commit c6f51cc48709d43a3f0a1c774131b2cf80a8e7d1 · bretton.dev/coves

+2 -2

cmd/server/main.go

···

       543
       543
        
       	routes.RegisterTimelineRoutes(r, timelineService, voteService, authMiddleware)

     

       544
       544
        
       	log.Println("Timeline XRPC endpoints registered (requires authentication, includes viewer vote state)")

     

       545
       545
        
       

     

       546
       546
       -
       	routes.RegisterDiscoverRoutes(r, discoverService)

     

       547
       547
       -
       	log.Println("Discover XRPC endpoints registered (public, no auth required)")

     

       546
       546
       +
       	routes.RegisterDiscoverRoutes(r, discoverService, voteService, authMiddleware)

     

       547
       547
       +
       	log.Println("Discover XRPC endpoints registered (public with optional auth for viewer vote state)")

     

       548
       548
        
       

     

       549
       549
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService, userService, identityResolver)

     

       550
       550
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public, registration endpoint public)")

+73

internal/api/handlers/common/viewer_state.go

···

       1
       1
       +
       package common

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"Coves/internal/api/middleware"

     

       5
       5
       +
       	"Coves/internal/core/posts"

     

       6
       6
       +
       	"Coves/internal/core/votes"

     

       7
       7
       +
       	"context"

     

       8
       8
       +
       	"log"

     

       9
       9
       +
       	"net/http"

     

       10
       10
       +
       )

     

       11
       11
       +
       

     

       12
       12
       +
       // FeedPostProvider is implemented by any feed post wrapper that contains a PostView.

     

       13
       13
       +
       // This allows the helper to work with different feed post types (discover, timeline, communityFeed).

     

       14
       14
       +
       type FeedPostProvider interface {

     

       15
       15
       +
       	GetPost() *posts.PostView

     

       16
       16
       +
       }

     

       17
       17
       +
       

     

       18
       18
       +
       // PopulateViewerVoteState enriches feed posts with the authenticated user's vote state.

     

       19
       19
       +
       // This is a no-op if voteService is nil or the request is unauthenticated.

     

       20
       20
       +
       //

     

       21
       21
       +
       // Parameters:

     

       22
       22
       +
       //   - ctx: Request context for PDS calls

     

       23
       23
       +
       //   - r: HTTP request (used to extract OAuth session)

     

       24
       24
       +
       //   - voteService: Vote service for cache lookup (may be nil)

     

       25
       25
       +
       //   - feedPosts: Posts to enrich with viewer state (must implement FeedPostProvider)

     

       26
       26
       +
       //

     

       27
       27
       +
       // The function logs but does not fail on errors - viewer state is optional enrichment.

     

       28
       28
       +
       func PopulateViewerVoteState[T FeedPostProvider](

     

       29
       29
       +
       	ctx context.Context,

     

       30
       30
       +
       	r *http.Request,

     

       31
       31
       +
       	voteService votes.Service,

     

       32
       32
       +
       	feedPosts []T,

     

       33
       33
       +
       ) {

     

       34
       34
       +
       	if voteService == nil {

     

       35
       35
       +
       		return

     

       36
       36
       +
       	}

     

       37
       37
       +
       

     

       38
       38
       +
       	session := middleware.GetOAuthSession(r)

     

       39
       39
       +
       	if session == nil {

     

       40
       40
       +
       		return

     

       41
       41
       +
       	}

     

       42
       42
       +
       

     

       43
       43
       +
       	userDID := middleware.GetUserDID(r)

     

       44
       44
       +
       

     

       45
       45
       +
       	// Ensure vote cache is populated from PDS

     

       46
       46
       +
       	if err := voteService.EnsureCachePopulated(ctx, session); err != nil {

     

       47
       47
       +
       		log.Printf("Warning: failed to populate vote cache: %v", err)

     

       48
       48
       +
       		return

     

       49
       49
       +
       	}

     

       50
       50
       +
       

     

       51
       51
       +
       	// Collect post URIs to batch lookup

     

       52
       52
       +
       	postURIs := make([]string, 0, len(feedPosts))

     

       53
       53
       +
       	for _, feedPost := range feedPosts {

     

       54
       54
       +
       		if post := feedPost.GetPost(); post != nil {

     

       55
       55
       +
       			postURIs = append(postURIs, post.URI)

     

       56
       56
       +
       		}

     

       57
       57
       +
       	}

     

       58
       58
       +
       

     

       59
       59
       +
       	// Get viewer votes for all posts

     

