bretton.dev
+27
cmd/server/main.go
+27
cmd/server/main.go
······+log.Println("โ ๏ธ WARNING: Using default cursor secret. Set CURSOR_SECRET env var in production!")···// Currently handles only CREATE operations - UPDATE/DELETE deferred until those features exist···
+68
-4
docs/aggregators/PRD_AGGREGATORS.md
+68
-4
docs/aggregators/PRD_AGGREGATORS.md
···+Aggregators cannot create posts because they aren't indexed as users in the AppView database. The post consumer rejects posts with:+๐จ SECURITY: Rejecting post event: author not found: <aggregator-did> - cannot index post before author+This security check (in `post_consumer.go:181-196`) ensures referential integrity by requiring all post authors to exist as users before posts can be indexed.+Users are normally indexed through Jetstream identity events when they create accounts on a PDS. Aggregators don't have PDSs connected to Jetstream, so they never emit identity events and are never automatically indexed.+Implement `social.coves.aggregator.register` XRPC endpoint to allow aggregators to self-register as users.+VALUES ('did:plc:...', 'aggregator-name.coves.social', 'https://api.coves.social', NOW(), NOW());···
+10
-10
internal/api/handlers/aggregator/get_services.go
+10
-10
internal/api/handlers/aggregator/get_services.go
···// AggregatorViewDetailed matches social.coves.aggregator.defs#aggregatorViewDetailed (with stats)
+43
internal/api/handlers/discover/errors.go
+43
internal/api/handlers/discover/errors.go
···+writeError(w, http.StatusInternalServerError, "InternalServerError", "An error occurred while fetching discover feed")
+80
internal/api/handlers/discover/get_discover.go
+80
internal/api/handlers/discover/get_discover.go
···
+45
internal/api/handlers/timeline/errors.go
+45
internal/api/handlers/timeline/errors.go
···+writeError(w, http.StatusInternalServerError, "InternalServerError", "An error occurred while fetching timeline")
+96
internal/api/handlers/timeline/get_timeline.go
+96
internal/api/handlers/timeline/get_timeline.go
···+writeError(w, http.StatusUnauthorized, "AuthenticationRequired", "User must be authenticated to view timeline")+func (h *GetTimelineHandler) parseRequest(r *http.Request, userDID string) (timeline.GetTimelineRequest, error) {
+30
internal/api/routes/discover.go
+30
internal/api/routes/discover.go
···
+23
internal/api/routes/timeline.go
+23
internal/api/routes/timeline.go
···+r.With(authMiddleware.RequireAuth).Get("/xrpc/social.coves.feed.getTimeline", getTimelineHandler.HandleGetTimeline)
+7
-7
internal/atproto/jetstream/aggregator_consumer.go
+7
-7
internal/atproto/jetstream/aggregator_consumer.go
···-Avatar map[string]interface{} `json:"avatar,omitempty"` // Blob reference (CID will be extracted)+Avatar map[string]interface{} `json:"avatar,omitempty"` // Blob reference (CID will be extracted)···DisabledAt string `json:"disabledAt,omitempty"` // When authorization was disabled (for modlog/audit)
+37
-37
internal/core/aggregators/aggregator.go
+37
-37
internal/core/aggregators/aggregator.go
···-ConfigSchema []byte `json:"configSchema,omitempty" db:"config_schema"` // JSON Schema for configuration (JSONB)+ConfigSchema []byte `json:"configSchema,omitempty" db:"config_schema"` // JSON Schema for configuration (JSONB)MaintainerDID string `json:"maintainerDid,omitempty" db:"maintainer_did"` // Contact for support/issues-SourceURL string `json:"sourceUrl,omitempty" db:"source_url"` // Source code URL (transparency)-CommunitiesUsing int `json:"communitiesUsing" db:"communities_using"` // Auto-updated by trigger-CreatedAt time.Time `json:"createdAt" db:"created_at"` // When aggregator was created (from lexicon)-RecordURI string `json:"recordUri,omitempty" db:"record_uri"` // at://did/social.coves.aggregator.service/self+SourceURL string `json:"sourceUrl,omitempty" db:"source_url"` // Source code URL (transparency)+CommunitiesUsing int `json:"communitiesUsing" db:"communities_using"` // Auto-updated by trigger+CreatedAt time.Time `json:"createdAt" db:"created_at"` // When aggregator was created (from lexicon)+RecordURI string `json:"recordUri,omitempty" db:"record_uri"` // at://did/social.coves.aggregator.service/self// Stored in community's repository: at://community_did/social.coves.aggregator.authorization/{rkey}-DisabledBy string `json:"disabledBy,omitempty" db:"disabled_by"` // Moderator DID who disabled it-DisabledAt *time.Time `json:"disabledAt,omitempty" db:"disabled_at"` // When authorization was disabled (for modlog/audit)-RecordURI string `json:"recordUri,omitempty" db:"record_uri"` // at://community_did/social.coves.aggregator.authorization/{rkey}+DisabledBy string `json:"disabledBy,omitempty" db:"disabled_by"` // Moderator DID who disabled it+DisabledAt *time.Time `json:"disabledAt,omitempty" db:"disabled_at"` // When authorization was disabled (for modlog/audit)+RecordURI string `json:"recordUri,omitempty" db:"record_uri"` // at://community_did/social.coves.aggregator.authorization/{rkey}···
