comparing 1a76dd9c67b9f880a4fe796e4f3a388e280344cf and main on bretton.dev/coves

+87 -27

internal/db/postgres/comment_repo.go

···

       120
       120
        
       			id, uri, cid, rkey, commenter_did,

     

       121
       121
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       122
       122
        
       			content, content_facets, embed, content_labels, langs,

     

       123
       123
       -
       			created_at, indexed_at, deleted_at,

     

       123
       123
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       124
       124
        
       			upvote_count, downvote_count, score, reply_count

     

       125
       125
        
       		FROM comments

     

       126
       126
        
       		WHERE uri = $1

     
···

       133
       133
        
       		&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       134
       134
        
       		&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       135
       135
        
       		&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       136
       136
       -
       		&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       136
       136
       +
       		&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       137
       137
        
       		&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       138
       138
        
       	)

     

       139
       139
        
       

     
···

       152
       152
        
       // Delete soft-deletes a comment (sets deleted_at)

     

       153
       153
        
       // Called by Jetstream consumer after comment is deleted from PDS

     

       154
       154
        
       // Idempotent: Returns success if comment already deleted

     

       155
       155
       +
       // Deprecated: Use SoftDeleteWithReason for new code to preserve thread structure

     

       155
       156
        
       func (r *postgresCommentRepo) Delete(ctx context.Context, uri string) error {

     

       156
       157
        
       	query := `

     

       157
       158
        
       		UPDATE comments

     
···

       177
       178
        
       	return nil

     

       178
       179
        
       }

     

       179
       180
        
       

     

       180
       180
       -
       // ListByRoot retrieves all active comments in a thread (flat)

     

       181
       181
       +
       // SoftDeleteWithReason performs a soft delete that blanks content but preserves thread structure

     

       182
       182
       +
       // This allows deleted comments to appear as "[deleted]" placeholders in thread views

     

       183
       183
       +
       // Idempotent: Returns success if comment already deleted

     

       184
       184
       +
       // Validates that reason is a known deletion reason constant

     

       185
       185
       +
       func (r *postgresCommentRepo) SoftDeleteWithReason(ctx context.Context, uri, reason, deletedByDID string) error {

     

       186
       186
       +
       	// Validate deletion reason

     

       187
       187
       +
       	if reason != comments.DeletionReasonAuthor && reason != comments.DeletionReasonModerator {

     

       188
       188
       +
       		return fmt.Errorf("invalid deletion reason: %s", reason)

     

       189
       189
       +
       	}

     

       190
       190
       +
       

     

       191
       191
       +
       	_, err := r.SoftDeleteWithReasonTx(ctx, nil, uri, reason, deletedByDID)

     

       192
       192
       +
       	return err

     

       193
       193
       +
       }

     

       194
       194
       +
       

     

       195
       195
       +
       // SoftDeleteWithReasonTx performs a soft delete within an optional transaction

     

       196
       196
       +
       // If tx is nil, executes directly against the database

     

       197
       197
       +
       // Returns rows affected count for callers that need to check idempotency

     

       198
       198
       +
       // This method is used by both the repository and the Jetstream consumer

     

       199
       199
       +
       func (r *postgresCommentRepo) SoftDeleteWithReasonTx(ctx context.Context, tx *sql.Tx, uri, reason, deletedByDID string) (int64, error) {

     

       200
       200
       +
       	query := `

     

       201
       201
       +
       		UPDATE comments

     

       202
       202
       +
       		SET

     

       203
       203
       +
       			content = '',

     

       204
       204
       +
       			content_facets = NULL,

     

       205
       205
       +
       			embed = NULL,

     

       206
       206
       +
       			content_labels = NULL,

     

       207
       207
       +
       			deleted_at = NOW(),

     

       208
       208
       +
       			deletion_reason = $2,

     

       209
       209
       +
       			deleted_by = $3

     

       210
       210
       +
       		WHERE uri = $1 AND deleted_at IS NULL

     

       211
       211
       +
       	`

     

       212
       212
       +
       

     

       213
       213
       +
       	var result sql.Result

     

       214
       214
       +
       	var err error

     

       215
       215
       +
       

     

       216
       216
       +
       	if tx != nil {

     

       217
       217
       +
       		result, err = tx.ExecContext(ctx, query, uri, reason, deletedByDID)

     

       218
       218
       +
       	} else {

     

       219
       219
       +
       		result, err = r.db.ExecContext(ctx, query, uri, reason, deletedByDID)

     

       220
       220
       +
       	}

     

       221
       221
       +
       

     

       222
       222
       +
       	if err != nil {

     

       223
       223
       +
       		return 0, fmt.Errorf("failed to soft delete comment: %w", err)

     

       224
       224
       +
       	}

     

       225
       225
       +
       

     

       226
       226
       +
       	rowsAffected, err := result.RowsAffected()

     

       227
       227
       +
       	if err != nil {

     

       228
       228
       +
       		return 0, fmt.Errorf("failed to check delete result: %w", err)

     

       229
       229
       +
       	}

     

       230
       230
       +
       

     

       231
       231
       +
       	return rowsAffected, nil

     

       232
       232
       +
       }

     

       233
       233
       +
       

     

       234
       234
       +
       // ListByRoot retrieves all comments in a thread (flat), including deleted ones

     

       181
       235
        
       // Used for fetching entire comment threads on posts

     

       236
       236
       +
       // Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       182
       237
        
       func (r *postgresCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*comments.Comment, error) {

     

       183
       238
        
       	query := `

     

       184
       239
        
       		SELECT

     

       185
       240
        
       			id, uri, cid, rkey, commenter_did,

     

       186
       241
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       187
       242
        
       			content, content_facets, embed, content_labels, langs,

     

       188
       188
       -
       			created_at, indexed_at, deleted_at,

     

       243
       243
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       189
       244
        
       			upvote_count, downvote_count, score, reply_count

     

       190
       245
        
       		FROM comments

     

       191
       191
       -
       		WHERE root_uri = $1 AND deleted_at IS NULL

     

       246
       246
       +
       		WHERE root_uri = $1

     

       192
       247
        
       		ORDER BY created_at ASC

     

       193
       248
        
       		LIMIT $2 OFFSET $3

     

       194
       249
        
       	`

     
···

       212
       267
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       213
       268
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       214
       269
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       215
       215
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       270
       270
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       216
       271
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       217
       272
        
       		)

     

       218
       273
        
       		if err != nil {

     
···

       230
       285
        
       	return result, nil

     

       231
       286
        
       }

     

       232
       287
        
       

     

       233
       233
       -
       // ListByParent retrieves direct replies to a post or comment

     

       288
       288
       +
       // ListByParent retrieves direct replies to a post or comment, including deleted ones

     

       234
       289
        
       // Used for building nested/threaded comment views

     

       290
       290
       +
       // Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       235
       291
        
       func (r *postgresCommentRepo) ListByParent(ctx context.Context, parentURI string, limit, offset int) ([]*comments.Comment, error) {

     

       236
       292
        
       	query := `

     

       237
       293
        
       		SELECT

     

       238
       294
        
       			id, uri, cid, rkey, commenter_did,

     

       239
       295
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       240
       296
        
       			content, content_facets, embed, content_labels, langs,

     

       241
       241
       -
       			created_at, indexed_at, deleted_at,

     

       297
       297
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       242
       298
        
       			upvote_count, downvote_count, score, reply_count

     

       243
       299
        
       		FROM comments

     

       244
       244
       -
       		WHERE parent_uri = $1 AND deleted_at IS NULL

     

       300
       300
       +
       		WHERE parent_uri = $1

     

       245
       301
        
       		ORDER BY created_at ASC

     

       246
       302
        
       		LIMIT $2 OFFSET $3

     

       247
       303
        
       	`

     
···

       265
       321
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       266
       322
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       267
       323
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       268
       268
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       324
       324
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       269
       325
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       270
       326
        
       		)

     

       271
       327
        
       		if err != nil {

     
···

       302
       358
        
       }

     

       303
       359
        
       

     

       304
       360
        
       // ListByCommenter retrieves all active comments by a specific user

     

       305
       305
       -
       // Future: Used for user comment history

     

       361
       361
       +
       // Used for user comment history - filters out deleted comments

     

       306
       362
        
       func (r *postgresCommentRepo) ListByCommenter(ctx context.Context, commenterDID string, limit, offset int) ([]*comments.Comment, error) {

     

       307
       363
        
       	query := `

     

       308
       364
        
       		SELECT

     

       309
       365
        
       			id, uri, cid, rkey, commenter_did,

     

       310
       366
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       311
       367
        
       			content, content_facets, embed, content_labels, langs,

     

       312
       312
       -
       			created_at, indexed_at, deleted_at,

     

       368
       368
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       313
       369
        
       			upvote_count, downvote_count, score, reply_count

     

       314
       370
        
       		FROM comments

     

       315
       371
        
       		WHERE commenter_did = $1 AND deleted_at IS NULL

     
···

       336
       392
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       337
       393
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       338
       394
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       339
       339
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       395
       395
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       340
       396
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       341
       397
        
       		)

     

       342
       398
        
       		if err != nil {

     
···

       391
       447
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       392
       448
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       393
       449
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       394
       394
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       450
       450
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       395
       451
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       396
       452
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       397
       453
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       402
       458
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       403
       459
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       404
       460
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       405
       405
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       461
       461
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       406
       462
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       407
       463
        
       			NULL::numeric as hot_rank,

     

       408
       464
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       411
       467
        
       

     

       412
       468
        
       	// Build complete query with JOINs and filters

     

       413
       469
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       470
       470
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       414
       471
        
       	query := fmt.Sprintf(`

     

       415
       472
        
       		%s

     

       416
       473
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       417
       417
       -
       		WHERE c.parent_uri = $1 AND c.deleted_at IS NULL

     

       474
       474
       +
       		WHERE c.parent_uri = $1

     

       418
       475
        
       			%s

     

       419
       476
        
       			%s

     

       420
       477
        
       		ORDER BY %s

     
···

       449
       506
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       450
       507
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       451
       508
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       452
       452
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       509
       509
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       453
       510
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       454
       511
        
       			&hotRank, &authorHandle,

     

       455
       512
        
       		)

     
···

       687
       744
        
       

     

       688
       745
        
       // GetByURIsBatch retrieves multiple comments by their AT-URIs in a single query

     

       689
       746
        
       // Returns map[uri]*Comment for efficient lookups without N+1 queries

     

       747
       747
       +
       // Includes deleted comments to preserve thread structure

     

       690
       748
        
       func (r *postgresCommentRepo) GetByURIsBatch(ctx context.Context, uris []string) (map[string]*comments.Comment, error) {

     

       691
       749
        
       	if len(uris) == 0 {

     

       692
       750
        
       		return make(map[string]*comments.Comment), nil

     
···

       694
       752
        
       

     

       695
       753
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       696
       754
        
       	// COALESCE falls back to DID when handle is NULL (user not yet in users table)

     

       755
       755
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       697
       756
        
       	query := `

     

       698
       757
        
       		SELECT

     

       699
       758
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       700
       759
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       701
       760
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       702
       702
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       761
       761
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       703
       762
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       704
       763
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     

       705
       764
        
       		FROM comments c

     

       706
       765
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       707
       707
       -
       		WHERE c.uri = ANY($1) AND c.deleted_at IS NULL

     

       766
       766
       +
       		WHERE c.uri = ANY($1)

     

       708
       767
        
       	`

     

       709
       768
        
       

     

       710
       769
        
       	rows, err := r.db.QueryContext(ctx, query, pq.Array(uris))

     
···

       727
       786
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       728
       787
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       729
       788
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       730
       730
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       789
       789
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       731
       790
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       732
       791
        
       			&authorHandle,

     

       733
       792
        
       		)

     
···

       769
       828
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       770
       829
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       771
       830
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       772
       772
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       831
       831
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       773
       832
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       774
       833
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       775
       834
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       780
       839
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       781
       840
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       782
       841
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       783
       783
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       842
       842
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       784
       843
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       785
       844
        