       60
       60
       +
       	viewerVotes := voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       61
       61
       +
       

     

       62
       62
       +
       	// Populate viewer state on each post

     

       63
       63
       +
       	for _, feedPost := range feedPosts {

     

       64
       64
       +
       		if post := feedPost.GetPost(); post != nil {

     

       65
       65
       +
       			if vote, exists := viewerVotes[post.URI]; exists {

     

       66
       66
       +
       				post.Viewer = &posts.ViewerState{

     

       67
       67
       +
       					Vote:    &vote.Direction,

     

       68
       68
       +
       					VoteURI: &vote.URI,

     

       69
       69
       +
       				}

     

       70
       70
       +
       			}

     

       71
       71
       +
       		}

     

       72
       72
       +
       	}

     

       73
       73
       +
       }

+3 -36

internal/api/handlers/communityFeed/get_community.go

···

       1
       1
        
       package communityFeed

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       -
       	"Coves/internal/api/middleware"

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       5
       5
        
       	"Coves/internal/core/communityFeeds"

     

       6
       6
        
       	"Coves/internal/core/posts"

     

       7
       7
        
       	"Coves/internal/core/votes"

     
···

       47
       47
        
       		return

     

       48
       48
        
       	}

     

       49
       49
        
       

     

       50
       50
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       51
       51
       -
       	if h.voteService != nil {

     

       52
       52
       -
       		session := middleware.GetOAuthSession(r)

     

       53
       53
       -
       		if session != nil {

     

       54
       54
       -
       			userDID := middleware.GetUserDID(r)

     

       55
       55
       -
       			// Ensure vote cache is populated from PDS

     

       56
       56
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       57
       57
       -
       				// Log but don't fail - viewer state is optional

     

       58
       58
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       59
       59
       -
       			} else {

     

       60
       60
       -
       				// Collect post URIs to batch lookup

     

       61
       61
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       62
       62
       -
       				for _, feedPost := range response.Feed {

     

       63
       63
       -
       					if feedPost.Post != nil {

     

       64
       64
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       65
       65
       -
       					}

     

       66
       66
       -
       				}

     

       67
       67
       -
       

     

       68
       68
       -
       				// Get viewer votes for all posts

     

       69
       69
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       70
       70
       -
       

     

       71
       71
       -
       				// Populate viewer state on each post

     

       72
       72
       -
       				for _, feedPost := range response.Feed {

     

       73
       73
       -
       					if feedPost.Post != nil {

     

       74
       74
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       75
       75
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       76
       76
       -
       								Vote:    &vote.Direction,

     

       77
       77
       -
       								VoteURI: &vote.URI,

     

       78
       78
       -
       							}

     

       79
       79
       -
       						}

     

       80
       80
       -
       					}

     

       81
       81
       -
       				}

     

       82
       82
       -
       			}

     

       83
       83
       -
       		}

     

       84
       84
       -
       	}

     

       50
       50
       +
       	// Populate viewer vote state if authenticated

     

       51
       51
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       85
       52
        
       

     

       86
       53
        
       	// Transform blob refs to URLs for all posts

     

       87
       54
        
       	for _, feedPost := range response.Feed {

+11 -4

internal/api/handlers/discover/get_discover.go

···

       1
       1
        
       package discover

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       4
       5
        
       	"Coves/internal/core/discover"

     

       5
       6
        
       	"Coves/internal/core/posts"

     

       7
       7
       +
       	"Coves/internal/core/votes"

     

       6
       8
        
       	"encoding/json"

     

       7
       9
        
       	"log"

     

       8
       10
        
       	"net/http"

     
···

       11
       13
        
       

     

       12
       14
        
       // GetDiscoverHandler handles discover feed retrieval

     

       13
       15
        
       type GetDiscoverHandler struct {

     

       14
       14
       -
       	service discover.Service

     

       16
       16
       +
       	service     discover.Service

     

       17
       17
       +
       	voteService votes.Service

     

       15
       18
        
       }

     

       16
       19
        
       

     

       17
       20
        
       // NewGetDiscoverHandler creates a new discover handler

     

       18
       18
       -
       func NewGetDiscoverHandler(service discover.Service) *GetDiscoverHandler {

     

       21
       21
       +
       func NewGetDiscoverHandler(service discover.Service, voteService votes.Service) *GetDiscoverHandler {

     

       19
       22
        
       	return &GetDiscoverHandler{

     

       20
       20
       -
       		service: service,

     

       23
       23
       +
       		service:     service,

     

       24
       24
       +
       		voteService: voteService,

     

       21
       25
        
       	}

     

       22
       26
        
       }

     

       23
       27
        
       

     

       24
       28
        
       // HandleGetDiscover retrieves posts from all communities (public feed)

     

       25
       29
        
       // GET /xrpc/social.coves.feed.getDiscover?sort=hot&limit=15&cursor=...

