bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

fix(handlers): enforce lexicon compliance - DIDs only, no handles

**Breaking Change**: XRPC endpoints now strictly enforce lexicon spec.

Changed endpoints to reject handles and accept ONLY DIDs:
- social.coves.community.blockCommunity
- social.coves.community.unblockCommunity
- social.coves.community.subscribe
- social.coves.community.unsubscribe

Rationale:
1. Lexicon defines "subject" field with format: "did" (not "at-identifier")
2. Records are immutable and content-addressed - must use permanent DIDs
3. Handles can change (they're DNS pointers), DIDs cannot
4. Bluesky's app.bsky.graph.block uses same pattern (DID-only)

Previous behavior accepted both DIDs and handles, resolving handles to
DIDs internally. This was convenient but violated the lexicon contract.

Impact:
- Clients must resolve handles to DIDs before calling these endpoints
- Matches standard atProto patterns for block/subscription records
- Ensures federation compatibility

This aligns our implementation with the lexicon specification and
atProto best practices.

bretton.dev cc003261 d80dd0fd

options
unified split
Changed files
+54 -43
internal
api
handlers
community
block.go
subscribe.go
+31 -39
internal/api/handlers/community/block.go 
···

       
23

       
 

       
}


     

       
24

       
 

       



     

       
25

       
 

       
// HandleBlock blocks a community


     

       
26

       
-

       
// POST /xrpc/social.coves.community.block


     

       
27

       
-

       
// Body: { "community": "did:plc:xxx" or "!gaming@coves.social" }


     

       

       

       
     

       

       

       
     

       

       

       
     

       
28

       
 

       
func (h *BlockHandler) HandleBlock(w http.ResponseWriter, r *http.Request) {


     

       
29

       
 

       
	if r.Method != http.MethodPost {


     

       
30

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
33

       
 

       



     

       
34

       
 

       
	// Parse request body


     

       
35

       
 

       
	var req struct {


     

       
36

       
-

       
		Community string `json:"community"` // DID or handle


     

       
37

       
 

       
	}


     

       
38

       
 

       



     

       
39

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
46

       
 

       
		return


     

       
47

       
 

       
	}


     

       
48

       
 

       



     

       
49

       
-

       
	// Validate format (DID or handle) with proper regex patterns


     

       
50

       
-

       
	if strings.HasPrefix(req.Community, "did:") {


     

       
51

       
-

       
		// Validate DID format: did:method:identifier


     

       
52

       
-

       
		// atProto supports did:plc and did:web


     

       
53

       
-

       
		didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)


     

       
54

       
-

       
		if !didRegex.MatchString(req.Community) {


     

       
55

       
-

       
			writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")


     

       
56

       
-

       
			return


     

       
57

       
-

       
		}


     

       
58

       
-

       
	} else if strings.HasPrefix(req.Community, "!") {


     

       
59

       
-

       
		// Validate handle format: !name@domain.tld


     

       
60

       
-

       
		if !strings.Contains(req.Community, "@") {


     

       
61

       
-

       
			writeError(w, http.StatusBadRequest, "InvalidRequest", "handle must contain @domain")


     

       
62

       
-

       
			return


     

       
63

       
-

       
		}


     

       
64

       
-

       
	} else {


     

       
65

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
66

       
-

       
			"community must be a DID (did:plc:...) or handle (!name@instance.com)")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
67

       
 

       
		return


     

       
68

       
 

       
	}


     

       
69

       
 

       



     
···

       
103

       
 

       
}


     

       
104

       
 

       



     

       
105

       
 

       
// HandleUnblock unblocks a community


     

       
106

       
-

       
// POST /xrpc/social.coves.community.unblock


     

       
107

       
-

       
// Body: { "community": "did:plc:xxx" or "!gaming@coves.social" }


     

       

       

       
     

       

       

       
     

       
108

       
 

       
func (h *BlockHandler) HandleUnblock(w http.ResponseWriter, r *http.Request) {


     

