comparing 5538e4765074af62c2e656184e30341a1d8d4c71 and main on bretton.dev/coves

internal/core/comments/comment.go

···

       4
        
       	"time"

     

       5
        
       )

     

       6
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       7
        
       // Comment represents a comment in the AppView database

     

       8
        
       // Comments are indexed from the firehose after being written to user repositories

     

       9
        
       type Comment struct {

     
···

       11
        
       	CreatedAt       time.Time  `json:"createdAt" db:"created_at"`

     

       12
        
       	ContentFacets   *string    `json:"contentFacets,omitempty" db:"content_facets"`

     

       13
        
       	DeletedAt       *time.Time `json:"deletedAt,omitempty" db:"deleted_at"`

     

       0
        
       
     

       0
        
       
     

       14
        
       	ContentLabels   *string    `json:"labels,omitempty" db:"content_labels"`

     

       15
        
       	Embed           *string    `json:"embed,omitempty" db:"embed"`

     

       16
        
       	CommenterHandle string     `json:"commenterHandle,omitempty" db:"-"`

···

       4
        
       	"time"

     

       5
        
       )

     

       6
        
       

     

       7
       +
       // Deletion reason constants

     

       8
       +
       const (

     

       9
       +
       	DeletionReasonAuthor    = "author"    // User deleted their own comment

     

       10
       +
       	DeletionReasonModerator = "moderator" // Community moderator removed the comment

     

       11
       +
       )

     

       12
       +
       

     

       13
        
       // Comment represents a comment in the AppView database

     

       14
        
       // Comments are indexed from the firehose after being written to user repositories

     

       15
        
       type Comment struct {

     
···

       17
        
       	CreatedAt       time.Time  `json:"createdAt" db:"created_at"`

     

       18
        
       	ContentFacets   *string    `json:"contentFacets,omitempty" db:"content_facets"`

     

       19
        
       	DeletedAt       *time.Time `json:"deletedAt,omitempty" db:"deleted_at"`

     

       20
       +
       	DeletionReason  *string    `json:"deletionReason,omitempty" db:"deletion_reason"`

     

       21
       +
       	DeletedBy       *string    `json:"deletedBy,omitempty" db:"deleted_by"`

     

       22
        
       	ContentLabels   *string    `json:"labels,omitempty" db:"content_labels"`

     

       23
        
       	Embed           *string    `json:"embed,omitempty" db:"embed"`

     

       24
        
       	CommenterHandle string     `json:"commenterHandle,omitempty" db:"-"`

+17 -13

internal/core/comments/view_models.go

···

       7
        
       // CommentView represents the full view of a comment with all metadata

     

       8
        
       // Matches social.coves.community.comment.getComments#commentView lexicon

     

       9
        
       // Used in thread views and get endpoints

     

       0
        
       
     

       10
        
       type CommentView struct {

     

       11
       -
       	Embed         interface{}         `json:"embed,omitempty"`

     

       12
       -
       	Record        interface{}         `json:"record"`

     

       13
       -
       	Viewer        *CommentViewerState `json:"viewer,omitempty"`

     

       14
       -
       	Author        *posts.AuthorView   `json:"author"`

     

       15
       -
       	Post          *CommentRef         `json:"post"`

     

       16
       -
       	Parent        *CommentRef         `json:"parent,omitempty"`

     

       17
       -
       	Stats         *CommentStats       `json:"stats"`

     

       18
       -
       	Content       string              `json:"content"`

     

       19
       -
       	CreatedAt     string              `json:"createdAt"`

     

       20
       -
       	IndexedAt     string              `json:"indexedAt"`

     

       21
       -
       	URI           string              `json:"uri"`

     

       22
       -
       	CID           string              `json:"cid"`

     

       23
       -
       	ContentFacets []interface{}       `json:"contentFacets,omitempty"`

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       24
        
       }

     

       25
        
       

     

       26
        
       // ThreadViewComment represents a comment with its nested replies

···

       7
        
       // CommentView represents the full view of a comment with all metadata

     

       8
        
       // Matches social.coves.community.comment.getComments#commentView lexicon

     

       9
        
       // Used in thread views and get endpoints

     

       10
       +
       // For deleted comments, IsDeleted=true and content-related fields are empty/nil

     

       11
        
       type CommentView struct {

     

       12
       +
       	Embed          interface{}         `json:"embed,omitempty"`

     

       13
       +
       	Record         interface{}         `json:"record"`

     

       14
       +
       	Viewer         *CommentViewerState `json:"viewer,omitempty"`

     

       15
       +
       	Author         *posts.AuthorView   `json:"author"`

     

       16
       +
       	Post           *CommentRef         `json:"post"`

     

       17
       +
       	Parent         *CommentRef         `json:"parent,omitempty"`

     

       18
       +
       	Stats          *CommentStats       `json:"stats"`

     

       19
       +
       	Content        string              `json:"content"`

     

       20
       +
       	CreatedAt      string              `json:"createdAt"`

     

       21
       +
       	IndexedAt      string              `json:"indexedAt"`

     

       22
       +
       	URI            string              `json:"uri"`

     

       23
       +
       	CID            string              `json:"cid"`

     

       24
       +
       	ContentFacets  []interface{}       `json:"contentFacets,omitempty"`

     

       25
       +
       	IsDeleted      bool                `json:"isDeleted,omitempty"`

     

       26
       +
       	DeletionReason *string             `json:"deletionReason,omitempty"`

     

       27
       +
       	DeletedAt      *string             `json:"deletedAt,omitempty"`

     

       28
        
       }

     

       29
        
       

     

       30
        
       // ThreadViewComment represents a comment with its nested replies

+23 -1

internal/core/comments/interfaces.go

···

       1
        
       package comments

     

       2
        
       

     

       3
       -
       import "context"

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       4
        
       

     

       5
        
       // Repository defines the data access interface for comments

     

       6
        
       // Used by Jetstream consumer to index comments from firehose

     
···

       25
        
       

     

       26
        
       	// Delete soft-deletes a comment (sets deleted_at)

     

       27
        
       	// Called by Jetstream consumer after comment is deleted from PDS

     

       0
        
       
     

       28
        
       	Delete(ctx context.Context, uri string) error

     

       29
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       30
        
       	// ListByRoot retrieves all comments in a thread (flat)

     

       31
        
       	// Used for fetching entire comment threads on posts

     

       32
        
       	ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*Comment, error)

     
···

       76
        
       		limitPerParent int,

     

       77
        
       	) (map[string][]*Comment, error)

     

       78
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
        
       package comments

     

       2
        
       

     

       3
       +
       import (

     

       4
       +
       	"context"

     

       5
       +
       	"database/sql"

     

       6
       +
       )

     

       7
        
       

     

       8
        
       // Repository defines the data access interface for comments

     

       9
        
       // Used by Jetstream consumer to index comments from firehose

     
···

       28
        
       

     

       29
        
       	// Delete soft-deletes a comment (sets deleted_at)

     

       30
        
       	// Called by Jetstream consumer after comment is deleted from PDS

     

       31
       +
       	// Deprecated: Use SoftDeleteWithReason for new code to preserve thread structure

     

       32
        
       	Delete(ctx context.Context, uri string) error

     

       33
        
       

     

       34
       +
       	// SoftDeleteWithReason performs a soft delete that blanks content but preserves thread structure

     

       35
       +
       	// This allows deleted comments to appear as "[deleted]" placeholders in thread views

     

       36
       +
       	// reason: "author" (user deleted) or "moderator" (mod removed)

     

       37
       +
       	// deletedByDID: DID of the actor who performed the deletion

     

       38
       +
       	SoftDeleteWithReason(ctx context.Context, uri, reason, deletedByDID string) error

     

       39
       +
       

     

       40
        
       	// ListByRoot retrieves all comments in a thread (flat)

     

       41
        
       	// Used for fetching entire comment threads on posts

     

       42
        
       	ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*Comment, error)

     
···

       86
        
       		limitPerParent int,

     

       87
        
       	) (map[string][]*Comment, error)

     

       88
        
       }

     

       89
       +
       

     

       90
       +
       // RepositoryTx provides transaction-aware operations for consumers that need atomicity

     

       91
       +
       // Used by Jetstream consumer to perform atomic delete + count updates

     

       92
       +
       // Implementations that support transactions should also implement this interface

     

       93
       +
       type RepositoryTx interface {

     

       94
       +
       	// SoftDeleteWithReasonTx performs a soft delete within a transaction

     

       95
       +
       	// If tx is nil, executes directly against the database

     

       96
       +
       	// Returns rows affected count for callers that need to check idempotency

     

       97
       +
       	// reason: must be DeletionReasonAuthor or DeletionReasonModerator

     

       98
       +
       	// deletedByDID: DID of the actor who performed the deletion

     

       99
       +
       	SoftDeleteWithReasonTx(ctx context.Context, tx *sql.Tx, uri, reason, deletedByDID string) (int64, error)

     

       100
       +
       }

+87 -27

internal/db/postgres/comment_repo.go

···

       120
        
       			id, uri, cid, rkey, commenter_did,

     

       121
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       122
        
       			content, content_facets, embed, content_labels, langs,

     

       123
       -
       			created_at, indexed_at, deleted_at,

     

       124
        
       			upvote_count, downvote_count, score, reply_count

     

       125
        
       		FROM comments

     

       126
        
       		WHERE uri = $1

     
···

       133
        
       		&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       134
        
       		&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       135
        
       		&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       136
       -
       		&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       137
        
       		&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       138
        
       	)

     

       139
        
       

     
···

       152
        
       // Delete soft-deletes a comment (sets deleted_at)

     

       153
        
       // Called by Jetstream consumer after comment is deleted from PDS

     

       154
        
       // Idempotent: Returns success if comment already deleted

     

       0
        
       
     

       155
        
       func (r *postgresCommentRepo) Delete(ctx context.Context, uri string) error {

     

       156
        
       	query := `

     

       157
        
       		UPDATE comments

     
···

       177
        
       	return nil

     

       178
        
       }

     

       179
        
       

     

       180
       -
       // ListByRoot retrieves all active comments in a thread (flat)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       181
        
       // Used for fetching entire comment threads on posts

     

       0
        
       
     

       182
        
       func (r *postgresCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*comments.Comment, error) {

     

       183
        
       	query := `

     

       184
        
       		SELECT

     

       185
        
       			id, uri, cid, rkey, commenter_did,

     

       186
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       187
        
       			content, content_facets, embed, content_labels, langs,

     

       188
       -
       			created_at, indexed_at, deleted_at,

     

       189
        
       			upvote_count, downvote_count, score, reply_count

     

       190
        
       		FROM comments

     

       191
       -
       		WHERE root_uri = $1 AND deleted_at IS NULL

     

       192
        
       		ORDER BY created_at ASC

     

       193
        
       		LIMIT $2 OFFSET $3

     

       194
        
       	`

     
···

       212
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       213
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       214
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       215
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       216
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       217
        
       		)

     

       218
        
       		if err != nil {

     
···

       230
        
       	return result, nil

     

       231
        
       }

     

       232
        
       

     

       233
       -
       // ListByParent retrieves direct replies to a post or comment

     

       234
        
       // Used for building nested/threaded comment views

     

       0
        
       
     

       235
        
       func (r *postgresCommentRepo) ListByParent(ctx context.Context, parentURI string, limit, offset int) ([]*comments.Comment, error) {

     

       236
        
       	query := `

     

       237
        
       		SELECT

     

       238
        
       			id, uri, cid, rkey, commenter_did,

     

       239
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       240
        
       			content, content_facets, embed, content_labels, langs,

     

       241
       -
       			created_at, indexed_at, deleted_at,

     

       242
        
       			upvote_count, downvote_count, score, reply_count

     

       243
        
       		FROM comments

     

       244
       -
       		WHERE parent_uri = $1 AND deleted_at IS NULL

     

       245
        
       		ORDER BY created_at ASC

     

       246
        
       		LIMIT $2 OFFSET $3

     

       247
        
       	`

     
···

       265
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       266
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       267
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       268
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       269
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       270
        
       		)

     

       271
        
       		if err != nil {

     
···

       302
        
       }

     

       303
        
       

     

       304
        
       // ListByCommenter retrieves all active comments by a specific user

     

       305
       -
       // Future: Used for user comment history

     

       306
        
       func (r *postgresCommentRepo) ListByCommenter(ctx context.Context, commenterDID string, limit, offset int) ([]*comments.Comment, error) {

     

       307
        
       	query := `

     

       308
        
       		SELECT

     

       309
        
       			id, uri, cid, rkey, commenter_did,

     

       310
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       311
        
       			content, content_facets, embed, content_labels, langs,

     

       312
       -
       			created_at, indexed_at, deleted_at,

     

       313
        
       			upvote_count, downvote_count, score, reply_count

     

       314
        
       		FROM comments

     

       315
        
       		WHERE commenter_did = $1 AND deleted_at IS NULL

     
···

       336
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       337
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       338
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       339
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       340
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       341
        
       		)

     

       342
        
       		if err != nil {

     
···

       391
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       392
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       393
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       394
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       395
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       396
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       397
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       402
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       403
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       404
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       405
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       406
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       407
        
       			NULL::numeric as hot_rank,

     

       408
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       411
        
       

     

       412
        
       	// Build complete query with JOINs and filters

     

       413
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       0
        
       
     

       414
        
       	query := fmt.Sprintf(`

     

       415
        
       		%s

     

       416
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       417
       -
       		WHERE c.parent_uri = $1 AND c.deleted_at IS NULL

     

       418
        
       			%s

     

       419
        
       			%s

     

       420
        
       		ORDER BY %s

     
···

       449
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       450
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       451
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       452
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       453
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       454
        
       			&hotRank, &authorHandle,

     

       455
        
       		)

     
···

       687
        
       

     

       688
        
       // GetByURIsBatch retrieves multiple comments by their AT-URIs in a single query

     

       689
        
       // Returns map[uri]*Comment for efficient lookups without N+1 queries

     

       0
        
       
     

       690
        
       func (r *postgresCommentRepo) GetByURIsBatch(ctx context.Context, uris []string) (map[string]*comments.Comment, error) {

     

       691
        
       	if len(uris) == 0 {

     

       692
        
       		return make(map[string]*comments.Comment), nil

     
···

       694
        
       

     

       695
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       696
        
       	// COALESCE falls back to DID when handle is NULL (user not yet in users table)

     

       0
        
       
     

       697
        
       	query := `

     

       698
        
       		SELECT

     

       699
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       700
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       701
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       702
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       703
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       704
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     

       705
        
       		FROM comments c

     

       706
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       707
       -
       		WHERE c.uri = ANY($1) AND c.deleted_at IS NULL

     

       708
        
       	`

     

       709
        
       

     

       710
        
       	rows, err := r.db.QueryContext(ctx, query, pq.Array(uris))

     
···

       727
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       728
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       729
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       730
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       731
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       732
        
       			&authorHandle,

     

       733
        
       		)

