commit b87f018fa6909f5624b726e320ed2d142f08287c · bretton.dev/coves

+27

cmd/server/main.go

···

       9
        
       	"Coves/internal/core/aggregators"

     

       10
        
       	"Coves/internal/core/communities"

     

       11
        
       	"Coves/internal/core/communityFeeds"

     

       0
        
       
     

       12
        
       	"Coves/internal/core/posts"

     

       0
        
       
     

       13
        
       	"Coves/internal/core/users"

     

       14
        
       	"bytes"

     

       15
        
       	"context"

     
···

       43
        
       	defaultPDS := os.Getenv("PDS_URL")

     

       44
        
       	if defaultPDS == "" {

     

       45
        
       		defaultPDS = "http://localhost:3001" // Local dev PDS

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       46
        
       	}

     

       47
        
       

     

       48
        
       	db, err := sql.Open("postgres", dbURL)

     
···

       275
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       276
        
       	log.Println("✅ Feed service initialized")

     

       277
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       278
        
       	// Start Jetstream consumer for posts

     

       279
        
       	// This consumer indexes posts created in community repositories via the firehose

     

       280
        
       	// Currently handles only CREATE operations - UPDATE/DELETE deferred until those features exist

     
···

       333
        
       

     

       334
        
       	routes.RegisterCommunityFeedRoutes(r, feedService)

     

       335
        
       	log.Println("Feed XRPC endpoints registered (public, no auth required)")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       336
        
       

     

       337
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService)

     

       338
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public)")

···

       9
        
       	"Coves/internal/core/aggregators"

     

       10
        
       	"Coves/internal/core/communities"

     

       11
        
       	"Coves/internal/core/communityFeeds"

     

       12
       +
       	"Coves/internal/core/discover"

     

       13
        
       	"Coves/internal/core/posts"

     

       14
       +
       	"Coves/internal/core/timeline"

     

       15
        
       	"Coves/internal/core/users"

     

       16
        
       	"bytes"

     

       17
        
       	"context"

     
···

       45
        
       	defaultPDS := os.Getenv("PDS_URL")

     

       46
        
       	if defaultPDS == "" {

     

       47
        
       		defaultPDS = "http://localhost:3001" // Local dev PDS

     

       48
       +
       	}

     

       49
       +
       

     

       50
       +
       	// Cursor secret for HMAC signing (prevents cursor manipulation)

     

       51
       +
       	cursorSecret := os.Getenv("CURSOR_SECRET")

     

       52
       +
       	if cursorSecret == "" {

     

       53
       +
       		// Generate a random secret if not set (dev mode)

     

       54
       +
       		// IMPORTANT: In production, set CURSOR_SECRET to a strong random value

     

       55
       +
       		cursorSecret = "dev-cursor-secret-change-in-production"

     

       56
       +
       		log.Println("⚠️  WARNING: Using default cursor secret. Set CURSOR_SECRET env var in production!")

     

       57
        
       	}

     

       58
        
       

     

       59
        
       	db, err := sql.Open("postgres", dbURL)

     
···

       286
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       287
        
       	log.Println("✅ Feed service initialized")

     

       288
        
       

     

       289
       +
       	// Initialize timeline service (home feed from subscribed communities)

     

       290
       +
       	timelineRepo := postgresRepo.NewTimelineRepository(db, cursorSecret)

     

       291
       +
       	timelineService := timeline.NewTimelineService(timelineRepo)

     

       292
       +
       	log.Println("✅ Timeline service initialized")

     

       293
       +
       

     

       294
       +
       	// Initialize discover service (public feed from all communities)

     

       295
       +
       	discoverRepo := postgresRepo.NewDiscoverRepository(db, cursorSecret)

     

       296
       +
       	discoverService := discover.NewDiscoverService(discoverRepo)

     

       297
       +
       	log.Println("✅ Discover service initialized")

     

       298
       +
       

     

       299
        
       	// Start Jetstream consumer for posts

     

       300
        
       	// This consumer indexes posts created in community repositories via the firehose

     

       301
        
       	// Currently handles only CREATE operations - UPDATE/DELETE deferred until those features exist

     
···

       354
        
       

     

       355
        
       	routes.RegisterCommunityFeedRoutes(r, feedService)

     

       356
        
       	log.Println("Feed XRPC endpoints registered (public, no auth required)")

     

       357
       +
       

     

       358
       +
       	routes.RegisterTimelineRoutes(r, timelineService, authMiddleware)

     

       359
       +
       	log.Println("Timeline XRPC endpoints registered (requires authentication)")

     

       360
       +
       

     

       361
       +
       	routes.RegisterDiscoverRoutes(r, discoverService)

     

       362
       +
       	log.Println("Discover XRPC endpoints registered (public, no auth required)")

     

       363
        
       

     

       364
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService)

     

       365
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public)")

+43

internal/api/handlers/discover/errors.go

···

       1
       +
       package discover

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/discover"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"errors"

     

       7
       +
       	"log"

     

       8
       +
       	"net/http"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       // XRPCError represents an XRPC error response

     

       12
       +
       type XRPCError struct {

     

       13
       +
       	Error   string `json:"error"`

     

       14
       +
       	Message string `json:"message"`

     

       15
       +
       }

     

       16
       +
       

     

       17
       +
       // writeError writes a JSON error response

     

       18
       +
       func writeError(w http.ResponseWriter, status int, errorType, message string) {

     

       19
       +
       	w.Header().Set("Content-Type", "application/json")

     

       20
       +
       	w.WriteHeader(status)

     

       21
       +
       

     

       22
       +
       	resp := XRPCError{

     

       23
       +
       		Error:   errorType,

     

       24
       +
       		Message: message,

     

       25
       +
       	}

     

       26
       +
       

     

       27
       +
       	if err := json.NewEncoder(w).Encode(resp); err != nil {

     

       28
       +
       		log.Printf("ERROR: Failed to encode error response: %v", err)

     

       29
       +
       	}

     

       30
       +
       }

     

       31
       +
       

     

       32
       +
       // handleServiceError maps service errors to HTTP responses

     

       33
       +
       func handleServiceError(w http.ResponseWriter, err error) {

     

       34
       +
       	switch {

     

       35
       +
       	case discover.IsValidationError(err):

     

       36
       +
       		writeError(w, http.StatusBadRequest, "InvalidRequest", err.Error())

     

       37
       +
       	case errors.Is(err, discover.ErrInvalidCursor):

     

       38
       +
       		writeError(w, http.StatusBadRequest, "InvalidCursor", "The provided cursor is invalid")

     

       39
       +
       	default:

     

       40
       +
       		log.Printf("ERROR: Discover service error: %v", err)

     

       41
       +
       		writeError(w, http.StatusInternalServerError, "InternalServerError", "An error occurred while fetching discover feed")

     

       42
       +
       	}

     

       43
       +
       }

+80

internal/api/handlers/discover/get_discover.go

···

       1
       +
       package discover

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/discover"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"log"

     

       7
       +
       	"net/http"

     

       8
       +
       	"strconv"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       // GetDiscoverHandler handles discover feed retrieval

     

       12
       +
       type GetDiscoverHandler struct {

     

       13
       +
       	service discover.Service

     

       14
       +
       }

     

       15
       +
       

     

       16
       +
       // NewGetDiscoverHandler creates a new discover handler

     

       17
       +
       func NewGetDiscoverHandler(service discover.Service) *GetDiscoverHandler {

     

       18
       +
       	return &GetDiscoverHandler{

     

       19
       +
       		service: service,

     

       20
       +
       	}

     

       21
       +
       }

     

       22
       +
       

     

       23
       +
       // HandleGetDiscover retrieves posts from all communities (public feed)

     

       24
       +
       // GET /xrpc/social.coves.feed.getDiscover?sort=hot&limit=15&cursor=...

     

       25
       +
       // Public endpoint - no authentication required

     

       26
       +
       func (h *GetDiscoverHandler) HandleGetDiscover(w http.ResponseWriter, r *http.Request) {

     

       27
       +
       	if r.Method != http.MethodGet {

     

       28
       +
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     

       29
       +
       		return

     

       30
       +
       	}

     

       31
       +
       

     

       32
       +
       	// Parse query parameters

     

       33
       +
       	req := h.parseRequest(r)

     

       34
       +
       

     

       35
       +
       	// Get discover feed

     

       36
       +
       	response, err := h.service.GetDiscover(r.Context(), req)

     

       37
       +
       	if err != nil {

     

       38
       +
       		handleServiceError(w, err)

     

       39
       +
       		return

     

       40
       +
       	}

     

       41
       +
       

     

       42
       +
       	// Return feed

     

       43
       +
       	w.Header().Set("Content-Type", "application/json")

     

       44
       +
       	w.WriteHeader(http.StatusOK)

     

       45
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       46
       +
       		log.Printf("ERROR: Failed to encode discover response: %v", err)

     

       47
       +
       	}

     

       48
       +
       }

     

       49
       +
       

     

       50
       +
       // parseRequest parses query parameters into GetDiscoverRequest

     

       51
       +
       func (h *GetDiscoverHandler) parseRequest(r *http.Request) discover.GetDiscoverRequest {

     

       52
       +
       	req := discover.GetDiscoverRequest{}

     

       53
       +
       

     

       54
       +
       	// Optional: sort (default: hot)

     

       55
       +
       	req.Sort = r.URL.Query().Get("sort")

     

       56
       +
       	if req.Sort == "" {

     

       57
       +
       		req.Sort = "hot"

     

       58
       +
       	}

     

       59
       +
       

     

       60
       +
       	// Optional: timeframe (default: day for top sort)

     

       61
       +
       	req.Timeframe = r.URL.Query().Get("timeframe")

     

       62
       +
       	if req.Timeframe == "" && req.Sort == "top" {

     

       63
       +
       		req.Timeframe = "day"

     

       64
       +
       	}

     

       65
       +
       

     

       66
       +
       	// Optional: limit (default: 15, max: 50)

     

       67
       +
       	req.Limit = 15

     

       68
       +
       	if limitStr := r.URL.Query().Get("limit"); limitStr != "" {

     

       69
       +
       		if limit, err := strconv.Atoi(limitStr); err == nil {

     

       70
       +
       			req.Limit = limit

     

       71
       +
       		}

     

       72
       +
       	}

     

       73
       +
       

     

       74
       +
       	// Optional: cursor

     

       75
       +
       	if cursor := r.URL.Query().Get("cursor"); cursor != "" {

     

       76
       +
       		req.Cursor = &cursor

     

       77
       +
       	}

     

       78
       +
       

     

       79
       +
       	return req

     

       80
       +
       }

+45

internal/api/handlers/timeline/errors.go

···

       1
       +
       package timeline

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/timeline"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"errors"

     

       7
       +
       	"log"

     

       8
       +
       	"net/http"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       // XRPCError represents an XRPC error response

     

       12
       +
       type XRPCError struct {

     

       13
       +
       	Error   string `json:"error"`

     

       14
       +
       	Message string `json:"message"`

     

       15
       +
       }

     

       16
       +
       

     

       17
       +
       // writeError writes a JSON error response

     

       18
       +
       func writeError(w http.ResponseWriter, status int, errorType, message string) {

     

       19
       +
       	w.Header().Set("Content-Type", "application/json")

     

       20
       +
       	w.WriteHeader(status)

     

       21
       +
       

     

       22
       +
       	resp := XRPCError{

     

       23
       +
       		Error:   errorType,

     

       24
       +
       		Message: message,

     

       25
       +
       	}

     

       26
       +
       

     

       27
       +
       	if err := json.NewEncoder(w).Encode(resp); err != nil {

     

       28
       +
       		log.Printf("ERROR: Failed to encode error response: %v", err)

     

       29
       +
       	}

     

       30
       +
       }

     

       31
       +
       

     

       32
       +
       // handleServiceError maps service errors to HTTP responses

     

       33
       +
       func handleServiceError(w http.ResponseWriter, err error) {

     

       34
       +
       	switch {

     

       35
       +
       	case timeline.IsValidationError(err):

     

       36
       +
       		writeError(w, http.StatusBadRequest, "InvalidRequest", err.Error())

     

       37
       +
       	case errors.Is(err, timeline.ErrInvalidCursor):

     

       38
       +
       		writeError(w, http.StatusBadRequest, "InvalidCursor", "The provided cursor is invalid")

     

       39
       +
       	case errors.Is(err, timeline.ErrUnauthorized):

     

       40
       +
       		writeError(w, http.StatusUnauthorized, "AuthenticationRequired", "User must be authenticated")

     

       41
       +
       	default:

     

       42
       +
       		log.Printf("ERROR: Timeline service error: %v", err)

     

       43
       +
       		writeError(w, http.StatusInternalServerError, "InternalServerError", "An error occurred while fetching timeline")

     

       44
       +
       	}

     

       45
       +
       }

+96

internal/api/handlers/timeline/get_timeline.go

···

       1
       +
       package timeline

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/middleware"

     

       5
       +
       	"Coves/internal/core/timeline"

     

       6
       +
       	"encoding/json"

     

       7
       +
       	"log"

     

       8
       +
       	"net/http"

     

       9
       +
       	"strconv"

     

       10
       +
       	"strings"

     

       11
       +
       )

     

       12
       +
       

     

       13
       +
       // GetTimelineHandler handles timeline feed retrieval

     

       14
       +
       type GetTimelineHandler struct {

     

       15
       +
       	service timeline.Service

     

       16
       +
       }

     

       17
       +
       

     

       18
       +
       // NewGetTimelineHandler creates a new timeline handler

     

       19
       +
       func NewGetTimelineHandler(service timeline.Service) *GetTimelineHandler {

     

       20
       +
       	return &GetTimelineHandler{

     

       21
       +
       		service: service,

     

       22
       +
       	}

     

       23
       +
       }

     

       24
       +
       

     

       25
       +
       // HandleGetTimeline retrieves posts from all communities the user subscribes to

     

       26
       +
       // GET /xrpc/social.coves.feed.getTimeline?sort=hot&limit=15&cursor=...

