       173
        
       		CID string `json:"cid"`

     

       174
        
       	}

     

       175
        
       

     

       176
       -
       	if err := json.NewDecoder(resp.Body).Decode(&voteResp); err != nil {

     

       177
       -
       		t.Fatalf("Failed to decode vote response: %v", err)

     

       178
        
       	}

     

       179
        
       

     

       180
        
       	t.Logf("✅ XRPC response received:")

     
···

       310
        
       

     

       311
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       312
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       313
       -
       	voteService := votes.NewService(voteRepo, nil, oauthClient, oauthStore, nil)

     

       314
        
       

     

       315
        
       	// Create test user

     

       316
        
       	testUserHandle := fmt.Sprintf("toggle-%d.local.coves.dev", time.Now().Unix())

     
···

       366
        
       		URI string `json:"uri"`

     

       367
        
       		CID string `json:"cid"`

     

       368
        
       	}

     

       369
       -
       	json.NewDecoder(resp.Body).Decode(&firstVoteResp)

     

       370
       -
       	resp.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       371
        
       

     

       372
        
       	t.Logf("✅ First vote created: %s", firstVoteResp.URI)

     

       373
        
       

     
···

       394
        
       			},

     

       395
        
       		},

     

       396
        
       	}

     

       397
       -
       	voteConsumer.HandleEvent(ctx, &voteEvent)

     

       0
        
       
     

       0
        
       
     

       398
        
       

     

       399
        
       	// Second upvote (same direction) - should toggle off (delete)

     

       400
        
       	t.Logf("\n📝 Creating second upvote (toggle off)...")

     
···

       408
        
       	if err != nil {

     

       409
        
       		t.Fatalf("Failed to toggle vote: %v", err)

     

       410
        
       	}

     

       411
       -
       	defer resp2.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       412
        
       

     

       413
        
       	if resp2.StatusCode != http.StatusOK {

     

       414
        
       		body, _ := io.ReadAll(resp2.Body)

     
···

       430
        
       			RKey:       rkey,

     

       431
        
       		},

     

       432
        
       	}

     

       433
       -
       	voteConsumer.HandleEvent(ctx, &deleteEvent)

     

       0
        
       
     

       0
        
       
     

       434
        
       

     

       435
        
       	// Verify vote was removed from AppView

     

       436
        
       	t.Logf("\n🔍 Verifying vote removed from AppView...")

     
···

       469
        
       

     

       470
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       471
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       472
       -
       	voteService := votes.NewService(voteRepo, nil, oauthClient, oauthStore, nil)

     

       473
        
       

     

       474
        
       	// Create test user

     

       475
        
       	testUserHandle := fmt.Sprintf("flip-%d.local.coves.dev", time.Now().Unix())

     
···

       516
        
       	req.Header.Set("Content-Type", "application/json")

     

       517
        
       	req.Header.Set("Authorization", "Bearer "+token)

     

       518
        
       

     

       519
       -
       	resp, _ := http.DefaultClient.Do(req)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       520
        
       	var upvoteResp struct {

     

       521
        
       		URI string `json:"uri"`

     

       522
        
       		CID string `json:"cid"`

     

       523
        
       	}

     

       524
       -
       	json.NewDecoder(resp.Body).Decode(&upvoteResp)

     

       525
       -
       	resp.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       526
        
       

     

       527
        
       	// Index upvote

     

       528
        
       	rkey := utils.ExtractRKeyFromURI(upvoteResp.URI)

     
···

       547
        
       			},

     

       548
        
       		},

     

       549
        
       	}

     

       550
       -
       	voteConsumer.HandleEvent(ctx, &upvoteEvent)

     

       0
        
       
     

       0
        
       
     

       551
        
       

     

       552
        
       	t.Logf("✅ Upvote created and indexed")

     

       553
        
       

     
···

       568
        
       	req2.Header.Set("Content-Type", "application/json")

     

       569
        
       	req2.Header.Set("Authorization", "Bearer "+token)

     

       570
        
       

     

       571
       -
       	resp2, _ := http.DefaultClient.Do(req2)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       572
        
       	var downvoteResp struct {

     

       573
        
       		URI string `json:"uri"`

     

       574
        
       		CID string `json:"cid"`

     

       575
        
       	}

     

       576
       -
       	json.NewDecoder(resp2.Body).Decode(&downvoteResp)

     

       577
       -
       	resp2.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       578
        
       

     

       579
        
       	// Simulate Jetstream UPDATE event (PDS updates the existing record)

     

       580
        
       	t.Logf("\n🔄 Simulating Jetstream UPDATE event...")

