commit f48ccb0f9f47eea86703931033917f7825f5b314 · bretton.dev/coves

+19

Makefile

···

       122
        
       	@echo ""

     

       123
        
       	@echo "$(GREEN)✓ E2E tests complete!$(RESET)"

     

       124
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       125
        
       test-db-reset: ## Reset test database

     

       126
        
       	@echo "$(GREEN)Resetting test database...$(RESET)"

     

       127
        
       	@docker-compose -f docker-compose.dev.yml --env-file .env.dev --profile test rm -sf postgres-test

···

       122
        
       	@echo ""

     

       123
        
       	@echo "$(GREEN)✓ E2E tests complete!$(RESET)"

     

       124
        
       

     

       125
       +
       e2e-vote-test: ## Run vote E2E tests (requires: make dev-up)

     

       126
       +
       	@echo "$(CYAN)========================================$(RESET)"

     

       127
       +
       	@echo "$(CYAN)  E2E Test: Vote System                $(RESET)"

     

       128
       +
       	@echo "$(CYAN)========================================$(RESET)"

     

       129
       +
       	@echo ""

     

       130
       +
       	@echo "$(CYAN)Prerequisites:$(RESET)"

     

       131
       +
       	@echo "  1. Run 'make dev-up' (starts PDS + Jetstream + PostgreSQL)"

     

       132
       +
       	@echo "  2. Test database will be used (port 5434)"

     

       133
       +
       	@echo ""

     

       134
       +
       	@echo "$(GREEN)Running vote E2E tests...$(RESET)"

     

       135
       +
       	@echo ""

     

       136
       +
       	@echo "$(CYAN)Running simulated E2E test (fast)...$(RESET)"

     

       137
       +
       	@go test ./tests/integration -run TestVote_E2E_WithJetstream -v

     

       138
       +
       	@echo ""

     

       139
       +
       	@echo "$(CYAN)Running live PDS E2E test (requires PDS + Jetstream)...$(RESET)"

     

       140
       +
       	@go test ./tests/integration -run TestVote_E2E_LivePDS -v || echo "$(YELLOW)Live PDS test skipped (run 'make dev-up' first)$(RESET)"

     

       141
       +
       	@echo ""

     

       142
       +
       	@echo "$(GREEN)✓ Vote E2E tests complete!$(RESET)"

     

       143
       +
       

     

       144
        
       test-db-reset: ## Reset test database

     

       145
        
       	@echo "$(GREEN)Resetting test database...$(RESET)"

     

       146
        
       	@docker-compose -f docker-compose.dev.yml --env-file .env.dev --profile test rm -sf postgres-test

+30

cmd/server/main.go

···

       13
        
       	"Coves/internal/core/posts"

     

       14
        
       	"Coves/internal/core/timeline"

     

       15
        
       	"Coves/internal/core/users"

     

       0
        
       
     

       16
        
       	"bytes"

     

       17
        
       	"context"

     

       18
        
       	"database/sql"

     
···

       281
        
       	postRepo := postgresRepo.NewPostRepository(db)

     

       282
        
       	postService := posts.NewPostService(postRepo, communityService, aggregatorService, defaultPDS)

     

       283
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       284
        
       	// Initialize feed service

     

       285
        
       	feedRepo := postgresRepo.NewCommunityFeedRepository(db)

     

       286
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     
···

       344
        
       	log.Println("  - Indexing: social.coves.aggregator.service (service declarations)")

     

       345
        
       	log.Println("  - Indexing: social.coves.aggregator.authorization (authorization records)")

     

       346
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       347
        
       	// Register XRPC routes

     

       348
        
       	routes.RegisterUserRoutes(r, userService)

     

       349
        
       	routes.RegisterCommunityRoutes(r, communityService, authMiddleware)

     
···

       351
        
       

     

       352
        
       	routes.RegisterPostRoutes(r, postService, authMiddleware)

     

       353
        
       	log.Println("Post XRPC endpoints registered with OAuth authentication")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       354
        
       

     

       355
        
       	routes.RegisterCommunityFeedRoutes(r, feedService)

     

       356
        
       	log.Println("Feed XRPC endpoints registered (public, no auth required)")

···

       13
        
       	"Coves/internal/core/posts"

     

       14
        
       	"Coves/internal/core/timeline"

     

       15
        
       	"Coves/internal/core/users"

     

       16
       +
       	"Coves/internal/core/votes"

     

       17
        
       	"bytes"

     

       18
        
       	"context"

     

       19
        
       	"database/sql"

     
···

       282
        
       	postRepo := postgresRepo.NewPostRepository(db)

     

       283
        
       	postService := posts.NewPostService(postRepo, communityService, aggregatorService, defaultPDS)

     

       284
        
       

     

       285
       +
       	// Initialize vote service

     

       286
       +
       	voteRepo := postgresRepo.NewVoteRepository(db)

     

       287
       +
       	voteService := votes.NewVoteService(voteRepo, postRepo, defaultPDS)

     

       288
       +
       	log.Println("✅ Vote service initialized")

     

       289
       +
       

     

       290
        
       	// Initialize feed service

     

       291
        
       	feedRepo := postgresRepo.NewCommunityFeedRepository(db)

     

       292
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     
···

       350
        
       	log.Println("  - Indexing: social.coves.aggregator.service (service declarations)")

     

       351
        
       	log.Println("  - Indexing: social.coves.aggregator.authorization (authorization records)")

     

       352
        
       

     

       353
       +
       	// Start Jetstream consumer for votes

     

       354
       +
       	// This consumer indexes votes from user repositories and updates post vote counts

     

       355
       +
       	voteJetstreamURL := os.Getenv("VOTE_JETSTREAM_URL")

     

       356
       +
       	if voteJetstreamURL == "" {

     

       357
       +
       		// Listen to vote record CREATE/DELETE events from user repositories

     

       358
       +
       		voteJetstreamURL = "ws://localhost:6008/subscribe?wantedCollections=social.coves.interaction.vote"

     

       359
       +
       	}

     

       360
       +
       

     

       361
       +
       	voteEventConsumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       362
       +
       	voteJetstreamConnector := jetstream.NewVoteJetstreamConnector(voteEventConsumer, voteJetstreamURL)

     

       363
       +
       

     

       364
       +
       	go func() {

     

       365
       +
       		if startErr := voteJetstreamConnector.Start(ctx); startErr != nil {

     

       366
       +
       			log.Printf("Vote Jetstream consumer stopped: %v", startErr)

     

       367
       +
       		}

     

       368
       +
       	}()

     

       369
       +
       

     

       370
       +
       	log.Printf("Started Jetstream vote consumer: %s", voteJetstreamURL)

     

       371
       +
       	log.Println("  - Indexing: social.coves.interaction.vote CREATE/DELETE operations")

     

       372
       +
       	log.Println("  - Updating: Post vote counts atomically")

     

       373
       +
       

     

       374
        
       	// Register XRPC routes

     

       375
        
       	routes.RegisterUserRoutes(r, userService)

     

       376
        
       	routes.RegisterCommunityRoutes(r, communityService, authMiddleware)

     
···

       378
        
       

     

       379
        
       	routes.RegisterPostRoutes(r, postService, authMiddleware)

     

       380
        
       	log.Println("Post XRPC endpoints registered with OAuth authentication")

     

       381
       +
       

     

       382
       +
       	routes.RegisterVoteRoutes(r, voteService, authMiddleware)

     

       383
       +
       	log.Println("Vote XRPC endpoints registered with OAuth authentication")

     

       384
        
       

     

       385
        
       	routes.RegisterCommunityFeedRoutes(r, feedService)

     

       386
        
       	log.Println("Feed XRPC endpoints registered (public, no auth required)")

go.mod

···

       71
        
       	github.com/segmentio/asm v1.2.0 // indirect

     

       72
        
       	github.com/sethvargo/go-retry v0.3.0 // indirect

     

       73
        
       	github.com/spaolacci/murmur3 v1.1.0 // indirect

     

       0
        
       
     

       74
        
       	github.com/whyrusleeping/cbor-gen v0.2.1-0.20241030202151-b7a6831be65e // indirect

     

       75
        
       	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect

     

       76
        
       	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect

···

       71
        
       	github.com/segmentio/asm v1.2.0 // indirect

     

       72
        
       	github.com/sethvargo/go-retry v0.3.0 // indirect

     

       73
        
       	github.com/spaolacci/murmur3 v1.1.0 // indirect

     

       74
       +
       	github.com/stretchr/objx v0.5.2 // indirect

     

       75
        
       	github.com/whyrusleeping/cbor-gen v0.2.1-0.20241030202151-b7a6831be65e // indirect

     

       76
        
       	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect

     

       77
        
       	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect

go.sum

···

       172
        
       github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

     

       173
        
       github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=

     

       174
        
       github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

     

       0
        
       
     

       0
        
       
     

       175
        
       github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=

     

       176
        
       github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=

     

       177
        
       github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=

···

       172
        
       github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

     

       173
        
       github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=

     

       174
        
       github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

     

       175
       +
       github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=

     

       176
       +
       github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=

     

       177
        
       github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=

     

       178
        
       github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=

     

       179
        
       github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=

+19

internal/api/handlers/errors.go

···

       1
       +
       package handlers

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"encoding/json"

     

       5
       +
       	"log"

     

       6
       +
       	"net/http"

     

       7
       +
       )

     

       8
       +
       

     

       9
       +
       // WriteError writes a standardized JSON error response

     

       10
       +
       func WriteError(w http.ResponseWriter, statusCode int, errorType, message string) {

     

       11
       +
       	w.Header().Set("Content-Type", "application/json")

     

       12
       +
       	w.WriteHeader(statusCode)

     

       13
       +
       	if err := json.NewEncoder(w).Encode(map[string]interface{}{

     

       14
       +
       		"error":   errorType,

     

       15
       +
       		"message": message,

     

       16
       +
       	}); err != nil {

     

       17
       +
       		log.Printf("Failed to encode error response: %v", err)

     

       18
       +
       	}

     

       19
       +
       }

+129

internal/api/handlers/vote/create_vote.go

···

       1
       +
       package vote

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/core/votes"

     

       7
       +
       	"encoding/json"

     

       8
       +
       	"log"

     

       9
       +
       	"net/http"

     

       10
       +
       )

     

       11
       +
       

     

       12
       +
       // CreateVoteHandler handles vote creation

     

       13
       +
       type CreateVoteHandler struct {

     

       14
       +
       	service votes.Service

     

       15
       +
       }

     

       16
       +
       

     

       17
       +
       // NewCreateVoteHandler creates a new create vote handler

     

       18
       +
       func NewCreateVoteHandler(service votes.Service) *CreateVoteHandler {

     

       19
       +
       	return &CreateVoteHandler{

     

       20
       +
       		service: service,

     

       21
       +
       	}

     

       22
       +
       }

     

       23
       +
       

     

       24
       +
       // HandleCreateVote creates a vote or toggles an existing vote

     

       25
       +
       // POST /xrpc/social.coves.interaction.createVote

     

       26
       +
       //

     

       27
       +
       // Request body: { "subject": "at://...", "direction": "up" | "down" }

     

       28
       +
       func (h *CreateVoteHandler) HandleCreateVote(w http.ResponseWriter, r *http.Request) {

     

       29
       +
       	if r.Method != http.MethodPost {

     

       30
       +
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     

       31
       +
       		return

     

       32
       +
       	}

     

       33
       +
       

     

       34
       +
       	// Parse request body

     

       35
       +
       	var req votes.CreateVoteRequest

     

       36
       +
       

     

       37
       +
       	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {

     

       38
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "Invalid request body")

     

       39
       +
       		return

     

       40
       +
       	}

     

       41
       +
       

     

       42
       +
       	if req.Subject == "" {

     

       43
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "subject is required")

     

       44
       +
       		return

     

       45
       +
       	}

     

       46
       +
       

     

       47
       +
       	if req.Direction == "" {

     

       48
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "direction is required")

     

       49
       +
       		return

     

       50
       +
       	}

     

       51
       +
       

     

       52
       +
       	if req.Direction != "up" && req.Direction != "down" {

     

       53
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "direction must be 'up' or 'down'")

     

       54
       +
       		return

     

       55
       +
       	}

     

       56
       +
       

     

       57
       +
       	// Extract authenticated user DID and access token from request context (injected by auth middleware)

     

       58
       +
       	voterDID := middleware.GetUserDID(r)

     

       59
       +
       	if voterDID == "" {

     

       60
       +
       		handlers.WriteError(w, http.StatusUnauthorized, "AuthRequired", "Authentication required")

     

       61
       +
       		return

     

       62
       +
       	}

     

       63
       +
       

     

       64
       +
       	userAccessToken := middleware.GetUserAccessToken(r)

     

       65
       +
       	if userAccessToken == "" {

     

       66
       +
       		handlers.WriteError(w, http.StatusUnauthorized, "AuthRequired", "Missing access token")

     

       67
       +
       		return

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	// Create vote via service (write-forward to user's PDS)

     

       71
       +
       	response, err := h.service.CreateVote(r.Context(), voterDID, userAccessToken, req)

     

       72
       +
       	if err != nil {

     

       73
       +
       		handleServiceError(w, err)

     

       74
       +
       		return

     

       75
       +
       	}

     

       76
       +
       

     

       77
       +
       	// Handle toggle-off case (vote was deleted, not created)

     

       78
       +
       	if response.URI == "" {

     

       79
       +
       		// Vote was toggled off (deleted)

     

       80
       +
       		w.Header().Set("Content-Type", "application/json")

     

       81
       +
       		w.WriteHeader(http.StatusOK)

     

       82
       +
       		if err := json.NewEncoder(w).Encode(map[string]interface{}{

     

       83
       +
       			"deleted": true,

     

       84
       +
       		}); err != nil {

     

       85
       +
       			log.Printf("Failed to encode response: %v", err)

     

       86
       +
       		}

     

       87
       +
       		return

     

       88
       +
       	}

     

       89
       +
       

     

       90
       +
       	// Return success response

     

       91
       +
       	responseMap := map[string]interface{}{

     

       92
       +
       		"uri": response.URI,

     

       93
       +
       		"cid": response.CID,

     

       94
       +
       	}

     

       95
       +
       

     

       96
       +
       	if response.Existing != nil {

     

       97
       +
       		responseMap["existing"] = *response.Existing

     

       98
       +
       	}

     

       99
       +
       

     

       100
       +
       	w.Header().Set("Content-Type", "application/json")

     

       101
       +
       	w.WriteHeader(http.StatusOK)

     

       102
       +
       	if err := json.NewEncoder(w).Encode(responseMap); err != nil {

     

       103
       +
       		log.Printf("Failed to encode response: %v", err)

     

       104
       +
       	}

     

       105
       +
       }

     

       106
       +
       

     

       107
       +
       // handleServiceError converts service errors to HTTP responses

     

       108
       +
       func handleServiceError(w http.ResponseWriter, err error) {

     

       109
       +
       	switch err {

     

       110
       +
       	case votes.ErrVoteNotFound:

     

       111
       +
       		handlers.WriteError(w, http.StatusNotFound, "VoteNotFound", "Vote not found")

     

       112
       +
       	case votes.ErrSubjectNotFound:

     

       113
       +
       		handlers.WriteError(w, http.StatusNotFound, "SubjectNotFound", "Post or comment not found")

     

       114
       +
       	case votes.ErrInvalidDirection:

     

       115
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "Invalid vote direction")

     

       116
       +
       	case votes.ErrInvalidSubject:

     

       117
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "Invalid subject URI")

     

       118
       +
       	case votes.ErrVoteAlreadyExists:

     

       119
       +
       		handlers.WriteError(w, http.StatusConflict, "VoteAlreadyExists", "Vote already exists")

     

       120
       +
       	case votes.ErrNotAuthorized:

     

       121
       +
       		handlers.WriteError(w, http.StatusForbidden, "NotAuthorized", "Not authorized")

     

       122
       +
       	case votes.ErrBanned:

     

       123
       +
       		handlers.WriteError(w, http.StatusForbidden, "Banned", "User is banned from this community")

     

       124
       +
       	default:

     

       125
       +
       		// Check for validation errors

     

       126
       +
       		log.Printf("Vote creation error: %v", err)

     

       127
       +
       		handlers.WriteError(w, http.StatusInternalServerError, "InternalError", "Failed to create vote")

     

       128
       +
       	}

     

       129
       +
       }

+75

internal/api/handlers/vote/delete_vote.go

···

       1
       +
       package vote

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/core/votes"

     

       7
       +
       	"encoding/json"

     

       8
       +
       	"log"

     

       9
       +
       	"net/http"

     

       10
       +
       )

     

       11
       +
       

     

       12
       +
       // DeleteVoteHandler handles vote deletion

     

       13
       +
       type DeleteVoteHandler struct {

     

       14
       +
       	service votes.Service

     

       15
       +
       }

     

       16
       +
       

     

       17
       +
       // NewDeleteVoteHandler creates a new delete vote handler

     

       18
       +
       func NewDeleteVoteHandler(service votes.Service) *DeleteVoteHandler {

     

       19
       +
       	return &DeleteVoteHandler{

     

       20
       +
       		service: service,

     

       21
       +
       	}

     

       22
       +
       }

     

       23
       +
       

     

       24
       +
       // HandleDeleteVote removes a vote from a post/comment

     

       25
       +
       // POST /xrpc/social.coves.interaction.deleteVote

     

       26
       +
       //

     

       27
       +
       // Request body: { "subject": "at://..." }

     

       28
       +
       func (h *DeleteVoteHandler) HandleDeleteVote(w http.ResponseWriter, r *http.Request) {

     

       29
       +
       	if r.Method != http.MethodPost {

     

       30
       +
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     

       31
       +
       		return

     

       32
       +
       	}

     

       33
       +
       

     

       34
       +
       	// Parse request body

     

       35
       +
       	var req votes.DeleteVoteRequest

     

       36
       +
       

     

       37
       +
       	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {

     

       38
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "Invalid request body")

     

       39
       +
       		return

     

       40
       +
       	}

     

       41
       +
       

     

       42
       +
       	if req.Subject == "" {

     

       43
       +
       		handlers.WriteError(w, http.StatusBadRequest, "InvalidRequest", "subject is required")

     

       44
       +
       		return

     

       45
       +
       	}

     

       46
       +
       

     

       47
       +
       	// Extract authenticated user DID and access token from request context (injected by auth middleware)

     

       48
       +
       	voterDID := middleware.GetUserDID(r)

     

       49
       +
       	if voterDID == "" {

     

       50
       +
       		handlers.WriteError(w, http.StatusUnauthorized, "AuthRequired", "Authentication required")

     

       51
       +
       		return

     

       52
       +
       	}

     

       53
       +
       

     

       54
       +
       	userAccessToken := middleware.GetUserAccessToken(r)

     

       55
       +
       	if userAccessToken == "" {

     

       56
       +
       		handlers.WriteError(w, http.StatusUnauthorized, "AuthRequired", "Missing access token")

     

       57
       +
       		return

     

       58
       +
       	}

     

       59
       +
       

     

       60
       +
       	// Delete vote via service (delete record on PDS)

     

       61
       +
       	err := h.service.DeleteVote(r.Context(), voterDID, userAccessToken, req)

     

       62
       +
       	if err != nil {

     

       63
       +
       		handleServiceError(w, err)

     

       64
       +
       		return

     

       65
       +
       	}

     

       66
       +
       

     

       67
       +
       	// Return success response

     

       68
       +
       	w.Header().Set("Content-Type", "application/json")

     

       69
       +
       	w.WriteHeader(http.StatusOK)

     

       70
       +
       	if err := json.NewEncoder(w).Encode(map[string]interface{}{

     

       71
       +
       		"success": true,

     

       72
       +
       	}); err != nil {

     

       73
       +
       		log.Printf("Failed to encode response: %v", err)

     

       74
       +
       	}

     

       75
       +
       }

+24

internal/api/routes/vote.go

···

       1
       +
       package routes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers/vote"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/core/votes"

     

       7
       +
       

     

       8
       +
       	"github.com/go-chi/chi/v5"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       // RegisterVoteRoutes registers vote-related XRPC endpoints on the router

     

       12
       +
       // Implements social.coves.interaction.* lexicon endpoints for voting

     

       13
       +
       func RegisterVoteRoutes(r chi.Router, service votes.Service, authMiddleware *middleware.AtProtoAuthMiddleware) {

     

       14
       +
       	// Initialize handlers

     

       15
       +
       	createVoteHandler := vote.NewCreateVoteHandler(service)

     

       16
       +
       	deleteVoteHandler := vote.NewDeleteVoteHandler(service)

     

       17
       +
       

     

       18
       +
       	// Procedure endpoints (POST) - require authentication

     

       19
       +
       	// social.coves.interaction.createVote - create or toggle a vote on a post/comment

     

       20
       +
       	r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.interaction.createVote", createVoteHandler.HandleCreateVote)

     

       21
       +
       

     

       22
       +
       	// social.coves.interaction.deleteVote - delete a vote from a post/comment

     

       23
       +
       	r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.interaction.deleteVote", deleteVoteHandler.HandleDeleteVote)

     

       24
       +
       }

+379

internal/atproto/jetstream/vote_consumer.go

···

       1
       +
       package jetstream

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/users"

     

       5
       +
       	"Coves/internal/core/votes"

     

       6
       +
       	"context"

     

       7
       +
       	"database/sql"

     

       8
       +
       	"fmt"

     

       9
       +
       	"log"

     

       10
       +
       	"strings"

     

       11
       +
       	"time"

     

       12
       +
       )

     

       13
       +
       

     

       14
       +
       // VoteEventConsumer consumes vote-related events from Jetstream

     

       15
       +
       // Handles CREATE and DELETE operations for social.coves.interaction.vote

     

       16
       +
       type VoteEventConsumer struct {

     

       17
       +
       	voteRepo    votes.Repository

     

       18
       +
       	userService users.UserService

     

       19
       +
       	db          *sql.DB // Direct DB access for atomic vote count updates

     

       20
       +
       }

     

       21
       +
       

     

       22
       +
       // NewVoteEventConsumer creates a new Jetstream consumer for vote events

     

       23
       +
       func NewVoteEventConsumer(

     

       24
       +
       	voteRepo votes.Repository,

     

       25
       +
       	userService users.UserService,

     

       26
       +
       	db *sql.DB,

     

       27
       +
       ) *VoteEventConsumer {

     

       28
       +
       	return &VoteEventConsumer{

     

       29
       +
       		voteRepo:    voteRepo,

     

       30
       +
       		userService: userService,

     

       31
       +
       		db:          db,

     

       32
       +
       	}

     

       33
       +
       }

     

       34
       +
       

     

       35
       +
       // HandleEvent processes a Jetstream event for vote records

     

       36
       +
       func (c *VoteEventConsumer) HandleEvent(ctx context.Context, event *JetstreamEvent) error {

     

       37
       +
       	// We only care about commit events for vote records

     

       38
       +
       	if event.Kind != "commit" || event.Commit == nil {

     

       39
       +
       		return nil

     

       40
       +
       	}

     

       41
       +
       

     

       42
       +
       	commit := event.Commit

     

       43
       +
       

     

       44
       +
       	// Handle vote record operations

     

       45
       +
       	if commit.Collection == "social.coves.interaction.vote" {

     

       46
       +
       		switch commit.Operation {

     

       47
       +
       		case "create":

     

       48
       +
       			return c.createVote(ctx, event.Did, commit)

     

       49
       +
       		case "delete":

     

       50
       +
       			return c.deleteVote(ctx, event.Did, commit)

     