     

       27
       +
       // Requires authentication (user must be logged in)

     

       28
       +
       func (h *GetTimelineHandler) HandleGetTimeline(w http.ResponseWriter, r *http.Request) {

     

       29
       +
       	if r.Method != http.MethodGet {

     

       30
       +
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     

       31
       +
       		return

     

       32
       +
       	}

     

       33
       +
       

     

       34
       +
       	// Extract authenticated user DID from context (set by RequireAuth middleware)

     

       35
       +
       	userDID := middleware.GetUserDID(r)

     

       36
       +
       	if userDID == "" || !strings.HasPrefix(userDID, "did:") {

     

       37
       +
       		writeError(w, http.StatusUnauthorized, "AuthenticationRequired", "User must be authenticated to view timeline")

     

       38
       +
       		return

     

       39
       +
       	}

     

       40
       +
       

     

       41
       +
       	// Parse query parameters

     

       42
       +
       	req, err := h.parseRequest(r, userDID)

     

       43
       +
       	if err != nil {

     

       44
       +
       		writeError(w, http.StatusBadRequest, "InvalidRequest", err.Error())

     

       45
       +
       		return

     

       46
       +
       	}

     

       47
       +
       

     

       48
       +
       	// Get timeline

     

       49
       +
       	response, err := h.service.GetTimeline(r.Context(), req)

     

       50
       +
       	if err != nil {

     

       51
       +
       		handleServiceError(w, err)

     

       52
       +
       		return

     

       53
       +
       	}

     

       54
       +
       

     

       55
       +
       	// Return feed

     

       56
       +
       	w.Header().Set("Content-Type", "application/json")

     

       57
       +
       	w.WriteHeader(http.StatusOK)

     

       58
       +
       	if err := json.NewEncoder(w).Encode(response); err != nil {

     

       59
       +
       		// Log encoding errors but don't return error response (headers already sent)

     

       60
       +
       		log.Printf("ERROR: Failed to encode timeline response: %v", err)

     

       61
       +
       	}

     

       62
       +
       }

     

       63
       +
       

     

       64
       +
       // parseRequest parses query parameters into GetTimelineRequest

     

       65
       +
       func (h *GetTimelineHandler) parseRequest(r *http.Request, userDID string) (timeline.GetTimelineRequest, error) {

     

       66
       +
       	req := timeline.GetTimelineRequest{

     

       67
       +
       		UserDID: userDID, // Set from authenticated context

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	// Optional: sort (default: hot)

     

       71
       +
       	req.Sort = r.URL.Query().Get("sort")

     

       72
       +
       	if req.Sort == "" {

     

       73
       +
       		req.Sort = "hot"

     

       74
       +
       	}

     

       75
       +
       

     

       76
       +
       	// Optional: timeframe (default: day for top sort)

     

       77
       +
       	req.Timeframe = r.URL.Query().Get("timeframe")

     

       78
       +
       	if req.Timeframe == "" && req.Sort == "top" {

     

       79
       +
       		req.Timeframe = "day"

     

       80
       +
       	}

     

       81
       +
       

     

       82
       +
       	// Optional: limit (default: 15, max: 50)

     

       83
       +
       	req.Limit = 15

     

       84
       +
       	if limitStr := r.URL.Query().Get("limit"); limitStr != "" {

     

       85
       +
       		if limit, err := strconv.Atoi(limitStr); err == nil {

     

       86
       +
       			req.Limit = limit

     

       87
       +
       		}

     

       88
       +
       	}

     

       89
       +
       

     

       90
       +
       	// Optional: cursor

     

       91
       +
       	if cursor := r.URL.Query().Get("cursor"); cursor != "" {

     

       92
       +
       		req.Cursor = &cursor

     

       93
       +
       	}

     

       94
       +
       

     

       95
       +
       	return req, nil

     

       96
       +
       }

+30

internal/api/routes/discover.go

···

       1
       +
       package routes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers/discover"

     

       5
       +
       	discoverCore "Coves/internal/core/discover"

     

       6
       +
       

     

       7
       +
       	"github.com/go-chi/chi/v5"

     

       8
       +
       )

     

       9
       +
       

     

       10
       +
       // RegisterDiscoverRoutes registers discover-related XRPC endpoints

     

       11
       +
       //

     

       12
       +
       // SECURITY & RATE LIMITING:

     

       13
       +
       // - Discover feed is PUBLIC (no authentication required)

     

       14
       +
       // - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)

     

       15
       +
       // - Query timeout enforced via context (prevents long-running queries)

     

       16
       +
       // - Result limit capped at 50 posts per request (validated in service layer)

     

       17
       +
       // - No caching currently implemented (future: 30-60s cache for hot feed)

     

       18
       +
       func RegisterDiscoverRoutes(

     

       19
       +
       	r chi.Router,

     

       20
       +
       	discoverService discoverCore.Service,

     

       21
       +
       ) {

     

       22
       +
       	// Create handlers

     

       23
       +
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService)

     

       24
       +
       

     

       25
       +
       	// GET /xrpc/social.coves.feed.getDiscover

     

       26
       +
       	// Public endpoint - no authentication required

     

       27
       +
       	// Shows posts from ALL communities (not personalized)

     

       28
       +
       	// Rate limited: 100 req/min per IP via global middleware

     

       29
       +
       	r.Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       30
       +
       }

+23

internal/api/routes/timeline.go

···

       1
       +
       package routes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers/timeline"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	timelineCore "Coves/internal/core/timeline"

     

       7
       +
       

     

       8
       +
       	"github.com/go-chi/chi/v5"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       // RegisterTimelineRoutes registers timeline-related XRPC endpoints

     

       12
       +
       func RegisterTimelineRoutes(

     

       13
       +
       	r chi.Router,

     

       14
       +
       	timelineService timelineCore.Service,

     

       15
       +
       	authMiddleware *middleware.AtProtoAuthMiddleware,

     

       16
       +
       ) {

     

       17
       +
       	// Create handlers

     

       18
       +
       	getTimelineHandler := timeline.NewGetTimelineHandler(timelineService)

     

       19
       +
       

     

       20
       +
       	// GET /xrpc/social.coves.feed.getTimeline

     

       21
       +
       	// Requires authentication - user must be logged in to see their timeline

     

       22
       +
       	r.With(authMiddleware.RequireAuth).Get("/xrpc/social.coves.feed.getTimeline", getTimelineHandler.HandleGetTimeline)

     

       23
       +
       }

+71

internal/core/discover/service.go

···

       1
       +
       package discover

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"fmt"

     

       6
       +
       )

     

       7
       +
       

     

       8
       +
       type discoverService struct {

     

       9
       +
       	repo Repository

     

       10
       +
       }

     

       11
       +
       

     

       12
       +
       // NewDiscoverService creates a new discover service

     

       13
       +
       func NewDiscoverService(repo Repository) Service {

     

       14
       +
       	return &discoverService{

     

       15
       +
       		repo: repo,

     

       16
       +
       	}

     

       17
       +
       }

     

       18
       +
       

     

       19
       +
       // GetDiscover retrieves posts from all communities (public feed)

     

       20
       +
       func (s *discoverService) GetDiscover(ctx context.Context, req GetDiscoverRequest) (*DiscoverResponse, error) {

     

       21
       +
       	// Validate request

     

       22
       +
       	if err := s.validateRequest(&req); err != nil {

     

       23
       +
       		return nil, err

     

       24
       +
       	}

     

       25
       +
       

     

       26
       +
       	// Fetch discover feed from repository (all posts from all communities)

     

       27
       +
       	feedPosts, cursor, err := s.repo.GetDiscover(ctx, req)

     

       28
       +
       	if err != nil {

     

       29
       +
       		return nil, fmt.Errorf("failed to get discover feed: %w", err)

     

       30
       +
       	}

     

       31
       +
       

     

       32
       +
       	// Return discover response

     

       33
       +
       	return &DiscoverResponse{

     

       34
       +
       		Feed:   feedPosts,

     

       35
       +
       		Cursor: cursor,

     

       36
       +
       	}, nil

     

       37
       +
       }

     

       38
       +
       

     

       39
       +
       // validateRequest validates the discover request parameters

     

       40
       +
       func (s *discoverService) validateRequest(req *GetDiscoverRequest) error {

     

       41
       +
       	// Validate and set defaults for sort

     

       42
       +
       	if req.Sort == "" {

     

       43
       +
       		req.Sort = "hot"

     

       44
       +
       	}

     

       45
       +
       	validSorts := map[string]bool{"hot": true, "top": true, "new": true}

     

       46
       +
       	if !validSorts[req.Sort] {

     

       47
       +
       		return NewValidationError("sort", "sort must be one of: hot, top, new")

     

       48
       +
       	}

     

       49
       +
       

     

       50
       +
       	// Validate and set defaults for limit

     

       51
       +
       	if req.Limit <= 0 {

     

       52
       +
       		req.Limit = 15

     

       53
       +
       	}

     

       54
       +
       	if req.Limit > 50 {

     

       55
       +
       		return NewValidationError("limit", "limit must not exceed 50")

     

       56
       +
       	}

     

       57
       +
       

     

       58
       +
       	// Validate and set defaults for timeframe (only used with top sort)

     

       59
       +
       	if req.Sort == "top" && req.Timeframe == "" {

     

       60
       +
       		req.Timeframe = "day"

     

       61
       +
       	}

     

       62
       +
       	validTimeframes := map[string]bool{

     

       63
       +
       		"hour": true, "day": true, "week": true,

     

       64
       +
       		"month": true, "year": true, "all": true,

     

       65
       +
       	}

     

       66
       +
       	if req.Timeframe != "" && !validTimeframes[req.Timeframe] {

     

       67
       +
       		return NewValidationError("timeframe", "timeframe must be one of: hour, day, week, month, year, all")

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	return nil

     

       71
       +
       }

+99

internal/core/discover/types.go

···

       1
       +
       package discover

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/posts"

     

       5
       +
       	"context"

     

       6
       +
       	"errors"

     

       7
       +
       )

     

       8
       +
       

     

       9
       +
       // Repository defines discover data access interface

     

       10
       +
       type Repository interface {

     

       11
       +
       	GetDiscover(ctx context.Context, req GetDiscoverRequest) ([]*FeedViewPost, *string, error)

     

       12
       +
       }

     

       13
       +
       

     

       14
       +
       // Service defines discover business logic interface

     

       15
       +
       type Service interface {

     

       16
       +
       	GetDiscover(ctx context.Context, req GetDiscoverRequest) (*DiscoverResponse, error)

     

       17
       +
       }

     

       18
       +
       

     

       19
       +
       // GetDiscoverRequest represents input for fetching the discover feed

     

       20
       +
       // Matches social.coves.feed.getDiscover lexicon input

     

       21
       +
       type GetDiscoverRequest struct {

     

       22
       +
       	Cursor    *string `json:"cursor,omitempty"`

     

       23
       +
       	Sort      string  `json:"sort"`

     

       24
       +
       	Timeframe string  `json:"timeframe"`

     

       25
       +
       	Limit     int     `json:"limit"`

     

       26
       +
       }

     

       27
       +
       

     

       28
       +
       // DiscoverResponse represents paginated discover feed output

     

       29
       +
       // Matches social.coves.feed.getDiscover lexicon output

     

       30
       +
       type DiscoverResponse struct {

     

       31
       +
       	Cursor *string         `json:"cursor,omitempty"`

     

       32
       +
       	Feed   []*FeedViewPost `json:"feed"`

     

       33
       +
       }

     

       34
       +
       

     

       35
       +
       // FeedViewPost wraps a post with additional feed context

     

       36
       +
       type FeedViewPost struct {

     

       37
       +
       	Post   *posts.PostView `json:"post"`

     

       38
       +
       	Reason *FeedReason     `json:"reason,omitempty"`

     

       39
       +
       	Reply  *ReplyRef       `json:"reply,omitempty"`

     

       40
       +
       }

     

       41
       +
       

     

       42
       +
       // FeedReason is a union type for feed context

     

       43
       +
       type FeedReason struct {

     

       44
       +
       	Repost    *ReasonRepost    `json:"-"`

     

       45
       +
       	Community *ReasonCommunity `json:"-"`

     

       46
       +
       	Type      string           `json:"$type"`

     

       47
       +
       }

     

       48
       +
       

     

       49
       +
       // ReasonRepost indicates post was reposted/shared

     

       50
       +
       type ReasonRepost struct {

     

       51
       +
       	By        *posts.AuthorView `json:"by"`

     

       52
       +
       	IndexedAt string            `json:"indexedAt"`

     

       53
       +
       }

     

       54
       +
       

     

       55
       +
       // ReasonCommunity indicates which community this post is from

     

       56
       +
       type ReasonCommunity struct {

     

       57
       +
       	Community *posts.CommunityRef `json:"community"`

     

       58
       +
       }

     

       59
       +
       

     

       60
       +
       // ReplyRef contains context about post replies

     

       61
       +
       type ReplyRef struct {

     

       62
       +
       	Root   *PostRef `json:"root"`

     

       63
       +
       	Parent *PostRef `json:"parent"`

     

       64
       +
       }

     

       65
       +
       

     

       66
       +
       // PostRef is a minimal reference to a post (URI + CID)

     

       67
       +
       type PostRef struct {

     

       68
       +
       	URI string `json:"uri"`

     

       69
       +
       	CID string `json:"cid"`

     

       70
       +
       }

     

       71
       +
       

     

       72
       +
       // Errors

     

       73
       +
       var (

     

       74
       +
       	ErrInvalidCursor = errors.New("invalid cursor")

     

       75
       +
       )

     

       76
       +
       

     

       77
       +
       // ValidationError represents a validation error with field context

     

       78
       +
       type ValidationError struct {

     

       79
       +
       	Field   string

     

       80
       +
       	Message string

     

       81
       +
       }

     

       82
       +
       

     

       83
       +
       func (e *ValidationError) Error() string {

     

       84
       +
       	return e.Message

     

       85
       +
       }

     

       86
       +
       

     

       87
       +
       // NewValidationError creates a new validation error

     

       88
       +
       func NewValidationError(field, message string) error {

     

       89
       +
       	return &ValidationError{

     

       90
       +
       		Field:   field,

     

       91
       +
       		Message: message,

     

       92
       +
       	}

     

       93
       +
       }

     

       94
       +
       

     

       95
       +
       // IsValidationError checks if an error is a validation error

     

       96
       +
       func IsValidationError(err error) bool {

     

       97
       +
       	_, ok := err.(*ValidationError)

     

       98
       +
       	return ok

     

       99
       +
       }

+76

internal/core/timeline/service.go

···

       1
       +
       package timeline

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"fmt"