     
···

       599
        
       			},

     

       600
        
       		},

     

       601
        
       	}

     

       602
       -
       	voteConsumer.HandleEvent(ctx, &updateEvent)

     

       0
        
       
     

       0
        
       
     

       603
        
       

     

       604
        
       	// Verify vote direction changed in AppView

     

       605
        
       	t.Logf("\n🔍 Verifying vote direction changed in AppView...")

     
···

       648
        
       

     

       649
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       650
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       651
       -
       	voteService := votes.NewService(voteRepo, nil, oauthClient, oauthStore, nil)

     

       652
        
       

     

       653
        
       	// Create test user

     

       654
        
       	testUserHandle := fmt.Sprintf("delete-%d.local.coves.dev", time.Now().Unix())

     
···

       695
        
       	req.Header.Set("Content-Type", "application/json")

     

       696
        
       	req.Header.Set("Authorization", "Bearer "+token)

     

       697
        
       

     

       698
       -
       	resp, _ := http.DefaultClient.Do(req)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       699
        
       	var voteResp struct {

     

       700
        
       		URI string `json:"uri"`

     

       701
        
       		CID string `json:"cid"`

     

       702
        
       	}

     

       703
       -
       	json.NewDecoder(resp.Body).Decode(&voteResp)

     

       704
       -
       	resp.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       705
        
       

     

       706
        
       	// Index vote

     

       707
        
       	rkey := utils.ExtractRKeyFromURI(voteResp.URI)

     
···

       726
        
       			},

     

       727
        
       		},

     

       728
        
       	}

     

       729
       -
       	voteConsumer.HandleEvent(ctx, &voteEvent)

     

       0
        
       
     

       0
        
       
     

       730
        
       

     

       731
        
       	t.Logf("✅ Vote created and indexed")

     

       732
        
       

     
···

       746
        
       	deleteHttpReq.Header.Set("Content-Type", "application/json")

     

       747
        
       	deleteHttpReq.Header.Set("Authorization", "Bearer "+token)

     

       748
        
       

     

       749
       -
       	deleteResp, _ := http.DefaultClient.Do(deleteHttpReq)

     

       750
       -
       	defer deleteResp.Body.Close()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       751
        
       

     

       752
        
       	if deleteResp.StatusCode != http.StatusOK {

     

       753
        
       		body, _ := io.ReadAll(deleteResp.Body)

     
···

       756
        
       

     

       757
        
       	// Per lexicon, delete returns empty object {}

     

       758
        
       	var deleteRespBody map[string]interface{}

     

       759
       -
       	json.NewDecoder(deleteResp.Body).Decode(&deleteRespBody)

     

       0
        
       
     

       0
        
       
     

       760
        
       

     

       761
        
       	if len(deleteRespBody) != 0 {

     

       762
        
       		t.Errorf("Expected empty object per lexicon, got %v", deleteRespBody)

     
···

       777
        
       			RKey:       rkey,

     

       778
        
       		},

     

       779
        
       	}

     

       780
       -
       	voteConsumer.HandleEvent(ctx, &deleteEvent)

     

       0
        
       
     

       0
        
       
     

       781
        
       

     

       782
        
       	// Verify vote removed from AppView

     

       783
        
       	t.Logf("\n🔍 Verifying vote removed from AppView...")

···

       85
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       86
        
       

     

       87
        
       	// Setup services

     

       88
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       89
        
       

     

       90
        
       	// Create test user on PDS

     

       91
        
       	testUserHandle := fmt.Sprintf("voter-%d.local.coves.dev", time.Now().Unix())

     
···

       173
        
       		CID string `json:"cid"`

     

       174
        
       	}

     

       175
        
       

     

       176
       +
       	if decodeErr := json.NewDecoder(resp.Body).Decode(&voteResp); decodeErr != nil {

     

       177
       +
       		t.Fatalf("Failed to decode vote response: %v", decodeErr)

     

       178
        
       	}

     

       179
        
       

     

       180
        
       	t.Logf("✅ XRPC response received:")

     
···

       310
        
       

     

       311
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       312
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       313
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       314
        
       

     

       315
        
       	// Create test user

     

       316
        
       	testUserHandle := fmt.Sprintf("toggle-%d.local.coves.dev", time.Now().Unix())

     
···

       366
        
       		URI string `json:"uri"`

     

       367
        
       		CID string `json:"cid"`

     

       368
        
       	}

     

       369
       +
       	if decodeErr := json.NewDecoder(resp.Body).Decode(&firstVoteResp); decodeErr != nil {

     

       370
       +
       		t.Fatalf("Failed to decode first vote response: %v", decodeErr)

     

       371
       +
       	}

     

       372
       +
       	if closeErr := resp.Body.Close(); closeErr != nil {

     

       373
       +
       		t.Logf("Failed to close response body: %v", closeErr)

     

       374
       +
       	}

     

       375
        
       

     

       376
        
       	t.Logf("✅ First vote created: %s", firstVoteResp.URI)

     

       377
        
       

     
···

       398
        
       			},

     

       399
        
       		},

     

       400
        
       	}

     

       401
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &voteEvent); handleErr != nil {

     

       402
       +
       		t.Fatalf("Failed to handle first vote event: %v", handleErr)

     

       403
       +
       	}

     

       404
        
       

     

       405
        
       	// Second upvote (same direction) - should toggle off (delete)

     

       406
        
       	t.Logf("\n📝 Creating second upvote (toggle off)...")