     
···

       769
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       770
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       771
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       772
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       773
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       774
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       775
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       780
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       781
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       782
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       783
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       784
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       785
        
       			NULL::numeric as hot_rank,

     

       786
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       790
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       791
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       792
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       793
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       794
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       795
        
       			NULL::numeric as hot_rank,

     

       796
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       801
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       802
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       803
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       804
       -
       			c.created_at, c.indexed_at, c.deleted_at,

     

       805
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       806
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       807
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       812
        
       	// Use window function to limit results per parent

     

       813
        
       	// This is more efficient than LIMIT in a subquery per parent

     

       814
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       0
        
       
     

       815
        
       	query := fmt.Sprintf(`

     

       816
        
       		WITH ranked_comments AS (

     

       817
        
       			SELECT

     
···

       822
        
       				) as rn

     

       823
        
       			FROM comments c

     

       824
        
       			LEFT JOIN users u ON c.commenter_did = u.did

     

       825
       -
       			WHERE c.parent_uri = ANY($1) AND c.deleted_at IS NULL

     

       826
        
       		)

     

       827
        
       		SELECT

     

       828
        
       			id, uri, cid, rkey, commenter_did,

     

       829
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       830
        
       			content, content_facets, embed, content_labels, langs,

     

       831
       -
       			created_at, indexed_at, deleted_at,

     

       832
        
       			upvote_count, downvote_count, score, reply_count,

     

       833
        
       			hot_rank, author_handle

     

       834
        
       		FROM ranked_comments

     
···

       858
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       859
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       860
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       861
       -
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt,

     

       862
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       863
        
       			&hotRank, &authorHandle,

     

       864
        
       		)

···

       120
        
       			id, uri, cid, rkey, commenter_did,

     

       121
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       122
        
       			content, content_facets, embed, content_labels, langs,

     

       123
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       124
        
       			upvote_count, downvote_count, score, reply_count

     

       125
        
       		FROM comments

     

       126
        
       		WHERE uri = $1

     
···

       133
        
       		&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       134
        
       		&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       135
        
       		&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       136
       +
       		&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       137
        
       		&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       138
        
       	)

     

       139
        
       

     
···

       152
        
       // Delete soft-deletes a comment (sets deleted_at)

     

       153
        
       // Called by Jetstream consumer after comment is deleted from PDS

     

       154
        
       // Idempotent: Returns success if comment already deleted

     

       155
       +
       // Deprecated: Use SoftDeleteWithReason for new code to preserve thread structure

     

       156
        
       func (r *postgresCommentRepo) Delete(ctx context.Context, uri string) error {

     

       157
        
       	query := `

     

       158
        
       		UPDATE comments

     
···

       178
        
       	return nil

     

       179
        
       }

     

       180
        
       

     

       181
       +
       // SoftDeleteWithReason performs a soft delete that blanks content but preserves thread structure

     

       182
       +
       // This allows deleted comments to appear as "[deleted]" placeholders in thread views

     

       183
       +
       // Idempotent: Returns success if comment already deleted

     

       184
       +
       // Validates that reason is a known deletion reason constant

     

       185
       +
       func (r *postgresCommentRepo) SoftDeleteWithReason(ctx context.Context, uri, reason, deletedByDID string) error {

     

       186
       +
       	// Validate deletion reason

     

       187
       +
       	if reason != comments.DeletionReasonAuthor && reason != comments.DeletionReasonModerator {

     

       188
       +
       		return fmt.Errorf("invalid deletion reason: %s", reason)

     

       189
       +
       	}

     

       190
       +
       

     

       191
       +
       	_, err := r.SoftDeleteWithReasonTx(ctx, nil, uri, reason, deletedByDID)

     

       192
       +
       	return err

     

       193
       +
       }

     

       194
       +
       

     

       195
       +
       // SoftDeleteWithReasonTx performs a soft delete within an optional transaction

     

       196
       +
       // If tx is nil, executes directly against the database

     

       197
       +
       // Returns rows affected count for callers that need to check idempotency

     

       198
       +
       // This method is used by both the repository and the Jetstream consumer

     

       199
       +
       func (r *postgresCommentRepo) SoftDeleteWithReasonTx(ctx context.Context, tx *sql.Tx, uri, reason, deletedByDID string) (int64, error) {

     

       200
       +
       	query := `

     

       201
       +
       		UPDATE comments

     

       202
       +
       		SET

     

       203
       +
       			content = '',

     

       204
       +
       			content_facets = NULL,

     

       205
       +
       			embed = NULL,

     

       206
       +
       			content_labels = NULL,

     

       207
       +
       			deleted_at = NOW(),

     

       208
       +
       			deletion_reason = $2,

     

       209
       +
       			deleted_by = $3

     

       210
       +
       		WHERE uri = $1 AND deleted_at IS NULL

     

       211
       +
       	`

     

       212
       +
       

     

       213
       +
       	var result sql.Result

     

       214
       +
       	var err error

     

       215
       +
       

     

       216
       +
       	if tx != nil {

     

       217
       +
       		result, err = tx.ExecContext(ctx, query, uri, reason, deletedByDID)

     

       218
       +
       	} else {

     

       219
       +
       		result, err = r.db.ExecContext(ctx, query, uri, reason, deletedByDID)

     

       220
       +
       	}

     

       221
       +
       

     

       222
       +
       	if err != nil {

     

       223
       +
       		return 0, fmt.Errorf("failed to soft delete comment: %w", err)

     

       224
       +
       	}

     

       225
       +
       

     

       226
       +
       	rowsAffected, err := result.RowsAffected()

     

       227
       +
       	if err != nil {

     

       228
       +
       		return 0, fmt.Errorf("failed to check delete result: %w", err)

     

       229
       +
       	}

     

       230
       +
       

     

       231
       +
       	return rowsAffected, nil

     

       232
       +
       }

     

       233
       +
       

     

       234
       +
       // ListByRoot retrieves all comments in a thread (flat), including deleted ones

     

       235
        
       // Used for fetching entire comment threads on posts

     

       236
       +
       // Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       237
        
       func (r *postgresCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*comments.Comment, error) {

     

       238
        
       	query := `

     

       239
        
       		SELECT

     

       240
        
       			id, uri, cid, rkey, commenter_did,

     

       241
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       242
        
       			content, content_facets, embed, content_labels, langs,

     

       243
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       244
        
       			upvote_count, downvote_count, score, reply_count

     

       245
        
       		FROM comments

     

       246
       +
       		WHERE root_uri = $1

     

       247
        
       		ORDER BY created_at ASC

     

       248
        
       		LIMIT $2 OFFSET $3

     

       249
        
       	`

     
···

       267
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       268
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       269
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       270
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       271
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       272
        
       		)

     

       273
        
       		if err != nil {

     
···

       285
        
       	return result, nil

     

       286
        
       }

     

       287
        
       

     

       288
       +
       // ListByParent retrieves direct replies to a post or comment, including deleted ones

     

       289
        
       // Used for building nested/threaded comment views

     

       290
       +
       // Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       291
        
       func (r *postgresCommentRepo) ListByParent(ctx context.Context, parentURI string, limit, offset int) ([]*comments.Comment, error) {

     

       292
        
       	query := `

     

       293
        
       		SELECT

     

       294
        
       			id, uri, cid, rkey, commenter_did,

     

       295
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       296
        
       			content, content_facets, embed, content_labels, langs,

     

       297
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       298
        
       			upvote_count, downvote_count, score, reply_count

     

       299
        
       		FROM comments

     

       300
       +
       		WHERE parent_uri = $1

     

       301
        
       		ORDER BY created_at ASC

     

       302
        
       		LIMIT $2 OFFSET $3

     

       303
        
       	`

     
···

       321
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       322
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       323
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       324
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       325
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       326
        
       		)

     

       327
        
       		if err != nil {

     
···

       358
        
       }

     

       359
        
       

     

       360
        
       // ListByCommenter retrieves all active comments by a specific user

     

       361
       +
       // Used for user comment history - filters out deleted comments

     

       362
        
       func (r *postgresCommentRepo) ListByCommenter(ctx context.Context, commenterDID string, limit, offset int) ([]*comments.Comment, error) {

     

       363
        
       	query := `

     

       364
        
       		SELECT

     

       365
        
       			id, uri, cid, rkey, commenter_did,

     

       366
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       367
        
       			content, content_facets, embed, content_labels, langs,

     

       368
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       369
        
       			upvote_count, downvote_count, score, reply_count

     

       370
        
       		FROM comments

     

       371
        
       		WHERE commenter_did = $1 AND deleted_at IS NULL

     
···

       392
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       393
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       394
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       395
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       396
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       397
        
       		)

     

       398
        
       		if err != nil {

     
···

       447
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       448
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       449
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       450
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       451
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       452
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       453
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       458
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       459
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       460
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       461
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       462
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       463
        
       			NULL::numeric as hot_rank,

     

       464
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     
···

       467
        
       

     

       468
        
       	// Build complete query with JOINs and filters

     

       469
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       470
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       471
        
       	query := fmt.Sprintf(`

     

       472
        
       		%s

     

       473
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       474
       +
       		WHERE c.parent_uri = $1

     

       475
        
       			%s

     

       476
        
       			%s

     

       477
        
       		ORDER BY %s

     
···

       506
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       507
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       508
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       509
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       510
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       511
        
       			&hotRank, &authorHandle,

     

       512
        
       		)

     
···

       744
        
       

     

       745
        
       // GetByURIsBatch retrieves multiple comments by their AT-URIs in a single query

     

       746
        
       // Returns map[uri]*Comment for efficient lookups without N+1 queries

     

       747
       +
       // Includes deleted comments to preserve thread structure

     

       748
        
       func (r *postgresCommentRepo) GetByURIsBatch(ctx context.Context, uris []string) (map[string]*comments.Comment, error) {

     

       749
        
       	if len(uris) == 0 {

     

       750
        
       		return make(map[string]*comments.Comment), nil

     
···

       752
        
       

     

       753
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       754
        
       	// COALESCE falls back to DID when handle is NULL (user not yet in users table)

     

       755
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       756
        
       	query := `

     

       757
        
       		SELECT

     

       758
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       759
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       760
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       761
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       762
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       763
        
       			COALESCE(u.handle, c.commenter_did) as author_handle

     

       764
        
       		FROM comments c

     

       765
        
       		LEFT JOIN users u ON c.commenter_did = u.did

     

       766
       +
       		WHERE c.uri = ANY($1)

     

       767
        
       	`

     

       768
        
       

     

       769
        
       	rows, err := r.db.QueryContext(ctx, query, pq.Array(uris))

     
···

       786
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       787
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       788
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       789
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       790
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       791
        
       			&authorHandle,

     

       792
        
       		)

     
···

       828
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       829
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       830
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       831
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       832
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       833
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       834
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       839
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       840
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       841
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       842
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       843
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       844
        
       			NULL::numeric as hot_rank,

     

       845
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       849
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       850
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       851
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       852
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       853
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       854
        
       			NULL::numeric as hot_rank,

     

       855
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       860
        
       			c.id, c.uri, c.cid, c.rkey, c.commenter_did,

     

       861
        
       			c.root_uri, c.root_cid, c.parent_uri, c.parent_cid,

     

       862
        
       			c.content, c.content_facets, c.embed, c.content_labels, c.langs,

     

       863
       +
       			c.created_at, c.indexed_at, c.deleted_at, c.deletion_reason, c.deleted_by,

     

       864
        
       			c.upvote_count, c.downvote_count, c.score, c.reply_count,

     

       865
        
       			log(greatest(2, c.score + 2)) / power(((EXTRACT(EPOCH FROM (NOW() - c.created_at)) / 3600) + 2), 1.8) as hot_rank,

     

       866
        
       			COALESCE(u.handle, c.commenter_did) as author_handle`

     
···

       871
        
       	// Use window function to limit results per parent

     

       872
        
       	// This is more efficient than LIMIT in a subquery per parent

     

       873
        
       	// LEFT JOIN prevents data loss when user record hasn't been indexed yet (out-of-order Jetstream events)

     

       874
       +
       	// Includes deleted comments to preserve thread structure (shown as "[deleted]" placeholders)

     

       875
        
       	query := fmt.Sprintf(`

     

       876
        
       		WITH ranked_comments AS (

     

       877
        
       			SELECT

     
···

       882
        
       				) as rn

     

       883
        
       			FROM comments c

     

       884
        
       			LEFT JOIN users u ON c.commenter_did = u.did

     

       885
       +
       			WHERE c.parent_uri = ANY($1)

     

       886
        
       		)

     

       887
        
       		SELECT

     

       888
        
       			id, uri, cid, rkey, commenter_did,

     

       889
        
       			root_uri, root_cid, parent_uri, parent_cid,

     

       890
        
       			content, content_facets, embed, content_labels, langs,

     

       891
       +
       			created_at, indexed_at, deleted_at, deletion_reason, deleted_by,

     

       892
        
       			upvote_count, downvote_count, score, reply_count,

     

       893
        
       			hot_rank, author_handle

     

       894
        
       		FROM ranked_comments

     
···

       918
        
       			&comment.ID, &comment.URI, &comment.CID, &comment.RKey, &comment.CommenterDID,

     

       919
        
       			&comment.RootURI, &comment.RootCID, &comment.ParentURI, &comment.ParentCID,

     

       920
        
       			&comment.Content, &comment.ContentFacets, &comment.Embed, &comment.ContentLabels, &langs,

     

       921
       +
       			&comment.CreatedAt, &comment.IndexedAt, &comment.DeletedAt, &comment.DeletionReason, &comment.DeletedBy,

     

       922
        
       			&comment.UpvoteCount, &comment.DownvoteCount, &comment.Score, &comment.ReplyCount,

     

       923
        
       			&hotRank, &authorHandle,

     

       924
        
       		)

+44 -4

internal/core/comments/comment_service_test.go

···

       5
        
       	"Coves/internal/core/posts"

     

       6
        
       	"Coves/internal/core/users"

     

       7
        
       	"context"

     

       0
        
       
     

       8
        
       	"errors"

     

       9
        
       	"testing"

     

       10
        
       	"time"

     
···

       53
        
       	return nil

     

       54
        
       }

     

       55
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       56
        
       func (m *mockCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*Comment, error) {

     

       57
        
       	return nil, nil

     

       58
        
       }

     
···

       831
        
       	assert.Len(t, result, 0)

     

       832
        
       }

     

       833
        
       

     

       834
       -
       func TestCommentService_buildThreadViews_SkipsDeletedComments(t *testing.T) {

     

       835
        
       	// Setup

     

       836
        
       	commentRepo := newMockCommentRepo()

     

       837
        
       	userRepo := newMockUserRepo()

     
···

       840
        
       

     

       841
        
       	postURI := "at://did:plc:post123/app.bsky.feed.post/test"

     

       842
        
       	deletedAt := time.Now()

     

       0
        
       
     

       843
        
       

     