+9
-9
internal/core/aggregators/errors.go
+9
-9
internal/core/aggregators/errors.go
···-ErrNotImplemented = errors.New("feature not yet implemented") // For Phase 2 write-forward operations+ErrNotImplemented = errors.New("feature not yet implemented") // For Phase 2 write-forward operations
+1
-1
internal/core/aggregators/interfaces.go
+1
-1
internal/core/aggregators/interfaces.go
···ValidateAggregatorPost(ctx context.Context, aggregatorDID, communityDID string) error // Checks authorization + rate limits-IsAggregator(ctx context.Context, did string) (bool, error) // Check if DID is a registered aggregator+IsAggregator(ctx context.Context, did string) (bool, error) // Check if DID is a registered aggregator
+71
internal/core/discover/service.go
+71
internal/core/discover/service.go
···+func (s *discoverService) GetDiscover(ctx context.Context, req GetDiscoverRequest) (*DiscoverResponse, error) {+return NewValidationError("timeframe", "timeframe must be one of: hour, day, week, month, year, all")
+99
internal/core/discover/types.go
+99
internal/core/discover/types.go
···
+76
internal/core/timeline/service.go
+76
internal/core/timeline/service.go
···+func (s *timelineService) GetTimeline(ctx context.Context, req GetTimelineRequest) (*TimelineResponse, error) {+return NewValidationError("timeframe", "timeframe must be one of: hour, day, week, month, year, all")
+105
internal/core/timeline/types.go
+105
internal/core/timeline/types.go
···
-4
internal/db/postgres/aggregator_repo.go
-4
internal/db/postgres/aggregator_repo.go
············
+124
internal/db/postgres/discover_repo.go
+124
internal/db/postgres/discover_repo.go
···+"hot": `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5)) DESC, p.created_at DESC, p.uri DESC`,+const discoverHotRankExpression = `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5))`+feedRepoBase: newFeedRepoBase(db, discoverHotRankExpression, discoverSortClauses, cursorSecret),+func (r *postgresDiscoverRepo) GetDiscover(ctx context.Context, req discover.GetDiscoverRequest) ([]*discover.FeedViewPost, *string, error) {
+380
internal/db/postgres/feed_repo_base.go
+380
internal/db/postgres/feed_repo_base.go
···+// 1. idx_posts_community_created ON posts(community_did, created_at DESC) WHERE deleted_at IS NULL+// 2. idx_posts_community_score ON posts(community_did, score DESC, created_at DESC) WHERE deleted_at IS NULL+func newFeedRepoBase(db *sql.DB, hotRankExpr string, sortClauses map[string]string, cursorSecret string) *feedRepoBase {+// paramOffset is the starting parameter number for cursor values ($2 for discover, $3 for timeline)+func (r *feedRepoBase) parseCursor(cursor *string, sort string, paramOffset int) (string, []interface{}, error) {+filter := fmt.Sprintf(`AND (p.score < $%d OR (p.score = $%d AND p.created_at < $%d) OR (p.score = $%d AND p.created_at = $%d AND p.uri < $%d))`,+filter := fmt.Sprintf(`AND ((%s < $%d OR (%s = $%d AND p.created_at < $%d) OR (%s = $%d AND p.created_at = $%d AND p.uri < $%d)) AND p.uri != $%d)`,+func (r *feedRepoBase) buildCursor(post *posts.PostView, sort string, hotRank float64) string {+payload = fmt.Sprintf("%d%s%s%s%s", score, delimiter, post.CreatedAt.Format(time.RFC3339Nano), delimiter, post.URI)+payload = fmt.Sprintf("%s%s%s%s%s", hotRankStr, delimiter, post.CreatedAt.Format(time.RFC3339Nano), delimiter, post.URI)
+131
internal/db/postgres/timeline_repo.go
+131
internal/db/postgres/timeline_repo.go
···+"hot": `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5)) DESC, p.created_at DESC, p.uri DESC`,+const timelineHotRankExpression = `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5))`+feedRepoBase: newFeedRepoBase(db, timelineHotRankExpression, timelineSortClauses, cursorSecret),+func (r *postgresTimelineRepo) GetTimeline(ctx context.Context, req timeline.GetTimelineRequest) ([]*timeline.FeedViewPost, *string, error) {
+16
-16
tests/integration/aggregator_e2e_test.go
+16
-16
tests/integration/aggregator_e2e_test.go
······
+86
-86
tests/integration/aggregator_test.go
+86
-86
tests/integration/aggregator_test.go
·························································RecordURI: fmt.Sprintf("at://%s/social.coves.aggregator.authorization/auth%d", communityDID, i),···
+273
tests/integration/discover_test.go
+273
tests/integration/discover_test.go