       
109

       
 

       
	if r.Method != http.MethodPost {


     

       
110

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
113

       
 

       



     

       
114

       
 

       
	// Parse request body


     

       
115

       
 

       
	var req struct {


     

       
116

       
-

       
		Community string `json:"community"`


     

       
117

       
 

       
	}


     

       
118

       
 

       



     

       
119

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
126

       
 

       
		return


     

       
127

       
 

       
	}


     

       
128

       
 

       



     

       
129

       
-

       
	// Validate format (DID or handle) with proper regex patterns


     

       
130

       
-

       
	if strings.HasPrefix(req.Community, "did:") {


     

       
131

       
-

       
		// Validate DID format: did:method:identifier


     

       
132

       
-

       
		didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)


     

       
133

       
-

       
		if !didRegex.MatchString(req.Community) {


     

       
134

       
-

       
			writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")


     

       
135

       
-

       
			return


     

       
136

       
-

       
		}


     

       
137

       
-

       
	} else if strings.HasPrefix(req.Community, "!") {


     

       
138

       
-

       
		// Validate handle format: !name@domain.tld


     

       
139

       
-

       
		if !strings.Contains(req.Community, "@") {


     

       
140

       
-

       
			writeError(w, http.StatusBadRequest, "InvalidRequest", "handle must contain @domain")


     

       
141

       
-

       
			return


     

       
142

       
-

       
		}


     

       
143

       
-

       
	} else {


     

       
144

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
145

       
-

       
			"community must be a DID (did:plc:...) or handle (!name@instance.com)")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
146

       
 

       
		return


     

       
147

       
 

       
	}


     

       
148

       
 

       



     
···

       
23

       
 

       
}


     

       
24

       
 

       



     

       
25

       
 

       
// HandleBlock blocks a community


     

       
26

       
+

       
// POST /xrpc/social.coves.community.blockCommunity


     

       
27

       
+

       
//


     

       
28

       
+

       
// Request body: { "community": "did:plc:xxx" }


     

       
29

       
+

       
// Note: Per lexicon spec, only DIDs are accepted (not handles).


     

       
30

       
+

       
// The block record's "subject" field requires format: "did".


     

       
31

       
 

       
func (h *BlockHandler) HandleBlock(w http.ResponseWriter, r *http.Request) {


     

       
32

       
 

       
	if r.Method != http.MethodPost {


     

       
33

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
36

       
 

       



     

       
37

       
 

       
	// Parse request body


     

       
38

       
 

       
	var req struct {


     

       
39

       
+

       
		Community string `json:"community"` // DID only (per lexicon)


     

       
40

       
 

       
	}


     

       
41

       
 

       



     

       
42

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
49

       
 

       
		return


     

       
50

       
 

       
	}


     

       
51

       
 

       



     

       
52

       
+

       
	// Validate DID format (per lexicon: format must be "did")


     

       
53

       
+

       
	if !strings.HasPrefix(req.Community, "did:") {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
54

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
55

       
+

       
			"community must be a DID (did:plc:... or did:web:...)")


     

       
56

       
+

       
		return


     

       
57

       
+

       
	}


     

       
58

       
+

       



     

       
59

       
+

       
	// Validate DID format with regex: did:method:identifier


     

       
60

       
+

       
	didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)


     

       
61

       
+

       
	if !didRegex.MatchString(req.Community) {


     

       
62

       
+

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")


     

       
63

       
 

       
		return


     

       
64

       
 

       
	}


     

       
65

       
 

       



     
···

       
99

       
 

       
}


     

       
100

       
 

       



     

       
101

       
 

       
// HandleUnblock unblocks a community


     

       
102

       
+

       
// POST /xrpc/social.coves.community.unblockCommunity


     

       
103

       
+

       
//


     

       
104

       
+

       
// Request body: { "community": "did:plc:xxx" }


     

       
105

       
+

       
// Note: Per lexicon spec, only DIDs are accepted (not handles).