       844
        
       	// Create a deleted comment

     

       845
        
       	deletedComment := createTestComment("at://did:plc:commenter123/comment/1", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     

       846
        
       	deletedComment.DeletedAt = &deletedAt

     

       0
        
       
     

       0
        
       
     

       847
        
       

     

       848
        
       	// Create a normal comment

     

       849
        
       	normalComment := createTestComment("at://did:plc:commenter123/comment/2", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     
···

       853
        
       	// Execute

     

       854
        
       	result := service.buildThreadViews(context.Background(), []*Comment{deletedComment, normalComment}, 10, "hot", nil)

     

       855
        
       

     

       856
       -
       	// Verify - should only include non-deleted comment

     

       857
       -
       	assert.Len(t, result, 1)

     

       858
       -
       	assert.Equal(t, normalComment.URI, result[0].Comment.URI)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       859
        
       }

     

       860
        
       

     

       861
        
       func TestCommentService_buildThreadViews_WithNestedReplies(t *testing.T) {

···

       5
        
       	"Coves/internal/core/posts"

     

       6
        
       	"Coves/internal/core/users"

     

       7
        
       	"context"

     

       8
       +
       	"database/sql"

     

       9
        
       	"errors"

     

       10
        
       	"testing"

     

       11
        
       	"time"

     
···

       54
        
       	return nil

     

       55
        
       }

     

       56
        
       

     

       57
       +
       func (m *mockCommentRepo) SoftDeleteWithReason(ctx context.Context, uri, reason, deletedByDID string) error {

     

       58
       +
       	// Validate deletion reason

     

       59
       +
       	if reason != DeletionReasonAuthor && reason != DeletionReasonModerator {

     

       60
       +
       		return errors.New("invalid deletion reason: " + reason)

     

       61
       +
       	}

     

       62
       +
       	_, err := m.SoftDeleteWithReasonTx(ctx, nil, uri, reason, deletedByDID)

     

       63
       +
       	return err

     

       64
       +
       }

     

       65
       +
       

     

       66
       +
       // SoftDeleteWithReasonTx implements RepositoryTx interface for transactional deletes

     

       67
       +
       func (m *mockCommentRepo) SoftDeleteWithReasonTx(ctx context.Context, tx *sql.Tx, uri, reason, deletedByDID string) (int64, error) {

     

       68
       +
       	if c, ok := m.comments[uri]; ok {

     

       69
       +
       		if c.DeletedAt != nil {

     

       70
       +
       			// Already deleted - idempotent

     

       71
       +
       			return 0, nil

     

       72
       +
       		}

     

       73
       +
       		now := time.Now()

     

       74
       +
       		c.DeletedAt = &now

     

       75
       +
       		c.DeletionReason = &reason

     

       76
       +
       		c.DeletedBy = &deletedByDID

     

       77
       +
       		c.Content = ""

     

       78
       +
       		return 1, nil

     

       79
       +
       	}

     

       80
       +
       	return 0, nil

     

       81
       +
       }

     

       82
       +
       

     

       83
        
       func (m *mockCommentRepo) ListByRoot(ctx context.Context, rootURI string, limit, offset int) ([]*Comment, error) {

     

       84
        
       	return nil, nil

     

       85
        
       }

     
···

       858
        
       	assert.Len(t, result, 0)

     

       859
        
       }

     

       860
        
       

     

       861
       +
       func TestCommentService_buildThreadViews_IncludesDeletedCommentsAsPlaceholders(t *testing.T) {

     

       862
        
       	// Setup

     

       863
        
       	commentRepo := newMockCommentRepo()

     

       864
        
       	userRepo := newMockUserRepo()

     
···

       867
        
       

     

       868
        
       	postURI := "at://did:plc:post123/app.bsky.feed.post/test"

     

       869
        
       	deletedAt := time.Now()

     

       870
       +
       	deletionReason := DeletionReasonAuthor

     

       871
        
       

     

       872
        
       	// Create a deleted comment

     

       873
        
       	deletedComment := createTestComment("at://did:plc:commenter123/comment/1", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     

       874
        
       	deletedComment.DeletedAt = &deletedAt

     

       875
       +
       	deletedComment.DeletionReason = &deletionReason

     

       876
       +
       	deletedComment.Content = "" // Content is blanked on deletion

     

       877
        
       

     

       878
        
       	// Create a normal comment

     

       879
        
       	normalComment := createTestComment("at://did:plc:commenter123/comment/2", "did:plc:commenter123", "commenter.test", postURI, postURI, 0)

     
···

       883
        
       	// Execute

     

       884
        
       	result := service.buildThreadViews(context.Background(), []*Comment{deletedComment, normalComment}, 10, "hot", nil)

     

       885
        
       

     

       886
       +
       	// Verify - both comments should be included to preserve thread structure

     

       887
       +
       	assert.Len(t, result, 2)

     

       888
       +
       

     

       889
       +
       	// First comment should be the deleted one with placeholder info

     

       890
       +
       	assert.Equal(t, deletedComment.URI, result[0].Comment.URI)

     

       891
       +
       	assert.True(t, result[0].Comment.IsDeleted)

     

       892
       +
       	assert.Equal(t, DeletionReasonAuthor, *result[0].Comment.DeletionReason)

     

       893
       +
       	assert.Empty(t, result[0].Comment.Content)

     

       894
       +
       

     

       895
       +
       	// Second comment should be the normal one

     

       896
       +
       	assert.Equal(t, normalComment.URI, result[1].Comment.URI)

     

       897
       +
       	assert.False(t, result[1].Comment.IsDeleted)

     

       898
       +
       	assert.Nil(t, result[1].Comment.DeletionReason)

     

       899
        
       }

     

       900
        
       

     

       901
        
       func TestCommentService_buildThreadViews_WithNestedReplies(t *testing.T) {

-124

docs/PRD_BACKLOG.md

···

       649
        
       

     

       650
        
       ## 🔵 P3: Technical Debt

     

       651
        
       

     

       652
       -
       ### Implement PutRecord in PDS Client

     

       653
       -
       **Added:** 2025-12-04 | **Effort:** 2-3 hours | **Priority:** Technical Debt

     

       654
       -
       **Status:** 📋 TODO

     

       655
       -
       

     

       656
       -
       **Problem:**

     

       657
       -
       The PDS client (`internal/atproto/pds/client.go`) only has `CreateRecord` but lacks `PutRecord`. This means updates use `CreateRecord` with an existing rkey, which:

     

       658
       -
       1. Loses optimistic locking (no CID swap check)

     

       659
       -
       2. Is semantically incorrect (creates vs updates)

     

       660
       -
       3. Could cause race conditions on concurrent updates

     

       661
       -
       

     

       662
       -
       **atProto Best Practice:**

     

       663
       -
       - `com.atproto.repo.putRecord` should be used for updates

     

       664
       -
       - Accepts `swapRecord` (expected CID) for optimistic locking

     

       665
       -
       - Returns conflict error if CID doesn't match (concurrent modification detected)

     

       666
       -
       

     

       667
       -
       **Solution:**

     

       668
       -
       Add `PutRecord` method to the PDS client interface:

     

       669
       -
       

     

       670
       -
       ```go

     

       671
       -
       // Client interface addition

     

       672
       -
       type Client interface {

     

       673
       -
           // ... existing methods ...

     

       674
       -
       

     

       675
       -
           // PutRecord creates or updates a record with optional optimistic locking.

     

       676
       -
           // If swapRecord is provided, the operation fails if the current CID doesn't match.

     

       677
       -
           PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (uri string, cid string, err error)

     

       678
       -
       }

     

       679
       -
       

     

       680
       -
       // Implementation

     

       681
       -
       func (c *client) PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (string, string, error) {

     

       682
       -
           payload := map[string]any{

     

       683
       -
               "repo":       c.did,

     

       684
       -
               "collection": collection,

     

       685
       -
               "rkey":       rkey,

     

       686
       -
               "record":     record,

     

       687
       -
           }

     

       688
       -
       

     

       689
       -
           // Optional: optimistic locking via CID swap check

     

       690
       -
           if swapRecord != "" {

     

       691
       -
               payload["swapRecord"] = swapRecord

     

       692
       -
           }

     

       693
       -
       

     

       694
       -
           var result struct {

     

       695
       -
               URI string `json:"uri"`

     

       696
       -
               CID string `json:"cid"`

     

       697
       -
           }

     

       698
       -
       

     

       699
       -
           err := c.apiClient.Post(ctx, syntax.NSID("com.atproto.repo.putRecord"), payload, &result)

     

       700
       -
           if err != nil {

     

       701
       -
               return "", "", wrapAPIError(err, "putRecord")

     

       702
       -
           }

     

       703
       -
       

     

       704
       -
           return result.URI, result.CID, nil

     

       705
       -
       }

     

       706
       -
       ```

     

       707
       -
       

     

       708
       -
       **Error Handling:**

     

       709
       -
       Add new error type for conflict detection:

     

       710
       -
       ```go

     

       711
       -
       var ErrConflict = errors.New("record was modified by another operation")

     

       712
       -
       ```

     

       713
       -
       

     

       714
       -
       Map HTTP 409 in `wrapAPIError`:

     

       715
       -
       ```go

     

       716
       -
       case 409:

     

       717
       -
           return fmt.Errorf("%s: %w: %s", operation, ErrConflict, apiErr.Message)

     

       718
       -
       ```

     

       719
       -
       

     

       720
       -
       **Files to Modify:**

     

       721
       -
       - `internal/atproto/pds/client.go` - Add `PutRecord` method and interface

     

       722
       -
       - `internal/atproto/pds/errors.go` - Add `ErrConflict` error type

     

       723
       -
       

     

       724
       -
       **Testing:**

     

       725
       -
       - Unit test: Verify payload includes `swapRecord` when provided

     

       726
       -
       - Integration test: Concurrent updates detect conflict

     

       727
       -
       - Integration test: Update without `swapRecord` still works (backwards compatible)

     

       728
       -
       

     

       729
       -
       **Blocked By:** Nothing

     

       730
       -
       **Blocks:** "Migrate UpdateComment to use PutRecord"

     

       731
       -
       

     

       732
       -
       ---

     

       733
       -
       

     

       734
       -
       ### Migrate UpdateComment to Use PutRecord

     

       735
       -
       **Added:** 2025-12-04 | **Effort:** 1 hour | **Priority:** Technical Debt

     

       736
       -
       **Status:** 📋 TODO (Blocked)

     

       737
       -
       **Blocked By:** "Implement PutRecord in PDS Client"

     

       738
       -
       

     

       739
       -
       **Problem:**

     

       740
       -
       `UpdateComment` in `internal/core/comments/comment_service.go` uses `CreateRecord` for updates instead of `PutRecord`. This lacks optimistic locking and is semantically incorrect.

     

       741
       -
       

     

       742
       -
       **Current Code (lines 687-690):**

     

       743
       -
       ```go

     

       744
       -
       // TODO: Use PutRecord instead of CreateRecord for proper update semantics with optimistic locking.

     

       745
       -
       // PutRecord should accept the existing CID (existingRecord.CID) to ensure concurrent updates are detected.

     

       746
       -
       // However, PutRecord is not yet implemented in internal/atproto/pds/client.go.

     

       747
       -
       uri, cid, err := pdsClient.CreateRecord(ctx, commentCollection, rkey, updatedRecord)

     

       748
       -
       ```

     

       749
       -
       

     

       750
       -
       **Solution:**

     

       751
       -
       Once `PutRecord` is implemented in the PDS client, update to:

     

       752
       -
       ```go

     

       753
       -
       // Use PutRecord with optimistic locking via existing CID

     

       754
       -
       uri, cid, err := pdsClient.PutRecord(ctx, commentCollection, rkey, updatedRecord, existingRecord.CID)

     

       755
       -
       if err != nil {

     

       756
       -
           if errors.Is(err, pds.ErrConflict) {

     

       757
       -
               // Record was modified by another operation - return appropriate error

     

       758
       -
               return nil, fmt.Errorf("comment was modified, please refresh and try again: %w", err)

     

       759
       -
           }

     

       760
       -
           // ... existing error handling

     

       761
       -
       }

     

       762
       -
       ```

     

       763
       -
       

     

       764
       -
       **Files to Modify:**

     

       765
       -
       - `internal/core/comments/comment_service.go` - UpdateComment method

     

       766
       -
       - `internal/core/comments/errors.go` - Add `ErrConcurrentModification` if needed

     

       767
       -
       

     

       768
       -
       **Testing:**

     

       769
       -
       - Unit test: Verify `PutRecord` is called with correct CID

     

       770
       -
       - Integration test: Simulate concurrent update, verify conflict handling

     

       771
       -
       

     

       772
       -
       **Impact:** Proper optimistic locking prevents lost updates from race conditions

     

       773
       -
       

     

       774
       -
       ---

     

       775
       -
       

     

       776
        
       ### Consolidate Environment Variable Validation

     

       777
        
       **Added:** 2025-10-11 | **Effort:** 2-3 hours

     

       778

···

       649
        
       

     

       650
        
       ## 🔵 P3: Technical Debt

     

       651
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       652
        
       ### Consolidate Environment Variable Validation

     

       653
        
       **Added:** 2025-10-11 | **Effort:** 2-3 hours

     

       654

+33

internal/atproto/pds/client.go

···

       31
        
       	// GetRecord retrieves a single record by collection and rkey.

     

       32
        
       	GetRecord(ctx context.Context, collection string, rkey string) (*RecordResponse, error)

     

       33
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       34
        
       	// DID returns the authenticated user's DID.

     

       35
        
       	DID() string

     

       36
        
       

     
···

       89
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrForbidden, apiErr.Message)

     

       90
        
       		case 404:

     

       91
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrNotFound, apiErr.Message)

     

       0
        
       
     

       0
        
       
     

       92
        
       		}

     

       93
        
       	}

     

       94
        
       

     
···

       218
        
       		Value: result.Value,

     

       219
        
       	}, nil

     

       220
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       31
        
       	// GetRecord retrieves a single record by collection and rkey.

     

       32
        
       	GetRecord(ctx context.Context, collection string, rkey string) (*RecordResponse, error)

     

       33
        
       

     

       34
       +
       	// PutRecord creates or updates a record with optional optimistic locking.

     

       35
       +
       	// If swapRecord CID is provided, the operation fails if the current CID doesn't match.

     

       36
       +
       	PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (uri string, cid string, err error)

     

       37
       +
       

     

       38
        
       	// DID returns the authenticated user's DID.

     

       39
        
       	DID() string

     

       40
        
       

     
···

       93
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrForbidden, apiErr.Message)

     

       94
        
       		case 404:

     

       95
        
       			return fmt.Errorf("%s: %w: %s", operation, ErrNotFound, apiErr.Message)

     

       96
       +
       		case 409:

     

       97
       +
       			return fmt.Errorf("%s: %w: %s", operation, ErrConflict, apiErr.Message)

     

       98
        
       		}

     

       99
        
       	}

     

       100
        
       

     
···

       224
        
       		Value: result.Value,

     

       225
        
       	}, nil

     

       226
        
       }

     

       227
       +
       

     

       228
       +
       // PutRecord creates or updates a record with optional optimistic locking.