     

       26
       26
       -
       // Public endpoint - no authentication required

     

       30
       30
       +
       // Public endpoint with optional auth - if authenticated, includes viewer vote state

     

       27
       31
        
       func (h *GetDiscoverHandler) HandleGetDiscover(w http.ResponseWriter, r *http.Request) {

     

       28
       32
        
       	if r.Method != http.MethodGet {

     

       29
       33
        
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     
···

       39
       43
        
       		handleServiceError(w, err)

     

       40
       44
        
       		return

     

       41
       45
        
       	}

     

       46
       46
       +
       

     

       47
       47
       +
       	// Populate viewer vote state if authenticated

     

       48
       48
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       42
       49
        
       

     

       43
       50
        
       	// Transform blob refs to URLs for all posts

     

       44
       51
        
       	for _, feedPost := range response.Feed {

+3 -34

internal/api/handlers/timeline/get_timeline.go

···

       1
       1
        
       package timeline

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       4
       5
        
       	"Coves/internal/api/middleware"

     

       5
       6
        
       	"Coves/internal/core/posts"

     

       6
       7
        
       	"Coves/internal/core/timeline"

     
···

       56
       57
        
       		return

     

       57
       58
        
       	}

     

       58
       59
        
       

     

       59
       59
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       60
       60
       -
       	if h.voteService != nil {

     

       61
       61
       -
       		session := middleware.GetOAuthSession(r)

     

       62
       62
       -
       		if session != nil {

     

       63
       63
       -
       			// Ensure vote cache is populated from PDS

     

       64
       64
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       65
       65
       -
       				// Log but don't fail - viewer state is optional

     

       66
       66
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       67
       67
       -
       			} else {

     

       68
       68
       -
       				// Collect post URIs to batch lookup

     

       69
       69
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       70
       70
       -
       				for _, feedPost := range response.Feed {

     

       71
       71
       -
       					if feedPost.Post != nil {

     

       72
       72
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       73
       73
       -
       					}

     

       74
       74
       -
       				}

     

       75
       75
       -
       

     

       76
       76
       -
       				// Get viewer votes for all posts

     

       77
       77
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       78
       78
       -
       

     

       79
       79
       -
       				// Populate viewer state on each post

     

       80
       80
       -
       				for _, feedPost := range response.Feed {

     

       81
       81
       -
       					if feedPost.Post != nil {

     

       82
       82
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       83
       83
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       84
       84
       -
       								Vote:    &vote.Direction,

     

       85
       85
       -
       								VoteURI: &vote.URI,

     

       86
       86
       -
       							}

     

       87
       87
       -
       						}

     

       88
       88
       -
       					}

     

       89
       89
       -
       				}

     

       90
       90
       -
       			}

     

       91
       91
       -
       		}

     

       92
       92
       -
       	}

     

       60
       60
       +
       	// Populate viewer vote state if authenticated

     

       61
       61
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       93
       62
        
       

     

       94
       63
        
       	// Transform blob refs to URLs for all posts

     

       95
       64
        
       	for _, feedPost := range response.Feed {

+9 -4

internal/api/routes/discover.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       5
       +
       	"Coves/internal/api/middleware"

     

       5
       6
        
       	discoverCore "Coves/internal/core/discover"

     

       7
       7
       +
       	"Coves/internal/core/votes"

     

       6
       8
        
       

     

       7
       9
        
       	"github.com/go-chi/chi/v5"

     

       8
       10
        
       )

     
···

       10
       12
        
       // RegisterDiscoverRoutes registers discover-related XRPC endpoints

     

       11
       13
        
       //

     

       12
       14
        
       // SECURITY & RATE LIMITING:

     

       13
       13
       -
       // - Discover feed is PUBLIC (no authentication required)

     

       15
       15
       +
       // - Discover feed is PUBLIC (works without authentication)

     

       16
       16
       +
       // - Optional auth: if authenticated, includes viewer vote state on posts

     

       14
       17
        
       // - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)

     

       15
       18
        
       // - Query timeout enforced via context (prevents long-running queries)

     