       51
       +
       		}

     

       52
       +
       	}

     

       53
       +
       

     

       54
       +
       	// Silently ignore other operations and collections

     

       55
       +
       	return nil

     

       56
       +
       }

     

       57
       +
       

     

       58
       +
       // createVote indexes a new vote from the firehose and updates post counts

     

       59
       +
       func (c *VoteEventConsumer) createVote(ctx context.Context, repoDID string, commit *CommitEvent) error {

     

       60
       +
       	if commit.Record == nil {

     

       61
       +
       		return fmt.Errorf("vote create event missing record data")

     

       62
       +
       	}

     

       63
       +
       

     

       64
       +
       	// Parse the vote record

     

       65
       +
       	voteRecord, err := parseVoteRecord(commit.Record)

     

       66
       +
       	if err != nil {

     

       67
       +
       		return fmt.Errorf("failed to parse vote record: %w", err)

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	// SECURITY: Validate this is a legitimate vote event

     

       71
       +
       	if err := c.validateVoteEvent(ctx, repoDID, voteRecord); err != nil {

     

       72
       +
       		log.Printf("🚨 SECURITY: Rejecting vote event: %v", err)

     

       73
       +
       		return err

     

       74
       +
       	}

     

       75
       +
       

     

       76
       +
       	// Build AT-URI for this vote

     

       77
       +
       	// Format: at://voter_did/social.coves.interaction.vote/rkey

     

       78
       +
       	uri := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", repoDID, commit.RKey)

     

       79
       +
       

     

       80
       +
       	// Parse timestamp from record

     

       81
       +
       	createdAt, err := time.Parse(time.RFC3339, voteRecord.CreatedAt)

     

       82
       +
       	if err != nil {

     

       83
       +
       		log.Printf("Warning: Failed to parse createdAt timestamp, using current time: %v", err)

     

       84
       +
       		createdAt = time.Now()

     

       85
       +
       	}

     

       86
       +
       

     

       87
       +
       	// Build vote entity

     

       88
       +
       	vote := &votes.Vote{

     

       89
       +
       		URI:        uri,

     

       90
       +
       		CID:        commit.CID,

     

       91
       +
       		RKey:       commit.RKey,

     

       92
       +
       		VoterDID:   repoDID, // Vote comes from user's repository

     

       93
       +
       		SubjectURI: voteRecord.Subject.URI,

     

       94
       +
       		SubjectCID: voteRecord.Subject.CID,

     

       95
       +
       		Direction:  voteRecord.Direction,

     

       96
       +
       		CreatedAt:  createdAt,

     

       97
       +
       		IndexedAt:  time.Now(),

     

       98
       +
       	}

     

       99
       +
       

     

       100
       +
       	// Atomically: Index vote + Update post counts

     

       101
       +
       	if err := c.indexVoteAndUpdateCounts(ctx, vote); err != nil {

     

       102
       +
       		return fmt.Errorf("failed to index vote and update counts: %w", err)

     

       103
       +
       	}

     

       104
       +
       

     

       105
       +
       	log.Printf("✓ Indexed vote: %s (%s on %s)", uri, vote.Direction, vote.SubjectURI)

     

       106
       +
       	return nil

     

       107
       +
       }

     

       108
       +
       

     

       109
       +
       // deleteVote soft-deletes a vote and updates post counts

     

       110
       +
       func (c *VoteEventConsumer) deleteVote(ctx context.Context, repoDID string, commit *CommitEvent) error {

     

       111
       +
       	// Build AT-URI for the vote being deleted

     

       112
       +
       	uri := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", repoDID, commit.RKey)

     

       113
       +
       

     

       114
       +
       	// Get existing vote to know its direction (for decrementing the right counter)

     

       115
       +
       	existingVote, err := c.voteRepo.GetByURI(ctx, uri)

     

       116
       +
       	if err != nil {

     

       117
       +
       		if err == votes.ErrVoteNotFound {

     

       118
       +
       			// Idempotent: Vote already deleted or never existed

     

       119
       +
       			log.Printf("Vote already deleted or not found: %s", uri)

     

       120
       +
       			return nil

     

       121
       +
       		}

     

       122
       +
       		return fmt.Errorf("failed to get existing vote: %w", err)

     

       123
       +
       	}

     

       124
       +
       

     

       125
       +
       	// Atomically: Soft-delete vote + Update post counts

     

       126
       +
       	if err := c.deleteVoteAndUpdateCounts(ctx, existingVote); err != nil {

     

       127
       +
       		return fmt.Errorf("failed to delete vote and update counts: %w", err)

     

       128
       +
       	}

     

       129
       +
       

     

       130
       +
       	log.Printf("✓ Deleted vote: %s (%s on %s)", uri, existingVote.Direction, existingVote.SubjectURI)

     

       131
       +
       	return nil

     

       132
       +
       }

     

       133
       +
       

     

       134
       +
       // indexVoteAndUpdateCounts atomically indexes a vote and updates post vote counts

     

       135
       +
       func (c *VoteEventConsumer) indexVoteAndUpdateCounts(ctx context.Context, vote *votes.Vote) error {

     

       136
       +
       	tx, err := c.db.BeginTx(ctx, nil)

     

       137
       +
       	if err != nil {

     

       138
       +
       		return fmt.Errorf("failed to begin transaction: %w", err)

     

       139
       +
       	}

     

       140
       +
       	defer func() {

     

       141
       +
       		if rollbackErr := tx.Rollback(); rollbackErr != nil && rollbackErr != sql.ErrTxDone {

     

       142
       +
       			log.Printf("Failed to rollback transaction: %v", rollbackErr)

     

       143
       +
       		}

     

       144
       +
       	}()

     

       145
       +
       

     

       146
       +
       	// 1. Index the vote (idempotent with ON CONFLICT DO NOTHING)

     

       147
       +
       	query := `

     

       148
       +
       		INSERT INTO votes (

     

       149
       +
       			uri, cid, rkey, voter_did,

     

       150
       +
       			subject_uri, subject_cid, direction,

     

       151
       +
       			created_at, indexed_at

     

       152
       +
       		) VALUES (

     

       153
       +
       			$1, $2, $3, $4,

     

       154
       +
       			$5, $6, $7,

     

       155
       +
       			$8, NOW()

     

       156
       +
       		)

     

       157
       +
       		ON CONFLICT (uri) DO NOTHING

     

       158
       +
       		RETURNING id

     

       159
       +
       	`

     

       160
       +
       

     

       161
       +
       	var voteID int64

     

       162
       +
       	err = tx.QueryRowContext(

     

       163
       +
       		ctx, query,

     

       164
       +
       		vote.URI, vote.CID, vote.RKey, vote.VoterDID,

     

       165
       +
       		vote.SubjectURI, vote.SubjectCID, vote.Direction,

     

       166
       +
       		vote.CreatedAt,

     

       167
       +
       	).Scan(&voteID)

     

       168
       +
       

     

       169
       +
       	// If no rows returned, vote already exists (idempotent - OK for Jetstream replays)

     

       170
       +
       	if err == sql.ErrNoRows {

     

       171
       +
       		log.Printf("Vote already indexed: %s (idempotent)", vote.URI)

     

       172
       +
       		if commitErr := tx.Commit(); commitErr != nil {

     

       173
       +
       			return fmt.Errorf("failed to commit transaction: %w", commitErr)

     

       174
       +
       		}

     

       175
       +
       		return nil

     

       176
       +
       	}

     

       177
       +
       

     

       178
       +
       	if err != nil {

     

       179
       +
       		return fmt.Errorf("failed to insert vote: %w", err)

     

       180
       +
       	}

     

       181
       +
       

     

       182
       +
       	// 2. Update post vote counts atomically

     

       183
       +
       	// Increment upvote_count or downvote_count based on direction

     

       184
       +
       	// Also update score (upvote_count - downvote_count)

     

       185
       +
       	var updateQuery string

     

       186
       +
       	if vote.Direction == "up" {

     

       187
       +
       		updateQuery = `

     

       188
       +
       			UPDATE posts

     

       189
       +
       			SET upvote_count = upvote_count + 1,

     

       190
       +
       			    score = upvote_count + 1 - downvote_count

     

       191
       +
       			WHERE uri = $1 AND deleted_at IS NULL

     

       192
       +
       		`

     

       193
       +
       	} else { // "down"

     

       194
       +
       		updateQuery = `

     

       195
       +
       			UPDATE posts

     

       196
       +
       			SET downvote_count = downvote_count + 1,

     

       197
       +
       			    score = upvote_count - (downvote_count + 1)

     

       198
       +
       			WHERE uri = $1 AND deleted_at IS NULL

     

       199
       +
       		`

     

       200
       +
       	}

     

       201
       +
       

     

       202
       +
       	result, err := tx.ExecContext(ctx, updateQuery, vote.SubjectURI)

     

       203
       +
       	if err != nil {

     

       204
       +
       		return fmt.Errorf("failed to update post counts: %w", err)

     

       205
       +
       	}

     

       206
       +
       

     

       207
       +
       	rowsAffected, err := result.RowsAffected()

     

       208
       +
       	if err != nil {

     

       209
       +
       		return fmt.Errorf("failed to check update result: %w", err)

     

       210
       +
       	}

     

       211
       +
       

     

       212
       +
       	// If post doesn't exist or is deleted, that's OK (vote still indexed)

     

       213
       +
       	// Future: We could validate post exists before indexing vote

     

       214
       +
       	if rowsAffected == 0 {

     

       215
       +
       		log.Printf("Warning: Post not found or deleted: %s (vote indexed anyway)", vote.SubjectURI)

     

       216
       +
       	}

     

       217
       +
       

     

       218
       +
       	// Commit transaction

     

       219
       +
       	if err := tx.Commit(); err != nil {

     

       220
       +
       		return fmt.Errorf("failed to commit transaction: %w", err)

     

       221
       +
       	}

     

       222
       +
       

     

       223
       +
       	return nil

     

       224
       +
       }

     

       225
       +
       

     

       226
       +
       // deleteVoteAndUpdateCounts atomically soft-deletes a vote and updates post vote counts

     

       227
       +
       func (c *VoteEventConsumer) deleteVoteAndUpdateCounts(ctx context.Context, vote *votes.Vote) error {

     

       228
       +
       	tx, err := c.db.BeginTx(ctx, nil)

     

       229
       +
       	if err != nil {

     

       230
       +
       		return fmt.Errorf("failed to begin transaction: %w", err)

     

       231
       +
       	}

     

       232
       +
       	defer func() {

     

       233
       +
       		if rollbackErr := tx.Rollback(); rollbackErr != nil && rollbackErr != sql.ErrTxDone {

     

       234
       +
       			log.Printf("Failed to rollback transaction: %v", rollbackErr)

     

       235
       +
       		}

     

       236
       +
       	}()

     

       237
       +
       

     

       238
       +
       	// 1. Soft-delete the vote (idempotent)

     

       239
       +
       	deleteQuery := `

     

       240
       +
       		UPDATE votes

     

       241
       +
       		SET deleted_at = NOW()

     

       242
       +
       		WHERE uri = $1 AND deleted_at IS NULL

     

       243
       +
       	`

     

       244
       +
       

     

       245
       +
       	result, err := tx.ExecContext(ctx, deleteQuery, vote.URI)

     

       246
       +
       	if err != nil {

     

       247
       +
       		return fmt.Errorf("failed to delete vote: %w", err)

     

       248
       +
       	}

     

       249
       +
       

     

       250
       +
       	rowsAffected, err := result.RowsAffected()

     

       251
       +
       	if err != nil {

     

       252
       +
       		return fmt.Errorf("failed to check delete result: %w", err)

     

       253
       +
       	}

     

       254
       +
       

     

       255
       +
       	// Idempotent: If no rows affected, vote already deleted

     

       256
       +
       	if rowsAffected == 0 {

     

       257
       +
       		log.Printf("Vote already deleted: %s (idempotent)", vote.URI)

     

       258
       +
       		if commitErr := tx.Commit(); commitErr != nil {

     

       259
       +
       			return fmt.Errorf("failed to commit transaction: %w", commitErr)

     

       260
       +
       		}

     

       261
       +
       		return nil

     

       262
       +
       	}

     

       263
       +
       

     

       264
       +
       	// 2. Decrement post vote counts atomically

     

       265
       +
       	// Decrement upvote_count or downvote_count based on direction

     

       266
       +
       	// Also update score (use GREATEST to prevent negative counts)

     

       267
       +
       	var updateQuery string

     

       268
       +
       	if vote.Direction == "up" {

     

       269
       +
       		updateQuery = `

     

       270
       +
       			UPDATE posts

     

       271
       +
       			SET upvote_count = GREATEST(0, upvote_count - 1),

     

       272
       +
       			    score = GREATEST(0, upvote_count - 1) - downvote_count

     

       273
       +
       			WHERE uri = $1 AND deleted_at IS NULL

     

       274
       +
       		`

     

       275
       +
       	} else { // "down"

     

       276
       +
       		updateQuery = `

     

       277
       +
       			UPDATE posts

     

       278
       +
       			SET downvote_count = GREATEST(0, downvote_count - 1),

     

       279
       +
       			    score = upvote_count - GREATEST(0, downvote_count - 1)

     

       280
       +
       			WHERE uri = $1 AND deleted_at IS NULL

     

       281
       +
       		`

     

       282
       +
       	}

     

       283
       +
       

     

       284
       +
       	result, err = tx.ExecContext(ctx, updateQuery, vote.SubjectURI)

     

       285
       +
       	if err != nil {

     

       286
       +
       		return fmt.Errorf("failed to update post counts: %w", err)

     

       287
       +
       	}

     

       288
       +
       

     

       289
       +
       	rowsAffected, err = result.RowsAffected()

     

       290
       +
       	if err != nil {

     

       291
       +
       		return fmt.Errorf("failed to check update result: %w", err)

     

       292
       +
       	}

     

       293
       +
       

     

       294
       +
       	// If post doesn't exist or is deleted, that's OK (vote still deleted)

     

       295
       +
       	if rowsAffected == 0 {

     

       296
       +
       		log.Printf("Warning: Post not found or deleted: %s (vote deleted anyway)", vote.SubjectURI)

     

       297
       +
       	}

     

       298
       +
       

     

       299
       +
       	// Commit transaction

     

       300
       +
       	if err := tx.Commit(); err != nil {

     

       301
       +
       		return fmt.Errorf("failed to commit transaction: %w", err)

     

       302
       +
       	}

     

       303
       +
       

     

       304
       +
       	return nil

     

       305
       +
       }

     

       306
       +
       

     

       307
       +
       // validateVoteEvent performs security validation on vote events

     

       308
       +
       func (c *VoteEventConsumer) validateVoteEvent(ctx context.Context, repoDID string, vote *VoteRecordFromJetstream) error {

     

       309
       +
       	// SECURITY: Votes MUST come from user repositories (repo owner = voter DID)

     

       310
       +
       	// The repository owner (repoDID) IS the voter - votes are stored in user repos.

     

       311
       +
       	//

     

       312
       +
       	// We do NOT check if the user exists in AppView because:

     

       313
       +
       	// 1. Vote events may arrive before user events in Jetstream (race condition)

     

       314
       +
       	// 2. The vote came from the user's PDS repository (authenticated by PDS)

     

       315
       +
       	// 3. The database FK constraint was removed to allow out-of-order indexing

     

       316
       +
       	// 4. Orphaned votes (from never-indexed users) are harmless

     

       317
       +
       	//

     

       318
       +
       	// Security is maintained because:

     

       319
       +
       	// - Vote must come from user's own PDS repository (verified by atProto)

     

       320
       +
       	// - Communities cannot create votes in their repos (different collection)

     

       321
       +
       	// - Fake DIDs will fail PDS authentication

     

       322
       +
       

     

       323
       +
       	// Validate DID format (basic sanity check)

     

       324
       +
       	if !strings.HasPrefix(repoDID, "did:") {

     

       325
       +
       		return fmt.Errorf("invalid voter DID format: %s", repoDID)

     

       326
       +
       	}

     

       327
       +
       

     

       328
       +
       	// Validate vote direction

     

       329
       +
       	if vote.Direction != "up" && vote.Direction != "down" {

     

       330
       +
       		return fmt.Errorf("invalid vote direction: %s (must be 'up' or 'down')", vote.Direction)

     

       331
       +
       	}

     

       332
       +
       

     

       333
       +
       	// Validate subject has both URI and CID (strong reference)

     

       334
       +
       	if vote.Subject.URI == "" || vote.Subject.CID == "" {

     

       335
       +
       		return fmt.Errorf("invalid subject: must have both URI and CID (strong reference)")

     

       336
       +
       	}

     

       337
       +
       

     

       338
       +
       	return nil

     

       339
       +
       }

     

       340
       +
       

     

       341
       +
       // VoteRecordFromJetstream represents a vote record as received from Jetstream

     

       342
       +
       type VoteRecordFromJetstream struct {

     

       343
       +
       	Subject   StrongRefFromJetstream `json:"subject"`

     

       344
       +
       	Direction string                 `json:"direction"`

     

       345
       +
       	CreatedAt string                 `json:"createdAt"`

     

       346
       +
       }

     

       347
       +
       

     

       348
       +
       // StrongRefFromJetstream represents a strong reference (URI + CID)

     

       349
       +
       type StrongRefFromJetstream struct {

     

       350
       +
       	URI string `json:"uri"`

     

       351
       +
       	CID string `json:"cid"`

     

       352
       +
       }

     

       353
       +
       

     

       354
       +
       // parseVoteRecord parses a vote record from Jetstream event data

     

       355
       +
       func parseVoteRecord(record map[string]interface{}) (*VoteRecordFromJetstream, error) {

     

       356
       +
       	// Extract subject (strong reference)

     

       357
       +
       	subjectMap, ok := record["subject"].(map[string]interface{})

     

       358
       +
       	if !ok {

     

       359
       +
       		return nil, fmt.Errorf("missing or invalid subject field")

     

       360
       +
       	}

     

       361
       +
       

     

       362
       +
       	subjectURI, _ := subjectMap["uri"].(string)

     

       363
       +
       	subjectCID, _ := subjectMap["cid"].(string)

     

       364
       +
       

     

       365
       +
       	// Extract direction

     

       366
       +
       	direction, _ := record["direction"].(string)

     

       367
       +
       

     

       368
       +
       	// Extract createdAt

     

       369
       +
       	createdAt, _ := record["createdAt"].(string)

     

       370
       +
       

     

       371
       +
       	return &VoteRecordFromJetstream{

     

       372
       +
       		Subject: StrongRefFromJetstream{

     

       373
       +
       			URI: subjectURI,

     

       374
       +
       			CID: subjectCID,

     

       375
       +
       		},

     

       376
       +
       		Direction: direction,

     

       377
       +
       		CreatedAt: createdAt,

     

       378
       +
       	}, nil

     

       379
       +
       }

+125

internal/atproto/jetstream/vote_jetstream_connector.go

···

       1
       +
       package jetstream

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"encoding/json"

     

       6
       +
       	"fmt"

     

       7
       +
       	"log"

     

       8
       +
       	"sync"

     

       9
       +
       	"time"

     

       10
       +
       

     

       11
       +
       	"github.com/gorilla/websocket"

     

       12
       +
       )

     

       13
       +
       

     

       14
       +
       // VoteJetstreamConnector handles WebSocket connection to Jetstream for vote events

     

       15
       +
       type VoteJetstreamConnector struct {

     

       16
       +
       	consumer *VoteEventConsumer

     

       17
       +
       	wsURL    string

     

       18
       +
       }

     

       19
       +
       

     

       20
       +
       // NewVoteJetstreamConnector creates a new Jetstream WebSocket connector for vote events

     

       21
       +
       func NewVoteJetstreamConnector(consumer *VoteEventConsumer, wsURL string) *VoteJetstreamConnector {

     

       22
       +
       	return &VoteJetstreamConnector{

     

       23
       +
       		consumer: consumer,

     

       24
       +
       		wsURL:    wsURL,

     

       25
       +
       	}

     

       26
       +
       }

     

       27
       +
       

     

       28
       +
       // Start begins consuming events from Jetstream

     

       29
       +
       // Runs indefinitely, reconnecting on errors

     

       30
       +
       func (c *VoteJetstreamConnector) Start(ctx context.Context) error {

     

       31
       +
       	log.Printf("Starting Jetstream vote consumer: %s", c.wsURL)

     

       32
       +
       

     

       33
       +
       	for {

     

       34
       +
       		select {

     

       35
       +
       		case <-ctx.Done():

     

       36
       +
       			log.Println("Jetstream vote consumer shutting down")

     

       37
       +
       			return ctx.Err()

     

       38
       +
       		default:

     

       39
       +
       			if err := c.connect(ctx); err != nil {

     

       40
       +
       				log.Printf("Jetstream vote connection error: %v. Retrying in 5s...", err)

     

       41
       +
       				time.Sleep(5 * time.Second)

     

       42
       +
       				continue

     

       43
       +
       			}

     

       44
       +
       		}

     

       45
       +
       	}

     

       46
       +
       }

     

       47
       +
       

     

       48
       +
       // connect establishes WebSocket connection and processes events

     

       49
       +
       func (c *VoteJetstreamConnector) connect(ctx context.Context) error {

     

       50
       +
       	conn, _, err := websocket.DefaultDialer.DialContext(ctx, c.wsURL, nil)

     

       51
       +
       	if err != nil {

     

       52
       +
       		return fmt.Errorf("failed to connect to Jetstream: %w", err)

     

       53
       +
       	}

     

       54
       +
       	defer func() {

     

       55
       +
       		if closeErr := conn.Close(); closeErr != nil {

     

       56
       +
       			log.Printf("Failed to close WebSocket connection: %v", closeErr)

     

       57
       +
       		}

     

       58
       +
       	}()

     

       59
       +
       

     

       60
       +
       	log.Println("Connected to Jetstream (vote consumer)")

     

       61
       +
       

     

       62
       +
       	// Set read deadline to detect connection issues

     

       63
       +
       	if err := conn.SetReadDeadline(time.Now().Add(60 * time.Second)); err != nil {

     

       64
       +
       		log.Printf("Failed to set read deadline: %v", err)

     

       65
       +
       	}

     

       66
       +
       

     

       67
       +
       	// Set pong handler to keep connection alive

     

       68
       +
       	conn.SetPongHandler(func(string) error {

     

       69
       +
       		if err := conn.SetReadDeadline(time.Now().Add(60 * time.Second)); err != nil {

     

       70
       +
       			log.Printf("Failed to set read deadline in pong handler: %v", err)

     

       71
       +
       		}

     

       72
       +
       		return nil

     

       73
       +
       	})

     

       74
       +
       

     

       75
       +
       	// Start ping ticker

     

       76
       +
       	ticker := time.NewTicker(30 * time.Second)

     

       77
       +
       	defer ticker.Stop()

     

       78
       +
       

     

       79
       +
       	done := make(chan struct{})

     

       80
       +
       	var closeOnce sync.Once // Ensure done channel is only closed once

     

       81
       +
       

     

       82
       +
       	// Ping goroutine

     

       83
       +
       	go func() {

     

       84
       +
       		for {

     

       85
       +
       			select {

     

       86
       +
       			case <-ticker.C:

     

       87
       +
       				if err := conn.WriteControl(websocket.PingMessage, []byte{}, time.Now().Add(10*time.Second)); err != nil {

     

       88
       +
       					log.Printf("Failed to send ping: %v", err)

     

       89
       +
       					closeOnce.Do(func() { close(done) })

     

       90
       +
       					return

     

       91
       +
       				}

     