     

       229
       +
       func (c *client) PutRecord(ctx context.Context, collection string, rkey string, record any, swapRecord string) (string, string, error) {

     

       230
       +
       	payload := map[string]any{

     

       231
       +
       		"repo":       c.did,

     

       232
       +
       		"collection": collection,

     

       233
       +
       		"rkey":       rkey,

     

       234
       +
       		"record":     record,

     

       235
       +
       	}

     

       236
       +
       

     

       237
       +
       	// Optional: optimistic locking via CID swap check

     

       238
       +
       	if swapRecord != "" {

     

       239
       +
       		payload["swapRecord"] = swapRecord

     

       240
       +
       	}

     

       241
       +
       

     

       242
       +
       	var result struct {

     

       243
       +
       		URI string `json:"uri"`

     

       244
       +
       		CID string `json:"cid"`

     

       245
       +
       	}

     

       246
       +
       

     

       247
       +
       	err := c.apiClient.Post(ctx, syntax.NSID("com.atproto.repo.putRecord"), payload, &result)

     

       248
       +
       	if err != nil {

     

       249
       +
       		return "", "", wrapAPIError(err, "putRecord")

     

       250
       +
       	}

     

       251
       +
       

     

       252
       +
       	return result.URI, result.CID, nil

     

       253
       +
       }

+231

internal/atproto/pds/client_test.go

···

       958
        
       			operation: "createRecord",

     

       959
        
       			wantTyped: ErrBadRequest,

     

       960
        
       		},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       961
        
       		{

     

       962
        
       			name:      "500 wraps without typed error",

     

       963
        
       			err:       &atclient.APIError{StatusCode: 500, Name: "InternalError", Message: "Server error"},

     
···

       1172
        
       		})

     

       1173
        
       	}

     

       1174
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       958
        
       			operation: "createRecord",

     

       959
        
       			wantTyped: ErrBadRequest,

     

       960
        
       		},

     

       961
       +
       		{

     

       962
       +
       			name:      "409 maps to ErrConflict",

     

       963
       +
       			err:       &atclient.APIError{StatusCode: 409, Name: "InvalidSwap", Message: "Record CID mismatch"},

     

       964
       +
       			operation: "putRecord",

     

       965
       +
       			wantTyped: ErrConflict,

     

       966
       +
       		},

     

       967
        
       		{

     

       968
        
       			name:      "500 wraps without typed error",

     

       969
        
       			err:       &atclient.APIError{StatusCode: 500, Name: "InternalError", Message: "Server error"},

     
···

       1178
        
       		})

     

       1179
        
       	}

     

       1180
        
       }

     

       1181
       +
       

     

       1182
       +
       // TestClient_PutRecord tests the PutRecord method with a mock server.

     

       1183
       +
       func TestClient_PutRecord(t *testing.T) {

     

       1184
       +
       	tests := []struct {

     

       1185
       +
       		name           string

     

       1186
       +
       		collection     string

     

       1187
       +
       		rkey           string

     

       1188
       +
       		record         map[string]any

     

       1189
       +
       		swapRecord     string

     

       1190
       +
       		serverResponse map[string]any

     

       1191
       +
       		serverStatus   int

     

       1192
       +
       		wantURI        string

     

       1193
       +
       		wantCID        string

     

       1194
       +
       		wantErr        bool

     

       1195
       +
       	}{

     

       1196
       +
       		{

     

       1197
       +
       			name:       "successful put with swapRecord",

     

       1198
       +
       			collection: "social.coves.comment",

     

       1199
       +
       			rkey:       "3kjzl5kcb2s2v",

     

       1200
       +
       			record: map[string]any{

     

       1201
       +
       				"$type":   "social.coves.comment",

     

       1202
       +
       				"content": "Updated comment content",

     

       1203
       +
       			},

     

       1204
       +
       			swapRecord: "bafyreigbtj4x7ip5legnfznufuopl4sg4knzc2cof6duas4b3q2fy6swua",

     

       1205
       +
       			serverResponse: map[string]any{

     

       1206
       +
       				"uri": "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1207
       +
       				"cid": "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1208
       +
       			},

     

       1209
       +
       			serverStatus: http.StatusOK,

     

       1210
       +
       			wantURI:      "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1211
       +
       			wantCID:      "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1212
       +
       			wantErr:      false,

     

       1213
       +
       		},

     

       1214
       +
       		{

     

       1215
       +
       			name:       "successful put without swapRecord",

     

       1216
       +
       			collection: "social.coves.comment",

     

       1217
       +
       			rkey:       "3kjzl5kcb2s2v",

     

       1218
       +
       			record: map[string]any{

     

       1219
       +
       				"$type":   "social.coves.comment",

     

       1220
       +
       				"content": "Updated comment",

     

       1221
       +
       			},

     

       1222
       +
       			swapRecord: "",

     

       1223
       +
       			serverResponse: map[string]any{

     

       1224
       +
       				"uri": "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1225
       +
       				"cid": "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1226
       +
       			},

     

       1227
       +
       			serverStatus: http.StatusOK,

     

       1228
       +
       			wantURI:      "at://did:plc:test/social.coves.comment/3kjzl5kcb2s2v",

     

       1229
       +
       			wantCID:      "bafyreihd4q3yqcfvnv5zlp6n4fqzh6z4p4m3mwc7vvr6k2j6y6v2a3b4c5",

     

       1230
       +
       			wantErr:      false,

     

       1231
       +
       		},

     

       1232
       +
       		{

     

       1233
       +
       			name:       "conflict error (409)",

     

       1234
       +
       			collection: "social.coves.comment",

     

       1235
       +
       			rkey:       "test",

     

       1236
       +
       			record:     map[string]any{"$type": "social.coves.comment"},

     

       1237
       +
       			swapRecord: "bafyreigbtj4x7ip5legnfznufuopl4sg4knzc2cof6duas4b3q2fy6swua",

     

       1238
       +
       			serverResponse: map[string]any{

     

       1239
       +
       				"error":   "InvalidSwap",

     

       1240
       +
       				"message": "Record CID does not match",

     

       1241
       +
       			},

     

       1242
       +
       			serverStatus: http.StatusConflict,

     

       1243
       +
       			wantErr:      true,

     

       1244
       +
       		},

     

       1245
       +
       		{

     

       1246
       +
       			name:       "server error",

     

       1247
       +
       			collection: "social.coves.comment",

     

       1248
       +
       			rkey:       "test",

     

       1249
       +
       			record:     map[string]any{"$type": "social.coves.comment"},

     

       1250
       +
       			swapRecord: "",

     

       1251
       +
       			serverResponse: map[string]any{

     

       1252
       +
       				"error":   "InvalidRequest",

     

       1253
       +
       				"message": "Invalid record",

     

       1254
       +
       			},

     

       1255
       +
       			serverStatus: http.StatusBadRequest,

     

       1256
       +
       			wantErr:      true,

     

       1257
       +
       		},

     

       1258
       +
       	}

     

       1259
       +
       

     

       1260
       +
       	for _, tt := range tests {

     

       1261
       +
       		t.Run(tt.name, func(t *testing.T) {

     

       1262
       +
       			// Create mock server

     

       1263
       +
       			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       1264
       +
       				// Verify method

     

       1265
       +
       				if r.Method != http.MethodPost {

     

       1266
       +
       					t.Errorf("expected POST request, got %s", r.Method)

     

       1267
       +
       				}

     

       1268
       +
       

     

       1269
       +
       				// Verify path

     

       1270
       +
       				expectedPath := "/xrpc/com.atproto.repo.putRecord"

     

       1271
       +
       				if r.URL.Path != expectedPath {

     

       1272
       +
       					t.Errorf("path = %q, want %q", r.URL.Path, expectedPath)

     

       1273
       +
       				}

     

       1274
       +
       

     

       1275
       +
       				// Verify request body

     

       1276
       +
       				var payload map[string]any

     

       1277
       +
       				if err := json.NewDecoder(r.Body).Decode(&payload); err != nil {

     

       1278
       +
       					t.Fatalf("failed to decode request body: %v", err)

     

       1279
       +
       				}

     

       1280
       +
       

     

       1281
       +
       				// Check required fields

     

       1282
       +
       				if payload["collection"] != tt.collection {

     

       1283
       +
       					t.Errorf("collection = %v, want %v", payload["collection"], tt.collection)

     

       1284
       +
       				}

     

       1285
       +
       				if payload["rkey"] != tt.rkey {

     

       1286
       +
       					t.Errorf("rkey = %v, want %v", payload["rkey"], tt.rkey)

     

       1287
       +
       				}

     

       1288
       +
       

     

       1289
       +
       				// Check swapRecord inclusion

     

       1290
       +
       				if tt.swapRecord != "" {

     

       1291
       +
       					if payload["swapRecord"] != tt.swapRecord {

     

       1292
       +
       						t.Errorf("swapRecord = %v, want %v", payload["swapRecord"], tt.swapRecord)

     

       1293
       +
       					}

     

       1294
       +
       				} else {

     

       1295
       +
       					if _, exists := payload["swapRecord"]; exists {

     

       1296
       +
       						t.Error("swapRecord should not be included when empty")

     

       1297
       +
       					}

     

       1298
       +
       				}

     

       1299
       +
       

     

       1300
       +
       				// Send response

     

       1301
       +
       				w.Header().Set("Content-Type", "application/json")

     

       1302
       +
       				w.WriteHeader(tt.serverStatus)

     

       1303
       +
       				json.NewEncoder(w).Encode(tt.serverResponse)

     

       1304
       +
       			}))

     

       1305
       +
       			defer server.Close()

     

       1306
       +
       

     

       1307
       +
       			// Create client

     

       1308
       +
       			apiClient := atclient.NewAPIClient(server.URL)

     

       1309
       +
       			apiClient.Auth = &bearerAuth{token: "test-token"}

     

       1310
       +
       

     

       1311
       +
       			c := &client{

     

       1312
       +
       				apiClient: apiClient,

     

       1313
       +
       				did:       "did:plc:test",

     

       1314
       +
       				host:      server.URL,

     

       1315
       +
       			}

     

       1316
       +
       

     

       1317
       +
       			// Execute PutRecord

     

       1318
       +
       			ctx := context.Background()

     

       1319
       +
       			uri, cid, err := c.PutRecord(ctx, tt.collection, tt.rkey, tt.record, tt.swapRecord)

     

       1320
       +
       

     

       1321
       +
       			if tt.wantErr {

     

       1322
       +
       				if err == nil {

     

       1323
       +
       					t.Fatal("expected error, got nil")

     

       1324
       +
       				}

     

       1325
       +
       				return

     

       1326
       +
       			}

     

       1327
       +
       

     

       1328
       +
       			if err != nil {

     

       1329
       +
       				t.Fatalf("unexpected error: %v", err)

     

       1330
       +
       			}

     

       1331
       +
       

     

       1332
       +
       			if uri != tt.wantURI {

     

       1333
       +
       				t.Errorf("uri = %q, want %q", uri, tt.wantURI)

     

       1334
       +
       			}

     

       1335
       +
       

     

       1336
       +
       			if cid != tt.wantCID {

     

       1337
       +
       				t.Errorf("cid = %q, want %q", cid, tt.wantCID)

     

       1338
       +
       			}

     

       1339
       +
       		})

     

       1340
       +
       	}

     

       1341
       +
       }

     

       1342
       +
       

     

       1343
       +
       // TestClient_TypedErrors_PutRecord tests that PutRecord returns typed errors.

     

       1344
       +
       func TestClient_TypedErrors_PutRecord(t *testing.T) {

     

       1345
       +
       	tests := []struct {

     

       1346
       +
       		name         string

     

       1347
       +
       		serverStatus int

     

       1348
       +
       		wantErr      error

     

       1349
       +
       	}{

     

       1350
       +
       		{

     

       1351
       +
       			name:         "401 returns ErrUnauthorized",

     

       1352
       +
       			serverStatus: http.StatusUnauthorized,

     

       1353
       +
       			wantErr:      ErrUnauthorized,

     

       1354
       +
       		},

     

       1355
       +
       		{

     

       1356
       +
       			name:         "403 returns ErrForbidden",

     

       1357
       +
       			serverStatus: http.StatusForbidden,

     

       1358
       +
       			wantErr:      ErrForbidden,

     

       1359
       +
       		},

     

       1360
       +
       		{

     

       1361
       +
       			name:         "409 returns ErrConflict",

     

       1362
       +
       			serverStatus: http.StatusConflict,

     

       1363
       +
       			wantErr:      ErrConflict,

     

       1364
       +
       		},

     

       1365
       +
       		{

     

       1366
       +
       			name:         "400 returns ErrBadRequest",

     

       1367
       +
       			serverStatus: http.StatusBadRequest,

     

       1368
       +
       			wantErr:      ErrBadRequest,

     

       1369
       +
       		},

     

       1370
       +
       	}

     

       1371
       +
       

     

       1372
       +
       	for _, tt := range tests {

     

       1373
       +
       		t.Run(tt.name, func(t *testing.T) {

     

       1374
       +
       			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

     

       1375
       +
       				w.Header().Set("Content-Type", "application/json")

     

       1376
       +
       				w.WriteHeader(tt.serverStatus)

     

       1377
       +
       				json.NewEncoder(w).Encode(map[string]any{

     

       1378
       +
       					"error":   "TestError",

     

       1379
       +
       					"message": "Test error message",

     

       1380
       +
       				})

     

       1381
       +
       			}))

     

       1382
       +
       			defer server.Close()

     

       1383
       +
       

     

       1384
       +
       			apiClient := atclient.NewAPIClient(server.URL)

     

       1385
       +
       			apiClient.Auth = &bearerAuth{token: "test-token"}

     

       1386
       +
       

     

       1387
       +
       			c := &client{

     

       1388
       +
       				apiClient: apiClient,

     

       1389
       +
       				did:       "did:plc:test",

     

       1390
       +
       				host:      server.URL,

     

       1391
       +
       			}

     

       1392
       +
       

     

       1393
       +
       			ctx := context.Background()

     

       1394
       +
       			_, _, err := c.PutRecord(ctx, "test.collection", "rkey", map[string]any{}, "")

     

       1395
       +
       

     

       1396
       +
       			if err == nil {

     

       1397
       +
       				t.Fatal("expected error, got nil")

     

       1398
       +
       			}

     

       1399
       +
       

     

       1400
       +
       			if !errors.Is(err, tt.wantErr) {

     

       1401
       +
       				t.Errorf("expected errors.Is(%v, %v) to be true", err, tt.wantErr)

     

       1402
       +
       			}

     

       1403
       +
       		})

     

       1404
       +
       	}

     

       1405
       +
       }

internal/atproto/pds/errors.go

···

       17
        
       

     

       18
        
       	// ErrBadRequest indicates the request was malformed or invalid (HTTP 400).

