commit a948a640b99693715d7cdd13b85a029272d8ff82 · bretton.dev/coves

+1 -1

tests/integration/aggregator_e2e_test.go

···

       71
        
       	userService := users.NewUserService(userRepo, identityResolver, "http://localhost:3001")

     

       72
        
       	communityService := communities.NewCommunityService(communityRepo, "http://localhost:3001", "did:web:test.coves.social", "coves.social", nil)

     

       73
        
       	aggregatorService := aggregators.NewAggregatorService(aggregatorRepo, communityService)

     

       74
       -
       	postService := posts.NewPostService(postRepo, communityService, aggregatorService, "http://localhost:3001")

     

       75
        
       

     

       76
        
       	// Setup consumers

     

       77
        
       	aggregatorConsumer := jetstream.NewAggregatorEventConsumer(aggregatorRepo)

···

       71
        
       	userService := users.NewUserService(userRepo, identityResolver, "http://localhost:3001")

     

       72
        
       	communityService := communities.NewCommunityService(communityRepo, "http://localhost:3001", "did:web:test.coves.social", "coves.social", nil)

     

       73
        
       	aggregatorService := aggregators.NewAggregatorService(aggregatorRepo, communityService)

     

       74
       +
       	postService := posts.NewPostService(postRepo, communityService, aggregatorService, nil, nil, "http://localhost:3001")

     

       75
        
       

     

       76
        
       	// Setup consumers

     

       77
        
       	aggregatorConsumer := jetstream.NewAggregatorEventConsumer(aggregatorRepo)

+99

tests/integration/feed_test.go

···

       699
        
       

     

       700
        
       	t.Logf("SUCCESS: All posts with similar hot ranks preserved (precision bug fixed)")

     

       701
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       699
        
       

     

       700
        
       	t.Logf("SUCCESS: All posts with similar hot ranks preserved (precision bug fixed)")

     

       701
        
       }

     

       702
       +
       

     

       703
       +
       // TestGetCommunityFeed_BlobURLTransformation tests that blob refs are transformed to URLs

     

       704
       +
       func TestGetCommunityFeed_BlobURLTransformation(t *testing.T) {

     

       705
       +
       	if testing.Short() {

     

       706
       +
       		t.Skip("Skipping integration test in short mode")

     

       707
       +
       	}

     

       708
       +
       

     

       709
       +
       	db := setupTestDB(t)

     

       710
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       711
       +
       

     

       712
       +
       	// Setup services

     

       713
       +
       	feedRepo := postgres.NewCommunityFeedRepository(db, "test-cursor-secret")

     

       714
       +
       	communityRepo := postgres.NewCommunityRepository(db)

     

       715
       +
       	communityService := communities.NewCommunityService(

     

       716
       +
       		communityRepo,

     

       717
       +
       		"http://localhost:3001",

     

       718
       +
       		"did:web:test.coves.social",

     

       719
       +
       		"test.coves.social",

     

       720
       +
       		nil,

     

       721
       +
       	)

     

       722
       +
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       723
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       724
       +
       

     

       725
       +
       	// Setup test data

     

       726
       +
       	ctx := context.Background()

     

       727
       +
       	testID := time.Now().UnixNano()

     

       728
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("blobtest-%d", testID), fmt.Sprintf("blobtest-%d.test", testID))

     

       729
       +
       	require.NoError(t, err)

     

       730
       +
       

     

       731
       +
       	// Create author user

     

       732
       +
       	authorDID := "did:plc:blobauthor"

     

       733
       +
       	_, _ = db.ExecContext(ctx, `

     

       734
       +
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       735
       +
       		VALUES ($1, $2, $3, NOW())

     

       736
       +
       		ON CONFLICT (did) DO NOTHING

     

       737
       +
       	`, authorDID, "blobauthor.bsky.social", "https://bsky.social")

     

       738
       +
       

     

       739
       +
       	// Create a post with an external embed containing a blob thumbnail

     

       740
       +
       	rkey := fmt.Sprintf("post-%d", time.Now().UnixNano())

     

       741
       +
       	uri := fmt.Sprintf("at://%s/social.coves.community.post/%s", communityDID, rkey)

     

       742
       +
       

     

       743
       +
       	embedJSON := `{

     