       			NULL::numeric as hot_rank,

     

       786
       845
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       790
       849
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       791
       850
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       792
       851
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       793
       793
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       852
       852
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       794
       853
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       795
       854
        
       			NULL::numeric as hot_rank,

     

       796
       855
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       801
       860
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       802
       861
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       803
       862
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       804
       804
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       863
       863
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       805
       864
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       806
       865
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       807
       866
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       812
       871
        
       	// Use window function to limit results per parent

     

       813
       872
        
       	// This is more efficient than LIMIT in a subquery per parent

     

       814
       873
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       874
       874
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       815
       875
        
       	query := fmt.Sprintf(`

     

       816
       876
        
       		WITH ranked_comments AS (

     

       817
       877
        
       			SELECT

     
···

       822
       882
        
       				) as rn

     

       823
       883
        
       			FROM comments c

     

       824
       884
        
       			LEFT JOIN users u ON c.commenter_did = u.did

     

       825
       825
       -
       			WHERE c.parent_uri = ANY($1) AND c.deleted_at IS NULL

     

       885
       885
       +
       			WHERE c.parent_uri = ANY($1)

     

       826
       886
        
       		)

     

       827
       887
        
       		SELECT

     

       828
       888
        
       			id, uri, cid, rkey, commenter_did,

     

       829
       889
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       830
       890
        
       			content, content_facets, embed, content_labels, langs,

     

       831
       831
       -
       			created_at, indexed_at, deleted_at,

     

       891
       891
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       832
       892
        
       			upvote_count, downvote_count, score, reply_count,

     

       833
       893
        
       			hot_rank, author_handle

     

       834
       894
        
       		FROM ranked_comments

     
···

       858
       918
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       859
       919
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       860
       920
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       861
       861
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       921
       921
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       862
       922
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       863
       923
        
       			&hotRank, &authorHandle,

     

       864
       924
        
       		)

+44 -4

internal/core/comments/comment_service_test.go

···

       5
       5
        
       	"Coves/internal/core/posts"

     

       6
       6
        
       	"Coves/internal/core/users"

     

       7
       7
        
       	"context"

     

       8
       8
       +
       	"database/sql"

     

       8
       9
        
       	"errors"

     

       9
       10
        
       	"testing"

     

       10
       11
        
       	"time"

     
···

       53
       54
        
       	return nil

     

       54
       55
        
       }

     

       55
       56
        
       

     

       57
       57
       +
       func (m *mockCommentRepo) SoftDeleteWithReason(ctx context.Context, uri, reason, deletedByDID string) error {

     

       58
       58
       +
       	// Validate deletion reason

     

       59
       59
       +
       	if reason != DeletionReasonAuthor && reason != DeletionReasonModerator {

     

       60
       60
       +
       		return errors.New("invalid deletion reason: " + reason)

     

       61
       61
       +
       	}

     

       62
       62
       +
       	_, err := m.SoftDeleteWithReasonTx(ctx, nil, uri, reason, deletedByDID)

     

       63
       63
       +
       	return err

     

       64
       64
       +
       }

     

       65
       65
       +
       

     

       66
       66
       +
       // SoftDeleteWithReasonTx implements RepositoryTx interface for transactional deletes

     

       67
       67
       +
       func (m *mockCommentRepo) SoftDeleteWithReasonTx(ctx context.Context, tx *sql.Tx, uri, reason, deletedByDID string) (int64, error) {

     

       68
       68
       +
       	if c, ok := m.comments[uri]; ok {

     

       69
       69
       +
       		if c.DeletedAt != nil {

     

       70
       70
       +
       			// Already deleted - idempotent

     

       71
       71
       +
       			return 0, nil

     

       72
       72
       +
       		}

     

       73
       73
       +
       		now := time.Now()

     

       74
       74
       +
       		c.DeletedAt = &now

     

       75
       75
       +
       		c.DeletionReason = &reason

     

       76
       76
       +
       		c.DeletedBy = &deletedByDID

     

       77
       77
       +
       		c.Content = ""

     

       78
       78
       +
       		return 1, nil

     

       79
       79
       +
       	}

     

       80
       80
       +
       	return 0, nil

     

       81
       81
       +
       }

     

       82
       82
       +
       

     

       56
       83
        
       func (m *mockCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*Comment, error) {

     

       57
       84
        
       	return nil, nil

     

       58
       85
        
       }

     
···

       831
       858
        
       	assert.Len(t, result, 0)

     

       832
       859
        
       }

     

       833
       860
        
       

     

       834
       834
       -
       func TestCommentService_buildThreadViews_SkipsDeletedComments(t *testing.T) {

     

       861
       861
       +
       func TestCommentService_buildThreadViews_IncludesDeletedCommentsAsPlaceholders(t *testing.T) {

     

       835
       862
        
       	// Setup

     

       836
       863
        
       	commentRepo := newMockCommentRepo()

     

       837
       864
        
       	userRepo := newMockUserRepo()

     
···

       840
       867
        
       

     

       841
       868
        
       	postURI := "at://did:plc:post123/app.bsky.feed.post/test"

     

       842
       869
        
       	deletedAt := time.Now()

     

       870
       870
       +
       	deletionReason := DeletionReasonAuthor

     

       843
       871
        
       

     

       844
       872
        
       	// Create a deleted comment

     

       845
       873
        
       	deletedComment := createTestComment("at://did:plc:commenter123/comment/1", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     

       846
       874
        
       	deletedComment.DeletedAt = &deletedAt

     

       875
       875
       +
       	deletedComment.DeletionReason = &deletionReason

     

       876
       876
       +
       	deletedComment.Content = "" // Content is blanked on deletion

     

       847
       877
        
       

     

       848
       878
        
       	// Create a normal comment

     

       849
       879
        
       	normalComment := createTestComment("at://did:plc:commenter123/comment/2", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     
···

       853
       883
        
       	// Execute

     

       854
       884
        
       	result := service.buildThreadViews(context.Background(), []*Comment{deletedComment, normalComment}, 10, "hot", nil)

     

       855
       885
        
       

     

       856
       856
       -
       	// Verify - should only include non-deleted comment

     

       857
       857
       -
       	assert.Len(t, result, 1)

     

       858
       858
       -
       	assert.Equal(t, normalComment.URI, result[0].Comment.URI)

     

       886
       886
       +
       	// Verify - both comments should be included to preserve thread structure

     

       887
       887
       +
       	assert.Len(t, result, 2)

     

       888
       888
       +
       

     

       889
       889
       +
       	// First comment should be the deleted one with placeholder info

     

       890
       890
       +
       	assert.Equal(t, deletedComment.URI, result[0].Comment.URI)

     

       891
       891
       +
       	assert.True(t, result[0].Comment.IsDeleted)

     

       892
       892
       +
       	assert.Equal(t, DeletionReasonAuthor, *result[0].Comment.DeletionReason)

     

       893
       893
       +
       	assert.Empty(t, result[0].Comment.Content)

     

       894
       894
       +
       

     

       895
       895
       +
       	// Second comment should be the normal one

     

       896
       896
       +
       	assert.Equal(t, normalComment.URI, result[1].Comment.URI)

     

       897
       897
       +
       	assert.False(t, result[1].Comment.IsDeleted)

     

       898
       898
       +
       	assert.Nil(t, result[1].Comment.DeletionReason)

     

       859
       899
        
       }

     

       860
       900
        
       

     

       861
       901
        
       func TestCommentService_buildThreadViews_WithNestedReplies(t *testing.T) {

-124

docs/PRD_BACKLOG.md

···

       649
       649
        
       

     

       650
       650
        
       ## 🔵 P3: Technical Debt

     

       651
       651
        
       

     

       652
       652
       -
       ### Implement PutRecord in PDS Client

     

       653
       653
       -
       **Added:** 2025-12-04 | **Effort:** 2-3 hours | **Priority:** Technical Debt

     

       654
       654
       -
       **Status:** 📋 TODO

     

       655
       655
       -
       

     

       656
       656
       -
       **Problem:**

     

       657
       657
       -
       The PDS client (`internal/atproto/pds/client.go`) only has `CreateRecord` but lacks `PutRecord`. This means updates use `CreateRecord` with an existing rkey, which:

     

       658
       658
       -
       1. Loses optimistic locking (no CID swap check)

     

       659
       659
       -
       2. Is semantically incorrect (creates vs updates)

     

       660
       660
       -
       3. Could cause race conditions on concurrent updates

     

       661
       661
       -
       

     

       662
       662
       -
       **atProto Best Practice:**

     

       663
       663
       -
       - `com.atproto.repo.putRecord` should be used for updates

     

       664
       664
       -
       - Accepts `swapRecord` (expected CID) for optimistic locking

     

       665
       665
       -
       - Returns conflict error if CID doesn't match (concurrent modification detected)

     

       666
       666
       -
       

     

       667
       667
       -
       **Solution:**

     

       668
       668
       -
       Add `PutRecord` method to the PDS client interface:

     

       669
       669
       -
       

     

       670
       670
       -
       ```go

     

       671
       671
       -
       // Client interface addition

     

       672
       672
       -
       type Client interface {

     

       673
       673
       -
           // ... existing methods ...

     

       674
       674
       -
       

     

       675
       675
       -
           // PutRecord creates or updates a record with optional optimistic locking.

     

       676
       676
       -
           // If swapRecord is provided, the operation fails if the current CID doesn't match.

     

       677
       677
       -
           PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (uri string, cid string, err error)

     

       678
       678
       -
       }

     

       679
       679
       -
       

     

       680
       680
       -
       // Implementation

     

       681
       681
       -
       func (c *client) PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (string, string, error) {

     

       682
       682
       -
           payload := map[string]any{

     

       683
       683
       -
               "repo":       c.did,

     

       684
       684
       -
               "collection": collection,

     

       685
       685
       -
               "rkey":       rkey,

     

       686
       686
       -
               "record":     record,

     

       687
       687
       -
           }

     

       688
       688
       -
       

     

       689
       689
       -
           // Optional: optimistic locking via CID swap check

     

       690
       690
       -
           if swapRecord != "" {

     

       691
       691
       -
               payload["swapRecord"] = swapRecord

     

       692
       692
       -
           }

     

       693
       693
       -
       

     

       694
       694
       -
           var result struct {

     

       695
       695
       -
               URI string `json:"uri"`

     

       696
       696
       -
               CID string `json:"cid"`

     

       697
       697
       -
           }

     

       698
       698
       -
       

     

       699
       699
       -
           err := c.apiClient.Post(ctx, syntax.NSID("com.atproto.repo.putRecord"), payload, &result)

     

       700
       700
       -
           if err != nil {

     

       701
       701
       -
               return "", "", wrapAPIError(err, "putRecord")

     

       702
       702
       -
           }

     

       703
       703
       -
       

     

       704
       704
       -
           return result.URI, result.CID, nil

     

       705
       705
       -
       }

     

       706
       706
       -
       ```

     

       707
       707
       -
       

     

       708
       708
       -
       **Error Handling:**

     

       709
       709
       -
       Add new error type for conflict detection:

     

       710
       710
       -
       ```go

     

       711
       711
       -
       var ErrConflict = errors.New("record was modified by another operation")

     

       712
       712
       -
       ```

     

       713
       713
       -
       

     

       714
       714
       -
       Map HTTP 409 in `wrapAPIError`:

     

       715
       715
       -
       ```go

     

       716
       716
       -
       case 409:

     

       717
       717
       -
           return fmt.Errorf("%s: %w: %s", operation, ErrConflict, apiErr.Message)

     

       718
       718
       -
       ```

     

       719
       719
       -
       

     

       720
       720
       -
       **Files to Modify:**

     

       721
       721
       -
       - `internal/atproto/pds/client.go` - Add `PutRecord` method and interface

     

       722
       722
       -
       - `internal/atproto/pds/errors.go` - Add `ErrConflict` error type

     

       723
       723
       -
       

     

       724
       724
       -
       **Testing:**

     

       725
       725
       -
       - Unit test: Verify payload includes `swapRecord` when provided

     

       726
       726
       -
       - Integration test: Concurrent updates detect conflict

     

       727
       727
       -
       - Integration test: Update without `swapRecord` still works (backwards compatible)

     

       728
       728
       -
       

     

       729
       729
       -
       **Blocked By:** Nothing

     

       730
       730
       -
       **Blocks:** "Migrate UpdateComment to use PutRecord"

     

       731
       731
       -
       

     

       732
       732
       -
       ---

     

       733
       733
       -
       

     

       734
       734
       -
       ### Migrate UpdateComment to Use PutRecord

     

       735
       735
       -
       **Added:** 2025-12-04 | **Effort:** 1 hour | **Priority:** Technical Debt

     

       736
       736
       -
       **Status:** 📋 TODO (Blocked)

     

       737
       737
       -
       **Blocked By:** "Implement PutRecord in PDS Client"

     

       738
       738
       -
       

     

       739
       739
       -
       **Problem:**

     

       740
       740
       -
       `UpdateComment` in `internal/core/comments/comment_service.go` uses `CreateRecord` for updates instead of `PutRecord`. This lacks optimistic locking and is semantically incorrect.

