bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

feat(communities): implement blocking service layer with write-forward

Implement service layer for community blocking following atProto
write-forward architecture:

- BlockCommunity: Creates block record on PDS using user's access token,
handles duplicate errors gracefully by fetching existing block
- UnblockCommunity: Deletes block record from PDS, extracts rkey from URI
- GetBlockedCommunities: Queries AppView with pagination
- IsBlocked: Fast boolean check for block status

Key architectural decisions:
- Write-forward pattern: All mutations go through PDS first
- Race condition fix: Removed preemptive existence check, rely on PDS
duplicate detection + repository ON CONFLICT handling
- User authentication: Uses user's access token (not instance token)
- Identifier resolution: Supports both DIDs and handles via
resolveCommunityIdentifier

Resolves race condition identified in PR review.

bretton.dev d125cd50 8341ab5f

options
unified split
Changed files
+117
internal
core
communities
service.go
+117
internal/core/communities/service.go 
···

       
516

       
516

       
 

       
	return s.repo.ListMembers(ctx, communityDID, limit, offset)


     

       
517

       
517

       
 

       
}


     

       
518

       
518

       
 

       



     

       

       
519

       
+

       
// BlockCommunity blocks a community via write-forward to PDS


     

       

       
520

       
+

       
func (s *communityService) BlockCommunity(ctx context.Context, userDID, userAccessToken, communityIdentifier string) (*CommunityBlock, error) {


     

       

       
521

       
+

       
	if userDID == "" {


     

       

       
522

       
+

       
		return nil, NewValidationError("userDid", "required")


     

       

       
523

       
+

       
	}


     

       

       
524

       
+

       
	if userAccessToken == "" {


     

       

       
525

       
+

       
		return nil, NewValidationError("userAccessToken", "required")


     

       

       
526

       
+

       
	}


     

       

       
527

       
+

       



     

       

       
528

       
+

       
	// Resolve community identifier


     

       

       
529

       
+

       
	communityDID, err := s.ResolveCommunityIdentifier(ctx, communityIdentifier)


     

       

       
530

       
+

       
	if err != nil {


     

       

       
531

       
+

       
		return nil, err


     

       

       
532

       
+

       
	}


     

       

       
533

       
+

       



     

       

       
534

       
+

       
	// Verify community exists


     

       

       
535

       
+

       
	_, err = s.repo.GetByDID(ctx, communityDID)


     

       

       
536

       
+

       
	if err != nil {


     

       

       
537

       
+

       
		return nil, err


     

       

       
538

       
+

       
	}


     

       

       
539

       
+

       



     

       

       
540

       
+

       
	// Build block record


     

       

       
541

       
+

       
	// CRITICAL: Collection is social.coves.community.block (RECORD TYPE)


     

       

       
542

       
+

       
	// This record will be created in the USER's repository: at://user_did/social.coves.community.block/{tid}


     

       

       
543

       
+

       
	// Following atProto conventions and Bluesky's app.bsky.graph.block pattern


     

       

       
544

       
+

       
	blockRecord := map[string]interface{}{


     

       

       
545

       
+

       
		"$type":     "social.coves.community.block",


     

       

       
546

       
+

       
		"subject":   communityDID, // DID of community being blocked


     

       

       
547

       
+

       
		"createdAt": time.Now().Format(time.RFC3339),


     

       

       
548

       
+

       
	}


     

       

       
549

       
+

       



     

       

       
550

       
+

       
	// Write-forward: create block record in user's repo using their access token


     

       

       
551

       
+

       
	// Note: We don't check for existing blocks first because:


     

       

       
552

       
+

       
	// 1. The PDS may reject duplicates (depending on implementation)


     

       

       
553

       
+

       
	// 2. The repository layer handles idempotency with ON CONFLICT DO NOTHING


     

       

       
554

       
+

       
	// 3. This avoids a race condition where two concurrent requests both pass the check


     

       

       
555

       
+

       
	recordURI, recordCID, err := s.createRecordOnPDSAs(ctx, userDID, "social.coves.community.block", "", blockRecord, userAccessToken)


     

       

       
556

       
+

       
	if err != nil {


     

       

       
557

       
+

       
		// Check if this is a duplicate error from PDS


     

       

       
558

       
+

       
		errMsg := err.Error()


     

       

       
559

       
+

       
		if strings.Contains(errMsg, "duplicate") || strings.Contains(errMsg, "already exists") {


     

       

       
560

       
+

       
			// Fetch and return existing block from our indexed view


     

       

       
561

       
+

       
			existingBlock, getErr := s.repo.GetBlock(ctx, userDID, communityDID)


     

       

       
562

       
+

       
			if getErr == nil {


     

       

       
563

       
+

       
				return existingBlock, nil


     

       

       
564

       
+

       
			}


     

       

       
565

       
+

       
			// If we can't find it in our index, return the original PDS error


     

       

       
566

       
+

       
		}


     