     
···

       414
        
       	if err != nil {

     

       415
        
       		t.Fatalf("Failed to toggle vote: %v", err)

     

       416
        
       	}

     

       417
       +
       	defer func() {

     

       418
       +
       		if closeErr := resp2.Body.Close(); closeErr != nil {

     

       419
       +
       			t.Logf("Failed to close response body: %v", closeErr)

     

       420
       +
       		}

     

       421
       +
       	}()

     

       422
        
       

     

       423
        
       	if resp2.StatusCode != http.StatusOK {

     

       424
        
       		body, _ := io.ReadAll(resp2.Body)

     
···

       440
        
       			RKey:       rkey,

     

       441
        
       		},

     

       442
        
       	}

     

       443
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &deleteEvent); handleErr != nil {

     

       444
       +
       		t.Fatalf("Failed to handle delete event: %v", handleErr)

     

       445
       +
       	}

     

       446
        
       

     

       447
        
       	// Verify vote was removed from AppView

     

       448
        
       	t.Logf("\n🔍 Verifying vote removed from AppView...")

     
···

       481
        
       

     

       482
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       483
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       484
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       485
        
       

     

       486
        
       	// Create test user

     

       487
        
       	testUserHandle := fmt.Sprintf("flip-%d.local.coves.dev", time.Now().Unix())

     
···

       528
        
       	req.Header.Set("Content-Type", "application/json")

     

       529
        
       	req.Header.Set("Authorization", "Bearer "+token)

     

       530
        
       

     

       531
       +
       	resp, err := http.DefaultClient.Do(req)

     

       532
       +
       	if err != nil {

     

       533
       +
       		t.Fatalf("Failed to create upvote: %v", err)

     

       534
       +
       	}

     

       535
        
       	var upvoteResp struct {

     

       536
        
       		URI string `json:"uri"`

     

       537
        
       		CID string `json:"cid"`

     

       538
        
       	}

     

       539
       +
       	if decodeErr := json.NewDecoder(resp.Body).Decode(&upvoteResp); decodeErr != nil {

     

       540
       +
       		t.Fatalf("Failed to decode upvote response: %v", decodeErr)

     

       541
       +
       	}

     

       542
       +
       	if closeErr := resp.Body.Close(); closeErr != nil {

     

       543
       +
       		t.Logf("Failed to close response body: %v", closeErr)

     

       544
       +
       	}

     

       545
        
       

     

       546
        
       	// Index upvote

     

       547
        
       	rkey := utils.ExtractRKeyFromURI(upvoteResp.URI)

     
···

       566
        
       			},

     

       567
        
       		},

     

       568
        
       	}

     

       569
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &upvoteEvent); handleErr != nil {

     

       570
       +
       		t.Fatalf("Failed to handle upvote event: %v", handleErr)

     

       571
       +
       	}

     

       572
        
       

     

       573
        
       	t.Logf("✅ Upvote created and indexed")

     

       574
        
       

     
···

       589
        
       	req2.Header.Set("Content-Type", "application/json")

     

       590
        
       	req2.Header.Set("Authorization", "Bearer "+token)

     

       591
        
       

     

       592
       +
       	resp2, err := http.DefaultClient.Do(req2)

     

       593
       +
       	if err != nil {

     

       594
       +
       		t.Fatalf("Failed to create downvote: %v", err)

     

       595
       +
       	}

     

       596
        
       	var downvoteResp struct {

     

       597
        
       		URI string `json:"uri"`

     

       598
        
       		CID string `json:"cid"`

     

       599
        
       	}

     

       600
       +
       	if decodeErr := json.NewDecoder(resp2.Body).Decode(&downvoteResp); decodeErr != nil {

     

       601
       +
       		t.Fatalf("Failed to decode downvote response: %v", decodeErr)

     

       602
       +
       	}

     

       603
       +
       	if closeErr := resp2.Body.Close(); closeErr != nil {

     

       604
       +
       		t.Logf("Failed to close response body: %v", closeErr)

     

       605
       +
       	}

     

       606
        
       

     

       607
        
       	// Simulate Jetstream UPDATE event (PDS updates the existing record)

     

       608
        
       	t.Logf("\n🔄 Simulating Jetstream UPDATE event...")