       744
       +
       		"$type": "social.coves.embed.external",

     

       745
       +
       		"external": {

     

       746
       +
       			"uri": "https://example.com/article",

     

       747
       +
       			"title": "Example Article",

     

       748
       +
       			"description": "A test article",

     

       749
       +
       			"thumb": {

     

       750
       +
       				"$type": "blob",

     

       751
       +
       				"ref": {

     

       752
       +
       					"$link": "bafyreib6tbnql2ux3whnfysbzabthaj2vvck53nimhbi5g5a7jgvgr5eqm"

     

       753
       +
       				},

     

       754
       +
       				"mimeType": "image/jpeg",

     

       755
       +
       				"size": 52813

     

       756
       +
       			}

     

       757
       +
       		}

     

       758
       +
       	}`

     

       759
       +
       

     

       760
       +
       	_, err = db.ExecContext(ctx, `

     

       761
       +
       		INSERT INTO posts (uri, cid, rkey, author_did, community_did, title, embed, created_at, score, upvote_count)

     

       762
       +
       		VALUES ($1, $2, $3, $4, $5, $6, $7, NOW(), 10, 10)

     

       763
       +
       	`, uri, "bafytest", rkey, authorDID, communityDID, "Post with blob thumb", embedJSON)

     

       764
       +
       	require.NoError(t, err)

     

       765
       +
       

     

       766
       +
       	// Request community feed

     

       767
       +
       	req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/xrpc/social.coves.communityFeed.getCommunity?community=%s&sort=new&limit=10", communityDID), nil)

     

       768
       +
       	rec := httptest.NewRecorder()

     

       769
       +
       	handler.HandleGetCommunity(rec, req)

     

       770
       +
       

     

       771
       +
       	// Assertions

     

       772
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       773
       +
       

     

       774
       +
       	var response communityFeeds.FeedResponse

     

       775
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       776
       +
       	require.NoError(t, err)

     

       777
       +
       

     

       778
       +
       	require.Len(t, response.Feed, 1, "Should have one post")

     

       779
       +
       

     

       780
       +
       	// Verify blob ref was transformed to URL

     

       781
       +
       	feedPost := response.Feed[0]

     

       782
       +
       	require.NotNil(t, feedPost.Post.Embed, "Post should have embed")

     

       783
       +
       

     

       784
       +
       	embedMap, ok := feedPost.Post.Embed.(map[string]interface{})

     

       785
       +
       	require.True(t, ok, "Embed should be a map")

     

       786
       +
       

     

       787
       +
       	assert.Equal(t, "social.coves.embed.external", embedMap["$type"], "Embed type should be external")

     

       788
       +
       

     

       789
       +
       	external, ok := embedMap["external"].(map[string]interface{})

     

       790
       +
       	require.True(t, ok, "External should be a map")

     

       791
       +
       

     

       792
       +
       	// CRITICAL: Thumb should now be a URL string, not a blob object

     

       793
       +
       	thumbURL, ok := external["thumb"].(string)

     

       794
       +
       	require.True(t, ok, "Thumb should be a string URL after transformation")

     

       795
       +
       

     

       796
       +
       	expectedURL := "http://localhost:3001/xrpc/com.atproto.sync.getBlob?did=did:plc:community-blobtest-" + fmt.Sprint(testID) + "&cid=bafyreib6tbnql2ux3whnfysbzabthaj2vvck53nimhbi5g5a7jgvgr5eqm"

     

       797
       +
       	assert.Equal(t, expectedURL, thumbURL, "Thumb URL should match expected format")

     

       798
       +
       

     

       799
       +
       	t.Logf("SUCCESS: Blob ref transformed to URL: %s", thumbURL)

     

       800
       +
       }

+30 -7

tests/integration/helpers.go

···

       11
        
       	"fmt"

     

       12
        
       	"io"

     

       13
        
       	"net/http"

     

       0
        
       
     

       14
        
       	"strings"

     

       15
        
       	"testing"

     

       16
        
       	"time"

     

       17
        
       

     

       18
        
       	"github.com/golang-jwt/jwt/v5"

     

       19
        
       )

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       20
        
       

     

       21
        
       // createTestUser creates a test user in the database for use in integration tests

     

       22
        
       // Returns the created user or fails the test

     
···

       33
        
       	`

     

