bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

feat: Implement barebones atProto user system with security fixes

Implements a minimal, production-ready user management system for Coves
with atProto DID-based identity and comprehensive security improvements.

## Core Features
- atProto-compliant user model (DID + handle)
- Single clean migration (001_create_users_table.sql)
- XRPC endpoint: social.coves.actor.getProfile
- Handle-based authentication (resolves handle → DID)
- PostgreSQL AppView indexing

## Security & Performance Fixes
- **Rate limiting**: 100 req/min per IP (in-memory middleware)
- **Input validation**: atProto handle regex validation
- Alphanumeric + hyphens + dots only
- No consecutive hyphens, must start/end with alphanumeric
- 1-253 character length limit
- **Database constraints**: Proper unique constraint error handling
- Clear error messages for duplicate DID/handle
- No internal details leaked to API consumers
- **Performance**: Removed duplicate DB checks (3 calls → 1 call)

## Breaking Changes
- Replaced email/username model with DID/handle
- Deleted legacy migrations (001, 005)
- Removed old repository and service test files

## Architecture
- Repository: Parameterized queries, context-aware
- Service: Business logic with proper validation
- Handler: Minimal XRPC implementation
- Middleware: Rate limiting for public endpoints

## Testing
- Full integration test coverage (4 test suites, all passing)
- Duplicate creation validation tests
- Handle format validation (9 edge cases)
- XRPC endpoint tests (success/error scenarios)

## Documentation
- Updated TESTING_SUMMARY.md with .test handle convention
- Added TODO for federated PDS support
- RFC3339 timestamp formatting

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev 5973db7b 340889f1

options
unified split
Changed files
+756 -650
CLAUDE.md
TESTING_SUMMARY.md
cmd
server
main.go
internal
api
middleware
ratelimit.go
routes
user.go
core
users
interfaces.go
repository.go
service.go
service_test.go
user.go
db
migrations
001_create_users_table.sql
005_add_user_maps_indices.sql
postgres
user_repo.go
tests
integration
integration_test.go
+92 -62
CLAUDE.md 
···

       
1

       

       
-

       
# CLAUDE-BUILD.md


     

       
2

       
1

       
 

       



     

       
3

       

       
-

       
Project: Coves Builder You are a distinguished developer actively building Coves, a forum-like atProto social media platform. Your goal is to ship working features quickly while maintaining quality and security.


     

       

       
2

       
+

       
Project: Coves PR Reviewer


     

       

       
3

       
+

       
You are a distinguished senior architect conducting a thorough code review for Coves, a forum-like atProto social media platform.


     

       
4

       
4

       
 

       



     

       
5

       

       
-

       
## Builder Mindset


     

       

       
5

       
+

       
## Review Mindset


     

       

       
6

       
+

       
- Be constructive but thorough - catch issues before they reach production


     

       

       
7

       
+

       
- Question assumptions and look for edge cases


     

       

       
8

       
+

       
- Prioritize security, performance, and maintainability concerns


     

       

       
9

       
+

       
- Suggest alternatives when identifying problems


     

       
6

       
10

       
 

       



     

       
7

       

       
-

       
- Ship working code today, refactor tomorrow


     

       
8

       

       
-

       
- Security is built-in, not bolted-on


     

       
9

       

       
-

       
- Test-driven: write the test, then make it pass


     

       
10

       

       
-

       
- When stuck, check Context7 for patterns and examples


     

       
11

       

       
-

       
- ASK QUESTIONS if you need context surrounding the product DONT ASSUME


     

       
12

       
11

       
 

       



     

       
13

       

       
-

       
#### Human & LLM Readability Guidelines:


     

       
14

       

       
-

       
- Descriptive Naming: Use full words over abbreviations (e.g., CommunityGovernance not CommGov)


     

       

       
12

       
+

       
## Special Attention Areas for Coves


     

       

       
13

       
+

       
- **atProto Integration**: Verify proper use of indigo packages 


     

       

       
14

       
+

       
- **atProto architecture**: Ensure architecture follows atProto recommendations


     

       

       
15

       
+

       
- **Federation**: Check for proper DID resolution and identity verification 


     

       

       
16

       
+

       
- **PostgreSQL**: Verify migrations are reversible and indexes are appropriate 


     

       
15

       
17

       
 

       



     

       
16

       

       
-

       
## atProto Essentials for Coves


     

       

       
18

       
+

       
## Review Checklist


     

       
17

       
19

       
 

       



     

       
18

       

       
-

       
### Architecture


     

       
19

       

       
-

       
- **PDS is Self-Contained**: Uses internal SQLite + CAR files (in Docker volume)


     

       
20

       

       
-

       
- **PostgreSQL for AppView Only**: One database for Coves AppView indexing


     

       
21

       

       
-

       
- **Don't Touch PDS Internals**: PDS manages its own storage, we just read from firehose


     

       
22

       

       
-

       
- **Data Flow**: Client → PDS → Firehose → AppView → PostgreSQL


     

       

       
20

       
+

       
### 1. Architecture Compliance


     

       

       
21

       
+

       
**MUST VERIFY:**


     

       

       
22

       
+

       
- [ ] NO SQL queries in handlers (automatic rejection if found)


     

       

       
23

       
+

       
- [ ] Proper layer separation: Handler → Service → Repository → Database


     

       

       
24

       
+

       
- [ ] Services use repository interfaces, not concrete implementations


     

       

       
25

       
+

       
- [ ] Dependencies injected via constructors, not globals


     

       

       
26

       
+

       
- [ ] No database packages imported in handlers


     

       
23

       
27

       
 

       



     

       
24

       

       
-

       
### Always Consider:


     

       
25

       

       
-

       
- [ ] **Identity**: Every action needs DID verification


     

       
26

       

       
-

       
- [ ] **Record Types**: Define custom lexicons (e.g., `social.coves.post`, `social.coves.community`)


     

       
27

       

       
-

       
- [ ] **Is it federated-friendly?** (Can other PDSs interact with it?)


     

       
28

       

       
-

       
- [ ] **Does the Lexicon make sense?** (Would it work for other forums?)


     

       
29

       

       
-

       
- [ ] **AppView only indexes**: We don't write to CAR files, only read from firehose


     

       
30

       

       
-

       



     

       
31

       

       
-

       
## Security-First Building


     

       
32

       

       
-

       



     

       
33

       

       
-

       
### Every Feature MUST:


     

       
34

       

       
-

       



     

       
35

       

       
-

       
- [ ] **Validate all inputs** at the handler level


     

       
36

       

       
-

       
- [ ] **Use parameterized queries** (never string concatenation)


     

       
37

       

       
-

       
- [ ] **Check authorization** before any operation


     

       
38

       

       
-

       
- [ ] **Limit resource access** (pagination, rate limits)


     

       
39

       

       
-

       
- [ ] **Log security events** (failed auth, invalid inputs)


     

       
40

       

       
-

       
- [ ] **Never log sensitive data** (passwords, tokens, PII)


     

       

       
28

       
+

       
### 2. Security Review


     

       

       
29

       
+

       
**CHECK FOR:**


     

       

       
30

       
+

       
- SQL injection vulnerabilities (even with prepared statements, verify)


     

       

       
31

       
+

       
- Proper input validation and sanitization


     

       

       
32

       
+

       
- Authentication/authorization checks on all protected endpoints


     

       

       
33

       
+

       
- No sensitive data in logs or error messages


     

       

       
34

       
+

       
- Rate limiting on public endpoints


     

       

       
35

       
+

       
- CSRF protection where applicable


     

       

       
36

       
+

       
- Proper atProto identity verification


     

       
41

       
37

       
 

       



     

       
42

       

       
-

       
### Red Flags to Avoid:


     

       

       
38

       
+

       
### 3. Error Handling Audit


     

       

       
39

       
+

       
**VERIFY:**


     

       

       
40

       
+

       
- All errors are handled, not ignored


     

       

       
41

       
+

       
- Error wrapping provides context: `fmt.Errorf("service: %w", err)`


     

       

       
42

       
+

       
- Domain errors defined in core/errors/


     

       

       
43

       
+

       
- HTTP status codes correctly map to error types


     

       

       
44

       
+

       
- No internal error details exposed to API consumers


     

       

       
45

       
+

       
- Nil pointer checks before dereferencing


     

       
43

       
46

       
 

       



     

       
44

       

       
-

       
- `fmt.Sprintf` in SQL queries → Use parameterized queries


     

       
45

       

       
-

       
- Missing `context.Context` → Need it for timeouts/cancellation


     

       
46

       

       
-

       
- No input validation → Add it immediately


     

       
47

       

       
-

       
- Error messages with internal details → Wrap errors properly


     

       
48

       

       
-

       
- Unbounded queries → Add limits/pagination


     

       

       
47

       
+

       
### 4. Performance Considerations


     

       

       
48

       
+

       
**LOOK FOR:**


     

       

       
49

       
+

       
- N+1 query problems


     

       

       
50

       
+

       
- Missing database indexes for frequently queried fields


     

       

       
51

       
+

       
- Unnecessary database round trips


     

       

       
52

       
+

       
- Large unbounded queries without pagination


     

       

       
53

       
+

       
- Memory leaks in goroutines


     

       

       
54

       
+

       
- Proper connection pool usage


     

       

       
55

       
+

       
- Efficient atProto federation calls


     

       
49

       
56

       
 

       



     

       
50

       

       
-

       
### "How should I structure this?"


     

       

       
57

       
+

       
### 5. Testing Coverage


     

       

       
58

       
+

       
**REQUIRE:**


     

       

       
59

       
+

       
- Unit tests for all new service methods


     

       

       
60

       
+

       
- Integration tests for new API endpoints


     

       

       
61

       
+

       
- Edge case coverage (empty inputs, max values, special characters)


     

       

       
62

       
+

       
- Error path testing


     

       

       
63

       
+

       
- Mock verification in unit tests


     

       

       
64

       
+

       
- No flaky tests (check for time dependencies, random values)


     

       
51

       
65

       
 

       



     

       
52

       

       
-

       
1. One domain, one package


     

       
53

       

       
-

       
2. Interfaces for testability


     

       
54

       

       
-

       
3. Services coordinate repos


     

       
55

       

       
-

       
4. Handlers only handle XRPC


     

       

       
66

       
+

       
### 6. Code Quality


     

       

       
67

       
+

       
**ASSESS:**


     

       

       
68

       
+

       
- Naming follows conventions (full words, not abbreviations)


     

       

       
69

       
+

       
- Functions do one thing well


     

       

       
70

       
+

       
- No code duplication (DRY principle)


     

       

       
71

       
+

       
- Consistent error handling patterns


     

       

       
72

       
+

       
- Proper use of Go idioms


     

       

       
73

       
+

       
- No commented-out code


     

       
56

       
74

       
 

       



     

       
57

       

       
-

       
## Pre-Production Advantages


     

       

       
75

       
+

       
### 7. Breaking Changes


     

       

       
76

       
+

       
**IDENTIFY:**


     

       

       
77

       
+

       
- API contract changes


     

       

       
78

       
+

       
- Database schema modifications affecting existing data


     

       

       
79

       
+

       
- Changes to core interfaces


     

       

       
80

       
+

       
- Modified error codes or response formats


     

       
58

       
81

       
 

       



     

       
59

       

       
-

       
Since we're pre-production:


     

       

       
82

       
+

       
### 8. Documentation


     

       

       
83

       
+

       
**ENSURE:**


     

       

       
84

       
+

       
- API endpoints have example requests/responses


     

       

       
85

       
+

       
- Complex business logic is explained


     

       

       
86

       
+

       
- Database migrations include rollback scripts


     

       

       
87

       
+

       
- README updated if setup process changes


     

       

       
88

       
+

       
- Swagger/OpenAPI specs updated if applicable


     

       
60

       
89

       
 

       



     

       
61

       

       
-

       
- **Break things**: Delete and rebuild rather than complex migrations


     

       
62

       

       
-

       
- **Experiment**: Try approaches, keep what works


     

       
63

       

       
-

       
- **Simplify**: Remove unused code aggressively


     

       
64

       

       
-

       
- **But never compromise security basics**


     

       

       
90

       
+

       
## Review Process


     

       
65

       
91

       
 

       



     

       
66

       

       
-

       
## Success Metrics


     

       

       
92

       
+

       
1. **First Pass - Automatic Rejections**


     

       

       
93

       
+

       
   - SQL in handlers


     

       

       
94

       
+

       
   - Missing tests


     

       

       
95

       
+

       
   - Security vulnerabilities


     

       

       
96

       
+

       
   - Broken layer separation


     

       
67

       
97

       
 

       



     

       
68

       

       
-

       
Your code is ready when:


     

       

       
98

       
+

       
2. **Second Pass - Deep Dive**


     

       

       
99

       
+

       
   - Business logic correctness


     

       

       
100

       
+

       
   - Edge case handling


     

       

       
101

       
+

       
   - Performance implications


     

       

       
102

       
+

       
   - Code maintainability


     

       
69

       
103

       
 

       



     

       
70

       

       
-

       
- [ ] Tests pass (including security tests)


     

       
71

       

       
-

       
- [ ] Follows atProto patterns


     

       
72

       

       
-

       
- [ ] Handles errors gracefully


     

       
73

       

       
-

       
- [ ] Works end-to-end with auth


     

       

       
104

       
+

       
3. **Third Pass - Suggestions**


     

       

       
105

       
+

       
   - Better patterns or approaches


     

       

       
106

       
+

       
   - Refactoring opportunities


     

       

       
107

       
+

       
   - Future considerations


     

       
74

       
108

       
 

       



     

       
75

       

       
-

       
## Quick Checks Before Committing


     

       

       
109

       
+

       
Then provide detailed feedback organized by: 1. 🚨 **Critical Issues** (must fix) 2. ⚠️ **Important Issues** (should fix) 3. 💡 **Suggestions** (consider for improvement) 4. ✅ **Good Practices Observed** (reinforce positive patterns) 


     

       
76

       
110

       
 

       



     

       
77

       

       
-

       
1. **Will it work?** (Integration test proves it)


     

       
78

       

       
-

       
2. **Is it secure?** (Auth, validation, parameterized queries)


     

       
79

       

       
-

       
3. **Is it simple?** (Could you explain to a junior?)