     

       6
       +
       )

     

       7
       +
       

     

       8
       +
       type timelineService struct {

     

       9
       +
       	repo Repository

     

       10
       +
       }

     

       11
       +
       

     

       12
       +
       // NewTimelineService creates a new timeline service

     

       13
       +
       func NewTimelineService(repo Repository) Service {

     

       14
       +
       	return &timelineService{

     

       15
       +
       		repo: repo,

     

       16
       +
       	}

     

       17
       +
       }

     

       18
       +
       

     

       19
       +
       // GetTimeline retrieves posts from all communities the user subscribes to

     

       20
       +
       func (s *timelineService) GetTimeline(ctx context.Context, req GetTimelineRequest) (*TimelineResponse, error) {

     

       21
       +
       	// 1. Validate request

     

       22
       +
       	if err := s.validateRequest(&req); err != nil {

     

       23
       +
       		return nil, err

     

       24
       +
       	}

     

       25
       +
       

     

       26
       +
       	// 2. UserDID must be set (from auth middleware)

     

       27
       +
       	if req.UserDID == "" {

     

       28
       +
       		return nil, ErrUnauthorized

     

       29
       +
       	}

     

       30
       +
       

     

       31
       +
       	// 3. Fetch timeline from repository (hydrated posts from subscribed communities)

     

       32
       +
       	feedPosts, cursor, err := s.repo.GetTimeline(ctx, req)

     

       33
       +
       	if err != nil {

     

       34
       +
       		return nil, fmt.Errorf("failed to get timeline: %w", err)

     

       35
       +
       	}

     

       36
       +
       

     

       37
       +
       	// 4. Return timeline response

     

       38
       +
       	return &TimelineResponse{

     

       39
       +
       		Feed:   feedPosts,

     

       40
       +
       		Cursor: cursor,

     

       41
       +
       	}, nil

     

       42
       +
       }

     

       43
       +
       

     

       44
       +
       // validateRequest validates the timeline request parameters

     

       45
       +
       func (s *timelineService) validateRequest(req *GetTimelineRequest) error {

     

       46
       +
       	// Validate and set defaults for sort

     

       47
       +
       	if req.Sort == "" {

     

       48
       +
       		req.Sort = "hot"

     

       49
       +
       	}

     

       50
       +
       	validSorts := map[string]bool{"hot": true, "top": true, "new": true}

     

       51
       +
       	if !validSorts[req.Sort] {

     

       52
       +
       		return NewValidationError("sort", "sort must be one of: hot, top, new")

     

       53
       +
       	}

     

       54
       +
       

     

       55
       +
       	// Validate and set defaults for limit

     

       56
       +
       	if req.Limit <= 0 {

     

       57
       +
       		req.Limit = 15

     

       58
       +
       	}

     

       59
       +
       	if req.Limit > 50 {

     

       60
       +
       		return NewValidationError("limit", "limit must not exceed 50")

     

       61
       +
       	}

     

       62
       +
       

     

       63
       +
       	// Validate and set defaults for timeframe (only used with top sort)

     

       64
       +
       	if req.Sort == "top" && req.Timeframe == "" {

     

       65
       +
       		req.Timeframe = "day"

     

       66
       +
       	}

     

       67
       +
       	validTimeframes := map[string]bool{

     

       68
       +
       		"hour": true, "day": true, "week": true,

     

       69
       +
       		"month": true, "year": true, "all": true,

     

       70
       +
       	}

     

       71
       +
       	if req.Timeframe != "" && !validTimeframes[req.Timeframe] {

     

       72
       +
       		return NewValidationError("timeframe", "timeframe must be one of: hour, day, week, month, year, all")

     

       73
       +
       	}

     

       74
       +
       

     

       75
       +
       	return nil

     

       76
       +
       }

+105

internal/core/timeline/types.go

···

       1
       +
       package timeline

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/posts"

     

       5
       +
       	"context"

     

       6
       +
       	"errors"

     

       7
       +
       	"time"

     

       8
       +
       )

     

       9
       +
       

     

       10
       +
       // Repository defines timeline data access interface

     

       11
       +
       type Repository interface {

     

       12
       +
       	GetTimeline(ctx context.Context, req GetTimelineRequest) ([]*FeedViewPost, *string, error)

     

       13
       +
       }

     

       14
       +
       

     

       15
       +
       // Service defines timeline business logic interface

     

       16
       +
       type Service interface {

     

       17
       +
       	GetTimeline(ctx context.Context, req GetTimelineRequest) (*TimelineResponse, error)

     

       18
       +
       }

     

       19
       +
       

     

       20
       +
       // GetTimelineRequest represents input for fetching a user's timeline

     

       21
       +
       // Matches social.coves.timeline.getTimeline lexicon input

     

       22
       +
       type GetTimelineRequest struct {

     

       23
       +
       	Cursor    *string `json:"cursor,omitempty"`

     

       24
       +
       	UserDID   string  `json:"-"` // Extracted from auth, not from query params

     

       25
       +
       	Sort      string  `json:"sort"`

     

       26
       +
       	Timeframe string  `json:"timeframe"`

     

       27
       +
       	Limit     int     `json:"limit"`

     

       28
       +
       }

     

       29
       +
       

     

       30
       +
       // TimelineResponse represents paginated timeline output

     

       31
       +
       // Matches social.coves.timeline.getTimeline lexicon output

     

       32
       +
       type TimelineResponse struct {

     

       33
       +
       	Cursor *string         `json:"cursor,omitempty"`

     

       34
       +
       	Feed   []*FeedViewPost `json:"feed"`

     

       35
       +
       }

     

       36
       +
       

     

       37
       +
       // FeedViewPost wraps a post with additional feed context

     

       38
       +
       // Matches social.coves.timeline.getTimeline#feedViewPost

     

       39
       +
       type FeedViewPost struct {

     

       40
       +
       	Post   *posts.PostView `json:"post"`

     

       41
       +
       	Reason *FeedReason     `json:"reason,omitempty"` // Why this post is in feed

     

       42
       +
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       43
       +
       }

     

       44
       +
       

     

       45
       +
       // FeedReason is a union type for feed context

     

       46
       +
       // Future: Can be reasonRepost or reasonCommunity

     

       47
       +
       type FeedReason struct {

     

       48
       +
       	Repost    *ReasonRepost    `json:"-"`

     

       49
       +
       	Community *ReasonCommunity `json:"-"`

     

       50
       +
       	Type      string           `json:"$type"`

     

       51
       +
       }

     

       52
       +
       

     

       53
       +
       // ReasonRepost indicates post was reposted/shared

     

       54
       +
       type ReasonRepost struct {

     

       55
       +
       	By        *posts.AuthorView `json:"by"`

     

       56
       +
       	IndexedAt time.Time         `json:"indexedAt"`

     

       57
       +
       }

     

       58
       +
       

     

       59
       +
       // ReasonCommunity indicates which community this post is from

     

       60
       +
       // Useful when timeline shows posts from multiple communities

     

       61
       +
       type ReasonCommunity struct {

     

       62
       +
       	Community *posts.CommunityRef `json:"community"`

     

       63
       +
       }

     

       64
       +
       

     

       65
       +
       // ReplyRef contains context about post replies

     

       66
       +
       type ReplyRef struct {

     

       67
       +
       	Root   *PostRef `json:"root"`

     

       68
       +
       	Parent *PostRef `json:"parent"`

     

       69
       +
       }

     

       70
       +
       

     

       71
       +
       // PostRef is a minimal reference to a post (URI + CID)

     

       72
       +
       type PostRef struct {

     

       73
       +
       	URI string `json:"uri"`

     

       74
       +
       	CID string `json:"cid"`

     

       75
       +
       }

     

       76
       +
       

     

       77
       +
       // Errors

     

       78
       +
       var (

     

       79
       +
       	ErrInvalidCursor = errors.New("invalid cursor")

     

       80
       +
       	ErrUnauthorized  = errors.New("unauthorized")

     

       81
       +
       )

     

       82
       +
       

     

       83
       +
       // ValidationError represents a validation error with field context

     

       84
       +
       type ValidationError struct {

     

       85
       +
       	Field   string

     

       86
       +
       	Message string

     

       87
       +
       }

     

       88
       +
       

     

       89
       +
       func (e *ValidationError) Error() string {

     

       90
       +
       	return e.Message

     

       91
       +
       }

     

       92
       +
       

     

       93
       +
       // NewValidationError creates a new validation error

     

       94
       +
       func NewValidationError(field, message string) error {

     

       95
       +
       	return &ValidationError{

     

       96
       +
       		Field:   field,

     

       97
       +
       		Message: message,

     

       98
       +
       	}

     

       99
       +
       }

     

       100
       +
       

     

       101
       +
       // IsValidationError checks if an error is a validation error

     

       102
       +
       func IsValidationError(err error) bool {

     

       103
       +
       	_, ok := err.(*ValidationError)

     

       104
       +
       	return ok

     

       105
       +
       }

+124

internal/db/postgres/discover_repo.go

···

       1
       +
       package postgres

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/discover"

     

       5
       +
       	"context"

     

       6
       +
       	"database/sql"

     

       7
       +
       	"fmt"

     

       8
       +
       )

     

       9
       +
       

     

       10
       +
       type postgresDiscoverRepo struct {

     

       11
       +
       	*feedRepoBase

     

       12
       +
       }

     

       13
       +
       

     

       14
       +
       // sortClauses maps sort types to safe SQL ORDER BY clauses

     

       15
       +
       var discoverSortClauses = map[string]string{

     

       16
       +
       	"hot": `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5)) DESC, p.created_at DESC, p.uri DESC`,

     

       17
       +
       	"top": `p.score DESC, p.created_at DESC, p.uri DESC`,

     

       18
       +
       	"new": `p.created_at DESC, p.uri DESC`,

     

       19
       +
       }

     

       20
       +
       

     

       21
       +
       // hotRankExpression for discover feed

     

       22
       +
       const discoverHotRankExpression = `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5))`

     

       23
       +
       

     

       24
       +
       // NewDiscoverRepository creates a new PostgreSQL discover repository

     

       25
       +
       func NewDiscoverRepository(db *sql.DB, cursorSecret string) discover.Repository {

     

       26
       +
       	return &postgresDiscoverRepo{

     

       27
       +
       		feedRepoBase: newFeedRepoBase(db, discoverHotRankExpression, discoverSortClauses, cursorSecret),

     

       28
       +
       	}

     

       29
       +
       }

     

       30
       +
       

     

       31
       +
       // GetDiscover retrieves posts from ALL communities (public feed)

     

       32
       +
       func (r *postgresDiscoverRepo) GetDiscover(ctx context.Context, req discover.GetDiscoverRequest) ([]*discover.FeedViewPost, *string, error) {

     

       33
       +
       	// Build ORDER BY clause based on sort type

     

       34
       +
       	orderBy, timeFilter := r.buildSortClause(req.Sort, req.Timeframe)

     

       35
       +
       

     

       36
       +
       	// Build cursor filter for pagination

     

       37
       +
       	// Discover uses $2+ for cursor params (after $1=limit)

     

       38
       +
       	cursorFilter, cursorValues, err := r.feedRepoBase.parseCursor(req.Cursor, req.Sort, 2)

     

       39
       +
       	if err != nil {

     

       40
       +
       		return nil, nil, discover.ErrInvalidCursor

     

       41
       +
       	}

     

       42
       +
       

     

       43
       +
       	// Build the main query

     

       44
       +
       	var selectClause string

     

       45
       +
       	if req.Sort == "hot" {

     

       46
       +
       		selectClause = fmt.Sprintf(`

     

       47
       +
       		SELECT

     

       48
       +
       			p.uri, p.cid, p.rkey,

     

       49
       +
       			p.author_did, u.handle as author_handle,

     

       50
       +
       			p.community_did, c.name as community_name, c.avatar_cid as community_avatar,

     

       51
       +
       			p.title, p.content, p.content_facets, p.embed, p.content_labels,

     

       52
       +
       			p.created_at, p.edited_at, p.indexed_at,

     

       53
       +
       			p.upvote_count, p.downvote_count, p.score, p.comment_count,

     

       54
       +
       			%s as hot_rank

     

       55
       +
       		FROM posts p`, discoverHotRankExpression)

     

       56
       +
       	} else {

     

       57
       +
       		selectClause = `

     

       58
       +
       		SELECT

     

       59
       +
       			p.uri, p.cid, p.rkey,

     

       60
       +
       			p.author_did, u.handle as author_handle,

     

       61
       +
       			p.community_did, c.name as community_name, c.avatar_cid as community_avatar,

     

       62
       +
       			p.title, p.content, p.content_facets, p.embed, p.content_labels,

     

       63
       +
       			p.created_at, p.edited_at, p.indexed_at,

     

       64
       +
       			p.upvote_count, p.downvote_count, p.score, p.comment_count,

     

       65
       +
       			NULL::numeric as hot_rank

     

       66
       +
       		FROM posts p`

     

       67
       +
       	}

     

       68
       +
       

     

       69
       +
       	// No subscription filter - show ALL posts from ALL communities

     

       70
       +
       	query := fmt.Sprintf(`

     

       71
       +
       		%s

     

       72
       +
       		INNER JOIN users u ON p.author_did = u.did

     

       73
       +
       		INNER JOIN communities c ON p.community_did = c.did

     

       74
       +
       		WHERE p.deleted_at IS NULL

     

       75
       +
       			%s

     

       76
       +
       			%s

     

       77
       +
       		ORDER BY %s

     

       78
       +
       		LIMIT $1

     

       79
       +
       	`, selectClause, timeFilter, cursorFilter, orderBy)

     

       80
       +
       

     

       81
       +
       	// Prepare query arguments

     

       82
       +
       	args := []interface{}{req.Limit + 1} // +1 to check for next page

     

       83
       +
       	args = append(args, cursorValues...)

     

       84
       +
       

     

       85
       +
       	// Execute query

     

       86
       +
       	rows, err := r.db.QueryContext(ctx, query, args...)