       34
        
       

     

       35
        
       	user := &users.User{}

     

       36
       -
       	err := db.QueryRowContext(ctx, query, did, handle, "http://localhost:3001").Scan(

     

       37
        
       		&user.DID,

     

       38
        
       		&user.Handle,

     

       39
        
       		&user.PDSURL,

     
···

       105
        
       		RegisteredClaims: jwt.RegisteredClaims{

     

       106
        
       			Subject:   userDID,

     

       107
        
       			Issuer:    userDID, // Use DID as issuer for testing (valid per atProto)

     

       108
       -
       			Audience:  jwt.ClaimStrings{"did:web:test.coves.social"},

     

       109
        
       			IssuedAt:  jwt.NewNumericDate(time.Now()),

     

       110
        
       			ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),

     

       111
        
       		},

     
···

       237
        
       // createFeedTestCommunity creates a test community for feed tests

     

       238
        
       // Returns the community DID or an error

     

       239
        
       func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       240
        
       	// Create owner user first (directly insert to avoid service dependencies)

     

       241
        
       	ownerDID := fmt.Sprintf("did:plc:%s", ownerHandle)

     

       242
        
       	_, err := db.ExecContext(ctx, `

     

       243
        
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       244
        
       		VALUES ($1, $2, $3, NOW())

     

       245
        
       		ON CONFLICT (did) DO NOTHING

     

       246
       -
       	`, ownerDID, ownerHandle, "https://bsky.social")

     

       247
        
       	if err != nil {

     

       248
        
       		return "", err

     

       249
        
       	}

     
···

       251
        
       	// Create community

     

       252
        
       	communityDID := fmt.Sprintf("did:plc:community-%s", name)

     

       253
        
       	_, err = db.ExecContext(ctx, `

     

       254
       -
       		INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, created_at)

     

       255
       -
       		VALUES ($1, $2, $3, $4, $5, $6, NOW())

     

       256
        
       		ON CONFLICT (did) DO NOTHING

     

       257
       -
       	`, communityDID, name, ownerDID, ownerDID, "did:web:test.coves.social", fmt.Sprintf("%s.coves.social", name))

     

       258
        
       

     

       259
        
       	return communityDID, err

     

       260
        
       }

     
···

       270
        
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       271
        
       		VALUES ($1, $2, $3, NOW())

     

       272
        
       		ON CONFLICT (did) DO NOTHING

     

       273
       -
       	`, authorDID, fmt.Sprintf("%s.bsky.social", authorDID), "https://bsky.social")

     

       274
        
       

     

       275
        
       	// Generate URI

     

       276
        
       	rkey := fmt.Sprintf("post-%d", time.Now().UnixNano())

···

       11
        
       	"fmt"

     

       12
        
       	"io"

     

       13
        
       	"net/http"

     

       14
       +
       	"os"

     

       15
        
       	"strings"

     

       16
        
       	"testing"

     

       17
        
       	"time"

     

       18
        
       

     

       19
        
       	"github.com/golang-jwt/jwt/v5"

     

       20
        
       )

     

       21
       +
       

     

       22
       +
       // getTestPDSURL returns the PDS URL for testing from env var or default

     

       23
       +
       func getTestPDSURL() string {

     

       24
       +
       	pdsURL := os.Getenv("PDS_URL")

     

       25
       +
       	if pdsURL == "" {

     

       26
       +
       		pdsURL = "http://localhost:3001"

     

       27
       +
       	}

     

       28
       +
       	return pdsURL

     

       29
       +
       }

     

       30
       +
       

     

       31
       +
       // getTestInstanceDID returns the instance DID for testing from env var or default

     

       32
       +
       func getTestInstanceDID() string {

     

       33
       +
       	instanceDID := os.Getenv("INSTANCE_DID")

     

       34
       +
       	if instanceDID == "" {

     

       35
       +
       		instanceDID = "did:web:test.coves.social"

     

       36
       +
       	}

     

       37
       +
       	return instanceDID

     

       38
       +
       }

     

       39
        
       

     

       40
        
       // createTestUser creates a test user in the database for use in integration tests

     

       41
        
       // Returns the created user or fails the test

     
···

       52
        
       	`

     

       53
        
       

     

       54
        
       	user := &users.User{}

     