       92
       +
       			case <-done:

     

       93
       +
       				return

     

       94
       +
       			}

     

       95
       +
       		}

     

       96
       +
       	}()

     

       97
       +
       

     

       98
       +
       	// Read loop

     

       99
       +
       	for {

     

       100
       +
       		select {

     

       101
       +
       		case <-done:

     

       102
       +
       			return fmt.Errorf("connection closed by ping failure")

     

       103
       +
       		default:

     

       104
       +
       		}

     

       105
       +
       

     

       106
       +
       		_, message, err := conn.ReadMessage()

     

       107
       +
       		if err != nil {

     

       108
       +
       			closeOnce.Do(func() { close(done) })

     

       109
       +
       			return fmt.Errorf("read error: %w", err)

     

       110
       +
       		}

     

       111
       +
       

     

       112
       +
       		// Parse Jetstream event

     

       113
       +
       		var event JetstreamEvent

     

       114
       +
       		if err := json.Unmarshal(message, &event); err != nil {

     

       115
       +
       			log.Printf("Failed to parse Jetstream event: %v", err)

     

       116
       +
       			continue

     

       117
       +
       		}

     

       118
       +
       

     

       119
       +
       		// Process event through consumer

     

       120
       +
       		if err := c.consumer.HandleEvent(ctx, &event); err != nil {

     

       121
       +
       			log.Printf("Failed to handle vote event: %v", err)

     

       122
       +
       			// Continue processing other events even if one fails

     

       123
       +
       		}

     

       124
       +
       	}

     

       125
       +
       }

+26

internal/core/votes/errors.go

···

       1
       +
       package votes

     

       2
       +
       

     

       3
       +
       import "errors"

     

       4
       +
       

     

       5
       +
       var (

     

       6
       +
       	// ErrVoteNotFound indicates the requested vote doesn't exist

     

       7
       +
       	ErrVoteNotFound = errors.New("vote not found")

     

       8
       +
       

     

       9
       +
       	// ErrSubjectNotFound indicates the post/comment being voted on doesn't exist

     

       10
       +
       	ErrSubjectNotFound = errors.New("subject not found")

     

       11
       +
       

     

       12
       +
       	// ErrInvalidDirection indicates the vote direction is not "up" or "down"

     

       13
       +
       	ErrInvalidDirection = errors.New("invalid vote direction: must be 'up' or 'down'")

     

       14
       +
       

     

       15
       +
       	// ErrInvalidSubject indicates the subject URI is malformed or invalid

     

       16
       +
       	ErrInvalidSubject = errors.New("invalid subject URI")

     

       17
       +
       

     

       18
       +
       	// ErrVoteAlreadyExists indicates a vote already exists on this subject

     

       19
       +
       	ErrVoteAlreadyExists = errors.New("vote already exists")

     

       20
       +
       

     

       21
       +
       	// ErrNotAuthorized indicates the user is not authorized to perform this action

     

       22
       +
       	ErrNotAuthorized = errors.New("not authorized")

     

       23
       +
       

     

       24
       +
       	// ErrBanned indicates the user is banned from the community

     

       25
       +
       	ErrBanned = errors.New("user is banned from this community")

     

       26
       +
       )

+54

internal/core/votes/interfaces.go

···

       1
       +
       package votes

     

       2
       +
       

     

       3
       +
       import "context"

     

       4
       +
       

     

       5
       +
       // Service defines the business logic interface for votes

     

       6
       +
       // Coordinates between Repository, user PDS, and vote validation

     

       7
       +
       type Service interface {

     

       8
       +
       	// CreateVote creates a new vote or toggles an existing vote

     

       9
       +
       	// Flow: Validate -> Check existing vote -> Handle toggle logic -> Write to user's PDS -> Return URI/CID

     

       10
       +
       	// AppView indexing happens asynchronously via Jetstream consumer

     

       11
       +
       	// Toggle logic:

     

       12
       +
       	//   - No vote -> Create vote

     

       13
       +
       	//   - Same direction -> Delete vote (toggle off)

     

       14
       +
       	//   - Different direction -> Delete old + Create new (toggle direction)

     

       15
       +
       	CreateVote(ctx context.Context, voterDID string, userAccessToken string, req CreateVoteRequest) (*CreateVoteResponse, error)

     

       16
       +
       

     

       17
       +
       	// DeleteVote removes a vote from a post/comment

     

       18
       +
       	// Flow: Find vote -> Verify ownership -> Delete from user's PDS

     

       19
       +
       	// AppView decrements vote count asynchronously via Jetstream consumer

     

       20
       +
       	DeleteVote(ctx context.Context, voterDID string, userAccessToken string, req DeleteVoteRequest) error

     

       21
       +
       

     

       22
       +
       	// GetVote retrieves a user's vote on a specific subject

     

       23
       +
       	// Used to check vote state before creating/toggling

     

       24
       +
       	GetVote(ctx context.Context, voterDID string, subjectURI string) (*Vote, error)

     

       25
       +
       }

     

       26
       +
       

     

       27
       +
       // Repository defines the data access interface for votes

     

       28
       +
       // Used by Jetstream consumer to index votes from firehose

     

       29
       +
       type Repository interface {

     

       30
       +
       	// Create inserts a new vote into the AppView database

     

       31
       +
       	// Called by Jetstream consumer after vote is created on PDS

     

       32
       +
       	// Idempotent: ON CONFLICT DO NOTHING for duplicate URIs

     

       33
       +
       	Create(ctx context.Context, vote *Vote) error

     

       34
       +
       

     

       35
       +
       	// GetByURI retrieves a vote by its AT-URI

     

       36
       +
       	// Used for Jetstream DELETE operations

     

       37
       +
       	GetByURI(ctx context.Context, uri string) (*Vote, error)

     

       38
       +
       

     

       39
       +
       	// GetByVoterAndSubject retrieves a user's vote on a specific subject

     

       40
       +
       	// Used to check existing vote state

     

       41
       +
       	GetByVoterAndSubject(ctx context.Context, voterDID string, subjectURI string) (*Vote, error)

     

       42
       +
       

     

       43
       +
       	// Delete soft-deletes a vote (sets deleted_at)

     

       44
       +
       	// Called by Jetstream consumer after vote is deleted from PDS

     

       45
       +
       	Delete(ctx context.Context, uri string) error

     

       46
       +
       

     

       47
       +
       	// ListBySubject retrieves all votes on a specific post/comment

     

       48
       +
       	// Future: Used for vote detail views

     

       49
       +
       	ListBySubject(ctx context.Context, subjectURI string, limit, offset int) ([]*Vote, error)

     

       50
       +
       

     

       51
       +
       	// ListByVoter retrieves all votes by a specific user

     

       52
       +
       	// Future: Used for user voting history

     

       53
       +
       	ListByVoter(ctx context.Context, voterDID string, limit, offset int) ([]*Vote, error)

     

       54
       +
       }

+399

internal/core/votes/service.go

···

       1
       +
       package votes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/posts"

     

       5
       +
       	"bytes"

     

       6
       +
       	"context"

     

       7
       +
       	"encoding/json"

     

       8
       +
       	"fmt"

     

       9
       +
       	"io"

     

       10
       +
       	"log"

     

       11
       +
       	"net/http"

     

       12
       +
       	"strings"

     

       13
       +
       	"time"

     

       14
       +
       )

     

       15
       +
       

     

       16
       +
       type voteService struct {

     

       17
       +
       	repo     Repository

     

       18
       +
       	postRepo posts.Repository

     

       19
       +
       	pdsURL   string

     

       20
       +
       }

     

       21
       +
       

     

       22
       +
       // NewVoteService creates a new vote service

     

       23
       +
       func NewVoteService(

     

       24
       +
       	repo Repository,

     

       25
       +
       	postRepo posts.Repository,

     

       26
       +
       	pdsURL string,

     

       27
       +
       ) Service {

     

       28
       +
       	return &voteService{

     

       29
       +
       		repo:     repo,

     

       30
       +
       		postRepo: postRepo,

     

       31
       +
       		pdsURL:   pdsURL,

     

       32
       +
       	}

     

       33
       +
       }

     

       34
       +
       

     

       35
       +
       // CreateVote creates a new vote or toggles an existing vote

     

       36
       +
       // Toggle logic:

     

       37
       +
       //   - No vote -> Create vote

     

       38
       +
       //   - Same direction -> Delete vote (toggle off)

     

       39
       +
       //   - Different direction -> Delete old + Create new (toggle direction)

     

       40
       +
       func (s *voteService) CreateVote(ctx context.Context, voterDID string, userAccessToken string, req CreateVoteRequest) (*CreateVoteResponse, error) {

     

       41
       +
       	// 1. Validate input

     

       42
       +
       	if voterDID == "" {

     

       43
       +
       		return nil, NewValidationError("voterDid", "required")

     

       44
       +
       	}

     

       45
       +
       	if userAccessToken == "" {

     

       46
       +
       		return nil, NewValidationError("userAccessToken", "required")

     

       47
       +
       	}

     

       48
       +
       	if req.Subject == "" {

     

       49
       +
       		return nil, NewValidationError("subject", "required")

     

       50
       +
       	}

     

       51
       +
       	if req.Direction != "up" && req.Direction != "down" {

     

       52
       +
       		return nil, ErrInvalidDirection

     

       53
       +
       	}

     

       54
       +
       

     

       55
       +
       	// 2. Validate subject URI format (should be at://...)

     

       56
       +
       	if !strings.HasPrefix(req.Subject, "at://") {

     

       57
       +
       		return nil, ErrInvalidSubject

     

       58
       +
       	}

     

       59
       +
       

     

       60
       +
       	// 3. Get subject post/comment to verify it exists and get its CID (for strong reference)

     

       61
       +
       	// For now, we assume the subject is a post. In the future, we'll support comments too.

     

       62
       +
       	post, err := s.postRepo.GetByURI(ctx, req.Subject)

     

       63
       +
       	if err != nil {

     

       64
       +
       		if err == posts.ErrNotFound {

     

       65
       +
       			return nil, ErrSubjectNotFound

     

       66
       +
       		}

     

       67
       +
       		return nil, fmt.Errorf("failed to get subject post: %w", err)

     

       68
       +
       	}

     

       69
       +
       

     

       70
       +
       	// 4. Check for existing vote on PDS (source of truth for toggle logic)

     

       71
       +
       	// IMPORTANT: We query the user's PDS directly instead of AppView to avoid race conditions.

     

       72
       +
       	// AppView is eventually consistent (updated via Jetstream), so querying it can cause

     

       73
       +
       	// duplicate vote records if the user toggles before Jetstream catches up.

     

       74
       +
       	existingVoteRecord, err := s.findVoteOnPDS(ctx, voterDID, userAccessToken, req.Subject)

     

       75
       +
       	if err != nil {

     

       76
       +
       		return nil, fmt.Errorf("failed to check existing vote on PDS: %w", err)

     

       77
       +
       	}

     

       78
       +
       

     

       79
       +
       	// 5. Handle toggle logic

     

       80
       +
       	var existingVoteURI *string

     

       81
       +
       

     

       82
       +
       	if existingVoteRecord != nil {

     

       83
       +
       		// Vote exists on PDS - implement toggle logic

     

       84
       +
       		if existingVoteRecord.Direction == req.Direction {

     

       85
       +
       			// Same direction -> Delete vote (toggle off)

     

       86
       +
       			log.Printf("[VOTE-CREATE] Toggle off: deleting existing %s vote on %s", req.Direction, req.Subject)

     

       87
       +
       

     

       88
       +
       			// Delete from user's PDS

     

       89
       +
       			if err := s.deleteRecordOnPDSAs(ctx, voterDID, "social.coves.interaction.vote", existingVoteRecord.RKey, userAccessToken); err != nil {

     

       90
       +
       				return nil, fmt.Errorf("failed to delete vote on PDS: %w", err)

     

       91
       +
       			}

     

       92
       +
       

     

       93
       +
       			// Return empty response (vote was deleted, not created)

     

       94
       +
       			return &CreateVoteResponse{

     

       95
       +
       				URI: "",

     

       96
       +
       				CID: "",

     

       97
       +
       			}, nil

     

       98
       +
       		}

     

       99
       +
       

     

       100
       +
       		// Different direction -> Delete old vote first, then create new one below

     

       101
       +
       		log.Printf("[VOTE-CREATE] Toggle direction: %s -> %s on %s", existingVoteRecord.Direction, req.Direction, req.Subject)

     

       102
       +
       

     

       103
       +
       		if err := s.deleteRecordOnPDSAs(ctx, voterDID, "social.coves.interaction.vote", existingVoteRecord.RKey, userAccessToken); err != nil {

     

       104
       +
       			return nil, fmt.Errorf("failed to delete old vote on PDS: %w", err)

     

       105
       +
       		}

     

       106
       +
       

     

       107
       +
       		existingVoteURI = &existingVoteRecord.URI

     

       108
       +
       	}

     

       109
       +
       

     

       110
       +
       	// 6. Build vote record with strong reference

     

       111
       +
       	voteRecord := map[string]interface{}{

     

       112
       +
       		"$type": "social.coves.interaction.vote",

     

       113
       +
       		"subject": map[string]interface{}{

     

       114
       +
       			"uri": req.Subject,

     

       115
       +
       			"cid": post.CID,

     

       116
       +
       		},

     

       117
       +
       		"direction": req.Direction,

     

       118
       +
       		"createdAt": time.Now().Format(time.RFC3339),

     

       119
       +
       	}

     

       120
       +
       

     

       121
       +
       	// 7. Write to user's PDS repository

     

       122
       +
       	recordURI, recordCID, err := s.createRecordOnPDSAs(ctx, voterDID, "social.coves.interaction.vote", "", voteRecord, userAccessToken)

     

       123
       +
       	if err != nil {

     

       124
       +
       		return nil, fmt.Errorf("failed to create vote on PDS: %w", err)

     

       125
       +
       	}

     

       126
       +
       

     

       127
       +
       	log.Printf("[VOTE-CREATE] Created %s vote: %s (CID: %s)", req.Direction, recordURI, recordCID)

     

       128
       +
       

     

       129
       +
       	// 8. Return response

     

       130
       +
       	return &CreateVoteResponse{

     

       131
       +
       		URI:      recordURI,

     

       132
       +
       		CID:      recordCID,

     

       133
       +
       		Existing: existingVoteURI,

     

       134
       +
       	}, nil

     

       135
       +
       }

     

       136
       +
       

     

       137
       +
       // DeleteVote removes a vote from a post/comment

     

       138
       +
       func (s *voteService) DeleteVote(ctx context.Context, voterDID string, userAccessToken string, req DeleteVoteRequest) error {

     

       139
       +
       	// 1. Validate input

     

       140
       +
       	if voterDID == "" {

     

       141
       +
       		return NewValidationError("voterDid", "required")

     

       142
       +
       	}

     

       143
       +
       	if userAccessToken == "" {

     

       144
       +
       		return NewValidationError("userAccessToken", "required")

     

       145
       +
       	}

     

       146
       +
       	if req.Subject == "" {

     

       147
       +
       		return NewValidationError("subject", "required")

     

       148
       +
       	}

     

       149
       +
       

     

       150
       +
       	// 2. Find existing vote on PDS (source of truth)

     

       151
       +
       	// IMPORTANT: Query PDS directly to avoid race conditions with AppView indexing

     

       152
       +
       	existingVoteRecord, err := s.findVoteOnPDS(ctx, voterDID, userAccessToken, req.Subject)

     

       153
       +
       	if err != nil {

     

       154
       +
       		return fmt.Errorf("failed to check existing vote on PDS: %w", err)

     

       155
       +
       	}

     

       156
       +
       

     

       157
       +
       	if existingVoteRecord == nil {

     

       158
       +
       		return ErrVoteNotFound

     

       159
       +
       	}

     

       160
       +
       

     

       161
       +
       	// 3. Delete from user's PDS

     

       162
       +
       	if err := s.deleteRecordOnPDSAs(ctx, voterDID, "social.coves.interaction.vote", existingVoteRecord.RKey, userAccessToken); err != nil {

     

       163
       +
       		return fmt.Errorf("failed to delete vote on PDS: %w", err)

     

       164
       +
       	}

     

       165
       +
       

     

       166
       +
       	log.Printf("[VOTE-DELETE] Deleted vote: %s", existingVoteRecord.URI)

     

       167
       +
       

     

       168
       +
       	return nil

     

       169
       +
       }

     

       170
       +
       

     

       171
       +
       // GetVote retrieves a user's vote on a specific subject

     

       172
       +
       func (s *voteService) GetVote(ctx context.Context, voterDID string, subjectURI string) (*Vote, error) {

     

       173
       +
       	return s.repo.GetByVoterAndSubject(ctx, voterDID, subjectURI)

     

       174
       +
       }

     

       175
       +
       

     

       176
       +
       // Helper methods for PDS operations

     

       177
       +
       

     

       178
       +
       // createRecordOnPDSAs creates a record on the PDS using the user's access token

     

       179
       +
       func (s *voteService) createRecordOnPDSAs(ctx context.Context, repoDID, collection, rkey string, record map[string]interface{}, accessToken string) (string, string, error) {

     

       180
       +
       	endpoint := fmt.Sprintf("%s/xrpc/com.atproto.repo.createRecord", strings.TrimSuffix(s.pdsURL, "/"))

     

       181
       +
       

     

       182
       +
       	payload := map[string]interface{}{

     

       183
       +
       		"repo":       repoDID,

     

       184
       +
       		"collection": collection,

     

       185
       +
       		"record":     record,

     

       186
       +
       	}

     

       187
       +
       

     

       188
       +
       	if rkey != "" {

     

       189
       +
       		payload["rkey"] = rkey

     

       190
       +
       	}

     

       191
       +
       

     

       192
       +
       	return s.callPDSWithAuth(ctx, "POST", endpoint, payload, accessToken)

     

       193
       +
       }

     

       194
       +
       

     

       195
       +
       // deleteRecordOnPDSAs deletes a record from the PDS using the user's access token

     

       196
       +
       func (s *voteService) deleteRecordOnPDSAs(ctx context.Context, repoDID, collection, rkey, accessToken string) error {

     

       197
       +
       	endpoint := fmt.Sprintf("%s/xrpc/com.atproto.repo.deleteRecord", strings.TrimSuffix(s.pdsURL, "/"))

     

       198
       +
       

     

       199
       +
       	payload := map[string]interface{}{

     

       200
       +
       		"repo":       repoDID,

     

       201
       +
       		"collection": collection,

     

       202
       +
       		"rkey":       rkey,

     

       203
       +
       	}

     

       204
       +
       

     

       205
       +
       	_, _, err := s.callPDSWithAuth(ctx, "POST", endpoint, payload, accessToken)

     

       206
       +
       	return err

     

       207
       +
       }

     

       208
       +
       

     

       209
       +
       // callPDSWithAuth makes a PDS call with a specific access token

     

       210
       +
       func (s *voteService) callPDSWithAuth(ctx context.Context, method, endpoint string, payload map[string]interface{}, accessToken string) (string, string, error) {

     

       211
       +
       	jsonData, err := json.Marshal(payload)

     

       212
       +
       	if err != nil {

     

       213
       +
       		return "", "", fmt.Errorf("failed to marshal payload: %w", err)

     

       214
       +
       	}

     

       215
       +
       

     

       216
       +
       	req, err := http.NewRequestWithContext(ctx, method, endpoint, bytes.NewBuffer(jsonData))

     

       217
       +
       	if err != nil {

     

       218
       +
       		return "", "", fmt.Errorf("failed to create request: %w", err)

     

       219
       +
       	}

     

       220
       +
       	req.Header.Set("Content-Type", "application/json")

     

       221
       +
       

     

       222
       +
       	// Add authentication with provided access token

     

       223
       +
       	if accessToken != "" {

     

       224
       +
       		req.Header.Set("Authorization", "Bearer "+accessToken)

     

       225
       +
       	}

     

       226
       +
       

     

       227
       +
       	// Use 30 second timeout for write operations

     

       228
       +
       	timeout := 30 * time.Second

     

       229
       +
       	client := &http.Client{Timeout: timeout}

     

       230
       +
       	resp, err := client.Do(req)

     

       231
       +
       	if err != nil {

     

       232
       +
       		return "", "", fmt.Errorf("failed to call PDS: %w", err)

     

       233
       +
       	}

     

       234
       +
       	defer func() {

     

       235
       +
       		if closeErr := resp.Body.Close(); closeErr != nil {

     

       236
       +
       			log.Printf("Failed to close response body: %v", closeErr)

     

       237
       +
       		}

     

       238
       +
       	}()

     

       239
       +
       

     

       240
       +
       	body, err := io.ReadAll(resp.Body)

     

       241
       +
       	if err != nil {

     

       242
       +
       		return "", "", fmt.Errorf("failed to read response: %w", err)

     

       243
       +
       	}

     

       244
       +
       

     

       245
       +
       	if resp.StatusCode < 200 || resp.StatusCode >= 300 {

     

       246
       +
       		return "", "", fmt.Errorf("PDS returned error %d: %s", resp.StatusCode, string(body))

     

       247
       +
       	}

     

       248
       +
       

     

       249
       +
       	// Parse response to extract URI and CID

     

       250
       +
       	var result struct {

     

       251
       +
       		URI string `json:"uri"`

     

       252
       +
       		CID string `json:"cid"`

     

       253
       +
       	}

     

       254
       +
       	if err := json.Unmarshal(body, &result); err != nil {

     

       255
       +
       		return "", "", fmt.Errorf("failed to parse PDS response: %w", err)

     

       256
       +
       	}

     

       257
       +
       

     

       258
       +
       	return result.URI, result.CID, nil

     

       259
       +
       }

     

       260
       +
       

     

       261
       +
       // Helper functions

     

       262
       +
       

     

       263
       +
       // PDSVoteRecord represents a vote record returned from PDS listRecords

     

       264
       +
       type PDSVoteRecord struct {

     

       265
       +
       	URI       string

     

       266
       +
       	RKey      string

     

       267
       +
       	Direction string

     

       268
       +
       	Subject   struct {

     

       269
       +
       		URI string

     

       270
       +
       		CID string

     

       271
       +
       	}

     

       272
       +
       }

     

       273
       +
       

     

       274
       +
       // findVoteOnPDS queries the user's PDS to find an existing vote on a specific subject

     

       275
       +
       // This is the source of truth for toggle logic (avoiding AppView race conditions)

     

       276
       +
       //

     

       277
       +
       // IMPORTANT: This function paginates through ALL user votes with reverse=true (newest first)

     

       278
       +
       // to handle users with >100 votes. Without pagination, votes on older posts would not be found,

     

       279
       +
       // causing duplicate vote records and 404 errors on delete operations.