     

       
106

       
 

       
func (h *BlockHandler) HandleUnblock(w http.ResponseWriter, r *http.Request) {


     

       
107

       
 

       
	if r.Method != http.MethodPost {


     

       
108

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
111

       
 

       



     

       
112

       
 

       
	// Parse request body


     

       
113

       
 

       
	var req struct {


     

       
114

       
+

       
		Community string `json:"community"` // DID only (per lexicon)


     

       
115

       
 

       
	}


     

       
116

       
 

       



     

       
117

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
124

       
 

       
		return


     

       
125

       
 

       
	}


     

       
126

       
 

       



     

       
127

       
+

       
	// Validate DID format (per lexicon: format must be "did")


     

       
128

       
+

       
	if !strings.HasPrefix(req.Community, "did:") {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
129

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
130

       
+

       
			"community must be a DID (did:plc:... or did:web:...)")


     

       
131

       
+

       
		return


     

       
132

       
+

       
	}


     

       
133

       
+

       



     

       
134

       
+

       
	// Validate DID format with regex: did:method:identifier


     

       
135

       
+

       
	didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)


     

       
136

       
+

       
	if !didRegex.MatchString(req.Community) {


     

       
137

       
+

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")


     

       
138

       
 

       
		return


     

       
139

       
 

       
	}


     

       
140
+23 -4
internal/api/handlers/community/subscribe.go 
···

       
6

       
 

       
	"encoding/json"


     

       
7

       
 

       
	"log"


     

       
8

       
 

       
	"net/http"


     

       

       

       
     

       
9

       
 

       
)


     

       
10

       
 

       



     

       
11

       
 

       
// SubscribeHandler handles community subscriptions


     
···

       
22

       
 

       



     

       
23

       
 

       
// HandleSubscribe subscribes a user to a community


     

       
24

       
 

       
// POST /xrpc/social.coves.community.subscribe


     

       
25

       
-

       
// Body: { "community": "did:plc:xxx" or "!gaming@coves.social" }


     

       

       

       
     

       

       

       
     

       
26

       
 

       
func (h *SubscribeHandler) HandleSubscribe(w http.ResponseWriter, r *http.Request) {


     

       
27

       
 

       
	if r.Method != http.MethodPost {


     

       
28

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
31

       
 

       



     

       
32

       
 

       
	// Parse request body


     

       
33

       
 

       
	var req struct {


     

       
34

       
-

       
		Community         string `json:"community"`


     

       
35

       
 

       
		ContentVisibility int    `json:"contentVisibility"` // Optional: 1-5 scale, defaults to 3


     

       
36

       
 

       
	}


     

       
37

       
 

       



     
···

       
42

       
 

       



     

       
43

       
 

       
	if req.Community == "" {


     

       
44

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "community is required")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
45

       
 

       
		return


     

       
46

       
 

       
	}


     

       
47

       
 

       



     
···

       
82

       
 

       



     

       
83

       
 

       
// HandleUnsubscribe unsubscribes a user from a community


     

       
84

       
 

       
// POST /xrpc/social.coves.community.unsubscribe


     

       
85

       
-

       
// Body: { "community": "did:plc:xxx" or "!gaming@coves.social" }


     

       

       

       
     

       

       

       
     

       
86

       
 

       
func (h *SubscribeHandler) HandleUnsubscribe(w http.ResponseWriter, r *http.Request) {


     

       
87

       
 

       
	if r.Method != http.MethodPost {


     

       
88

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
91

       
 

       



     

       
92

       
 

       
	// Parse request body


     

       
93

       
 

       
	var req struct {


     

       
94

       
-

       
		Community string `json:"community"`


     

       
95

       
 

       
	}


     

       
96

       
 

       



     

       
97

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
101

       
 

       



     

       
102

       
 

       
	if req.Community == "" {


     

       
103

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "community is required")


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
104

       
 

       
		return


     