     

       
80

       

       
-

       
4. **Is it complete?** (Test, implementation, documentation)


     

       
81

       
111

       
 

       



     

       
82

       

       
-

       
Remember: We're building a working product. Perfect is the enemy of shipped.


     

       

       
112

       
+

       
Remember: The goal is to ship quality code quickly. Perfection is not required, but safety and maintainability are non-negotiable.
+3 -3
TESTING_SUMMARY.md 
···

       
81

       
81

       
 

       



     

       
82

       
82

       
 

       
Test individual components in isolation.


     

       
83

       
83

       
 

       



     

       
84

       

       
-

       
**Example**: [internal/core/users/service_test.go](internal/core/users/service_test.go)


     

       

       
84

       
+

       
**Note**: Unit tests will be added as needed. Currently focusing on integration tests.


     

       
85

       
85

       
 

       



     

       
86

       
86

       
 

       
```bash


     

       
87

       

       
-

       
# Run unit tests for a specific package


     

       

       
87

       
+

       
# Run unit tests for a specific package (when available)


     

       
88

       
88

       
 

       
go test -v ./internal/core/users/...


     

       
89

       
89

       
 

       
```


     

       
90

       
90

       
 

       



     
···

       
346

       
346

       
 

       
- ✅ One test file per feature/endpoint


     

       
347

       
347

       
 

       



     

       
348

       
348

       
 

       
### Test Data


     

       
349

       

       
-

       
- ✅ Use `@example.com` emails for test users (auto-cleaned by setupTestDB)


     

       

       
349

       
+

       
- ✅ Use `.test` handles for test users (e.g., `alice.test`) (auto-cleaned by setupTestDB)


     

       
350

       
350

       
 

       
- ✅ Clean up data in tests (or rely on setupTestDB cleanup)


     

       
351

       
351

       
 

       
- ✅ Don't rely on specific test execution order


     

       
352

       
352

       
 

       
- ✅ Each test should be independent
+32 -12
cmd/server/main.go 
···

       
6

       
6

       
 

       
	"log"


     

       
7

       
7

       
 

       
	"net/http"


     

       
8

       
8

       
 

       
	"os"


     

       

       
9

       
+

       
	"time"


     

       
9

       
10

       
 

       



     

       
10

       
11

       
 

       
	"github.com/go-chi/chi/v5"


     

       
11

       

       
-

       
	"github.com/go-chi/chi/v5/middleware"


     

       

       
12

       
+

       
	chiMiddleware "github.com/go-chi/chi/v5/middleware"


     

       
12

       
13

       
 

       
	_ "github.com/lib/pq"


     

       
13

       
14

       
 

       
	"github.com/pressly/goose/v3"


     

       
14

       
15

       
 

       



     

       

       
16

       
+

       
	"Coves/internal/api/middleware"


     

       
15

       
17

       
 

       
	"Coves/internal/api/routes"


     

       
16

       
18

       
 

       
	"Coves/internal/core/users"


     

       
17

       
19

       
 

       
	postgresRepo "Coves/internal/db/postgres"


     

       
18

       
20

       
 

       
)


     

       
19

       
21

       
 

       



     

       
20

       
22

       
 

       
func main() {


     

       

       
23

       
+

       
	// Database configuration (AppView database)


     

       
21

       
24

       
 

       
	dbURL := os.Getenv("DATABASE_URL")


     

       
22

       
25

       
 

       
	if dbURL == "" {


     

       
23

       

       
-

       
		dbURL = "postgres://postgres:password@localhost:5432/coves?sslmode=disable"


     

       

       
26

       
+

       
		// Use dev database from .env.dev


     

       

       
27

       
+

       
		dbURL = "postgres://dev_user:dev_password@localhost:5433/coves_dev?sslmode=disable"


     

       

       
28

       
+

       
	}


     

       

       
29

       
+

       



     

       

       
30

       
+

       
	// PDS URL configuration


     

       

       
31

       
+

       
	pdsURL := os.Getenv("PDS_URL")


     

       

       
32

       
+

       
	if pdsURL == "" {


     

       

       
33

       
+

       
		pdsURL = "http://localhost:3001" // Local dev PDS


     

       
24

       
34

       
 

       
	}


     

       
25

       
35

       
 

       



     

       
26

       
36

       
 

       
	db, err := sql.Open("postgres", dbURL)


     
···

       
33

       
43

       
 

       
		log.Fatal("Failed to ping database:", err)


     

       
34

       
44

       
 

       
	}


     

       
35

       
45

       
 

       



     

       

       
46

       
+

       
	log.Println("Connected to AppView database")


     

       

       
47

       
+

       



     

       

       
48

       
+

       
	// Run migrations


     

       
36

       
49

       
 

       
	if err := goose.SetDialect("postgres"); err != nil {


     

       
37

       
50

       
 

       
		log.Fatal("Failed to set goose dialect:", err)


     

       
38

       
51

       
 

       
	}


     
···

       
41

       
54

       
 

       
		log.Fatal("Failed to run migrations:", err)


     

       
42

       
55

       
 

       
	}


     

       
43

       
56

       
 

       



     

       

       
57

       
+

       
	log.Println("Migrations completed successfully")


     

       

       
58

       
+

       



     

       
44

       
59

       
 

       
	r := chi.NewRouter()


     

       
45

       
60

       
 

       



     

       
46

       

       
-

       
	r.Use(middleware.Logger)


     

       
47

       

       
-

       
	r.Use(middleware.Recoverer)


     

       
48

       

       
-

       
	r.Use(middleware.RequestID)


     

       

       
61

       
+

       
	r.Use(chiMiddleware.Logger)


     

       

       
62

       
+

       
	r.Use(chiMiddleware.Recoverer)


     

       

       
63

       
+

       
	r.Use(chiMiddleware.RequestID)


     

       
49

       
64

       
 

       



     

       
50

       

       
-

       
	// Initialize repositories


     

       

       
65

       
+

       
	// Rate limiting: 100 requests per minute per IP


     

       

       
66

       
+

       
	rateLimiter := middleware.NewRateLimiter(100, 1*time.Minute)


     

       

       
67

       
+

       
	r.Use(rateLimiter.Middleware)


     

       

       
68

       
+

       



     

       

       
69

       
+

       
	// Initialize repositories and services


     

       
51

       
70

       
 

       
	userRepo := postgresRepo.NewUserRepository(db)


     

       
52

       

       
-

       
	userService := users.NewUserService(userRepo)


     

       

       
71

       
+

       
	userService := users.NewUserService(userRepo, pdsURL)


     

       
53

       
72

       
 

       



     

       
54

       

       
-

       
	// Mount routes


     

       
55

       

       
-

       
	r.Mount("/api/users", routes.UserRoutes(userService))


     

       

       
73

       
+

       
	// Mount XRPC routes


     

       

       
74

       
+

       
	r.Mount("/xrpc/social.coves.actor", routes.UserRoutes(userService))


     

       
56

       
75

       
 

       



     

       
57

       
76

       
 

       
	r.Get("/health", func(w http.ResponseWriter, r *http.Request) {


     

       
58

       
77

       
 

       
		w.WriteHeader(http.StatusOK)


     

       
59

       
78

       
 

       
		w.Write([]byte("OK"))


     

       
60

       
79

       
 

       
	})


     

       
61

       
80

       
 

       



     

       
62

       

       
-

       
	port := os.Getenv("PORT")


     

       

       
81

       
+

       
	port := os.Getenv("APPVIEW_PORT")


     

       
63

       
82

       
 

       
	if port == "" {


     

       
64

       

       
-

       
		port = "8080"


     

       

       
83

       
+

       
		port = "8081" // Match .env.dev default


     

       
65

       
84

       
 

       
	}


     

       
66

       
85

       
 

       



     

       
67

       

       
-

       
	fmt.Printf("Server starting on port %s\n", port)


     

       

       
86

       
+

       
	fmt.Printf("Coves AppView starting on port %s\n", port)


     

       

       
87

       
+

       
	fmt.Printf("PDS URL: %s\n", pdsURL)


     

       
68

       
88

       
 

       
	log.Fatal(http.ListenAndServe(":"+port, r))


     

       
69

       
89

       
 

       
}
+122
internal/api/middleware/ratelimit.go 
···

       

       
1

       
+

       
package middleware


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"net/http"


     

       

       
5

       
+

       
	"sync"


     

       

       
6

       
+

       
	"time"


     

       

       
7

       
+

       
)


     

       

       
8

       
+

       



     

       

       
9

       
+

       
// RateLimiter implements a simple in-memory rate limiter


     

       

       
10

       
+

       
// For production, consider using Redis or a distributed rate limiter


     

       

       
11

       
+

       
type RateLimiter struct {


     

       

       
12

       
+

       
	mu       sync.Mutex


     

       

       
13

       
+

       
	clients  map[string]*clientLimit


     

       

       
14

       
+

       
	requests int           // Max requests per window


     

       

       
15

       
+

       
	window   time.Duration // Time window


     

       

       
16

       
+

       
}


     

       

       
17

       
+

       



     

       

       
18

       
+

       
type clientLimit struct {


     

       

       
19

       
+

       
	count     int


     

       

       
20

       
+

       
	resetTime time.Time


     

       

       
21

       
+

       
}


     

       

       
22

       
+

       



     

       

       
23

       
+

       
// NewRateLimiter creates a new rate limiter


     

       

       
24

       
+

       
// requests: maximum number of requests allowed per window


     

       

       
25

       
+

       
// window: time window duration (e.g., 1 minute)


     

       

       
26

       
+

       
func NewRateLimiter(requests int, window time.Duration) *RateLimiter {


     

       

       
27

       
+

       
	rl := &RateLimiter{


     

       

       
28

       
+

       
		clients:  make(map[string]*clientLimit),


     

       

       
29

       
+

       
		requests: requests,


     

       

       
30

       
+

       
		window:   window,


     

       

       
31

       
+

       
	}


     

       

       
32

       
+

       



     

       

       
33

       
+

       
	// Cleanup old entries every window duration


     

       

       
34

       
+

       
	go rl.cleanup()


     

       

       
35

       
+

       



     

       

       
36

       
+

       
	return rl


     

       

       
37

       
+

       
}


     

       

       
38

       
+

       



     

       

       
39

       
+

       
// Middleware returns a rate limiting middleware


     

       

       
40

       
+

       
func (rl *RateLimiter) Middleware(next http.Handler) http.Handler {


     

       

       
41

       
+

       
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {


     

       

       
42

       
+

       
		// Use IP address as client identifier


     

       

       
43

       
+

       
		// In production, consider using authenticated user ID if available


     

       

       
44

       
+

       
		clientID := getClientIP(r)


     

       

       
45

       
+

       



     

       

       
46

       
+

       
		if !rl.allow(clientID) {


     

       

       
47

       
+

       
			http.Error(w, "Rate limit exceeded. Please try again later.", http.StatusTooManyRequests)


     

       

       
48

       
+

       
			return


     

       

       
49

       
+

       
		}


     

       

       
50

       
+

       



     

       

       
51

       
+

       
		next.ServeHTTP(w, r)


     

       

       
52

       
+

       
	})


     

       

       
53

       
+

       
}


     

       

       
54

       
+

       



     

       

       
55

       
+

       
// allow checks if a client is allowed to make a request


     

       

       
56

       
+

       
func (rl *RateLimiter) allow(clientID string) bool {


     

       

       
57

       
+

       
	rl.mu.Lock()


     

       

       
58

       
+

       
	defer rl.mu.Unlock()


     

       

       
59

       
+

       



     

       

       
60

       
+

       
	now := time.Now()


     

       

       
61

       
+

       



     

       

       
62

       
+

       
	// Get or create client limit


     

       

       
63

       
+

       
	client, exists := rl.clients[clientID]


     

       

       
64

       
+

       
	if !exists {


     

       

       
65

       
+

       
		rl.clients[clientID] = &clientLimit{


     

       

       
66

       
+

       
			count:     1,


     

       

       
67

       
+

       
			resetTime: now.Add(rl.window),


     

       

       
68

       
+

       
		}


     

       

       
69

       
+

       
		return true


     

       

       
70

       
+

       
	}


     

       

       
71

       
+

       



     

       

       
72

       
+

       
	// Check if window has expired


     

       

       
73

       
+

       
	if now.After(client.resetTime) {


     

       

       
74

       
+

       
		client.count = 1


     

       

       
75

       
+

       
		client.resetTime = now.Add(rl.window)


     

       

       
76

       
+

       
		return true


     

       

       
77

       
+

       
	}


     

       

       
78

       
+

       



     

       

       
79

       
+

       
	// Check if under limit


     

       

       
80

       
+

       
	if client.count < rl.requests {


     

       

       
81

       
+

       
		client.count++


     

       

       
82

       
+

       
		return true


     

       

       
83

       
+

       
	}


     

       

       
84

       
+

       



     

       

       
85

       
+

       
	// Rate limit exceeded


     

       

       
86

       
+

       
	return false


     

       

       
87

       
+

       
}


     

       

       
88

       
+

       



     

       

       
89

       
+

       
// cleanup removes expired client entries periodically


     

       

       
90

       
+

       
func (rl *RateLimiter) cleanup() {


     

       

       
91

       
+

       
	ticker := time.NewTicker(rl.window)


     

       

       
92

       
+

       
	defer ticker.Stop()


     

       

       
93

       
+

       



     

       

       
94

       
+

       
	for range ticker.C {


     