     

       280
       +
       func (s *voteService) findVoteOnPDS(ctx context.Context, voterDID, accessToken, subjectURI string) (*PDSVoteRecord, error) {

     

       281
       +
       	const maxPages = 50 // Safety limit: prevent infinite loops (50 pages * 100 = 5000 votes max)

     

       282
       +
       	var cursor string

     

       283
       +
       	pageCount := 0

     

       284
       +
       

     

       285
       +
       	client := &http.Client{Timeout: 10 * time.Second}

     

       286
       +
       

     

       287
       +
       	for {

     

       288
       +
       		pageCount++

     

       289
       +
       		if pageCount > maxPages {

     

       290
       +
       			log.Printf("[VOTE-PDS] Reached max pagination limit (%d pages) searching for vote on %s", maxPages, subjectURI)

     

       291
       +
       			break

     

       292
       +
       		}

     

       293
       +
       

     

       294
       +
       		// Build endpoint with pagination cursor and reverse=true (newest first)

     

       295
       +
       		endpoint := fmt.Sprintf("%s/xrpc/com.atproto.repo.listRecords?repo=%s&collection=social.coves.interaction.vote&limit=100&reverse=true",

     

       296
       +
       			strings.TrimSuffix(s.pdsURL, "/"), voterDID)

     

       297
       +
       

     

       298
       +
       		if cursor != "" {

     

       299
       +
       			endpoint += fmt.Sprintf("&cursor=%s", cursor)

     

       300
       +
       		}

     

       301
       +
       

     

       302
       +
       		req, err := http.NewRequestWithContext(ctx, "GET", endpoint, nil)

     

       303
       +
       		if err != nil {

     

       304
       +
       			return nil, fmt.Errorf("failed to create request: %w", err)

     

       305
       +
       		}

     

       306
       +
       

     

       307
       +
       		req.Header.Set("Authorization", "Bearer "+accessToken)

     

       308
       +
       

     

       309
       +
       		resp, err := client.Do(req)

     

       310
       +
       		if err != nil {

     

       311
       +
       			return nil, fmt.Errorf("failed to query PDS: %w", err)

     

       312
       +
       		}

     

       313
       +
       

     

       314
       +
       		if resp.StatusCode != http.StatusOK {

     

       315
       +
       			body, _ := io.ReadAll(resp.Body)

     

       316
       +
       			resp.Body.Close()

     

       317
       +
       			return nil, fmt.Errorf("PDS returned error %d: %s", resp.StatusCode, string(body))

     

       318
       +
       		}

     

       319
       +
       

     

       320
       +
       		var result struct {

     

       321
       +
       			Records []struct {

     

       322
       +
       				URI   string `json:"uri"`

     

       323
       +
       				Value struct {

     

       324
       +
       					Subject struct {

     

       325
       +
       						URI string `json:"uri"`

     

       326
       +
       						CID string `json:"cid"`

     

       327
       +
       					} `json:"subject"`

     

       328
       +
       					Direction string `json:"direction"`

     

       329
       +
       				} `json:"value"`

     

       330
       +
       			} `json:"records"`

     

       331
       +
       			Cursor string `json:"cursor,omitempty"` // Pagination cursor for next page

     

       332
       +
       		}

     

       333
       +
       

     

       334
       +
       		if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {

     

       335
       +
       			resp.Body.Close()

     

       336
       +
       			return nil, fmt.Errorf("failed to decode PDS response: %w", err)

     

       337
       +
       		}

     

       338
       +
       		resp.Body.Close()

     

       339
       +
       

     

       340
       +
       		// Find vote on this specific subject in current page

     

       341
       +
       		for _, record := range result.Records {

     

       342
       +
       			if record.Value.Subject.URI == subjectURI {

     

       343
       +
       				rkey := extractRKeyFromURI(record.URI)

     

       344
       +
       				log.Printf("[VOTE-PDS] Found existing vote on page %d: %s (direction: %s)", pageCount, record.URI, record.Value.Direction)

     

       345
       +
       				return &PDSVoteRecord{

     

       346
       +
       					URI:       record.URI,

     

       347
       +
       					RKey:      rkey,

     

       348
       +
       					Direction: record.Value.Direction,

     

       349
       +
       					Subject: struct {

     

       350
       +
       						URI string

     

       351
       +
       						CID string

     

       352
       +
       					}{

     

       353
       +
       						URI: record.Value.Subject.URI,

     

       354
       +
       						CID: record.Value.Subject.CID,

     

       355
       +
       					},

     

       356
       +
       				}, nil

     

       357
       +
       			}

     

       358
       +
       		}

     

       359
       +
       

     

       360
       +
       		// No more pages to check

     

       361
       +
       		if result.Cursor == "" {

     

       362
       +
       			log.Printf("[VOTE-PDS] No existing vote found after checking %d page(s)", pageCount)

     

       363
       +
       			break

     

       364
       +
       		}

     

       365
       +
       

     

       366
       +
       		// Move to next page

     

       367
       +
       		cursor = result.Cursor

     

       368
       +
       	}

     

       369
       +
       

     

       370
       +
       	// No vote found on this subject after paginating through all records

     

       371
       +
       	return nil, nil

     

       372
       +
       }

     

       373
       +
       

     

       374
       +
       // extractRKeyFromURI extracts the rkey from an AT-URI (at://did/collection/rkey)

     

       375
       +
       func extractRKeyFromURI(uri string) string {

     

       376
       +
       	parts := strings.Split(uri, "/")

     

       377
       +
       	if len(parts) >= 4 {

     

       378
       +
       		return parts[len(parts)-1]

     

       379
       +
       	}

     

       380
       +
       	return ""

     

       381
       +
       }

     

       382
       +
       

     

       383
       +
       // ValidationError represents a validation error

     

       384
       +
       type ValidationError struct {

     

       385
       +
       	Field   string

     

       386
       +
       	Message string

     

       387
       +
       }

     

       388
       +
       

     

       389
       +
       func (e *ValidationError) Error() string {

     

       390
       +
       	return fmt.Sprintf("validation error for field '%s': %s", e.Field, e.Message)

     

       391
       +
       }

     

       392
       +
       

     

       393
       +
       // NewValidationError creates a new validation error

     

       394
       +
       func NewValidationError(field, message string) error {

     

       395
       +
       	return &ValidationError{

     

       396
       +
       		Field:   field,

     

       397
       +
       		Message: message,

     

       398
       +
       	}

     

       399
       +
       }

+344

internal/core/votes/service_test.go

···

       1
       +
       package votes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/posts"

     

       5
       +
       	"context"

     

       6
       +
       	"testing"

     

       7
       +
       	"time"

     

       8
       +
       

     

       9
       +
       	"github.com/stretchr/testify/assert"

     

       10
       +
       	"github.com/stretchr/testify/mock"

     

       11
       +
       	"github.com/stretchr/testify/require"

     

       12
       +
       )

     

       13
       +
       

     

       14
       +
       // Mock repositories for testing

     

       15
       +
       type mockVoteRepository struct {

     

       16
       +
       	mock.Mock

     

       17
       +
       }

     

       18
       +
       

     

       19
       +
       func (m *mockVoteRepository) Create(ctx context.Context, vote *Vote) error {

     

       20
       +
       	args := m.Called(ctx, vote)

     

       21
       +
       	return args.Error(0)

     

       22
       +
       }

     

       23
       +
       

     

       24
       +
       func (m *mockVoteRepository) GetByURI(ctx context.Context, uri string) (*Vote, error) {

     

       25
       +
       	args := m.Called(ctx, uri)

     

       26
       +
       	if args.Get(0) == nil {

     

       27
       +
       		return nil, args.Error(1)

     

       28
       +
       	}

     

       29
       +
       	return args.Get(0).(*Vote), args.Error(1)

     

       30
       +
       }

     

       31
       +
       

     

       32
       +
       func (m *mockVoteRepository) GetByVoterAndSubject(ctx context.Context, voterDID string, subjectURI string) (*Vote, error) {

     

       33
       +
       	args := m.Called(ctx, voterDID, subjectURI)

     

       34
       +
       	if args.Get(0) == nil {

     

       35
       +
       		return nil, args.Error(1)

     

       36
       +
       	}

     

       37
       +
       	return args.Get(0).(*Vote), args.Error(1)

     

       38
       +
       }

     

       39
       +
       

     

       40
       +
       func (m *mockVoteRepository) Delete(ctx context.Context, uri string) error {

     

       41
       +
       	args := m.Called(ctx, uri)

     

       42
       +
       	return args.Error(0)

     

       43
       +
       }

     

       44
       +
       

     

       45
       +
       func (m *mockVoteRepository) ListBySubject(ctx context.Context, subjectURI string, limit, offset int) ([]*Vote, error) {

     

       46
       +
       	args := m.Called(ctx, subjectURI, limit, offset)

     

       47
       +
       	if args.Get(0) == nil {

     

       48
       +
       		return nil, args.Error(1)

     

       49
       +
       	}

     

       50
       +
       	return args.Get(0).([]*Vote), args.Error(1)

     

       51
       +
       }

     

       52
       +
       

     

       53
       +
       func (m *mockVoteRepository) ListByVoter(ctx context.Context, voterDID string, limit, offset int) ([]*Vote, error) {

     

       54
       +
       	args := m.Called(ctx, voterDID, limit, offset)

     

       55
       +
       	if args.Get(0) == nil {

     

       56
       +
       		return nil, args.Error(1)

     

       57
       +
       	}

     

       58
       +
       	return args.Get(0).([]*Vote), args.Error(1)

     

       59
       +
       }

     

       60
       +
       

     

       61
       +
       type mockPostRepository struct {

     

       62
       +
       	mock.Mock

     

       63
       +
       }

     

       64
       +
       

     

       65
       +
       func (m *mockPostRepository) GetByURI(ctx context.Context, uri string) (*posts.Post, error) {

     

       66
       +
       	args := m.Called(ctx, uri)

     

       67
       +
       	if args.Get(0) == nil {

     

       68
       +
       		return nil, args.Error(1)

     

       69
       +
       	}

     

       70
       +
       	return args.Get(0).(*posts.Post), args.Error(1)

     

       71
       +
       }

     

       72
       +
       

     

       73
       +
       func (m *mockPostRepository) Create(ctx context.Context, post *posts.Post) error {

     

       74
       +
       	args := m.Called(ctx, post)

     

       75
       +
       	return args.Error(0)

     

       76
       +
       }

     

       77
       +
       

     

       78
       +
       func (m *mockPostRepository) GetByRkey(ctx context.Context, communityDID, rkey string) (*posts.Post, error) {

     

       79
       +
       	args := m.Called(ctx, communityDID, rkey)

     

       80
       +
       	if args.Get(0) == nil {

     

       81
       +
       		return nil, args.Error(1)

     

       82
       +
       	}

     

       83
       +
       	return args.Get(0).(*posts.Post), args.Error(1)

     

       84
       +
       }

     

       85
       +
       

     

       86
       +
       func (m *mockPostRepository) ListByCommunity(ctx context.Context, communityDID string, limit, offset int) ([]*posts.Post, error) {

     

       87
       +
       	args := m.Called(ctx, communityDID, limit, offset)

     

       88
       +
       	if args.Get(0) == nil {

     

       89
       +
       		return nil, args.Error(1)

     

       90
       +
       	}

     

       91
       +
       	return args.Get(0).([]*posts.Post), args.Error(1)

     

       92
       +
       }

     

       93
       +
       

     

       94
       +
       func (m *mockPostRepository) Delete(ctx context.Context, uri string) error {

     

       95
       +
       	args := m.Called(ctx, uri)

     

       96
       +
       	return args.Error(0)

     

       97
       +
       }

     

       98
       +
       

     

       99
       +
       // TestVoteService_CreateVote_NoExistingVote tests creating a vote when no vote exists

     

       100
       +
       // NOTE: This test is skipped because we need to refactor service to inject HTTP client

     

       101
       +
       // for testing PDS writes. The full flow is covered by E2E tests.

     

       102
       +
       func TestVoteService_CreateVote_NoExistingVote(t *testing.T) {

     

       103
       +
       	t.Skip("Skipping because we need to refactor service to inject HTTP client for testing PDS writes - covered by E2E tests")

     

       104
       +
       

     

       105
       +
       	// This test would verify:

     

       106
       +
       	// - Post exists check

     

       107
       +
       	// - No existing vote

     

       108
       +
       	// - PDS write succeeds

     

       109
       +
       	// - Response contains vote URI and CID

     

       110
       +
       }

     

       111
       +
       

     

       112
       +
       // TestVoteService_ValidateInput tests input validation

     

       113
       +
       func TestVoteService_ValidateInput(t *testing.T) {

     

       114
       +
       	mockVoteRepo := new(mockVoteRepository)

     

       115
       +
       	mockPostRepo := new(mockPostRepository)

     

       116
       +
       

     

       117
       +
       	service := &voteService{

     

       118
       +
       		repo:     mockVoteRepo,

     

       119
       +
       		postRepo: mockPostRepo,

     

       120
       +
       		pdsURL:   "http://mock-pds.test",

     

       121
       +
       	}

     

       122
       +
       

     

       123
       +
       	ctx := context.Background()

     

       124
       +
       

     

       125
       +
       	tests := []struct {

     

       126
       +
       		name          string

     

       127
       +
       		voterDID      string

     

       128
       +
       		accessToken   string

     

       129
       +
       		req           CreateVoteRequest

     

       130
       +
       		expectedError string

     

       131
       +
       	}{

     

       132
       +
       		{

     

       133
       +
       			name:          "missing voter DID",

     

       134
       +
       			voterDID:      "",

     

       135
       +
       			accessToken:   "token123",

     

       136
       +
       			req:           CreateVoteRequest{Subject: "at://test", Direction: "up"},

     

       137
       +
       			expectedError: "voterDid",

     

       138
       +
       		},

     

       139
       +
       		{

     

       140
       +
       			name:          "missing access token",

     

       141
       +
       			voterDID:      "did:plc:test",

     

       142
       +
       			accessToken:   "",

     

       143
       +
       			req:           CreateVoteRequest{Subject: "at://test", Direction: "up"},

     

       144
       +
       			expectedError: "userAccessToken",

     

       145
       +
       		},

     

       146
       +
       		{

     

       147
       +
       			name:          "missing subject",

     

       148
       +
       			voterDID:      "did:plc:test",

     

       149
       +
       			accessToken:   "token123",

     

       150
       +
       			req:           CreateVoteRequest{Subject: "", Direction: "up"},

     

       151
       +
       			expectedError: "subject",

     

       152
       +
       		},

     

       153
       +
       		{

     

       154
       +
       			name:          "invalid direction",

     

       155
       +
       			voterDID:      "did:plc:test",

     

       156
       +
       			accessToken:   "token123",

     

       157
       +
       			req:           CreateVoteRequest{Subject: "at://test", Direction: "invalid"},

     

       158
       +
       			expectedError: "invalid vote direction",

     

       159
       +
       		},

     

       160
       +
       		{

     

       161
       +
       			name:          "invalid subject format",

     

       162
       +
       			voterDID:      "did:plc:test",

     

       163
       +
       			accessToken:   "token123",

     

       164
       +
       			req:           CreateVoteRequest{Subject: "http://not-at-uri", Direction: "up"},

     

       165
       +
       			expectedError: "invalid subject URI",

     

       166
       +
       		},

     

       167
       +
       	}

     

       168
       +
       

     

       169
       +
       	for _, tt := range tests {

     

       170
       +
       		t.Run(tt.name, func(t *testing.T) {

     

       171
       +
       			_, err := service.CreateVote(ctx, tt.voterDID, tt.accessToken, tt.req)

     

       172
       +
       			require.Error(t, err)

     

       173
       +
       			assert.Contains(t, err.Error(), tt.expectedError)

     

       174
       +
       		})

     

       175
       +
       	}

     

       176
       +
       }

     

       177
       +
       

     

       178
       +
       // TestVoteService_GetVote tests retrieving a vote

     

       179
       +
       func TestVoteService_GetVote(t *testing.T) {

     

       180
       +
       	mockVoteRepo := new(mockVoteRepository)

     

       181
       +
       	mockPostRepo := new(mockPostRepository)

     

       182
       +
       

     

       183
       +
       	service := &voteService{

     

       184
       +
       		repo:     mockVoteRepo,

     

       185
       +
       		postRepo: mockPostRepo,

     

       186
       +
       		pdsURL:   "http://mock-pds.test",

     

       187
       +
       	}

     

       188
       +
       

     

       189
       +
       	ctx := context.Background()

     

       190
       +
       	voterDID := "did:plc:voter123"

     

       191
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/abc123"

     

       192
       +
       

     

       193
       +
       	expectedVote := &Vote{

     

       194
       +
       		ID:         1,

     

       195
       +
       		URI:        "at://did:plc:voter123/social.coves.interaction.vote/xyz789",

     

       196
       +
       		VoterDID:   voterDID,

     

       197
       +
       		SubjectURI: subjectURI,

     

       198
       +
       		Direction:  "up",

     

       199
       +
       		CreatedAt:  time.Now(),

     

       200
       +
       	}

     

       201
       +
       

     

       202
       +
       	mockVoteRepo.On("GetByVoterAndSubject", ctx, voterDID, subjectURI).Return(expectedVote, nil)

     

       203
       +
       

     

       204
       +
       	result, err := service.GetVote(ctx, voterDID, subjectURI)

     

       205
       +
       	assert.NoError(t, err)

     

       206
       +
       	assert.Equal(t, expectedVote.URI, result.URI)

     

       207
       +
       	assert.Equal(t, expectedVote.Direction, result.Direction)

     

       208
       +
       

     

       209
       +
       	mockVoteRepo.AssertExpectations(t)

     

       210
       +
       }

     

       211
       +
       

     

       212
       +
       // TestVoteService_GetVote_NotFound tests getting a non-existent vote

     

       213
       +
       func TestVoteService_GetVote_NotFound(t *testing.T) {

     

       214
       +
       	mockVoteRepo := new(mockVoteRepository)

     

       215
       +
       	mockPostRepo := new(mockPostRepository)

     

       216
       +
       

     

       217
       +
       	service := &voteService{

     

       218
       +
       		repo:     mockVoteRepo,

     

       219
       +
       		postRepo: mockPostRepo,

     

       220
       +
       		pdsURL:   "http://mock-pds.test",

     

       221
       +
       	}

     

       222
       +
       

     

       223
       +
       	ctx := context.Background()

     

       224
       +
       	voterDID := "did:plc:voter123"

     

       225
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/noexist"

     

       226
       +
       

     

       227
       +
       	mockVoteRepo.On("GetByVoterAndSubject", ctx, voterDID, subjectURI).Return(nil, ErrVoteNotFound)

     

       228
       +
       

     

       229
       +
       	result, err := service.GetVote(ctx, voterDID, subjectURI)

     

       230
       +
       	assert.ErrorIs(t, err, ErrVoteNotFound)

     

       231
       +
       	assert.Nil(t, result)

     

       232
       +
       

     

       233
       +
       	mockVoteRepo.AssertExpectations(t)

     

       234
       +
       }

     

       235
       +
       

     

       236
       +
       // TestVoteService_SubjectNotFound tests voting on non-existent post

     

       237
       +
       func TestVoteService_SubjectNotFound(t *testing.T) {

     

       238
       +
       	mockVoteRepo := new(mockVoteRepository)

     

       239
       +
       	mockPostRepo := new(mockPostRepository)

     

       240
       +
       

     

       241
       +
       	service := &voteService{

     

       242
       +
       		repo:     mockVoteRepo,

     

       243
       +
       		postRepo: mockPostRepo,

     

       244
       +
       		pdsURL:   "http://mock-pds.test",

     

       245
       +
       	}

     

       246
       +
       

     

       247
       +
       	ctx := context.Background()

     

       248
       +
       	voterDID := "did:plc:voter123"

     

       249
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/noexist"

     

       250
       +
       

     

       251
       +
       	// Mock post not found

     

       252
       +
       	mockPostRepo.On("GetByURI", ctx, subjectURI).Return(nil, posts.ErrNotFound)

     

       253
       +
       

     

       254
       +
       	req := CreateVoteRequest{

     

       255
       +
       		Subject:   subjectURI,

     

       256
       +
       		Direction: "up",

     

       257
       +
       	}

     

       258
       +
       

     

       259
       +
       	_, err := service.CreateVote(ctx, voterDID, "token123", req)

     

       260
       +
       	assert.ErrorIs(t, err, ErrSubjectNotFound)

     

       261
       +
       

     

       262
       +
       	mockPostRepo.AssertExpectations(t)

     

       263
       +
       }

     

       264
       +
       

     

       265
       +
       // NOTE: Testing toggle logic (same direction, different direction) requires mocking HTTP client

     

       266
       +
       // These tests are covered by integration tests in tests/integration/vote_e2e_test.go

     

       267
       +
       // To add unit tests for toggle logic, we would need to:

     

       268
       +
       // 1. Refactor voteService to accept an HTTP client interface

     

       269
       +
       // 2. Mock the PDS createRecord and deleteRecord calls

     

       270
       +
       // 3. Verify the correct sequence of operations

     

       271
       +
       

     

       272
       +
       // Example of what toggle tests would look like (requires refactoring):

     

       273
       +
       /*

     

       274
       +
       func TestVoteService_ToggleSameDirection(t *testing.T) {

     

       275
       +
       	// Setup

     

       276
       +
       	mockVoteRepo := new(mockVoteRepository)

     

       277
       +
       	mockPostRepo := new(mockPostRepository)

     

       278
       +
       	mockPDSClient := new(mockPDSClient)

     

       279
       +
       

     

       280
       +
       	service := &voteService{

     

       281
       +
       		repo:      mockVoteRepo,

     

       282
       +
       		postRepo:  mockPostRepo,

     

       283
       +
       		pdsClient: mockPDSClient, // Would need to refactor to inject this

     

       284
       +
       	}

     

       285
       +
       

     

       286
       +
       	ctx := context.Background()

     

       287
       +
       	voterDID := "did:plc:voter123"

     

       288
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/abc123"

     

       289
       +
       

     

       290
       +
       	// Mock existing upvote

     

       291
       +
       	existingVote := &Vote{

     

       292
       +
       		URI:        "at://did:plc:voter123/social.coves.interaction.vote/existing",

     

       293
       +
       		VoterDID:   voterDID,

     

       294
       +
       		SubjectURI: subjectURI,

     

       295
       +
       		Direction:  "up",

     

       296
       +
       	}

     

       297
       +
       	mockVoteRepo.On("GetByVoterAndSubject", ctx, voterDID, subjectURI).Return(existingVote, nil)

     

       298
       +
       

     

       299
       +
       	// Mock post exists

     

       300
       +
       	mockPostRepo.On("GetByURI", ctx, subjectURI).Return(&posts.Post{

     

       301
       +
       		URI: subjectURI,

     

       302
       +
       		CID: "bafyreigpost123",

     

       303
       +
       	}, nil)

     

       304
       +
       

     

       305
       +
       	// Mock PDS delete

     

       306
       +
       	mockPDSClient.On("DeleteRecord", voterDID, "social.coves.interaction.vote", "existing").Return(nil)

     

       307
       +
       

     

       308
       +
       	// Execute: Click upvote when already upvoted -> should delete

     

       309
       +
       	req := CreateVoteRequest{

     

       310
       +
       		Subject:   subjectURI,

     

       311
       +
       		Direction: "up", // Same direction

     

       312
       +
       	}

     

       313
       +
       

     

       314
       +
       	response, err := service.CreateVote(ctx, voterDID, "token123", req)

     

       315
       +
       

     

       316
       +
       	// Assert

     

       317
       +
       	assert.NoError(t, err)

     

       318
       +
       	assert.Equal(t, "", response.URI, "Should return empty URI when toggled off")

     

       319
       +
       	mockPDSClient.AssertCalled(t, "DeleteRecord", voterDID, "social.coves.interaction.vote", "existing")

     

       320
       +
       	mockVoteRepo.AssertExpectations(t)

     

       321
       +
       	mockPostRepo.AssertExpectations(t)

     

       322
       +
       }

     

       323
       +
       

     

       324
       +
       func TestVoteService_ToggleDifferentDirection(t *testing.T) {

     

       325
       +
       	// Similar test but existing vote is "up" and new vote is "down"

     

       326
       +
       	// Should delete old vote and create new vote

     

       327
       +
       	// Would verify:

     

       328
       +
       	// 1. DeleteRecord called for old vote

     