     

       741
       741
       -
       

     

       742
       742
       -
       **Current Code (lines 687-690):**

     

       743
       743
       -
       ```go

     

       744
       744
       -
       // TODO: Use PutRecord instead of CreateRecord for proper update semantics with optimistic locking.

     

       745
       745
       -
       // PutRecord should accept the existing CID (existingRecord.CID) to ensure concurrent updates are detected.

     

       746
       746
       -
       // However, PutRecord is not yet implemented in internal/atproto/pds/client.go.

     

       747
       747
       -
       uri, cid, err := pdsClient.CreateRecord(ctx, commentCollection, rkey, updatedRecord)

     

       748
       748
       -
       ```

     

       749
       749
       -
       

     

       750
       750
       -
       **Solution:**

     

       751
       751
       -
       Once `PutRecord` is implemented in the PDS client, update to:

     

       752
       752
       -
       ```go

     

       753
       753
       -
       // Use PutRecord with optimistic locking via existing CID

     

       754
       754
       -
       uri, cid, err := pdsClient.PutRecord(ctx, commentCollection, rkey, updatedRecord, existingRecord.CID)

     

       755
       755
       -
       if err != nil {

     

       756
       756
       -
           if errors.Is(err, pds.ErrConflict) {

     

       757
       757
       -
               // Record was modified by another operation - return appropriate error

     

       758
       758
       -
               return nil, fmt.Errorf("comment was modified, please refresh and try again: %w", err)

     

       759
       759
       -
           }

     

       760
       760
       -
           // ... existing error handling

     

       761
       761
       -
       }

     

       762
       762
       -
       ```

     

       763
       763
       -
       

     

       764
       764
       -
       **Files to Modify:**

     

       765
       765
       -
       - `internal/core/comments/comment_service.go` - UpdateComment method

     

       766
       766
       -
       - `internal/core/comments/errors.go` - Add `ErrConcurrentModification` if needed

     

       767
       767
       -
       

     

       768
       768
       -
       **Testing:**

     

       769
       769
       -
       - Unit test: Verify `PutRecord` is called with correct CID

     

       770
       770
       -
       - Integration test: Simulate concurrent update, verify conflict handling

     

       771
       771
       -
       

     

       772
       772
       -
       **Impact:** Proper optimistic locking prevents lost updates from race conditions

     

       773
       773
       -
       

     

       774
       774
       -
       ---

     

       775
       775
       -
       

     

       776
       652
        
       ### Consolidate Environment Variable Validation

     

       777
       653
        
       **Added:** 2025-10-11 | **Effort:** 2-3 hours

     

       778
       654

+33

internal/atproto/pds/client.go

···

       31
       31
        
       	// GetRecord retrieves a single record by collection and rkey.

     

       32
       32
        
       	GetRecord(ctx context.Context, collection string, rkey string) (*RecordResponse, error)

     

       33
       33
        
       

     

       34
       34
       +
       	// PutRecord creates or updates a record with optional optimistic locking.

     

       35
       35
       +
       	// If swapRecord CID is provided, the operation fails if the current CID doesn't match.

     

       36
       36
       +
       	PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (uri string, cid string, err error)

     

       37
       37
       +
       

     

       34
       38
        
       	// DID returns the authenticated user's DID.

     

       35
       39
        
       	DID() string

     

       36
       40
        
       

     
···

       89
       93
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrForbidden, apiErr.Message)

     

       90
       94
        
       		case 404:

     

       91
       95
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrNotFound, apiErr.Message)

     

       96
       96
       +
       		case 409:

     

       97
       97
       +
       			return fmt.Errorf("%s: %w: %s", operation, ErrConflict, apiErr.Message)

     

       92
       98
        
       		}

     

       93
       99
        
       	}

     

       94
       100
        
       

     
···

       218
       224
        
       		Value: result.Value,

     

       219
       225
        
       	}, nil

     

       220
       226
        
       }

     

       227
       227
       +
       

     

       228
       228
       +
       // PutRecord creates or updates a record with optional optimistic locking.

     

       229
       229
       +
       func (c *client) PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (string, string, error) {

     

       230
       230
       +
       	payload := map[string]any{

     

       231
       231
       +
       		"repo":       c.did,

     

       232
       232
       +
       		"collection": collection,

     

       233
       233
       +
       		"rkey":       rkey,

     

       234
       234
       +
       		"record":     record,

     

       235
       235
       +
       	}

     

       236
       236
       +
       

     

       237
       237
       +
       	// Optional: optimistic locking via CID swap check

     

       238
       238
       +
       	if swapRecord != "" {

     

       239
       239
       +
       		payload["swapRecord"] = swapRecord

     

       240
       240
       +
       	}

     

       241
       241
       +
       

     

       242
       242
       +
       	var result struct {

     

       243
       243
       +
       		URI string `json:"uri"`

     

       244
       244
       +
       		CID string `json:"cid"`

     

       245
       245
       +
       	}

     

       246
       246
       +
       

     

       247
       247
       +
       	err := c.apiClient.Post(ctx, syntax.NSID("com.atproto.repo.putRecord"), payload, &result)

     

       248
       248
       +
       	if err != nil {

     

       249
       249
       +
       		return "", "", wrapAPIError(err, "putRecord")

     

       250
       250
       +
       	}

     

       251
       251
       +
       

     

       252
       252
       +
       	return result.URI, result.CID, nil

     

       253
       253
       +
       }

+231

internal/atproto/pds/client_test.go

···

       958
       958
        
       			operation: "createRecord",

     

       959
       959
        
       			wantTyped: ErrBadRequest,

     

       960
       960
        
       		},

     

       961
       961
       +
       		{

     

       962
       962
       +
       			name:      "409 maps to ErrConflict",

     

       963
       963
       +
       			err:       &atclient.APIError{StatusCode: 409, Name: "InvalidSwap", Message: "Record CID mismatch"},

     

       964
       964
       +
       			operation: "putRecord",

     

       965
       965
       +
       			wantTyped: ErrConflict,

     

       966
       966
       +
       		},

     

       961
       967
        
       		{

     

       962
       968
        
       			name:      "500 wraps without typed error",

     

       963
       969
        
       			err:       &atclient.APIError{StatusCode: 500, Name: "InternalError", Message: "Server error"},

     
···

       1172
       1178
        
       		})

     

       1173
       1179
        
       	}

     

       1174
       1180
        
       }

     

       1181
       1181
       +
       

     

       1182
       1182
       +
       // TestClient_PutRecord tests the PutRecord method with a mock server.

     

       1183
       1183
       +
       func TestClient_PutRecord(t *testing.T) {

     

       1184
       1184
       +
       	tests := []struct {

     

       1185
       1185
       +
       		name           string

     

       1186
       1186
       +
       		collection     string

     

       1187
       1187
       +
       		rkey           string

     

       1188
       1188
       +
       		record         map[string]any

     

       1189
       1189
       +
       		swapRecord     string

     

       1190
       1190
       +
       		serverResponse map[string]any

     

       1191
       1191
       +
       		serverStatus   int

     

       1192
       1192
       +
       		wantURI        string

     

       1193
       1193
       +
       		wantCID        string

     

       1194
       1194
       +
       		wantErr        bool

     

       1195
       1195
       +
       	}{

     

       1196
       1196
       +
       		{

     

       1197
       1197
       +
       			name:       "successful put with swapRecord",

     

       1198
       1198
       +
       			collection: "social.coves.comment",

     

       1199
       1199
       +
       			rkey:       "3kjzl5kcb2s2v",

     

       1200
       1200
       +
       			record: map[string]any{

     

       1201
       1201
       +
       				"$type":   "social.coves.comment",

     

       1202
       1202
       +
       				"content": "Updated comment content",

     

       1203
       1203
       +
       			},

     

       1204
       1204
       +
       			swapRecord: "bafyreigbtj4x7ip5legnfznufuopl4sg4knzc2cof6duas4b3q2fy6swua",

     

       1205
       1205
       +
       			serverResponse: map[string]any{

     

       1206
       1206
       +
       				"uri": "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1207
       1207
       +
       				"cid": "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1208
       1208
       +
       			},

     

       1209
       1209
       +
       			serverStatus: http.StatusOK,

     

       1210
       1210
       +
       			wantURI:      "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1211
       1211
       +
       			wantCID:      "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1212
       1212
       +
       			wantErr:      false,

     

       1213
       1213
       +
       		},

     

       1214
       1214
       +
       		{

     

       1215
       1215
       +
       			name:       "successful put without swapRecord",

     

       1216
       1216
       +
       			collection: "social.coves.comment",

     

       1217
       1217
       +
       			rkey:       "3kjzl5kcb2s2v",

     

       1218
       1218
       +
       			record: map[string]any{

     

       1219
       1219
       +
       				"$type":   "social.coves.comment",

     

       1220
       1220
       +
       				"content": "Updated comment",

     

       1221
       1221
       +
       			},

     

       1222
       1222
       +
       			swapRecord: "",

     

       1223
       1223
       +
       			serverResponse: map[string]any{

     

       1224
       1224
       +
       				"uri": "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1225
       1225
       +
       				"cid": "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1226
       1226
       +
       			},

     

       1227
       1227
       +
       			serverStatus: http.StatusOK,

     

       1228
       1228
       +
       			wantURI:      "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1229
       1229
       +
       			wantCID:      "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1230
       1230
       +
       			wantErr:      false,

     

       1231
       1231
       +
       		},

     

       1232
       1232
       +
       		{

     

       1233
       1233
       +
       			name:       "conflict error (409)",

     

       1234
       1234
       +
       			collection: "social.coves.comment",

     

       1235
       1235
       +
       			rkey:       "test",

     

       1236
       1236
       +
       			record:     map[string]any{"$type": "social.coves.comment"},

     

       1237
       1237
       +
       			swapRecord: "bafyreigbtj4x7ip5legnfznufuopl4sg4knzc2cof6duas4b3q2fy6swua",

     

       1238
       1238
       +
       			serverResponse: map[string]any{

     

       1239
       1239
       +
       				"error":   "InvalidSwap",

     

       1240
       1240
       +
       				"message": "Record CID does not match",

     

       1241
       1241
       +
       			},

     

       1242
       1242
       +
       			serverStatus: http.StatusConflict,

     

       1243
       1243
       +
       			wantErr:      true,

     

       1244
       1244
       +
       		},

     

       1245
       1245
       +
       		{

     

       1246
       1246
       +
       			name:       "server error",

     

       1247
       1247
       +
       			collection: "social.coves.comment",

     

       1248
       1248
       +
       			rkey:       "test",

     

       1249
       1249
       +
       			record:     map[string]any{"$type": "social.coves.comment"},

     

       1250
       1250
       +
       			swapRecord: "",

     

       1251
       1251
       +
       			serverResponse: map[string]any{

     

       1252
       1252
       +
       				"error":   "InvalidRequest",

     

       1253
       1253
       +
       				"message": "Invalid record",

     