       

       
95

       
+

       
		rl.mu.Lock()


     

       

       
96

       
+

       
		now := time.Now()


     

       

       
97

       
+

       
		for clientID, client := range rl.clients {


     

       

       
98

       
+

       
			if now.After(client.resetTime) {


     

       

       
99

       
+

       
				delete(rl.clients, clientID)


     

       

       
100

       
+

       
			}


     

       

       
101

       
+

       
		}


     

       

       
102

       
+

       
		rl.mu.Unlock()


     

       

       
103

       
+

       
	}


     

       

       
104

       
+

       
}


     

       

       
105

       
+

       



     

       

       
106

       
+

       
// getClientIP extracts the client IP from the request


     

       

       
107

       
+

       
func getClientIP(r *http.Request) string {


     

       

       
108

       
+

       
	// Check X-Forwarded-For header (if behind proxy)


     

       

       
109

       
+

       
	forwarded := r.Header.Get("X-Forwarded-For")


     

       

       
110

       
+

       
	if forwarded != "" {


     

       

       
111

       
+

       
		return forwarded


     

       

       
112

       
+

       
	}


     

       

       
113

       
+

       



     

       

       
114

       
+

       
	// Check X-Real-IP header


     

       

       
115

       
+

       
	realIP := r.Header.Get("X-Real-IP")


     

       

       
116

       
+

       
	if realIP != "" {


     

       

       
117

       
+

       
		return realIP


     

       

       
118

       
+

       
	}


     

       

       
119

       
+

       



     

       

       
120

       
+

       
	// Fall back to RemoteAddr


     

       

       
121

       
+

       
	return r.RemoteAddr


     

       

       
122

       
+

       
}
+65 -9
internal/api/routes/user.go 
···

       
1

       
1

       
 

       
package routes


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import (


     

       

       
4

       
+

       
	"encoding/json"


     

       

       
5

       
+

       
	"net/http"


     

       

       
6

       
+

       
	"time"


     

       

       
7

       
+

       



     

       
4

       
8

       
 

       
	"Coves/internal/core/users"


     

       
5

       
9

       
 

       
	"github.com/go-chi/chi/v5"


     

       
6

       

       
-

       
	"net/http"


     

       
7

       
10

       
 

       
)


     

       
8

       
11

       
 

       



     

       
9

       

       
-

       
// UserRoutes returns user-related routes


     

       

       
12

       
+

       
// UserHandler handles user-related XRPC endpoints


     

       

       
13

       
+

       
type UserHandler struct {


     

       

       
14

       
+

       
	userService users.UserService


     

       

       
15

       
+

       
}


     

       

       
16

       
+

       



     

       

       
17

       
+

       
// NewUserHandler creates a new user handler


     

       

       
18

       
+

       
func NewUserHandler(userService users.UserService) *UserHandler {


     

       

       
19

       
+

       
	return &UserHandler{


     

       

       
20

       
+

       
		userService: userService,


     

       

       
21

       
+

       
	}


     

       

       
22

       
+

       
}


     

       

       
23

       
+

       



     

       

       
24

       
+

       
// UserRoutes returns user-related XRPC routes


     

       

       
25

       
+

       
// Implements social.coves.actor.* lexicon endpoints


     

       
10

       
26

       
 

       
func UserRoutes(service users.UserService) chi.Router {


     

       

       
27

       
+

       
	h := NewUserHandler(service)


     

       
11

       
28

       
 

       
	r := chi.NewRouter()


     

       
12

       

       
-

       
	


     

       
13

       

       
-

       
	// TODO: Implement user handlers


     

       
14

       

       
-

       
	r.Get("/", func(w http.ResponseWriter, r *http.Request) {


     

       
15

       

       
-

       
		w.WriteHeader(http.StatusOK)


     

       
16

       

       
-

       
		w.Write([]byte("User routes not yet implemented"))


     

       
17

       

       
-

       
	})


     

       
18

       

       
-

       
	


     

       

       
29

       
+

       



     

       

       
30

       
+

       
	// social.coves.actor.getProfile - query endpoint


     

       

       
31

       
+

       
	r.Get("/profile", h.GetProfile)


     

       

       
32

       
+

       



     

       
19

       
33

       
 

       
	return r


     

       

       
34

       
+

       
}


     

       

       
35

       
+

       



     

       

       
36

       
+

       
// GetProfile handles social.coves.actor.getProfile


     

       

       
37

       
+

       
// Query endpoint that retrieves a user profile by DID or handle


     

       

       
38

       
+

       
func (h *UserHandler) GetProfile(w http.ResponseWriter, r *http.Request) {


     

       

       
39

       
+

       
	ctx := r.Context()


     

       

       
40

       
+

       



     

       

       
41

       
+

       
	// Get actor parameter (DID or handle)


     

       

       
42

       
+

       
	actor := r.URL.Query().Get("actor")


     

       

       
43

       
+

       
	if actor == "" {


     

       

       
44

       
+

       
		http.Error(w, "actor parameter is required", http.StatusBadRequest)


     

       

       
45

       
+

       
		return


     

       

       
46

       
+

       
	}


     

       

       
47

       
+

       



     

       

       
48

       
+

       
	var user *users.User


     

       

       
49

       
+

       
	var err error


     

       

       
50

       
+

       



     

       

       
51

       
+

       
	// Determine if actor is a DID or handle


     

       

       
52

       
+

       
	// DIDs start with "did:", handles don't


     

       

       
53

       
+

       
	if len(actor) > 4 && actor[:4] == "did:" {


     

       

       
54

       
+

       
		user, err = h.userService.GetUserByDID(ctx, actor)


     

       

       
55

       
+

       
	} else {


     

       

       
56

       
+

       
		user, err = h.userService.GetUserByHandle(ctx, actor)


     

       

       
57

       
+

       
	}


     

       

       
58

       
+

       



     

       

       
59

       
+

       
	if err != nil {


     

       

       
60

       
+

       
		http.Error(w, "user not found", http.StatusNotFound)


     

       

       
61

       
+

       
		return


     

       

       
62

       
+

       
	}


     

       

       
63

       
+

       



     

       

       
64

       
+

       
	// Minimal profile response (matching lexicon structure)


     

       

       
65

       
+

       
	response := map[string]interface{}{


     

       

       
66

       
+

       
		"did": user.DID,


     

       

       
67

       
+

       
		"profile": map[string]interface{}{


     

       

       
68

       
+

       
			"handle":    user.Handle,


     

       

       
69

       
+

       
			"createdAt": user.CreatedAt.Format(time.RFC3339),


     

       

       
70

       
+

       
		},


     

       

       
71

       
+

       
	}


     

       

       
72

       
+

       



     

       

       
73

       
+

       
	w.Header().Set("Content-Type", "application/json")


     

       

       
74

       
+

       
	w.WriteHeader(http.StatusOK)


     

       

       
75

       
+

       
	json.NewEncoder(w).Encode(response)


     

       
20

       
76

       
 

       
}
+15 -7
internal/core/users/interfaces.go 
···

       
1

       
1

       
 

       
package users


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
type UserServiceInterface interface {


     

       
4

       

       
-

       
	CreateUser(req CreateUserRequest) (*User, error)


     

       
5

       

       
-

       
	GetUserByID(id int) (*User, error)


     

       
6

       

       
-

       
	GetUserByEmail(email string) (*User, error)


     

       
7

       

       
-

       
	GetUserByUsername(username string) (*User, error)


     

       
8

       

       
-

       
	UpdateUser(id int, req UpdateUserRequest) (*User, error)


     

       
9

       

       
-

       
	DeleteUser(id int) error


     

       

       
3

       
+

       
import "context"


     

       

       
4

       
+

       



     

       

       
5

       
+

       
// UserRepository defines the interface for user data persistence


     

       

       
6

       
+

       
type UserRepository interface {


     

       

       
7

       
+

       
	Create(ctx context.Context, user *User) (*User, error)


     

       

       
8

       
+

       
	GetByDID(ctx context.Context, did string) (*User, error)


     

       

       
9

       
+

       
	GetByHandle(ctx context.Context, handle string) (*User, error)


     

       

       
10

       
+

       
}


     

       

       
11

       
+

       



     

       

       
12

       
+

       
// UserService defines the interface for user business logic


     

       

       
13

       
+

       
type UserService interface {


     

       

       
14

       
+

       
	CreateUser(ctx context.Context, req CreateUserRequest) (*User, error)


     

       

       
15

       
+

       
	GetUserByDID(ctx context.Context, did string) (*User, error)


     

       

       
16

       
+

       
	GetUserByHandle(ctx context.Context, handle string) (*User, error)


     

       

       
17

       
+

       
	ResolveHandleToDID(ctx context.Context, handle string) (string, error)


     

       
10

       
18

       
 

       
}
-10
internal/core/users/repository.go 
···

       
1

       

       
-

       
package users


     

       
2

       

       
-

       



     

       
3

       

       
-

       
type UserRepository interface {


     

       
4

       

       
-

       
	Create(user *User) (*User, error)


     

       
5

       

       
-

       
	GetByID(id int) (*User, error)


     

       
6

       

       
-

       
	GetByEmail(email string) (*User, error)


     

       
7

       

       
-

       
	GetByUsername(username string) (*User, error)


     

       
8

       

       
-

       
	Update(user *User) (*User, error)


     

       
9

       

       
-

       
	Delete(id int) error


     

       
10

       

       
-

       
}
+75 -122
internal/core/users/service.go 
···

       
1

       
1

       
 

       
package users


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import (


     

       

       
4

       
+

       
	"context"


     

       
4

       
5

       
 

       
	"fmt"


     

       

       
6

       
+

       
	"regexp"


     

       
5

       
7

       
 

       
	"strings"


     

       
6

       
8

       
 

       
)


     

       
7

       
9

       
 

       



     

       
8

       

       
-

       
type UserService struct {


     

       

       
10

       
+

       
// atProto handle validation regex


     

       

       
11

       
+

       
// Handles must: start/end with alphanumeric, contain only alphanumeric + hyphens, no consecutive hyphens


     

       

       
12

       
+

       
var handleRegex = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$`)


     

       

       
13

       
+

       



     

       

       
14

       
+

       
type userService struct {


     

       
9

       
15

       
 

       
	userRepo UserRepository


     

       

       
16

       
+

       
	pdsURL   string // TODO: Support federated PDS - different users may have different PDS hosts


     

       
10

       
17

       
 

       
}


     

       
11

       
18

       
 

       



     

       
12

       

       
-

       
func NewUserService(userRepo UserRepository) *UserService {


     

       
13

       

       
-

       
	return &UserService{


     

       

       
19

       
+

       
// NewUserService creates a new user service


     

       

       
20

       
+

       
func NewUserService(userRepo UserRepository, pdsURL string) UserService {


     

       

       
21

       
+

       
	return &userService{


     

       
14

       
22

       
 

       
		userRepo: userRepo,


     

       

       
23

       
+

       
		pdsURL:   pdsURL,


     

       
15

       
24

       
 

       
	}


     

       
16

       
25

       
 

       
}


     

       
17

       
26

       
 

       



     

       
18

       

       
-

       
func (s *UserService) CreateUser(req CreateUserRequest) (*User, error) {


     

       

       
27

       
+

       
// CreateUser creates a new user in the AppView database


     

       

       
28

       
+

       
func (s *userService) CreateUser(ctx context.Context, req CreateUserRequest) (*User, error) {


     

       
19

       
29

       
 

       
	if err := s.validateCreateRequest(req); err != nil {


     

       
20

       
30

       
 

       
		return nil, err


     

       
21

       
31

       
 

       
	}


     

       
22

       

       
-

       
	


     

       
23

       

       
-

       
	req.Email = strings.TrimSpace(strings.ToLower(req.Email))


     

       
24

       

       
-

       
	req.Username = strings.TrimSpace(req.Username)


     

       
25

       

       
-

       
	


     

       
26

       

       
-

       
	existingUser, _ := s.userRepo.GetByEmail(req.Email)


     

       
27

       

       
-

       
	if existingUser != nil {


     

       
28

       

       
-

       
		return nil, fmt.Errorf("service: email already exists")


     

       
29

       

       
-

       
	}


     

       
30

       

       
-

       
	


     

       
31

       

       
-

       
	existingUser, _ = s.userRepo.GetByUsername(req.Username)


     

       
32

       

       
-

       
	if existingUser != nil {


     

       
33

       

       
-

       
		return nil, fmt.Errorf("service: username already exists")


     

       
34

       

       
-

       
	}


     

       
35

       

       
-

       
	


     

       

       
32

       
+

       



     

       

       
33

       
+

       
	// Normalize handle


     

       

       
34

       
+

       
	req.Handle = strings.TrimSpace(strings.ToLower(req.Handle))


     

       

       
35

       
+

       
	req.DID = strings.TrimSpace(req.DID)


     

       

       
36

       
+

       



     

       
36

       
37

       
 

       
	user := &User{


     

       
37

       

       
-

       
		Email:    req.Email,


     

       
38

       

       
-

       
		Username: req.Username,


     

       

       
38

       
+

       
		DID:    req.DID,


     

       

       
39

       
+

       
		Handle: req.Handle,


     

       
39

       
40

       
 

       
	}


     

       
40

       

       
-

       
	


     

       
41

       

       
-

       
	return s.userRepo.Create(user)


     

       

       
41

       
+

       



     

       

       
42

       
+

       
	// Repository will handle duplicate constraint errors


     

       

       
43

       
+

       
	return s.userRepo.Create(ctx, user)


     

       
42

       
44

       
 

       
}


     

       
43

       
45

       
 

       



     

       
44

       

       
-

       
func (s *UserService) GetUserByID(id int) (*User, error) {


     

       
45

       

       
-

       
	if id <= 0 {


     

       
46

       

       
-

       
		return nil, fmt.Errorf("service: invalid user ID")