     

       87
       +
       	if err != nil {

     

       88
       +
       		return nil, nil, fmt.Errorf("failed to query discover feed: %w", err)

     

       89
       +
       	}

     

       90
       +
       	defer func() {

     

       91
       +
       		if err := rows.Close(); err != nil {

     

       92
       +
       			fmt.Printf("Warning: failed to close rows: %v\n", err)

     

       93
       +
       		}

     

       94
       +
       	}()

     

       95
       +
       

     

       96
       +
       	// Scan results

     

       97
       +
       	var feedPosts []*discover.FeedViewPost

     

       98
       +
       	var hotRanks []float64

     

       99
       +
       	for rows.Next() {

     

       100
       +
       		postView, hotRank, err := r.feedRepoBase.scanFeedPost(rows)

     

       101
       +
       		if err != nil {

     

       102
       +
       			return nil, nil, fmt.Errorf("failed to scan discover post: %w", err)

     

       103
       +
       		}

     

       104
       +
       		feedPosts = append(feedPosts, &discover.FeedViewPost{Post: postView})

     

       105
       +
       		hotRanks = append(hotRanks, hotRank)

     

       106
       +
       	}

     

       107
       +
       

     

       108
       +
       	if err := rows.Err(); err != nil {

     

       109
       +
       		return nil, nil, fmt.Errorf("error iterating discover results: %w", err)

     

       110
       +
       	}

     

       111
       +
       

     

       112
       +
       	// Handle pagination cursor

     

       113
       +
       	var cursor *string

     

       114
       +
       	if len(feedPosts) > req.Limit && req.Limit > 0 {

     

       115
       +
       		feedPosts = feedPosts[:req.Limit]

     

       116
       +
       		hotRanks = hotRanks[:req.Limit]

     

       117
       +
       		lastPost := feedPosts[len(feedPosts)-1].Post

     

       118
       +
       		lastHotRank := hotRanks[len(hotRanks)-1]

     

       119
       +
       		cursorStr := r.feedRepoBase.buildCursor(lastPost, req.Sort, lastHotRank)

     

       120
       +
       		cursor = &cursorStr

     

       121
       +
       	}

     

       122
       +
       

     

       123
       +
       	return feedPosts, cursor, nil

     

       124
       +
       }

+380

internal/db/postgres/feed_repo_base.go

···

       1
       +
       package postgres

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/posts"

     

       5
       +
       	"crypto/hmac"

     

       6
       +
       	"crypto/sha256"

     

       7
       +
       	"database/sql"

     

       8
       +
       	"encoding/base64"

     

       9
       +
       	"encoding/hex"

     

       10
       +
       	"encoding/json"

     

       11
       +
       	"fmt"

     

       12
       +
       	"strconv"

     

       13
       +
       	"strings"

     

       14
       +
       	"time"

     

       15
       +
       

     

       16
       +
       	"github.com/lib/pq"

     

       17
       +
       )

     

       18
       +
       

     

       19
       +
       // feedRepoBase contains shared logic for timeline and discover feed repositories

     

       20
       +
       // This eliminates ~85% code duplication and ensures bug fixes apply to both feeds

     

       21
       +
       //

     

       22
       +
       // DATABASE INDEXES REQUIRED:

     

       23
       +
       // The feed queries rely on these indexes (created in migration 011_create_posts_table.sql):

     

       24
       +
       //

     

       25
       +
       // 1. idx_posts_community_created ON posts(community_did, created_at DESC) WHERE deleted_at IS NULL

     

       26
       +
       //   - Used by: Both timeline and discover for "new" sort

     

       27
       +
       //   - Covers: Community filtering + chronological ordering + soft delete filter

     

       28
       +
       //

     

       29
       +
       // 2. idx_posts_community_score ON posts(community_did, score DESC, created_at DESC) WHERE deleted_at IS NULL

     

       30
       +
       //   - Used by: Both timeline and discover for "top" sort

     

       31
       +
       //   - Covers: Community filtering + score ordering + tie-breaking + soft delete filter

     

       32
       +
       //

     

       33
       +
       // 3. idx_subscriptions_user_community ON community_subscriptions(user_did, community_did)

     

       34
       +
       //   - Used by: Timeline feed (JOIN with subscriptions)

     

       35
       +
       //   - Covers: User subscription lookup

     

       36
       +
       //

     

       37
       +
       // 4. Hot sort uses computed expression: (score / POWER(age_hours + 2, 1.5))

     

       38
       +
       //   - Cannot be indexed directly (computed at query time)

     

       39
       +
       //   - Uses idx_posts_community_created for base ordering

     

       40
       +
       //   - Performance: ~10-20ms for timeline, ~8-15ms for discover (acceptable for alpha)

     

       41
       +
       //

     

       42
       +
       // PERFORMANCE NOTES:

     

       43
       +
       // - All queries use single execution (no N+1)

     

       44
       +
       // - JOINs are minimal (3 for timeline, 2 for discover)

     

       45
       +
       // - Partial indexes (WHERE deleted_at IS NULL) eliminate soft-deleted posts efficiently

     

       46
       +
       // - Cursor pagination is stable (no offset drift)

     

       47
       +
       // - Limit+1 pattern checks for next page without extra query

     

       48
       +
       type feedRepoBase struct {

     

       49
       +
       	db                *sql.DB

     

       50
       +
       	hotRankExpression string

     

       51
       +
       	sortClauses       map[string]string

     

       52
       +
       	cursorSecret      string // HMAC secret for cursor integrity protection

     

       53
       +
       }

     

       54
       +
       

     

       55
       +
       // newFeedRepoBase creates a new base repository with shared feed logic

     

       56
       +
       func newFeedRepoBase(db *sql.DB, hotRankExpr string, sortClauses map[string]string, cursorSecret string) *feedRepoBase {

     

       57
       +
       	return &feedRepoBase{

     

       58
       +
       		db:                db,

     

       59
       +
       		hotRankExpression: hotRankExpr,

     

       60
       +
       		sortClauses:       sortClauses,

     

       61
       +
       		cursorSecret:      cursorSecret,

     

       62
       +
       	}

     

       63
       +
       }

     

       64
       +
       

     

       65
       +
       // buildSortClause returns the ORDER BY SQL and optional time filter

     

       66
       +
       // Uses whitelist map to prevent SQL injection via dynamic ORDER BY

     

       67
       +
       func (r *feedRepoBase) buildSortClause(sort, timeframe string) (string, string) {

     

       68
       +
       	// Use whitelist map for ORDER BY clause (defense-in-depth against SQL injection)

     

       69
       +
       	orderBy := r.sortClauses[sort]

     

       70
       +
       	if orderBy == "" {

     

       71
       +
       		orderBy = r.sortClauses["hot"] // safe default

     

       72
       +
       	}

     

       73
       +
       

     

       74
       +
       	// Add time filter for "top" sort

     

       75
       +
       	var timeFilter string

     

       76
       +
       	if sort == "top" {

     

       77
       +
       		timeFilter = r.buildTimeFilter(timeframe)

     

       78
       +
       	}

     

       79
       +
       

     

       80
       +
       	return orderBy, timeFilter

     

       81
       +
       }

     

       82
       +
       

     

       83
       +
       // buildTimeFilter returns SQL filter for timeframe

     

       84
       +
       func (r *feedRepoBase) buildTimeFilter(timeframe string) string {

     

       85
       +
       	if timeframe == "" || timeframe == "all" {

     

       86
       +
       		return ""

     

       87
       +
       	}

     

       88
       +
       

     

       89
       +
       	var interval string

     

       90
       +
       	switch timeframe {

     

       91
       +
       	case "hour":

     

       92
       +
       		interval = "1 hour"

     

       93
       +
       	case "day":

     

       94
       +
       		interval = "1 day"

     

       95
       +
       	case "week":

     

       96
       +
       		interval = "1 week"

     

       97
       +
       	case "month":

     

       98
       +
       		interval = "1 month"

     

       99
       +
       	case "year":

     

       100
       +
       		interval = "1 year"

     

       101
       +
       	default:

     

       102
       +
       		return ""

     

       103
       +
       	}

     

       104
       +
       

     

       105
       +
       	return fmt.Sprintf("AND p.created_at > NOW() - INTERVAL '%s'", interval)

     

       106
       +
       }

     

       107
       +
       

     

       108
       +
       // parseCursor decodes and validates pagination cursor

     

       109
       +
       // paramOffset is the starting parameter number for cursor values ($2 for discover, $3 for timeline)

     

       110
       +
       func (r *feedRepoBase) parseCursor(cursor *string, sort string, paramOffset int) (string, []interface{}, error) {

     

       111
       +
       	if cursor == nil || *cursor == "" {

     

       112
       +
       		return "", nil, nil

     

       113
       +
       	}

     

       114
       +
       

     

       115
       +
       	// Decode base64 cursor

     

       116
       +
       	decoded, err := base64.StdEncoding.DecodeString(*cursor)

     

       117
       +
       	if err != nil {

     

       118
       +
       		return "", nil, fmt.Errorf("invalid cursor encoding")

     

       119
       +
       	}

     

       120
       +
       

     

       121
       +
       	// Parse cursor: payload::signature

     

       122
       +
       	parts := strings.Split(string(decoded), "::")

     

       123
       +
       	if len(parts) < 2 {

     

       124
       +
       		return "", nil, fmt.Errorf("invalid cursor format")

     

       125
       +
       	}

     

       126
       +
       

     

       127
       +
       	// Verify HMAC signature

     

       128
       +
       	signatureHex := parts[len(parts)-1]

     

       129
       +
       	payload := strings.Join(parts[:len(parts)-1], "::")

     

       130
       +
       

     

       131
       +
       	expectedMAC := hmac.New(sha256.New, []byte(r.cursorSecret))

     

       132
       +
       	expectedMAC.Write([]byte(payload))

     

       133
       +
       	expectedSignature := hex.EncodeToString(expectedMAC.Sum(nil))

     

       134
       +
       

     

       135
       +
       	if !hmac.Equal([]byte(signatureHex), []byte(expectedSignature)) {

     

       136
       +
       		return "", nil, fmt.Errorf("invalid cursor signature")

     

       137
       +
       	}

     

       138
       +
       

     

       139
       +
       	// Parse payload based on sort type

     

       140
       +
       	payloadParts := strings.Split(payload, "::")

     

       141
       +
       

     

       142
       +
       	switch sort {

     

       143
       +
       	case "new":

     

       144
       +
       		// Cursor format: timestamp::uri

     

       145
       +
       		if len(payloadParts) != 2 {

     

       146
       +
       			return "", nil, fmt.Errorf("invalid cursor format")

     

       147
       +
       		}

     

       148
       +
       

     

       149
       +
       		createdAt := payloadParts[0]

     

       150
       +
       		uri := payloadParts[1]

     

       151
       +
       

     

       152
       +
       		// Validate timestamp format

     

       153
       +
       		if _, err := time.Parse(time.RFC3339Nano, createdAt); err != nil {

     

       154
       +
       			return "", nil, fmt.Errorf("invalid cursor timestamp")

     

       155
       +
       		}

     

       156
       +
       

     

       157
       +
       		// Validate URI format (must be AT-URI)

     

       158
       +
       		if !strings.HasPrefix(uri, "at://") {

     

       159
       +
       			return "", nil, fmt.Errorf("invalid cursor URI")

     

       160
       +
       		}

     

       161
       +
       

     

       162
       +
       		filter := fmt.Sprintf(`AND (p.created_at < $%d OR (p.created_at = $%d AND p.uri < $%d))`,

     

       163
       +
       			paramOffset, paramOffset, paramOffset+1)

     

       164
       +
       		return filter, []interface{}{createdAt, uri}, nil

     

       165
       +
       

     

       166
       +
       	case "top":

     

       167
       +
       		// Cursor format: score::timestamp::uri

     

       168
       +
       		if len(payloadParts) != 3 {

     

       169
       +
       			return "", nil, fmt.Errorf("invalid cursor format for %s sort", sort)

     

       170
       +
       		}

     

       171
       +
       

     

       172
       +
       		scoreStr := payloadParts[0]

     

       173
       +
       		createdAt := payloadParts[1]

     

       174
       +
       		uri := payloadParts[2]

     

       175
       +
       

     

       176
       +
       		// Validate score is numeric

     

       177
       +
       		score := 0

     

       178
       +
       		if _, err := fmt.Sscanf(scoreStr, "%d", &score); err != nil {

     

       179
       +
       			return "", nil, fmt.Errorf("invalid cursor score")

     

       180
       +
       		}

     

       181
       +
       

     

       182
       +
       		// Validate timestamp format

     

       183
       +
       		if _, err := time.Parse(time.RFC3339Nano, createdAt); err != nil {

     

       184
       +
       			return "", nil, fmt.Errorf("invalid cursor timestamp")

     

       185
       +
       		}

     

       186
       +
       

     

       187
       +
       		// Validate URI format (must be AT-URI)

     

       188
       +
       		if !strings.HasPrefix(uri, "at://") {

     

       189
       +
       			return "", nil, fmt.Errorf("invalid cursor URI")

     

       190
       +
       		}

     

       191
       +
       

     

       192
       +
       		filter := fmt.Sprintf(`AND (p.score < $%d OR (p.score = $%d AND p.created_at < $%d) OR (p.score = $%d AND p.created_at = $%d AND p.uri < $%d))`,

     

       193
       +
       			paramOffset, paramOffset, paramOffset+1, paramOffset, paramOffset+1, paramOffset+2)

     

       194
       +
       		return filter, []interface{}{score, createdAt, uri}, nil

     

       195
       +
       

     

       196
       +
       	case "hot":

     

       197
       +
       		// Cursor format: hot_rank::timestamp::uri

     

       198
       +
       		// CRITICAL: Must use computed hot_rank, not raw score, to prevent pagination bugs

     

       199
       +
       		if len(payloadParts) != 3 {

     

       200
       +
       			return "", nil, fmt.Errorf("invalid cursor format for hot sort")

     

       201
       +
       		}

     

       202
       +
       

     

       203
       +
       		hotRankStr := payloadParts[0]

     

       204
       +
       		createdAt := payloadParts[1]

     

       205
       +
       		uri := payloadParts[2]

     

       206
       +
       

     

       207
       +
       		// Validate hot_rank is numeric (float)

     

       208
       +
       		hotRank := 0.0

     

       209
       +
       		if _, err := fmt.Sscanf(hotRankStr, "%f", &hotRank); err != nil {

     

       210
       +
       			return "", nil, fmt.Errorf("invalid cursor hot rank")

     

       211
       +
       		}

     

       212
       +
       

     

       213
       +
       		// Validate timestamp format

     