       329
       +
       	// 2. CreateRecord called for new vote

     

       330
       +
       	// 3. Response contains new vote URI

     

       331
       +
       }

     

       332
       +
       */

     

       333
       +
       

     

       334
       +
       // Documentation test to explain toggle logic (verified by E2E tests)

     

       335
       +
       func TestVoteService_ToggleLogicDocumentation(t *testing.T) {

     

       336
       +
       	t.Log("Toggle Logic (verified by E2E tests in tests/integration/vote_e2e_test.go):")

     

       337
       +
       	t.Log("1. No existing vote + upvote clicked → Create upvote")

     

       338
       +
       	t.Log("2. Upvote exists + upvote clicked → Delete upvote (toggle off)")

     

       339
       +
       	t.Log("3. Upvote exists + downvote clicked → Delete upvote + Create downvote (switch)")

     

       340
       +
       	t.Log("4. Downvote exists + downvote clicked → Delete downvote (toggle off)")

     

       341
       +
       	t.Log("5. Downvote exists + upvote clicked → Delete downvote + Create upvote (switch)")

     

       342
       +
       	t.Log("")

     

       343
       +
       	t.Log("To add unit tests for toggle logic, refactor service to accept HTTP client interface")

     

       344
       +
       }

+58

internal/core/votes/vote.go

···

       1
       +
       package votes

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"time"

     

       5
       +
       )

     

       6
       +
       

     

       7
       +
       // Vote represents a vote in the AppView database

     

       8
       +
       // Votes are indexed from the firehose after being written to user repositories

     

       9
       +
       type Vote struct {

     

       10
       +
       	ID         int64      `json:"id" db:"id"`

     

       11
       +
       	URI        string     `json:"uri" db:"uri"`

     

       12
       +
       	CID        string     `json:"cid" db:"cid"`

     

       13
       +
       	RKey       string     `json:"rkey" db:"rkey"`

     

       14
       +
       	VoterDID   string     `json:"voterDid" db:"voter_did"`

     

       15
       +
       	SubjectURI string     `json:"subjectUri" db:"subject_uri"`

     

       16
       +
       	SubjectCID string     `json:"subjectCid" db:"subject_cid"`

     

       17
       +
       	Direction  string     `json:"direction" db:"direction"` // "up" or "down"

     

       18
       +
       	CreatedAt  time.Time  `json:"createdAt" db:"created_at"`

     

       19
       +
       	IndexedAt  time.Time  `json:"indexedAt" db:"indexed_at"`

     

       20
       +
       	DeletedAt  *time.Time `json:"deletedAt,omitempty" db:"deleted_at"`

     

       21
       +
       }

     

       22
       +
       

     

       23
       +
       // CreateVoteRequest represents input for creating a new vote

     

       24
       +
       // Matches social.coves.interaction.createVote lexicon input schema

     

       25
       +
       type CreateVoteRequest struct {

     

       26
       +
       	Subject   string `json:"subject"`   // AT-URI of post/comment

     

       27
       +
       	Direction string `json:"direction"` // "up" or "down"

     

       28
       +
       }

     

       29
       +
       

     

       30
       +
       // CreateVoteResponse represents the response from creating a vote

     

       31
       +
       // Matches social.coves.interaction.createVote lexicon output schema

     

       32
       +
       type CreateVoteResponse struct {

     

       33
       +
       	URI      string  `json:"uri"`                // AT-URI of created vote record

     

       34
       +
       	CID      string  `json:"cid"`                // CID of created vote record

     

       35
       +
       	Existing *string `json:"existing,omitempty"` // AT-URI of existing vote if updating

     

       36
       +
       }

     

       37
       +
       

     

       38
       +
       // DeleteVoteRequest represents input for deleting a vote

     

       39
       +
       // Matches social.coves.interaction.deleteVote lexicon input schema

     

       40
       +
       type DeleteVoteRequest struct {

     

       41
       +
       	Subject string `json:"subject"` // AT-URI of post/comment

     

       42
       +
       }

     

       43
       +
       

     

       44
       +
       // VoteRecord represents the actual atProto record structure written to PDS

     

       45
       +
       // This is the data structure that gets stored in the user's repository

     

       46
       +
       type VoteRecord struct {

     

       47
       +
       	Type      string            `json:"$type"`

     

       48
       +
       	Subject   StrongRef         `json:"subject"`

     

       49
       +
       	Direction string            `json:"direction"` // "up" or "down"

     

       50
       +
       	CreatedAt string            `json:"createdAt"`

     

       51
       +
       }

     

       52
       +
       

     

       53
       +
       // StrongRef represents a strong reference to a record (URI + CID)

     

       54
       +
       // Matches the strongRef definition in the vote lexicon

     

       55
       +
       type StrongRef struct {

     

       56
       +
       	URI string `json:"uri"`

     

       57
       +
       	CID string `json:"cid"`

     

       58
       +
       }

+43

internal/db/migrations/013_create_votes_table.sql

···

       1
       +
       -- +goose Up

     

       2
       +
       -- Create votes table for AppView indexing

     

       3
       +
       -- Votes are indexed from the firehose after being written to user repositories

     

       4
       +
       CREATE TABLE votes (

     

       5
       +
           id BIGSERIAL PRIMARY KEY,

     

       6
       +
           uri TEXT UNIQUE NOT NULL,               -- AT-URI (at://voter_did/social.coves.interaction.vote/rkey)

     

       7
       +
           cid TEXT NOT NULL,                      -- Content ID

     

       8
       +
           rkey TEXT NOT NULL,                     -- Record key (TID)

     

       9
       +
           voter_did TEXT NOT NULL,                -- User who voted (from AT-URI repo field)

     

       10
       +
       

     

       11
       +
           -- Subject (strong reference to post/comment)

     

       12
       +
           subject_uri TEXT NOT NULL,              -- AT-URI of voted item

     

       13
       +
           subject_cid TEXT NOT NULL,              -- CID of voted item (strong reference)

     

       14
       +
       

     

       15
       +
           -- Vote data

     

       16
       +
           direction TEXT NOT NULL CHECK (direction IN ('up', 'down')),

     

       17
       +
       

     

       18
       +
           -- Timestamps

     

       19
       +
           created_at TIMESTAMPTZ NOT NULL,        -- Voter's timestamp from record

     

       20
       +
           indexed_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), -- When indexed by AppView

     

       21
       +
           deleted_at TIMESTAMPTZ,                 -- Soft delete (for firehose delete events)

     

       22
       +
       

     

       23
       +
           -- Foreign keys

     

       24
       +
           CONSTRAINT fk_voter FOREIGN KEY (voter_did) REFERENCES users(did) ON DELETE CASCADE

     

       25
       +
       );

     

       26
       +
       

     

       27
       +
       -- Indexes for common query patterns

     

       28
       +
       CREATE INDEX idx_votes_subject ON votes(subject_uri, direction) WHERE deleted_at IS NULL;

     

       29
       +
       CREATE INDEX idx_votes_voter_subject ON votes(voter_did, subject_uri) WHERE deleted_at IS NULL;

     

       30
       +
       

     

       31
       +
       -- Partial unique index: One active vote per user per subject (soft delete aware)

     

       32
       +
       CREATE UNIQUE INDEX unique_voter_subject_active ON votes(voter_did, subject_uri) WHERE deleted_at IS NULL;

     

       33
       +
       CREATE INDEX idx_votes_uri ON votes(uri);

     

       34
       +
       CREATE INDEX idx_votes_voter ON votes(voter_did, created_at DESC);

     

       35
       +
       

     

       36
       +
       -- Comment on table

     

       37
       +
       COMMENT ON TABLE votes IS 'Votes indexed from user repositories via Jetstream firehose consumer';

     

       38
       +
       COMMENT ON COLUMN votes.uri IS 'AT-URI in format: at://voter_did/social.coves.interaction.vote/rkey';

     

       39
       +
       COMMENT ON COLUMN votes.subject_uri IS 'Strong reference to post/comment being voted on';

     

       40
       +
       COMMENT ON INDEX unique_voter_subject_active IS 'Ensures one active vote per user per subject (soft delete aware)';

     

       41
       +
       

     

       42
       +
       -- +goose Down

     

       43
       +
       DROP TABLE IF EXISTS votes CASCADE;

+22

internal/db/migrations/014_remove_votes_voter_fk.sql

···

       1
       +
       -- +goose Up

     

       2
       +
       -- Remove foreign key constraint on votes.voter_did to prevent race conditions

     

       3
       +
       -- between user and vote Jetstream consumers.

     

       4
       +
       --

     

       5
       +
       -- Rationale:

     

       6
       +
       -- - Vote events can arrive before user events in Jetstream

     

       7
       +
       -- - Creating votes should not fail if user hasn't been indexed yet

     

       8
       +
       -- - Users are validated at the PDS level (votes come from user repos)

     

       9
       +
       -- - Orphaned votes (from deleted users) are harmless and can be ignored in queries

     

       10
       +
       

     

       11
       +
       ALTER TABLE votes DROP CONSTRAINT IF EXISTS fk_voter;

     

       12
       +
       

     

       13
       +
       -- Add check constraint to ensure voter_did is a valid DID format

     

       14
       +
       ALTER TABLE votes ADD CONSTRAINT chk_voter_did_format

     

       15
       +
       CHECK (voter_did ~ '^did:(plc|web|key):');

     

       16
       +
       

     

       17
       +
       -- +goose Down

     

       18
       +
       -- Restore foreign key constraint (note: this may fail if orphaned votes exist)

     

       19
       +
       ALTER TABLE votes DROP CONSTRAINT IF EXISTS chk_voter_did_format;

     

       20
       +
       

     

       21
       +
       ALTER TABLE votes ADD CONSTRAINT fk_voter

     

       22
       +
       FOREIGN KEY (voter_did) REFERENCES users(did) ON DELETE CASCADE;

+235

internal/db/postgres/vote_repo.go

···

       1
       +
       package postgres

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/votes"

     

       5
       +
       	"context"

     

       6
       +
       	"database/sql"

     

       7
       +
       	"fmt"

     

       8
       +
       	"strings"

     

       9
       +
       )

     

       10
       +
       

     

       11
       +
       type postgresVoteRepo struct {

     

       12
       +
       	db *sql.DB

     

       13
       +
       }

     

       14
       +
       

     

       15
       +
       // NewVoteRepository creates a new PostgreSQL vote repository

     

       16
       +
       func NewVoteRepository(db *sql.DB) votes.Repository {

     

       17
       +
       	return &postgresVoteRepo{db: db}

     

       18
       +
       }

     

       19
       +
       

     

       20
       +
       // Create inserts a new vote into the votes table

     

       21
       +
       // Called by Jetstream consumer after vote is created on PDS

     

       22
       +
       // Idempotent: Returns success if vote already exists (for Jetstream replays)

     

       23
       +
       func (r *postgresVoteRepo) Create(ctx context.Context, vote *votes.Vote) error {

     

       24
       +
       	query := `

     

       25
       +
       		INSERT INTO votes (

     

       26
       +
       			uri, cid, rkey, voter_did,

     

       27
       +
       			subject_uri, subject_cid, direction,

     

       28
       +
       			created_at, indexed_at

     

       29
       +
       		) VALUES (

     

       30
       +
       			$1, $2, $3, $4,

     

       31
       +
       			$5, $6, $7,

     

       32
       +
       			$8, NOW()

     

       33
       +
       		)

     

       34
       +
       		ON CONFLICT (uri) DO NOTHING

     

       35
       +
       		RETURNING id, indexed_at

     

       36
       +
       	`

     

       37
       +
       

     

       38
       +
       	err := r.db.QueryRowContext(

     

       39
       +
       		ctx, query,

     

       40
       +
       		vote.URI, vote.CID, vote.RKey, vote.VoterDID,

     

       41
       +
       		vote.SubjectURI, vote.SubjectCID, vote.Direction,

     

       42
       +
       		vote.CreatedAt,

     

       43
       +
       	).Scan(&vote.ID, &vote.IndexedAt)

     

       44
       +
       

     

       45
       +
       	// ON CONFLICT DO NOTHING returns no rows if duplicate - this is OK (idempotent)

     

       46
       +
       	if err == sql.ErrNoRows {

     

       47
       +
       		return nil // Vote already exists, no error for idempotency

     

       48
       +
       	}

     

       49
       +
       

     

       50
       +
       	if err != nil {

     

       51
       +
       		// Check for unique constraint violation (voter + subject)

     

       52
       +
       		if strings.Contains(err.Error(), "duplicate key") && strings.Contains(err.Error(), "unique_voter_subject") {

     

       53
       +
       			return votes.ErrVoteAlreadyExists

     

       54
       +
       		}

     

       55
       +
       

     

       56
       +
       		// Check for DID format constraint violation

     

       57
       +
       		if strings.Contains(err.Error(), "chk_voter_did_format") {

     

       58
       +
       			return fmt.Errorf("invalid voter DID format: %s", vote.VoterDID)

     

       59
       +
       		}

     

       60
       +
       

     

       61
       +
       		return fmt.Errorf("failed to insert vote: %w", err)

     

       62
       +
       	}

     

       63
       +
       

     

       64
       +
       	return nil

     

       65
       +
       }

     

       66
       +
       

     

       67
       +
       // GetByURI retrieves a vote by its AT-URI

     

       68
       +
       // Used by Jetstream consumer for DELETE operations

     

       69
       +
       func (r *postgresVoteRepo) GetByURI(ctx context.Context, uri string) (*votes.Vote, error) {

     

       70
       +
       	query := `

     

       71
       +
       		SELECT

     

       72
       +
       			id, uri, cid, rkey, voter_did,

     

       73
       +
       			subject_uri, subject_cid, direction,

     

       74
       +
       			created_at, indexed_at, deleted_at

     

       75
       +
       		FROM votes

     

       76
       +
       		WHERE uri = $1

     

       77
       +
       	`

     

       78
       +
       

     

       79
       +
       	var vote votes.Vote

     

       80
       +
       

     

       81
       +
       	err := r.db.QueryRowContext(ctx, query, uri).Scan(

     

       82
       +
       		&vote.ID, &vote.URI, &vote.CID, &vote.RKey, &vote.VoterDID,

     

       83
       +
       		&vote.SubjectURI, &vote.SubjectCID, &vote.Direction,

     

       84
       +
       		&vote.CreatedAt, &vote.IndexedAt, &vote.DeletedAt,

     

       85
       +
       	)

     

       86
       +
       

     

       87
       +
       	if err == sql.ErrNoRows {

     

       88
       +
       		return nil, votes.ErrVoteNotFound

     

       89
       +
       	}

     

       90
       +
       	if err != nil {

     

       91
       +
       		return nil, fmt.Errorf("failed to get vote by URI: %w", err)

     

       92
       +
       	}

     

       93
       +
       

     

       94
       +
       	return &vote, nil

     

       95
       +
       }

     

       96
       +
       

     

       97
       +
       // GetByVoterAndSubject retrieves a user's vote on a specific subject

     

       98
       +
       // Used by service to check existing vote state before creating/toggling

     

       99
       +
       func (r *postgresVoteRepo) GetByVoterAndSubject(ctx context.Context, voterDID string, subjectURI string) (*votes.Vote, error) {

     

       100
       +
       	query := `

     

       101
       +
       		SELECT

     

       102
       +
       			id, uri, cid, rkey, voter_did,

     

       103
       +
       			subject_uri, subject_cid, direction,

     

       104
       +
       			created_at, indexed_at, deleted_at

     

       105
       +
       		FROM votes

     

       106
       +
       		WHERE voter_did = $1 AND subject_uri = $2 AND deleted_at IS NULL

     

       107
       +
       	`

     

       108
       +
       

     

       109
       +
       	var vote votes.Vote

     

       110
       +
       

     

       111
       +
       	err := r.db.QueryRowContext(ctx, query, voterDID, subjectURI).Scan(

     

       112
       +
       		&vote.ID, &vote.URI, &vote.CID, &vote.RKey, &vote.VoterDID,

     

       113
       +
       		&vote.SubjectURI, &vote.SubjectCID, &vote.Direction,

     

       114
       +
       		&vote.CreatedAt, &vote.IndexedAt, &vote.DeletedAt,

     

       115
       +
       	)

     

       116
       +
       

     

       117
       +
       	if err == sql.ErrNoRows {

     

       118
       +
       		return nil, votes.ErrVoteNotFound

     

       119
       +
       	}

     

       120
       +
       	if err != nil {

     

       121
       +
       		return nil, fmt.Errorf("failed to get vote by voter and subject: %w", err)

     

       122
       +
       	}

     

       123
       +
       

     

       124
       +
       	return &vote, nil

     

       125
       +
       }

     

       126
       +
       

     

       127
       +
       // Delete soft-deletes a vote (sets deleted_at)

     

       128
       +
       // Called by Jetstream consumer after vote is deleted from PDS

     

       129
       +
       // Idempotent: Returns success if vote already deleted

     

       130
       +
       func (r *postgresVoteRepo) Delete(ctx context.Context, uri string) error {

     

       131
       +
       	query := `

     

       132
       +
       		UPDATE votes

     

       133
       +
       		SET deleted_at = NOW()

     

       134
       +
       		WHERE uri = $1 AND deleted_at IS NULL

     

       135
       +
       	`

     

       136
       +
       

     

       137
       +
       	result, err := r.db.ExecContext(ctx, query, uri)

     

       138
       +
       	if err != nil {

     

       139
       +
       		return fmt.Errorf("failed to delete vote: %w", err)

     

       140
       +
       	}

     

       141
       +
       

     

       142
       +
       	rowsAffected, err := result.RowsAffected()

     

       143
       +
       	if err != nil {

     

       144
       +
       		return fmt.Errorf("failed to check delete result: %w", err)

     

       145
       +
       	}

     

       146
       +
       

     

       147
       +
       	// Idempotent: If no rows affected, vote already deleted (OK for Jetstream replays)

     

       148
       +
       	if rowsAffected == 0 {

     

       149
       +
       		return nil

     

       150
       +
       	}

     

       151
       +
       

     

       152
       +
       	return nil

     

       153
       +
       }

     

       154
       +
       

     

       155
       +
       // ListBySubject retrieves all active votes on a specific post/comment

     

       156
       +
       // Future: Used for vote detail views

     

       157
       +
       func (r *postgresVoteRepo) ListBySubject(ctx context.Context, subjectURI string, limit, offset int) ([]*votes.Vote, error) {

     

       158
       +
       	query := `

     

       159
       +
       		SELECT

     

       160
       +
       			id, uri, cid, rkey, voter_did,

     

       161
       +
       			subject_uri, subject_cid, direction,

     

       162
       +
       			created_at, indexed_at, deleted_at

     

       163
       +
       		FROM votes

     

       164
       +
       		WHERE subject_uri = $1 AND deleted_at IS NULL

     

       165
       +
       		ORDER BY created_at DESC

     

       166
       +
       		LIMIT $2 OFFSET $3

     

       167
       +
       	`

     

       168
       +
       

     

       169
       +
       	rows, err := r.db.QueryContext(ctx, query, subjectURI, limit, offset)

     

       170
       +
       	if err != nil {

     

       171
       +
       		return nil, fmt.Errorf("failed to list votes by subject: %w", err)

     

       172
       +
       	}

     

       173
       +
       	defer rows.Close()

     

       174
       +
       

     

       175
       +
       	var result []*votes.Vote

     

       176
       +
       	for rows.Next() {

     

       177
       +
       		var vote votes.Vote

     

       178
       +
       		err := rows.Scan(

     

       179
       +
       			&vote.ID, &vote.URI, &vote.CID, &vote.RKey, &vote.VoterDID,

     

       180
       +
       			&vote.SubjectURI, &vote.SubjectCID, &vote.Direction,

     

       181
       +
       			&vote.CreatedAt, &vote.IndexedAt, &vote.DeletedAt,

     

       182
       +
       		)

     

       183
       +
       		if err != nil {

     

       184
       +
       			return nil, fmt.Errorf("failed to scan vote: %w", err)

     

       185
       +
       		}

     

       186
       +
       		result = append(result, &vote)

     

       187
       +
       	}

     

       188
       +
       

     

       189
       +
       	if err = rows.Err(); err != nil {

     

       190
       +
       		return nil, fmt.Errorf("error iterating votes: %w", err)

     

       191
       +
       	}

     

       192
       +
       

     

       193
       +
       	return result, nil

     

       194
       +
       }

     

       195
       +
       

     

       196
       +
       // ListByVoter retrieves all active votes by a specific user

     

       197
       +
       // Future: Used for user voting history

     

       198
       +
       func (r *postgresVoteRepo) ListByVoter(ctx context.Context, voterDID string, limit, offset int) ([]*votes.Vote, error) {

     

       199
       +
       	query := `

     

       200
       +
       		SELECT

     

       201
       +
       			id, uri, cid, rkey, voter_did,

     

       202
       +
       			subject_uri, subject_cid, direction,

     

       203
       +
       			created_at, indexed_at, deleted_at

     

       204
       +
       		FROM votes

     

       205
       +
       		WHERE voter_did = $1 AND deleted_at IS NULL

     

       206
       +
       		ORDER BY created_at DESC

     

       207
       +
       		LIMIT $2 OFFSET $3

     

       208
       +
       	`

     

       209
       +
       

     

       210
       +
       	rows, err := r.db.QueryContext(ctx, query, voterDID, limit, offset)

     

       211
       +
       	if err != nil {

     

       212
       +
       		return nil, fmt.Errorf("failed to list votes by voter: %w", err)

     

       213
       +
       	}

     

       214
       +
       	defer rows.Close()

     

       215
       +
       

     

       216
       +
       	var result []*votes.Vote

     

       217
       +
       	for rows.Next() {

     

       218
       +
       		var vote votes.Vote

     

       219
       +
       		err := rows.Scan(

     

       220
       +
       			&vote.ID, &vote.URI, &vote.CID, &vote.RKey, &vote.VoterDID,

     

       221
       +
       			&vote.SubjectURI, &vote.SubjectCID, &vote.Direction,

     

       222
       +
       			&vote.CreatedAt, &vote.IndexedAt, &vote.DeletedAt,

     

       223
       +
       		)

     

       224
       +
       		if err != nil {

     

       225
       +
       			return nil, fmt.Errorf("failed to scan vote: %w", err)

     

       226
       +
       		}

     

       227
       +
       		result = append(result, &vote)

     

       228
       +
       	}

     

       229
       +
       

     

       230
       +
       	if err = rows.Err(); err != nil {

     

       231
       +
       		return nil, fmt.Errorf("error iterating votes: %w", err)

     

       232
       +
       	}

     

       233
       +
       

     

       234
       +
       	return result, nil

     

       235
       +
       }

+403

internal/db/postgres/vote_repo_test.go

···

       1
       +
       package postgres

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/core/votes"

     

       5
       +
       	"context"

     

       6
       +
       	"database/sql"

     

       7
       +
       	"os"

     

       8
       +
       	"testing"

     

       9
       +
       	"time"

     

       10
       +
       

     

       11
       +
       	_ "github.com/lib/pq"

     

       12
       +
       	"github.com/pressly/goose/v3"

     

       13
       +
       	"github.com/stretchr/testify/assert"

     

       14
       +
       	"github.com/stretchr/testify/require"

     

       15
       +
       )

     

       16
       +
       

     

       17
       +
       // setupTestDB creates a test database connection and runs migrations

     

       18
       +
       func setupTestDB(t *testing.T) *sql.DB {

     

       19
       +
       	dsn := os.Getenv("TEST_DATABASE_URL")

     

       20
       +
       	if dsn == "" {

     