     

       

       
46

       
+

       
// GetUserByDID retrieves a user by their DID


     

       

       
47

       
+

       
func (s *userService) GetUserByDID(ctx context.Context, did string) (*User, error) {


     

       

       
48

       
+

       
	if strings.TrimSpace(did) == "" {


     

       

       
49

       
+

       
		return nil, fmt.Errorf("DID is required")


     

       
47

       
50

       
 

       
	}


     

       
48

       

       
-

       
	


     

       
49

       

       
-

       
	user, err := s.userRepo.GetByID(id)


     

       
50

       

       
-

       
	if err != nil {


     

       
51

       

       
-

       
		if strings.Contains(err.Error(), "not found") {


     

       
52

       

       
-

       
			return nil, fmt.Errorf("service: user not found")


     

       
53

       

       
-

       
		}


     

       
54

       

       
-

       
		return nil, fmt.Errorf("service: %w", err)


     

       
55

       

       
-

       
	}


     

       
56

       

       
-

       
	


     

       
57

       

       
-

       
	return user, nil


     

       

       
51

       
+

       



     

       

       
52

       
+

       
	return s.userRepo.GetByDID(ctx, did)


     

       
58

       
53

       
 

       
}


     

       
59

       
54

       
 

       



     

       
60

       

       
-

       
func (s *UserService) GetUserByEmail(email string) (*User, error) {


     

       
61

       

       
-

       
	email = strings.TrimSpace(strings.ToLower(email))


     

       
62

       

       
-

       
	if email == "" {


     

       
63

       

       
-

       
		return nil, fmt.Errorf("service: email is required")


     

       

       
55

       
+

       
// GetUserByHandle retrieves a user by their handle


     

       

       
56

       
+

       
func (s *userService) GetUserByHandle(ctx context.Context, handle string) (*User, error) {


     

       

       
57

       
+

       
	handle = strings.TrimSpace(strings.ToLower(handle))


     

       

       
58

       
+

       
	if handle == "" {


     

       

       
59

       
+

       
		return nil, fmt.Errorf("handle is required")


     

       
64

       
60

       
 

       
	}


     

       
65

       

       
-

       
	


     

       
66

       

       
-

       
	user, err := s.userRepo.GetByEmail(email)


     

       
67

       

       
-

       
	if err != nil {


     

       
68

       

       
-

       
		if strings.Contains(err.Error(), "not found") {


     

       
69

       

       
-

       
			return nil, fmt.Errorf("service: user not found")


     

       
70

       

       
-

       
		}


     

       
71

       

       
-

       
		return nil, fmt.Errorf("service: %w", err)


     

       
72

       

       
-

       
	}


     

       
73

       

       
-

       
	


     

       
74

       

       
-

       
	return user, nil


     

       

       
61

       
+

       



     

       

       
62

       
+

       
	return s.userRepo.GetByHandle(ctx, handle)


     

       
75

       
63

       
 

       
}


     

       
76

       
64

       
 

       



     

       
77

       

       
-

       
func (s *UserService) GetUserByUsername(username string) (*User, error) {


     

       
78

       

       
-

       
	username = strings.TrimSpace(username)


     

       
79

       

       
-

       
	if username == "" {


     

       
80

       

       
-

       
		return nil, fmt.Errorf("service: username is required")


     

       

       
65

       
+

       
// ResolveHandleToDID resolves a handle to a DID


     

       

       
66

       
+

       
// This is critical for login: users enter their handle, we resolve to DID


     

       

       
67

       
+

       
// TODO: Implement actual DNS/HTTPS resolution via atProto


     

       

       
68

       
+

       
func (s *userService) ResolveHandleToDID(ctx context.Context, handle string) (string, error) {


     

       

       
69

       
+

       
	handle = strings.TrimSpace(strings.ToLower(handle))


     

       

       
70

       
+

       
	if handle == "" {


     

       

       
71

       
+

       
		return "", fmt.Errorf("handle is required")


     

       
81

       
72

       
 

       
	}


     

       
82

       

       
-

       
	


     

       
83

       

       
-

       
	user, err := s.userRepo.GetByUsername(username)


     

       

       
73

       
+

       



     

       

       
74

       
+

       
	// For now, check if user exists in our AppView database


     

       

       
75

       
+

       
	// Later: implement DNS TXT record lookup or HTTPS .well-known/atproto-did


     

       

       
76

       
+

       
	user, err := s.userRepo.GetByHandle(ctx, handle)


     

       
84

       
77

       
 

       
	if err != nil {


     

       
85

       

       
-

       
		if strings.Contains(err.Error(), "not found") {


     

       
86

       

       
-

       
			return nil, fmt.Errorf("service: user not found")


     

       
87

       

       
-

       
		}


     

       
88

       

       
-

       
		return nil, fmt.Errorf("service: %w", err)


     

       

       
78

       
+

       
		return "", fmt.Errorf("failed to resolve handle %s: %w", handle, err)


     

       
89

       
79

       
 

       
	}


     

       
90

       

       
-

       
	


     

       
91

       

       
-

       
	return user, nil


     

       
92

       

       
-

       
}


     

       
93

       
80

       
 

       



     

       
94

       

       
-

       
func (s *UserService) UpdateUser(id int, req UpdateUserRequest) (*User, error) {


     

       
95

       

       
-

       
	user, err := s.GetUserByID(id)


     

       
96

       

       
-

       
	if err != nil {


     

       
97

       

       
-

       
		return nil, err


     

       
98

       

       
-

       
	}


     

       
99

       

       
-

       
	


     

       
100

       

       
-

       
	if req.Email != "" {


     

       
101

       

       
-

       
		req.Email = strings.TrimSpace(strings.ToLower(req.Email))


     

       
102

       

       
-

       
		if req.Email != user.Email {


     

       
103

       

       
-

       
			existingUser, _ := s.userRepo.GetByEmail(req.Email)


     

       
104

       

       
-

       
			if existingUser != nil && existingUser.ID != id {


     

       
105

       

       
-

       
				return nil, fmt.Errorf("service: email already exists")


     

       
106

       

       
-

       
			}


     

       
107

       

       
-

       
		}


     

       
108

       

       
-

       
		user.Email = req.Email


     

       
109

       

       
-

       
	}


     

       
110

       

       
-

       
	


     

       
111

       

       
-

       
	if req.Username != "" {


     

       
112

       

       
-

       
		req.Username = strings.TrimSpace(req.Username)


     

       
113

       

       
-

       
		if req.Username != user.Username {


     

       
114

       

       
-

       
			existingUser, _ := s.userRepo.GetByUsername(req.Username)


     

       
115

       

       
-

       
			if existingUser != nil && existingUser.ID != id {


     

       
116

       

       
-

       
				return nil, fmt.Errorf("service: username already exists")


     

       
117

       

       
-

       
			}


     

       
118

       

       
-

       
		}


     

       
119

       

       
-

       
		user.Username = req.Username


     

       
120

       

       
-

       
	}


     

       
121

       

       
-

       
	


     

       
122

       

       
-

       
	return s.userRepo.Update(user)


     

       

       
81

       
+

       
	return user.DID, nil


     

       
123

       
82

       
 

       
}


     

       
124

       
83

       
 

       



     

       
125

       

       
-

       
func (s *UserService) DeleteUser(id int) error {


     

       
126

       

       
-

       
	if id <= 0 {


     

       
127

       

       
-

       
		return fmt.Errorf("service: invalid user ID")


     

       

       
84

       
+

       
func (s *userService) validateCreateRequest(req CreateUserRequest) error {


     

       

       
85

       
+

       
	if strings.TrimSpace(req.DID) == "" {


     

       

       
86

       
+

       
		return fmt.Errorf("DID is required")


     

       
128

       
87

       
 

       
	}


     

       
129

       

       
-

       
	


     

       
130

       

       
-

       
	err := s.userRepo.Delete(id)


     

       
131

       

       
-

       
	if err != nil {


     

       
132

       

       
-

       
		if strings.Contains(err.Error(), "not found") {


     

       
133

       

       
-

       
			return fmt.Errorf("service: user not found")


     

       
134

       

       
-

       
		}


     

       
135

       

       
-

       
		return fmt.Errorf("service: %w", err)


     

       

       
88

       
+

       



     

       

       
89

       
+

       
	if strings.TrimSpace(req.Handle) == "" {


     

       

       
90

       
+

       
		return fmt.Errorf("handle is required")


     

       
136

       
91

       
 

       
	}


     

       
137

       

       
-

       
	


     

       
138

       

       
-

       
	return nil


     

       
139

       

       
-

       
}


     

       
140

       
92

       
 

       



     

       
141

       

       
-

       
func (s *UserService) validateCreateRequest(req CreateUserRequest) error {


     

       
142

       

       
-

       
	if strings.TrimSpace(req.Email) == "" {


     

       
143

       

       
-

       
		return fmt.Errorf("service: email is required")


     

       

       
93

       
+

       
	// DID format validation


     

       

       
94

       
+

       
	if !strings.HasPrefix(req.DID, "did:") {


     

       

       
95

       
+

       
		return fmt.Errorf("invalid DID format: must start with 'did:'")


     

       
144

       
96

       
 

       
	}


     

       
145

       

       
-

       
	


     

       
146

       

       
-

       
	if strings.TrimSpace(req.Username) == "" {


     

       
147

       

       
-

       
		return fmt.Errorf("service: username is required")


     

       

       
97

       
+

       



     

       

       
98

       
+

       
	// atProto handle validation


     

       

       
99

       
+

       
	handle := strings.TrimSpace(strings.ToLower(req.Handle))


     

       

       
100

       
+

       



     

       

       
101

       
+

       
	// Length validation (1-253 characters per atProto spec)


     

       

       
102

       
+

       
	if len(handle) < 1 || len(handle) > 253 {


     

       

       
103

       
+

       
		return fmt.Errorf("handle must be between 1 and 253 characters")


     

       
148

       
104

       
 

       
	}


     

       
149

       

       
-

       
	


     

       
150

       

       
-

       
	if !strings.Contains(req.Email, "@") {


     

       
151

       

       
-

       
		return fmt.Errorf("service: invalid email format")


     

       

       
105

       
+

       



     

       

       
106

       
+

       
	// Regex validation: alphanumeric + hyphens + dots, no consecutive hyphens


     

       

       
107

       
+

       
	if !handleRegex.MatchString(handle) {


     

       

       
108

       
+

       
		return fmt.Errorf("invalid handle format: must contain only alphanumeric characters, hyphens, and dots; must start and end with alphanumeric; no consecutive hyphens")


     

       
152

       
109

       
 

       
	}


     

       
153

       

       
-

       
	


     

       
154

       

       
-

       
	if len(req.Username) < 3 {


     

       
155

       

       
-

       
		return fmt.Errorf("service: username must be at least 3 characters")


     

       

       
110

       
+

       



     

       

       
111

       
+

       
	// Check for consecutive hyphens (not allowed in atProto)


     

       

       
112

       
+

       
	if strings.Contains(handle, "--") {


     

       

       
113

       
+

       
		return fmt.Errorf("invalid handle format: consecutive hyphens not allowed")


     

       
156

       
114

       
 

       
	}


     

       
157

       

       
-

       
	


     

       
158

       

       
-

       
	return nil


     

       
159

       

       
-

       
}


     

       
160

       
115

       
 

       



     

       
161

       

       
-

       
type UpdateUserRequest struct {


     

       
162

       

       
-

       
	Email    string `json:"email,omitempty"`


     

       
163

       

       
-

       
	Username string `json:"username,omitempty"`


     

       

       
116

       
+

       
	return nil


     

       
164

       
117

       
 

       
}
-272
internal/core/users/service_test.go 
···

       
1

       

       
-

       
package users_test


     

       
2

       

       
-

       



     

       
3

       

       
-

       
import (


     

       
4

       

       
-

       
	"fmt"


     

       
5

       

       
-

       
	"testing"


     

       
6

       

       
-

       
	"time"


     

       
7

       

       
-

       



     

       
8

       

       
-

       
	"Coves/internal/core/users"


     

       
9

       

       
-

       
)


     

       
10

       

       
-

       



     

       
11

       

       
-

       
type mockUserRepository struct {


     

       
12

       

       
-

       
	users      map[int]*users.User


     

       
13

       

       
-

       
	nextID     int


     

       
14

       

       
-

       
	shouldFail bool


     

       
15

       

       
-

       
}


     

       
16

       

       
-

       



     

       
17

       

       
-

       
func newMockUserRepository() *mockUserRepository {


     

       
18

       

       
-

       
	return &mockUserRepository{


     

       
19

       

       
-

       
		users:  make(map[int]*users.User),


     

       
20

       

       
-

       
		nextID: 1,


     

       
21

       

       
-

       
	}


     

       
22

       

       
-

       
}


     

       
23

       

       
-

       



     

       
24

       

       
-

       
func (m *mockUserRepository) Create(user *users.User) (*users.User, error) {


     

       
25

       

       
-

       
	if m.shouldFail {


     

       
26

       

       
-

       
		return nil, fmt.Errorf("mock: database error")


     

       
27

       

       
-

       
	}


     

       
28

       

       
-

       
	


     

       
29

       

       
-

       
	user.ID = m.nextID


     

       
30

       

       
-

       
	m.nextID++


     

       
31

       

       
-

       
	user.CreatedAt = time.Now()


     

       
32

       

       
-

       
	user.UpdatedAt = time.Now()


     

       
33

       

       
-

       
	


     

       
34

       

       
-

       
	m.users[user.ID] = user


     

       
35

       

       
-

       
	return user, nil


     

       
36

       

       
-

       
}


     

       
37

       

       
-

       



     

       
38

       

       
-

       
func (m *mockUserRepository) GetByID(id int) (*users.User, error) {


     

       
39

       

       
-

       
	if m.shouldFail {


     

       
40

       