       214
       +
       		if _, err := time.Parse(time.RFC3339Nano, createdAt); err != nil {

     

       215
       +
       			return "", nil, fmt.Errorf("invalid cursor timestamp")

     

       216
       +
       		}

     

       217
       +
       

     

       218
       +
       		// Validate URI format (must be AT-URI)

     

       219
       +
       		if !strings.HasPrefix(uri, "at://") {

     

       220
       +
       			return "", nil, fmt.Errorf("invalid cursor URI")

     

       221
       +
       		}

     

       222
       +
       

     

       223
       +
       		// CRITICAL: Compare against the computed hot_rank expression, not p.score

     

       224
       +
       		filter := fmt.Sprintf(`AND ((%s < $%d OR (%s = $%d AND p.created_at < $%d) OR (%s = $%d AND p.created_at = $%d AND p.uri < $%d)) AND p.uri != $%d)`,

     

       225
       +
       			r.hotRankExpression, paramOffset,

     

       226
       +
       			r.hotRankExpression, paramOffset, paramOffset+1,

     

       227
       +
       			r.hotRankExpression, paramOffset, paramOffset+1, paramOffset+2,

     

       228
       +
       			paramOffset+3)

     

       229
       +
       		return filter, []interface{}{hotRank, createdAt, uri, uri}, nil

     

       230
       +
       

     

       231
       +
       	default:

     

       232
       +
       		return "", nil, nil

     

       233
       +
       	}

     

       234
       +
       }

     

       235
       +
       

     

       236
       +
       // buildCursor creates HMAC-signed pagination cursor from last post

     

       237
       +
       // SECURITY: Cursor is signed with HMAC-SHA256 to prevent manipulation

     

       238
       +
       func (r *feedRepoBase) buildCursor(post *posts.PostView, sort string, hotRank float64) string {

     

       239
       +
       	var payload string

     

       240
       +
       	// Use :: as delimiter following Bluesky convention

     

       241
       +
       	const delimiter = "::"

     

       242
       +
       

     

       243
       +
       	switch sort {

     

       244
       +
       	case "new":

     

       245
       +
       		// Format: timestamp::uri

     

       246
       +
       		payload = fmt.Sprintf("%s%s%s", post.CreatedAt.Format(time.RFC3339Nano), delimiter, post.URI)

     

       247
       +
       

     

       248
       +
       	case "top":

     

       249
       +
       		// Format: score::timestamp::uri

     

       250
       +
       		score := 0

     

       251
       +
       		if post.Stats != nil {

     

       252
       +
       			score = post.Stats.Score

     

       253
       +
       		}

     

       254
       +
       		payload = fmt.Sprintf("%d%s%s%s%s", score, delimiter, post.CreatedAt.Format(time.RFC3339Nano), delimiter, post.URI)

     

       255
       +
       

     

       256
       +
       	case "hot":

     

       257
       +
       		// Format: hot_rank::timestamp::uri

     

       258
       +
       		// CRITICAL: Use computed hot_rank with full precision

     

       259
       +
       		hotRankStr := strconv.FormatFloat(hotRank, 'g', -1, 64)

     

       260
       +
       		payload = fmt.Sprintf("%s%s%s%s%s", hotRankStr, delimiter, post.CreatedAt.Format(time.RFC3339Nano), delimiter, post.URI)

     

       261
       +
       

     

       262
       +
       	default:

     

       263
       +
       		payload = post.URI

     

       264
       +
       	}

     

       265
       +
       

     

       266
       +
       	// Sign the payload with HMAC-SHA256

     

       267
       +
       	mac := hmac.New(sha256.New, []byte(r.cursorSecret))

     

       268
       +
       	mac.Write([]byte(payload))

     

       269
       +
       	signature := hex.EncodeToString(mac.Sum(nil))

     

       270
       +
       

     

       271
       +
       	// Append signature to payload

     

       272
       +
       	signed := payload + delimiter + signature

     

       273
       +
       

     

       274
       +
       	return base64.StdEncoding.EncodeToString([]byte(signed))

     

       275
       +
       }

     

       276
       +
       

     

       277
       +
       // scanFeedPost scans a database row into a PostView

     

       278
       +
       // This is the shared scanning logic used by both timeline and discover feeds

     

       279
       +
       func (r *feedRepoBase) scanFeedPost(rows *sql.Rows) (*posts.PostView, float64, error) {

     

       280
       +
       	var (

     

       281
       +
       		postView        posts.PostView

     

       282
       +
       		authorView      posts.AuthorView

     

       283
       +
       		communityRef    posts.CommunityRef

     

       284
       +
       		title, content  sql.NullString

     

       285
       +
       		facets, embed   sql.NullString

     

       286
       +
       		labels          pq.StringArray

     

       287
       +
       		editedAt        sql.NullTime

     

       288
       +
       		communityAvatar sql.NullString

     

       289
       +
       		hotRank         sql.NullFloat64

     

       290
       +
       	)

     

       291
       +
       

     

       292
       +
       	err := rows.Scan(

     

       293
       +
       		&postView.URI, &postView.CID, &postView.RKey,

     

       294
       +
       		&authorView.DID, &authorView.Handle,

     

       295
       +
       		&communityRef.DID, &communityRef.Name, &communityAvatar,

     

       296
       +
       		&title, &content, &facets, &embed, &labels,

     

       297
       +
       		&postView.CreatedAt, &editedAt, &postView.IndexedAt,

     

       298
       +
       		&postView.UpvoteCount, &postView.DownvoteCount, &postView.Score, &postView.CommentCount,

     

       299
       +
       		&hotRank,

     

       300
       +
       	)

     

       301
       +
       	if err != nil {

     

       302
       +
       		return nil, 0, err

     

       303
       +
       	}

     

       304
       +
       

     

       305
       +
       	// Build author view

     

       306
       +
       	postView.Author = &authorView

     

       307
       +
       

     

       308
       +
       	// Build community ref

     

       309
       +
       	communityRef.Avatar = nullStringPtr(communityAvatar)

     

       310
       +
       	postView.Community = &communityRef

     

       311
       +
       

     

       312
       +
       	// Set optional fields

     

       313
       +
       	postView.Title = nullStringPtr(title)

     

       314
       +
       	postView.Text = nullStringPtr(content)

     

       315
       +
       

     

       316
       +
       	// Parse facets JSON

     

       317
       +
       	if facets.Valid {

     

       318
       +
       		var facetArray []interface{}

     

       319
       +
       		if err := json.Unmarshal([]byte(facets.String), &facetArray); err == nil {

     

       320
       +
       			postView.TextFacets = facetArray

     

       321
       +
       		}

     

       322
       +
       	}

     

       323
       +
       

     

       324
       +
       	// Parse embed JSON

     

       325
       +
       	if embed.Valid {

     

       326
       +
       		var embedData interface{}

     

       327
       +
       		if err := json.Unmarshal([]byte(embed.String), &embedData); err == nil {

     

       328
       +
       			postView.Embed = embedData

     

       329
       +
       		}

     

       330
       +
       	}

     

       331
       +
       

     

       332
       +
       	// Build stats

     

       333
       +
       	postView.Stats = &posts.PostStats{

     

       334
       +
       		Upvotes:      postView.UpvoteCount,

     

       335
       +
       		Downvotes:    postView.DownvoteCount,

     

       336
       +
       		Score:        postView.Score,

     

       337
       +
       		CommentCount: postView.CommentCount,

     

       338
       +
       	}

     

       339
       +
       

     

       340
       +
       	// Build the record (required by lexicon)

     

       341
       +
       	record := map[string]interface{}{

     

       342
       +
       		"$type":     "social.coves.post.record",

     

       343
       +
       		"community": communityRef.DID,

     

       344
       +
       		"author":    authorView.DID,

     

       345
       +
       		"createdAt": postView.CreatedAt.Format(time.RFC3339),

     

       346
       +
       	}

     

       347
       +
       

     

       348
       +
       	// Add optional fields to record if present

     

       349
       +
       	if title.Valid {

     

       350
       +
       		record["title"] = title.String

     

       351
       +
       	}

     

       352
       +
       	if content.Valid {

     

       353
       +
       		record["content"] = content.String

     

       354
       +
       	}

     

       355
       +
       	if facets.Valid {

     

       356
       +
       		var facetArray []interface{}

     

       357
       +
       		if err := json.Unmarshal([]byte(facets.String), &facetArray); err == nil {

     

       358
       +
       			record["facets"] = facetArray

     

       359
       +
       		}

     

       360
       +
       	}

     

       361
       +
       	if embed.Valid {

     

       362
       +
       		var embedData interface{}

     

       363
       +
       		if err := json.Unmarshal([]byte(embed.String), &embedData); err == nil {

     

       364
       +
       			record["embed"] = embedData

     

       365
       +
       		}

     

       366
       +
       	}

     

       367
       +
       	if len(labels) > 0 {

     

       368
       +
       		record["contentLabels"] = labels

     

       369
       +
       	}

     

       370
       +
       

     

       371
       +
       	postView.Record = record

     

       372
       +
       

     

       373
       +
       	// Return the computed hot_rank (0.0 if NULL for non-hot sorts)

     

       374
       +
       	hotRankValue := 0.0

     

       375
       +
       	if hotRank.Valid {

     

       376
       +
       		hotRankValue = hotRank.Float64

     

       377
       +
       	}

     

       378
       +
       

     

       379
       +
       	return &postView, hotRankValue, nil

     

       380
       +
       }

+131

internal/db/postgres/timeline_repo.go

···

       1
       +
       package postgres

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/timeline"

     

       5
       +
       	"context"

     

       6
       +
       	"database/sql"

     

       7
       +
       	"fmt"

     

       8
       +
       )

     

       9
       +
       

     

       10
       +
       type postgresTimelineRepo struct {

     

       11
       +
       	*feedRepoBase

     

       12
       +
       }

     

       13
       +
       

     

       14
       +
       // sortClauses maps sort types to safe SQL ORDER BY clauses

     

       15
       +
       // This whitelist prevents SQL injection via dynamic ORDER BY construction

     

       16
       +
       var timelineSortClauses = map[string]string{

     

       17
       +
       	"hot": `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5)) DESC, p.created_at DESC, p.uri DESC`,

     

       18
       +
       	"top": `p.score DESC, p.created_at DESC, p.uri DESC`,

     

       19
       +
       	"new": `p.created_at DESC, p.uri DESC`,

     

       20
       +
       }

     

       21
       +
       

     

       22
       +
       // hotRankExpression is the SQL expression for computing the hot rank

     

       23
       +
       // NOTE: Uses NOW() which means hot_rank changes over time - this is expected behavior

     

       24
       +
       const timelineHotRankExpression = `(p.score / POWER(EXTRACT(EPOCH FROM (NOW() - p.created_at))/3600 + 2, 1.5))`

     

       25
       +
       

     

       26
       +
       // NewTimelineRepository creates a new PostgreSQL timeline repository

     

       27
       +
       func NewTimelineRepository(db *sql.DB, cursorSecret string) timeline.Repository {

     

       28
       +
       	return &postgresTimelineRepo{

     

       29
       +
       		feedRepoBase: newFeedRepoBase(db, timelineHotRankExpression, timelineSortClauses, cursorSecret),

     

       30
       +
       	}

     

       31
       +
       }

     

       32
       +
       

     

       33
       +
       // GetTimeline retrieves posts from all communities the user subscribes to

     

       34
       +
       // Single query with JOINs for optimal performance

     

       35
       +
       func (r *postgresTimelineRepo) GetTimeline(ctx context.Context, req timeline.GetTimelineRequest) ([]*timeline.FeedViewPost, *string, error) {

     

       36
       +
       	// Build ORDER BY clause based on sort type

     

       37
       +
       	orderBy, timeFilter := r.buildSortClause(req.Sort, req.Timeframe)

     

       38
       +
       

     

       39
       +
       	// Build cursor filter for pagination

     

       40
       +
       	// Timeline uses $3+ for cursor params (after $1=userDID and $2=limit)

     

       41
       +
       	cursorFilter, cursorValues, err := r.feedRepoBase.parseCursor(req.Cursor, req.Sort, 3)

     

       42
       +
       	if err != nil {

     

       43
       +
       		return nil, nil, timeline.ErrInvalidCursor

     

       44
       +
       	}

     

       45
       +
       

     

       46
       +
       	// Build the main query

     

       47
       +
       	// For hot sort, we need to compute and return the hot_rank for cursor building

     

       48
       +
       	var selectClause string

     

       49
       +
       	if req.Sort == "hot" {

     

       50
       +
       		selectClause = fmt.Sprintf(`

     

       51
       +
       		SELECT

     

       52
       +
       			p.uri, p.cid, p.rkey,

     

       53
       +
       			p.author_did, u.handle as author_handle,

     

       54
       +
       			p.community_did, c.name as community_name, c.avatar_cid as community_avatar,

     

       55
       +
       			p.title, p.content, p.content_facets, p.embed, p.content_labels,

     

       56
       +
       			p.created_at, p.edited_at, p.indexed_at,

     

       57
       +
       			p.upvote_count, p.downvote_count, p.score, p.comment_count,

     

       58
       +
       			%s as hot_rank

     

       59
       +
       		FROM posts p`, timelineHotRankExpression)

     

       60
       +
       	} else {

     

       61
       +
       		selectClause = `

     

       62
       +
       		SELECT

     

       63
       +
       			p.uri, p.cid, p.rkey,

     

       64
       +
       			p.author_did, u.handle as author_handle,

     

       65
       +
       			p.community_did, c.name as community_name, c.avatar_cid as community_avatar,

     

       66
       +
       			p.title, p.content, p.content_facets, p.embed, p.content_labels,

     

       67
       +
       			p.created_at, p.edited_at, p.indexed_at,

     

       68
       +
       			p.upvote_count, p.downvote_count, p.score, p.comment_count,

     

       69
       +
       			NULL::numeric as hot_rank

     

       70
       +
       		FROM posts p`

     

       71
       +
       	}

     

       72
       +
       

     

       73
       +
       	// Join with community_subscriptions to get posts from subscribed communities

     

       74
       +
       	query := fmt.Sprintf(`

     

       75
       +
       		%s

     

       76
       +
       		INNER JOIN users u ON p.author_did = u.did

     

       77
       +
       		INNER JOIN communities c ON p.community_did = c.did

     

       78
       +
       		INNER JOIN community_subscriptions cs ON p.community_did = cs.community_did

     

       79
       +
       		WHERE cs.user_did = $1

     

       80
       +
       			AND p.deleted_at IS NULL

     

       81
       +
       			%s

     

       82
       +
       			%s

     

       83
       +
       		ORDER BY %s

     

       84
       +
       		LIMIT $2

     

       85
       +
       	`, selectClause, timeFilter, cursorFilter, orderBy)

     

       86
       +
       

     

       87
       +
       	// Prepare query arguments

     

       88
       +
       	args := []interface{}{req.UserDID, req.Limit + 1} // +1 to check for next page

     

       89
       +
       	args = append(args, cursorValues...)