     
···

       627
        
       			},

     

       628
        
       		},

     

       629
        
       	}

     

       630
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &updateEvent); handleErr != nil {

     

       631
       +
       		t.Fatalf("Failed to handle update event: %v", handleErr)

     

       632
       +
       	}

     

       633
        
       

     

       634
        
       	// Verify vote direction changed in AppView

     

       635
        
       	t.Logf("\n🔍 Verifying vote direction changed in AppView...")

     
···

       678
        
       

     

       679
        
       	oauthStore := SetupOAuthTestStore(t, db)

     

       680
        
       	oauthClient := SetupOAuthTestClient(t, oauthStore)

     

       681
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       682
        
       

     

       683
        
       	// Create test user

     

       684
        
       	testUserHandle := fmt.Sprintf("delete-%d.local.coves.dev", time.Now().Unix())

     
···

       725
        
       	req.Header.Set("Content-Type", "application/json")

     

       726
        
       	req.Header.Set("Authorization", "Bearer "+token)

     

       727
        
       

     

       728
       +
       	resp, err := http.DefaultClient.Do(req)

     

       729
       +
       	if err != nil {

     

       730
       +
       		t.Fatalf("Failed to create vote: %v", err)

     

       731
       +
       	}

     

       732
        
       	var voteResp struct {

     

       733
        
       		URI string `json:"uri"`

     

       734
        
       		CID string `json:"cid"`

     

       735
        
       	}

     

       736
       +
       	if decodeErr := json.NewDecoder(resp.Body).Decode(&voteResp); decodeErr != nil {

     

       737
       +
       		t.Fatalf("Failed to decode vote response: %v", decodeErr)

     

       738
       +
       	}

     

       739
       +
       	if closeErr := resp.Body.Close(); closeErr != nil {

     

       740
       +
       		t.Logf("Failed to close response body: %v", closeErr)

     

       741
       +
       	}

     

       742
        
       

     

       743
        
       	// Index vote

     

       744
        
       	rkey := utils.ExtractRKeyFromURI(voteResp.URI)

     
···

       763
        
       			},

     

       764
        
       		},

     

       765
        
       	}

     

       766
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &voteEvent); handleErr != nil {

     

       767
       +
       		t.Fatalf("Failed to handle vote event: %v", handleErr)

     

       768
       +
       	}

     

       769
        
       

     

       770
        
       	t.Logf("✅ Vote created and indexed")

     

       771
        
       

     
···

       785
        
       	deleteHttpReq.Header.Set("Content-Type", "application/json")

     

       786
        
       	deleteHttpReq.Header.Set("Authorization", "Bearer "+token)

     

       787
        
       

     

       788
       +
       	deleteResp, err := http.DefaultClient.Do(deleteHttpReq)

     

       789
       +
       	if err != nil {

     

       790
       +
       		t.Fatalf("Failed to delete vote: %v", err)

     

       791
       +
       	}

     

       792
       +
       	defer func() {

     

       793
       +
       		if closeErr := deleteResp.Body.Close(); closeErr != nil {

     

       794
       +
       			t.Logf("Failed to close response body: %v", closeErr)

     

       795
       +
       		}

     

       796
       +
       	}()

     

       797
        
       

     

       798
        
       	if deleteResp.StatusCode != http.StatusOK {

     

       799
        
       		body, _ := io.ReadAll(deleteResp.Body)

     
···

       802
        
       

     

       803
        
       	// Per lexicon, delete returns empty object {}

     

       804
        
       	var deleteRespBody map[string]interface{}

     

       805
       +
       	if decodeErr := json.NewDecoder(deleteResp.Body).Decode(&deleteRespBody); decodeErr != nil {

     

       806
       +
       		t.Fatalf("Failed to decode delete response: %v", decodeErr)

     

       807
       +
       	}

     

       808
        
       

     

       809
        
       	if len(deleteRespBody) != 0 {

     

       810
        
       		t.Errorf("Expected empty object per lexicon, got %v", deleteRespBody)

     
···

       825
        
       			RKey:       rkey,

     

       826
        
       		},

     

       827
        
       	}

     

       828
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &deleteEvent); handleErr != nil {

     

       829
       +
       		t.Fatalf("Failed to handle delete event: %v", handleErr)

     

       830
       +
       	}

     

       831
        
       

     

       832
        
       	// Verify vote removed from AppView

     

       833
        
       	t.Logf("\n🔍 Verifying vote removed from AppView...")