       
-

       
		return nil, fmt.Errorf("mock: database error")


     

       
41

       

       
-

       
	}


     

       
42

       

       
-

       
	


     

       
43

       

       
-

       
	user, exists := m.users[id]


     

       
44

       

       
-

       
	if !exists {


     

       
45

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       
46

       

       
-

       
	}


     

       
47

       

       
-

       
	return user, nil


     

       
48

       

       
-

       
}


     

       
49

       

       
-

       



     

       
50

       

       
-

       
func (m *mockUserRepository) GetByEmail(email string) (*users.User, error) {


     

       
51

       

       
-

       
	if m.shouldFail {


     

       
52

       

       
-

       
		return nil, fmt.Errorf("mock: database error")


     

       
53

       

       
-

       
	}


     

       
54

       

       
-

       
	


     

       
55

       

       
-

       
	for _, user := range m.users {


     

       
56

       

       
-

       
		if user.Email == email {


     

       
57

       

       
-

       
			return user, nil


     

       
58

       

       
-

       
		}


     

       
59

       

       
-

       
	}


     

       
60

       

       
-

       
	return nil, fmt.Errorf("repository: user not found")


     

       
61

       

       
-

       
}


     

       
62

       

       
-

       



     

       
63

       

       
-

       
func (m *mockUserRepository) GetByUsername(username string) (*users.User, error) {


     

       
64

       

       
-

       
	if m.shouldFail {


     

       
65

       

       
-

       
		return nil, fmt.Errorf("mock: database error")


     

       
66

       

       
-

       
	}


     

       
67

       

       
-

       
	


     

       
68

       

       
-

       
	for _, user := range m.users {


     

       
69

       

       
-

       
		if user.Username == username {


     

       
70

       

       
-

       
			return user, nil


     

       
71

       

       
-

       
		}


     

       
72

       

       
-

       
	}


     

       
73

       

       
-

       
	return nil, fmt.Errorf("repository: user not found")


     

       
74

       

       
-

       
}


     

       
75

       

       
-

       



     

       
76

       

       
-

       
func (m *mockUserRepository) Update(user *users.User) (*users.User, error) {


     

       
77

       

       
-

       
	if m.shouldFail {


     

       
78

       

       
-

       
		return nil, fmt.Errorf("mock: database error")


     

       
79

       

       
-

       
	}


     

       
80

       

       
-

       
	


     

       
81

       

       
-

       
	if _, exists := m.users[user.ID]; !exists {


     

       
82

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       
83

       

       
-

       
	}


     

       
84

       

       
-

       
	


     

       
85

       

       
-

       
	user.UpdatedAt = time.Now()


     

       
86

       

       
-

       
	m.users[user.ID] = user


     

       
87

       

       
-

       
	return user, nil


     

       
88

       

       
-

       
}


     

       
89

       

       
-

       



     

       
90

       

       
-

       
func (m *mockUserRepository) Delete(id int) error {


     

       
91

       

       
-

       
	if m.shouldFail {


     

       
92

       

       
-

       
		return fmt.Errorf("mock: database error")


     

       
93

       

       
-

       
	}


     

       
94

       

       
-

       
	


     

       
95

       

       
-

       
	if _, exists := m.users[id]; !exists {


     

       
96

       

       
-

       
		return fmt.Errorf("repository: user not found")


     

       
97

       

       
-

       
	}


     

       
98

       

       
-

       
	


     

       
99

       

       
-

       
	delete(m.users, id)


     

       
100

       

       
-

       
	return nil


     

       
101

       

       
-

       
}


     

       
102

       

       
-

       



     

       
103

       

       
-

       
func TestCreateUser(t *testing.T) {


     

       
104

       

       
-

       
	repo := newMockUserRepository()


     

       
105

       

       
-

       
	service := users.NewUserService(repo)


     

       
106

       

       
-

       
	


     

       
107

       

       
-

       
	tests := []struct {


     

       
108

       

       
-

       
		name    string


     

       
109

       

       
-

       
		req     users.CreateUserRequest


     

       
110

       

       
-

       
		wantErr bool


     

       
111

       

       
-

       
		errMsg  string


     

       
112

       

       
-

       
	}{


     

       
113

       

       
-

       
		{


     

       
114

       

       
-

       
			name: "valid user",


     

       
115

       

       
-

       
			req: users.CreateUserRequest{


     

       
116

       

       
-

       
				Email:    "test@example.com",


     

       
117

       

       
-

       
				Username: "testuser",


     

       
118

       

       
-

       
			},


     

       
119

       

       
-

       
			wantErr: false,


     

       
120

       

       
-

       
		},


     

       
121

       

       
-

       
		{


     

       
122

       

       
-

       
			name: "empty email",


     

       
123

       

       
-

       
			req: users.CreateUserRequest{


     

       
124

       

       
-

       
				Email:    "",


     

       
125

       

       
-

       
				Username: "testuser",


     

       
126

       

       
-

       
			},


     

       
127

       

       
-

       
			wantErr: true,


     

       
128

       

       
-

       
			errMsg:  "email is required",


     

       
129

       

       
-

       
		},


     

       
130

       

       
-

       
		{


     

       
131

       

       
-

       
			name: "empty username",


     

       
132

       

       
-

       
			req: users.CreateUserRequest{


     

       
133

       

       
-

       
				Email:    "test@example.com",


     

       
134

       

       
-

       
				Username: "",


     

       
135

       

       
-

       
			},


     

       
136

       

       
-

       
			wantErr: true,


     

       
137

       

       
-

       
			errMsg:  "username is required",


     

       
138

       

       
-

       
		},


     

       
139

       

       
-

       
		{


     

       
140

       

       
-

       
			name: "invalid email format",


     

       
141

       

       
-

       
			req: users.CreateUserRequest{


     

       
142

       

       
-

       
				Email:    "invalidemail",


     

       
143

       

       
-

       
				Username: "testuser",


     

       
144

       

       
-

       
			},


     

       
145

       

       
-

       
			wantErr: true,


     

       
146

       

       
-

       
			errMsg:  "invalid email format",


     

       
147

       

       
-

       
		},


     

       
148

       

       
-

       
		{


     

       
149

       

       
-

       
			name: "short username",


     

       
150

       

       
-

       
			req: users.CreateUserRequest{


     

       
151

       

       
-

       
				Email:    "test@example.com",


     

       
152

       

       
-

       
				Username: "ab",


     

       
153

       

       
-

       
			},


     

       
154

       

       
-

       
			wantErr: true,


     

       
155

       

       
-

       
			errMsg:  "username must be at least 3 characters",


     

       
156

       

       
-

       
		},


     

       
157

       

       
-

       
	}


     

       
158

       

       
-

       
	


     

       
159

       

       
-

       
	for _, tt := range tests {


     

       
160

       

       
-

       
		t.Run(tt.name, func(t *testing.T) {


     

       
161

       

       
-

       
			user, err := service.CreateUser(tt.req)


     

       
162

       

       
-

       
			


     

       
163

       

       
-

       
			if tt.wantErr {


     

       
164

       

       
-

       
				if err == nil {


     

       
165

       

       
-

       
					t.Errorf("expected error but got none")


     

       
166

       

       
-

       
				} else if tt.errMsg != "" && err.Error() != "service: "+tt.errMsg {


     

       
167

       

       
-

       
					t.Errorf("expected error message '%s' but got '%s'", tt.errMsg, err.Error())


     

       
168

       

       
-

       
				}


     

       
169

       

       
-

       
			} else {


     

       
170

       

       
-

       
				if err != nil {


     

       
171

       

       
-

       
					t.Errorf("unexpected error: %v", err)


     

       
172

       

       
-

       
				}


     

       
173

       

       
-

       
				if user == nil {


     

       
174

       

       
-

       
					t.Errorf("expected user but got nil")


     

       
175

       

       
-

       
				}


     

       
176

       

       
-

       
			}


     

       
177

       

       
-

       
		})


     

       
178

       

       
-

       
	}


     

       
179

       

       
-

       
}


     

       
180

       

       
-

       



     

       
181

       

       
-

       
func TestCreateUserDuplicates(t *testing.T) {


     

       
182

       

       
-

       
	repo := newMockUserRepository()


     

       
183

       

       
-

       
	service := users.NewUserService(repo)


     

       
184

       

       
-

       
	


     

       
185

       

       
-

       
	req := users.CreateUserRequest{


     

       
186

       

       
-

       
		Email:    "test@example.com",


     

       
187

       

       
-

       
		Username: "testuser",


     

       
188

       

       
-

       
	}


     

       
189

       

       
-

       
	


     

       
190

       

       
-

       
	_, err := service.CreateUser(req)


     

       
191

       

       
-

       
	if err != nil {


     

       
192

       

       
-

       
		t.Fatalf("unexpected error creating first user: %v", err)


     

       
193

       

       
-

       
	}


     

       
194

       

       
-

       
	


     

       
195

       

       
-

       
	_, err = service.CreateUser(req)


     

       
196

       

       
-

       
	if err == nil {


     

       
197

       

       
-

       
		t.Errorf("expected error for duplicate email but got none")


     

       
198

       

       
-

       
	} else if err.Error() != "service: email already exists" {


     

       
199

       

       
-

       
		t.Errorf("unexpected error message: %v", err)


     

       
200

       

       
-

       
	}


     

       
201

       

       
-

       
	


     

       
202

       

       
-

       
	req2 := users.CreateUserRequest{


     

       
203

       

       
-

       
		Email:    "different@example.com",


     

       
204

       

       
-

       
		Username: "testuser",


     

       
205

       

       
-

       
	}


     

       
206

       

       
-

       
	


     

       
207

       

       
-

       
	_, err = service.CreateUser(req2)


     

       
208

       

       
-

       
	if err == nil {


     

       
209

       

       
-

       
		t.Errorf("expected error for duplicate username but got none")


     

       
210

       

       
-

       
	} else if err.Error() != "service: username already exists" {


     

       
211

       

       
-

       
		t.Errorf("unexpected error message: %v", err)


     

       
212

       

       
-

       
	}


     

       
213

       

       
-

       
}


     

       
214

       

       
-

       



     

       
215

       

       
-

       
func TestGetUserByID(t *testing.T) {


     

       
216

       

       
-

       
	repo := newMockUserRepository()


     

       
217

       

       
-

       
	service := users.NewUserService(repo)


     

       
218

       

       
-

       
	


     

       
219

       

       
-

       
	createdUser, err := service.CreateUser(users.CreateUserRequest{


     

       
220

       

       
-

       
		Email:    "test@example.com",


     

       
221

       

       
-

       
		Username: "testuser",


     

       
222

       

       
-

       
	})


     

       
223

       

       
-

       
	if err != nil {


     

       
224

       

       
-

       
		t.Fatalf("failed to create user: %v", err)


     

       
225

       

       
-

       
	}


     

       
226

       

       
-

       
	


     

       
227

       

       
-

       
	tests := []struct {


     

       
228

       

       
-

       
		name    string


     

       
229

       

       
-

       
		id      int


     

       
230

       

       
-

       
		wantErr bool


     

       
231

       

       
-

       
		errMsg  string


     

       
232

       

       
-

       
	}{


     

       
233

       

       
-

       
		{


     

       
234

       

       
-

       
			name:    "valid ID",


     

       
235

       

       
-

       
			id:      createdUser.ID,


     

       
236

       

       
-

       
			wantErr: false,


     

       
237

       

       
-

       
		},


     

       
238

       

       
-

       
		{


     

       
239

       

       
-

       
			name:    "invalid ID",


     

       
240

       

       
-

       
			id:      0,


     

       
241

       

       
-

       
			wantErr: true,


     

       
242

       

       
-

       
			errMsg:  "invalid user ID",


     

       
243

       

       
-

       
		},


     

       
244

       

       
-

       
		{


     

       
245

       

       
-

       
			name:    "non-existent ID",


     

       
246

       

       
-

       
			id:      999,


     

       
247

       

       
-

       
			wantErr: true,


     

       
248

       

       
-

       
			errMsg:  "user not found",


     

       
249

       

       
-

       
		},


     

       
250

       

       
-

       
	}


     

       
251

       

       
-

       
	


     

       
252

       

       
-

       
	for _, tt := range tests {


     

       
253

       

       
-

       
		t.Run(tt.name, func(t *testing.T) {


     

       
254

       

       
-

       
			user, err := service.GetUserByID(tt.id)


     

       
255

       

       
-

       
			


     

       
256

       

       
-

       
			if tt.wantErr {


     

       
257

       

       
-

       
				if err == nil {


     

       
258

       

       
-

       
					t.Errorf("expected error but got none")


     

       
259

       

       
-

       
				} else if tt.errMsg != "" && err.Error() != "service: "+tt.errMsg {


     

       
260

       

       
-

       
					t.Errorf("expected error message '%s' but got '%s'", tt.errMsg, err.Error())


     

       
261

       

       
-

       
				}


     

       
262

       

       
-

       
			} else {


     

       
263

       

       
-

       
				if err != nil {


     

       
264

       

       
-

       
					t.Errorf("unexpected error: %v", err)


     

       
265

       

       
-

       
				}


     

       
266

       

       
-

       
				if user == nil {


     

       
267

       

       
-

       
					t.Errorf("expected user but got nil")


     

       
268

       

       
-

       
				}


     

       
269

       

       
-

       
			}


     

       
270

       

       
-

       
		})


     

       
271

       

       
-

       
	}


     

       
272

       

       
-

       
}
+10 -7
internal/core/users/user.go 
···

       
4

       
4

       
 

       
	"time"


     

       
5

       
5

       
 

       
)


     

       
6

       
6

       
 

       



     

       

       
7

       
+

       
// User represents an atProto user tracked in the Coves AppView


     

       

       
8

       
+

       
// This is NOT the user's repository - that lives in the PDS


     

       

       
9

       
+

       
// This table only tracks metadata for efficient AppView queries


     