       1254
       1254
       +
       			},

     

       1255
       1255
       +
       			serverStatus: http.StatusBadRequest,

     

       1256
       1256
       +
       			wantErr:      true,

     

       1257
       1257
       +
       		},

     

       1258
       1258
       +
       	}

     

       1259
       1259
       +
       

     

       1260
       1260
       +
       	for _, tt := range tests {

     

       1261
       1261
       +
       		t.Run(tt.name, func(t *testing.T) {

     

       1262
       1262
       +
       			// Create mock server

     

       1263
       1263
       +
       			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       1264
       1264
       +
       				// Verify method

     

       1265
       1265
       +
       				if r.Method != http.MethodPost {

     

       1266
       1266
       +
       					t.Errorf("expected POST request, got %s", r.Method)

     

       1267
       1267
       +
       				}

     

       1268
       1268
       +
       

     

       1269
       1269
       +
       				// Verify path

     

       1270
       1270
       +
       				expectedPath := "/xrpc/com.atproto.repo.putRecord"

     

       1271
       1271
       +
       				if r.URL.Path != expectedPath {

     

       1272
       1272
       +
       					t.Errorf("path = %q, want %q", r.URL.Path, expectedPath)

     

       1273
       1273
       +
       				}

     

       1274
       1274
       +
       

     

       1275
       1275
       +
       				// Verify request body

     

       1276
       1276
       +
       				var payload map[string]any

     

       1277
       1277
       +
       				if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {

     

       1278
       1278
       +
       					t.Fatalf("failed to decode request body: %v", err)

     

       1279
       1279
       +
       				}

     

       1280
       1280
       +
       

     

       1281
       1281
       +
       				// Check required fields

     

       1282
       1282
       +
       				if payload["collection"] != tt.collection {

     

       1283
       1283
       +
       					t.Errorf("collection = %v, want %v", payload["collection"], tt.collection)

     

       1284
       1284
       +
       				}

     

       1285
       1285
       +
       				if payload["rkey"] != tt.rkey {

     

       1286
       1286
       +
       					t.Errorf("rkey = %v, want %v", payload["rkey"], tt.rkey)

     

       1287
       1287
       +
       				}

     

       1288
       1288
       +
       

     

       1289
       1289
       +
       				// Check swapRecord inclusion

     

       1290
       1290
       +
       				if tt.swapRecord != "" {

     

       1291
       1291
       +
       					if payload["swapRecord"] != tt.swapRecord {

     

       1292
       1292
       +
       						t.Errorf("swapRecord = %v, want %v", payload["swapRecord"], tt.swapRecord)

     

       1293
       1293
       +
       					}

     

       1294
       1294
       +
       				} else {

     

       1295
       1295
       +
       					if _, exists := payload["swapRecord"]; exists {

     

       1296
       1296
       +
       						t.Error("swapRecord should not be included when empty")

     

       1297
       1297
       +
       					}

     

       1298
       1298
       +
       				}

     

       1299
       1299
       +
       

     

       1300
       1300
       +
       				// Send response

     

       1301
       1301
       +
       				w.Header().Set("Content-Type", "application/json")

     

       1302
       1302
       +
       				w.WriteHeader(tt.serverStatus)

     

       1303
       1303
       +
       				json.NewEncoder(w).Encode(tt.serverResponse)

     

       1304
       1304
       +
       			}))

     

       1305
       1305
       +
       			defer server.Close()

     

       1306
       1306
       +
       

     

       1307
       1307
       +
       			// Create client

     

       1308
       1308
       +
       			apiClient := atclient.NewAPIClient(server.URL)

     

       1309
       1309
       +
       			apiClient.Auth = &bearerAuth{token: "test-token"}

     

       1310
       1310
       +
       

     

       1311
       1311
       +
       			c := &client{

     

       1312
       1312
       +
       				apiClient: apiClient,

     

       1313
       1313
       +
       				did:       "did:plc:test",

     

       1314
       1314
       +
       				host:      server.URL,

     

       1315
       1315
       +
       			}

     

       1316
       1316
       +
       

     

       1317
       1317
       +
       			// Execute PutRecord

     

       1318
       1318
       +
       			ctx := context.Background()

     

       1319
       1319
       +
       			uri, cid, err := c.PutRecord(ctx, tt.collection, tt.rkey, tt.record, tt.swapRecord)

     

       1320
       1320
       +
       

     

       1321
       1321
       +
       			if tt.wantErr {

     

       1322
       1322
       +
       				if err == nil {

     

       1323
       1323
       +
       					t.Fatal("expected error, got nil")

     

       1324
       1324
       +
       				}

     

       1325
       1325
       +
       				return

     

       1326
       1326
       +
       			}

     

       1327
       1327
       +
       

     

       1328
       1328
       +
       			if err != nil {

     

       1329
       1329
       +
       				t.Fatalf("unexpected error: %v", err)

     

       1330
       1330
       +
       			}

     

       1331
       1331
       +
       

     

       1332
       1332
       +
       			if uri != tt.wantURI {

     

       1333
       1333
       +
       				t.Errorf("uri = %q, want %q", uri, tt.wantURI)

     

       1334
       1334
       +
       			}

     

       1335
       1335
       +
       

     

       1336
       1336
       +
       			if cid != tt.wantCID {

     

       1337
       1337
       +
       				t.Errorf("cid = %q, want %q", cid, tt.wantCID)

     

       1338
       1338
       +
       			}

     

       1339
       1339
       +
       		})

     

       1340
       1340
       +
       	}

     

       1341
       1341
       +
       }

     

       1342
       1342
       +
       

     

       1343
       1343
       +
       // TestClient_TypedErrors_PutRecord tests that PutRecord returns typed errors.

     

       1344
       1344
       +
       func TestClient_TypedErrors_PutRecord(t *testing.T) {

     

       1345
       1345
       +
       	tests := []struct {

     

       1346
       1346
       +
       		name         string

     

       1347
       1347
       +
       		serverStatus int

     

       1348
       1348
       +
       		wantErr      error

     

       1349
       1349
       +
       	}{

     

       1350
       1350
       +
       		{

     

       1351
       1351
       +
       			name:         "401 returns ErrUnauthorized",

     

       1352
       1352
       +
       			serverStatus: http.StatusUnauthorized,

     

       1353
       1353
       +
       			wantErr:      ErrUnauthorized,

     

       1354
       1354
       +
       		},

     

       1355
       1355
       +
       		{

     

       1356
       1356
       +
       			name:         "403 returns ErrForbidden",

     

       1357
       1357
       +
       			serverStatus: http.StatusForbidden,

     

       1358
       1358
       +
       			wantErr:      ErrForbidden,

     

       1359
       1359
       +
       		},

     

       1360
       1360
       +
       		{

     

       1361
       1361
       +
       			name:         "409 returns ErrConflict",

     

       1362
       1362
       +
       			serverStatus: http.StatusConflict,

     

       1363
       1363
       +
       			wantErr:      ErrConflict,

     

       1364
       1364
       +
       		},

     

       1365
       1365
       +
       		{

     

       1366
       1366
       +
       			name:         "400 returns ErrBadRequest",

     

       1367
       1367
       +
       			serverStatus: http.StatusBadRequest,

     

       1368
       1368
       +
       			wantErr:      ErrBadRequest,

     

       1369
       1369
       +
       		},

     

       1370
       1370
       +
       	}

     

       1371
       1371
       +
       

     

       1372
       1372
       +
       	for _, tt := range tests {

     

       1373
       1373
       +
       		t.Run(tt.name, func(t *testing.T) {

     

       1374
       1374
       +
       			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       1375
       1375
       +
       				w.Header().Set("Content-Type", "application/json")

     

       1376
       1376
       +
       				w.WriteHeader(tt.serverStatus)

     

       1377
       1377
       +
       				json.NewEncoder(w).Encode(map[string]any{

     

       1378
       1378
       +
       					"error":   "TestError",

     

       1379
       1379
       +
       					"message": "Test error message",

     

       1380
       1380
       +
       				})

     

       1381
       1381
       +
       			}))

     

       1382
       1382
       +
       			defer server.Close()

     

       1383
       1383
       +
       

     

       1384
       1384
       +
       			apiClient := atclient.NewAPIClient(server.URL)

     

       1385
       1385
       +
       			apiClient.Auth = &bearerAuth{token: "test-token"}

     

       1386
       1386
       +
       

     

       1387
       1387
       +
       			c := &client{

     

       1388
       1388
       +
       				apiClient: apiClient,

     

       1389
       1389
       +
       				did:       "did:plc:test",

     

       1390
       1390
       +
       				host:      server.URL,

     

       1391
       1391
       +
       			}

     

       1392
       1392
       +
       

     

       1393
       1393
       +
       			ctx := context.Background()

     

       1394
       1394
       +
       			_, _, err := c.PutRecord(ctx, "test.collection", "rkey", map[string]any{}, "")

     

       1395
       1395
       +
       

     

       1396
       1396
       +
       			if err == nil {

     

       1397
       1397
       +
       				t.Fatal("expected error, got nil")

     

       1398
       1398
       +
       			}

     

       1399
       1399
       +
       

     

       1400
       1400
       +
       			if !errors.Is(err, tt.wantErr) {

     

       1401
       1401
       +
       				t.Errorf("expected errors.Is(%v, %v) to be true", err, tt.wantErr)

     

       1402
       1402
       +
       			}

     

       1403
       1403
       +
       		})

     

       1404
       1404
       +
       	}

     

       1405
       1405
       +
       }

internal/atproto/pds/errors.go

···

       17
       17
        
       

     

       18
       18
        
       	// ErrBadRequest indicates the request was malformed or invalid (HTTP 400).

     

       19
       19
        
       	ErrBadRequest = errors.New("bad request")

     

       20
       20
       +
       

     

       21
       21
       +
       	// ErrConflict indicates the record was modified by another operation (HTTP 409).

     

       22
       22
       +
       	ErrConflict = errors.New("record was modified by another operation")

     

       20
       23
        
       )

     

       21
       24
        
       

     

       22
       25
        
       // IsAuthError returns true if the error is an authentication/authorization error.

+17

internal/core/comments/comment_write_service_test.go

···

       24
       24
        
       	createError error                             // Error to return on CreateRecord

     

       25
       25
        
       	getError    error                             // Error to return on GetRecord

     

       26
       26
        
       	deleteError error                             // Error to return on DeleteRecord

     

       27
       27
       +
       	putError    error                             // Error to return on PutRecord

     

       27
       28
        
       	did         string                            // DID of the authenticated user

     

       28
       29
        
       	hostURL     string                            // PDS host URL

     

       29
       30
        
       }

     
···

       113
       114
        
       	return &pds.ListRecordsResponse{}, nil

     

       114
       115
        
       }

     

       115
       116
        
       

     

       117
       117
       +
       func (m *mockPDSClient) PutRecord(ctx context.Context, collection, rkey string, record any, swapRecord string) (string, string, error) {

     

       118
       118
       +
       	if m.putError != nil {

     

       119
       119
       +
       		return "", "", m.putError

     

       120
       120
       +
       	}

     

       121
       121
       +
       

     

       122
       122
       +
       	// Store record (same logic as CreateRecord)

     

       123
       123
       +
       	if m.records[collection] == nil {

     

       124
       124
       +
       		m.records[collection] = make(map[string]interface{})

     

       125
       125
       +
       	}

     

       126
       126
       +
       	m.records[collection][rkey] = record

     

       127
       127
       +
       

     

       128
       128
       +
       	uri := fmt.Sprintf("at://%s/%s/%s", m.did, collection, rkey)

     

       129
       129
       +
       	cid := fmt.Sprintf("bafytest%d", time.Now().UnixNano())

     

       130
       130
       +
       	return uri, cid, nil

     

       131
       131
       +
       }

     

       132
       132
       +
       

     

       116
       133
        
       // mockPDSClientFactory creates mock PDS clients for testing

     

       117
       134
        
       type mockPDSClientFactory struct {

     

       118
       135
        
       	client *mockPDSClient

+5 -1

internal/core/comments/errors.go

···

       29
       29
        
       

     

       30
       30
        
       	// ErrCommentAlreadyExists indicates a comment with this URI already exists

     

       31
       31
        
       	ErrCommentAlreadyExists = errors.New("comment already exists")

     

       32
       32
       +
       

     

       33
       33
       +
       	// ErrConcurrentModification indicates the comment was modified since it was loaded

     

       34
       34
       +
       	ErrConcurrentModification = errors.New("comment was modified by another operation")

     

       32
       35
        
       )

     

       33
       36
        
       

     

       34
       37
        
       // IsNotFound checks if an error is a "not found" error

     
···

       40
       43
        
       

     

       41
       44
        
       // IsConflict checks if an error is a conflict/already exists error

     

       42
       45
        
       func IsConflict(err error) bool {

     

       43
       43
       -
       	return errors.Is(err, ErrCommentAlreadyExists)

     

       46
       46
       +
       	return errors.Is(err, ErrCommentAlreadyExists) ||

     

       47
       47
       +
       		errors.Is(err, ErrConcurrentModification)

     

       44
       48
        
       }

     

       45
       49
        
       

     

       46
       50
        
       // IsValidationError checks if an error is a validation error

+169

tests/integration/comment_write_test.go

···

       806
       806
        
       func parseTestDID(did string) (syntax.DID, error) {

     

       807
       807
        
       	return syntax.ParseDID(did)

     

       808
       808
        
       }

     

       809
       809
       +
       

     

       810
       810
       +
       // TestCommentWrite_ConcurrentModificationDetection tests that PutRecord's swapRecord

     

       811
       811
       +
       // CID validation correctly detects concurrent modifications.