     

       90
       +
       

     

       91
       +
       	// Execute query

     

       92
       +
       	rows, err := r.db.QueryContext(ctx, query, args...)

     

       93
       +
       	if err != nil {

     

       94
       +
       		return nil, nil, fmt.Errorf("failed to query timeline: %w", err)

     

       95
       +
       	}

     

       96
       +
       	defer func() {

     

       97
       +
       		if err := rows.Close(); err != nil {

     

       98
       +
       			// Log close errors (non-fatal but worth noting)

     

       99
       +
       			fmt.Printf("Warning: failed to close rows: %v\n", err)

     

       100
       +
       		}

     

       101
       +
       	}()

     

       102
       +
       

     

       103
       +
       	// Scan results

     

       104
       +
       	var feedPosts []*timeline.FeedViewPost

     

       105
       +
       	var hotRanks []float64 // Store hot ranks for cursor building

     

       106
       +
       	for rows.Next() {

     

       107
       +
       		postView, hotRank, err := r.feedRepoBase.scanFeedPost(rows)

     

       108
       +
       		if err != nil {

     

       109
       +
       			return nil, nil, fmt.Errorf("failed to scan timeline post: %w", err)

     

       110
       +
       		}

     

       111
       +
       		feedPosts = append(feedPosts, &timeline.FeedViewPost{Post: postView})

     

       112
       +
       		hotRanks = append(hotRanks, hotRank)

     

       113
       +
       	}

     

       114
       +
       

     

       115
       +
       	if err := rows.Err(); err != nil {

     

       116
       +
       		return nil, nil, fmt.Errorf("error iterating timeline results: %w", err)

     

       117
       +
       	}

     

       118
       +
       

     

       119
       +
       	// Handle pagination cursor

     

       120
       +
       	var cursor *string

     

       121
       +
       	if len(feedPosts) > req.Limit && req.Limit > 0 {

     

       122
       +
       		feedPosts = feedPosts[:req.Limit]

     

       123
       +
       		hotRanks = hotRanks[:req.Limit]

     

       124
       +
       		lastPost := feedPosts[len(feedPosts)-1].Post

     

       125
       +
       		lastHotRank := hotRanks[len(hotRanks)-1]

     

       126
       +
       		cursorStr := r.feedRepoBase.buildCursor(lastPost, req.Sort, lastHotRank)

     

       127
       +
       		cursor = &cursorStr

     

       128
       +
       	}

     

       129
       +
       

     

       130
       +
       	return feedPosts, cursor, nil

     

       131
       +
       }

+273

tests/integration/discover_test.go

···

       1
       +
       package integration

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"fmt"

     

       7
       +
       	"net/http"

     

       8
       +
       	"net/http/httptest"

     

       9
       +
       	"testing"

     

       10
       +
       	"time"

     

       11
       +
       

     

       12
       +
       	"Coves/internal/api/handlers/discover"

     

       13
       +
       	discoverCore "Coves/internal/core/discover"

     

       14
       +
       	"Coves/internal/db/postgres"

     

       15
       +
       

     

       16
       +
       	"github.com/stretchr/testify/assert"

     

       17
       +
       	"github.com/stretchr/testify/require"

     

       18
       +
       )

     

       19
       +
       

     

       20
       +
       // TestGetDiscover_ShowsAllCommunities tests discover feed shows posts from ALL communities

     

       21
       +
       func TestGetDiscover_ShowsAllCommunities(t *testing.T) {

     

       22
       +
       	if testing.Short() {

     

       23
       +
       		t.Skip("Skipping integration test in short mode")

     

       24
       +
       	}

     

       25
       +
       

     

       26
       +
       	db := setupTestDB(t)

     

       27
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       28
       +
       

     

       29
       +
       	// Setup services

     

       30
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       31
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       32
       +
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       33
       +
       

     

       34
       +
       	ctx := context.Background()

     

       35
       +
       	testID := time.Now().UnixNano()

     

       36
       +
       

     

       37
       +
       	// Create three communities

     

       38
       +
       	community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       39
       +
       	require.NoError(t, err)

     

       40
       +
       

     

       41
       +
       	community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))

     

       42
       +
       	require.NoError(t, err)

     

       43
       +
       

     

       44
       +
       	community3DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("cooking-%d", testID), fmt.Sprintf("charlie-%d.test", testID))

     

       45
       +
       	require.NoError(t, err)

     

       46
       +
       

     

       47
       +
       	// Create posts in all three communities

     

       48
       +
       	post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post", 50, time.Now().Add(-1*time.Hour))

     

       49
       +
       	post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Tech post", 30, time.Now().Add(-2*time.Hour))

     

       50
       +
       	post3URI := createTestPost(t, db, community3DID, "did:plc:charlie", "Cooking post", 100, time.Now().Add(-30*time.Minute))

     

       51
       +
       

     

       52
       +
       	// Request discover feed (no auth required!)

     

       53
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       54
       +
       	rec := httptest.NewRecorder()

     

       55
       +
       	handler.HandleGetDiscover(rec, req)

     

       56
       +
       

     

       57
       +
       	// Assertions

     

       58
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       59
       +
       

     

       60
       +
       	var response discoverCore.DiscoverResponse

     

       61
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       62
       +
       	require.NoError(t, err)

     

       63
       +
       

     

       64
       +
       	// Verify all our posts are present (may include posts from other tests)

     

       65
       +
       	uris := make(map[string]bool)

     

       66
       +
       	for _, post := range response.Feed {

     

       67
       +
       		uris[post.Post.URI] = true

     

       68
       +
       	}

     

       69
       +
       	assert.True(t, uris[post1URI], "Should contain gaming post")

     

       70
       +
       	assert.True(t, uris[post2URI], "Should contain tech post")

     

       71
       +
       	assert.True(t, uris[post3URI], "Should contain cooking post")

     

       72
       +
       

     

       73
       +
       	// Verify newest post appears before older posts in the feed

     

       74
       +
       	var post3Index, post1Index, post2Index int = -1, -1, -1

     

       75
       +
       	for i, post := range response.Feed {

     

       76
       +
       		switch post.Post.URI {

     

       77
       +
       		case post3URI:

     

       78
       +
       			post3Index = i

     

       79
       +
       		case post1URI:

     

       80
       +
       			post1Index = i

     

       81
       +
       		case post2URI:

     

       82
       +
       			post2Index = i

     

       83
       +
       		}

     

       84
       +
       	}

     

       85
       +
       	if post3Index >= 0 && post1Index >= 0 && post2Index >= 0 {

     

       86
       +
       		assert.Less(t, post3Index, post1Index, "Newest post (30min ago) should appear before 1hr old post")

     

       87
       +
       		assert.Less(t, post1Index, post2Index, "1hr old post should appear before 2hr old post")

     

       88
       +
       	}

     

       89
       +
       }

     

       90
       +
       

     

       91
       +
       // TestGetDiscover_NoAuthRequired tests discover feed works without authentication

     

       92
       +
       func TestGetDiscover_NoAuthRequired(t *testing.T) {

     

       93
       +
       	if testing.Short() {

     

       94
       +
       		t.Skip("Skipping integration test in short mode")

     

       95
       +
       	}

     

       96
       +
       

     

       97
       +
       	db := setupTestDB(t)

     

       98
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       99
       +
       

     

       100
       +
       	// Setup services

     

       101
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       102
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       103
       +
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       104
       +
       

     

       105
       +
       	ctx := context.Background()

     

       106
       +
       	testID := time.Now().UnixNano()

     

       107
       +
       

     

       108
       +
       	// Create community and post

     

       109
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("public-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       110
       +
       	require.NoError(t, err)

     

       111
       +
       

     

       112
       +
       	postURI := createTestPost(t, db, communityDID, "did:plc:alice", "Public post", 10, time.Now())

     

       113
       +
       

     

       114
       +
       	// Request discover WITHOUT any authentication

     

       115
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       116
       +
       	// Note: No auth context set!

     

       117
       +
       	rec := httptest.NewRecorder()

     

       118
       +
       	handler.HandleGetDiscover(rec, req)

     

       119
       +
       

     

       120
       +
       	// Should succeed without auth

     

       121
       +
       	assert.Equal(t, http.StatusOK, rec.Code, "Discover should work without authentication")

     

       122
       +
       

     

       123
       +
       	var response discoverCore.DiscoverResponse

     

       124
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       125
       +
       	require.NoError(t, err)

     

       126
       +
       

     

       127
       +
       	// Verify our post is present

     

       128
       +
       	found := false

     

       129
       +
       	for _, post := range response.Feed {

     

       130
       +
       		if post.Post.URI == postURI {

     

       131
       +
       			found = true

     

       132
       +
       			break

     

       133
       +
       		}

     

       134
       +
       	}

     

       135
       +
       	assert.True(t, found, "Should show post even without authentication")

     

       136
       +
       }

     

       137
       +
       

     

       138
       +
       // TestGetDiscover_HotSort tests hot sorting across all communities

     

       139
       +
       func TestGetDiscover_HotSort(t *testing.T) {

     

       140
       +
       	if testing.Short() {

     

       141
       +
       		t.Skip("Skipping integration test in short mode")

     

       142
       +
       	}

     

       143
       +
       

     

       144
       +
       	db := setupTestDB(t)

     

       145
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       146
       +
       

     

       147
       +
       	// Setup services

     

       148
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       149
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       150
       +
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       151
       +
       

     

       152
       +
       	ctx := context.Background()

     

       153
       +
       	testID := time.Now().UnixNano()

     

       154
       +
       

     

       155
       +
       	// Create communities

     

       156
       +
       	community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       157
       +
       	require.NoError(t, err)

     

       158
       +
       

     

       159
       +
       	community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))

     

       160
       +
       	require.NoError(t, err)

     

       161
       +
       

     

       162
       +
       	// Create posts with different scores/ages

     

       163
       +
       	post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Recent trending", 50, time.Now().Add(-1*time.Hour))

     

       164
       +
       	post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Old popular", 100, time.Now().Add(-24*time.Hour))

     

       165
       +
       	post3URI := createTestPost(t, db, community1DID, "did:plc:charlie", "Brand new", 5, time.Now().Add(-10*time.Minute))

     

       166
       +
       

     

       167
       +
       	// Request hot discover

     

       168
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=hot&limit=50", nil)

     

       169
       +
       	rec := httptest.NewRecorder()

     

       170
       +
       	handler.HandleGetDiscover(rec, req)

     

       171
       +
       

     

       172
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       173
       +
       

     

       174
       +
       	var response discoverCore.DiscoverResponse

     

       175
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       176
       +
       	require.NoError(t, err)

     

       177
       +
       

     

       178
       +
       	// Verify all our posts are present

     

       179
       +
       	uris := make(map[string]bool)

     

       180
       +
       	for _, post := range response.Feed {

     

       181
       +
       		uris[post.Post.URI] = true

     

       182
       +
       	}

     

       183
       +
       	assert.True(t, uris[post1URI], "Should contain recent trending post")

     

       184
       +
       	assert.True(t, uris[post2URI], "Should contain old popular post")

     

       185
       +
       	assert.True(t, uris[post3URI], "Should contain brand new post")

     

       186
       +
       }

     

       187
       +
       

     

       188
       +
       // TestGetDiscover_Pagination tests cursor-based pagination

     

       189
       +
       func TestGetDiscover_Pagination(t *testing.T) {

     

       190
       +
       	if testing.Short() {

     

       191
       +
       		t.Skip("Skipping integration test in short mode")

     

       192
       +
       	}

     

       193
       +
       

     

       194
       +
       	db := setupTestDB(t)

     

       195
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       196
       +
       

     

       197
       +
       	// Setup services

     

       198
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       199
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       200
       +
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       201
       +
       

     

       202
       +
       	ctx := context.Background()

     

       203
       +
       	testID := time.Now().UnixNano()

     

       204
       +
       

     

       205
       +
       	// Create community

     

       206
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("test-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       207
       +
       	require.NoError(t, err)

     

       208
       +
       

     

       209
       +
       	// Create 5 posts

     

       210
       +
       	for i := 0; i < 5; i++ {

     

       211
       +
       		createTestPost(t, db, communityDID, "did:plc:alice", fmt.Sprintf("Post %d", i), 10-i, time.Now().Add(-time.Duration(i)*time.Hour))

     

       212
       +
       	}

     

       213
       +
       

     

       214
       +
       	// First page: limit 2

     

       215
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=2", nil)

     

       216
       +
       	rec := httptest.NewRecorder()

     

       217
       +
       	handler.HandleGetDiscover(rec, req)

     

       218
       +
       

     

       219
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       220
       +
       

     

       221
       +
       	var page1 discoverCore.DiscoverResponse

     

       222
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &page1)

     

       223
       +
       	require.NoError(t, err)

     

       224
       +
       

     

       225
       +
       	assert.Len(t, page1.Feed, 2, "First page should have 2 posts")

     

       226
       +
       	assert.NotNil(t, page1.Cursor, "Should have cursor for next page")

     

       227
       +
       

     

       228
       +
       	// Second page: use cursor

     

       229
       +
       	req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("/xrpc/social.coves.feed.getDiscover?sort=new&limit=2&cursor=%s", *page1.Cursor), nil)

     

       230
       +
       	rec = httptest.NewRecorder()

     

       231
       +
       	handler.HandleGetDiscover(rec, req)

     

       232
       +
       

     

       233
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       234
       +
       

     

       235
       +
       	var page2 discoverCore.DiscoverResponse

     

       236
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &page2)

     

       237
       +
       	require.NoError(t, err)

     

       238
       +
       

     

       239
       +
       	assert.Len(t, page2.Feed, 2, "Second page should have 2 posts")

     

       240
       +
       

     