       16
       19
        
       // - Result limit capped at 50 posts per request (validated in service layer)

     
···

       18
       21
        
       func RegisterDiscoverRoutes(

     

       19
       22
        
       	r chi.Router,

     

       20
       23
        
       	discoverService discoverCore.Service,

     

       24
       24
       +
       	voteService votes.Service,

     

       25
       25
       +
       	authMiddleware *middleware.OAuthAuthMiddleware,

     

       21
       26
        
       ) {

     

       22
       27
        
       	// Create handlers

     

       23
       23
       -
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService)

     

       28
       28
       +
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService, voteService)

     

       24
       29
        
       

     

       25
       30
        
       	// GET /xrpc/social.coves.feed.getDiscover

     

       26
       26
       -
       	// Public endpoint - no authentication required

     

       31
       31
       +
       	// Public endpoint with optional auth for viewer-specific state (vote state)

     

       27
       32
        
       	// Shows posts from ALL communities (not personalized)

     

       28
       33
        
       	// Rate limited: 100 req/min per IP via global middleware

     

       29
       29
       -
       	r.Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       34
       34
       +
       	r.With(authMiddleware.OptionalAuth).Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       30
       35
        
       }

internal/core/communityFeeds/types.go

···

       31
       31
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       32
       32
        
       }

     

       33
       33
        
       

     

       34
       34
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       35
       35
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       36
       36
       +
       	return f.Post

     

       37
       37
       +
       }

     

       38
       38
       +
       

     

       34
       39
        
       // FeedReason is a union type for feed context

     

       35
       40
        
       // Can be reasonRepost or reasonPin

     

       36
       41
        
       type FeedReason struct {

internal/core/discover/types.go

···

       39
       39
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`

     

       40
       40
        
       }

     

       41
       41
        
       

     

       42
       42
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       43
       43
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       44
       44
       +
       	return f.Post

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       42
       47
        
       // FeedReason is a union type for feed context

     

       43
       48
        
       type FeedReason struct {

     

       44
       49
        
       	Repost    *ReasonRepost    `json:"-"`

internal/core/timeline/types.go

···

       42
       42
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       43
       43
        
       }

     

       44
       44
        
       

     

       45
       45
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       46
       46
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       47
       47
       +
       	return f.Post

     

       48
       48
       +
       }

     

       49
       49
       +
       

     

       45
       50
        
       // FeedReason is a union type for feed context

     

       46
       51
        
       // Future: Can be reasonRepost or reasonCommunity

     

       47
       52
        
       type FeedReason struct {

+193 -5

tests/integration/discover_test.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       5
       +
       	"Coves/internal/api/middleware"

     

       6
       6
       +
       	"Coves/internal/core/votes"

     

       5
       7
        
       	"Coves/internal/db/postgres"

     

       6
       8
        
       	"context"

     

       7
       9
        
       	"encoding/json"

     
···

       13
       15
        
       

     

       14
       16
        
       	discoverCore "Coves/internal/core/discover"

     

       15
       17
        
       

     

       18
       18
       +
       	oauthlib "github.com/bluesky-social/indigo/atproto/auth/oauth"

     

       19
       19
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       16
       20
        
       	"github.com/stretchr/testify/assert"

     

       17
       21
        
       	"github.com/stretchr/testify/require"

     

       18
       22
        
       )

     

       19
       23
        
       

     

       24
       24
       +
       // mockVoteService implements votes.Service for testing viewer vote state

     

       25
       25
       +
       type mockVoteService struct {

     

       26
       26
       +
       	cachedVotes map[string]*votes.CachedVote // userDID:subjectURI -> vote

     

       27
       27
       +
       }

     

       28
       28
       +
       

     

       29
       29
       +
       func newMockVoteService() *mockVoteService {

     

       30
       30
       +
       	return &mockVoteService{

     

       31
       31
       +
       		cachedVotes: make(map[string]*votes.CachedVote),

     

       32
       32
       +
       	}

     

       33
       33
       +
       }

     

       34
       34
       +
       

     

       35
       35
       +
       func (m *mockVoteService) AddVote(userDID, subjectURI, direction, voteURI string) {

     

       36
       36
       +
       	key := userDID + ":" + subjectURI

     

       37
       37
       +
       	m.cachedVotes[key] = &votes.CachedVote{

     

       38
       38
       +
       		Direction: direction,

     

       39
       39
       +
       		URI:       voteURI,

     

       40
       40
       +
       	}

     

       41
       41
       +
       }

     

       42
       42
       +
       

     

