comparing 55d28bb28a7933c562d5ead1d855fe15a458dd38 and feat/vote-xrpc-endpoints on bretton.dev/coves

+16

tests/integration/helpers.go

···

       322
       322
        
       

     

       323
       323
        
       // AddSession adds a session to the store

     

       324
       324
        
       func (m *MockOAuthStore) AddSession(did, sessionID, accessToken string) {

     

       325
       325
       +
       	m.AddSessionWithPDS(did, sessionID, accessToken, getTestPDSURL())

     

       326
       326
       +
       }

     

       327
       327
       +
       

     

       328
       328
       +
       // AddSessionWithPDS adds a session to the store with a specific PDS URL

     

       329
       329
       +
       func (m *MockOAuthStore) AddSessionWithPDS(did, sessionID, accessToken, pdsURL string) {

     

       325
       330
        
       	key := did + ":" + sessionID

     

       326
       331
        
       	parsedDID, _ := syntax.ParseDID(did)

     

       327
       332
        
       	m.sessions[key] = &oauthlib.ClientSessionData{

     

       328
       333
        
       		AccountDID:  parsedDID,

     

       329
       334
        
       		SessionID:   sessionID,

     

       330
       335
        
       		AccessToken: accessToken,

     

       336
       336
       +
       		HostURL:     pdsURL,

     

       331
       337
        
       	}

     

       332
       338
        
       }

     

       333
       339
        
       

     
···

       409
       415
        
       	e.store.AddSession(did, sessionID, "access-token-"+did)

     

       410
       416
        
       	return token

     

       411
       417
        
       }

     

       418
       418
       +
       

     

       419
       419
       +
       // AddUserWithPDSToken registers a user with their real PDS access token

     

       420
       420
       +
       // Use this for E2E tests that need to write to the real PDS

     

       421
       421
       +
       func (e *E2EOAuthMiddleware) AddUserWithPDSToken(did, pdsAccessToken, pdsURL string) string {

     

       422
       422
       +
       	token := "test-token-" + did

     

       423
       423
       +
       	sessionID := "session-" + did

     

       424
       424
       +
       	e.unsealer.AddSession(token, did, sessionID)

     

       425
       425
       +
       	e.store.AddSessionWithPDS(did, sessionID, pdsAccessToken, pdsURL)

     

       426
       426
       +
       	return token

     

       427
       427
       +
       }

+3

.beads/beads.left.jsonl

···

       1
       1
       +
       {"id":"Coves-95q","content_hash":"8ec99d598f067780436b985f9ad57f0fa19632026981038df4f65f192186620b","title":"Add comprehensive API documentation","description":"","status":"open","priority":2,"issue_type":"task","created_at":"2025-11-17T20:30:34.835721854-08:00","updated_at":"2025-11-17T20:30:34.835721854-08:00","source_repo":".","dependencies":[{"issue_id":"Coves-95q","depends_on_id":"Coves-e16","type":"blocks","created_at":"2025-11-17T20:30:46.273899399-08:00","created_by":"daemon"}]}

     

       2
       2
       +
       {"id":"Coves-e16","content_hash":"7c5d0fc8f0e7f626be3dad62af0e8412467330bad01a244e5a7e52ac5afff1c1","title":"Complete post creation and moderation features","description":"","status":"open","priority":1,"issue_type":"feature","created_at":"2025-11-17T20:30:12.885991306-08:00","updated_at":"2025-11-17T20:30:12.885991306-08:00","source_repo":"."}

     

       3
       3
       +
       {"id":"Coves-fce","content_hash":"26b3e16b99f827316ee0d741cc959464bd0c813446c95aef8105c7fd1e6b09ff","title":"Implement aggregator feed federation","description":"","status":"open","priority":1,"issue_type":"feature","created_at":"2025-11-17T20:30:21.453326012-08:00","updated_at":"2025-11-17T20:30:21.453326012-08:00","source_repo":"."}

+1

.beads/beads.left.meta.json

···

       1
       1
       +
       {"version":"0.23.1","timestamp":"2025-12-02T18:25:24.009187871-08:00","commit":"00d7d8d"}

+5 -28

cmd/server/main.go

···

       393
       393
        
       	commentRepo := postgresRepo.NewCommentRepository(db)

     

       394
       394
        
       	log.Println("✅ Comment repository initialized (Jetstream indexing only)")

     

       395
       395
        
       