       55
       +
       	err := db.QueryRowContext(ctx, query, did, handle, getTestPDSURL()).Scan(

     

       56
        
       		&user.DID,

     

       57
        
       		&user.Handle,

     

       58
        
       		&user.PDSURL,

     
···

       124
        
       		RegisteredClaims: jwt.RegisteredClaims{

     

       125
        
       			Subject:   userDID,

     

       126
        
       			Issuer:    userDID, // Use DID as issuer for testing (valid per atProto)

     

       127
       +
       			Audience:  jwt.ClaimStrings{getTestInstanceDID()},

     

       128
        
       			IssuedAt:  jwt.NewNumericDate(time.Now()),

     

       129
        
       			ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),

     

       130
        
       		},

     
···

       256
        
       // createFeedTestCommunity creates a test community for feed tests

     

       257
        
       // Returns the community DID or an error

     

       258
        
       func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {

     

       259
       +
       	// Get configuration from env vars

     

       260
       +
       	pdsURL := getTestPDSURL()

     

       261
       +
       	instanceDID := getTestInstanceDID()

     

       262
       +
       

     

       263
        
       	// Create owner user first (directly insert to avoid service dependencies)

     

       264
        
       	ownerDID := fmt.Sprintf("did:plc:%s", ownerHandle)

     

       265
        
       	_, err := db.ExecContext(ctx, `

     

       266
        
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       267
        
       		VALUES ($1, $2, $3, NOW())

     

       268
        
       		ON CONFLICT (did) DO NOTHING

     

       269
       +
       	`, ownerDID, ownerHandle, pdsURL)

     

       270
        
       	if err != nil {

     

       271
        
       		return "", err

     

       272
        
       	}

     
···

       274
        
       	// Create community

     

       275
        
       	communityDID := fmt.Sprintf("did:plc:community-%s", name)

     

       276
        
       	_, err = db.ExecContext(ctx, `

     

       277
       +
       		INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, pds_url, created_at)

     

       278
       +
       		VALUES ($1, $2, $3, $4, $5, $6, $7, NOW())

     

       279
        
       		ON CONFLICT (did) DO NOTHING

     

       280
       +
       	`, communityDID, name, ownerDID, ownerDID, instanceDID, fmt.Sprintf("%s.coves.social", name), pdsURL)

     

       281
        
       

     

       282
        
       	return communityDID, err

     

       283
        
       }

     
···

       293
        
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       294
        
       		VALUES ($1, $2, $3, NOW())

     

       295
        
       		ON CONFLICT (did) DO NOTHING

     

       296
       +
       	`, authorDID, fmt.Sprintf("%s.bsky.social", authorDID), getTestPDSURL())

     

       297
        
       

     

       298
        
       	// Generate URI

     

       299
        
       	rkey := fmt.Sprintf("post-%d", time.Now().UnixNano())

+1 -1

tests/integration/post_e2e_test.go

···

       403
        
       		provisioner, // ✅ Real provisioner for creating communities on PDS

     

       404
        
       	)

     

       405
        
       

     

       406
       -
       	postService := posts.NewPostService(postRepo, communityService, nil, pdsURL) // nil aggregatorService for user-only tests

     

       407
        
       

     

       408
        
       	// Setup auth middleware (skip JWT verification for testing)

     

       409
        
       	authMiddleware := middleware.NewAtProtoAuthMiddleware(nil, true)

···

       403
        
       		provisioner, // ✅ Real provisioner for creating communities on PDS

     

       404
        
       	)

     

       405
        
       

     

       406
       +
       	postService := posts.NewPostService(postRepo, communityService, nil, nil, nil, pdsURL) // nil aggregatorService, blobService, unfurlService for user-only tests

     

       407
        
       

     

       408
        
       	// Setup auth middleware (skip JWT verification for testing)

     

       409
        
       	authMiddleware := middleware.NewAtProtoAuthMiddleware(nil, true)

+3 -3

tests/integration/post_handler_test.go

···

       41
        
       	)

     

       42
        
       

     

       43
        
       	postRepo := postgres.NewPostRepository(db)

     

       44
       -
       	postService := posts.NewPostService(postRepo, communityService, nil, "http://localhost:3001") // nil aggregatorService for user-only tests

     

       45
        
       

     

       46
        
       	// Create handler

     