       43
       43
       +
       func (m *mockVoteService) CreateVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.CreateVoteRequest) (*votes.CreateVoteResponse, error) {

     

       44
       44
       +
       	return &votes.CreateVoteResponse{}, nil

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       47
       47
       +
       func (m *mockVoteService) DeleteVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.DeleteVoteRequest) error {

     

       48
       48
       +
       	return nil

     

       49
       49
       +
       }

     

       50
       50
       +
       

     

       51
       51
       +
       func (m *mockVoteService) EnsureCachePopulated(_ context.Context, _ *oauthlib.ClientSessionData) error {

     

       52
       52
       +
       	return nil // Mock always succeeds - votes pre-populated via AddVote

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       func (m *mockVoteService) GetViewerVote(userDID, subjectURI string) *votes.CachedVote {

     

       56
       56
       +
       	key := userDID + ":" + subjectURI

     

       57
       57
       +
       	return m.cachedVotes[key]

     

       58
       58
       +
       }

     

       59
       59
       +
       

     

       60
       60
       +
       func (m *mockVoteService) GetViewerVotesForSubjects(userDID string, subjectURIs []string) map[string]*votes.CachedVote {

     

       61
       61
       +
       	result := make(map[string]*votes.CachedVote)

     

       62
       62
       +
       	for _, uri := range subjectURIs {

     

       63
       63
       +
       		key := userDID + ":" + uri

     

       64
       64
       +
       		if vote, exists := m.cachedVotes[key]; exists {

     

       65
       65
       +
       			result[uri] = vote

     

       66
       66
       +
       		}

     

       67
       67
       +
       	}

     

       68
       68
       +
       	return result

     

       69
       69
       +
       }

     

       70
       70
       +
       

     

       20
       71
        
       // TestGetDiscover_ShowsAllCommunities tests discover feed shows posts from ALL communities

     

       21
       72
        
       func TestGetDiscover_ShowsAllCommunities(t *testing.T) {

     

       22
       73
        
       	if testing.Short() {

     
···

       29
       80
        
       	// Setup services

     

       30
       81
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       31
       82
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       32
       32
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       83
       83
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       33
       84
        
       

     

       34
       85
        
       	ctx := context.Background()

     

       35
       86
        
       	testID := time.Now().UnixNano()

     
···

       100
       151
        
       	// Setup services

     

       101
       152
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       102
       153
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       103
       103
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       154
       154
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       104
       155
        
       

     

       105
       156
        
       	ctx := context.Background()

     

       106
       157
        
       	testID := time.Now().UnixNano()

     
···

       147
       198
        
       	// Setup services

     

       148
       199
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       149
       200
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       150
       150
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       201
       201
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       151
       202
        
       

     

       152
       203
        
       	ctx := context.Background()

     

       153
       204
        
       	testID := time.Now().UnixNano()

     
···

       197
       248
        
       	// Setup services

     

       198
       249
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       199
       250
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       200
       200
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       251
       251
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       201
       252
        
       

     

       202
       253
        
       	ctx := context.Background()

     

       203
       254
        
       	testID := time.Now().UnixNano()

     
···

       254
       305
        
       	// Setup services

     

       255
       306
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       256
       307
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       257
       257
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       308
       308
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       258
       309
        
       

     

       259
       310
        
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       260
       311
        
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)

     
···

       271
       322
        
       		assert.Contains(t, errorResp["message"], "limit")

     

       272
       323
        
       	})

     

       273
       324
        
       }

     

       325
       325
       +
       

     

       326
       326
       +
       // TestGetDiscover_ViewerVoteState tests that authenticated users see their vote state on posts

     

       327
       327
       +
       func TestGetDiscover_ViewerVoteState(t *testing.T) {

     

       328
       328
       +
       	if testing.Short() {

     

       329
       329
       +
       		t.Skip("Skipping integration test in short mode")

     

       330
       330
       +
       	}

     

       331
       331
       +
       

     

       332
       332
       +
       	db := setupTestDB(t)

     

       333
       333
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       334
       334
       +
       

     

       335
       335
       +
       	ctx := context.Background()

     

       336
       336
       +
       	testID := time.Now().UnixNano()

     

       337
       337
       +
       

     

       338
       338
       +
       	// Create community and posts

     

       339
       339
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("votes-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       340
       340
       +
       	require.NoError(t, err)

     

       341
       341
       +
       

     

       342
       342
       +
       	post1URI := createTestPost(t, db, communityDID, "did:plc:author1", "Post with upvote", 10, time.Now().Add(-1*time.Hour))