     

       396
       396
       -
       	// Initialize subject validator for votes (checks posts and comments exist)

     

       397
       397
       -
       	subjectValidator := votes.NewCompositeSubjectValidator(

     

       398
       398
       -
       		// Post existence checker

     

       399
       399
       -
       		func(ctx context.Context, uri string) (bool, error) {

     

       400
       400
       -
       			_, err := postRepo.GetByURI(ctx, uri)

     

       401
       401
       -
       			if err != nil {

     

       402
       402
       -
       				if err == posts.ErrNotFound {

     

       403
       403
       -
       					return false, nil

     

       404
       404
       -
       				}

     

       405
       405
       -
       				return false, err

     

       406
       406
       -
       			}

     

       407
       407
       -
       			return true, nil

     

       408
       408
       -
       		},

     

       409
       409
       -
       		// Comment existence checker

     

       410
       410
       -
       		func(ctx context.Context, uri string) (bool, error) {

     

       411
       411
       -
       			_, err := commentRepo.GetByURI(ctx, uri)

     

       412
       412
       -
       			if err != nil {

     

       413
       413
       -
       				if err == comments.ErrCommentNotFound {

     

       414
       414
       -
       					return false, nil

     

       415
       415
       -
       				}

     

       416
       416
       -
       				return false, err

     

       417
       417
       -
       			}

     

       418
       418
       -
       			return true, nil

     

       419
       419
       -
       		},

     

       420
       420
       -
       	)

     

       421
       421
       -
       

     

       422
       396
        
       	// Initialize vote service (for XRPC API endpoints)

     

       423
       423
       -
       	voteService := votes.NewService(voteRepo, subjectValidator, oauthClient, oauthStore, nil)

     

       424
       424
       -
       	log.Println("✅ Vote service initialized (with OAuth authentication and subject validation)")

     

       397
       397
       +
       	// Note: We don't validate subject existence - the vote goes to the user's PDS regardless.

     

       398
       398
       +
       	// The Jetstream consumer handles orphaned votes correctly by only updating counts for

     

       399
       399
       +
       	// non-deleted subjects. This avoids race conditions and eventual consistency issues.

     

       400
       400
       +
       	voteService := votes.NewService(voteRepo, oauthClient, oauthStore, nil)

     

       401
       401
       +
       	log.Println("✅ Vote service initialized (with OAuth authentication)")

     

       425
       402
        
       

     

       426
       403
        
       	// Initialize comment service (for query API)

     

       427
       404
        
       	// Requires user and community repos for proper author/community hydration per lexicon

+2 -8

internal/api/handlers/vote/create_vote_test.go

···

       344
       344
        
       

     

       345
       345
        
       func TestCreateVoteHandler_ServiceError(t *testing.T) {

     

       346
       346
        
       	tests := []struct {

     

       347
       347
       -
       		name           string

     

       348
       347
        
       		serviceError   error

     

       349
       349
       -
       		expectedStatus int

     

       348
       348
       +
       		name           string

     

       350
       349
        
       		expectedError  string

     

       350
       350
       +
       		expectedStatus int

     

       351
       351
        
       	}{

     

       352
       352
       -
       		{

     

       353
       353
       -
       			name:           "subject not found",

     

       354
       354
       -
       			serviceError:   votes.ErrSubjectNotFound,

     

       355
       355
       -
       			expectedStatus: http.StatusNotFound,

     

       356
       356
       -
       			expectedError:  "SubjectNotFound", // Per lexicon: social.coves.feed.vote.create#SubjectNotFound

     

       357
       357
       -
       		},

     

       358
       352
        
       		{

     

       359
       353
        
       			name:           "invalid direction",

     

       360
       354
        
       			serviceError:   votes.ErrInvalidDirection,

+2 -8

internal/api/handlers/vote/delete_vote_test.go

···

       239
       239
        
       

     

       240
       240
        
       func TestDeleteVoteHandler_ServiceError(t *testing.T) {

     

       241
       241
        
       	tests := []struct {

     

       242
       242
       -
       		name           string

     

       243
       242
        
       		serviceError   error

     

       244
       244
       -
       		expectedStatus int

     

       243
       243
       +
       		name           string

     

       245
       244
        
       		expectedError  string

     

       245
       245
       +
       		expectedStatus int

     

       246
       246
        
       	}{

     

       247
       247
        
       		{

     