       21
       +
       		dsn = "postgres://test_user:test_password@localhost:5434/coves_test?sslmode=disable"

     

       22
       +
       	}

     

       23
       +
       

     

       24
       +
       	db, err := sql.Open("postgres", dsn)

     

       25
       +
       	require.NoError(t, err, "Failed to connect to test database")

     

       26
       +
       

     

       27
       +
       	// Run migrations

     

       28
       +
       	require.NoError(t, goose.Up(db, "../../db/migrations"), "Failed to run migrations")

     

       29
       +
       

     

       30
       +
       	return db

     

       31
       +
       }

     

       32
       +
       

     

       33
       +
       // cleanupVotes removes all test votes and users from the database

     

       34
       +
       func cleanupVotes(t *testing.T, db *sql.DB) {

     

       35
       +
       	_, err := db.Exec("DELETE FROM votes WHERE voter_did LIKE 'did:plc:test%' OR voter_did LIKE 'did:plc:nonexistent%'")

     

       36
       +
       	require.NoError(t, err, "Failed to cleanup votes")

     

       37
       +
       

     

       38
       +
       	_, err = db.Exec("DELETE FROM users WHERE did LIKE 'did:plc:test%'")

     

       39
       +
       	require.NoError(t, err, "Failed to cleanup test users")

     

       40
       +
       }

     

       41
       +
       

     

       42
       +
       // createTestUser creates a minimal test user for foreign key constraints

     

       43
       +
       func createTestUser(t *testing.T, db *sql.DB, handle, did string) {

     

       44
       +
       	query := `

     

       45
       +
       		INSERT INTO users (did, handle, pds_url, created_at)

     

       46
       +
       		VALUES ($1, $2, $3, NOW())

     

       47
       +
       		ON CONFLICT (did) DO NOTHING

     

       48
       +
       	`

     

       49
       +
       	_, err := db.Exec(query, did, handle, "https://bsky.social")

     

       50
       +
       	require.NoError(t, err, "Failed to create test user")

     

       51
       +
       }

     

       52
       +
       

     

       53
       +
       func TestVoteRepo_Create(t *testing.T) {

     

       54
       +
       	db := setupTestDB(t)

     

       55
       +
       	defer db.Close()

     

       56
       +
       	defer cleanupVotes(t, db)

     

       57
       +
       

     

       58
       +
       	repo := NewVoteRepository(db)

     

       59
       +
       	ctx := context.Background()

     

       60
       +
       

     

       61
       +
       	// Create test voter

     

       62
       +
       	voterDID := "did:plc:testvoter123"

     

       63
       +
       	createTestUser(t, db, "testvoter123.test", voterDID)

     

       64
       +
       

     

       65
       +
       	vote := &votes.Vote{

     

       66
       +
       		URI:        "at://did:plc:testvoter123/social.coves.interaction.vote/3k1234567890",

     

       67
       +
       		CID:        "bafyreigtest123",

     

       68
       +
       		RKey:       "3k1234567890",

     

       69
       +
       		VoterDID:   voterDID,

     

       70
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/abc123",

     

       71
       +
       		SubjectCID: "bafyreigpost123",

     

       72
       +
       		Direction:  "up",

     

       73
       +
       		CreatedAt:  time.Now(),

     

       74
       +
       	}

     

       75
       +
       

     

       76
       +
       	err := repo.Create(ctx, vote)

     

       77
       +
       	assert.NoError(t, err)

     

       78
       +
       	assert.NotZero(t, vote.ID, "Vote ID should be set after creation")

     

       79
       +
       	assert.NotZero(t, vote.IndexedAt, "IndexedAt should be set after creation")

     

       80
       +
       }

     

       81
       +
       

     

       82
       +
       func TestVoteRepo_Create_Idempotent(t *testing.T) {

     

       83
       +
       	db := setupTestDB(t)

     

       84
       +
       	defer db.Close()

     

       85
       +
       	defer cleanupVotes(t, db)

     

       86
       +
       

     

       87
       +
       	repo := NewVoteRepository(db)

     

       88
       +
       	ctx := context.Background()

     

       89
       +
       

     

       90
       +
       	voterDID := "did:plc:testvoter456"

     

       91
       +
       	createTestUser(t, db, "testvoter456.test", voterDID)

     

       92
       +
       

     

       93
       +
       	vote := &votes.Vote{

     

       94
       +
       		URI:        "at://did:plc:testvoter456/social.coves.interaction.vote/3k9876543210",

     

       95
       +
       		CID:        "bafyreigtest456",

     

       96
       +
       		RKey:       "3k9876543210",

     

       97
       +
       		VoterDID:   voterDID,

     

       98
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/xyz789",

     

       99
       +
       		SubjectCID: "bafyreigpost456",

     

       100
       +
       		Direction:  "down",

     

       101
       +
       		CreatedAt:  time.Now(),

     

       102
       +
       	}

     

       103
       +
       

     

       104
       +
       	// Create first time

     

       105
       +
       	err := repo.Create(ctx, vote)

     

       106
       +
       	require.NoError(t, err)

     

       107
       +
       

     

       108
       +
       	// Create again with same URI - should be idempotent (no error)

     

       109
       +
       	vote2 := &votes.Vote{

     

       110
       +
       		URI:        vote.URI, // Same URI

     

       111
       +
       		CID:        "bafyreigdifferent",

     

       112
       +
       		RKey:       vote.RKey,

     

       113
       +
       		VoterDID:   voterDID,

     

       114
       +
       		SubjectURI: vote.SubjectURI,

     

       115
       +
       		SubjectCID: vote.SubjectCID,

     

       116
       +
       		Direction:  "up", // Different direction

     

       117
       +
       		CreatedAt:  time.Now(),

     

       118
       +
       	}

     

       119
       +
       

     

       120
       +
       	err = repo.Create(ctx, vote2)

     

       121
       +
       	assert.NoError(t, err, "Creating duplicate URI should be idempotent (ON CONFLICT DO NOTHING)")

     

       122
       +
       }

     

       123
       +
       

     

       124
       +
       func TestVoteRepo_Create_VoterNotFound(t *testing.T) {

     

       125
       +
       	db := setupTestDB(t)

     

       126
       +
       	defer db.Close()

     

       127
       +
       	defer cleanupVotes(t, db)

     

       128
       +
       

     

       129
       +
       	repo := NewVoteRepository(db)

     

       130
       +
       	ctx := context.Background()

     

       131
       +
       

     

       132
       +
       	// Don't create test user - vote should still be created (FK removed)

     

       133
       +
       	// This allows votes to be indexed before users in Jetstream

     

       134
       +
       	vote := &votes.Vote{

     

       135
       +
       		URI:        "at://did:plc:nonexistentvoter/social.coves.interaction.vote/3k1111111111",

     

       136
       +
       		CID:        "bafyreignovoter",

     

       137
       +
       		RKey:       "3k1111111111",

     

       138
       +
       		VoterDID:   "did:plc:nonexistentvoter",

     

       139
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/test123",

     

       140
       +
       		SubjectCID: "bafyreigpost789",

     

       141
       +
       		Direction:  "up",

     

       142
       +
       		CreatedAt:  time.Now(),

     

       143
       +
       	}

     

       144
       +
       

     

       145
       +
       	err := repo.Create(ctx, vote)

     

       146
       +
       	if err != nil {

     

       147
       +
       		t.Logf("Create error: %v", err)

     

       148
       +
       	}

     

       149
       +
       	assert.NoError(t, err, "Vote should be created even if voter doesn't exist (FK removed)")

     

       150
       +
       	assert.NotZero(t, vote.ID, "Vote should have an ID")

     

       151
       +
       	t.Logf("Vote created with ID: %d", vote.ID)

     

       152
       +
       }

     

       153
       +
       

     

       154
       +
       func TestVoteRepo_GetByURI(t *testing.T) {

     

       155
       +
       	db := setupTestDB(t)

     

       156
       +
       	defer db.Close()

     

       157
       +
       	defer cleanupVotes(t, db)

     

       158
       +
       

     

       159
       +
       	repo := NewVoteRepository(db)

     

       160
       +
       	ctx := context.Background()

     

       161
       +
       

     

       162
       +
       	voterDID := "did:plc:testvoter789"

     

       163
       +
       	createTestUser(t, db, "testvoter789.test", voterDID)

     

       164
       +
       

     

       165
       +
       	// Create vote

     

       166
       +
       	vote := &votes.Vote{

     

       167
       +
       		URI:        "at://did:plc:testvoter789/social.coves.interaction.vote/3k5555555555",

     

       168
       +
       		CID:        "bafyreigtest789",

     

       169
       +
       		RKey:       "3k5555555555",

     

       170
       +
       		VoterDID:   voterDID,

     

       171
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/post123",

     

       172
       +
       		SubjectCID: "bafyreigpost999",

     

       173
       +
       		Direction:  "up",

     

       174
       +
       		CreatedAt:  time.Now(),

     

       175
       +
       	}

     

       176
       +
       	err := repo.Create(ctx, vote)

     

       177
       +
       	require.NoError(t, err)

     

       178
       +
       

     

       179
       +
       	// Retrieve by URI

     

       180
       +
       	retrieved, err := repo.GetByURI(ctx, vote.URI)

     

       181
       +
       	assert.NoError(t, err)

     

       182
       +
       	assert.Equal(t, vote.URI, retrieved.URI)

     

       183
       +
       	assert.Equal(t, vote.VoterDID, retrieved.VoterDID)

     

       184
       +
       	assert.Equal(t, vote.Direction, retrieved.Direction)

     

       185
       +
       	assert.Nil(t, retrieved.DeletedAt, "DeletedAt should be nil for active vote")

     

       186
       +
       }

     

       187
       +
       

     

       188
       +
       func TestVoteRepo_GetByURI_NotFound(t *testing.T) {

     

       189
       +
       	db := setupTestDB(t)

     

       190
       +
       	defer db.Close()

     

       191
       +
       

     

       192
       +
       	repo := NewVoteRepository(db)

     

       193
       +
       	ctx := context.Background()

     

       194
       +
       

     

       195
       +
       	_, err := repo.GetByURI(ctx, "at://did:plc:nonexistent/social.coves.interaction.vote/nope")

     

       196
       +
       	assert.ErrorIs(t, err, votes.ErrVoteNotFound)

     

       197
       +
       }

     

       198
       +
       

     

       199
       +
       func TestVoteRepo_GetByVoterAndSubject(t *testing.T) {

     

       200
       +
       	db := setupTestDB(t)

     

       201
       +
       	defer db.Close()

     

       202
       +
       	defer cleanupVotes(t, db)

     

       203
       +
       

     

       204
       +
       	repo := NewVoteRepository(db)

     

       205
       +
       	ctx := context.Background()

     

       206
       +
       

     

       207
       +
       	voterDID := "did:plc:testvoter999"

     

       208
       +
       	createTestUser(t, db, "testvoter999.test", voterDID)

     

       209
       +
       

     

       210
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/subject123"

     

       211
       +
       

     

       212
       +
       	// Create vote

     

       213
       +
       	vote := &votes.Vote{

     

       214
       +
       		URI:        "at://did:plc:testvoter999/social.coves.interaction.vote/3k6666666666",

     

       215
       +
       		CID:        "bafyreigtest999",

     

       216
       +
       		RKey:       "3k6666666666",

     

       217
       +
       		VoterDID:   voterDID,

     

       218
       +
       		SubjectURI: subjectURI,

     

       219
       +
       		SubjectCID: "bafyreigsubject123",

     

       220
       +
       		Direction:  "down",

     

       221
       +
       		CreatedAt:  time.Now(),

     

       222
       +
       	}

     

       223
       +
       	err := repo.Create(ctx, vote)

     

       224
       +
       	require.NoError(t, err)

     

       225
       +
       

     

       226
       +
       	// Retrieve by voter + subject

     

       227
       +
       	retrieved, err := repo.GetByVoterAndSubject(ctx, voterDID, subjectURI)

     

       228
       +
       	assert.NoError(t, err)

     

       229
       +
       	assert.Equal(t, vote.URI, retrieved.URI)

     

       230
       +
       	assert.Equal(t, voterDID, retrieved.VoterDID)

     

       231
       +
       	assert.Equal(t, subjectURI, retrieved.SubjectURI)

     

       232
       +
       }

     

       233
       +
       

     

       234
       +
       func TestVoteRepo_GetByVoterAndSubject_NotFound(t *testing.T) {

     

       235
       +
       	db := setupTestDB(t)

     

       236
       +
       	defer db.Close()

     

       237
       +
       

     

       238
       +
       	repo := NewVoteRepository(db)

     

       239
       +
       	ctx := context.Background()

     

       240
       +
       

     

       241
       +
       	_, err := repo.GetByVoterAndSubject(ctx, "did:plc:nobody", "at://did:plc:community/social.coves.post.record/nopost")

     

       242
       +
       	assert.ErrorIs(t, err, votes.ErrVoteNotFound)

     

       243
       +
       }

     

       244
       +
       

     

       245
       +
       func TestVoteRepo_Delete(t *testing.T) {

     

       246
       +
       	db := setupTestDB(t)

     

       247
       +
       	defer db.Close()

     

       248
       +
       	defer cleanupVotes(t, db)

     

       249
       +
       

     

       250
       +
       	repo := NewVoteRepository(db)

     

       251
       +
       	ctx := context.Background()

     

       252
       +
       

     

       253
       +
       	voterDID := "did:plc:testvoterdelete"

     

       254
       +
       	createTestUser(t, db, "testvoterdelete.test", voterDID)

     

       255
       +
       

     

       256
       +
       	// Create vote

     

       257
       +
       	vote := &votes.Vote{

     

       258
       +
       		URI:        "at://did:plc:testvoterdelete/social.coves.interaction.vote/3k7777777777",

     

       259
       +
       		CID:        "bafyreigdelete",

     

       260
       +
       		RKey:       "3k7777777777",

     

       261
       +
       		VoterDID:   voterDID,

     

       262
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/deletetest",

     

       263
       +
       		SubjectCID: "bafyreigdeletepost",

     

       264
       +
       		Direction:  "up",

     

       265
       +
       		CreatedAt:  time.Now(),

     

       266
       +
       	}

     

       267
       +
       	err := repo.Create(ctx, vote)

     

       268
       +
       	require.NoError(t, err)

     

       269
       +
       

     

       270
       +
       	// Delete vote

     

       271
       +
       	err = repo.Delete(ctx, vote.URI)

     

       272
       +
       	assert.NoError(t, err)

     

       273
       +
       

     

       274
       +
       	// Verify vote is soft-deleted (still exists but has deleted_at)

     

       275
       +
       	retrieved, err := repo.GetByURI(ctx, vote.URI)

     

       276
       +
       	assert.NoError(t, err)

     

       277
       +
       	assert.NotNil(t, retrieved.DeletedAt, "DeletedAt should be set after deletion")

     

       278
       +
       

     

       279
       +
       	// GetByVoterAndSubject should not find deleted votes

     

       280
       +
       	_, err = repo.GetByVoterAndSubject(ctx, voterDID, vote.SubjectURI)

     

       281
       +
       	assert.ErrorIs(t, err, votes.ErrVoteNotFound, "GetByVoterAndSubject should not return deleted votes")

     

       282
       +
       }

     

       283
       +
       

     

       284
       +
       func TestVoteRepo_Delete_Idempotent(t *testing.T) {

     

       285
       +
       	db := setupTestDB(t)

     

       286
       +
       	defer db.Close()

     

       287
       +
       	defer cleanupVotes(t, db)

     

       288
       +
       

     

       289
       +
       	repo := NewVoteRepository(db)

     

       290
       +
       	ctx := context.Background()

     

       291
       +
       

     

       292
       +
       	voterDID := "did:plc:testvoterdelete2"

     

       293
       +
       	createTestUser(t, db, "testvoterdelete2.test", voterDID)

     

       294
       +
       

     

       295
       +
       	vote := &votes.Vote{

     

       296
       +
       		URI:        "at://did:plc:testvoterdelete2/social.coves.interaction.vote/3k8888888888",

     

       297
       +
       		CID:        "bafyreigdelete2",

     

       298
       +
       		RKey:       "3k8888888888",

     

       299
       +
       		VoterDID:   voterDID,

     

       300
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/deletetest2",

     

       301
       +
       		SubjectCID: "bafyreigdeletepost2",

     

       302
       +
       		Direction:  "down",

     

       303
       +
       		CreatedAt:  time.Now(),

     

       304
       +
       	}

     

       305
       +
       	err := repo.Create(ctx, vote)

     

       306
       +
       	require.NoError(t, err)

     

       307
       +
       

     

       308
       +
       	// Delete first time

     

       309
       +
       	err = repo.Delete(ctx, vote.URI)

     

       310
       +
       	assert.NoError(t, err)

     

       311
       +
       

     

       312
       +
       	// Delete again - should be idempotent (no error)

     

       313
       +
       	err = repo.Delete(ctx, vote.URI)

     

       314
       +
       	assert.NoError(t, err, "Deleting already deleted vote should be idempotent")

     

       315
       +
       }

     

       316
       +
       

     

       317
       +
       func TestVoteRepo_ListBySubject(t *testing.T) {

     

       318
       +
       	db := setupTestDB(t)

     

       319
       +
       	defer db.Close()

     

       320
       +
       	defer cleanupVotes(t, db)

     

       321
       +
       

     

       322
       +
       	repo := NewVoteRepository(db)

     

       323
       +
       	ctx := context.Background()

     

       324
       +
       

     

       325
       +
       	voterDID1 := "did:plc:testvoterlist1"

     

       326
       +
       	voterDID2 := "did:plc:testvoterlist2"

     

       327
       +
       	createTestUser(t, db, "testvoterlist1.test", voterDID1)

     

       328
       +
       	createTestUser(t, db, "testvoterlist2.test", voterDID2)

     

       329
       +
       

     

       330
       +
       	subjectURI := "at://did:plc:community/social.coves.post.record/listtest"

     

       331
       +
       

     

       332
       +
       	// Create multiple votes on same subject

     

       333
       +
       	vote1 := &votes.Vote{

     

       334
       +
       		URI:        "at://did:plc:testvoterlist1/social.coves.interaction.vote/3k9999999991",

     

       335
       +
       		CID:        "bafyreiglist1",

     

       336
       +
       		RKey:       "3k9999999991",

     

       337
       +
       		VoterDID:   voterDID1,

     

       338
       +
       		SubjectURI: subjectURI,

     

       339
       +
       		SubjectCID: "bafyreiglistpost",

     

       340
       +
       		Direction:  "up",

     

       341
       +
       		CreatedAt:  time.Now(),

     

       342
       +
       	}

     

       343
       +
       	vote2 := &votes.Vote{

     

       344
       +
       		URI:        "at://did:plc:testvoterlist2/social.coves.interaction.vote/3k9999999992",

     

       345
       +
       		CID:        "bafyreiglist2",

     

       346
       +
       		RKey:       "3k9999999992",

     

       347
       +
       		VoterDID:   voterDID2,

     

       348
       +
       		SubjectURI: subjectURI,

     

       349
       +
       		SubjectCID: "bafyreiglistpost",

     

       350
       +
       		Direction:  "down",

     

       351
       +
       		CreatedAt:  time.Now(),

     

       352
       +
       	}

     

       353
       +
       

     

       354
       +
       	require.NoError(t, repo.Create(ctx, vote1))

     

       355
       +
       	require.NoError(t, repo.Create(ctx, vote2))

     

       356
       +
       

     

       357
       +
       	// List votes

     

       358
       +
       	result, err := repo.ListBySubject(ctx, subjectURI, 10, 0)

     

       359
       +
       	assert.NoError(t, err)

     

       360
       +
       	assert.Len(t, result, 2, "Should find 2 votes on subject")

     

       361
       +
       }

     

       362
       +
       

     

       363
       +
       func TestVoteRepo_ListByVoter(t *testing.T) {

     

       364
       +
       	db := setupTestDB(t)

     

       365
       +
       	defer db.Close()

     

       366
       +
       	defer cleanupVotes(t, db)

     

       367
       +
       

     

       368
       +
       	repo := NewVoteRepository(db)

     

       369
       +
       	ctx := context.Background()

     

       370
       +
       

     

       371
       +
       	voterDID := "did:plc:testvoterlistvoter"

     

       372
       +
       	createTestUser(t, db, "testvoterlistvoter.test", voterDID)

     

       373
       +
       

     

       374
       +
       	// Create multiple votes by same voter

     

       375
       +
       	vote1 := &votes.Vote{

     

       376
       +
       		URI:        "at://did:plc:testvoterlistvoter/social.coves.interaction.vote/3k0000000001",

     

       377
       +
       		CID:        "bafyreigvoter1",

     

       378
       +
       		RKey:       "3k0000000001",

     

       379
       +
       		VoterDID:   voterDID,

     

       380
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/post1",

     

       381
       +
       		SubjectCID: "bafyreigp1",

     

       382
       +
       		Direction:  "up",

     

       383
       +
       		CreatedAt:  time.Now(),

     

       384
       +
       	}

     

       385
       +
       	vote2 := &votes.Vote{

     

       386
       +
       		URI:        "at://did:plc:testvoterlistvoter/social.coves.interaction.vote/3k0000000002",

     

       387
       +
       		CID:        "bafyreigvoter2",

     

       388
       +
       		RKey:       "3k0000000002",

     

       389
       +
       		VoterDID:   voterDID,

     

       390
       +
       		SubjectURI: "at://did:plc:community/social.coves.post.record/post2",

     

       391
       +
       		SubjectCID: "bafyreigp2",

     

       392
       +
       		Direction:  "down",

     

       393
       +
       		CreatedAt:  time.Now(),

     

       394
       +
       	}

     

       395
       +
       

     

       396
       +
       	require.NoError(t, repo.Create(ctx, vote1))

     

       397
       +
       	require.NoError(t, repo.Create(ctx, vote2))

     

       398
       +
       

     

       399
       +
       	// List votes by voter

     

       400
       +
       	result, err := repo.ListByVoter(ctx, voterDID, 10, 0)

     

       401
       +
       	assert.NoError(t, err)

     

       402
       +
       	assert.Len(t, result, 2, "Should find 2 votes by voter")

     

       403
       +
       }

+789

tests/integration/vote_e2e_test.go

···

       1
       +
       package integration

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/handlers/vote"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/atproto/identity"

     

       7
       +
       	"Coves/internal/atproto/jetstream"

     

       8
       +
       	"Coves/internal/core/communities"

     

       9
       +
       	"Coves/internal/core/posts"

     

       10
       +
       	"Coves/internal/core/users"

     

       11
       +
       	"Coves/internal/core/votes"

     

       12
       +
       	"Coves/internal/db/postgres"

     

       13
       +
       	"bytes"

     

       14
       +
       	"context"

     

       15
       +
       	"database/sql"

     

       16
       +
       	"encoding/json"

     

       17
       +
       	"fmt"

     

       18
       +
       	"net"

     

       19
       +
       	"net/http"

     

       20
       +
       	"net/http/httptest"

     

       21
       +
       	"os"

     

       22
       +
       	"strings"

     

       23
       +
       	"testing"

     

       24
       +
       	"time"

     

       25
       +
       

     

       26
       +
       	"github.com/gorilla/websocket"

     

       27
       +
       	_ "github.com/lib/pq"

     

       28
       +
       	"github.com/pressly/goose/v3"

     

       29
       +
       	"github.com/stretchr/testify/assert"

     

       30
       +
       	"github.com/stretchr/testify/require"

     

       31
       +
       )

     

       32
       +
       

     

       33
       +
       // TestVote_E2E_WithJetstream tests the full vote flow with simulated Jetstream:

     

       34
       +
       // XRPC endpoint → AppView Service → PDS write → (Simulated) Jetstream consumer → DB indexing

     

       35
       +
       //

     

       36
       +
       // This is a fast integration test that simulates what happens in production:

     

       37
       +
       // 1. Client calls POST /xrpc/social.coves.interaction.createVote with auth token

     

       38
       +
       // 2. Handler validates and calls VoteService.CreateVote()

     

       39
       +
       // 3. Service writes vote to user's PDS repository

     

       40
       +
       // 4. (Simulated) PDS broadcasts event to Jetstream

     

       41
       +
       // 5. Jetstream consumer receives event and indexes vote in AppView DB

     

       42
       +
       // 6. Vote is now queryable from AppView + post counts updated

     

       43
       +
       //

     

       44
       +
       // NOTE: This test simulates the Jetstream event (step 4-5) since we don't have

     

       45
       +
       // a live PDS/Jetstream in test environment. For true live testing, use TestVote_E2E_LivePDS.