       47
        
       	handler := post.NewCreateHandler(postService)

     
···

       409
        
       	)

     

       410
        
       

     

       411
        
       	postRepo := postgres.NewPostRepository(db)

     

       412
       -
       	postService := posts.NewPostService(postRepo, communityService, nil, "http://localhost:3001") // nil aggregatorService for user-only tests

     

       413
        
       

     

       414
        
       	handler := post.NewCreateHandler(postService)

     

       415
        
       

     
···

       493
        
       	)

     

       494
        
       

     

       495
        
       	postRepo := postgres.NewPostRepository(db)

     

       496
       -
       	postService := posts.NewPostService(postRepo, communityService, nil, "http://localhost:3001")

     

       497
        
       

     

       498
        
       	t.Run("Reject posts when context DID is missing", func(t *testing.T) {

     

       499
        
       		// Simulate bypassing handler - no DID in context

···

       41
        
       	)

     

       42
        
       

     

       43
        
       	postRepo := postgres.NewPostRepository(db)

     

       44
       +
       	postService := posts.NewPostService(postRepo, communityService, nil, nil, nil, "http://localhost:3001") // nil aggregatorService, blobService, unfurlService for user-only tests

     

       45
        
       

     

       46
        
       	// Create handler

     

       47
        
       	handler := post.NewCreateHandler(postService)

     
···

       409
        
       	)

     

       410
        
       

     

       411
        
       	postRepo := postgres.NewPostRepository(db)

     

       412
       +
       	postService := posts.NewPostService(postRepo, communityService, nil, nil, nil, "http://localhost:3001") // nil aggregatorService, blobService, unfurlService for user-only tests

     

       413
        
       

     

       414
        
       	handler := post.NewCreateHandler(postService)

     

       415
        
       

     
···

       493
        
       	)

     

       494
        
       

     

       495
        
       	postRepo := postgres.NewPostRepository(db)

     

       496
       +
       	postService := posts.NewPostService(postRepo, communityService, nil, nil, nil, "http://localhost:3001")

     

       497
        
       

     

       498
        
       	t.Run("Reject posts when context DID is missing", func(t *testing.T) {

     

       499
        
       		// Simulate bypassing handler - no DID in context

+288

tests/integration/post_thumb_validation_test.go

···

       1
       +
       package integration

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers/post"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/core/communities"

     

       7
       +
       	"Coves/internal/core/posts"

     

       8
       +
       	"Coves/internal/db/postgres"

     

       9
       +
       	"bytes"

     

       10
       +
       	"context"

     

       11
       +
       	"encoding/json"

     

       12
       +
       	"net/http"

     

       13
       +
       	"net/http/httptest"

     

       14
       +
       	"testing"

     

       15
       +
       

     

       16
       +
       	"github.com/stretchr/testify/assert"

     

       17
       +
       	"github.com/stretchr/testify/require"

     

       18
       +
       )

     

       19
       +
       

     

       20
       +
       // createTestCommunityWithCredentials creates a test community with valid PDS credentials

     

       21
       +
       func createTestCommunityWithCredentials(t *testing.T, repo communities.Repository, suffix string) *communities.Community {

     

       22
       +
       	t.Helper()

     

       23
       +
       

     

       24
       +
       	community := &communities.Community{

     

       25
       +
       		DID:             "did:plc:testcommunity" + suffix,

     

       26
       +
       		Name:            "test-community-" + suffix,

     

       27
       +
       		Handle:          "test-community-" + suffix + ".communities.coves.local",

     

       28
       +
       		Description:     "Test community for thumb validation",

     

       29
       +
       		Visibility:      "public",

     

       30
       +
       		PDSEmail:        "test@communities.coves.local",

     

       31
       +
       		PDSPassword:     "test-password",

     

       32
       +
       		PDSAccessToken:  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkaWQ6cGxjOnRlc3Rjb21tdW5pdHkxMjMiLCJleHAiOjk5OTk5OTk5OTl9.test",

     

       33
       +
       		PDSRefreshToken: "refresh_token_test123",

     

       34
       +
       		PDSURL:          "http://localhost:3001",

     

       35
       +
       	}

     

       36
       +
       

     

       37
       +
       	created, err := repo.Create(context.Background(), community)

     