       
7

       
10

       
 

       
type User struct {


     

       
8

       

       
-

       
	ID        int       `json:"id" db:"id"`


     

       
9

       

       
-

       
	Email     string    `json:"email" db:"email"`


     

       
10

       

       
-

       
	Username  string    `json:"username" db:"username"`


     

       
11

       

       
-

       
	CreatedAt time.Time `json:"created_at" db:"created_at"`


     

       
12

       

       
-

       
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`


     

       

       
11

       
+

       
	DID       string    `json:"did" db:"did"`           // atProto DID (e.g., did:plc:xyz123)


     

       

       
12

       
+

       
	Handle    string    `json:"handle" db:"handle"`     // Human-readable handle (e.g., alice.coves.dev)


     

       

       
13

       
+

       
	CreatedAt time.Time `json:"createdAt" db:"created_at"`


     

       

       
14

       
+

       
	UpdatedAt time.Time `json:"updatedAt" db:"updated_at"`


     

       
13

       
15

       
 

       
}


     

       
14

       
16

       
 

       



     

       

       
17

       
+

       
// CreateUserRequest represents the input for creating a new user


     

       
15

       
18

       
 

       
type CreateUserRequest struct {


     

       
16

       

       
-

       
	Email    string `json:"email"`


     

       
17

       

       
-

       
	Username string `json:"username"`


     

       

       
19

       
+

       
	DID    string `json:"did"`


     

       

       
20

       
+

       
	Handle string `json:"handle"`


     

       
18

       
21

       
 

       
}
+7 -6
internal/db/migrations/001_create_users_table.sql 
···

       
1

       
1

       
 

       
-- +goose Up


     

       

       
2

       
+

       
-- Create main users table for Coves (all users are atProto users)


     

       
2

       
3

       
 

       
CREATE TABLE users (


     

       
3

       

       
-

       
    id SERIAL PRIMARY KEY,


     

       
4

       

       
-

       
    email VARCHAR(255) UNIQUE NOT NULL,


     

       
5

       

       
-

       
    username VARCHAR(50) UNIQUE NOT NULL,


     

       

       
4

       
+

       
    did TEXT PRIMARY KEY,


     

       

       
5

       
+

       
    handle TEXT UNIQUE NOT NULL,


     

       
6

       
6

       
 

       
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,


     

       
7

       
7

       
 

       
    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP


     

       
8

       
8

       
 

       
);


     

       
9

       
9

       
 

       



     

       
10

       

       
-

       
CREATE INDEX idx_users_email ON users(email);


     

       
11

       

       
-

       
CREATE INDEX idx_users_username ON users(username);


     

       

       
10

       
+

       
-- Indexes for efficient lookups


     

       

       
11

       
+

       
CREATE INDEX idx_users_handle ON users(handle);


     

       

       
12

       
+

       
CREATE INDEX idx_users_created_at ON users(created_at);


     

       
12

       
13

       
 

       



     

       
13

       
14

       
 

       
-- +goose Down


     

       
14

       

       
-

       
DROP TABLE users;

     

       

       
15

       
+

       
DROP TABLE users;
-32
internal/db/migrations/005_add_user_maps_indices.sql 
···

       
1

       

       
-

       
-- +goose Up


     

       
2

       

       
-

       
-- +goose StatementBegin


     

       
3

       

       
-

       



     

       
4

       

       
-

       
-- Note: The user_maps table is created by GORM's AutoMigrate in the carstore package


     

       
5

       

       
-

       
-- Only add indices if the table exists


     

       
6

       

       
-

       
DO $$


     

       
7

       

       
-

       
BEGIN


     

       
8

       

       
-

       
    -- Check if user_maps table exists


     

       
9

       

       
-

       
    IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = 'user_maps') THEN


     

       
10

       

       
-

       
        -- Check if column exists before creating index


     

       
11

       

       
-

       
        IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'user_maps' AND column_name = 'did') THEN


     

       
12

       

       
-

       
            -- Explicit column name specified in GORM tag


     

       
13

       

       
-

       
            CREATE INDEX IF NOT EXISTS idx_user_maps_did ON user_maps(did);


     

       
14

       

       
-

       
        END IF;


     

       
15

       

       
-

       
        


     

       
16

       

       
-

       
        -- Add index on created_at if column exists


     

       
17

       

       
-

       
        IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'user_maps' AND column_name = 'created_at') THEN


     

       
18

       

       
-

       
            CREATE INDEX IF NOT EXISTS idx_user_maps_created_at ON user_maps(created_at);


     

       
19

       

       
-

       
        END IF;


     

       
20

       

       
-

       
    END IF;


     

       
21

       

       
-

       
END $$;


     

       
22

       

       
-

       



     

       
23

       

       
-

       
-- +goose StatementEnd


     

       
24

       

       
-

       



     

       
25

       

       
-

       
-- +goose Down


     

       
26

       

       
-

       
-- +goose StatementBegin


     

       
27

       

       
-

       



     

       
28

       

       
-

       
-- Remove indices if they exist


     

       
29

       

       
-

       
DROP INDEX IF EXISTS idx_user_maps_did;


     

       
30

       

       
-

       
DROP INDEX IF EXISTS idx_user_maps_created_at;


     

       
31

       

       
-

       



     

       
32

       

       
-

       
-- +goose StatementEnd
+36 -78
internal/db/postgres/user_repo.go 
···

       
1

       
1

       
 

       
package postgres


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import (


     

       

       
4

       
+

       
	"context"


     

       
4

       
5

       
 

       
	"database/sql"


     

       
5

       
6

       
 

       
	"fmt"


     

       

       
7

       
+

       
	"strings"


     

       
6

       
8

       
 

       



     

       
7

       
9

       
 

       
	"Coves/internal/core/users"


     

       
8

       
10

       
 

       
)


     

       
9

       
11

       
 

       



     

       
10

       

       
-

       
type PostgresUserRepo struct {


     

       

       
12

       
+

       
type postgresUserRepo struct {


     

       
11

       
13

       
 

       
	db *sql.DB


     

       
12

       
14

       
 

       
}


     

       
13

       
15

       
 

       



     

       

       
16

       
+

       
// NewUserRepository creates a new PostgreSQL user repository


     

       
14

       
17

       
 

       
func NewUserRepository(db *sql.DB) users.UserRepository {


     

       
15

       

       
-

       
	return &PostgresUserRepo{db: db}


     

       

       
18

       
+

       
	return &postgresUserRepo{db: db}


     

       
16

       
19

       
 

       
}


     

       
17

       
20

       
 

       



     

       
18

       

       
-

       
func (r *PostgresUserRepo) Create(user *users.User) (*users.User, error) {


     

       

       
21

       
+

       
// Create inserts a new user into the users table


     

       

       
22

       
+

       
func (r *postgresUserRepo) Create(ctx context.Context, user *users.User) (*users.User, error) {


     

       
19

       
23

       
 

       
	query := `


     

       
20

       

       
-

       
		INSERT INTO users (email, username) 


     

       
21

       

       
-

       
		VALUES ($1, $2) 


     

       
22

       

       
-

       
		RETURNING id, email, username, created_at, updated_at`


     

       

       
24

       
+

       
		INSERT INTO users (did, handle)


     

       

       
25

       
+

       
		VALUES ($1, $2)


     

       

       
26

       
+

       
		RETURNING did, handle, created_at, updated_at`


     

       
23

       
27

       
 

       



     

       
24

       

       
-

       
	err := r.db.QueryRow(query, user.Email, user.Username).


     

       
25

       

       
-

       
		Scan(&user.ID, &user.Email, &user.Username, &user.CreatedAt, &user.UpdatedAt)


     

       

       
28

       
+

       
	err := r.db.QueryRowContext(ctx, query, user.DID, user.Handle).


     

       

       
29

       
+

       
		Scan(&user.DID, &user.Handle, &user.CreatedAt, &user.UpdatedAt)


     

       
26

       
30

       
 

       



     

       
27

       
31

       
 

       
	if err != nil {


     

       
28

       

       
-

       
		return nil, fmt.Errorf("repository: failed to create user: %w", err)


     

       
29

       

       
-

       
	}


     

       
30

       

       
-

       



     

       
31

       

       
-

       
	return user, nil


     

       
32

       

       
-

       
}


     

       
33

       

       
-

       



     

       
34

       

       
-

       
func (r *PostgresUserRepo) GetByID(id int) (*users.User, error) {


     

       
35

       

       
-

       
	user := &users.User{}


     

       
36

       

       
-

       
	query := `SELECT id, email, username, created_at, updated_at FROM users WHERE id = $1`


     

       
37

       

       
-

       



     

       
38

       

       
-

       
	err := r.db.QueryRow(query, id).


     

       
39

       

       
-

       
		Scan(&user.ID, &user.Email, &user.Username, &user.CreatedAt, &user.UpdatedAt)


     

       
40

       

       
-

       



     

       
41

       

       
-

       
	if err == sql.ErrNoRows {


     

       
42

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       
43

       

       
-

       
	}


     

       
44

       

       
-

       
	if err != nil {


     

       
45

       

       
-

       
		return nil, fmt.Errorf("repository: failed to get user: %w", err)


     

       

       
32

       
+

       
		// Check for unique constraint violations


     

       

       
33

       
+

       
		if strings.Contains(err.Error(), "duplicate key") {


     

       

       
34

       
+

       
			if strings.Contains(err.Error(), "users_pkey") {


     

       

       
35

       
+

       
				return nil, fmt.Errorf("user with DID already exists")


     

       

       
36

       
+

       
			}


     

       

       
37

       
+

       
			if strings.Contains(err.Error(), "users_handle_key") {


     

       

       
38

       
+

       
				return nil, fmt.Errorf("handle already taken")


     

       

       
39

       
+

       
			}


     

       

       
40

       
+

       
		}


     

       

       
41

       
+

       
		return nil, fmt.Errorf("failed to create user: %w", err)


     

       
46

       
42

       
 

       
	}


     

       
47

       
43

       
 

       



     

       
48

       
44

       
 

       
	return user, nil


     

       
49

       
45

       
 

       
}


     

       
50

       
46

       
 

       



     

       
51

       

       
-

       
func (r *PostgresUserRepo) GetByEmail(email string) (*users.User, error) {


     

       

       
47

       
+

       
// GetByDID retrieves a user by their DID


     

       

       
48

       
+

       
func (r *postgresUserRepo) GetByDID(ctx context.Context, did string) (*users.User, error) {


     

       
52

       
49

       
 

       
	user := &users.User{}


     

       
53

       

       
-

       
	query := `SELECT id, email, username, created_at, updated_at FROM users WHERE email = $1`


     

       

       
50

       
+

       
	query := `SELECT did, handle, created_at, updated_at FROM users WHERE did = $1`


     

       
54

       
51

       
 

       



     

       
55

       

       
-

       
	err := r.db.QueryRow(query, email).


     

       
56

       

       
-

       
		Scan(&user.ID, &user.Email, &user.Username, &user.CreatedAt, &user.UpdatedAt)


     

       

       
52

       
+

       
	err := r.db.QueryRowContext(ctx, query, did).


     

       

       
53

       
+

       
		Scan(&user.DID, &user.Handle, &user.CreatedAt, &user.UpdatedAt)


     

       
57

       
54

       
 

       



     

       
58

       
55

       
 

       
	if err == sql.ErrNoRows {


     

       
59

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       

       
56

       
+

       
		return nil, fmt.Errorf("user not found")


     

       
60

       
57

       
 

       
	}


     

       
61

       
58

       
 

       
	if err != nil {


     

       
62

       

       
-

       
		return nil, fmt.Errorf("repository: failed to get user by email: %w", err)


     

       

       
59

       
+

       
		return nil, fmt.Errorf("failed to get user by DID: %w", err)


     

       
63

       
60

       
 

       
	}


     

       
64

       
61

       
 

       



     

       
65

       
62

       
 

       
	return user, nil


     

       
66

       
63

       
 

       
}


     

       
67

       
64

       
 

       



     

       
68

       

       
-

       
func (r *PostgresUserRepo) GetByUsername(username string) (*users.User, error) {


     

       

       
65

       
+

       
// GetByHandle retrieves a user by their handle


     

       

       
66

       
+

       
func (r *postgresUserRepo) GetByHandle(ctx context.Context, handle string) (*users.User, error) {


     

       
69

       
67

       
 

       
	user := &users.User{}


     

       
70

       

       
-

       
	query := `SELECT id, email, username, created_at, updated_at FROM users WHERE username = $1`


     

       

       
68

       
+

       
	query := `SELECT did, handle, created_at, updated_at FROM users WHERE handle = $1`


     

       
71

       
69

       
 

       



     

       
72

       

       
-

       
	err := r.db.QueryRow(query, username).


     

       
73

       

       
-

       
		Scan(&user.ID, &user.Email, &user.Username, &user.CreatedAt, &user.UpdatedAt)


     

       

       
70

       
+

       
	err := r.db.QueryRowContext(ctx, query, handle).


     

       

       
71

       
+

       
		Scan(&user.DID, &user.Handle, &user.CreatedAt, &user.UpdatedAt)


     

       
74

       
72

       
 

       



     

       
75

       
73

       
 

       
	if err == sql.ErrNoRows {


     

       
76

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       

       
74

       
+

       
		return nil, fmt.Errorf("user not found")


     

       
77

       
75

       
 

       
	}


     

       
78

       
76

       
 

       
	if err != nil {


     

       
79

       

       
-

       
		return nil, fmt.Errorf("repository: failed to get user by username: %w", err)


     

       

       
77

       
+

       
		return nil, fmt.Errorf("failed to get user by handle: %w", err)


     

       
80

       
78

       
 

       
	}


     

       
81

       
79

       
 

       



     

       
82

       
80

       
 

       
	return user, nil


     

       
83

       
81

       
 

       
}


     

       
84

       

       
-

       



     

       
85

       

       
-

       
func (r *PostgresUserRepo) Update(user *users.User) (*users.User, error) {


     

       
86

       

       
-

       
	query := `


     

       
87

       

       
-

       
		UPDATE users 


     

       
88

       

       
-

       
		SET email = $2, username = $3, updated_at = CURRENT_TIMESTAMP


     

       
89

       

       
-

       
		WHERE id = $1


     

       
90

       

       
-

       
		RETURNING id, email, username, created_at, updated_at`


     

       
91

       

       
-

       



     

       
92

       

       
-

       
	err := r.db.QueryRow(query, user.ID, user.Email, user.Username).