     

       343
       343
       +
       	post2URI := createTestPost(t, db, communityDID, "did:plc:author2", "Post with downvote", 5, time.Now().Add(-2*time.Hour))

     

       344
       344
       +
       	_ = createTestPost(t, db, communityDID, "did:plc:author3", "Post without vote", 3, time.Now().Add(-3*time.Hour))

     

       345
       345
       +
       

     

       346
       346
       +
       	// Setup mock vote service with pre-populated votes

     

       347
       347
       +
       	viewerDID := "did:plc:viewer123"

     

       348
       348
       +
       	mockVotes := newMockVoteService()

     

       349
       349
       +
       	mockVotes.AddVote(viewerDID, post1URI, "up", "at://"+viewerDID+"/social.coves.vote/vote1")

     

       350
       350
       +
       	mockVotes.AddVote(viewerDID, post2URI, "down", "at://"+viewerDID+"/social.coves.vote/vote2")

     

       351
       351
       +
       

     

       352
       352
       +
       	// Setup handler with mock vote service

     

       353
       353
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       354
       354
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       355
       355
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       356
       356
       +
       

     

       357
       357
       +
       	// Create request with authenticated user context

     

       358
       358
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       359
       359
       +
       

     

       360
       360
       +
       	// Inject OAuth session into context (simulates OptionalAuth middleware)

     

       361
       361
       +
       	did, _ := syntax.ParseDID(viewerDID)

     

       362
       362
       +
       	session := &oauthlib.ClientSessionData{

     

       363
       363
       +
       		AccountDID:  did,

     

       364
       364
       +
       		AccessToken: "test_token",

     

       365
       365
       +
       	}

     

       366
       366
       +
       	reqCtx := context.WithValue(req.Context(), middleware.UserDIDKey, viewerDID)

     

       367
       367
       +
       	reqCtx = context.WithValue(reqCtx, middleware.OAuthSessionKey, session)

     

       368
       368
       +
       	req = req.WithContext(reqCtx)

     

       369
       369
       +
       

     

       370
       370
       +
       	rec := httptest.NewRecorder()

     

       371
       371
       +
       	handler.HandleGetDiscover(rec, req)

     

       372
       372
       +
       

     

       373
       373
       +
       	// Assertions

     

       374
       374
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       375
       375
       +
       

     

       376
       376
       +
       	var response discoverCore.DiscoverResponse

     

       377
       377
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       378
       378
       +
       	require.NoError(t, err)

     

       379
       379
       +
       

     

       380
       380
       +
       	// Find our test posts and verify vote state

     

       381
       381
       +
       	var foundPost1, foundPost2, foundPost3 bool

     

       382
       382
       +
       	for _, feedPost := range response.Feed {

     

       383
       383
       +
       		switch feedPost.Post.URI {

     

       384
       384
       +
       		case post1URI:

     

       385
       385
       +
       			foundPost1 = true

     

       386
       386
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post1 should have viewer state")

     

       387
       387
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post1 should have vote direction")

     

       388
       388
       +
       			assert.Equal(t, "up", *feedPost.Post.Viewer.Vote, "Post1 should show upvote")

     

       389
       389
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post1 should have vote URI")

     

       390
       390
       +
       			assert.Contains(t, *feedPost.Post.Viewer.VoteURI, "vote1", "Post1 should have correct vote URI")

     

       391
       391
       +
       

     

       392
       392
       +
       		case post2URI:

     

       393
       393
       +
       			foundPost2 = true

     

       394
       394
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post2 should have viewer state")

     

       395
       395
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post2 should have vote direction")

     

       396
       396
       +
       			assert.Equal(t, "down", *feedPost.Post.Viewer.Vote, "Post2 should show downvote")

     

       397
       397
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post2 should have vote URI")

     

       398
       398
       +
       

     

       399
       399
       +
       		default:

     

       400
       400
       +
       			// Posts without votes should have nil Viewer or nil Vote

     

       401
       401
       +
       			if feedPost.Post.Viewer != nil && feedPost.Post.Viewer.Vote != nil {

     

       402
       402
       +
       				// This post has a vote from our viewer - it's not post3

     

       403
       403
       +
       				continue

     

       404
       404
       +
       			}

     

       405
       405
       +
       			foundPost3 = true

     

       406
       406
       +
       		}

     

       407
       407
       +
       	}

     

       408
       408
       +
       

     