     

       19
        
       	ErrBadRequest = errors.New("bad request")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       20
        
       )

     

       21
        
       

     

       22
        
       // IsAuthError returns true if the error is an authentication/authorization error.

···

       17
        
       

     

       18
        
       	// ErrBadRequest indicates the request was malformed or invalid (HTTP 400).

     

       19
        
       	ErrBadRequest = errors.New("bad request")

     

       20
       +
       

     

       21
       +
       	// ErrConflict indicates the record was modified by another operation (HTTP 409).

     

       22
       +
       	ErrConflict = errors.New("record was modified by another operation")

     

       23
        
       )

     

       24
        
       

     

       25
        
       // IsAuthError returns true if the error is an authentication/authorization error.

+17

internal/core/comments/comment_write_service_test.go

···

       24
        
       	createError error                             // Error to return on CreateRecord

     

       25
        
       	getError    error                             // Error to return on GetRecord

     

       26
        
       	deleteError error                             // Error to return on DeleteRecord

     

       0
        
       
     

       27
        
       	did         string                            // DID of the authenticated user

     

       28
        
       	hostURL     string                            // PDS host URL

     

       29
        
       }

     
···

       113
        
       	return &pds.ListRecordsResponse{}, nil

     

       114
        
       }

     

       115
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       116
        
       // mockPDSClientFactory creates mock PDS clients for testing

     

       117
        
       type mockPDSClientFactory struct {

     

       118
        
       	client *mockPDSClient

···

       24
        
       	createError error                             // Error to return on CreateRecord

     

       25
        
       	getError    error                             // Error to return on GetRecord

     

       26
        
       	deleteError error                             // Error to return on DeleteRecord

     

       27
       +
       	putError    error                             // Error to return on PutRecord

     

       28
        
       	did         string                            // DID of the authenticated user

     

       29
        
       	hostURL     string                            // PDS host URL

     

       30
        
       }

     
···

       114
        
       	return &pds.ListRecordsResponse{}, nil

     

       115
        
       }

     

       116
        
       

     

       117
       +
       func (m *mockPDSClient) PutRecord(ctx context.Context, collection, rkey string, record any, swapRecord string) (string, string, error) {

     

       118
       +
       	if m.putError != nil {

     

       119
       +
       		return "", "", m.putError

     

       120
       +
       	}

     

       121
       +
       

     

       122
       +
       	// Store record (same logic as CreateRecord)

     

       123
       +
       	if m.records[collection] == nil {

     

       124
       +
       		m.records[collection] = make(map[string]interface{})

     

       125
       +
       	}

     

       126
       +
       	m.records[collection][rkey] = record

     

       127
       +
       

     

       128
       +
       	uri := fmt.Sprintf("at://%s/%s/%s", m.did, collection, rkey)

     

       129
       +
       	cid := fmt.Sprintf("bafytest%d", time.Now().UnixNano())

     

       130
       +
       	return uri, cid, nil

     

       131
       +
       }

     

       132
       +
       

     

       133
        
       // mockPDSClientFactory creates mock PDS clients for testing

     

       134
        
       type mockPDSClientFactory struct {

     

       135
        
       	client *mockPDSClient

+5 -1

internal/core/comments/errors.go

···

       29
        
       

     

       30
        
       	// ErrCommentAlreadyExists indicates a comment with this URI already exists

     

       31
        
       	ErrCommentAlreadyExists = errors.New("comment already exists")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       32
        
       )

     

       33
        
       

     

       34
        
       // IsNotFound checks if an error is a "not found" error

     
···

       40
        
       

     

       41
        
       // IsConflict checks if an error is a conflict/already exists error

     

       42
        
       func IsConflict(err error) bool {

     

       43
       -
       	return errors.Is(err, ErrCommentAlreadyExists)

     

       0
        
       
     

       44
        
       }

     

       45
        
       

     

       46
        
       // IsValidationError checks if an error is a validation error

···

       29
        
       

     

       30
        
       	// ErrCommentAlreadyExists indicates a comment with this URI already exists

     

       31
        
       	ErrCommentAlreadyExists = errors.New("comment already exists")

     

       32
       +
       

     

       33
       +
       	// ErrConcurrentModification indicates the comment was modified since it was loaded

     

       34
       +
       	ErrConcurrentModification = errors.New("comment was modified by another operation")

     

       35
        
       )

     

       36
        
       

     

       37
        
       // IsNotFound checks if an error is a "not found" error

     
···

       43
        
       

     

       44
        
       // IsConflict checks if an error is a conflict/already exists error

     

       45
        
       func IsConflict(err error) bool {

     

       46
       +
       	return errors.Is(err, ErrCommentAlreadyExists) ||

     

       47
       +
       		errors.Is(err, ErrConcurrentModification)

     

       48
        
       }

     

       49
        
       

     

       50
        
       // IsValidationError checks if an error is a validation error

+169

tests/integration/comment_write_test.go

···

       806
        
       func parseTestDID(did string) (syntax.DID, error) {

     

       807
        
       	return syntax.ParseDID(did)

     

       808
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       806
        
       func parseTestDID(did string) (syntax.DID, error) {

     

       807
        
       	return syntax.ParseDID(did)

     

       808
        
       }

     

       809
       +
       

     

       810
       +
       // TestCommentWrite_ConcurrentModificationDetection tests that PutRecord's swapRecord

     

       811
       +
       // CID validation correctly detects concurrent modifications.

     

       812
       +
       // This verifies the optimistic locking mechanism that prevents lost updates.

     

       813
       +
       func TestCommentWrite_ConcurrentModificationDetection(t *testing.T) {

     

       814
       +
       	if testing.Short() {

     

       815
       +
       		t.Skip("Skipping E2E test in short mode")

     

       816
       +
       	}

     

       817
       +
       

     

       818
       +
       	db := setupTestDB(t)

     

       819
       +
       	defer func() { _ = db.Close() }()

     

       820
       +
       

     

       821
       +
       	ctx := context.Background()

     

       822
       +
       	pdsURL := getTestPDSURL()

     

       823
       +
       

     

       824
       +
       	// Setup repositories and service

     

       825
       +
       	commentRepo := postgres.NewCommentRepository(db)

     

       826
       +
       

     

       827
       +
       	commentPDSFactory := func(ctx context.Context, session *oauthlib.ClientSessionData) (pds.Client, error) {

     

       828
       +
       		if session.AccessToken == "" {

     

       829
       +
       			return nil, fmt.Errorf("session has no access token")

     

       830
       +
       		}

     

       831
       +
       		if session.HostURL == "" {

     

       832
       +
       			return nil, fmt.Errorf("session has no host URL")

     

       833
       +
       		}

     

       834
       +
       		return pds.NewFromAccessToken(session.HostURL, session.AccountDID.String(), session.AccessToken)

     

       835
       +
       	}

     

       836
       +
       

     

       837
       +
       	commentService := comments.NewCommentServiceWithPDSFactory(

     

       838
       +
       		commentRepo,

     

       839
       +
       		nil,

     

       840
       +
       		nil,

     

       841
       +
       		nil,

     

       842
       +
       		nil,

     

       843
       +
       		commentPDSFactory,

     

       844
       +
       	)

     

       845
       +
       

     

       846
       +
       	// Create test user

     

       847
       +
       	testUserHandle := fmt.Sprintf("concurrency-%d.local.coves.dev", time.Now().Unix())

     

       848
       +
       	testUserEmail := fmt.Sprintf("concurrency-%d@test.local", time.Now().Unix())

     

       849
       +
       	testUserPassword := "test-password-123"

     

       850
       +
       

     

       851
       +
       	pdsAccessToken, userDID, err := createPDSAccount(pdsURL, testUserHandle, testUserEmail, testUserPassword)

     

       852
       +
       	if err != nil {

     

       853
       +
       		t.Skipf("PDS not available: %v", err)

     

       854
       +
       	}

     

       855
       +
       

     

       856
       +
       	// Setup OAuth

     

       857
       +
       	mockStore := NewMockOAuthStore()

     

       858
       +
       	mockStore.AddSessionWithPDS(userDID, "session-"+userDID, pdsAccessToken, pdsURL)

     

       859
       +
       

     

       860
       +
       	parsedDID, _ := parseTestDID(userDID)

     

       861
       +
       	session, _ := mockStore.GetSession(ctx, parsedDID, "session-"+userDID)

     

       862
       +
       

     

       863
       +
       	// Step 1: Create a comment

     

       864
       +
       	t.Logf("\n📝 Step 1: Creating initial comment...")

     

       865
       +
       	createReq := comments.CreateCommentRequest{

     

       866
       +
       		Reply: comments.ReplyRef{

     

       867
       +
       			Root: comments.StrongRef{

     

       868
       +
       				URI: "at://did:plc:test/social.coves.community.post/test123",

     

       869
       +
       				CID: "bafypost",

     

       870
       +
       			},

     

       871
       +
       			Parent: comments.StrongRef{

     

       872
       +
       				URI: "at://did:plc:test/social.coves.community.post/test123",

     

       873
       +
       				CID: "bafypost",

     

       874
       +
       			},

     

       875
       +
       		},

     

       876
       +
       		Content: "Original content for concurrency test",

     

       877
       +
       		Langs:   []string{"en"},

     

       878
       +
       	}

     

       879
       +
       

     

       880
       +
       	createResp, err := commentService.CreateComment(ctx, session, createReq)

     

       881
       +
       	if err != nil {

     

       882
       +
       		t.Fatalf("Failed to create comment: %v", err)

     

       883
       +
       	}

     

       884
       +
       	t.Logf("✅ Comment created: URI=%s, CID=%s", createResp.URI, createResp.CID)

     

       885
       +
       	originalCID := createResp.CID

     

       886
       +
       

     

       887
       +
       	// Step 2: Update the comment (this changes the CID)

     

       888
       +
       	t.Logf("\n📝 Step 2: Updating comment (this changes CID)...")

     

       889
       +
       	updateReq := comments.UpdateCommentRequest{

     

       890
       +
       		URI:     createResp.URI,

     

       891
       +
       		Content: "Updated content - CID has changed",

     

       892
       +
       	}

     

       893
       +
       

     

       894
       +
       	updateResp, err := commentService.UpdateComment(ctx, session, updateReq)

     

       895
       +
       	if err != nil {

     

       896
       +
       		t.Fatalf("Failed to update comment: %v", err)

     

       897
       +
       	}

     

       898
       +
       	t.Logf("✅ Comment updated: New CID=%s", updateResp.CID)

     

       899
       +
       	newCID := updateResp.CID

     

       900
       +
       

     

       901
       +
       	// Verify CIDs are different

     

       902
       +
       	if originalCID == newCID {

     

       903
       +
       		t.Fatalf("CIDs should be different after update: original=%s, new=%s", originalCID, newCID)

     

       904
       +
       	}

     

       905
       +
       

     

       906
       +
       	// Step 3: Simulate concurrent modification detection using direct PDS client

     

       907
       +
       	// Create a PDS client and attempt to update with the stale (original) CID

     

       908
       +
       	t.Logf("\n🔍 Step 3: Testing concurrent modification detection with stale CID...")

     

       909
       +
       

     

       910
       +
       	pdsClient, err := pds.NewFromAccessToken(pdsURL, userDID, pdsAccessToken)

     

       911
       +
       	if err != nil {

     

       912
       +
       		t.Fatalf("Failed to create PDS client: %v", err)

     

       913
       +
       	}

     

       914
       +
       

     

       915
       +
       	rkey := utils.ExtractRKeyFromURI(createResp.URI)

     

       916
       +
       

     

       917
       +
       	// Try to update with the ORIGINAL (now stale) CID - this should fail with 409

     

       918
       +
       	staleRecord := map[string]interface{}{

     

       919
       +
       		"$type": "social.coves.community.comment",

     

       920
       +
       		"reply": map[string]interface{}{

     

       921
       +
       			"root": map[string]interface{}{

     

       922
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       923
       +
       				"cid": "bafypost",

     

       924
       +
       			},

     

       925
       +
       			"parent": map[string]interface{}{

     

       926
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       927
       +
       				"cid": "bafypost",

     

       928
       +
       			},

     

       929
       +
       		},

     

       930
       +
       		"content":   "This update should fail - using stale CID",

     

       931
       +
       		"createdAt": time.Now().UTC().Format(time.RFC3339),

     

       932
       +
       	}

     

       933
       +
       

     

       934
       +
       	_, _, err = pdsClient.PutRecord(ctx, "social.coves.community.comment", rkey, staleRecord, originalCID)

     

       935
       +
       

     

       936
       +
       	// Verify we get ErrConflict

     

       937
       +
       	if err == nil {

     

       938
       +
       		t.Fatal("Expected ErrConflict when updating with stale CID, got nil")

     

       939
       +
       	}

     

       940
       +
       

     

       941
       +
       	if !errors.Is(err, pds.ErrConflict) {

     

       942
       +
       		t.Errorf("Expected pds.ErrConflict, got: %v", err)

     

       943
       +
       	}

     

       944
       +
       

     

       945
       +
       	t.Logf("✅ Correctly detected concurrent modification!")

     

       946
       +
       	t.Logf("   Error: %v", err)

     

       947
       +
       

     

       948
       +
       	// Step 4: Verify that updating with the correct CID succeeds

     

       949
       +
       	t.Logf("\n📝 Step 4: Verifying update with correct CID succeeds...")