···+community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))+community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))+community3DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("cooking-%d", testID), fmt.Sprintf("charlie-%d.test", testID))+post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post", 50, time.Now().Add(-1*time.Hour))+post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Tech post", 30, time.Now().Add(-2*time.Hour))+post3URI := createTestPost(t, db, community3DID, "did:plc:charlie", "Cooking post", 100, time.Now().Add(-30*time.Minute))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)+assert.Less(t, post3Index, post1Index, "Newest post (30min ago) should appear before 1hr old post")+communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("public-%d", testID), fmt.Sprintf("alice-%d.test", testID))+postURI := createTestPost(t, db, communityDID, "did:plc:alice", "Public post", 10, time.Now())+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)+community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))+community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))+post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Recent trending", 50, time.Now().Add(-1*time.Hour))+post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Old popular", 100, time.Now().Add(-24*time.Hour))+post3URI := createTestPost(t, db, community1DID, "did:plc:charlie", "Brand new", 5, time.Now().Add(-10*time.Minute))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=hot&limit=50", nil)+communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("test-%d", testID), fmt.Sprintf("alice-%d.test", testID))+createTestPost(t, db, communityDID, "did:plc:alice", fmt.Sprintf("Post %d", i), 10-i, time.Now().Add(-time.Duration(i)*time.Hour))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=2", nil)+req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("/xrpc/social.coves.feed.getDiscover?sort=new&limit=2&cursor=%s", *page1.Cursor), nil)+assert.NotEqual(t, page1.Feed[0].Post.URI, page2.Feed[0].Post.URI, "Pages should not overlap")+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)
-52
tests/integration/feed_test.go
-52
tests/integration/feed_test.go
······-func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {-INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, created_at)-`, communityDID, name, ownerDID, ownerDID, "did:web:test.coves.social", fmt.Sprintf("%s.coves.social", name))-func createTestPost(t *testing.T, db *sql.DB, communityDID, authorDID, title string, score int, createdAt time.Time) string {-INSERT INTO posts (uri, cid, rkey, author_did, community_did, title, created_at, score, upvote_count)
+54
tests/integration/helpers.go
+54
tests/integration/helpers.go
···+func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {+INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, created_at)+`, communityDID, name, ownerDID, ownerDID, "did:web:test.coves.social", fmt.Sprintf("%s.coves.social", name))+func createTestPost(t *testing.T, db *sql.DB, communityDID, authorDID, title string, score int, createdAt time.Time) string {+INSERT INTO posts (uri, cid, rkey, author_did, community_did, title, created_at, score, upvote_count)
+368
tests/integration/timeline_test.go
+368
tests/integration/timeline_test.go
···+community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))+community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))+community3DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("cooking-%d", testID), fmt.Sprintf("charlie-%d.test", testID))+post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post 1", 50, time.Now().Add(-1*time.Hour))+post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Tech post 1", 30, time.Now().Add(-2*time.Hour))+post3URI := createTestPost(t, db, community3DID, "did:plc:charlie", "Cooking post (should not appear)", 100, time.Now().Add(-30*time.Minute))+post4URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post 2", 20, time.Now().Add(-3*time.Hour))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)+uris := []string{response.Feed[0].Post.URI, response.Feed[1].Post.URI, response.Feed[2].Post.URI}+assert.Equal(t, "social.coves.post.record", record["$type"], "Record should have correct $type")+community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))+community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))+createTestPost(t, db, community1DID, "did:plc:alice", "Recent trending gaming", 50, time.Now().Add(-1*time.Hour))+createTestPost(t, db, community2DID, "did:plc:bob", "Old popular tech", 100, time.Now().Add(-24*time.Hour))+createTestPost(t, db, community1DID, "did:plc:charlie", "Brand new gaming", 5, time.Now().Add(-10*time.Minute))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=hot&limit=10", nil)+communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))+createTestPost(t, db, communityDID, "did:plc:alice", fmt.Sprintf("Post %d", i), 10-i, time.Now().Add(-time.Duration(i)*time.Hour))+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=2", nil)+req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("/xrpc/social.coves.feed.getTimeline?sort=new&limit=2&cursor=%s", *page1.Cursor), nil)+assert.NotEqual(t, page1.Feed[0].Post.URI, page2.Feed[0].Post.URI, "Pages should not overlap")+assert.NotEqual(t, page1.Feed[1].Post.URI, page2.Feed[1].Post.URI, "Pages should not overlap")+// TestGetTimeline_EmptyWhenNoSubscriptions tests timeline is empty when user has no subscriptions+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)+req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=100", nil)