       38
       +
       	require.NoError(t, err)

     

       39
       +
       

     

       40
       +
       	return created

     

       41
       +
       }

     

       42
       +
       

     

       43
       +
       // TestPostHandler_ThumbValidation tests strict validation of thumb field in external embeds

     

       44
       +
       func TestPostHandler_ThumbValidation(t *testing.T) {

     

       45
       +
       	if testing.Short() {

     

       46
       +
       		t.Skip("Skipping integration test in short mode")

     

       47
       +
       	}

     

       48
       +
       

     

       49
       +
       	db := setupTestDB(t)

     

       50
       +
       	defer func() {

     

       51
       +
       		if err := db.Close(); err != nil {

     

       52
       +
       			t.Logf("Failed to close database: %v", err)

     

       53
       +
       		}

     

       54
       +
       	}()

     

       55
       +
       

     

       56
       +
       	// Setup services

     

       57
       +
       	communityRepo := postgres.NewCommunityRepository(db)

     

       58
       +
       	communityService := communities.NewCommunityService(

     

       59
       +
       		communityRepo,

     

       60
       +
       		"http://localhost:3001",

     

       61
       +
       		"did:web:test.coves.social",

     

       62
       +
       		"test.coves.social",

     

       63
       +
       		nil,

     

       64
       +
       	)

     

       65
       +
       

     

       66
       +
       	postRepo := postgres.NewPostRepository(db)

     

       67
       +
       	// No blobService or unfurlService for these validation tests

     

       68
       +
       	postService := posts.NewPostService(postRepo, communityService, nil, nil, nil, "http://localhost:3001")

     

       69
       +
       

     

       70
       +
       	handler := post.NewCreateHandler(postService)

     

       71
       +
       

     

       72
       +
       	// Create test user and community with PDS credentials (use unique IDs)

     

       73
       +
       	testUser := createTestUser(t, db, "thumbtest.bsky.social", "did:plc:thumbtest"+t.Name())

     

       74
       +
       	testCommunity := createTestCommunityWithCredentials(t, communityRepo, t.Name())

     

       75
       +
       

     

       76
       +
       	t.Run("Reject thumb as URL string", func(t *testing.T) {

     

       77
       +
       		payload := map[string]interface{}{

     

       78
       +
       			"community": testCommunity.DID,

     

       79
       +
       			"title":     "Test Post",

     

       80
       +
       			"content":   "Test content",

     

       81
       +
       			"embed": map[string]interface{}{

     

       82
       +
       				"$type": "social.coves.embed.external",

     

       83
       +
       				"external": map[string]interface{}{

     

       84
       +
       					"uri":   "https://streamable.com/test",

     

       85
       +
       					"thumb": "https://example.com/thumb.jpg", // ❌ URL string (invalid)

     

       86
       +
       				},

     

       87
       +
       			},

     

       88
       +
       		}

     

       89
       +
       

     

       90
       +
       		body, _ := json.Marshal(payload)

     

       91
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       92
       +
       

     

       93
       +
       		// Mock authenticated user context

     

       94
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       95
       +
       		req = req.WithContext(ctx)

     

       96
       +
       

     

       97
       +
       		rec := httptest.NewRecorder()

     

       98
       +
       		handler.HandleCreate(rec, req)

     

       99
       +
       

     

       100
       +
       		// Should return 400 Bad Request

     

       101
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       102
       +
       

     

       103
       +
       		var errResp map[string]interface{}

     

       104
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       105
       +
       		require.NoError(t, err)

     

       106
       +
       

     

       107
       +
       		assert.Contains(t, errResp["message"], "thumb must be a blob reference")

     

       108
       +
       		assert.Contains(t, errResp["message"], "not URL string")

     

       109
       +
       	})

     

       110
       +
       

     

       111
       +
       	t.Run("Reject thumb missing $type", func(t *testing.T) {

     

       112
       +
       		payload := map[string]interface{}{

     

       113
       +
       			"community": testCommunity.DID,

     

       114
       +
       			"title":     "Test Post",

     

       115
       +
       			"embed": map[string]interface{}{

     

       116
       +
       				"$type": "social.coves.embed.external",

     

       117
       +
       				"external": map[string]interface{}{

     

       118
       +
       					"uri": "https://streamable.com/test",

     