     

       950
       +
       	correctRecord := map[string]interface{}{

     

       951
       +
       		"$type": "social.coves.community.comment",

     

       952
       +
       		"reply": map[string]interface{}{

     

       953
       +
       			"root": map[string]interface{}{

     

       954
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       955
       +
       				"cid": "bafypost",

     

       956
       +
       			},

     

       957
       +
       			"parent": map[string]interface{}{

     

       958
       +
       				"uri": "at://did:plc:test/social.coves.community.post/test123",

     

       959
       +
       				"cid": "bafypost",

     

       960
       +
       			},

     

       961
       +
       		},

     

       962
       +
       		"content":   "This update should succeed - using correct CID",

     

       963
       +
       		"createdAt": time.Now().UTC().Format(time.RFC3339),

     

       964
       +
       	}

     

       965
       +
       

     

       966
       +
       	_, finalCID, err := pdsClient.PutRecord(ctx, "social.coves.community.comment", rkey, correctRecord, newCID)

     

       967
       +
       	if err != nil {

     

       968
       +
       		t.Fatalf("Update with correct CID should succeed, got: %v", err)

     

       969
       +
       	}

     

       970
       +
       

     

       971
       +
       	t.Logf("✅ Update with correct CID succeeded: New CID=%s", finalCID)

     

       972
       +
       

     

       973
       +
       	t.Logf("\n✅ CONCURRENT MODIFICATION DETECTION TEST COMPLETE:")

     

       974
       +
       	t.Logf("   ✓ PutRecord with stale CID correctly returns ErrConflict")

     

       975
       +
       	t.Logf("   ✓ PutRecord with correct CID succeeds")

     

       976
       +
       	t.Logf("   ✓ Optimistic locking prevents lost updates")

     

       977
       +
       }

+2 -2

cmd/server/main.go

···

       543
        
       	routes.RegisterTimelineRoutes(r, timelineService, voteService, authMiddleware)

     

       544
        
       	log.Println("Timeline XRPC endpoints registered (requires authentication, includes viewer vote state)")

     

       545
        
       

     

       546
       -
       	routes.RegisterDiscoverRoutes(r, discoverService)

     

       547
       -
       	log.Println("Discover XRPC endpoints registered (public, no auth required)")

     

       548
        
       

     

       549
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService, userService, identityResolver)

     

       550
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public, registration endpoint public)")

···

       543
        
       	routes.RegisterTimelineRoutes(r, timelineService, voteService, authMiddleware)

     

       544
        
       	log.Println("Timeline XRPC endpoints registered (requires authentication, includes viewer vote state)")

     

       545
        
       

     

       546
       +
       	routes.RegisterDiscoverRoutes(r, discoverService, voteService, authMiddleware)

     

       547
       +
       	log.Println("Discover XRPC endpoints registered (public with optional auth for viewer vote state)")

     

       548
        
       

     

       549
        
       	routes.RegisterAggregatorRoutes(r, aggregatorService, userService, identityResolver)

     

       550
        
       	log.Println("Aggregator XRPC endpoints registered (query endpoints public, registration endpoint public)")

+73

internal/api/handlers/common/viewer_state.go

···

       1
       +
       package common

     

       2
       +
       

     

       3
       +
       import (

     

       4
       +
       	"Coves/internal/api/middleware"

     

       5
       +
       	"Coves/internal/core/posts"

     

       6
       +
       	"Coves/internal/core/votes"

     

       7
       +
       	"context"

     

       8
       +
       	"log"

     

       9
       +
       	"net/http"

     

       10
       +
       )

     

       11
       +
       

     

       12
       +
       // FeedPostProvider is implemented by any feed post wrapper that contains a PostView.

     

       13
       +
       // This allows the helper to work with different feed post types (discover, timeline, communityFeed).

     

       14
       +
       type FeedPostProvider interface {

     

       15
       +
       	GetPost() *posts.PostView

     

       16
       +
       }

     

       17
       +
       

     

       18
       +
       // PopulateViewerVoteState enriches feed posts with the authenticated user's vote state.

     

       19
       +
       // This is a no-op if voteService is nil or the request is unauthenticated.

     

       20
       +
       //

     

       21
       +
       // Parameters:

     

       22
       +
       //   - ctx: Request context for PDS calls

     

       23
       +
       //   - r: HTTP request (used to extract OAuth session)

     

       24
       +
       //   - voteService: Vote service for cache lookup (may be nil)

     

       25
       +
       //   - feedPosts: Posts to enrich with viewer state (must implement FeedPostProvider)

     

       26
       +
       //

     

       27
       +
       // The function logs but does not fail on errors - viewer state is optional enrichment.

     

       28
       +
       func PopulateViewerVoteState[T FeedPostProvider](

     

       29
       +
       	ctx context.Context,

     

       30
       +
       	r *http.Request,

     

       31
       +
       	voteService votes.Service,

     

       32
       +
       	feedPosts []T,

     

       33
       +
       ) {

     

       34
       +
       	if voteService == nil {

     

       35
       +
       		return

     

       36
       +
       	}

     

       37
       +
       

     

       38
       +
       	session := middleware.GetOAuthSession(r)

     

       39
       +
       	if session == nil {

     

       40
       +
       		return

     

       41
       +
       	}

     

       42
       +
       

     

       43
       +
       	userDID := middleware.GetUserDID(r)

     

       44
       +
       

     

       45
       +
       	// Ensure vote cache is populated from PDS

     

       46
       +
       	if err := voteService.EnsureCachePopulated(ctx, session); err != nil {

     

       47
       +
       		log.Printf("Warning: failed to populate vote cache: %v", err)

     

       48
       +
       		return

     

       49
       +
       	}

     

       50
       +
       

     

       51
       +
       	// Collect post URIs to batch lookup

     

       52
       +
       	postURIs := make([]string, 0, len(feedPosts))

     

       53
       +
       	for _, feedPost := range feedPosts {

     

       54
       +
       		if post := feedPost.GetPost(); post != nil {

     

       55
       +
       			postURIs = append(postURIs, post.URI)

     

       56
       +
       		}

     

       57
       +
       	}

     

       58
       +
       

     

       59
       +
       	// Get viewer votes for all posts

     

       60
       +
       	viewerVotes := voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       61
       +
       

     

       62
       +
       	// Populate viewer state on each post

     

       63
       +
       	for _, feedPost := range feedPosts {

     

       64
       +
       		if post := feedPost.GetPost(); post != nil {

     

       65
       +
       			if vote, exists := viewerVotes[post.URI]; exists {

     

       66
       +
       				post.Viewer = &posts.ViewerState{

     

       67
       +
       					Vote:    &vote.Direction,

     

       68
       +
       					VoteURI: &vote.URI,

     

       69
       +
       				}

     

       70
       +
       			}

     

       71
       +
       		}

     

       72
       +
       	}

     

       73
       +
       }

+3 -36

internal/api/handlers/communityFeed/get_community.go

···

       1
        
       package communityFeed

     

       2
        
       

     

       3
        
       import (

     

       4
       -
       	"Coves/internal/api/middleware"

     

       5
        
       	"Coves/internal/core/communityFeeds"

     

       6
        
       	"Coves/internal/core/posts"

     

       7
        
       	"Coves/internal/core/votes"

     
···

       47
        
       		return

     

       48
        
       	}

     

       49
        
       

     

       50
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       51
       -
       	if h.voteService != nil {

     

       52
       -
       		session := middleware.GetOAuthSession(r)

     

       53
       -
       		if session != nil {

     

       54
       -
       			userDID := middleware.GetUserDID(r)

     

       55
       -
       			// Ensure vote cache is populated from PDS

     

       56
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       57
       -
       				// Log but don't fail - viewer state is optional

     

       58
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       59
       -
       			} else {

     

       60
       -
       				// Collect post URIs to batch lookup

     

       61
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       62
       -
       				for _, feedPost := range response.Feed {

     

       63
       -
       					if feedPost.Post != nil {

     

       64
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       65
       -
       					}

     

       66
       -
       				}

     

       67
       -
       

     

       68
       -
       				// Get viewer votes for all posts

     

       69
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       70
       -
       

     

       71
       -
       				// Populate viewer state on each post

     

       72
       -
       				for _, feedPost := range response.Feed {

     

       73
       -
       					if feedPost.Post != nil {

     

       74
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       75
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       76
       -
       								Vote:    &vote.Direction,

     

       77
       -
       								VoteURI: &vote.URI,

     

       78
       -
       							}

     

       79
       -
       						}

     

       80
       -
       					}

     

       81
       -
       				}

     

       82
       -
       			}

     

       83
       -
       		}

     

       84
       -
       	}

     

       85
        
       

     

       86
        
       	// Transform blob refs to URLs for all posts

     

       87
        
       	for _, feedPost := range response.Feed {

···

       1
        
       package communityFeed

     

       2
        
       

     

       3
        
       import (

     

       4
       +
       	"Coves/internal/api/handlers/common"

     

       5
        
       	"Coves/internal/core/communityFeeds"

     

       6
        
       	"Coves/internal/core/posts"

     

       7
        
       	"Coves/internal/core/votes"

     
···

       47
        
       		return

     

       48
        
       	}

     

       49
        
       

     

       50
       +
       	// Populate viewer vote state if authenticated

     

       51
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       52
        
       

     

       53
        
       	// Transform blob refs to URLs for all posts

     

       54
        
       	for _, feedPost := range response.Feed {

+11 -4

internal/api/handlers/discover/get_discover.go

···

       1
        
       package discover

     

       2
        
       

     

       3
        
       import (

     

       0
        
       
     

       4
        
       	"Coves/internal/core/discover"

     

       5
        
       	"Coves/internal/core/posts"

     

       0
        
       
     

       6
        
       	"encoding/json"

     

       7
        
       	"log"

     

       8
        
       	"net/http"

     
···

       11
        
       

     

       12
        
       // GetDiscoverHandler handles discover feed retrieval

     

       13
        
       type GetDiscoverHandler struct {

     

       14
       -
       	service discover.Service

     

       0
        
       
     

       15
        
       }

     

       16
        
       

     

       17
        
       // NewGetDiscoverHandler creates a new discover handler

     

       18
       -
       func NewGetDiscoverHandler(service discover.Service) *GetDiscoverHandler {

     

       19
        
       	return &GetDiscoverHandler{

     

       20
       -
       		service: service,

     

       0
        
       
     

       21
        
       	}

     

       22
        
       }

     

       23
        
       

     

       24
        
       // HandleGetDiscover retrieves posts from all communities (public feed)

     

       25
        
       // GET /xrpc/social.coves.feed.getDiscover?sort=hot&limit=15&cursor=...

     

       26
       -
       // Public endpoint - no authentication required

     

       27
        
       func (h *GetDiscoverHandler) HandleGetDiscover(w http.ResponseWriter, r *http.Request) {

     

       28
        
       	if r.Method != http.MethodGet {

     

       29
        
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     
···

       40
        
       		return

     

       41
        
       	}

     

       42
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       43
        
       	// Transform blob refs to URLs for all posts

     

       44
        
       	for _, feedPost := range response.Feed {

     

       45
        
       		if feedPost.Post != nil {

···

       1
        
       package discover

     

       2
        
       

     

       3
        
       import (

     

       4
       +
       	"Coves/internal/api/handlers/common"

     

       5
        
       	"Coves/internal/core/discover"

     

       6
        
       	"Coves/internal/core/posts"

     

       7
       +
       	"Coves/internal/core/votes"

     

       8
        
       	"encoding/json"

     

       9
        
       	"log"

     

       10
        
       	"net/http"

     
···

       13
        
       

     

       14
        
       // GetDiscoverHandler handles discover feed retrieval

     

       15
        
       type GetDiscoverHandler struct {

     

       16
       +
       	service     discover.Service

     

       17
       +
       	voteService votes.Service

     

       18
        
       }

     

       19
        
       

     

       20
        
       // NewGetDiscoverHandler creates a new discover handler

     

       21
       +
       func NewGetDiscoverHandler(service discover.Service, voteService votes.Service) *GetDiscoverHandler {

     

       22
        
       	return &GetDiscoverHandler{

     

       23
       +
       		service:     service,

     

       24
       +
       		voteService: voteService,

     

       25
        
       	}

     

       26
        
       }

     

       27
        
       

     

       28
        
       // HandleGetDiscover retrieves posts from all communities (public feed)

     

       29
        
       // GET /xrpc/social.coves.feed.getDiscover?sort=hot&limit=15&cursor=...

     

       30
       +
       // Public endpoint with optional auth - if authenticated, includes viewer vote state

     

       31
        
       func (h *GetDiscoverHandler) HandleGetDiscover(w http.ResponseWriter, r *http.Request) {

     

       32
        
       	if r.Method != http.MethodGet {

     

       33
        
       		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)

     
···

       44
        
       		return

     

       45
        
       	}

     

       46
        
       

     

       47
       +
       	// Populate viewer vote state if authenticated

     

       48
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       49
       +
       

     

       50
        
       	// Transform blob refs to URLs for all posts

     

       51
        
       	for _, feedPost := range response.Feed {

     

       52
        
       		if feedPost.Post != nil {

+3 -34

internal/api/handlers/timeline/get_timeline.go

···

       1
        
       package timeline

     

       2
        
       

     

       3
        
       import (

     

       0
        
       
     

       4
        
       	"Coves/internal/api/middleware"

     

       5
        
       	"Coves/internal/core/posts"

     

       6
        
       	"Coves/internal/core/timeline"

     
···

       56
        
       		return

     

       57
        
       	}

     

       58
        
       

     

       59
       -
       	// Populate viewer vote state if authenticated and vote service available

     

       60
       -
       	if h.voteService != nil {

     

       61
       -
       		session := middleware.GetOAuthSession(r)

     

       62
       -
       		if session != nil {

     

       63
       -
       			// Ensure vote cache is populated from PDS

     

       64
       -
       			if err := h.voteService.EnsureCachePopulated(r.Context(), session); err != nil {

     

       65
       -
       				// Log but don't fail - viewer state is optional

     

       66
       -
       				log.Printf("Warning: failed to populate vote cache: %v", err)

     

       67
       -
       			} else {

     

       68
       -
       				// Collect post URIs to batch lookup

     

       69
       -
       				postURIs := make([]string, 0, len(response.Feed))

     

       70
       -
       				for _, feedPost := range response.Feed {

     

       71
       -
       					if feedPost.Post != nil {

     

       72
       -
       						postURIs = append(postURIs, feedPost.Post.URI)

     

       73
       -
       					}

     

       74
       -
       				}

     

       75
       -
       

     

       76
       -
       				// Get viewer votes for all posts

     

       77
       -
       				viewerVotes := h.voteService.GetViewerVotesForSubjects(userDID, postURIs)

     

       78
       -
       

     

       79
       -
       				// Populate viewer state on each post

     

       80
       -
       				for _, feedPost := range response.Feed {

     

       81
       -
       					if feedPost.Post != nil {

     

       82
       -
       						if vote, exists := viewerVotes[feedPost.Post.URI]; exists {

     

       83
       -
       							feedPost.Post.Viewer = &posts.ViewerState{

     

       84
       -
       								Vote:    &vote.Direction,

     

       85
       -
       								VoteURI: &vote.URI,

     

       86
       -
       							}

     

       87
       -
       						}

     

       88
       -
       					}

     

       89
       -
       				}

     

       90
       -
       			}

     

       91
       -
       		}

     

       92
       -
       	}

     

       93
        
       

     

       94
        
       	// Transform blob refs to URLs for all posts

     

       95
        
       	for _, feedPost := range response.Feed {

···

       1
        
       package timeline

     

       2
        
       

     

       3
        
       import (

     

       4
       +
       	"Coves/internal/api/handlers/common"

     

       5
        
       	"Coves/internal/api/middleware"

     

       6
        
       	"Coves/internal/core/posts"

     

       7
        
       	"Coves/internal/core/timeline"

     
···

       57
        
       		return

     

       58
        
       	}

     

       59
        
       

     

       60
       +
       	// Populate viewer vote state if authenticated

     

       61
       +
       	common.PopulateViewerVoteState(r.Context(), r, h.voteService, response.Feed)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       62
        
       

     

       63
        
       	// Transform blob refs to URLs for all posts

     

       64
        
       	for _, feedPost := range response.Feed {

+9 -4

internal/api/routes/discover.go

···

       2
        
       