     

       
93

       

       
-

       
		Scan(&user.ID, &user.Email, &user.Username, &user.CreatedAt, &user.UpdatedAt)


     

       
94

       

       
-

       



     

       
95

       

       
-

       
	if err == sql.ErrNoRows {


     

       
96

       

       
-

       
		return nil, fmt.Errorf("repository: user not found")


     

       
97

       

       
-

       
	}


     

       
98

       

       
-

       
	if err != nil {


     

       
99

       

       
-

       
		return nil, fmt.Errorf("repository: failed to update user: %w", err)


     

       
100

       

       
-

       
	}


     

       
101

       

       
-

       



     

       
102

       

       
-

       
	return user, nil


     

       
103

       

       
-

       
}


     

       
104

       

       
-

       



     

       
105

       

       
-

       
func (r *PostgresUserRepo) Delete(id int) error {


     

       
106

       

       
-

       
	query := `DELETE FROM users WHERE id = $1`


     

       
107

       

       
-

       



     

       
108

       

       
-

       
	result, err := r.db.Exec(query, id)


     

       
109

       

       
-

       
	if err != nil {


     

       
110

       

       
-

       
		return fmt.Errorf("repository: failed to delete user: %w", err)


     

       
111

       

       
-

       
	}


     

       
112

       

       
-

       



     

       
113

       

       
-

       
	rowsAffected, err := result.RowsAffected()


     

       
114

       

       
-

       
	if err != nil {


     

       
115

       

       
-

       
		return fmt.Errorf("repository: failed to get rows affected: %w", err)


     

       
116

       

       
-

       
	}


     

       
117

       

       
-

       



     

       
118

       

       
-

       
	if rowsAffected == 0 {


     

       
119

       

       
-

       
		return fmt.Errorf("repository: user not found")


     

       
120

       

       
-

       
	}


     

       
121

       

       
-

       



     

       
122

       

       
-

       
	return nil


     

       
123

       

       
-

       
}
+299 -30
tests/integration/integration_test.go 
···

       
1

       
1

       
 

       
package integration


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
import (


     

       
4

       

       
-

       
	"Coves/internal/core/users"


     

       
5

       

       
-

       
	"Coves/internal/db/postgres"


     

       
6

       

       
-

       
	"bytes"


     

       

       
4

       
+

       
	"context"


     

       
7

       
5

       
 

       
	"database/sql"


     

       
8

       
6

       
 

       
	"encoding/json"


     

       
9

       
7

       
 

       
	"fmt"


     

       
10

       
8

       
 

       
	"net/http"


     

       
11

       
9

       
 

       
	"net/http/httptest"


     

       
12

       
10

       
 

       
	"os"


     

       

       
11

       
+

       
	"strings"


     

       
13

       
12

       
 

       
	"testing"


     

       
14

       
13

       
 

       



     

       
15

       
14

       
 

       
	"github.com/go-chi/chi/v5"


     
···

       
17

       
16

       
 

       
	"github.com/pressly/goose/v3"


     

       
18

       
17

       
 

       



     

       
19

       
18

       
 

       
	"Coves/internal/api/routes"


     

       

       
19

       
+

       
	"Coves/internal/core/users"


     

       

       
20

       
+

       
	"Coves/internal/db/postgres"


     

       
20

       
21

       
 

       
)


     

       
21

       
22

       
 

       



     

       
22

       
23

       
 

       
func setupTestDB(t *testing.T) *sql.DB {


     

       
23

       
24

       
 

       
	// Build connection string from environment variables (set by .env.dev)


     

       
24

       

       
-

       
	// These are loaded by the Makefile when running tests


     

       
25

       
25

       
 

       
	testUser := os.Getenv("POSTGRES_TEST_USER")


     

       
26

       
26

       
 

       
	testPassword := os.Getenv("POSTGRES_TEST_PASSWORD")


     

       
27

       
27

       
 

       
	testPort := os.Getenv("POSTGRES_TEST_PORT")


     
···

       
62

       
62

       
 

       
	}


     

       
63

       
63

       
 

       



     

       
64

       
64

       
 

       
	// Clean up any existing test data


     

       
65

       

       
-

       
	_, err = db.Exec("DELETE FROM users WHERE email LIKE '%@example.com'")


     

       

       
65

       
+

       
	_, err = db.Exec("DELETE FROM users WHERE handle LIKE '%.test'")


     

       
66

       
66

       
 

       
	if err != nil {


     

       
67

       
67

       
 

       
		t.Logf("Warning: Failed to clean up test data: %v", err)


     

       
68

       
68

       
 

       
	}


     
···

       
70

       
70

       
 

       
	return db


     

       
71

       
71

       
 

       
}


     

       
72

       
72

       
 

       



     

       
73

       

       
-

       
func TestCreateUser(t *testing.T) {


     

       

       
73

       
+

       
func TestUserCreationAndRetrieval(t *testing.T) {


     

       

       
74

       
+

       
	db := setupTestDB(t)


     

       

       
75

       
+

       
	defer db.Close()


     

       

       
76

       
+

       



     

       

       
77

       
+

       
	// Wire up dependencies


     

       

       
78

       
+

       
	userRepo := postgres.NewUserRepository(db)


     

       

       
79

       
+

       
	userService := users.NewUserService(userRepo, "http://localhost:3001")


     

       

       
80

       
+

       



     

       

       
81

       
+

       
	ctx := context.Background()


     

       

       
82

       
+

       



     

       

       
83

       
+

       
	// Test 1: Create a user


     

       

       
84

       
+

       
	t.Run("Create User", func(t *testing.T) {


     

       

       
85

       
+

       
		req := users.CreateUserRequest{


     

       

       
86

       
+

       
			DID:    "did:plc:test123456",


     

       

       
87

       
+

       
			Handle: "alice.test",


     

       

       
88

       
+

       
		}


     

       

       
89

       
+

       



     

       

       
90

       
+

       
		user, err := userService.CreateUser(ctx, req)


     

       

       
91

       
+

       
		if err != nil {


     

       

       
92

       
+

       
			t.Fatalf("Failed to create user: %v", err)


     

       

       
93

       
+

       
		}


     

       

       
94

       
+

       



     

       

       
95

       
+

       
		if user.DID != req.DID {


     

       

       
96

       
+

       
			t.Errorf("Expected DID %s, got %s", req.DID, user.DID)


     

       

       
97

       
+

       
		}


     

       

       
98

       
+

       



     

       

       
99

       
+

       
		if user.Handle != req.Handle {


     

       

       
100

       
+

       
			t.Errorf("Expected handle %s, got %s", req.Handle, user.Handle)


     

       

       
101

       
+

       
		}


     

       

       
102

       
+

       



     

       

       
103

       
+

       
		if user.CreatedAt.IsZero() {


     

       

       
104

       
+

       
			t.Error("CreatedAt should not be zero")


     

       

       
105

       
+

       
		}


     

       

       
106

       
+

       
	})


     

       

       
107

       
+

       



     

       

       
108

       
+

       
	// Test 2: Retrieve user by DID


     

       

       
109

       
+

       
	t.Run("Get User By DID", func(t *testing.T) {


     

       

       
110

       
+

       
		user, err := userService.GetUserByDID(ctx, "did:plc:test123456")


     

       

       
111

       
+

       
		if err != nil {


     

       

       
112

       
+

       
			t.Fatalf("Failed to get user by DID: %v", err)


     

       

       
113

       
+

       
		}


     

       

       
114

       
+

       



     

       

       
115

       
+

       
		if user.Handle != "alice.test" {


     

       

       
116

       
+

       
			t.Errorf("Expected handle alice.test, got %s", user.Handle)


     

       

       
117

       
+

       
		}


     

       

       
118

       
+

       
	})


     

       

       
119

       
+

       



     

       

       
120

       
+

       
	// Test 3: Retrieve user by handle


     

       

       
121

       
+

       
	t.Run("Get User By Handle", func(t *testing.T) {


     

       

       
122

       
+

       
		user, err := userService.GetUserByHandle(ctx, "alice.test")


     

       

       
123

       
+

       
		if err != nil {


     

       

       
124

       
+

       
			t.Fatalf("Failed to get user by handle: %v", err)


     

       

       
125

       
+

       
		}


     

       

       
126

       
+

       



     

       

       
127

       
+

       
		if user.DID != "did:plc:test123456" {


     

       

       
128

       
+

       
			t.Errorf("Expected DID did:plc:test123456, got %s", user.DID)


     

       

       
129

       
+

       
		}


     

       

       
130

       
+

       
	})


     

       

       
131

       
+

       



     

       

       
132

       
+

       
	// Test 4: Resolve handle to DID


     

       

       
133

       
+

       
	t.Run("Resolve Handle to DID", func(t *testing.T) {


     

       

       
134

       
+

       
		did, err := userService.ResolveHandleToDID(ctx, "alice.test")


     

       

       
135

       
+

       
		if err != nil {


     

       

       
136

       
+

       
			t.Fatalf("Failed to resolve handle: %v", err)


     

       

       
137

       
+

       
		}


     

       

       
138

       
+

       



     

       

       
139

       
+

       
		if did != "did:plc:test123456" {


     

       

       
140

       
+

       
			t.Errorf("Expected DID did:plc:test123456, got %s", did)


     

       

       
141

       
+

       
		}


     

       

       
142

       
+

       
	})


     

       

       
143

       
+

       
}


     

       

       
144

       
+

       



     

       

       
145

       
+

       
func TestGetProfileEndpoint(t *testing.T) {


     

       
74

       
146

       
 

       
	db := setupTestDB(t)


     

       
75

       
147

       
 

       
	defer db.Close()


     

       
76

       
148

       
 

       



     

       
77

       

       
-

       
	// Wire up dependencies according to architecture


     

       

       
149

       
+

       
	// Wire up dependencies


     

       
78

       
150

       
 

       
	userRepo := postgres.NewUserRepository(db)


     

       
79

       

       
-

       
	userService := users.NewUserService(userRepo)


     

       

       
151

       
+

       
	userService := users.NewUserService(userRepo, "http://localhost:3001")


     

       

       
152

       
+

       



     

       

       
153

       
+

       
	// Create test user directly in service


     

       

       
154

       
+

       
	ctx := context.Background()


     

       

       
155

       
+

       
	_, err := userService.CreateUser(ctx, users.CreateUserRequest{


     

       

       
156

       
+

       
		DID:    "did:plc:endpoint123",


     

       

       
157

       
+

       
		Handle: "bob.test",


     

       

       
158

       
+

       
	})


     

       

       
159

       
+

       
	if err != nil {


     

       

       
160

       
+

       
		t.Fatalf("Failed to create test user: %v", err)


     

       

       
161

       
+

       
	}


     

       
80

       
162

       
 

       



     

       

       
163

       
+

       
	// Set up HTTP router


     

       
81

       
164

       
 

       
	r := chi.NewRouter()


     

       
82

       

       
-

       
	r.Mount("/api/users", routes.UserRoutes(userService))


     

       

       
165

       
+

       
	r.Mount("/xrpc/social.coves.actor", routes.UserRoutes(userService))


     

       

       
166

       
+

       



     

       

       
167

       
+

       
	// Test 1: Get profile by DID


     

       

       
168

       
+

       
	t.Run("Get Profile By DID", func(t *testing.T) {


     

       

       
169

       
+

       
		req := httptest.NewRequest("GET", "/xrpc/social.coves.actor/profile?actor=did:plc:endpoint123", nil)


     

       

       
170

       
+

       
		w := httptest.NewRecorder()


     

       

       
171

       
+

       
		r.ServeHTTP(w, req)


     

       

       
172

       
+

       



     

       

       
173

       
+

       
		if w.Code != http.StatusOK {


     

       

       
174

       
+

       
			t.Errorf("Expected status %d, got %d. Response: %s", http.StatusOK, w.Code, w.Body.String())


     

       

       
175

       
+

       
			return


     

       

       
176

       
+

       
		}


     

       

       
177

       
+

       



     

       

       
178

       
+

       
		var response map[string]interface{}


     

       

       
179

       
+

       
		if err := json.NewDecoder(w.Body).Decode(&response); err != nil {


     

       

       
180

       
+

       
			t.Fatalf("Failed to decode response: %v", err)


     

       

       
181

       
+

       
		}


     

       

       
182

       
+

       



     

       

       
183

       
+

       
		if response["did"] != "did:plc:endpoint123" {


     

       

       
184

       
+

       
			t.Errorf("Expected DID did:plc:endpoint123, got %v", response["did"])


     

       

       
185

       
+

       
		}


     

       

       
186

       
+

       
	})


     

       

       
187

       
+

       



     

       

       
188

       
+

       
	// Test 2: Get profile by handle


     

       

       
189

       
+

       
	t.Run("Get Profile By Handle", func(t *testing.T) {


     

       

       
190

       
+

       
		req := httptest.NewRequest("GET", "/xrpc/social.coves.actor/profile?actor=bob.test", nil)


     

       

       
191

       
+

       
		w := httptest.NewRecorder()


     

       

       
192

       
+

       
		r.ServeHTTP(w, req)


     

       

       
193

       
+

       



     

       

       
194

       
+

       
		if w.Code != http.StatusOK {


     