     

       812
       812
       +
       // This verifies the optimistic locking mechanism that prevents lost updates.

     

       813
       813
       +
       func TestCommentWrite_ConcurrentModificationDetection(t *testing.T) {

     

       814
       814
       +
       	if testing.Short() {

     

       815
       815
       +
       		t.Skip("Skipping E2E test in short mode")

     

       816
       816
       +
       	}

     

       817
       817
       +
       

     

       818
       818
       +
       	db := setupTestDB(t)

     

       819
       819
       +
       	defer func() { _ = db.Close() }()

     

       820
       820
       +
       

     

       821
       821
       +
       	ctx := context.Background()

     

       822
       822
       +
       	pdsURL := getTestPDSURL()

     

       823
       823
       +
       

     

       824
       824
       +
       	// Setup repositories and service

     

       825
       825
       +
       	commentRepo := postgres.NewCommentRepository(db)

     

       826
       826
       +
       

     

       827
       827
       +
       	commentPDSFactory := func(ctx context.Context, session *oauthlib.ClientSessionData) (pds.Client, error) {

     

       828
       828
       +
       		if session.AccessToken == "" {

     

       829
       829
       +
       			return nil, fmt.Errorf("session has no access token")

     

       830
       830
       +
       		}

     

       831
       831
       +
       		if session.HostURL == "" {

     

       832
       832
       +
       			return nil, fmt.Errorf("session has no host URL")

     

       833
       833
       +
       		}

     

       834
       834
       +
       		return pds.NewFromAccessToken(session.HostURL, session.AccountDID.String(), session.AccessToken)

     

       835
       835
       +
       	}

     

       836
       836
       +
       

     

       837
       837
       +
       	commentService := comments.NewCommentServiceWithPDSFactory(

     

       838
       838
       +
       		commentRepo,

     

       839
       839
       +
       		nil,

     

       840
       840
       +
       		nil,

     

       841
       841
       +
       		nil,

     

       842
       842
       +
       		nil,

     

       843
       843
       +
       		commentPDSFactory,

     

       844
       844
       +
       	)

     

       845
       845
       +
       

     

       846
       846
       +
       	// Create test user

     

       847
       847
       +
       	testUserHandle := fmt.Sprintf("concurrency-%d.local.coves.dev", time.Now().Unix())

     

       848
       848
       +
       	testUserEmail := fmt.Sprintf("concurrency-%d@test.local", time.Now().Unix())

     

       849
       849
       +
       	testUserPassword := "test-password-123"

     

       850
       850
       +
       

     

       851
       851
       +
       	pdsAccessToken, userDID, err := createPDSAccount(pdsURL, testUserHandle, testUserEmail, testUserPassword)

     

       852
       852
       +
       	if err != nil {

     

       853
       853
       +
       		t.Skipf("PDS not available: %v", err)

     

       854
       854
       +
       	}

     

       855
       855
       +
       

     

       856
       856
       +
       	// Setup OAuth

     

       857
       857
       +
       	mockStore := NewMockOAuthStore()

     

       858
       858
       +
       	mockStore.AddSessionWithPDS(userDID, "session-"+userDID, pdsAccessToken, pdsURL)

     

       859
       859
       +
       

     

       860
       860
       +
       	parsedDID, _ := parseTestDID(userDID)

     

       861
       861
       +
       	session, _ := mockStore.GetSession(ctx, parsedDID, "session-"+userDID)

     

       862
       862
       +
       

     

       863
       863
       +
       	// Step 1: Create a comment

     

       864
       864
       +
       	t.Logf("\n📝 Step 1: Creating initial comment...")

     

       865
       865
       +
       	createReq := comments.CreateCommentRequest{

     

       866
       866
       +
       		Reply: comments.ReplyRef{

     

       867
       867
       +
       			Root: comments.StrongRef{

     

       868
       868
       +
       				URI: "at://did:plc:test/social.coves.community.post/test123",

     

       869
       869
       +
       				CID: "bafypost",

     

       870
       870
       +
       			},

     

       871
       871
       +
       			Parent: comments.StrongRef{

     

       872
       872
       +
       				URI: "at://did:plc:test/social.coves.community.post/test123",

     

       873
       873
       +
       				CID: "bafypost",

     

       874
       874
       +
       			},

     

       875
       875
       +
       		},

     

       876
       876
       +
       		Content: "Original content for concurrency test",

     

       877
       877
       +
       		Langs:   []string{"en"},

     

       878
       878
       +
       	}

     

       879
       879
       +
       

     

       880
       880
       +
       	createResp, err := commentService.CreateComment(ctx, session, createReq)

     

       881
       881
       +
       	if err != nil {

     

       882
       882
       +
       		t.Fatalf("Failed to create comment: %v", err)

     

       883
       883
       +
       	}

     

       884
       884
       +
       	t.Logf("✅ Comment created: URI=%s, CID=%s", createResp.URI, createResp.CID)

     

       885
       885
       +
       	originalCID := createResp.CID

     

       886
       886
       +
       

     

       887
       887
       +
       	// Step 2: Update the comment (this changes the CID)

     

       888
       888
       +
       	t.Logf("\n📝 Step 2: Updating comment (this changes CID)...")

     

       889
       889
       +
       	updateReq := comments.UpdateCommentRequest{

     

       890
       890
       +
       		URI:     createResp.URI,

     

       891
       891
       +
       		Content: "Updated content - CID has changed",

     

       892
       892
       +
       	}

     

       893
       893
       +
       

     

       894
       894
       +
       	updateResp, err := commentService.UpdateComment(ctx, session, updateReq)

     

       895
       895
       +
       	if err != nil {

     

       896
       896
       +
       		t.Fatalf("Failed to update comment: %v", err)

     

       897
       897
       +
       	}

     

       898
       898
       +
       	t.Logf("✅ Comment updated: New CID=%s", updateResp.CID)

     

       899
       899
       +
       	newCID := updateResp.CID

     

       900
       900
       +
       

     

       901
       901
       +
       	// Verify CIDs are different

     

       902
       902
       +
       	if originalCID == newCID {

     

       903
       903
       +
       		t.Fatalf("CIDs should be different after update: original=%s, new=%s", originalCID, newCID)

     

       904
       904
       +
       	}

     

       905
       905
       +
       

     

       906
       906
       +
       	// Step 3: Simulate concurrent modification detection using direct PDS client

     

       907
       907
       +
       	// Create a PDS client and attempt to update with the stale (original) CID

     

       908
       908
       +
       	t.Logf("\n🔍 Step 3: Testing concurrent modification detection with stale CID...")

     

       909
       909
       +
       

     

       910
       910
       +
       	pdsClient, err := pds.NewFromAccessToken(pdsURL, userDID, pdsAccessToken)

     

       911
       911
       +
       	if err != nil {

     

       912
       912
       +
       		t.Fatalf("Failed to create PDS client: %v", err)

     

       913
       913
       +
       	}

     

       914
       914
       +
       

     

       915
       915
       +
       	rkey := utils.ExtractRKeyFromURI(createResp.URI)

     

       916
       916
       +
       

     

       917
       917
       +
       	// Try to update with the ORIGINAL (now stale) CID - this should fail with 409

     

       918
       918
       +
       	staleRecord := map[string]interface{}{

     

       919
       919
       +
       		"$type": "social.coves.community.comment",

     

       920
       920
       +
       		"reply": map[string]interface{}{

     

       921
       921
       +
       			"root": map[string]interface{}{

     

       922
       922
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       923
       923
       +
       				"cid": "bafypost",

     

       924
       924
       +
       			},

     

       925
       925
       +
       			"parent": map[string]interface{}{

     

       926
       926
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       927
       927
       +
       				"cid": "bafypost",

     

       928
       928
       +
       			},

     

       929
       929
       +
       		},

     

       930
       930
       +
       		"content":   "This update should fail - using stale CID",

     

       931
       931
       +
       		"createdAt": time.Now().UTC().Format(time.RFC3339),

     

       932
       932
       +
       	}

     

       933
       933
       +
       

     

       934
       934
       +
       	_, _, err = pdsClient.PutRecord(ctx, "social.coves.community.comment", rkey, staleRecord, originalCID)

     

       935
       935
       +
       

     

       936
       936
       +
       	// Verify we get ErrConflict

     

       937
       937
       +
       	if err == nil {

     

       938
       938
       +
       		t.Fatal("Expected ErrConflict when updating with stale CID, got nil")

     

       939
       939
       +
       	}

     

       940
       940
       +
       

     

       941
       941
       +
       	if !errors.Is(err, pds.ErrConflict) {

     

       942
       942
       +
       		t.Errorf("Expected pds.ErrConflict, got: %v", err)

     

       943
       943
       +
       	}

     

       944
       944
       +
       

     

       945
       945
       +
       	t.Logf("✅ Correctly detected concurrent modification!")

     

       946
       946
       +
       	t.Logf("   Error: %v", err)

     

       947
       947
       +
       

     

       948
       948
       +
       	// Step 4: Verify that updating with the correct CID succeeds

     

       949
       949
       +
       	t.Logf("\n📝 Step 4: Verifying update with correct CID succeeds...")