       409
       409
       +
       	assert.True(t, foundPost1, "Should find post1 with upvote")

     

       410
       410
       +
       	assert.True(t, foundPost2, "Should find post2 with downvote")

     

       411
       411
       +
       	assert.True(t, foundPost3, "Should find post3 without vote")

     

       412
       412
       +
       }

     

       413
       413
       +
       

     

       414
       414
       +
       // TestGetDiscover_NoViewerStateWithoutAuth tests that unauthenticated users don't get viewer state

     

       415
       415
       +
       func TestGetDiscover_NoViewerStateWithoutAuth(t *testing.T) {

     

       416
       416
       +
       	if testing.Short() {

     

       417
       417
       +
       		t.Skip("Skipping integration test in short mode")

     

       418
       418
       +
       	}

     

       419
       419
       +
       

     

       420
       420
       +
       	db := setupTestDB(t)

     

       421
       421
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       422
       422
       +
       

     

       423
       423
       +
       	ctx := context.Background()

     

       424
       424
       +
       	testID := time.Now().UnixNano()

     

       425
       425
       +
       

     

       426
       426
       +
       	// Create community and post

     

       427
       427
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("noauth-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       428
       428
       +
       	require.NoError(t, err)

     

       429
       429
       +
       

     

       430
       430
       +
       	postURI := createTestPost(t, db, communityDID, "did:plc:author", "Some post", 10, time.Now())

     

       431
       431
       +
       

     

       432
       432
       +
       	// Setup mock vote service with a vote (but request will be unauthenticated)

     

       433
       433
       +
       	mockVotes := newMockVoteService()

     

       434
       434
       +
       	mockVotes.AddVote("did:plc:someuser", postURI, "up", "at://did:plc:someuser/social.coves.vote/vote1")

     

       435
       435
       +
       

     

       436
       436
       +
       	// Setup handler with mock vote service

     

       437
       437
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       438
       438
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       439
       439
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       440
       440
       +
       

     

       441
       441
       +
       	// Create request WITHOUT auth context

     

       442
       442
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       443
       443
       +
       	rec := httptest.NewRecorder()

     

       444
       444
       +
       	handler.HandleGetDiscover(rec, req)

     

       445
       445
       +
       

     

       446
       446
       +
       	// Should succeed

     

       447
       447
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       448
       448
       +
       

     

       449
       449
       +
       	var response discoverCore.DiscoverResponse

     

       450
       450
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       451
       451
       +
       	require.NoError(t, err)

     

       452
       452
       +
       

     

       453
       453
       +
       	// Find our post and verify NO viewer state (unauthenticated)

     

       454
       454
       +
       	for _, feedPost := range response.Feed {

     

       455
       455
       +
       		if feedPost.Post.URI == postURI {

     

       456
       456
       +
       			assert.Nil(t, feedPost.Post.Viewer, "Unauthenticated request should not have viewer state")

     

       457
       457
       +
       			return

     

       458
       458
       +
       		}

     

       459
       459
       +
       	}

     

       460
       460
       +
       	t.Fatal("Test post not found in response")

     

       461
       461
       +
       }

+11 -11

tests/integration/feed_test.go

···

       37
       37
        
       		nil,

     

       38
       38
        
       	)

     

       39
       39
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       40
       40
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       40
       40
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       41
       41
        
       

     

       42
       42
        
       	// Setup test data: community, users, and posts

     

       43
       43
        
       	ctx := context.Background()

     
···

       114
       114
        
       		nil,

     

       115
       115
        
       	)

     

       116
       116
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       117
       117
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       117
       117
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       118
       118
        
       

     

       119
       119
        
       	// Setup test data

     

       120
       120
        
       	ctx := context.Background()

     
···

       190
       190
        
       		nil,

     

       191
       191
        
       	)

     

       192
       192
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       193
       193
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       193
       193
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       194
       194
        
       

     

       195
       195
        
       	// Setup test data

     

       196
       196
        
       	ctx := context.Background()

     
···

       246
       246
        
       		nil,

     

       247
       247
        
       	)

     

       248
       248
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       249
       249
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       249
       249
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       250
       250
        
       

     

       251
       251
        
       	// Setup test data with many posts

     

       252
       252
        
       	ctx := context.Background()

     
···

       337
       337
        
       		nil,

     

       338
       338
        
       	)

     

       339
       339
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       340
       340
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       340
       340
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       341
       341
        
       

     

       342
       342
        
       	// Request feed for non-existent community

     