       119
       +
       					"thumb": map[string]interface{}{ // ❌ Missing $type

     

       120
       +
       						"ref":      map[string]interface{}{"$link": "bafyrei123"},

     

       121
       +
       						"mimeType": "image/jpeg",

     

       122
       +
       						"size":     12345,

     

       123
       +
       					},

     

       124
       +
       				},

     

       125
       +
       			},

     

       126
       +
       		}

     

       127
       +
       

     

       128
       +
       		body, _ := json.Marshal(payload)

     

       129
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       130
       +
       

     

       131
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       132
       +
       		req = req.WithContext(ctx)

     

       133
       +
       

     

       134
       +
       		rec := httptest.NewRecorder()

     

       135
       +
       		handler.HandleCreate(rec, req)

     

       136
       +
       

     

       137
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       138
       +
       

     

       139
       +
       		var errResp map[string]interface{}

     

       140
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       141
       +
       		require.NoError(t, err)

     

       142
       +
       

     

       143
       +
       		assert.Contains(t, errResp["message"], "thumb must have $type: blob")

     

       144
       +
       	})

     

       145
       +
       

     

       146
       +
       	t.Run("Reject thumb missing ref field", func(t *testing.T) {

     

       147
       +
       		payload := map[string]interface{}{

     

       148
       +
       			"community": testCommunity.DID,

     

       149
       +
       			"title":     "Test Post",

     

       150
       +
       			"embed": map[string]interface{}{

     

       151
       +
       				"$type": "social.coves.embed.external",

     

       152
       +
       				"external": map[string]interface{}{

     

       153
       +
       					"uri": "https://streamable.com/test",

     

       154
       +
       					"thumb": map[string]interface{}{

     

       155
       +
       						"$type": "blob",

     

       156
       +
       						// ❌ Missing ref field

     

       157
       +
       						"mimeType": "image/jpeg",

     

       158
       +
       						"size":     12345,

     

       159
       +
       					},

     

       160
       +
       				},

     

       161
       +
       			},

     

       162
       +
       		}

     

       163
       +
       

     

       164
       +
       		body, _ := json.Marshal(payload)

     

       165
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       166
       +
       

     

       167
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       168
       +
       		req = req.WithContext(ctx)

     

       169
       +
       

     

       170
       +
       		rec := httptest.NewRecorder()

     

       171
       +
       		handler.HandleCreate(rec, req)

     

       172
       +
       

     

       173
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       174
       +
       

     

       175
       +
       		var errResp map[string]interface{}

     

       176
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       177
       +
       		require.NoError(t, err)

     

       178
       +
       

     

       179
       +
       		assert.Contains(t, errResp["message"], "thumb blob missing required 'ref' field")

     

       180
       +
       	})

     

       181
       +
       

     

       182
       +
       	t.Run("Reject thumb missing mimeType field", func(t *testing.T) {

     

       183
       +
       		payload := map[string]interface{}{

     

       184
       +
       			"community": testCommunity.DID,

     

       185
       +
       			"title":     "Test Post",

     

       186
       +
       			"embed": map[string]interface{}{

     

       187
       +
       				"$type": "social.coves.embed.external",

     

       188
       +
       				"external": map[string]interface{}{

     

       189
       +
       					"uri": "https://streamable.com/test",

     

       190
       +
       					"thumb": map[string]interface{}{

     

       191
       +
       						"$type": "blob",

     

       192
       +
       						"ref":   map[string]interface{}{"$link": "bafyrei123"},

     

       193
       +
       						// ❌ Missing mimeType field

     

       194
       +
       						"size": 12345,

     

       195
       +
       					},

     

       196
       +
       				},

     

       197
       +
       			},

     

       198
       +
       		}

     

       199
       +
       

     

       200
       +
       		body, _ := json.Marshal(payload)

     

       201
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       202
       +
       

     

       203
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       204
       +
       		req = req.WithContext(ctx)

     

       205
       +
       

     

       206
       +
       		rec := httptest.NewRecorder()

     

       207
       +
       		handler.HandleCreate(rec, req)

     

       208
       +
       

     

       209
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       210
       +
       

     

       211
       +
       		var errResp map[string]interface{}

     

       212
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       213
       +
       		require.NoError(t, err)

     

       214
       +
       

     