     

       950
       950
       +
       	correctRecord := map[string]interface{}{

     

       951
       951
       +
       		"$type": "social.coves.community.comment",

     

       952
       952
       +
       		"reply": map[string]interface{}{

     

       953
       953
       +
       			"root": map[string]interface{}{

     

       954
       954
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       955
       955
       +
       				"cid": "bafypost",

     

       956
       956
       +
       			},

     

       957
       957
       +
       			"parent": map[string]interface{}{

     

       958
       958
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       959
       959
       +
       				"cid": "bafypost",

     

       960
       960
       +
       			},

     

       961
       961
       +
       		},

     

       962
       962
       +
       		"content":   "This update should succeed - using correct CID",

     

       963
       963
       +
       		"createdAt": time.Now().UTC().Format(time.RFC3339),

     

       964
       964
       +
       	}

     

       965
       965
       +
       

     

       966
       966
       +
       	_, finalCID, err := pdsClient.PutRecord(ctx, "social.coves.community.comment", rkey, correctRecord, newCID)

     

       967
       967
       +
       	if err != nil {

     

       968
       968
       +
       		t.Fatalf("Update with correct CID should succeed, got: %v", err)

     

       969
       969
       +
       	}

     

       970
       970
       +
       

     

       971
       971
       +
       	t.Logf("✅ Update with correct CID succeeded: New CID=%s", finalCID)

     

       972
       972
       +
       

     

       973
       973
       +
       	t.Logf("\n✅ CONCURRENT MODIFICATION DETECTION TEST COMPLETE:")

     

       974
       974
       +
       	t.Logf("   ✓ PutRecord with stale CID correctly returns ErrConflict")

     

       975
       975
       +
       	t.Logf("   ✓ PutRecord with correct CID succeeds")

     

       976
       976
       +
       	t.Logf("   ✓ Optimistic locking prevents lost updates")

     

       977
       977
       +
       }

+2 -2

cmd/server/main.go

···

       543
       543
        
       	routes.RegisterTimelineRoutes(r, timelineService, voteService, authMiddleware)

     

       544
       544
        
       	log.Println("Timeline XRPC endpoints registered (requires authentication, includes viewer vote state)")

     

       545
       545
        
       

     

       546
       546
       -
       	routes.RegisterDiscoverRoutes(r, discoverService)

     

       547
       547
       -
       	log.Println("Discover XRPC endpoints registered (public, no auth required)")

     

       546
       546
       +
       	routes.RegisterDiscoverRoutes(r, discoverService, voteService, authMiddleware)

     

       547
       547
       +
       	log.Println("Discover XRPC endpoints registered (public with optional auth for viewer vote state)")

     

       548
       548
        
       

     

       549
       549
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService, userService, identityResolver)

     

       550
       550
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public, registration endpoint public)")

+73

internal/api/handlers/common/viewer_state.go

···

       1
       1
       +
       package common

     

       2
       2
       +
       

     

       3
       3
       +
       import (

     

       4
       4
       +
       	"Coves/internal/api/middleware"

     

       5
       5
       +
       	"Coves/internal/core/posts"

     

       6
       6
       +
       	"Coves/internal/core/votes"

     

       7
       7
       +
       	"context"

     

       8
       8
       +
       	"log"

     

       9
       9
       +
       	"net/http"

     

       10
       10
       +
       )

     

       11
       11
       +
       

     

       12
       12
       +
       // FeedPostProvider is implemented by any feed post wrapper that contains a PostView.

     

       13
       13
       +
       // This allows the helper to work with different feed post types (discover, timeline, communityFeed).

     

       14
       14
       +
       type FeedPostProvider interface {

     

       15
       15
       +
       	GetPost() *posts.PostView

     

       16
       16
       +
       }

     

       17
       17
       +
       

     

       18
       18
       +
       // PopulateViewerVoteState enriches feed posts with the authenticated user's vote state.

     

       19
       19
       +
       // This is a no-op if voteService is nil or the request is unauthenticated.

     

       20
       20
       +
       //

     

       21
       21
       +
       // Parameters:

     

       22
       22
       +
       //   - ctx: Request context for PDS calls

     

       23
       23
       +
       //   - r: HTTP request (used to extract OAuth session)

     

       24
       24
       +
       //   - voteService: Vote service for cache lookup (may be nil)

     

       25
       25
       +
       //   - feedPosts: Posts to enrich with viewer state (must implement FeedPostProvider)

     

       26
       26
       +
       //

     

       27
       27
       +
       // The function logs but does not fail on errors - viewer state is optional enrichment.

     

       28
       28
       +
       func PopulateViewerVoteState[T FeedPostProvider](

     

       29
       29
       +
       	ctx context.Context,

     

       30
       30
       +
       	r *http.Request,

     

       31
       31
       +
       	voteService votes.Service,

     

       32
       32
       +
       	feedPosts []T,

     

       33
       33
       +
       ) {

     

       34
       34
       +
       	if voteService == nil {

     

       35
       35
       +
       		return

     

       36
       36
       +
       	}

     

       37
       37
       +
       

     

       38
       38
       +
       	session := middleware.GetOAuthSession(r)

     

       39
       39
       +
       	if session == nil {

     

       40
       40
       +
       		return

     

       41
       41
       +
       	}

     

       42
       42
       +
       

     

       43
       43
       +
       	userDID := middleware.GetUserDID(r)

     

       44
       44
       +
       

     

       45
       45
       +
       	// Ensure vote cache is populated from PDS

     

       46
       46
       +
       	if err := voteService.EnsureCachePopulated(ctx, session); err != nil {

     

       47
       47
       +
       		log.Printf("Warning: failed to populate vote cache: %v", err)

     

       48
       48
       +
       		return

     

       49
       49
       +
       	}

     

       50
       50
       +
       

     

       51
       51
       +
       	// Collect post URIs to batch lookup

     

       52
       52
       +
       	postURIs := make([]string, 0, len(feedPosts))

     

       53
       53
       +
       	for _, feedPost := range feedPosts {

     

       54
       54
       +
       		if post := feedPost.GetPost(); post != nil {

     

       55
       55
       +
       			postURIs = append(postURIs, post.URI)

     

       56
       56
       +
       		}

     

       57
       57
       +
       	}

     

       58
       58
       +
       

     

       59
       59
       +
       	// Get viewer votes for all posts

     

       60
       60
       +
       	viewerVotes := voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       61
       61
       +
       

     

       62
       62
       +
       	// Populate viewer state on each post

     

       63
       63
       +
       	for _, feedPost := range feedPosts {

     

       64
       64
       +
       		if post := feedPost.GetPost(); post != nil {

     

       65
       65
       +
       			if vote, exists := viewerVotes[post.URI]; exists {

     

       66
       66
       +
       				post.Viewer = &posts.ViewerState{

     

       67
       67
       +
       					Vote:    &vote.Direction,

     

       68
       68
       +
       					VoteURI: &vote.URI,

     

       69
       69
       +
       				}

     

       70
       70
       +
       			}

     

       71
       71
       +
       		}

     

       72
       72
       +
       	}

     

       73
       73
       +
       }

+3 -36

internal/api/handlers/communityFeed/get_community.go

···

       1
       1
        
       package communityFeed

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       -
       	"Coves/internal/api/middleware"

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       5
       5
        
       	"Coves/internal/core/communityFeeds"

     

       6
       6
        
       	"Coves/internal/core/posts"

     

       7
       7
        
       	"Coves/internal/core/votes"

     
···

       47
       47
        
       		return

     

       48
       48
        
       	}

     

       49
       49
        
       

     

       50
       50
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       51
       51
       -
       	if h.voteService != nil {

     

       52
       52
       -
       		session := middleware.GetOAuthSession(r)

     

       53
       53
       -
       		if session != nil {

     

       54
       54
       -
       			userDID := middleware.GetUserDID(r)

     

       55
       55
       -
       			// Ensure vote cache is populated from PDS

     

       56
       56
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       57
       57
       -
       				// Log but don't fail - viewer state is optional

     

       58
       58
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       59
       59
       -
       			} else {

     

       60
       60
       -
       				// Collect post URIs to batch lookup

     

       61
       61
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       62
       62
       -
       				for _, feedPost := range response.Feed {

     

       63
       63
       -
       					if feedPost.Post != nil {

     

       64
       64
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       65
       65
       -
       					}

     

       66
       66
       -
       				}

     

       67
       67
       -
       

     

       68
       68
       -
       				// Get viewer votes for all posts

     

       69
       69
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       70
       70
       -
       

     

       71
       71
       -
       				// Populate viewer state on each post

     

       72
       72
       -
       				for _, feedPost := range response.Feed {

     

       73
       73
       -
       					if feedPost.Post != nil {

     

       74
       74
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       75
       75
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       76
       76
       -
       								Vote:    &vote.Direction,

     

       77
       77
       -
       								VoteURI: &vote.URI,

     

       78
       78
       -
       							}

     

       79
       79
       -
       						}

     

       80
       80
       -
       					}

     

       81
       81
       -
       				}

     

       82
       82
       -
       			}

     

       83
       83
       -
       		}

     

       84
       84
       -
       	}

     

       50
       50
       +
       	// Populate viewer vote state if authenticated

     

       51
       51
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       85
       52
        
       

     

       86
       53
        
       	// Transform blob refs to URLs for all posts

     

       87
       54
        
       	for _, feedPost := range response.Feed {

+11 -4

internal/api/handlers/discover/get_discover.go

···

       1
       1
        
       package discover

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       4
       5
        
       	"Coves/internal/core/discover"

     

       5
       6
        
       	"Coves/internal/core/posts"

     

       7
       7
       +
       	"Coves/internal/core/votes"

     

       6
       8
        
       	"encoding/json"

     

       7
       9
        
       	"log"

     

       8
       10
        
       	"net/http"

     
···

       11
       13
        
       

     

       12
       14
        
       // GetDiscoverHandler handles discover feed retrieval

     

       13
       15
        
       type GetDiscoverHandler struct {

     

       14
       14
       -
       	service discover.Service

     

       16
       16
       +
       	service     discover.Service

     

       17
       17
       +
       	voteService votes.Service

     

       15
       18
        
       }

     

       16
       19
        
       

     

       17
       20
        
       // NewGetDiscoverHandler creates a new discover handler

     

       18
       18
       -
       func NewGetDiscoverHandler(service discover.Service) *GetDiscoverHandler {

     

       21
       21
       +
       func NewGetDiscoverHandler(service discover.Service, voteService votes.Service) *GetDiscoverHandler {

     

       19
       22
        
       	return &GetDiscoverHandler{

     

       20
       20
       -
       		service: service,

     

       23
       23
       +
       		service:     service,

     

       24
       24
       +
       		voteService: voteService,

     

       21
       25
        
       	}

     

       22
       26
        
       }

     

       23
       27
        
       

     

       24
       28
        
       // HandleGetDiscover retrieves posts from all communities (public feed)

     

       25
       29
        
       // GET /xrpc/social.coves.feed.getDiscover?sort=hot&limit=15&cursor=...

     

       26
       26
       -
       // Public endpoint - no authentication required

     

       30
       30
       +
       // Public endpoint with optional auth - if authenticated, includes viewer vote state

     

       27
       31
        
       func (h *GetDiscoverHandler) HandleGetDiscover(w http.ResponseWriter, r *http.Request) {

     

       28
       32
        
       	if r.Method != http.MethodGet {

     

       29
       33
        
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     
···

       40
       44
        
       		return

     

       41
       45
        
       	}

     

       42
       46
        
       

     

       47
       47
       +
       	// Populate viewer vote state if authenticated

     

       48
       48
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       49
       49
       +
       

     

       43
       50
        
       	// Transform blob refs to URLs for all posts

     

       44
       51
        
       	for _, feedPost := range response.Feed {

     

       45
       52
        
       		if feedPost.Post != nil {

+3 -34

internal/api/handlers/timeline/get_timeline.go

···

       1
       1
        
       package timeline

     

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
       +
       	"Coves/internal/api/handlers/common"

     

       4
       5
        
       	"Coves/internal/api/middleware"

     

       5
       6
        
       	"Coves/internal/core/posts"

     

       6
       7
        
       	"Coves/internal/core/timeline"

     
···

       56
       57
        
       		return

     

       57
       58
        
       	}

     

       58
       59
        
       

     

       59
       59
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       60
       60
       -
       	if h.voteService != nil {

     

       61
       61
       -
       		session := middleware.GetOAuthSession(r)

     

       62
       62
       -
       		if session != nil {

     

       63
       63
       -
       			// Ensure vote cache is populated from PDS

     

       64
       64
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       65
       65
       -
       				// Log but don't fail - viewer state is optional

     

       66
       66
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       67
       67
       -
       			} else {

     

       68
       68
       -
       				// Collect post URIs to batch lookup

     

       69
       69
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       70
       70
       -
       				for _, feedPost := range response.Feed {

     

       71
       71
       -
       					if feedPost.Post != nil {

     

       72
       72
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       73
       73
       -
       					}

     

       74
       74
       -
       				}

     

       75
       75
       -
       

     

       76
       76
       -
       				// Get viewer votes for all posts

     

       77
       77
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       78
       78
       -
       

     

       79
       79
       -
       				// Populate viewer state on each post

     