       248
       248
        
       			name:           "vote not found",

     
···

       250
       250
        
       			expectedStatus: http.StatusNotFound,

     

       251
       251
        
       			expectedError:  "VoteNotFound", // Per lexicon: social.coves.feed.vote.delete#VoteNotFound

     

       252
       252
        
       		},

     

       253
       253
       -
       		{

     

       254
       254
       -
       			name:           "subject not found",

     

       255
       255
       -
       			serviceError:   votes.ErrSubjectNotFound,

     

       256
       256
       -
       			expectedStatus: http.StatusNotFound,

     

       257
       257
       -
       			expectedError:  "SubjectNotFound", // Per lexicon: social.coves.feed.vote.create#SubjectNotFound

     

       258
       258
       -
       		},

     

       259
       253
        
       		{

     

       260
       254
        
       			name:           "invalid subject",

     

       261
       255
        
       			serviceError:   votes.ErrInvalidSubject,

-4

internal/atproto/lexicon/social/coves/feed/vote/create.json

···

       44
       44
        
               }

     

       45
       45
        
             },

     

       46
       46
        
             "errors": [

     

       47
       47
       -
               {

     

       48
       48
       -
                 "name": "SubjectNotFound",

     

       49
       49
       -
                 "description": "The subject post or comment was not found"

     

       50
       50
       -
               },

     

       51
       47
        
               {

     

       52
       48
        
                 "name": "NotAuthorized",

     

       53
       49
        
                 "description": "User is not authorized to vote on this content"

+4 -4

internal/atproto/oauth/handlers_security.go

···

       25
       25
        
       // - Android: Verified via /.well-known/assetlinks.json

     

       26
       26
        
       var allowedMobileRedirectURIs = map[string]bool{

     

       27
       27
        
       	// Custom scheme per atproto spec (reverse-domain of coves.social)

     

       28
       28
       -
       	"social.coves:/callback":                  true,

     

       29
       29
       -
       	"social.coves://callback":                 true, // Some platforms add double slash

     

       30
       30
       -
       	"social.coves:/oauth/callback":            true, // Alternative path

     

       31
       31
       -
       	"social.coves://oauth/callback":           true,

     

       28
       28
       +
       	"social.coves:/callback":        true,

     

       29
       29
       +
       	"social.coves://callback":       true, // Some platforms add double slash

     

       30
       30
       +
       	"social.coves:/oauth/callback":  true, // Alternative path

     

       31
       31
       +
       	"social.coves://oauth/callback": true,

     

       32
       32
        
       	// Universal Links - cryptographically bound to app (preferred for security)

     

       33
       33
        
       	"https://coves.social/app/oauth/callback": true,

     

       34
       34
        
       }

-3

internal/core/votes/errors.go

···

       6
       6
        
       	// ErrVoteNotFound indicates the requested vote doesn't exist

     

       7
       7
        
       	ErrVoteNotFound = errors.New("vote not found")

     

       8
       8
        
       

     

       9
       9
       -
       	// ErrSubjectNotFound indicates the post/comment being voted on doesn't exist

     

       10
       10
       -
       	ErrSubjectNotFound = errors.New("subject not found")

     

       11
       11
       -
       

     

       12
       9
        
       	// ErrInvalidDirection indicates the vote direction is not "up" or "down"

     

       13
       10
        
       	ErrInvalidDirection = errors.New("invalid vote direction: must be 'up' or 'down'")

     

       14
       11

+10 -6

internal/core/votes/service.go

···

       10
       10
        
       // Implements write-forward pattern: validates requests, then forwards to user's PDS

     

       11
       11
        
       //

     

       12
       12
        
       // Architecture:

     

       13
       13
       -
       // - Service validates input and checks authorization

     

       14
       14
       -
       // - Queries user's PDS directly via com.atproto.repo.listRecords to check existing votes

     

       15
       15
       -
       //   (avoids eventual consistency issues with AppView database)

     

       16
       16
       -
       // - Creates/deletes vote records via com.atproto.repo.createRecord/deleteRecord

     

       17
       17
       -
       // - AppView indexes resulting records from Jetstream firehose for aggregate counts

     

       13
       13
       +
       //   - Service validates input and checks authorization

     

       14
       14
       +
       //   - Queries user's PDS directly via com.atproto.repo.listRecords to check existing votes

     

       15
       15
       +
       //     (avoids eventual consistency issues with AppView database)