       241
       +
       	// Verify no overlap

     

       242
       +
       	assert.NotEqual(t, page1.Feed[0].Post.URI, page2.Feed[0].Post.URI, "Pages should not overlap")

     

       243
       +
       }

     

       244
       +
       

     

       245
       +
       // TestGetDiscover_LimitValidation tests limit parameter validation

     

       246
       +
       func TestGetDiscover_LimitValidation(t *testing.T) {

     

       247
       +
       	if testing.Short() {

     

       248
       +
       		t.Skip("Skipping integration test in short mode")

     

       249
       +
       	}

     

       250
       +
       

     

       251
       +
       	db := setupTestDB(t)

     

       252
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       253
       +
       

     

       254
       +
       	// Setup services

     

       255
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       256
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       257
       +
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       258
       +
       

     

       259
       +
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       260
       +
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)

     

       261
       +
       		rec := httptest.NewRecorder()

     

       262
       +
       		handler.HandleGetDiscover(rec, req)

     

       263
       +
       

     

       264
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       265
       +
       

     

       266
       +
       		var errorResp map[string]string

     

       267
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errorResp)

     

       268
       +
       		require.NoError(t, err)

     

       269
       +
       

     

       270
       +
       		assert.Equal(t, "InvalidRequest", errorResp["error"])

     

       271
       +
       		assert.Contains(t, errorResp["message"], "limit")

     

       272
       +
       	})

     

       273
       +
       }

-52

tests/integration/feed_test.go

···

       6
        
       	"Coves/internal/core/communityFeeds"

     

       7
        
       	"Coves/internal/db/postgres"

     

       8
        
       	"context"

     

       9
       -
       	"database/sql"

     

       10
        
       	"encoding/json"

     

       11
        
       	"fmt"

     

       12
        
       	"net/http"

     
···

       694
        
       

     

       695
        
       	t.Logf("SUCCESS: All posts with similar hot ranks preserved (precision bug fixed)")

     

       696
        
       }

     

       697
       -
       

     

       698
       -
       // Helper: createFeedTestCommunity creates a test community and returns its DID

     

       699
       -
       func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {

     

       700
       -
       	// Create owner user first (directly insert to avoid service dependencies)

     

       701
       -
       	ownerDID := fmt.Sprintf("did:plc:%s", ownerHandle)

     

       702
       -
       	_, err := db.ExecContext(ctx, `

     

       703
       -
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       704
       -
       		VALUES ($1, $2, $3, NOW())

     

       705
       -
       		ON CONFLICT (did) DO NOTHING

     

       706
       -
       	`, ownerDID, ownerHandle, "https://bsky.social")

     

       707
       -
       	if err != nil {

     

       708
       -
       		return "", err

     

       709
       -
       	}

     

       710
       -
       

     

       711
       -
       	// Create community

     

       712
       -
       	communityDID := fmt.Sprintf("did:plc:community-%s", name)

     

       713
       -
       	_, err = db.ExecContext(ctx, `

     

       714
       -
       		INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, created_at)

     

       715
       -
       		VALUES ($1, $2, $3, $4, $5, $6, NOW())

     

       716
       -
       		ON CONFLICT (did) DO NOTHING

     

       717
       -
       	`, communityDID, name, ownerDID, ownerDID, "did:web:test.coves.social", fmt.Sprintf("%s.coves.social", name))

     

       718
       -
       

     

       719
       -
       	return communityDID, err

     

       720
       -
       }

     

       721
       -
       

     

       722
       -
       // Helper: createTestPost creates a test post and returns its URI

     

       723
       -
       func createTestPost(t *testing.T, db *sql.DB, communityDID, authorDID, title string, score int, createdAt time.Time) string {

     

       724
       -
       	t.Helper()

     

       725
       -
       

     

       726
       -
       	ctx := context.Background()

     

       727
       -
       

     

       728
       -
       	// Create author user if not exists (directly insert to avoid service dependencies)

     

       729
       -
       	_, _ = db.ExecContext(ctx, `

     

       730
       -
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       731
       -
       		VALUES ($1, $2, $3, NOW())

     

       732
       -
       		ON CONFLICT (did) DO NOTHING

     

       733
       -
       	`, authorDID, fmt.Sprintf("%s.bsky.social", authorDID), "https://bsky.social")

     

       734
       -
       

     

       735
       -
       	// Generate URI

     

       736
       -
       	rkey := fmt.Sprintf("post-%d", time.Now().UnixNano())

     

       737
       -
       	uri := fmt.Sprintf("at://%s/social.coves.post.record/%s", communityDID, rkey)

     

       738
       -
       

     

       739
       -
       	// Insert post

     

       740
       -
       	_, err := db.ExecContext(ctx, `

     

       741
       -
       		INSERT INTO posts (uri, cid, rkey, author_did, community_did, title, created_at, score, upvote_count)

     

       742
       -
       		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)

     

       743
       -
       	`, uri, "bafytest", rkey, authorDID, communityDID, title, createdAt, score, score)

     

       744
       -
       	require.NoError(t, err)

     

       745
       -
       

     

       746
       -
       	return uri

     

       747
       -
       }

···

       6
        
       	"Coves/internal/core/communityFeeds"

     

       7
        
       	"Coves/internal/db/postgres"

     

       8
        
       	"context"

     

       0
        
       
     

       9
        
       	"encoding/json"

     

       10
        
       	"fmt"

     

       11
        
       	"net/http"

     
···

       693
        
       

     

       694
        
       	t.Logf("SUCCESS: All posts with similar hot ranks preserved (precision bug fixed)")

     

       695
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

+54

tests/integration/helpers.go

···

       233
        
       

     

       234
        
       	return recordResp.URI, recordResp.CID, nil

     

       235
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       233
        
       

     

       234
        
       	return recordResp.URI, recordResp.CID, nil

     

       235
        
       }

     

       236
       +
       

     

       237
       +
       // createFeedTestCommunity creates a test community for feed tests

     

       238
       +
       // Returns the community DID or an error

     

       239
       +
       func createFeedTestCommunity(db *sql.DB, ctx context.Context, name, ownerHandle string) (string, error) {

     

       240
       +
       	// Create owner user first (directly insert to avoid service dependencies)

     

       241
       +
       	ownerDID := fmt.Sprintf("did:plc:%s", ownerHandle)

     

       242
       +
       	_, err := db.ExecContext(ctx, `

     

       243
       +
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       244
       +
       		VALUES ($1, $2, $3, NOW())

     

       245
       +
       		ON CONFLICT (did) DO NOTHING

     

       246
       +
       	`, ownerDID, ownerHandle, "https://bsky.social")

     

       247
       +
       	if err != nil {

     

       248
       +
       		return "", err

     

       249
       +
       	}

     

       250
       +
       

     

       251
       +
       	// Create community

     

       252
       +
       	communityDID := fmt.Sprintf("did:plc:community-%s", name)

     

       253
       +
       	_, err = db.ExecContext(ctx, `

     

       254
       +
       		INSERT INTO communities (did, name, owner_did, created_by_did, hosted_by_did, handle, created_at)

     

       255
       +
       		VALUES ($1, $2, $3, $4, $5, $6, NOW())

     

       256
       +
       		ON CONFLICT (did) DO NOTHING

     

       257
       +
       	`, communityDID, name, ownerDID, ownerDID, "did:web:test.coves.social", fmt.Sprintf("%s.coves.social", name))

     

       258
       +
       

     

       259
       +
       	return communityDID, err

     

       260
       +
       }

     

       261
       +
       

     

       262
       +
       // createTestPost creates a test post and returns its URI

     

       263
       +
       func createTestPost(t *testing.T, db *sql.DB, communityDID, authorDID, title string, score int, createdAt time.Time) string {

     

       264
       +
       	t.Helper()

     

       265
       +
       

     

       266
       +
       	ctx := context.Background()

     

       267
       +
       

     

       268
       +
       	// Create author user if not exists (directly insert to avoid service dependencies)

     

       269
       +
       	_, _ = db.ExecContext(ctx, `

     

       270
       +
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       271
       +
       		VALUES ($1, $2, $3, NOW())

     

       272
       +
       		ON CONFLICT (did) DO NOTHING

     

       273
       +
       	`, authorDID, fmt.Sprintf("%s.bsky.social", authorDID), "https://bsky.social")

     

       274
       +
       

     

       275
       +
       	// Generate URI

     

       276
       +
       	rkey := fmt.Sprintf("post-%d", time.Now().UnixNano())

     

       277
       +
       	uri := fmt.Sprintf("at://%s/social.coves.post.record/%s", communityDID, rkey)

     

       278
       +
       

     

       279
       +
       	// Insert post

     

       280
       +
       	_, err := db.ExecContext(ctx, `

     

       281
       +
       		INSERT INTO posts (uri, cid, rkey, author_did, community_did, title, created_at, score, upvote_count)

     

       282
       +
       		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)

     

       283
       +
       	`, uri, "bafytest", rkey, authorDID, communityDID, title, createdAt, score, score)

     

       284
       +
       	if err != nil {

     

       285
       +
       		t.Fatalf("Failed to create test post: %v", err)

     

       286
       +
       	}

     

       287
       +
       

     

       288
       +
       	return uri

     

       289
       +
       }

+368

tests/integration/timeline_test.go

···

       1
       +
       package integration

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"fmt"

     

       7
       +
       	"net/http"

     

       8
       +
       	"net/http/httptest"

     

       9
       +
       	"testing"

     

       10
       +
       	"time"

     

       11
       +
       

     

       12
       +
       	"Coves/internal/api/handlers/timeline"

     

       13
       +
       	"Coves/internal/api/middleware"

     

       14
       +
       	timelineCore "Coves/internal/core/timeline"

     

       15
       +
       	"Coves/internal/db/postgres"

     

       16
       +
       

     

       17
       +
       	"github.com/stretchr/testify/assert"

     

       18
       +
       	"github.com/stretchr/testify/require"

     

       19
       +
       )

     

       20
       +
       

     

       21
       +
       // TestGetTimeline_Basic tests timeline feed shows posts from subscribed communities

     

       22
       +
       func TestGetTimeline_Basic(t *testing.T) {

     

       23
       +
       	if testing.Short() {

     

       24
       +
       		t.Skip("Skipping integration test in short mode")

     

       25
       +
       	}

     

       26
       +
       

     

       27
       +
       	db := setupTestDB(t)

     

       28
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       29
       +
       

     

       30
       +
       	// Setup services

     

       31
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       32
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       33
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       34
       +
       

     

       35
       +
       	ctx := context.Background()

     

       36
       +
       	testID := time.Now().UnixNano()

     

       37
       +
       	userDID := fmt.Sprintf("did:plc:user-%d", testID)

     

       38
       +
       

     

       39
       +
       	// Create user

     

       40
       +
       	_, err := db.ExecContext(ctx, `

     

       41
       +
       		INSERT INTO users (did, handle, pds_url)

     

       42
       +
       		VALUES ($1, $2, $3)

     

       43
       +
       	`, userDID, fmt.Sprintf("testuser-%d.test", testID), "https://bsky.social")

     

       44
       +
       	require.NoError(t, err)

     

       45
       +
       

     

       46
       +
       	// Create two communities

     

       47
       +
       	community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       48
       +
       	require.NoError(t, err)

     

       49
       +
       

     

       50
       +
       	community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))

     

       51
       +
       	require.NoError(t, err)

     

       52
       +
       

     

       53
       +
       	// Create a third community that user is NOT subscribed to

     

       54
       +
       	community3DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("cooking-%d", testID), fmt.Sprintf("charlie-%d.test", testID))

     

       55
       +
       	require.NoError(t, err)

     

       56
       +
       

     

       57
       +
       	// Subscribe user to community1 and community2 (but not community3)

     

       58
       +
       	_, err = db.ExecContext(ctx, `

     

       59
       +
       		INSERT INTO community_subscriptions (user_did, community_did, content_visibility)

     

       60
       +
       		VALUES ($1, $2, 3), ($1, $3, 3)

     

       61
       +
       	`, userDID, community1DID, community2DID)

     

       62
       +
       	require.NoError(t, err)

     

       63
       +
       

     

       64
       +
       	// Create posts in all three communities

     

       65
       +
       	post1URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post 1", 50, time.Now().Add(-1*time.Hour))

     

       66
       +
       	post2URI := createTestPost(t, db, community2DID, "did:plc:bob", "Tech post 1", 30, time.Now().Add(-2*time.Hour))

     

       67
       +
       	post3URI := createTestPost(t, db, community3DID, "did:plc:charlie", "Cooking post (should not appear)", 100, time.Now().Add(-30*time.Minute))

     

       68
       +
       	post4URI := createTestPost(t, db, community1DID, "did:plc:alice", "Gaming post 2", 20, time.Now().Add(-3*time.Hour))

     

       69
       +
       

     

       70
       +
       	// Request timeline with auth

     

       71
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     

       72
       +
       	req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       73
       +
       	rec := httptest.NewRecorder()

     

       74
       +
       	handler.HandleGetTimeline(rec, req)

     

       75
       +
       

     

       76
       +
       	// Assertions

     

       77
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       78
       +
       

     

       79
       +
       	var response timelineCore.TimelineResponse

     

       80
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       81
       +
       	require.NoError(t, err)

     

       82
       +
       

     

       83
       +
       	// Should show 3 posts (from community1 and community2, NOT community3)

     

       84
       +
       	assert.Len(t, response.Feed, 3, "Timeline should show posts from subscribed communities only")

     

       85
       +
       

     

       86
       +
       	// Verify correct posts are shown

     

       87
       +
       	uris := []string{response.Feed[0].Post.URI, response.Feed[1].Post.URI, response.Feed[2].Post.URI}

     

       88
       +
       	assert.Contains(t, uris, post1URI, "Should contain gaming post 1")

     

       89
       +
       	assert.Contains(t, uris, post2URI, "Should contain tech post 1")

     

       90
       +
       	assert.Contains(t, uris, post4URI, "Should contain gaming post 2")

     

       91
       +
       	assert.NotContains(t, uris, post3URI, "Should NOT contain post from unsubscribed community")

     

       92
       +
       

     

       93
       +
       	// Verify posts are sorted by creation time (newest first for "new" sort)

     

       94
       +
       	assert.Equal(t, post1URI, response.Feed[0].Post.URI, "Newest post should be first")

     