     

       3
        
       import (

     

       4
        
       	"Coves/internal/api/handlers/discover"

     

       0
        
       
     

       5
        
       	discoverCore "Coves/internal/core/discover"

     

       0
        
       
     

       6
        
       

     

       7
        
       	"github.com/go-chi/chi/v5"

     

       8
        
       )

     
···

       10
        
       // RegisterDiscoverRoutes registers discover-related XRPC endpoints

     

       11
        
       //

     

       12
        
       // SECURITY & RATE LIMITING:

     

       13
       -
       // - Discover feed is PUBLIC (no authentication required)

     

       0
        
       
     

       14
        
       // - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)

     

       15
        
       // - Query timeout enforced via context (prevents long-running queries)

     

       16
        
       // - Result limit capped at 50 posts per request (validated in service layer)

     
···

       18
        
       func RegisterDiscoverRoutes(

     

       19
        
       	r chi.Router,

     

       20
        
       	discoverService discoverCore.Service,

     

       0
        
       
     

       0
        
       
     

       21
        
       ) {

     

       22
        
       	// Create handlers

     

       23
       -
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService)

     

       24
        
       

     

       25
        
       	// GET /xrpc/social.coves.feed.getDiscover

     

       26
       -
       	// Public endpoint - no authentication required

     

       27
        
       	// Shows posts from ALL communities (not personalized)

     

       28
        
       	// Rate limited: 100 req/min per IP via global middleware

     

       29
       -
       	r.Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       30
        
       }

···

       2
        
       

     

       3
        
       import (

     

       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
        
       	discoverCore "Coves/internal/core/discover"

     

       7
       +
       	"Coves/internal/core/votes"

     

       8
        
       

     

       9
        
       	"github.com/go-chi/chi/v5"

     

       10
        
       )

     
···

       12
        
       // RegisterDiscoverRoutes registers discover-related XRPC endpoints

     

       13
        
       //

     

       14
        
       // SECURITY & RATE LIMITING:

     

       15
       +
       // - Discover feed is PUBLIC (works without authentication)

     

       16
       +
       // - Optional auth: if authenticated, includes viewer vote state on posts

     

       17
        
       // - Protected by global rate limiter: 100 requests/minute per IP (main.go:84)

     

       18
        
       // - Query timeout enforced via context (prevents long-running queries)

     

       19
        
       // - Result limit capped at 50 posts per request (validated in service layer)

     
···

       21
        
       func RegisterDiscoverRoutes(

     

       22
        
       	r chi.Router,

     

       23
        
       	discoverService discoverCore.Service,

     

       24
       +
       	voteService votes.Service,

     

       25
       +
       	authMiddleware *middleware.OAuthAuthMiddleware,

     

       26
        
       ) {

     

       27
        
       	// Create handlers

     

       28
       +
       	getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService, voteService)

     

       29
        
       

     

       30
        
       	// GET /xrpc/social.coves.feed.getDiscover

     

       31
       +
       	// Public endpoint with optional auth for viewer-specific state (vote state)

     

       32
        
       	// Shows posts from ALL communities (not personalized)

     

       33
        
       	// Rate limited: 100 req/min per IP via global middleware

     

       34
       +
       	r.With(authMiddleware.OptionalAuth).Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover)

     

       35
        
       }

internal/core/communityFeeds/types.go

···

       31
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       32
        
       }

     

       33
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       34
        
       // FeedReason is a union type for feed context

     

       35
        
       // Can be reasonRepost or reasonPin

     

       36
        
       type FeedReason struct {

···

       31
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       32
        
       }

     

       33
        
       

     

       34
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       35
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       36
       +
       	return f.Post

     

       37
       +
       }

     

       38
       +
       

     

       39
        
       // FeedReason is a union type for feed context

     

       40
        
       // Can be reasonRepost or reasonPin

     

       41
        
       type FeedReason struct {

internal/core/discover/types.go

···

       39
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`

     

       40
        
       }

     

       41
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       42
        
       // FeedReason is a union type for feed context

     

       43
        
       type FeedReason struct {

     

       44
        
       	Repost    *ReasonRepost    `json:"-"`

···

       39
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`

     

       40
        
       }

     

       41
        
       

     

       42
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       43
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       44
       +
       	return f.Post

     

       45
       +
       }

     

       46
       +
       

     

       47
        
       // FeedReason is a union type for feed context

     

       48
        
       type FeedReason struct {

     

       49
        
       	Repost    *ReasonRepost    `json:"-"`

internal/core/timeline/types.go

···

       42
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       43
        
       }

     

       44
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       45
        
       // FeedReason is a union type for feed context

     

       46
        
       // Future: Can be reasonRepost or reasonCommunity

     

       47
        
       type FeedReason struct {

···

       42
        
       	Reply  *ReplyRef       `json:"reply,omitempty"`  // Reply context

     

       43
        
       }

     

       44
        
       

     

       45
       +
       // GetPost returns the underlying PostView for viewer state enrichment

     

       46
       +
       func (f *FeedViewPost) GetPost() *posts.PostView {

     

       47
       +
       	return f.Post

     

       48
       +
       }

     

       49
       +
       

     

       50
        
       // FeedReason is a union type for feed context

     

       51
        
       // Future: Can be reasonRepost or reasonCommunity

     

       52
        
       type FeedReason struct {

+193 -5

tests/integration/discover_test.go

···

       2
        
       

     

       3
        
       import (

     

       4
        
       	"Coves/internal/api/handlers/discover"

     

       0
        
       
     

       0
        
       
     

       5
        
       	"Coves/internal/db/postgres"

     

       6
        
       	"context"

     

       7
        
       	"encoding/json"

     
···

       13
        
       

     

       14
        
       	discoverCore "Coves/internal/core/discover"

     

       15
        
       

     

       0
        
       
     

       0
        
       
     

       16
        
       	"github.com/stretchr/testify/assert"

     

       17
        
       	"github.com/stretchr/testify/require"

     

       18
        
       )

     

       19
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       20
        
       // TestGetDiscover_ShowsAllCommunities tests discover feed shows posts from ALL communities

     

       21
        
       func TestGetDiscover_ShowsAllCommunities(t *testing.T) {

     

       22
        
       	if testing.Short() {

     
···

       29
        
       	// Setup services

     

       30
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       31
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       32
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       33
        
       

     

       34
        
       	ctx := context.Background()

     

       35
        
       	testID := time.Now().UnixNano()

     
···

       100
        
       	// Setup services

     

       101
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       102
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       103
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       104
        
       

     

       105
        
       	ctx := context.Background()

     

       106
        
       	testID := time.Now().UnixNano()

     
···

       147
        
       	// Setup services

     

       148
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       149
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       150
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       151
        
       

     

       152
        
       	ctx := context.Background()

     

       153
        
       	testID := time.Now().UnixNano()

     
···

       197
        
       	// Setup services

     

       198
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       199
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       200
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       201
        
       

     

       202
        
       	ctx := context.Background()

     

       203
        
       	testID := time.Now().UnixNano()

     
···

       254
        
       	// Setup services

     

       255
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       256
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       257
       -
       	handler := discover.NewGetDiscoverHandler(discoverService)

     

       258
        
       

     

       259
        
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       260
        
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)

     
···

       271
        
       		assert.Contains(t, errorResp["message"], "limit")

     

       272
        
       	})

     

       273
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       2
        
       

     

       3
        
       import (

     

       4
        
       	"Coves/internal/api/handlers/discover"

     

       5
       +
       	"Coves/internal/api/middleware"

     

       6
       +
       	"Coves/internal/core/votes"

     

       7
        
       	"Coves/internal/db/postgres"

     

       8
        
       	"context"

     

       9
        
       	"encoding/json"

     
···

       15
        
       

     

       16
        
       	discoverCore "Coves/internal/core/discover"

     

       17
        
       

     

       18
       +
       	oauthlib "github.com/bluesky-social/indigo/atproto/auth/oauth"

     

       19
       +
       	"github.com/bluesky-social/indigo/atproto/syntax"

     

       20
        
       	"github.com/stretchr/testify/assert"

     

       21
        
       	"github.com/stretchr/testify/require"

     

       22
        
       )

     

       23
        
       

     

       24
       +
       // mockVoteService implements votes.Service for testing viewer vote state

     

       25
       +
       type mockVoteService struct {

     

       26
       +
       	cachedVotes map[string]*votes.CachedVote // userDID:subjectURI -> vote

     

       27
       +
       }

     

       28
       +
       

     

       29
       +
       func newMockVoteService() *mockVoteService {

     

       30
       +
       	return &mockVoteService{

     

       31
       +
       		cachedVotes: make(map[string]*votes.CachedVote),

     

       32
       +
       	}

     

       33
       +
       }

     

       34
       +
       

     

       35
       +
       func (m *mockVoteService) AddVote(userDID, subjectURI, direction, voteURI string) {

     

       36
       +
       	key := userDID + ":" + subjectURI

     

       37
       +
       	m.cachedVotes[key] = &votes.CachedVote{

     

       38
       +
       		Direction: direction,

     

       39
       +
       		URI:       voteURI,

     

       40
       +
       	}

     

       41
       +
       }

     

       42
       +
       

     

       43
       +
       func (m *mockVoteService) CreateVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.CreateVoteRequest) (*votes.CreateVoteResponse, error) {

     

       44
       +
       	return &votes.CreateVoteResponse{}, nil

     

       45
       +
       }

     

       46
       +
       

     

       47
       +
       func (m *mockVoteService) DeleteVote(_ context.Context, _ *oauthlib.ClientSessionData, _ votes.DeleteVoteRequest) error {

     

       48
       +
       	return nil

     

       49
       +
       }

     

       50
       +
       

     

       51
       +
       func (m *mockVoteService) EnsureCachePopulated(_ context.Context, _ *oauthlib.ClientSessionData) error {

     

       52
       +
       	return nil // Mock always succeeds - votes pre-populated via AddVote

     

       53
       +
       }

     

       54
       +
       

     

       55
       +
       func (m *mockVoteService) GetViewerVote(userDID, subjectURI string) *votes.CachedVote {

     

       56
       +
       	key := userDID + ":" + subjectURI

     

       57
       +
       	return m.cachedVotes[key]

     

       58
       +
       }

     

       59
       +
       

     

       60
       +
       func (m *mockVoteService) GetViewerVotesForSubjects(userDID string, subjectURIs []string) map[string]*votes.CachedVote {

     

       61
       +
       	result := make(map[string]*votes.CachedVote)

     

       62
       +
       	for _, uri := range subjectURIs {

     

       63
       +
       		key := userDID + ":" + uri

     

       64
       +
       		if vote, exists := m.cachedVotes[key]; exists {

     

       65
       +
       			result[uri] = vote

     

       66
       +
       		}

     

       67
       +
       	}

     

       68
       +
       	return result

     

       69
       +
       }

     

       70
       +
       

     

       71
        
       // TestGetDiscover_ShowsAllCommunities tests discover feed shows posts from ALL communities

     

       72
        
       func TestGetDiscover_ShowsAllCommunities(t *testing.T) {

     

       73
        
       	if testing.Short() {

     
···

       80
        
       	// Setup services

     

       81
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       82
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       83
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       84
        
       

     

       85
        
       	ctx := context.Background()

     

       86
        
       	testID := time.Now().UnixNano()

     
···

       151
        
       	// Setup services

     

       152
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       153
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       154
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil) // nil vote service - tests don't need vote state

     

       155
        
       

     

       156
        
       	ctx := context.Background()

     

       157
        
       	testID := time.Now().UnixNano()

     
···

       198
        
       	// Setup services

     

       199
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       200
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       201
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       202
        
       

     

       203
        
       	ctx := context.Background()

     

       204
        
       	testID := time.Now().UnixNano()

     
···

       248
        
       	// Setup services

     

       249
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       250
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       251
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       252
        
       

     

       253
        
       	ctx := context.Background()

     

       254
        
       	testID := time.Now().UnixNano()

     
···

       305
        
       	// Setup services

     

       306
        
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       307
        
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       308
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, nil)

     

       309
        
       

     

       310
        
       	t.Run("Limit exceeds maximum", func(t *testing.T) {

     

       311
        
       		req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=100", nil)

     
···

       322
        
       		assert.Contains(t, errorResp["message"], "limit")

     

       323
        
       	})

     

       324
        
       }

     

       325
       +
       

     

       326
       +
       // TestGetDiscover_ViewerVoteState tests that authenticated users see their vote state on posts

     

       327
       +
       func TestGetDiscover_ViewerVoteState(t *testing.T) {

     

       328
       +
       	if testing.Short() {

     

       329
       +
       		t.Skip("Skipping integration test in short mode")

     

       330
       +
       	}

     

       331
       +
       

     

       332
       +
       	db := setupTestDB(t)

     

       333
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       334
       +
       

     

       335
       +
       	ctx := context.Background()

     

       336
       +
       	testID := time.Now().UnixNano()

     

       337
       +
       

     

       338
       +
       	// Create community and posts

     

       339
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("votes-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       340
       +
       	require.NoError(t, err)

     

       341
       +
       

     

       342
       +
       	post1URI := createTestPost(t, db, communityDID, "did:plc:author1", "Post with upvote", 10, time.Now().Add(-1*time.Hour))

     

       343
       +
       	post2URI := createTestPost(t, db, communityDID, "did:plc:author2", "Post with downvote", 5, time.Now().Add(-2*time.Hour))

     

       344
       +
       	_ = createTestPost(t, db, communityDID, "did:plc:author3", "Post without vote", 3, time.Now().Add(-3*time.Hour))

     

       345
       +
       

     

       346
       +
       	// Setup mock vote service with pre-populated votes

     

       347
       +
       	viewerDID := "did:plc:viewer123"

     

       348
       +
       	mockVotes := newMockVoteService()

     

       349
       +
       	mockVotes.AddVote(viewerDID, post1URI, "up", "at://"+viewerDID+"/social.coves.vote/vote1")

     

       350
       +
       	mockVotes.AddVote(viewerDID, post2URI, "down", "at://"+viewerDID+"/social.coves.vote/vote2")

     

       351
       +
       

     

       352
       +
       	// Setup handler with mock vote service

     

       353
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       354
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       355
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       356
       +
       

     

       357
       +
       	// Create request with authenticated user context

     

       358
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       359
       +
       

     

       360
       +
       	// Inject OAuth session into context (simulates OptionalAuth middleware)

     

       361
       +
       	did, _ := syntax.ParseDID(viewerDID)

     

       362
       +
       	session := &oauthlib.ClientSessionData{

     

       363
       +
       		AccountDID:  did,

     

       364
       +
       		AccessToken: "test_token",

     

       365
       +
       	}

     

       366
       +
       	reqCtx := context.WithValue(req.Context(), middleware.UserDIDKey, viewerDID)

     

       367
       +
       	reqCtx = context.WithValue(reqCtx, middleware.OAuthSessionKey, session)

     