       80
       80
       -
       				for _, feedPost := range response.Feed {

     

       81
       81
       -
       					if feedPost.Post != nil {

     

       82
       82
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       83
       83
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       84
       84
       -
       								Vote:    &vote.Direction,

     

       85
       85
       -
       								VoteURI: &vote.URI,

     

       86
       86
       -
       							}

     

       87
       87
       -
       						}

     

       88
       88
       -
       					}

     

       89
       89
       -
       				}

     

       90
       90
       -
       			}

     

       91
       91
       -
       		}

     

       92
       92
       -
       	}

     

       60
       60
       +
       	// Populate viewer vote state if authenticated

     

       61
       61
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       93
       62
        
       

     

       94
       63
        
       	// Transform blob refs to URLs for all posts

     

       95
       64
        
       	for _, feedPost := range response.Feed {

+9 -4

internal/api/routes/discover.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       5
       +
       	"Coves/internal/api/middleware"

     

       5
       6
        
       	discoverCore "Coves/internal/core/discover"

     

       7
       7
       +
       	"Coves/internal/core/votes"

     

       6
       8
        
       

     

       7
       9
        
       	"github.com/go-chi/chi/v5"

     

       8
       10
        
       )

     
···

       10
       12
        
       // RegisterDiscoverRoutes registers discover-related XRPC endpoints

     

       11
       13
        
       //

     

       12
       14
        
       // SECURITY & RATE LIMITING:

     

       13
       13
       -
       // - Discover feed is PUBLIC (no authentication required)

     

       15
       15
       +
       // - Discover feed is PUBLIC (works without authentication)

     

       16
       16
       +
       // - Optional auth: if authenticated, includes viewer vote state on posts

     

       14
       17
        
       // - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)

     

       15
       18
        
       // - Query timeout enforced via context (prevents long-running queries)

     

       16
       19
        
       // - Result limit capped at 50 posts per request (validated in service layer)

     
···

       18
       21
        
       func RegisterDiscoverRoutes(

     

       19
       22
        
       	r chi.Router,

     

       20
       23
        
       	discoverService discoverCore.Service,

     

       24
       24
       +
       	voteService votes.Service,

     

       25
       25
       +
       	authMiddleware *middleware.OAuthAuthMiddleware,

     

       21
       26
        
       ) {

     

       22
       27
        
       	// Create handlers

     

       23
       23
       -
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService)

     

       28
       28
       +
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService, voteService)

     

       24
       29
        
       

     

       25
       30
        
       	// GET /xrpc/social.coves.feed.getDiscover

     

       26
       26
       -
       	// Public endpoint - no authentication required

     

       31
       31
       +
       	// Public endpoint with optional auth for viewer-specific state (vote state)

     

       27
       32
        
       	// Shows posts from ALL communities (not personalized)

     

       28
       33
        
       	// Rate limited: 100 req/min per IP via global middleware

     

       29
       29
       -
       	r.Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       34
       34
       +
       	r.With(authMiddleware.OptionalAuth).Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       30
       35
        
       }

internal/core/communityFeeds/types.go

···

       31
       31
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       32
       32
        
       }

     

       33
       33
        
       

     

       34
       34
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       35
       35
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       36
       36
       +
       	return f.Post

     

       37
       37
       +
       }

     

       38
       38
       +
       

     

       34
       39
        
       // FeedReason is a union type for feed context

     

       35
       40
        
       // Can be reasonRepost or reasonPin

     

       36
       41
        
       type FeedReason struct {

internal/core/discover/types.go

···

       39
       39
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`

     

       40
       40
        
       }

     

       41
       41
        
       

     

       42
       42
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       43
       43
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       44
       44
       +
       	return f.Post

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       42
       47
        
       // FeedReason is a union type for feed context

     

       43
       48
        
       type FeedReason struct {

     

       44
       49
        
       	Repost    *ReasonRepost    `json:"-"`

internal/core/timeline/types.go

···

       42
       42
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       43
       43
        
       }

     

       44
       44
        
       

     

       45
       45
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       46
       46
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       47
       47
       +
       	return f.Post

     

       48
       48
       +
       }

     

       49
       49
       +
       

     

       45
       50
        
       // FeedReason is a union type for feed context

     

       46
       51
        
       // Future: Can be reasonRepost or reasonCommunity

     

       47
       52
        
       type FeedReason struct {

+193 -5

tests/integration/discover_test.go

···

       2
       2
        
       

     

       3
       3
        
       import (

     

       4
       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       5
       +
       	"Coves/internal/api/middleware"

     

       6
       6
       +
       	"Coves/internal/core/votes"

     

       5
       7
        
       	"Coves/internal/db/postgres"

     

       6
       8
        
       	"context"

     

       7
       9
        
       	"encoding/json"

     
···

       13
       15
        
       

     

       14
       16
        
       	discoverCore "Coves/internal/core/discover"

     

       15
       17
        
       

     

       18
       18
       +
       	oauthlib "github.com/bluesky-social/indigo/atproto/auth/oauth"

     

       19
       19
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       16
       20
        
       	"github.com/stretchr/testify/assert"

     

       17
       21
        
       	"github.com/stretchr/testify/require"

     

       18
       22
        
       )

     

       19
       23
        
       

     

       24
       24
       +
       // mockVoteService implements votes.Service for testing viewer vote state

     

       25
       25
       +
       type mockVoteService struct {

     

       26
       26
       +
       	cachedVotes map[string]*votes.CachedVote // userDID:subjectURI -> vote

     

       27
       27
       +
       }

     

       28
       28
       +
       

     

       29
       29
       +
       func newMockVoteService() *mockVoteService {

     

       30
       30
       +
       	return &mockVoteService{

     

       31
       31
       +
       		cachedVotes: make(map[string]*votes.CachedVote),

     

       32
       32
       +
       	}

     

       33
       33
       +
       }

     

       34
       34
       +
       

     

       35
       35
       +
       func (m *mockVoteService) AddVote(userDID, subjectURI, direction, voteURI string) {

     

       36
       36
       +
       	key := userDID + ":" + subjectURI

     

       37
       37
       +
       	m.cachedVotes[key] = &votes.CachedVote{

     

       38
       38
       +
       		Direction: direction,

     

       39
       39
       +
       		URI:       voteURI,

     

       40
       40
       +
       	}

     

       41
       41
       +
       }

     

       42
       42
       +
       

     

       43
       43
       +
       func (m *mockVoteService) CreateVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.CreateVoteRequest) (*votes.CreateVoteResponse, error) {

     

       44
       44
       +
       	return &votes.CreateVoteResponse{}, nil

     

       45
       45
       +
       }

     

       46
       46
       +
       

     

       47
       47
       +
       func (m *mockVoteService) DeleteVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.DeleteVoteRequest) error {

     

       48
       48
       +
       	return nil

     

       49
       49
       +
       }

     

       50
       50
       +
       

     

       51
       51
       +
       func (m *mockVoteService) EnsureCachePopulated(_ context.Context, _ *oauthlib.ClientSessionData) error {

     

       52
       52
       +
       	return nil // Mock always succeeds - votes pre-populated via AddVote

     

       53
       53
       +
       }

     

       54
       54
       +
       

     

       55
       55
       +
       func (m *mockVoteService) GetViewerVote(userDID, subjectURI string) *votes.CachedVote {

     

       56
       56
       +
       	key := userDID + ":" + subjectURI

     

       57
       57
       +
       	return m.cachedVotes[key]

     

       58
       58
       +
       }

     

       59
       59
       +
       

     

       60
       60
       +
       func (m *mockVoteService) GetViewerVotesForSubjects(userDID string, subjectURIs []string) map[string]*votes.CachedVote {

     

       61
       61
       +
       	result := make(map[string]*votes.CachedVote)

     

       62
       62
       +
       	for _, uri := range subjectURIs {

     

       63
       63
       +
       		key := userDID + ":" + uri

     

       64
       64
       +
       		if vote, exists := m.cachedVotes[key]; exists {

     

       65
       65
       +
       			result[uri] = vote

     

       66
       66
       +
       		}

     

       67
       67
       +
       	}

     

       68
       68
       +
       	return result

     

       69
       69
       +
       }

     

       70
       70
       +
       

     

       20
       71
        
       // TestGetDiscover_ShowsAllCommunities tests discover feed shows posts from ALL communities

     

       21
       72
        
       func TestGetDiscover_ShowsAllCommunities(t *testing.T) {

     

       22
       73
        
       	if testing.Short() {

     
···

       29
       80
        
       	// Setup services

     

       30
       81
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       31
       82
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       32
       32
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       83
       83
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       33
       84
        
       

     

       34
       85
        
       	ctx := context.Background()

     

       35
       86
        
       	testID := time.Now().UnixNano()

     
···

       100
       151
        
       	// Setup services

     

       101
       152
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       102
       153
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       103
       103
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       154
       154
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       104
       155
        
       

     

       105
       156
        
       	ctx := context.Background()

     

       106
       157
        
       	testID := time.Now().UnixNano()

     
···

       147
       198
        
       	// Setup services

     

       148
       199
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       149
       200
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       150
       150
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       201
       201
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       151
       202
        
       

     

       152
       203
        
       	ctx := context.Background()

     

       153
       204
        
       	testID := time.Now().UnixNano()

     
···

       197
       248
        
       	// Setup services

     

       198
       249
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       199
       250
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       200
       200
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       251
       251
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       201
       252
        
       

     

       202
       253
        
       	ctx := context.Background()

     

       203
       254
        
       	testID := time.Now().UnixNano()

     
···

       254
       305
        
       	// Setup services

     

       255
       306
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       256
       307
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       257
       257
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       308
       308
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       258
       309
        
       

     

       259
       310
        
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       260
       311
        
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)

     
···

       271
       322
        
       		assert.Contains(t, errorResp["message"], "limit")

     

       272
       323
        
       	})

     

       273
       324
        
       }

     

       325
       325
       +
       

     

       326
       326
       +
       // TestGetDiscover_ViewerVoteState tests that authenticated users see their vote state on posts

     

       327
       327
       +
       func TestGetDiscover_ViewerVoteState(t *testing.T) {

     

       328
       328
       +
       	if testing.Short() {

     

       329
       329
       +
       		t.Skip("Skipping integration test in short mode")

     

       330
       330
       +
       	}

     

       331
       331
       +
       

     

       332
       332
       +
       	db := setupTestDB(t)

     

       333
       333
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       334
       334
       +
       

     

       335
       335
       +
       	ctx := context.Background()

     

       336
       336
       +
       	testID := time.Now().UnixNano()

     

       337
       337
       +
       

     

       338
       338
       +
       	// Create community and posts

     

       339
       339
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("votes-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       340
       340
       +
       	require.NoError(t, err)

     

       341
       341
       +
       

     

       342
       342
       +
       	post1URI := createTestPost(t, db, communityDID, "did:plc:author1", "Post with upvote", 10, time.Now().Add(-1*time.Hour))

     

       343
       343
       +
       	post2URI := createTestPost(t, db, communityDID, "did:plc:author2", "Post with downvote", 5, time.Now().Add(-2*time.Hour))

     

       344
       344
       +
       	_ = createTestPost(t, db, communityDID, "did:plc:author3", "Post without vote", 3, time.Now().Add(-3*time.Hour))

     

       345
       345
       +
       

     

       346
       346
       +
       	// Setup mock vote service with pre-populated votes

     

       347
       347
       +
       	viewerDID := "did:plc:viewer123"

     

       348
       348
       +
       	mockVotes := newMockVoteService()

     

       349
       349
       +
       	mockVotes.AddVote(viewerDID, post1URI, "up", "at://"+viewerDID+"/social.coves.vote/vote1")

     

       350
       350
       +
       	mockVotes.AddVote(viewerDID, post2URI, "down", "at://"+viewerDID+"/social.coves.vote/vote2")

     

       351
       351
       +
       

     

       352
       352
       +
       	// Setup handler with mock vote service

     

       353
       353
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       354
       354
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       355
       355
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       356
       356
       +
       

     