       343
       343
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.communityFeed.getCommunity?community=did:plc:nonexistent&sort=hot&limit=10", nil)

     
···

       373
       373
        
       		nil,

     

       374
       374
        
       	)

     

       375
       375
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       376
       376
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       376
       376
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       377
       377
        
       

     

       378
       378
        
       	// Setup test community

     

       379
       379
        
       	ctx := context.Background()

     
···

       429
       429
        
       		nil,

     

       430
       430
        
       	)

     

       431
       431
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       432
       432
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       432
       432
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       433
       433
        
       

     

       434
       434
        
       	// Create community with no posts

     

       435
       435
        
       	ctx := context.Background()

     
···

       473
       473
        
       		nil,

     

       474
       474
        
       	)

     

       475
       475
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       476
       476
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       476
       476
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       477
       477
        
       

     

       478
       478
        
       	// Setup test community

     

       479
       479
        
       	ctx := context.Background()

     
···

       526
       526
        
       		nil,

     

       527
       527
        
       	)

     

       528
       528
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       529
       529
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       529
       529
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       530
       530
        
       

     

       531
       531
        
       	// Setup test data

     

       532
       532
        
       	ctx := context.Background()

     
···

       627
       627
        
       		nil,

     

       628
       628
        
       	)

     

       629
       629
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       630
       630
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       630
       630
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       631
       631
        
       

     

       632
       632
        
       	// Setup test data

     

       633
       633
        
       	ctx := context.Background()

     
···

       720
       720
        
       		nil,

     

       721
       721
        
       	)

     

       722
       722
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       723
       723
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       723
       723
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       724
       724
        
       

     

       725
       725
        
       	// Setup test data

     

       726
       726
        
       	ctx := context.Background()

+7 -7

tests/integration/timeline_test.go

···

       30
       30
        
       	// Setup services

     

       31
       31
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       32
       32
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       33
       33
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       33
       33
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       34
       34
        
       

     

       35
       35
        
       	ctx := context.Background()

     

       36
       36
        
       	testID := time.Now().UnixNano()

     
···

       119
       119
        
       	// Setup services

     

       120
       120
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       121
       121
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       122
       122
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       122
       122
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       123
       123
        
       

     

       124
       124
        
       	ctx := context.Background()

     

       125
       125
        
       	testID := time.Now().UnixNano()

     
···

       190
       190
        
       	// Setup services

     

       191
       191
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       192
       192
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       193
       193
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       193
       193
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       194
       194
        
       

     

       195
       195
        
       	ctx := context.Background()

     

       196
       196
        
       	testID := time.Now().UnixNano()

     
···

       266
       266
        
       	// Setup services

     

       267
       267
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       268
       268
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       269
       269
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       269
       269
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       270
       270
        
       

     

       271
       271
        
       	ctx := context.Background()

     

       272
       272
        
       	testID := time.Now().UnixNano()

     
···

       308
       308
        
       	// Setup services

     

       309
       309
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       310
       310
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       311
       311
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       311
       311
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       312
       312
        
       

     

       313
       313
        
       	// Request timeline WITHOUT auth context

     

       314
       314
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     
···

       337
       337
        
       	// Setup services

     

       338
       338
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       339
       339
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       340
       340
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       340
       340
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       341
       341
        
       

     

       342
       342
        
       	ctx := context.Background()

     

       343
       343
        
       	testID := time.Now().UnixNano()

     
···

       388
       388
        
       	// Setup services

     

       389
       389
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       390
       390
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       391
       391
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       391
       391
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       392
       392
        
       

     

       393
       393
        
       	ctx := context.Background()

     

       394
       394
        
       	testID := time.Now().UnixNano()

+1 -1

tests/integration/user_journey_e2e_test.go

···

       143
       143
        
       	r := chi.NewRouter()

     

       144
       144
        
       	routes.RegisterCommunityRoutes(r, communityService, e2eAuth.OAuthAuthMiddleware, nil) // nil = allow all community creators

     

       145
       145
        
       	routes.RegisterPostRoutes(r, postService, e2eAuth.OAuthAuthMiddleware)

     

       146
       146
       -
       	routes.RegisterTimelineRoutes(r, timelineService, e2eAuth.OAuthAuthMiddleware)

     

       146
       146
       +
       	routes.RegisterTimelineRoutes(r, timelineService, nil, e2eAuth.OAuthAuthMiddleware)

     

       147
       147
        
       	httpServer := httptest.NewServer(r)

     

       148
       148
        
       	defer httpServer.Close()

     

       149
       149