       95
       +
       	assert.Equal(t, post2URI, response.Feed[1].Post.URI, "Second newest post")

     

       96
       +
       	assert.Equal(t, post4URI, response.Feed[2].Post.URI, "Oldest post should be last")

     

       97
       +
       

     

       98
       +
       	// Verify Record field is populated (schema compliance)

     

       99
       +
       	for i, feedPost := range response.Feed {

     

       100
       +
       		assert.NotNil(t, feedPost.Post.Record, "Post %d should have Record field", i)

     

       101
       +
       		record, ok := feedPost.Post.Record.(map[string]interface{})

     

       102
       +
       		require.True(t, ok, "Record should be a map")

     

       103
       +
       		assert.Equal(t, "social.coves.post.record", record["$type"], "Record should have correct $type")

     

       104
       +
       		assert.NotEmpty(t, record["community"], "Record should have community")

     

       105
       +
       		assert.NotEmpty(t, record["author"], "Record should have author")

     

       106
       +
       		assert.NotEmpty(t, record["createdAt"], "Record should have createdAt")

     

       107
       +
       	}

     

       108
       +
       }

     

       109
       +
       

     

       110
       +
       // TestGetTimeline_HotSort tests hot sorting across multiple communities

     

       111
       +
       func TestGetTimeline_HotSort(t *testing.T) {

     

       112
       +
       	if testing.Short() {

     

       113
       +
       		t.Skip("Skipping integration test in short mode")

     

       114
       +
       	}

     

       115
       +
       

     

       116
       +
       	db := setupTestDB(t)

     

       117
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       118
       +
       

     

       119
       +
       	// Setup services

     

       120
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       121
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       122
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       123
       +
       

     

       124
       +
       	ctx := context.Background()

     

       125
       +
       	testID := time.Now().UnixNano()

     

       126
       +
       	userDID := fmt.Sprintf("did:plc:user-%d", testID)

     

       127
       +
       

     

       128
       +
       	// Create user

     

       129
       +
       	_, err := db.ExecContext(ctx, `

     

       130
       +
       		INSERT INTO users (did, handle, pds_url)

     

       131
       +
       		VALUES ($1, $2, $3)

     

       132
       +
       	`, userDID, fmt.Sprintf("testuser-%d.test", testID), "https://bsky.social")

     

       133
       +
       	require.NoError(t, err)

     

       134
       +
       

     

       135
       +
       	// Create communities

     

       136
       +
       	community1DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       137
       +
       	require.NoError(t, err)

     

       138
       +
       

     

       139
       +
       	community2DID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("tech-%d", testID), fmt.Sprintf("bob-%d.test", testID))

     

       140
       +
       	require.NoError(t, err)

     

       141
       +
       

     

       142
       +
       	// Subscribe to both

     

       143
       +
       	_, err = db.ExecContext(ctx, `

     

       144
       +
       		INSERT INTO community_subscriptions (user_did, community_did, content_visibility)

     

       145
       +
       		VALUES ($1, $2, 3), ($1, $3, 3)

     

       146
       +
       	`, userDID, community1DID, community2DID)

     

       147
       +
       	require.NoError(t, err)

     

       148
       +
       

     

       149
       +
       	// Create posts with different scores and ages

     

       150
       +
       	// Recent with medium score from gaming (should rank high)

     

       151
       +
       	createTestPost(t, db, community1DID, "did:plc:alice", "Recent trending gaming", 50, time.Now().Add(-1*time.Hour))

     

       152
       +
       

     

       153
       +
       	// Old with high score from tech (age penalty)

     

       154
       +
       	createTestPost(t, db, community2DID, "did:plc:bob", "Old popular tech", 100, time.Now().Add(-24*time.Hour))

     

       155
       +
       

     

       156
       +
       	// Very recent with low score from gaming

     

       157
       +
       	createTestPost(t, db, community1DID, "did:plc:charlie", "Brand new gaming", 5, time.Now().Add(-10*time.Minute))

     

       158
       +
       

     

       159
       +
       	// Request hot timeline

     

       160
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=hot&limit=10", nil)

     

       161
       +
       	req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       162
       +
       	rec := httptest.NewRecorder()

     

       163
       +
       	handler.HandleGetTimeline(rec, req)

     

       164
       +
       

     

       165
       +
       	// Assertions

     

       166
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       167
       +
       

     

       168
       +
       	var response timelineCore.TimelineResponse

     

       169
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       170
       +
       	require.NoError(t, err)

     

       171
       +
       

     

       172
       +
       	assert.Len(t, response.Feed, 3, "Timeline should show all posts from subscribed communities")

     

       173
       +
       

     

       174
       +
       	// All posts should have community context

     

       175
       +
       	for _, feedPost := range response.Feed {

     

       176
       +
       		assert.NotNil(t, feedPost.Post.Community, "Post should have community context")

     

       177
       +
       		assert.Contains(t, []string{community1DID, community2DID}, feedPost.Post.Community.DID)

     

       178
       +
       	}

     

       179
       +
       }

     

       180
       +
       

     

       181
       +
       // TestGetTimeline_Pagination tests cursor-based pagination

     

       182
       +
       func TestGetTimeline_Pagination(t *testing.T) {

     

       183
       +
       	if testing.Short() {

     

       184
       +
       		t.Skip("Skipping integration test in short mode")

     

       185
       +
       	}

     

       186
       +
       

     

       187
       +
       	db := setupTestDB(t)

     

       188
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       189
       +
       

     

       190
       +
       	// Setup services

     

       191
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       192
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       193
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       194
       +
       

     

       195
       +
       	ctx := context.Background()

     

       196
       +
       	testID := time.Now().UnixNano()

     

       197
       +
       	userDID := fmt.Sprintf("did:plc:user-%d", testID)

     

       198
       +
       

     

       199
       +
       	// Create user

     

       200
       +
       	_, err := db.ExecContext(ctx, `

     

       201
       +
       		INSERT INTO users (did, handle, pds_url)

     

       202
       +
       		VALUES ($1, $2, $3)

     

       203
       +
       	`, userDID, fmt.Sprintf("testuser-%d.test", testID), "https://bsky.social")

     

       204
       +
       	require.NoError(t, err)

     

       205
       +
       

     

       206
       +
       	// Create community

     

       207
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("gaming-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       208
       +
       	require.NoError(t, err)

     

       209
       +
       

     

       210
       +
       	// Subscribe

     

       211
       +
       	_, err = db.ExecContext(ctx, `

     

       212
       +
       		INSERT INTO community_subscriptions (user_did, community_did, content_visibility)

     

       213
       +
       		VALUES ($1, $2, 3)

     

       214
       +
       	`, userDID, communityDID)

     

       215
       +
       	require.NoError(t, err)

     

       216
       +
       

     

       217
       +
       	// Create 5 posts

     

       218
       +
       	for i := 0; i < 5; i++ {

     

       219
       +
       		createTestPost(t, db, communityDID, "did:plc:alice", fmt.Sprintf("Post %d", i), 10-i, time.Now().Add(-time.Duration(i)*time.Hour))

     

       220
       +
       	}

     

       221
       +
       

     

       222
       +
       	// First page: limit 2

     

       223
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=2", nil)

     

       224
       +
       	req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       225
       +
       	rec := httptest.NewRecorder()

     

       226
       +
       	handler.HandleGetTimeline(rec, req)

     

       227
       +
       

     

       228
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       229
       +
       

     

       230
       +
       	var page1 timelineCore.TimelineResponse

     

       231
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &page1)

     

       232
       +
       	require.NoError(t, err)

     

       233
       +
       

     

       234
       +
       	assert.Len(t, page1.Feed, 2, "First page should have 2 posts")

     

       235
       +
       	assert.NotNil(t, page1.Cursor, "Should have cursor for next page")

     

       236
       +
       

     

       237
       +
       	// Second page: use cursor

     

       238
       +
       	req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("/xrpc/social.coves.feed.getTimeline?sort=new&limit=2&cursor=%s", *page1.Cursor), nil)

     

       239
       +
       	req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       240
       +
       	rec = httptest.NewRecorder()

     

       241
       +
       	handler.HandleGetTimeline(rec, req)

     

       242
       +
       

     

       243
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       244
       +
       

     

       245
       +
       	var page2 timelineCore.TimelineResponse

     

       246
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &page2)

     

       247
       +
       	require.NoError(t, err)

     

       248
       +
       

     

       249
       +
       	assert.Len(t, page2.Feed, 2, "Second page should have 2 posts")

     

       250
       +
       	assert.NotNil(t, page2.Cursor, "Should have cursor for next page")

     

       251
       +
       

     

       252
       +
       	// Verify no overlap

     

       253
       +
       	assert.NotEqual(t, page1.Feed[0].Post.URI, page2.Feed[0].Post.URI, "Pages should not overlap")

     

       254
       +
       	assert.NotEqual(t, page1.Feed[1].Post.URI, page2.Feed[1].Post.URI, "Pages should not overlap")

     

       255
       +
       }

     

       256
       +
       

     

       257
       +
       // TestGetTimeline_EmptyWhenNoSubscriptions tests timeline is empty when user has no subscriptions

     

       258
       +
       func TestGetTimeline_EmptyWhenNoSubscriptions(t *testing.T) {

     

       259
       +
       	if testing.Short() {

     

       260
       +
       		t.Skip("Skipping integration test in short mode")

     

       261
       +
       	}

     

       262
       +
       

     

       263
       +
       	db := setupTestDB(t)

     

       264
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       265
       +
       

     

       266
       +
       	// Setup services

     

       267
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       268
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       269
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       270
       +
       

     

       271
       +
       	ctx := context.Background()

     

       272
       +
       	testID := time.Now().UnixNano()

     

       273
       +
       	userDID := fmt.Sprintf("did:plc:user-%d", testID)

     

       274
       +
       

     

       275
       +
       	// Create user (but don't subscribe to any communities)

     

       276
       +
       	_, err := db.ExecContext(ctx, `

     

       277
       +
       		INSERT INTO users (did, handle, pds_url)

     

       278
       +
       		VALUES ($1, $2, $3)

     

       279
       +
       	`, userDID, fmt.Sprintf("testuser-%d.test", testID), "https://bsky.social")

     

       280
       +
       	require.NoError(t, err)

     

       281
       +
       

     

       282
       +
       	// Request timeline

     

       283
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     

       284
       +
       	req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       285
       +
       	rec := httptest.NewRecorder()

     

       286
       +
       	handler.HandleGetTimeline(rec, req)

     

       287
       +
       

     

       288
       +
       	// Assertions

     

       289
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       290
       +
       

     

       291
       +
       	var response timelineCore.TimelineResponse

     

       292
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       293
       +
       	require.NoError(t, err)

     

       294
       +
       

     

       295
       +
       	assert.Empty(t, response.Feed, "Timeline should be empty when user has no subscriptions")

     

       296
       +
       	assert.Nil(t, response.Cursor, "Should not have cursor when no results")

     

       297
       +
       }

     

       298
       +
       

     

       299
       +
       // TestGetTimeline_Unauthorized tests timeline requires authentication

     

       300
       +
       func TestGetTimeline_Unauthorized(t *testing.T) {

     

       301
       +
       	if testing.Short() {

     

       302
       +
       		t.Skip("Skipping integration test in short mode")

     

       303
       +
       	}

     

       304
       +
       

     

       305
       +
       	db := setupTestDB(t)

     

       306
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       307
       +
       

     

       308
       +
       	// Setup services

     

       309
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       310
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       311
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       312
       +
       

     

       313
       +
       	// Request timeline WITHOUT auth context

     

       314
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     

       315
       +
       	rec := httptest.NewRecorder()

     

       316
       +
       	handler.HandleGetTimeline(rec, req)

     

       317
       +
       

     

       318
       +
       	// Should return 401 Unauthorized

     

       319
       +
       	assert.Equal(t, http.StatusUnauthorized, rec.Code)

     

       320
       +
       

     

       321
       +
       	var errorResp map[string]string

     

       322
       +
       	err := json.Unmarshal(rec.Body.Bytes(), &errorResp)

     

       323
       +
       	require.NoError(t, err)

     

       324
       +
       

     

       325
       +
       	assert.Equal(t, "AuthenticationRequired", errorResp["error"])

     

       326
       +
       }

     

       327
       +
       

     

       328
       +
       // TestGetTimeline_LimitValidation tests limit parameter validation

     

       329
       +
       func TestGetTimeline_LimitValidation(t *testing.T) {

     

       330
       +
       	if testing.Short() {

     

       331
       +
       		t.Skip("Skipping integration test in short mode")

     

       332
       +
       	}

     

       333
       +
       

     

       334
       +
       	db := setupTestDB(t)

     

       335
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       336
       +
       

     

       337
       +
       	// Setup services

     

       338
       +
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       339
       +
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       340
       +
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       341
       +
       

     

       342
       +
       	ctx := context.Background()

     

       343
       +
       	testID := time.Now().UnixNano()

     

       344
       +
       	userDID := fmt.Sprintf("did:plc:user-%d", testID)

     

       345
       +
       

     

       346
       +
       	// Create user

     

       347
       +
       	_, err := db.ExecContext(ctx, `

     

       348
       +
       		INSERT INTO users (did, handle, pds_url)

     

       349
       +
       		VALUES ($1, $2, $3)

     

       350
       +
       	`, userDID, fmt.Sprintf("testuser-%d.test", testID), "https://bsky.social")

     

       351
       +
       	require.NoError(t, err)

     

       352
       +
       

     

       353
       +
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       354
       +
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=100", nil)

     

       355
       +
       		req = req.WithContext(middleware.SetTestUserDID(req.Context(), userDID))

     

       356
       +
       		rec := httptest.NewRecorder()

     

       357
       +
       		handler.HandleGetTimeline(rec, req)

     

       358
       +
       

     

       359
       +
       		assert.Equal(t, http.StatusBadRequest, rec.Code)

     

       360
       +
       

     

       361
       +
       		var errorResp map[string]string

     

       362
       +
       		err := json.Unmarshal(rec.Body.Bytes(), &errorResp)

     

       363
       +
       		require.NoError(t, err)

     

       364
       +
       

     

       365
       +
       		assert.Equal(t, "InvalidRequest", errorResp["error"])

     

       366
       +
       		assert.Contains(t, errorResp["message"], "limit")

     

       367
       +
       	})

     

       368
       +
       }