     

       46
       +
       func TestVote_E2E_WithJetstream(t *testing.T) {

     

       47
       +
       	db := setupTestDB(t)

     

       48
       +
       	defer func() {

     

       49
       +
       		if err := db.Close(); err != nil {

     

       50
       +
       			t.Logf("Failed to close database: %v", err)

     

       51
       +
       		}

     

       52
       +
       	}()

     

       53
       +
       

     

       54
       +
       	// Cleanup old test data first

     

       55
       +
       	_, _ = db.Exec("DELETE FROM votes WHERE voter_did LIKE 'did:plc:votee2e%'")

     

       56
       +
       	_, _ = db.Exec("DELETE FROM posts WHERE community_did = 'did:plc:votecommunity123'")

     

       57
       +
       	_, _ = db.Exec("DELETE FROM communities WHERE did = 'did:plc:votecommunity123'")

     

       58
       +
       	_, _ = db.Exec("DELETE FROM users WHERE did LIKE 'did:plc:votee2e%'")

     

       59
       +
       

     

       60
       +
       	// Setup repositories

     

       61
       +
       	userRepo := postgres.NewUserRepository(db)

     

       62
       +
       	communityRepo := postgres.NewCommunityRepository(db)

     

       63
       +
       	postRepo := postgres.NewPostRepository(db)

     

       64
       +
       	voteRepo := postgres.NewVoteRepository(db)

     

       65
       +
       

     

       66
       +
       	// Setup user service for consumers

     

       67
       +
       	identityConfig := identity.DefaultConfig()

     

       68
       +
       	identityResolver := identity.NewResolver(db, identityConfig)

     

       69
       +
       	userService := users.NewUserService(userRepo, identityResolver, "http://localhost:3001")

     

       70
       +
       

     

       71
       +
       	// Create test users (voter and author)

     

       72
       +
       	voter := createTestUser(t, db, "voter.test", "did:plc:votee2evoter123")

     

       73
       +
       	author := createTestUser(t, db, "author.test", "did:plc:votee2eauthor123")

     

       74
       +
       

     

       75
       +
       	// Create test community

     

       76
       +
       	community := &communities.Community{

     

       77
       +
       		DID:             "did:plc:votecommunity123",

     

       78
       +
       		Handle:          "votecommunity.test.coves.social",

     

       79
       +
       		Name:            "votecommunity",

     

       80
       +
       		DisplayName:     "Vote Test Community",

     

       81
       +
       		OwnerDID:        "did:plc:votecommunity123",

     

       82
       +
       		CreatedByDID:    author.DID,

     

       83
       +
       		HostedByDID:     "did:web:coves.test",

     

       84
       +
       		Visibility:      "public",

     

       85
       +
       		ModerationType:  "moderator",

     

       86
       +
       		RecordURI:       "at://did:plc:votecommunity123/social.coves.community.profile/self",

     

       87
       +
       		RecordCID:       "fakecid123",

     

       88
       +
       		PDSAccessToken:  "fake_token_for_testing",

     

       89
       +
       		PDSRefreshToken: "fake_refresh_token",

     

       90
       +
       	}

     

       91
       +
       	_, err := communityRepo.Create(context.Background(), community)

     

       92
       +
       	if err != nil {

     

       93
       +
       		t.Fatalf("Failed to create test community: %v", err)

     

       94
       +
       	}

     

       95
       +
       

     

       96
       +
       	// Create test post (subject of votes)

     

       97
       +
       	postRkey := generateTID()

     

       98
       +
       	postURI := fmt.Sprintf("at://%s/social.coves.post.record/%s", community.DID, postRkey)

     

       99
       +
       	postCID := "bafy2bzacepostcid123"

     

       100
       +
       	post := &posts.Post{

     

       101
       +
       		URI:          postURI,

     

       102
       +
       		CID:          postCID,

     

       103
       +
       		RKey:         postRkey,

     

       104
       +
       		AuthorDID:    author.DID,

     

       105
       +
       		CommunityDID: community.DID,

     

       106
       +
       		Title:        stringPtr("Test Post for Voting"),

     

       107
       +
       		Content:      stringPtr("This post will receive votes"),

     

       108
       +
       		CreatedAt:    time.Now(),

     

       109
       +
       		UpvoteCount:  0,

     

       110
       +
       		DownvoteCount: 0,

     

       111
       +
       		Score:        0,

     

       112
       +
       	}

     

       113
       +
       	err = postRepo.Create(context.Background(), post)

     

       114
       +
       	if err != nil {

     

       115
       +
       		t.Fatalf("Failed to create test post: %v", err)

     

       116
       +
       	}

     

       117
       +
       

     

       118
       +
       	t.Run("Full E2E flow - Create upvote via Jetstream", func(t *testing.T) {

     

       119
       +
       		ctx := context.Background()

     

       120
       +
       

     

       121
       +
       		// STEP 1: Simulate Jetstream consumer receiving a vote CREATE event

     

       122
       +
       		// In real production, this event comes from PDS via Jetstream WebSocket

     

       123
       +
       		voteRkey := generateTID()

     

       124
       +
       		voteURI := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", voter.DID, voteRkey)

     

       125
       +
       

     

       126
       +
       		jetstreamEvent := jetstream.JetstreamEvent{

     

       127
       +
       			Did:  voter.DID, // Vote comes from voter's repo

     

       128
       +
       			Kind: "commit",

     

       129
       +
       			Commit: &jetstream.CommitEvent{

     

       130
       +
       				Operation:  "create",

     

       131
       +
       				Collection: "social.coves.interaction.vote",

     

       132
       +
       				RKey:       voteRkey,

     

       133
       +
       				CID:        "bafy2bzacevotecid123",

     

       134
       +
       				Record: map[string]interface{}{

     

       135
       +
       					"$type": "social.coves.interaction.vote",

     

       136
       +
       					"subject": map[string]interface{}{

     

       137
       +
       						"uri": postURI,

     

       138
       +
       						"cid": postCID,

     

       139
       +
       					},

     

       140
       +
       					"direction": "up",

     

       141
       +
       					"createdAt": time.Now().Format(time.RFC3339),

     

       142
       +
       				},

     

       143
       +
       			},

     

       144
       +
       		}

     

       145
       +
       

     

       146
       +
       		// STEP 2: Process event through Jetstream consumer

     

       147
       +
       		consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       148
       +
       		err := consumer.HandleEvent(ctx, &jetstreamEvent)

     

       149
       +
       		if err != nil {

     

       150
       +
       			t.Fatalf("Jetstream consumer failed to process event: %v", err)

     

       151
       +
       		}

     

       152
       +
       

     

       153
       +
       		// STEP 3: Verify vote was indexed in AppView database

     

       154
       +
       		indexedVote, err := voteRepo.GetByURI(ctx, voteURI)

     

       155
       +
       		if err != nil {

     

       156
       +
       			t.Fatalf("Vote not indexed in AppView: %v", err)

     

       157
       +
       		}

     

       158
       +
       

     

       159
       +
       		// STEP 4: Verify vote fields are correct

     

       160
       +
       		assert.Equal(t, voteURI, indexedVote.URI, "Vote URI should match")

     

       161
       +
       		assert.Equal(t, voter.DID, indexedVote.VoterDID, "Voter DID should match")

     

       162
       +
       		assert.Equal(t, postURI, indexedVote.SubjectURI, "Subject URI should match")

     

       163
       +
       		assert.Equal(t, postCID, indexedVote.SubjectCID, "Subject CID should match (strong reference)")

     

       164
       +
       		assert.Equal(t, "up", indexedVote.Direction, "Direction should be 'up'")

     

       165
       +
       

     

       166
       +
       		// STEP 5: Verify post vote counts were updated atomically

     

       167
       +
       		updatedPost, err := postRepo.GetByURI(ctx, postURI)

     

       168
       +
       		require.NoError(t, err, "Post should still exist")

     

       169
       +
       		assert.Equal(t, 1, updatedPost.UpvoteCount, "Post upvote_count should be 1")

     

       170
       +
       		assert.Equal(t, 0, updatedPost.DownvoteCount, "Post downvote_count should be 0")

     

       171
       +
       		assert.Equal(t, 1, updatedPost.Score, "Post score should be 1 (upvotes - downvotes)")

     

       172
       +
       

     

       173
       +
       		t.Logf("✓ E2E test passed! Vote indexed with URI: %s, post upvotes: %d", indexedVote.URI, updatedPost.UpvoteCount)

     

       174
       +
       	})

     

       175
       +
       

     

       176
       +
       	t.Run("Create downvote and verify counts", func(t *testing.T) {

     

       177
       +
       		ctx := context.Background()

     

       178
       +
       

     

       179
       +
       		// Create a different voter for this test to avoid unique constraint violation

     

       180
       +
       		downvoter := createTestUser(t, db, "downvoter.test", "did:plc:votee2edownvoter")

     

       181
       +
       

     

       182
       +
       		// Create downvote

     

       183
       +
       		voteRkey := generateTID()

     

       184
       +
       		voteURI := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", downvoter.DID, voteRkey)

     

       185
       +
       

     

       186
       +
       		jetstreamEvent := jetstream.JetstreamEvent{

     

       187
       +
       			Did:  downvoter.DID,

     

       188
       +
       			Kind: "commit",

     

       189
       +
       			Commit: &jetstream.CommitEvent{

     

       190
       +
       				Operation:  "create",

     

       191
       +
       				Collection: "social.coves.interaction.vote",

     

       192
       +
       				RKey:       voteRkey,

     

       193
       +
       				CID:        "bafy2bzacedownvotecid",

     

       194
       +
       				Record: map[string]interface{}{

     

       195
       +
       					"$type": "social.coves.interaction.vote",

     

       196
       +
       					"subject": map[string]interface{}{

     

       197
       +
       						"uri": postURI,

     

       198
       +
       						"cid": postCID,

     

       199
       +
       					},

     

       200
       +
       					"direction": "down",

     

       201
       +
       					"createdAt": time.Now().Format(time.RFC3339),

     

       202
       +
       				},

     

       203
       +
       			},

     

       204
       +
       		}

     

       205
       +
       

     

       206
       +
       		consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       207
       +
       		err := consumer.HandleEvent(ctx, &jetstreamEvent)

     

       208
       +
       		require.NoError(t, err, "Consumer should process downvote")

     

       209
       +
       

     

       210
       +
       		// Verify vote indexed

     

       211
       +
       		indexedVote, err := voteRepo.GetByURI(ctx, voteURI)

     

       212
       +
       		require.NoError(t, err, "Downvote should be indexed")

     

       213
       +
       		assert.Equal(t, "down", indexedVote.Direction, "Direction should be 'down'")

     

       214
       +
       

     

       215
       +
       		// Verify post counts (now has 1 upvote + 1 downvote from previous test)

     

       216
       +
       		updatedPost, err := postRepo.GetByURI(ctx, postURI)

     

       217
       +
       		require.NoError(t, err)

     

       218
       +
       		assert.Equal(t, 1, updatedPost.UpvoteCount, "Upvote count should still be 1")

     

       219
       +
       		assert.Equal(t, 1, updatedPost.DownvoteCount, "Downvote count should be 1")

     

       220
       +
       		assert.Equal(t, 0, updatedPost.Score, "Score should be 0 (1 up - 1 down)")

     

       221
       +
       

     

       222
       +
       		t.Logf("✓ Downvote indexed, post counts: up=%d down=%d score=%d",

     

       223
       +
       			updatedPost.UpvoteCount, updatedPost.DownvoteCount, updatedPost.Score)

     

       224
       +
       	})

     

       225
       +
       

     

       226
       +
       	t.Run("Delete vote and verify counts decremented", func(t *testing.T) {

     

       227
       +
       		ctx := context.Background()

     

       228
       +
       

     

       229
       +
       		// Create a different voter for this test

     

       230
       +
       		deletevoter := createTestUser(t, db, "deletevoter.test", "did:plc:votee2edeletevoter")

     

       231
       +
       

     

       232
       +
       		// Get current counts

     

       233
       +
       		beforePost, _ := postRepo.GetByURI(ctx, postURI)

     

       234
       +
       

     

       235
       +
       		// Create a vote first

     

       236
       +
       		voteRkey := generateTID()

     

       237
       +
       		voteURI := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", deletevoter.DID, voteRkey)

     

       238
       +
       

     

       239
       +
       		createEvent := jetstream.JetstreamEvent{

     

       240
       +
       			Did:  deletevoter.DID,

     

       241
       +
       			Kind: "commit",

     

       242
       +
       			Commit: &jetstream.CommitEvent{

     

       243
       +
       				Operation:  "create",

     

       244
       +
       				Collection: "social.coves.interaction.vote",

     

       245
       +
       				RKey:       voteRkey,

     

       246
       +
       				CID:        "bafy2bzacedeleteme",

     

       247
       +
       				Record: map[string]interface{}{

     

       248
       +
       					"$type": "social.coves.interaction.vote",

     

       249
       +
       					"subject": map[string]interface{}{

     

       250
       +
       						"uri": postURI,

     

       251
       +
       						"cid": postCID,

     

       252
       +
       					},

     

       253
       +
       					"direction": "up",

     

       254
       +
       					"createdAt": time.Now().Format(time.RFC3339),

     

       255
       +
       				},

     

       256
       +
       			},

     

       257
       +
       		}

     

       258
       +
       

     

       259
       +
       		consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       260
       +
       		err := consumer.HandleEvent(ctx, &createEvent)

     

       261
       +
       		require.NoError(t, err)

     

       262
       +
       

     

       263
       +
       		// Now delete it

     

       264
       +
       		deleteEvent := jetstream.JetstreamEvent{

     

       265
       +
       			Did:  deletevoter.DID,

     

       266
       +
       			Kind: "commit",

     

       267
       +
       			Commit: &jetstream.CommitEvent{

     

       268
       +
       				Operation:  "delete",

     

       269
       +
       				Collection: "social.coves.interaction.vote",

     

       270
       +
       				RKey:       voteRkey,

     

       271
       +
       			},

     

       272
       +
       		}

     

       273
       +
       

     

       274
       +
       		err = consumer.HandleEvent(ctx, &deleteEvent)

     

       275
       +
       		require.NoError(t, err, "Consumer should process delete")

     

       276
       +
       

     

       277
       +
       		// Verify vote is soft-deleted

     

       278
       +
       		deletedVote, err := voteRepo.GetByURI(ctx, voteURI)

     

       279
       +
       		require.NoError(t, err, "Vote should still exist (soft delete)")

     

       280
       +
       		assert.NotNil(t, deletedVote.DeletedAt, "Vote should have deleted_at timestamp")

     

       281
       +
       

     

       282
       +
       		// Verify post counts decremented

     

       283
       +
       		afterPost, err := postRepo.GetByURI(ctx, postURI)

     

       284
       +
       		require.NoError(t, err)

     

       285
       +
       		assert.Equal(t, beforePost.UpvoteCount, afterPost.UpvoteCount,

     

       286
       +
       			"Upvote count should be back to original (delete decremented)")

     

       287
       +
       

     

       288
       +
       		t.Logf("✓ Vote deleted, counts decremented correctly")

     

       289
       +
       	})

     

       290
       +
       

     

       291
       +
       	t.Run("Idempotent indexing - duplicate events", func(t *testing.T) {

     

       292
       +
       		ctx := context.Background()

     

       293
       +
       

     

       294
       +
       		// Create a different voter for this test

     

       295
       +
       		idempotentvoter := createTestUser(t, db, "idempotentvoter.test", "did:plc:votee2eidempotent")

     

       296
       +
       

     

       297
       +
       		// Create a vote

     

       298
       +
       		voteRkey := generateTID()

     

       299
       +
       		voteURI := fmt.Sprintf("at://%s/social.coves.interaction.vote/%s", idempotentvoter.DID, voteRkey)

     

       300
       +
       

     

       301
       +
       		event := jetstream.JetstreamEvent{

     

       302
       +
       			Did:  idempotentvoter.DID,

     

       303
       +
       			Kind: "commit",

     

       304
       +
       			Commit: &jetstream.CommitEvent{

     

       305
       +
       				Operation:  "create",

     

       306
       +
       				Collection: "social.coves.interaction.vote",

     

       307
       +
       				RKey:       voteRkey,

     

       308
       +
       				CID:        "bafy2bzaceidempotent",

     

       309
       +
       				Record: map[string]interface{}{

     

       310
       +
       					"$type": "social.coves.interaction.vote",

     

       311
       +
       					"subject": map[string]interface{}{

     

       312
       +
       						"uri": postURI,

     

       313
       +
       						"cid": postCID,

     

       314
       +
       					},

     

       315
       +
       					"direction": "up",

     

       316
       +
       					"createdAt": time.Now().Format(time.RFC3339),

     

       317
       +
       				},

     

       318
       +
       			},

     

       319
       +
       		}

     

       320
       +
       

     

       321
       +
       		consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       322
       +
       

     

       323
       +
       		// First event - should succeed

     

       324
       +
       		err := consumer.HandleEvent(ctx, &event)

     

       325
       +
       		require.NoError(t, err, "First event should succeed")

     

       326
       +
       

     

       327
       +
       		// Get counts after first event

     

       328
       +
       		firstPost, _ := postRepo.GetByURI(ctx, postURI)

     

       329
       +
       

     

       330
       +
       		// Second event (duplicate) - should be handled gracefully

     

       331
       +
       		err = consumer.HandleEvent(ctx, &event)

     

       332
       +
       		require.NoError(t, err, "Duplicate event should be handled gracefully")

     

       333
       +
       

     

       334
       +
       		// Verify counts NOT incremented again (idempotent)

     

       335
       +
       		secondPost, err := postRepo.GetByURI(ctx, postURI)

     

       336
       +
       		require.NoError(t, err)

     

       337
       +
       		assert.Equal(t, firstPost.UpvoteCount, secondPost.UpvoteCount,

     

       338
       +
       			"Duplicate event should not increment count again")

     

       339
       +
       

     

       340
       +
       		// Verify only one vote in database

     

       341
       +
       		vote, err := voteRepo.GetByURI(ctx, voteURI)

     

       342
       +
       		require.NoError(t, err)

     

       343
       +
       		assert.Equal(t, voteURI, vote.URI, "Should still be the same vote")

     

       344
       +
       

     

       345
       +
       		t.Logf("✓ Idempotency test passed - duplicate event handled correctly")

     

       346
       +
       	})

     

       347
       +
       

     

       348
       +
       	t.Run("Security: Vote from wrong repository rejected", func(t *testing.T) {

     

       349
       +
       		ctx := context.Background()

     

       350
       +
       

     

       351
       +
       		// SECURITY TEST: Try to create a vote that claims to be from the voter

     

       352
       +
       		// but actually comes from a different user's repository

     

       353
       +
       		// This should be REJECTED by the consumer

     

       354
       +
       

     

       355
       +
       		maliciousUser := createTestUser(t, db, "hacker.test", "did:plc:hacker123")

     

       356
       +
       

     

       357
       +
       		maliciousEvent := jetstream.JetstreamEvent{

     

       358
       +
       			Did:  maliciousUser.DID, // Event from hacker's repo

     

       359
       +
       			Kind: "commit",

     

       360
       +
       			Commit: &jetstream.CommitEvent{

     

       361
       +
       				Operation:  "create",

     

       362
       +
       				Collection: "social.coves.interaction.vote",

     

       363
       +
       				RKey:       generateTID(),

     

       364
       +
       				CID:        "bafy2bzacefake",

     

       365
       +
       				Record: map[string]interface{}{

     

       366
       +
       					"$type": "social.coves.interaction.vote",

     

       367
       +
       					"subject": map[string]interface{}{

     

       368
       +
       						"uri": postURI,

     

       369
       +
       						"cid": postCID,

     

       370
       +
       					},

     

       371
       +
       					"direction": "up",

     

       372
       +
       					"createdAt": time.Now().Format(time.RFC3339),

     

       373
       +
       				},

     

       374
       +
       			},

     

       375
       +
       		}

     

       376
       +
       

     

       377
       +
       		consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       378
       +
       		err := consumer.HandleEvent(ctx, &maliciousEvent)

     

       379
       +
       

     

       380
       +
       		// Should succeed (vote is created in hacker's repo, which is valid)

     

       381
       +
       		// The vote record itself is FROM their repo, so it's legitimate

     

       382
       +
       		// This is different from posts which must come from community repo

     

       383
       +
       		assert.NoError(t, err, "Votes in user repos are valid")

     

       384
       +
       

     

       385
       +
       		t.Logf("✓ Security validation passed - user repo votes are allowed")

     

       386
       +
       	})

     

       387
       +
       }

     

       388
       +
       

     

       389
       +
       // TestVote_E2E_LivePDS tests the COMPLETE end-to-end flow with a live PDS:

     

       390
       +
       // 1. HTTP POST to /xrpc/social.coves.interaction.createVote (with auth)

     

       391
       +
       // 2. Handler → Service → Write to user's PDS repository

     

       392
       +
       // 3. PDS → Jetstream firehose event

     

       393
       +
       // 4. Jetstream consumer → Index in AppView database

     

       394
       +
       // 5. Verify vote appears in database + post counts updated

     

       395
       +
       //

     

       396
       +
       // This is a TRUE E2E test that requires:

     

       397
       +
       // - Live PDS running at PDS_URL (default: http://localhost:3001)

     

       398
       +
       // - Live Jetstream running at JETSTREAM_URL (default: ws://localhost:6008/subscribe)

     

       399
       +
       // - Test database running

     

       400
       +
       func TestVote_E2E_LivePDS(t *testing.T) {

     

       401
       +
       	if testing.Short() {

     

       402
       +
       		t.Skip("Skipping live PDS E2E test in short mode")

     

       403
       +
       	}

     

       404
       +
       

     

       405
       +
       	// Setup test database

     

       406
       +
       	dbURL := os.Getenv("TEST_DATABASE_URL")

     

       407
       +
       	if dbURL == "" {

     

       408
       +
       		dbURL = "postgres://test_user:test_password@localhost:5434/coves_test?sslmode=disable"

     

       409
       +
       	}

     

       410
       +
       

     

       411
       +
       	db, err := sql.Open("postgres", dbURL)

     

       412
       +
       	require.NoError(t, err, "Failed to connect to test database")

     

       413
       +
       	defer func() {

     

       414
       +
       		if closeErr := db.Close(); closeErr != nil {

     

       415
       +
       			t.Logf("Failed to close database: %v", closeErr)

     

       416
       +
       		}

     

       417
       +
       	}()

     

       418
       +
       

     