       

       
195

       
+

       
			t.Errorf("Expected status %d, got %d. Response: %s", http.StatusOK, w.Code, w.Body.String())


     

       

       
196

       
+

       
			return


     

       

       
197

       
+

       
		}


     

       

       
198

       
+

       



     

       

       
199

       
+

       
		var response map[string]interface{}


     

       

       
200

       
+

       
		if err := json.NewDecoder(w.Body).Decode(&response); err != nil {


     

       

       
201

       
+

       
			t.Fatalf("Failed to decode response: %v", err)


     

       

       
202

       
+

       
		}


     

       

       
203

       
+

       



     

       

       
204

       
+

       
		profile := response["profile"].(map[string]interface{})


     

       

       
205

       
+

       
		if profile["handle"] != "bob.test" {


     

       

       
206

       
+

       
			t.Errorf("Expected handle bob.test, got %v", profile["handle"])


     

       

       
207

       
+

       
		}


     

       

       
208

       
+

       
	})


     

       

       
209

       
+

       



     

       

       
210

       
+

       
	// Test 3: Missing actor parameter


     

       

       
211

       
+

       
	t.Run("Missing Actor Parameter", func(t *testing.T) {


     

       

       
212

       
+

       
		req := httptest.NewRequest("GET", "/xrpc/social.coves.actor/profile", nil)


     

       

       
213

       
+

       
		w := httptest.NewRecorder()


     

       

       
214

       
+

       
		r.ServeHTTP(w, req)


     

       

       
215

       
+

       



     

       

       
216

       
+

       
		if w.Code != http.StatusBadRequest {


     

       

       
217

       
+

       
			t.Errorf("Expected status %d, got %d", http.StatusBadRequest, w.Code)


     

       

       
218

       
+

       
		}


     

       

       
219

       
+

       
	})


     

       

       
220

       
+

       



     

       

       
221

       
+

       
	// Test 4: User not found


     

       

       
222

       
+

       
	t.Run("User Not Found", func(t *testing.T) {


     

       

       
223

       
+

       
		req := httptest.NewRequest("GET", "/xrpc/social.coves.actor/profile?actor=nonexistent.test", nil)


     

       

       
224

       
+

       
		w := httptest.NewRecorder()


     

       

       
225

       
+

       
		r.ServeHTTP(w, req)


     

       

       
226

       
+

       



     

       

       
227

       
+

       
		if w.Code != http.StatusNotFound {


     

       

       
228

       
+

       
			t.Errorf("Expected status %d, got %d", http.StatusNotFound, w.Code)


     

       

       
229

       
+

       
		}


     

       

       
230

       
+

       
	})


     

       

       
231

       
+

       
}


     

       

       
232

       
+

       



     

       

       
233

       
+

       
// TestDuplicateCreation tests that duplicate DID/handle creation fails properly


     

       

       
234

       
+

       
func TestDuplicateCreation(t *testing.T) {


     

       

       
235

       
+

       
	db := setupTestDB(t)


     

       

       
236

       
+

       
	defer db.Close()


     

       

       
237

       
+

       



     

       

       
238

       
+

       
	userRepo := postgres.NewUserRepository(db)


     

       

       
239

       
+

       
	userService := users.NewUserService(userRepo, "http://localhost:3001")


     

       

       
240

       
+

       
	ctx := context.Background()


     

       
83

       
241

       
 

       



     

       
84

       

       
-

       
	user := users.CreateUserRequest{


     

       
85

       

       
-

       
		Email:    "test@example.com",


     

       
86

       

       
-

       
		Username: "testuser",


     

       

       
242

       
+

       
	// Create first user


     

       

       
243

       
+

       
	_, err := userService.CreateUser(ctx, users.CreateUserRequest{


     

       

       
244

       
+

       
		DID:    "did:plc:duplicate123",


     

       

       
245

       
+

       
		Handle: "duplicate.test",


     

       

       
246

       
+

       
	})


     

       

       
247

       
+

       
	if err != nil {


     

       

       
248

       
+

       
		t.Fatalf("Failed to create first user: %v", err)


     

       
87

       
249

       
 

       
	}


     

       
88

       
250

       
 

       



     

       
89

       

       
-

       
	body, _ := json.Marshal(user)


     

       
90

       

       
-

       
	req := httptest.NewRequest("POST", "/api/users", bytes.NewBuffer(body))


     

       
91

       

       
-

       
	req.Header.Set("Content-Type", "application/json")


     

       

       
251

       
+

       
	// Test duplicate DID


     

       

       
252

       
+

       
	t.Run("Duplicate DID", func(t *testing.T) {


     

       

       
253

       
+

       
		_, err := userService.CreateUser(ctx, users.CreateUserRequest{


     

       

       
254

       
+

       
			DID:    "did:plc:duplicate123",


     

       

       
255

       
+

       
			Handle: "different.test",


     

       

       
256

       
+

       
		})


     

       
92

       
257

       
 

       



     

       
93

       

       
-

       
	w := httptest.NewRecorder()


     

       
94

       

       
-

       
	r.ServeHTTP(w, req)


     

       

       
258

       
+

       
		if err == nil {


     

       

       
259

       
+

       
			t.Error("Expected error for duplicate DID, got nil")


     

       

       
260

       
+

       
		}


     

       
95

       
261

       
 

       



     

       
96

       

       
-

       
	if w.Code != http.StatusCreated {


     

       
97

       

       
-

       
		t.Errorf("Expected status %d, got %d. Response: %s", http.StatusCreated, w.Code, w.Body.String())


     

       
98

       

       
-

       
		return


     

       
99

       

       
-

       
	}


     

       

       
262

       
+

       
		if !strings.Contains(err.Error(), "DID already exists") {


     

       

       
263

       
+

       
			t.Errorf("Expected 'DID already exists' error, got: %v", err)


     

       

       
264

       
+

       
		}


     

       

       
265

       
+

       
	})


     

       
100

       
266

       
 

       



     

       
101

       

       
-

       
	var createdUser users.User


     

       
102

       

       
-

       
	if err := json.NewDecoder(w.Body).Decode(&createdUser); err != nil {


     

       
103

       

       
-

       
		t.Fatalf("Failed to decode response: %v", err)


     

       
104

       

       
-

       
	}


     

       

       
267

       
+

       
	// Test duplicate handle


     

       

       
268

       
+

       
	t.Run("Duplicate Handle", func(t *testing.T) {


     

       

       
269

       
+

       
		_, err := userService.CreateUser(ctx, users.CreateUserRequest{


     

       

       
270

       
+

       
			DID:    "did:plc:different456",


     

       

       
271

       
+

       
			Handle: "duplicate.test",


     

       

       
272

       
+

       
		})


     

       

       
273

       
+

       



     

       

       
274

       
+

       
		if err == nil {


     

       

       
275

       
+

       
			t.Error("Expected error for duplicate handle, got nil")


     

       

       
276

       
+

       
		}


     

       

       
277

       
+

       



     

       

       
278

       
+

       
		if !strings.Contains(err.Error(), "handle already taken") {


     

       

       
279

       
+

       
			t.Errorf("Expected 'handle already taken' error, got: %v", err)


     

       

       
280

       
+

       
		}


     

       

       
281

       
+

       
	})


     

       

       
282

       
+

       
}


     

       

       
283

       
+

       



     

       

       
284

       
+

       
// TestHandleValidation tests atProto handle validation rules


     

       

       
285

       
+

       
func TestHandleValidation(t *testing.T) {


     

       

       
286

       
+

       
	db := setupTestDB(t)


     

       

       
287

       
+

       
	defer db.Close()


     

       
105

       
288

       
 

       



     

       
106

       

       
-

       
	if createdUser.Email != user.Email {


     

       
107

       

       
-

       
		t.Errorf("Expected email %s, got %s", user.Email, createdUser.Email)


     

       

       
289

       
+

       
	userRepo := postgres.NewUserRepository(db)


     

       

       
290

       
+

       
	userService := users.NewUserService(userRepo, "http://localhost:3001")


     

       

       
291

       
+

       
	ctx := context.Background()


     

       

       
292

       
+

       



     

       

       
293

       
+

       
	testCases := []struct {


     

       

       
294

       
+

       
		name        string


     

       

       
295

       
+

       
		did         string


     

       

       
296

       
+

       
		handle      string


     

       

       
297

       
+

       
		shouldError bool


     

       

       
298

       
+

       
		errorMsg    string


     

       

       
299

       
+

       
	}{


     

       

       
300

       
+

       
		{


     

       

       
301

       
+

       
			name:        "Valid handle with hyphen",


     

       

       
302

       
+

       
			did:         "did:plc:valid1",


     

       

       
303

       
+

       
			handle:      "alice-bob.test",


     

       

       
304

       
+

       
			shouldError: false,


     

       

       
305

       
+

       
		},


     

       

       
306

       
+

       
		{


     

       

       
307

       
+

       
			name:        "Valid handle with dots",


     

       

       
308

       
+

       
			did:         "did:plc:valid2",


     

       

       
309

       
+

       
			handle:      "alice.bob.test",


     

       

       
310

       
+

       
			shouldError: false,


     

       

       
311

       
+

       
		},


     

       

       
312

       
+

       
		{


     

       

       
313

       
+

       
			name:        "Invalid: consecutive hyphens",


     

       

       
314

       
+

       
			did:         "did:plc:invalid1",


     

       

       
315

       
+

       
			handle:      "alice--bob.test",


     

       

       
316

       
+

       
			shouldError: true,


     

       

       
317

       
+

       
			errorMsg:    "consecutive hyphens",


     

       

       
318

       
+

       
		},


     

       

       
319

       
+

       
		{


     

       

       
320

       
+

       
			name:        "Invalid: starts with hyphen",


     

       

       
321

       
+

       
			did:         "did:plc:invalid2",


     

       

       
322

       
+

       
			handle:      "-alice.test",


     

       

       
323

       
+

       
			shouldError: true,


     

       

       
324

       
+

       
			errorMsg:    "invalid handle format",


     

       

       
325

       
+

       
		},


     

       

       
326

       
+

       
		{


     

       

       
327

       
+

       
			name:        "Invalid: ends with hyphen",


     

       

       
328

       
+

       
			did:         "did:plc:invalid3",


     

       

       
329

       
+

       
			handle:      "alice-.test",


     

       

       
330

       
+

       
			shouldError: true,


     

       

       
331

       
+

       
			errorMsg:    "invalid handle format",


     

       

       
332

       
+

       
		},


     

       

       
333

       
+

       
		{


     

       

       
334

       
+

       
			name:        "Invalid: special characters",


     

       

       
335

       
+

       
			did:         "did:plc:invalid4",


     

       

       
336

       
+

       
			handle:      "alice!bob.test",


     

       

       
337

       
+

       
			shouldError: true,


     

       

       
338

       
+

       
			errorMsg:    "invalid handle format",


     

       

       
339

       
+

       
		},


     

       

       
340

       
+

       
		{


     

       

       
341

       
+

       
			name:        "Invalid: spaces",


     

       

       
342

       
+

       
			did:         "did:plc:invalid5",


     

       

       
343

       
+

       
			handle:      "alice bob.test",


     

       

       
344

       
+

       
			shouldError: true,


     

       

       
345

       
+

       
			errorMsg:    "invalid handle format",


     

       

       
346

       
+

       
		},


     

       

       
347

       
+

       
		{


     

       

       
348

       
+

       
			name:        "Invalid: too long",


     

       

       
349

       
+

       
			did:         "did:plc:invalid6",


     

       

       
350

       
+

       
			handle:      strings.Repeat("a", 254) + ".test",


     

       

       
351

       
+

       
			shouldError: true,


     

       

       
352

       
+

       
			errorMsg:    "must be between 1 and 253 characters",


     

       

       
353

       
+

       
		},


     

       

       
354

       
+

       
		{


     

       

       
355

       
+

       
			name:        "Invalid: missing DID prefix",


     

       

       
356

       
+

       
			did:         "plc:invalid7",


     

       

       
357

       
+

       
			handle:      "valid.test",


     

       

       
358

       
+

       
			shouldError: true,


     

       

       
359

       
+

       
			errorMsg:    "must start with 'did:'",


     

       

       
360

       
+

       
		},


     

       
108

       
361

       
 

       
	}


     

       
109

       
362

       
 

       



     

       
110

       

       
-

       
	if createdUser.Username != user.Username {


     

       
111

       

       
-

       
		t.Errorf("Expected username %s, got %s", user.Username, createdUser.Username)


     

       

       
363

       
+

       
	for _, tc := range testCases {


     

       

       
364

       
+

       
		t.Run(tc.name, func(t *testing.T) {


     

       

       
365

       
+

       
			_, err := userService.CreateUser(ctx, users.CreateUserRequest{


     

       

       
366

       
+

       
				DID:    tc.did,


     

       

       
367

       
+

       
				Handle: tc.handle,


     

       

       
368

       
+

       
			})


     

       

       
369

       
+

       



     

       

       
370

       
+

       
			if tc.shouldError {


     

       

       
371

       
+

       
				if err == nil {


     

       

       
372

       
+

       
					t.Errorf("Expected error, got nil")


     

       

       
373

       
+

       
				} else if !strings.Contains(err.Error(), tc.errorMsg) {


     

       

       
374

       
+

       
					t.Errorf("Expected error containing '%s', got: %v", tc.errorMsg, err)


     

       

       
375

       
+

       
				}


     

       

       
376

       
+

       
			} else {


     

       

       
377

       
+

       
				if err != nil {


     

       

       
378

       
+

       
					t.Errorf("Expected no error, got: %v", err)


     

       

       
379

       
+

       
				}


     

       

       
380

       
+

       
			}


     

       

       
381

       
+

       
		})


     

       
112

       
382

       
 

       
	}


     

       
113

       
383

       
 

       
}


     

       
114

       

       
-