       368
       +
       	req = req.WithContext(reqCtx)

     

       369
       +
       

     

       370
       +
       	rec := httptest.NewRecorder()

     

       371
       +
       	handler.HandleGetDiscover(rec, req)

     

       372
       +
       

     

       373
       +
       	// Assertions

     

       374
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       375
       +
       

     

       376
       +
       	var response discoverCore.DiscoverResponse

     

       377
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       378
       +
       	require.NoError(t, err)

     

       379
       +
       

     

       380
       +
       	// Find our test posts and verify vote state

     

       381
       +
       	var foundPost1, foundPost2, foundPost3 bool

     

       382
       +
       	for _, feedPost := range response.Feed {

     

       383
       +
       		switch feedPost.Post.URI {

     

       384
       +
       		case post1URI:

     

       385
       +
       			foundPost1 = true

     

       386
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post1 should have viewer state")

     

       387
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post1 should have vote direction")

     

       388
       +
       			assert.Equal(t, "up", *feedPost.Post.Viewer.Vote, "Post1 should show upvote")

     

       389
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post1 should have vote URI")

     

       390
       +
       			assert.Contains(t, *feedPost.Post.Viewer.VoteURI, "vote1", "Post1 should have correct vote URI")

     

       391
       +
       

     

       392
       +
       		case post2URI:

     

       393
       +
       			foundPost2 = true

     

       394
       +
       			require.NotNil(t, feedPost.Post.Viewer, "Post2 should have viewer state")

     

       395
       +
       			require.NotNil(t, feedPost.Post.Viewer.Vote, "Post2 should have vote direction")

     

       396
       +
       			assert.Equal(t, "down", *feedPost.Post.Viewer.Vote, "Post2 should show downvote")

     

       397
       +
       			require.NotNil(t, feedPost.Post.Viewer.VoteURI, "Post2 should have vote URI")

     

       398
       +
       

     

       399
       +
       		default:

     

       400
       +
       			// Posts without votes should have nil Viewer or nil Vote

     

       401
       +
       			if feedPost.Post.Viewer != nil && feedPost.Post.Viewer.Vote != nil {

     

       402
       +
       				// This post has a vote from our viewer - it's not post3

     

       403
       +
       				continue

     

       404
       +
       			}

     

       405
       +
       			foundPost3 = true

     

       406
       +
       		}

     

       407
       +
       	}

     

       408
       +
       

     

       409
       +
       	assert.True(t, foundPost1, "Should find post1 with upvote")

     

       410
       +
       	assert.True(t, foundPost2, "Should find post2 with downvote")

     

       411
       +
       	assert.True(t, foundPost3, "Should find post3 without vote")

     

       412
       +
       }

     

       413
       +
       

     

       414
       +
       // TestGetDiscover_NoViewerStateWithoutAuth tests that unauthenticated users don't get viewer state

     

       415
       +
       func TestGetDiscover_NoViewerStateWithoutAuth(t *testing.T) {

     

       416
       +
       	if testing.Short() {

     

       417
       +
       		t.Skip("Skipping integration test in short mode")

     

       418
       +
       	}

     

       419
       +
       

     

       420
       +
       	db := setupTestDB(t)

     

       421
       +
       	t.Cleanup(func() { _ = db.Close() })

     

       422
       +
       

     

       423
       +
       	ctx := context.Background()

     

       424
       +
       	testID := time.Now().UnixNano()

     

       425
       +
       

     

       426
       +
       	// Create community and post

     

       427
       +
       	communityDID, err := createFeedTestCommunity(db, ctx, fmt.Sprintf("noauth-%d", testID), fmt.Sprintf("alice-%d.test", testID))

     

       428
       +
       	require.NoError(t, err)

     

       429
       +
       

     

       430
       +
       	postURI := createTestPost(t, db, communityDID, "did:plc:author", "Some post", 10, time.Now())

     

       431
       +
       

     

       432
       +
       	// Setup mock vote service with a vote (but request will be unauthenticated)

     

       433
       +
       	mockVotes := newMockVoteService()

     

       434
       +
       	mockVotes.AddVote("did:plc:someuser", postURI, "up", "at://did:plc:someuser/social.coves.vote/vote1")

     

       435
       +
       

     

       436
       +
       	// Setup handler with mock vote service

     

       437
       +
       	discoverRepo := postgres.NewDiscoverRepository(db, "test-cursor-secret")

     

       438
       +
       	discoverService := discoverCore.NewDiscoverService(discoverRepo)

     

       439
       +
       	handler := discover.NewGetDiscoverHandler(discoverService, mockVotes)

     

       440
       +
       

     

       441
       +
       	// Create request WITHOUT auth context

     

       442
       +
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getDiscover?sort=new&limit=50", nil)

     

       443
       +
       	rec := httptest.NewRecorder()

     

       444
       +
       	handler.HandleGetDiscover(rec, req)

     

       445
       +
       

     

       446
       +
       	// Should succeed

     

       447
       +
       	assert.Equal(t, http.StatusOK, rec.Code)

     

       448
       +
       

     

       449
       +
       	var response discoverCore.DiscoverResponse

     

       450
       +
       	err = json.Unmarshal(rec.Body.Bytes(), &response)

     

       451
       +
       	require.NoError(t, err)

     

       452
       +
       

     

       453
       +
       	// Find our post and verify NO viewer state (unauthenticated)

     

       454
       +
       	for _, feedPost := range response.Feed {

     

       455
       +
       		if feedPost.Post.URI == postURI {

     

       456
       +
       			assert.Nil(t, feedPost.Post.Viewer, "Unauthenticated request should not have viewer state")

     

       457
       +
       			return

     

       458
       +
       		}

     

       459
       +
       	}

     

       460
       +
       	t.Fatal("Test post not found in response")

     

       461
       +
       }

+11 -11

tests/integration/feed_test.go

···

       37
        
       		nil,

     

       38
        
       	)

     

       39
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       40
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       41
        
       

     

       42
        
       	// Setup test data: community, users, and posts

     

       43
        
       	ctx := context.Background()

     
···

       114
        
       		nil,

     

       115
        
       	)

     

       116
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       117
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       118
        
       

     

       119
        
       	// Setup test data

     

       120
        
       	ctx := context.Background()

     
···

       190
        
       		nil,

     

       191
        
       	)

     

       192
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       193
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       194
        
       

     

       195
        
       	// Setup test data

     

       196
        
       	ctx := context.Background()

     
···

       246
        
       		nil,

     

       247
        
       	)

     

       248
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       249
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       250
        
       

     

       251
        
       	// Setup test data with many posts

     

       252
        
       	ctx := context.Background()

     
···

       337
        
       		nil,

     

       338
        
       	)

     

       339
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       340
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       341
        
       

     

       342
        
       	// Request feed for non-existent community

     

       343
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.communityFeed.getCommunity?community=did:plc:nonexistent&sort=hot&limit=10", nil)

     
···

       373
        
       		nil,

     

       374
        
       	)

     

       375
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       376
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       377
        
       

     

       378
        
       	// Setup test community

     

       379
        
       	ctx := context.Background()

     
···

       429
        
       		nil,

     

       430
        
       	)

     

       431
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       432
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       433
        
       

     

       434
        
       	// Create community with no posts

     

       435
        
       	ctx := context.Background()

     
···

       473
        
       		nil,

     

       474
        
       	)

     

       475
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       476
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       477
        
       

     

       478
        
       	// Setup test community

     

       479
        
       	ctx := context.Background()

     
···

       526
        
       		nil,

     

       527
        
       	)

     

       528
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       529
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       530
        
       

     

       531
        
       	// Setup test data

     

       532
        
       	ctx := context.Background()

     
···

       627
        
       		nil,

     

       628
        
       	)

     

       629
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       630
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       631
        
       

     

       632
        
       	// Setup test data

     

       633
        
       	ctx := context.Background()

     
···

       720
        
       		nil,

     

       721
        
       	)

     

       722
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       723
       -
       	handler := communityFeed.NewGetCommunityHandler(feedService)

     

       724
        
       

     

       725
        
       	// Setup test data

     

       726
        
       	ctx := context.Background()

···

       37
        
       		nil,

     

       38
        
       	)

     

       39
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       40
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       41
        
       

     

       42
        
       	// Setup test data: community, users, and posts

     

       43
        
       	ctx := context.Background()

     
···

       114
        
       		nil,

     

       115
        
       	)

     

       116
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       117
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       118
        
       

     

       119
        
       	// Setup test data

     

       120
        
       	ctx := context.Background()

     
···

       190
        
       		nil,

     

       191
        
       	)

     

       192
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       193
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       194
        
       

     

       195
        
       	// Setup test data

     

       196
        
       	ctx := context.Background()

     
···

       246
        
       		nil,

     

       247
        
       	)

     

       248
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       249
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       250
        
       

     

       251
        
       	// Setup test data with many posts

     

       252
        
       	ctx := context.Background()

     
···

       337
        
       		nil,

     

       338
        
       	)

     

       339
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       340
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       341
        
       

     

       342
        
       	// Request feed for non-existent community

     

       343
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.communityFeed.getCommunity?community=did:plc:nonexistent&sort=hot&limit=10", nil)

     
···

       373
        
       		nil,

     

       374
        
       	)

     

       375
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       376
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       377
        
       

     

       378
        
       	// Setup test community

     

       379
        
       	ctx := context.Background()

     
···

       429
        
       		nil,

     

       430
        
       	)

     

       431
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       432
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       433
        
       

     

       434
        
       	// Create community with no posts

     

       435
        
       	ctx := context.Background()

     
···

       473
        
       		nil,

     

       474
        
       	)

     

       475
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       476
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       477
        
       

     

       478
        
       	// Setup test community

     

       479
        
       	ctx := context.Background()

     
···

       526
        
       		nil,

     

       527
        
       	)

     

       528
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       529
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       530
        
       

     

       531
        
       	// Setup test data

     

       532
        
       	ctx := context.Background()

     
···

       627
        
       		nil,

     

       628
        
       	)

     

       629
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       630
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       631
        
       

     

       632
        
       	// Setup test data

     

       633
        
       	ctx := context.Background()

     
···

       720
        
       		nil,

     

       721
        
       	)

     

       722
        
       	feedService := communityFeeds.NewCommunityFeedService(feedRepo, communityService)

     

       723
       +
       	handler := communityFeed.NewGetCommunityHandler(feedService, nil)

     

       724
        
       

     

       725
        
       	// Setup test data

     

       726
        
       	ctx := context.Background()

+7 -7

tests/integration/timeline_test.go

···

       30
        
       	// Setup services

     

       31
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       32
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       33
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       34
        
       

     

       35
        
       	ctx := context.Background()

     

       36
        
       	testID := time.Now().UnixNano()

     
···

       119
        
       	// Setup services

     

       120
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       121
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       122
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       123
        
       

     

       124
        
       	ctx := context.Background()

     

       125
        
       	testID := time.Now().UnixNano()

     
···

       190
        
       	// Setup services

     

       191
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       192
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       193
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       194
        
       

     

       195
        
       	ctx := context.Background()

     

       196
        
       	testID := time.Now().UnixNano()

     
···

       266
        
       	// Setup services

     

       267
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       268
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       269
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       270
        
       

     

       271
        
       	ctx := context.Background()

     

       272
        
       	testID := time.Now().UnixNano()

     
···

       308
        
       	// Setup services

     

       309
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       310
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       311
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       312
        
       

     

       313
        
       	// Request timeline WITHOUT auth context

     

       314
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     
···

       337
        
       	// Setup services

     

       338
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       339
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       340
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       341
        
       

     

       342
        
       	ctx := context.Background()

     

       343
        
       	testID := time.Now().UnixNano()

     
···

       388
        
       	// Setup services

     

       389
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       390
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       391
       -
       	handler := timeline.NewGetTimelineHandler(timelineService)

     

       392
        
       

     

       393
        
       	ctx := context.Background()

     

       394
        
       	testID := time.Now().UnixNano()

···

       30
        
       	// Setup services

     

       31
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       32
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       33
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       34
        
       

     

       35
        
       	ctx := context.Background()

     

       36
        
       	testID := time.Now().UnixNano()

     
···

       119
        
       	// Setup services

     

       120
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       121
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       122
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       123
        
       

     

       124
        
       	ctx := context.Background()

     

       125
        
       	testID := time.Now().UnixNano()

     
···

       190
        
       	// Setup services

     

       191
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       192
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       193
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       194
        
       

     

       195
        
       	ctx := context.Background()

     

       196
        
       	testID := time.Now().UnixNano()

     
···

       266
        
       	// Setup services

     

       267
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       268
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       269
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       270
        
       

     

       271
        
       	ctx := context.Background()

     

       272
        
       	testID := time.Now().UnixNano()

     
···

       308
        
       	// Setup services

     

       309
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       310
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       311
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       312
        
       

     

       313
        
       	// Request timeline WITHOUT auth context

     

       314
        
       	req := httptest.NewRequest(http.MethodGet, "/xrpc/social.coves.feed.getTimeline?sort=new&limit=10", nil)

     
···

       337
        
       	// Setup services

     

       338
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       339
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       340
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       341
        
       

     

       342
        
       	ctx := context.Background()

     

       343
        
       	testID := time.Now().UnixNano()

     
···

       388
        
       	// Setup services

     

       389
        
       	timelineRepo := postgres.NewTimelineRepository(db, "test-cursor-secret")

     

       390
        
       	timelineService := timelineCore.NewTimelineService(timelineRepo)

     

       391
       +
       	handler := timeline.NewGetTimelineHandler(timelineService, nil)

     

       392
        
       

     

       393
        
       	ctx := context.Background()

     

       394
        
       	testID := time.Now().UnixNano()

+1 -1

tests/integration/user_journey_e2e_test.go

···

       143
        
       	r := chi.NewRouter()

     

       144
        
       	routes.RegisterCommunityRoutes(r, communityService, e2eAuth.OAuthAuthMiddleware, nil) // nil = allow all community creators

     

       145
        
       	routes.RegisterPostRoutes(r, postService, e2eAuth.OAuthAuthMiddleware)

     

       146
       -
       	routes.RegisterTimelineRoutes(r, timelineService, e2eAuth.OAuthAuthMiddleware)

     

       147
        
       	httpServer := httptest.NewServer(r)

     

       148
        
       	defer httpServer.Close()

     

       149

···

       143
        
       	r := chi.NewRouter()

     

       144
        
       	routes.RegisterCommunityRoutes(r, communityService, e2eAuth.OAuthAuthMiddleware, nil) // nil = allow all community creators

     

       145
        
       	routes.RegisterPostRoutes(r, postService, e2eAuth.OAuthAuthMiddleware)

     

       146
       +
       	routes.RegisterTimelineRoutes(r, timelineService, nil, e2eAuth.OAuthAuthMiddleware)

     

       147
        
       	httpServer := httptest.NewServer(r)

     

       148
        
       	defer httpServer.Close()

     

       149

Compare changes