       419
       +
       	// Run migrations

     

       420
       +
       	require.NoError(t, goose.SetDialect("postgres"))

     

       421
       +
       	require.NoError(t, goose.Up(db, "../../internal/db/migrations"))

     

       422
       +
       

     

       423
       +
       	// Check if PDS is running

     

       424
       +
       	pdsURL := os.Getenv("PDS_URL")

     

       425
       +
       	if pdsURL == "" {

     

       426
       +
       		pdsURL = "http://localhost:3001"

     

       427
       +
       	}

     

       428
       +
       

     

       429
       +
       	healthResp, err := http.Get(pdsURL + "/xrpc/_health")

     

       430
       +
       	if err != nil {

     

       431
       +
       		t.Skipf("PDS not running at %s: %v", pdsURL, err)

     

       432
       +
       	}

     

       433
       +
       	_ = healthResp.Body.Close()

     

       434
       +
       

     

       435
       +
       	// Check if Jetstream is running

     

       436
       +
       	jetstreamHealthURL := "http://127.0.0.1:6009/metrics" // Use 127.0.0.1 for IPv4

     

       437
       +
       	jetstreamResp, err := http.Get(jetstreamHealthURL)

     

       438
       +
       	if err != nil {

     

       439
       +
       		t.Skipf("Jetstream not running: %v", err)

     

       440
       +
       	}

     

       441
       +
       	_ = jetstreamResp.Body.Close()

     

       442
       +
       

     

       443
       +
       	ctx := context.Background()

     

       444
       +
       

     

       445
       +
       	// Cleanup old test data

     

       446
       +
       	_, _ = db.Exec("DELETE FROM votes WHERE voter_did LIKE 'did:plc:votee2elive%' OR voter_did IN (SELECT did FROM users WHERE handle LIKE '%votee2elive%')")

     

       447
       +
       	_, _ = db.Exec("DELETE FROM posts WHERE community_did LIKE 'did:plc:votee2elive%'")

     

       448
       +
       	_, _ = db.Exec("DELETE FROM communities WHERE did LIKE 'did:plc:votee2elive%'")

     

       449
       +
       	_, _ = db.Exec("DELETE FROM users WHERE did LIKE 'did:plc:votee2elive%' OR handle LIKE '%votee2elive%' OR handle LIKE '%authore2e%'")

     

       450
       +
       

     

       451
       +
       	// Setup repositories and services

     

       452
       +
       	userRepo := postgres.NewUserRepository(db)

     

       453
       +
       	communityRepo := postgres.NewCommunityRepository(db)

     

       454
       +
       	postRepo := postgres.NewPostRepository(db)

     

       455
       +
       	voteRepo := postgres.NewVoteRepository(db)

     

       456
       +
       

     

       457
       +
       	identityConfig := identity.DefaultConfig()

     

       458
       +
       	identityResolver := identity.NewResolver(db, identityConfig)

     

       459
       +
       	userService := users.NewUserService(userRepo, identityResolver, pdsURL)

     

       460
       +
       

     

       461
       +
       	// Create test voter

     

       462
       +
       	voter := createTestUser(t, db, "votee2elive.bsky.social", "did:plc:votee2elive123")

     

       463
       +
       

     

       464
       +
       	// Create test community and post (simplified - using fake credentials)

     

       465
       +
       	author := createTestUser(t, db, "authore2e.bsky.social", "did:plc:votee2eliveauthor")

     

       466
       +
       	community := &communities.Community{

     

       467
       +
       		DID:             "did:plc:votee2elivecommunity",

     

       468
       +
       		Handle:          "votee2elivecommunity.test.coves.social",

     

       469
       +
       		Name:            "votee2elivecommunity",

     

       470
       +
       		DisplayName:     "Vote E2E Live Community",

     

       471
       +
       		OwnerDID:        author.DID,

     

       472
       +
       		CreatedByDID:    author.DID,

     

       473
       +
       		HostedByDID:     "did:web:coves.test",

     

       474
       +
       		Visibility:      "public",

     

       475
       +
       		ModerationType:  "moderator",

     

       476
       +
       		RecordURI:       "at://did:plc:votee2elivecommunity/social.coves.community.profile/self",

     

       477
       +
       		RecordCID:       "fakecid",

     

       478
       +
       		PDSAccessToken:  "fake_token",

     

       479
       +
       		PDSRefreshToken: "fake_refresh",

     

       480
       +
       	}

     

       481
       +
       	_, err = communityRepo.Create(ctx, community)

     

       482
       +
       	require.NoError(t, err)

     

       483
       +
       

     

       484
       +
       	postRkey := generateTID()

     

       485
       +
       	postURI := fmt.Sprintf("at://%s/social.coves.post.record/%s", community.DID, postRkey)

     

       486
       +
       	postCID := "bafy2bzaceposte2e"

     

       487
       +
       	post := &posts.Post{

     

       488
       +
       		URI:           postURI,

     

       489
       +
       		CID:           postCID,

     

       490
       +
       		RKey:          postRkey,

     

       491
       +
       		AuthorDID:     author.DID,

     

       492
       +
       		CommunityDID:  community.DID,

     

       493
       +
       		Title:         stringPtr("E2E Vote Test Post"),

     

       494
       +
       		Content:       stringPtr("This post will receive live votes"),

     

       495
       +
       		CreatedAt:     time.Now(),

     

       496
       +
       		UpvoteCount:   0,

     

       497
       +
       		DownvoteCount: 0,

     

       498
       +
       		Score:         0,

     

       499
       +
       	}

     

       500
       +
       	err = postRepo.Create(ctx, post)

     

       501
       +
       	require.NoError(t, err)

     

       502
       +
       

     

       503
       +
       	// Setup vote service and handler

     

       504
       +
       	voteService := votes.NewVoteService(voteRepo, postRepo, pdsURL)

     

       505
       +
       	voteHandler := vote.NewCreateVoteHandler(voteService)

     

       506
       +
       	authMiddleware := middleware.NewAtProtoAuthMiddleware(nil, true) // Skip JWT verification for testing

     

       507
       +
       

     

       508
       +
       	t.Run("Live E2E: Create vote and verify via Jetstream", func(t *testing.T) {

     

       509
       +
       		t.Logf("\n🔄 TRUE E2E: Creating vote via XRPC endpoint...")

     

       510
       +
       

     

       511
       +
       		// Authenticate voter with PDS to get real access token

     

       512
       +
       		// Note: This assumes the voter account already exists on PDS

     

       513
       +
       		// For a complete test, you'd create the account first via com.atproto.server.createAccount

     

       514
       +
       		instanceHandle := os.Getenv("PDS_INSTANCE_HANDLE")

     

       515
       +
       		instancePassword := os.Getenv("PDS_INSTANCE_PASSWORD")

     

       516
       +
       		if instanceHandle == "" {

     

       517
       +
       			instanceHandle = "testuser123.local.coves.dev"

     

       518
       +
       		}

     

       519
       +
       		if instancePassword == "" {

     

       520
       +
       			instancePassword = "test-password-123"

     

       521
       +
       		}

     

       522
       +
       

     

       523
       +
       		t.Logf("🔐 Authenticating voter with PDS as: %s", instanceHandle)

     

       524
       +
       		voterAccessToken, voterDID, err := authenticateWithPDS(pdsURL, instanceHandle, instancePassword)

     

       525
       +
       		if err != nil {

     

       526
       +
       			t.Skipf("Failed to authenticate voter with PDS (account may not exist): %v", err)

     

       527
       +
       		}

     

       528
       +
       		t.Logf("✅ Authenticated - Voter DID: %s", voterDID)

     

       529
       +
       

     

       530
       +
       		// Update voter record to match authenticated DID

     

       531
       +
       		_, err = db.Exec("UPDATE users SET did = $1 WHERE did = $2", voterDID, voter.DID)

     

       532
       +
       		require.NoError(t, err)

     

       533
       +
       		voter.DID = voterDID

     

       534
       +
       

     

       535
       +
       		// Build HTTP request for vote creation

     

       536
       +
       		reqBody := map[string]interface{}{

     

       537
       +
       			"subject":   postURI,

     

       538
       +
       			"direction": "up",

     

       539
       +
       		}

     

       540
       +
       		reqJSON, err := json.Marshal(reqBody)

     

       541
       +
       		require.NoError(t, err)

     

       542
       +
       

     

       543
       +
       		// Create HTTP request

     

       544
       +
       		req := httptest.NewRequest("POST", "/xrpc/social.coves.interaction.createVote", bytes.NewReader(reqJSON))

     

       545
       +
       		req.Header.Set("Content-Type", "application/json")

     

       546
       +
       

     

       547
       +
       		// Use REAL PDS access token (not mock JWT)

     

       548
       +
       		req.Header.Set("Authorization", "Bearer "+voterAccessToken)

     

       549
       +
       

     

       550
       +
       		// Execute request through auth middleware + handler

     

       551
       +
       		rr := httptest.NewRecorder()

     

       552
       +
       		handler := authMiddleware.RequireAuth(http.HandlerFunc(voteHandler.HandleCreateVote))

     

       553
       +
       		handler.ServeHTTP(rr, req)

     

       554
       +
       

     

       555
       +
       		// Check response

     

       556
       +
       		require.Equal(t, http.StatusOK, rr.Code, "Handler should return 200 OK, body: %s", rr.Body.String())

     

       557
       +
       

     

       558
       +
       		// Parse response

     

       559
       +
       		var response map[string]interface{}

     

       560
       +
       		err = json.NewDecoder(rr.Body).Decode(&response)

     

       561
       +
       		require.NoError(t, err, "Failed to parse response")

     

       562
       +
       

     

       563
       +
       		voteURI := response["uri"].(string)

     

       564
       +
       		voteCID := response["cid"].(string)

     

       565
       +
       

     

       566
       +
       		t.Logf("✅ Vote created on PDS:")

     

       567
       +
       		t.Logf("   URI: %s", voteURI)

     

       568
       +
       		t.Logf("   CID: %s", voteCID)

     

       569
       +
       

     

       570
       +
       		// ====================================================================================

     

       571
       +
       		// Part 2: Query the PDS to verify the vote record exists

     

       572
       +
       		// ====================================================================================

     

       573
       +
       		t.Run("2a. Verify vote record on PDS", func(t *testing.T) {

     

       574
       +
       			t.Logf("\n📡 Querying PDS for vote record...")

     

       575
       +
       

     

       576
       +
       			// Extract rkey from vote URI (at://did/collection/rkey)

     

       577
       +
       			parts := strings.Split(voteURI, "/")

     

       578
       +
       			rkey := parts[len(parts)-1]

     

       579
       +
       

     

       580
       +
       			// Query PDS for the vote record

     

       581
       +
       			getRecordURL := fmt.Sprintf("%s/xrpc/com.atproto.repo.getRecord?repo=%s&collection=%s&rkey=%s",

     

       582
       +
       				pdsURL, voterDID, "social.coves.interaction.vote", rkey)

     

       583
       +
       

     

       584
       +
       			t.Logf("   GET %s", getRecordURL)

     

       585
       +
       

     

       586
       +
       			pdsResp, err := http.Get(getRecordURL)

     

       587
       +
       			require.NoError(t, err, "Failed to query PDS")

     

       588
       +
       			defer pdsResp.Body.Close()

     

       589
       +
       

     

       590
       +
       			require.Equal(t, http.StatusOK, pdsResp.StatusCode, "Vote record should exist on PDS")

     

       591
       +
       

     

       592
       +
       			var pdsRecord struct {

     

       593
       +
       				Value map[string]interface{} `json:"value"`

     

       594
       +
       				URI   string                 `json:"uri"`

     

       595
       +
       				CID   string                 `json:"cid"`

     

       596
       +
       			}

     

       597
       +
       

     

       598
       +
       			err = json.NewDecoder(pdsResp.Body).Decode(&pdsRecord)

     

       599
       +
       			require.NoError(t, err, "Failed to decode PDS response")

     

       600
       +
       

     

       601
       +
       			t.Logf("✅ Vote record found on PDS!")

     

       602
       +
       			t.Logf("   URI:       %s", pdsRecord.URI)

     

       603
       +
       			t.Logf("   CID:       %s", pdsRecord.CID)

     

       604
       +
       			t.Logf("   Direction: %v", pdsRecord.Value["direction"])

     

       605
       +
       			t.Logf("   Subject:   %v", pdsRecord.Value["subject"])

     

       606
       +
       

     

       607
       +
       			// Verify the record matches what we created

     

       608
       +
       			assert.Equal(t, voteURI, pdsRecord.URI, "PDS URI should match")

     

       609
       +
       			assert.Equal(t, voteCID, pdsRecord.CID, "PDS CID should match")

     

       610
       +
       			assert.Equal(t, "up", pdsRecord.Value["direction"], "Direction should be 'up'")

     

       611
       +
       

     

       612
       +
       			// Print full record for inspection

     

       613
       +
       			recordJSON, _ := json.MarshalIndent(pdsRecord.Value, "   ", "  ")

     

       614
       +
       			t.Logf("   Full record:\n   %s", string(recordJSON))

     

       615
       +
       		})

     

       616
       +
       

     

       617
       +
       		// ====================================================================================

     

       618
       +
       		// Part 2b: TRUE E2E - Real Jetstream Firehose Consumer

     

       619
       +
       		// ====================================================================================

     

       620
       +
       		t.Run("2b. Real Jetstream Firehose Consumption", func(t *testing.T) {

     

       621
       +
       			t.Logf("\n🔄 TRUE E2E: Subscribing to real Jetstream firehose...")

     

       622
       +
       

     

       623
       +
       			// Get PDS hostname for Jetstream filtering

     

       624
       +
       			pdsHostname := strings.TrimPrefix(pdsURL, "http://")

     

       625
       +
       			pdsHostname = strings.TrimPrefix(pdsHostname, "https://")

     

       626
       +
       			pdsHostname = strings.Split(pdsHostname, ":")[0] // Remove port

     

       627
       +
       

     

       628
       +
       			// Build Jetstream URL with filters for vote records

     

       629
       +
       			jetstreamURL := fmt.Sprintf("ws://%s:6008/subscribe?wantedCollections=social.coves.interaction.vote",

     

       630
       +
       				pdsHostname)

     

       631
       +
       

     

       632
       +
       			t.Logf("   Jetstream URL: %s", jetstreamURL)

     

       633
       +
       			t.Logf("   Looking for vote URI: %s", voteURI)

     

       634
       +
       			t.Logf("   Voter DID: %s", voterDID)

     

       635
       +
       

     

       636
       +
       			// Create vote consumer (same as main.go)

     

       637
       +
       			consumer := jetstream.NewVoteEventConsumer(voteRepo, userService, db)

     

       638
       +
       

     

       639
       +
       			// Channels to receive the event

     

       640
       +
       			eventChan := make(chan *jetstream.JetstreamEvent, 10)

     

       641
       +
       			errorChan := make(chan error, 1)

     

       642
       +
       			done := make(chan bool)

     

       643
       +
       

     

       644
       +
       			// Start Jetstream WebSocket subscriber in background

     

       645
       +
       			go func() {

     

       646
       +
       				err := subscribeToJetstreamForVote(ctx, jetstreamURL, voterDID, postURI, consumer, eventChan, errorChan, done)

     

       647
       +
       				if err != nil {

     

       648
       +
       					errorChan <- err

     

       649
       +
       				}

     

       650
       +
       			}()

     

       651
       +
       

     

       652
       +
       			// Wait for event or timeout

     

       653
       +
       			t.Logf("⏳ Waiting for Jetstream event (max 30 seconds)...")

     

       654
       +
       

     

       655
       +
       			select {

     

       656
       +
       			case event := <-eventChan:

     

       657
       +
       				t.Logf("✅ Received real Jetstream event!")

     

       658
       +
       				t.Logf("   Event DID:    %s", event.Did)

     

       659
       +
       				t.Logf("   Collection:   %s", event.Commit.Collection)

     

       660
       +
       				t.Logf("   Operation:    %s", event.Commit.Operation)

     

       661
       +
       				t.Logf("   RKey:         %s", event.Commit.RKey)

     

       662
       +
       

     

       663
       +
       				// Verify it's for our voter

     

       664
       +
       				assert.Equal(t, voterDID, event.Did, "Event should be from voter's repo")

     

       665
       +
       

     

       666
       +
       				// Verify vote was indexed in AppView database

     

       667
       +
       				t.Logf("\n🔍 Querying AppView database for indexed vote...")

     

       668
       +
       

     

       669
       +
       				indexedVote, err := voteRepo.GetByVoterAndSubject(ctx, voterDID, postURI)

     

       670
       +
       				require.NoError(t, err, "Vote should be indexed in AppView")

     

       671
       +
       

     

       672
       +
       				t.Logf("✅ Vote indexed in AppView:")

     

       673
       +
       				t.Logf("   URI:        %s", indexedVote.URI)

     

       674
       +
       				t.Logf("   CID:        %s", indexedVote.CID)

     

       675
       +
       				t.Logf("   Voter DID:  %s", indexedVote.VoterDID)

     

       676
       +
       				t.Logf("   Subject:    %s", indexedVote.SubjectURI)

     

       677
       +
       				t.Logf("   Direction:  %s", indexedVote.Direction)

     

       678
       +
       

     

       679
       +
       				// Verify all fields match

     

       680
       +
       				assert.Equal(t, voteURI, indexedVote.URI, "URI should match")

     

       681
       +
       				assert.Equal(t, voteCID, indexedVote.CID, "CID should match")

     

       682
       +
       				assert.Equal(t, voterDID, indexedVote.VoterDID, "Voter DID should match")

     

       683
       +
       				assert.Equal(t, postURI, indexedVote.SubjectURI, "Subject URI should match")

     

       684
       +
       				assert.Equal(t, "up", indexedVote.Direction, "Direction should be 'up'")

     

       685
       +
       

     

       686
       +
       				// Verify post counts were updated

     

       687
       +
       				t.Logf("\n🔍 Verifying post vote counts updated...")

     

       688
       +
       				updatedPost, err := postRepo.GetByURI(ctx, postURI)

     

       689
       +
       				require.NoError(t, err, "Post should exist")

     

       690
       +
       

     

       691
       +
       				t.Logf("✅ Post vote counts updated:")

     

       692
       +
       				t.Logf("   Upvotes:   %d", updatedPost.UpvoteCount)

     

       693
       +
       				t.Logf("   Downvotes: %d", updatedPost.DownvoteCount)

     

       694
       +
       				t.Logf("   Score:     %d", updatedPost.Score)

     

       695
       +
       

     

       696
       +
       				assert.Equal(t, 1, updatedPost.UpvoteCount, "Upvote count should be 1")

     

       697
       +
       				assert.Equal(t, 0, updatedPost.DownvoteCount, "Downvote count should be 0")

     

       698
       +
       				assert.Equal(t, 1, updatedPost.Score, "Score should be 1")

     

       699
       +
       

     

       700
       +
       				// Signal to stop Jetstream consumer

     

       701
       +
       				close(done)

     

       702
       +
       

     

       703
       +
       				t.Log("\n✅ TRUE E2E COMPLETE: PDS → Jetstream → Consumer → AppView ✓")

     

       704
       +
       

     

       705
       +
       			case err := <-errorChan:

     

       706
       +
       				t.Fatalf("❌ Jetstream error: %v", err)

     

       707
       +
       

     

       708
       +
       			case <-time.After(30 * time.Second):

     

       709
       +
       				t.Fatalf("❌ Timeout: No Jetstream event received within 30 seconds")

     

       710
       +
       			}

     

       711
       +
       		})

     

       712
       +
       	})

     

       713
       +
       }

     

       714
       +
       

     

       715
       +
       // subscribeToJetstreamForVote subscribes to real Jetstream firehose and processes vote events

     

       716
       +
       // This helper creates a WebSocket connection to Jetstream and waits for vote events

     

       717
       +
       func subscribeToJetstreamForVote(

     

       718
       +
       	ctx context.Context,

     

       719
       +
       	jetstreamURL string,

     

       720
       +
       	targetVoterDID string,

     

       721
       +
       	targetSubjectURI string,

     

       722
       +
       	consumer *jetstream.VoteEventConsumer,

     

       723
       +
       	eventChan chan<- *jetstream.JetstreamEvent,

     

       724
       +
       	errorChan chan<- error,

     

       725
       +
       	done <-chan bool,

     

       726
       +
       ) error {

     

       727
       +
       	conn, _, err := websocket.DefaultDialer.Dial(jetstreamURL, nil)

     

       728
       +
       	if err != nil {

     

       729
       +
       		return fmt.Errorf("failed to connect to Jetstream: %w", err)

     

       730
       +
       	}

     

       731
       +
       	defer func() { _ = conn.Close() }()

     

       732
       +
       

     

       733
       +
       	// Read messages until we find our event or receive done signal

     

       734
       +
       	for {

     

       735
       +
       		select {

     

       736
       +
       		case <-done:

     

       737
       +
       			return nil

     

       738
       +
       		case <-ctx.Done():

     

       739
       +
       			return ctx.Err()

     

       740
       +
       		default:

     

       741
       +
       			// Set read deadline to avoid blocking forever

     

       742
       +
       			if err := conn.SetReadDeadline(time.Now().Add(5 * time.Second)); err != nil {

     

       743
       +
       				return fmt.Errorf("failed to set read deadline: %w", err)

     

       744
       +
       			}

     

       745
       +
       

     

       746
       +
       			var event jetstream.JetstreamEvent

     

       747
       +
       			err := conn.ReadJSON(&event)

     

       748
       +
       			if err != nil {

     

       749
       +
       				// Check if it's a timeout (expected)

     

       750
       +
       				if websocket.IsCloseError(err, websocket.CloseNormalClosure) {

     

       751
       +
       					return nil

     

       752
       +
       				}

     

       753
       +
       				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {

     

       754
       +
       					continue // Timeout is expected, keep listening

     

       755
       +
       				}

     

       756
       +
       				return fmt.Errorf("failed to read Jetstream message: %w", err)

     

       757
       +
       			}

     

       758
       +
       

     

       759
       +
       			// Check if this is a vote event for the target voter + subject

     

       760
       +
       			if event.Did == targetVoterDID && event.Kind == "commit" &&

     

       761
       +
       				event.Commit != nil && event.Commit.Collection == "social.coves.interaction.vote" {

     

       762
       +
       

     

       763
       +
       				// Verify it's for the target subject

     

       764
       +
       				record := event.Commit.Record

     

       765
       +
       				if subject, ok := record["subject"].(map[string]interface{}); ok {

     

       766
       +
       					if subjectURI, ok := subject["uri"].(string); ok && subjectURI == targetSubjectURI {

     

       767
       +
       						// This is our vote! Process it

     

       768
       +
       						if err := consumer.HandleEvent(ctx, &event); err != nil {

     

       769
       +
       							return fmt.Errorf("failed to process event: %w", err)

     

       770
       +
       						}

     

       771
       +
       

     

       772
       +
       						// Send to channel so test can verify

     

       773
       +
       						select {

     

       774
       +
       						case eventChan <- &event:

     

       775
       +
       							return nil

     

       776
       +
       						case <-time.After(1 * time.Second):

     

       777
       +
       							return fmt.Errorf("timeout sending event to channel")

     

       778
       +
       						}

     

       779
       +
       					}

     

       780
       +
       				}

     

       781
       +
       			}

     

       782
       +
       		}

     

       783
       +
       	}

     

       784
       +
       }

     

       785
       +
       

     

       786
       +
       // Helper function

     

       787
       +
       func stringPtr(s string) *string {

     

       788
       +
       	return &s

     

       789
       +
       }