bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

docs(communities): add blob upload proxy system design

Adds design documentation for blob upload proxy system to enable
image/video posts in communities from external PDS users.

Problem:
Users on external PDSs cannot directly upload blobs to community-owned
PDS repositories because they lack authentication credentials for the
community's PDS.

Solution:
Coves AppView acts as an authenticated proxy for blob uploads via
social.coves.blob.uploadForCommunity endpoint.

Flow:
1. User uploads blob to AppView
2. AppView validates user can post to community
3. AppView uses community's PDS credentials to upload blob
4. AppView returns CID to user
5. User creates post record referencing the CID
6. Post and blob both live in community's PDS

Status: Design documented, implementation TODO
Priority: CRITICAL for Beta - Required for rich media posts

Implementation checklist includes:
- Handler endpoint
- User authorization validation
- Community credential management
- Upload proxy logic
- Security measures (size limits, content-type validation, rate limiting)

bretton.dev 5c895653 c049aa32

options
unified split
Changed files
+40
docs
PRD_COMMUNITIES.md
+40
docs/PRD_COMMUNITIES.md 
···

       
201

       
201

       
 

       



     

       
202

       
202

       
 

       
---


     

       
203

       
203

       
 

       



     

       

       
204

       
+

       
### Blob Upload Proxy System


     

       

       
205

       
+

       
**Status:** Design documented, implementation TODO


     

       

       
206

       
+

       
**Priority:** CRITICAL for Beta - Required for image/video posts in communities


     

       

       
207

       
+

       



     

       

       
208

       
+

       
**Problem:** Users on external PDSs cannot directly upload blobs to community-owned PDS repositories because they lack authentication credentials for the community's PDS.


     

       

       
209

       
+

       



     

       

       
210

       
+

       
**Solution:** Coves AppView acts as an authenticated proxy for blob uploads:


     

       

       
211

       
+

       



     

       

       
212

       
+

       
**Flow:**


     

       

       
213

       
+

       
1. User uploads blob to Coves AppView via `social.coves.blob.uploadForCommunity`


     

       

       
214

       
+

       
2. AppView validates user can post to community (not banned, community accessible)


     

       

       
215

       
+

       
3. AppView uses community's PDS credentials to upload blob via `com.atproto.repo.uploadBlob`


     

       

       
216

       
+

       
4. AppView returns CID to user


     

       

       
217

       
+

       
5. User creates post record referencing the CID


     

       

       
218

       
+

       
6. Post and blob both live in community's PDS


     

       

       
219

       
+

       



     

       

       
220

       
+

       
**Implementation Checklist:**


     

       

       
221

       
+

       
- [ ] Handler: `social.coves.blob.uploadForCommunity` endpoint


     

       

       
222

       
+

       
- [ ] Validation: Check user authorization to post in community


     

       

       
223

       
+

       
- [ ] Credential Management: Reuse community token refresh logic


     

       

       
224

       
+

       
- [ ] Upload Proxy: Forward blob to community's PDS with community credentials


     

       

       
225

       
+

       
- [ ] Security: Size limits, content-type validation, rate limiting


     

       

       
226

       
+

       
- [ ] Testing: E2E test with federated user uploading to community


     

       

       
227

       
+

       



     

       

       
228

       
+

       
**Why This Approach:**


     

       

       
229

       
+

       
- ✅ Works with federated users (any PDS)


     

       

       
230

       
+

       
- ✅ Reuses existing community credential infrastructure


     

       

       
231

       
+

       
- ✅ Matches V2 architecture (AppView orchestrates, communities own data)


     

       

       
232

       
+

       
- ✅ Blobs stored on correct PDS (community's repository)


     

       

       
233

       
+

       
- ❌ AppView becomes upload intermediary (bandwidth cost)


     

       

       
234

       
+

       



     

       

       
235

       
+

       
**Alternative Considered:** Direct user uploads to community PDS


     

       

       
236

       
+

       
- Rejected: Would require creating temporary user accounts on every community PDS (complex, insecure)


     

       

       
237

       
+

       



     

       

       
238

       
+

       
**See:** Design discussion in context of ATProto blob architecture


     

       

       
239

       
+

       



     

       

       
240

       
+

       
---


     

       

       
241

       
+

       



     

       
204

       
242

       
 

       
### Posts in Communities


     

       
205

       
243

       
 

       
**Status:** Lexicon designed, implementation TODO


     

       
206

       
244

       
 

       
**Priority:** HIGHEST for Beta 1


     
···

       
214

       
252

       
 

       
- [ ] Decide membership requirements for posting


     

       
215

       
253

       
 

       



     

       
216

       
254

       
 

       
**Without posts, communities exist but can't be used!**


     

       

       
255

       
+

       



     

       

       
256

       
+

       
**Depends on:** Blob Upload Proxy System (for image/video posts)


     

       
217

       
257

       
 

       



     

       
218

       
258

       
 

       
---


     

       
219

       
259