     

       16
       16
       +
       //   - Creates/deletes vote records via com.atproto.repo.createRecord/deleteRecord

     

       17
       17
       +
       //   - AppView indexes resulting records from Jetstream firehose for aggregate counts

     

       18
       18
        
       type Service interface {

     

       19
       19
        
       	// CreateVote creates a new vote or toggles off an existing vote

     

       20
       20
        
       	// Returns URI and CID of created vote, or empty strings if toggled off

     
···

       22
       22
        
       	// Validation:

     

       23
       23
        
       	// - Direction must be "up" or "down" (returns ErrInvalidDirection)

     

       24
       24
        
       	// - Subject URI must be valid AT-URI (returns ErrInvalidSubject)

     

       25
       25
       -
       	// - Subject must exist (returns ErrSubjectNotFound)

     

       25
       25
       +
       	// - Subject CID must be provided (returns ErrInvalidSubject)

     

       26
       26
       +
       	//

     

       27
       27
       +
       	// Note: Subject existence is NOT validated. Votes on non-existent or deleted

     

       28
       28
       +
       	// subjects are allowed - the Jetstream consumer handles orphaned votes correctly

     

       29
       29
       +
       	// by only updating counts for non-deleted subjects.

     

       26
       30
        
       	//

     

       27
       31
        
       	// Behavior:

     

       28
       32
        
       	// - If no vote exists: creates new vote with given direction

+3 -2

internal/db/postgres/vote_repo.go

···

       64
       64
        
       	return nil

     

       65
       65
        
       }

     

       66
       66
        
       

     

       67
       67
       -
       // GetByURI retrieves a vote by its AT-URI

     

       67
       67
       +
       // GetByURI retrieves an active vote by its AT-URI

     

       68
       68
        
       // Used by Jetstream consumer for DELETE operations

     

       69
       69
       +
       // Returns ErrVoteNotFound for soft-deleted votes

     

       69
       70
        
       func (r *postgresVoteRepo) GetByURI(ctx context.Context, uri string) (*votes.Vote, error) {

     

       70
       71
        
       	query := `

     

       71
       72
        
       		SELECT

     
···

       73
       74
        
       			subject_uri, subject_cid, direction,

     

       74
       75
        
       			created_at, indexed_at, deleted_at

     

       75
       76
        
       		FROM votes

     

       76
       76
       -
       		WHERE uri = $1

     

       77
       77
       +
       		WHERE uri = $1 AND deleted_at IS NULL

     

       77
       78
        
       	`

     

       78
       79
        
       

     

       79
       80
        
       	var vote votes.Vote

+44 -14

tests/integration/vote_e2e_test.go

···

       604
       604
        
       		t.Logf("Failed to close response body: %v", closeErr)

     

       605
       605
        
       	}

     

       606
       606
        
       

     

       607
       607
       -
       	// Simulate Jetstream UPDATE event (PDS updates the existing record)

     

       608
       608
       -
       	t.Logf("\n🔄 Simulating Jetstream UPDATE event...")

     

       609
       609
       -
       	updateEvent := jetstream.JetstreamEvent{

     

       607
       607
       +
       	// The service flow for direction change is:

     

       608
       608
       +
       	// 1. DELETE old vote on PDS

     

       609
       609
       +
       	// 2. CREATE new vote with NEW rkey on PDS

     

       610
       610
       +
       	// So we simulate DELETE + CREATE events (not UPDATE)

     

       611
       611
       +
       

     

       612
       612
       +
       	// Simulate Jetstream DELETE event for old vote

     

       613
       613
       +
       	t.Logf("\n🔄 Simulating Jetstream DELETE event for old upvote...")

     

       614
       614
       +
       	deleteEvent := jetstream.JetstreamEvent{

     

       615
       615
       +
       		Did:    userDID,

     

       616
       616
       +
       		TimeUS: time.Now().UnixMicro(),

     

       617
       617
       +
       		Kind:   "commit",

     

       618
       618
       +
       		Commit: &jetstream.CommitEvent{

     

       619
       619
       +
       			Rev:        "test-vote-rev-delete",

     

       620
       620
       +
       			Operation:  "delete",

     

       621
       621
       +
       			Collection: "social.coves.feed.vote",

     

       622
       622
       +
       			RKey:       rkey, // Old upvote rkey

     

       623
       623
       +
       		},

     

       624
       624
       +
       	}

     

       625
       625
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &deleteEvent); handleErr != nil {

     

       626
       626
       +
       		t.Fatalf("Failed to handle delete event: %v", handleErr)

     

       627
       627
       +
       	}

     

       628
       628
       +
       

     

       629
       629
       +
       	// Simulate Jetstream CREATE event for new downvote

     

       630
       630
       +
       	t.Logf("\n🔄 Simulating Jetstream CREATE event for new downvote...")