       

       
567

       
+

       
		return nil, fmt.Errorf("failed to create block on PDS: %w", err)


     

       

       
568

       
+

       
	}


     

       

       
569

       
+

       



     

       

       
570

       
+

       
	// Return block representation


     

       

       
571

       
+

       
	block := &CommunityBlock{


     

       

       
572

       
+

       
		UserDID:      userDID,


     

       

       
573

       
+

       
		CommunityDID: communityDID,


     

       

       
574

       
+

       
		BlockedAt:    time.Now(),


     

       

       
575

       
+

       
		RecordURI:    recordURI,


     

       

       
576

       
+

       
		RecordCID:    recordCID,


     

       

       
577

       
+

       
	}


     

       

       
578

       
+

       



     

       

       
579

       
+

       
	return block, nil


     

       

       
580

       
+

       
}


     

       

       
581

       
+

       



     

       

       
582

       
+

       
// UnblockCommunity removes a block via PDS delete


     

       

       
583

       
+

       
func (s *communityService) UnblockCommunity(ctx context.Context, userDID, userAccessToken, communityIdentifier string) error {


     

       

       
584

       
+

       
	if userDID == "" {


     

       

       
585

       
+

       
		return NewValidationError("userDid", "required")


     

       

       
586

       
+

       
	}


     

       

       
587

       
+

       
	if userAccessToken == "" {


     

       

       
588

       
+

       
		return NewValidationError("userAccessToken", "required")


     

       

       
589

       
+

       
	}


     

       

       
590

       
+

       



     

       

       
591

       
+

       
	// Resolve community identifier


     

       

       
592

       
+

       
	communityDID, err := s.ResolveCommunityIdentifier(ctx, communityIdentifier)


     

       

       
593

       
+

       
	if err != nil {


     

       

       
594

       
+

       
		return err


     

       

       
595

       
+

       
	}


     

       

       
596

       
+

       



     

       

       
597

       
+

       
	// Get the block from AppView to find the record key


     

       

       
598

       
+

       
	block, err := s.repo.GetBlock(ctx, userDID, communityDID)


     

       

       
599

       
+

       
	if err != nil {


     

       

       
600

       
+

       
		return err


     

       

       
601

       
+

       
	}


     

       

       
602

       
+

       



     

       

       
603

       
+

       
	// Extract rkey from record URI (at://did/collection/rkey)


     

       

       
604

       
+

       
	rkey := extractRKeyFromURI(block.RecordURI)


     

       

       
605

       
+

       
	if rkey == "" {


     

       

       
606

       
+

       
		return fmt.Errorf("invalid block record URI")


     

       

       
607

       
+

       
	}


     

       

       
608

       
+

       



     

       

       
609

       
+

       
	// Write-forward: delete record from PDS using user's access token


     

       

       
610

       
+

       
	if err := s.deleteRecordOnPDSAs(ctx, userDID, "social.coves.community.block", rkey, userAccessToken); err != nil {


     

       

       
611

       
+

       
		return fmt.Errorf("failed to delete block on PDS: %w", err)


     

       

       
612

       
+

       
	}


     

       

       
613

       
+

       



     

       

       
614

       
+

       
	return nil


     

       

       
615

       
+

       
}


     

       

       
616

       
+

       



     

       

       
617

       
+

       
// GetBlockedCommunities queries AppView DB for user's blocks


     

       

       
618

       
+

       
func (s *communityService) GetBlockedCommunities(ctx context.Context, userDID string, limit, offset int) ([]*CommunityBlock, error) {


     

       

       
619

       
+

       
	if limit <= 0 || limit > 100 {


     

       

       
620

       
+

       
		limit = 50


     

       

       
621

       
+

       
	}


     

       

       
622

       
+

       



     

       

       
623

       
+

       
	return s.repo.ListBlockedCommunities(ctx, userDID, limit, offset)


     

       

       
624

       
+

       
}


     

       

       
625

       
+

       



     

       

       
626

       
+

       
// IsBlocked checks if a user has blocked a community


     

       

       
627

       
+

       
func (s *communityService) IsBlocked(ctx context.Context, userDID, communityIdentifier string) (bool, error) {


     

       

       
628

       
+

       
	communityDID, err := s.ResolveCommunityIdentifier(ctx, communityIdentifier)


     

       

       
629

       
+

       
	if err != nil {


     

       

       
630

       
+

       
		return false, err


     

       

       
631

       
+

       
	}


     

       

       
632

       
+

       



     

       

       
633

       
+

       
	return s.repo.IsBlocked(ctx, userDID, communityDID)


     

       

       
634

       
+

       
}


     

       

       
635

       
+

       



     

       
519

       
636

       
 

       
// ValidateHandle checks if a community handle is valid


     

       
520

       
637

       
 

       
func (s *communityService) ValidateHandle(handle string) error {


     

       
521

       
638

       
 

       
	if handle == "" {