       357
       357
       +
       	// Create request with authenticated user context

     

       358
       358
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       359
       359
       +
       

     

       360
       360
       +
       	// Inject OAuth session into context (simulates OptionalAuth middleware)

     

       361
       361
       +
       	did, _ := syntax.ParseDID(viewerDID)

     

       362
       362
       +
       	session := &oauthlib.ClientSessionData{

     

       363
       363
       +
       		AccountDID:  did,

     

       364
       364
       +
       		AccessToken: "test_token",

     

       365
       365
       +
       	}

     

       366
       366
       +
       	reqCtx := context.WithValue(req.Context(), middleware.UserDIDKey, viewerDID)

     

       367
       367
       +
       	reqCtx = context.WithValue(reqCtx, middleware.OAuthSessionKey, session)

     

       368
       368
       +
       	req = req.WithContext(reqCtx)

     

       369
       369
       +
       

     

       370
       370
       +
       	rec := httptest.NewRecorder()

     

       371
       371
       +
       	handler.HandleGetDiscover(rec, req)

     

       372
       372
       +
       

     

       373
       373
       +
       	// Assertions

     

       374
       374
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       375
       375
       +
       

     

       376
       376
       +
       	var response discoverCore.DiscoverResponse

     

       377
       377
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       378
       378
       +
       	require.NoError(t, err)

     

       379
       379
       +
       

     

       380
       380
       +
       	// Find our test posts and verify vote state

     

       381
       381
       +
       	var foundPost1, foundPost2, foundPost3 bool

     

       382
       382
       +
       	for _, feedPost := range response.Feed {

     

       383
       383
       +
       		switch feedPost.Post.URI {

     

       384
       384
       +
       		case post1URI:

     

       385
       385
       +
       			foundPost1 = true

     

       386
       386
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post1 should have viewer state")

     

       387
       387
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post1 should have vote direction")

     

       388
       388
       +
       			assert.Equal(t, "up", *feedPost.Post.Viewer.Vote, "Post1 should show upvote")

     

       389
       389
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post1 should have vote URI")

     

       390
       390
       +
       			assert.Contains(t, *feedPost.Post.Viewer.VoteURI, "vote1", "Post1 should have correct vote URI")

     

       391
       391
       +
       

     

       392
       392
       +
       		case post2URI:

     

       393
       393
       +
       			foundPost2 = true

     

       394
       394
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post2 should have viewer state")

     

       395
       395
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post2 should have vote direction")

     

       396
       396
       +
       			assert.Equal(t, "down", *feedPost.Post.Viewer.Vote, "Post2 should show downvote")

     

       397
       397
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post2 should have vote URI")

     

       398
       398
       +
       

     

       399
       399
       +
       		default:

     

       400
       400
       +
       			// Posts without votes should have nil Viewer or nil Vote

     

       401
       401
       +
       			if feedPost.Post.Viewer != nil && feedPost.Post.Viewer.Vote != nil {

     

       402
       402
       +
       				// This post has a vote from our viewer - it's not post3

     

       403
       403
       +
       				continue

     

       404
       404
       +
       			}

     

       405
       405
       +
       			foundPost3 = true

     

       406
       406
       +
       		}

     

       407
       407
       +
       	}

     

       408
       408
       +
       

     

       409
       409
       +
       	assert.True(t, foundPost1, "Should find post1 with upvote")

     

       410
       410
       +
       	assert.True(t, foundPost2, "Should find post2 with downvote")

     

       411
       411
       +
       	assert.True(t, foundPost3, "Should find post3 without vote")

     

       412
       412
       +
       }

     

       413
       413
       +
       

     

       414
       414
       +
       // TestGetDiscover_NoViewerStateWithoutAuth tests that unauthenticated users don't get viewer state

     

       415
       415
       +
       func TestGetDiscover_NoViewerStateWithoutAuth(t *testing.T) {

     

       416
       416
       +
       	if testing.Short() {

     

       417
       417
       +
       		t.Skip("Skipping integration test in short mode")

     

       418
       418
       +
       	}

     

       419
       419
       +
       

     

       420
       420
       +
       	db := setupTestDB(t)

     

       421
       421
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       422
       422
       +
       

     

       423
       423
       +
       	ctx := context.Background()

     

       424
       424
       +
       	testID := time.Now().UnixNano()

     

       425
       425
       +
       

     

       426
       426
       +
       	// Create community and post

     

       427
       427
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("noauth-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       428
       428
       +
       	require.NoError(t, err)

     

       429
       429
       +
       

     

       430
       430
       +
       	postURI := createTestPost(t, db, communityDID, "did:plc:author", "Some post", 10, time.Now())

     

       431
       431
       +
       

     

       432
       432
       +
       	// Setup mock vote service with a vote (but request will be unauthenticated)

     

       433
       433
       +
       	mockVotes := newMockVoteService()

     

       434
       434
       +
       	mockVotes.AddVote("did:plc:someuser", postURI, "up", "at://did:plc:someuser/social.coves.vote/vote1")

     

       435
       435
       +
       

     

       436
       436
       +
       	// Setup handler with mock vote service

     

       437
       437
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       438
       438
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       439
       439
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       440
       440
       +
       

     

       441
       441
       +
       	// Create request WITHOUT auth context

     

       442
       442
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       443
       443
       +
       	rec := httptest.NewRecorder()

     

       444
       444
       +
       	handler.HandleGetDiscover(rec, req)

     

       445
       445
       +
       

     

       446
       446
       +
       	// Should succeed

     

       447
       447
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       448
       448
       +
       

     

       449
       449
       +
       	var response discoverCore.DiscoverResponse

     

       450
       450
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       451
       451
       +
       	require.NoError(t, err)

     

       452
       452
       +
       

     

       453
       453
       +
       	// Find our post and verify NO viewer state (unauthenticated)

     

       454
       454
       +
       	for _, feedPost := range response.Feed {

     

       455
       455
       +
       		if feedPost.Post.URI == postURI {

     

       456
       456
       +
       			assert.Nil(t, feedPost.Post.Viewer, "Unauthenticated request should not have viewer state")

     

       457
       457
       +
       			return

     

       458
       458
       +
       		}

     

       459
       459
       +
       	}

     

       460
       460
       +
       	t.Fatal("Test post not found in response")

     

       461
       461
       +
       }

+11 -11

tests/integration/feed_test.go

···

       37
       37
        
       		nil,

     

       38
       38
        
       	)

     

       39
       39
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       40
       40
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       40
       40
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       41
       41
        
       

     

       42
       42
        
       	// Setup test data: community, users, and posts

     

       43
       43
        
       	ctx := context.Background()

     
···

       114
       114
        
       		nil,

     

       115
       115
        
       	)

     

       116
       116
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       117
       117
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       117
       117
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       118
       118
        
       

     

       119
       119
        
       	// Setup test data

     

       120
       120
        
       	ctx := context.Background()

     
···

       190
       190
        
       		nil,

     

       191
       191
        
       	)

     

       192
       192
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       193
       193
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       193
       193
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       194
       194
        
       

     

       195
       195
        
       	// Setup test data

     

       196
       196
        
       	ctx := context.Background()

     
···

       246
       246
        
       		nil,

     

       247
       247
        
       	)

     

       248
       248
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       249
       249
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       249
       249
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       250
       250
        
       

     

       251
       251
        
       	// Setup test data with many posts

     

       252
       252
        
       	ctx := context.Background()

     
···

       337
       337
        
       		nil,

     

       338
       338
        
       	)

     

       339
       339
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       340
       340
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       340
       340
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       341
       341
        
       

     

       342
       342
        
       	// Request feed for non-existent community

     

       343
       343
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.communityFeed.getCommunity?community=did:plc:nonexistent&sort=hot&limit=10", nil)

     
···

       373
       373
        
       		nil,

     

       374
       374
        
       	)

     

       375
       375
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       376
       376
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       376
       376
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       377
       377
        
       

     

       378
       378
        
       	// Setup test community

     

       379
       379
        
       	ctx := context.Background()

     
···

       429
       429
        
       		nil,

     

       430
       430
        
       	)

     

       431
       431
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       432
       432
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       432
       432
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       433
       433
        
       

     

       434
       434
        
       	// Create community with no posts

     

       435
       435
        
       	ctx := context.Background()

     
···

       473
       473
        
       		nil,

     

       474
       474
        
       	)

     

       475
       475
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       476
       476
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       476
       476
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       477
       477
        
       

     

       478
       478
        
       	// Setup test community

     

       479
       479
        
       	ctx := context.Background()

     
···

       526
       526
        
       		nil,

     

       527
       527
        
       	)

     

       528
       528
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       529
       529
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       529
       529
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       530
       530
        
       

     

       531
       531
        
       	// Setup test data

     

       532
       532
        
       	ctx := context.Background()

     
···

       627
       627
        
       		nil,

     

       628
       628
        
       	)

     

       629
       629
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       630
       630
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       630
       630
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       631
       631
        
       

     

       632
       632
        
       	// Setup test data

     

       633
       633
        
       	ctx := context.Background()

     
···

       720
       720
        
       		nil,

     

       721
       721
        
       	)

     

       722
       722
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       723
       723
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       723
       723
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       724
       724
        
       

     

       725
       725
        
       	// Setup test data

     

       726
       726
        
       	ctx := context.Background()

+7 -7

tests/integration/timeline_test.go

···

       30
       30
        
       	// Setup services

     

       31
       31
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       32
       32
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       33
       33
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       33
       33
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       34
       34
        
       

     

       35
       35
        
       	ctx := context.Background()

     

       36
       36
        
       	testID := time.Now().UnixNano()

     
···

       119
       119
        
       	// Setup services

     

       120
       120
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       121
       121
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       122
       122
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       122
       122
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       123
       123
        
       

     

       124
       124
        
       	ctx := context.Background()

     

       125
       125
        
       	testID := time.Now().UnixNano()

     
···

       190
       190
        
       	// Setup services

     

       191
       191
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       192
       192
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       193
       193
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       193
       193
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       194
       194
        
       

     

       195
       195
        
       	ctx := context.Background()

     

       196
       196
        
       	testID := time.Now().UnixNano()

     
···

       266
       266
        
       	// Setup services

     

       267
       267
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       268
       268
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       269
       269
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       269
       269
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       270
       270
        
       

     

       271
       271
        
       	ctx := context.Background()

     

       272
       272
        
       	testID := time.Now().UnixNano()

     
···

       308
       308
        
       	// Setup services

     

       309
       309
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       310
       310
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       311
       311
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       311
       311
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       312
       312
        
       

     

       313
       313
        
       	// Request timeline WITHOUT auth context

     

       314
       314
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     
···

       337
       337
        
       	// Setup services

     

       338
       338
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       339
       339
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       340
       340
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       340
       340
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       341
       341
        
       

     

       342
       342
        
       	ctx := context.Background()

     

       343
       343
        
       	testID := time.Now().UnixNano()

     
···

       388
       388
        
       	// Setup services

     

       389
       389
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       390
       390
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       391
       391
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       391
       391
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       392
       392
        
       

     

       393
       393
        
       	ctx := context.Background()

     

       394
       394
        
       	testID := time.Now().UnixNano()

+1 -1

tests/integration/user_journey_e2e_test.go

···

       143
       143
        
       	r := chi.NewRouter()

     

       144
       144
        
       	routes.RegisterCommunityRoutes(r, communityService, e2eAuth.OAuthAuthMiddleware, nil) // nil = allow all community creators

     

       145
       145
        
       	routes.RegisterPostRoutes(r, postService, e2eAuth.OAuthAuthMiddleware)

     

       146
       146
       -
       	routes.RegisterTimelineRoutes(r, timelineService, e2eAuth.OAuthAuthMiddleware)

     

       146
       146
       +
       	routes.RegisterTimelineRoutes(r, timelineService, nil, e2eAuth.OAuthAuthMiddleware)

     

       147
       147
        
       	httpServer := httptest.NewServer(r)

     

       148
       148
        
       	defer httpServer.Close()

     

       149
       149

Compare changes