       215
       +
       		assert.Contains(t, errResp["message"], "thumb blob missing required 'mimeType' field")

     

       216
       +
       	})

     

       217
       +
       

     

       218
       +
       	t.Run("Accept valid blob reference", func(t *testing.T) {

     

       219
       +
       		// Note: This test will fail at PDS write because the blob doesn't actually exist

     

       220
       +
       		// But it validates that our thumb validation accepts properly formatted blobs

     

       221
       +
       		payload := map[string]interface{}{

     

       222
       +
       			"community": testCommunity.DID,

     

       223
       +
       			"title":     "Test Post",

     

       224
       +
       			"embed": map[string]interface{}{

     

       225
       +
       				"$type": "social.coves.embed.external",

     

       226
       +
       				"external": map[string]interface{}{

     

       227
       +
       					"uri": "https://streamable.com/test",

     

       228
       +
       					"thumb": map[string]interface{}{ // ✅ Valid blob

     

       229
       +
       						"$type":    "blob",

     

       230
       +
       						"ref":      map[string]interface{}{"$link": "bafyreib6tbnql2ux3whnfysbzabthaj2vvck53nimhbi5g5a7jgvgr5eqm"},

     

       231
       +
       						"mimeType": "image/jpeg",

     

       232
       +
       						"size":     52813,

     

       233
       +
       					},

     

       234
       +
       				},

     

       235
       +
       			},

     

       236
       +
       		}

     

       237
       +
       

     

       238
       +
       		body, _ := json.Marshal(payload)

     

       239
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       240
       +
       

     

       241
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       242
       +
       		req = req.WithContext(ctx)

     

       243
       +
       

     

       244
       +
       		rec := httptest.NewRecorder()

     

       245
       +
       		handler.HandleCreate(rec, req)

     

       246
       +
       

     

       247
       +
       		// Should not fail with thumb validation error

     

       248
       +
       		// (May fail later at PDS write, but that's expected for test data)

     

       249
       +
       		if rec.Code == http.StatusBadRequest {

     

       250
       +
       			var errResp map[string]interface{}

     

       251
       +
       			_ = json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       252
       +
       			// If it's a bad request, it should NOT be about thumb validation

     

       253
       +
       			assert.NotContains(t, errResp["message"], "thumb must be")

     

       254
       +
       			assert.NotContains(t, errResp["message"], "thumb blob missing")

     

       255
       +
       		}

     

       256
       +
       	})

     

       257
       +
       

     

       258
       +
       	t.Run("Accept missing thumb (unfurl will handle)", func(t *testing.T) {

     

       259
       +
       		payload := map[string]interface{}{

     

       260
       +
       			"community": testCommunity.DID,

     

       261
       +
       			"title":     "Test Post",

     

       262
       +
       			"embed": map[string]interface{}{

     

       263
       +
       				"$type": "social.coves.embed.external",

     

       264
       +
       				"external": map[string]interface{}{

     

       265
       +
       					"uri": "https://streamable.com/test",

     

       266
       +
       					// ✅ No thumb field - unfurl service will handle

     

       267
       +
       				},

     

       268
       +
       			},

     

       269
       +
       		}

     

       270
       +
       

     

       271
       +
       		body, _ := json.Marshal(payload)

     

       272
       +
       		req := httptest.NewRequest(http.MethodPost, "/xrpc/social.coves.community.post.create", bytes.NewReader(body))

     

       273
       +
       

     

       274
       +
       		ctx := middleware.SetTestUserDID(req.Context(), testUser.DID)

     

       275
       +
       		req = req.WithContext(ctx)

     

       276
       +
       

     

       277
       +
       		rec := httptest.NewRecorder()

     

       278
       +
       		handler.HandleCreate(rec, req)

     

       279
       +
       

     

       280
       +
       		// Should not fail with thumb validation error

     

       281
       +
       		if rec.Code == http.StatusBadRequest {

     

       282
       +
       			var errResp map[string]interface{}

     

       283
       +
       			_ = json.Unmarshal(rec.Body.Bytes(), &errResp)

     

       284
       +
       			// Should not be a thumb validation error

     

       285
       +
       			assert.NotContains(t, errResp["message"], "thumb must be")

     

       286
       +
       		}

     

       287
       +
       	})

     

       288
       +
       }