       
105

       
 

       
	}


     

       
106

       
 

       



     
···

       
6

       
 

       
	"encoding/json"


     

       
7

       
 

       
	"log"


     

       
8

       
 

       
	"net/http"


     

       
9

       
+

       
	"strings"


     

       
10

       
 

       
)


     

       
11

       
 

       



     

       
12

       
 

       
// SubscribeHandler handles community subscriptions


     
···

       
23

       
 

       



     

       
24

       
 

       
// HandleSubscribe subscribes a user to a community


     

       
25

       
 

       
// POST /xrpc/social.coves.community.subscribe


     

       
26

       
+

       
//


     

       
27

       
+

       
// Request body: { "community": "did:plc:xxx", "contentVisibility": 3 }


     

       
28

       
+

       
// Note: Per lexicon spec, only DIDs are accepted for the "subject" field (not handles).


     

       
29

       
 

       
func (h *SubscribeHandler) HandleSubscribe(w http.ResponseWriter, r *http.Request) {


     

       
30

       
 

       
	if r.Method != http.MethodPost {


     

       
31

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
34

       
 

       



     

       
35

       
 

       
	// Parse request body


     

       
36

       
 

       
	var req struct {


     

       
37

       
+

       
		Community         string `json:"community"` // DID only (per lexicon)


     

       
38

       
 

       
		ContentVisibility int    `json:"contentVisibility"` // Optional: 1-5 scale, defaults to 3


     

       
39

       
 

       
	}


     

       
40

       
 

       



     
···

       
45

       
 

       



     

       
46

       
 

       
	if req.Community == "" {


     

       
47

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "community is required")


     

       
48

       
+

       
		return


     

       
49

       
+

       
	}


     

       
50

       
+

       



     

       
51

       
+

       
	// Validate DID format (per lexicon: subject field requires format "did")


     

       
52

       
+

       
	if !strings.HasPrefix(req.Community, "did:") {


     

       
53

       
+

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
54

       
+

       
			"community must be a DID (did:plc:... or did:web:...)")


     

       
55

       
 

       
		return


     

       
56

       
 

       
	}


     

       
57

       
 

       



     
···

       
92

       
 

       



     

       
93

       
 

       
// HandleUnsubscribe unsubscribes a user from a community


     

       
94

       
 

       
// POST /xrpc/social.coves.community.unsubscribe


     

       
95

       
+

       
//


     

       
96

       
+

       
// Request body: { "community": "did:plc:xxx" }


     

       
97

       
+

       
// Note: Per lexicon spec, only DIDs are accepted (not handles).


     

       
98

       
 

       
func (h *SubscribeHandler) HandleUnsubscribe(w http.ResponseWriter, r *http.Request) {


     

       
99

       
 

       
	if r.Method != http.MethodPost {


     

       
100

       
 

       
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)


     
···

       
103

       
 

       



     

       
104

       
 

       
	// Parse request body


     

       
105

       
 

       
	var req struct {


     

       
106

       
+

       
		Community string `json:"community"` // DID only (per lexicon)


     

       
107

       
 

       
	}


     

       
108

       
 

       



     

       
109

       
 

       
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {


     
···

       
113

       
 

       



     

       
114

       
 

       
	if req.Community == "" {


     

       
115

       
 

       
		writeError(w, http.StatusBadRequest, "InvalidRequest", "community is required")


     

       
116

       
+

       
		return


     

       
117

       
+

       
	}


     

       
118

       
+

       



     

       
119

       
+

       
	// Validate DID format (per lexicon: subject field requires format "did")


     

       
120

       
+

       
	if !strings.HasPrefix(req.Community, "did:") {


     

       
121

       
+

       
		writeError(w, http.StatusBadRequest, "InvalidRequest",


     

       
122

       
+

       
			"community must be a DID (did:plc:... or did:web:...)")


     

       
123

       
 

       
		return


     

       
124

       
 

       
	}


     

       
125