     

       631
       631
       +
       	newRkey := utils.ExtractRKeyFromURI(downvoteResp.URI)

     

       632
       632
       +
       	createEvent := jetstream.JetstreamEvent{

     

       610
       633
        
       		Did:    userDID,

     

       611
       634
        
       		TimeUS: time.Now().UnixMicro(),

     

       612
       635
        
       		Kind:   "commit",

     

       613
       636
        
       		Commit: &jetstream.CommitEvent{

     

       614
       637
        
       			Rev:        "test-vote-rev-down",

     

       615
       615
       -
       			Operation:  "update",

     

       638
       638
       +
       			Operation:  "create",

     

       616
       639
        
       			Collection: "social.coves.feed.vote",

     

       617
       617
       -
       			RKey:       rkey, // Same rkey as before

     

       640
       640
       +
       			RKey:       newRkey, // NEW rkey from downvote response

     

       618
       641
        
       			CID:        downvoteResp.CID,

     

       619
       642
        
       			Record: map[string]interface{}{

     

       620
       643
        
       				"$type": "social.coves.feed.vote",

     
···

       622
       645
        
       					"uri": postURI,

     

       623
       646
        
       					"cid": postCID,

     

       624
       647
        
       				},

     

       625
       625
       -
       				"direction": "down", // Changed direction

     

       648
       648
       +
       				"direction": "down",

     

       626
       649
        
       				"createdAt": time.Now().Format(time.RFC3339),

     

       627
       650
        
       			},

     

       628
       651
        
       		},

     

       629
       652
        
       	}

     

       630
       630
       -
       	if handleErr := voteConsumer.HandleEvent(ctx, &updateEvent); handleErr != nil {

     

       631
       631
       -
       		t.Fatalf("Failed to handle update event: %v", handleErr)

     

       653
       653
       +
       	if handleErr := voteConsumer.HandleEvent(ctx, &createEvent); handleErr != nil {

     

       654
       654
       +
       		t.Fatalf("Failed to handle create event: %v", handleErr)

     

       655
       655
       +
       	}

     

       656
       656
       +
       

     

       657
       657
       +
       	// Verify old upvote was deleted

     

       658
       658
       +
       	t.Logf("\n🔍 Verifying old upvote was deleted...")

     

       659
       659
       +
       	_, err = voteRepo.GetByURI(ctx, upvoteResp.URI)

     

       660
       660
       +
       	if err == nil {

     

       661
       661
       +
       		t.Error("Expected old upvote to be deleted, but it still exists")

     

       632
       662
        
       	}

     

       633
       663
        
       

     

       634
       634
       -
       	// Verify vote direction changed in AppView

     

       635
       635
       -
       	t.Logf("\n🔍 Verifying vote direction changed in AppView...")

     

       636
       636
       -
       	updatedVote, err := voteRepo.GetByURI(ctx, upvoteResp.URI)

     

       664
       664
       +
       	// Verify new downvote was indexed

     

       665
       665
       +
       	t.Logf("\n🔍 Verifying new downvote indexed in AppView...")

     

       666
       666
       +
       	newVote, err := voteRepo.GetByURI(ctx, downvoteResp.URI)

     

       637
       667
        
       	if err != nil {

     

       638
       638
       -
       		t.Fatalf("Vote not found after update: %v", err)

     

       668
       668
       +
       		t.Fatalf("New downvote not found: %v", err)

     

       639
       669
        
       	}

     

       640
       670
        
       

     

       641
       641
       -
       	if updatedVote.Direction != "down" {

     

       642
       642
       -
       		t.Errorf("Expected direction 'down', got %s", updatedVote.Direction)

     

       671
       671
       +
       	if newVote.Direction != "down" {

     

       672
       672
       +
       		t.Errorf("Expected direction 'down', got %s", newVote.Direction)

     

       643
       673
        
       	}

     

       644
       674
        
       

     

       645
       675
        
       	// Verify post counts updated

Compare changes