bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom
coves / internal / api / routes / aggregator.go
at main 96 lines 4.5 kB view raw
1package routes 2 3import ( 4 "Coves/internal/api/handlers/aggregator" 5 "Coves/internal/api/middleware" 6 "Coves/internal/atproto/identity" 7 "Coves/internal/core/aggregators" 8 "Coves/internal/core/communities" 9 "Coves/internal/core/users" 10 "net/http" 11 "time" 12 13 "github.com/go-chi/chi/v5" 14) 15 16// RegisterAggregatorRoutes registers aggregator-related XRPC endpoints 17// Following Bluesky's pattern for feed generators and labelers 18func RegisterAggregatorRoutes( 19 r chi.Router, 20 aggregatorService aggregators.Service, 21 communityService communities.Service, 22 userService users.UserService, 23 identityResolver identity.Resolver, 24) { 25 // Create query handlers 26 getServicesHandler := aggregator.NewGetServicesHandler(aggregatorService) 27 getAuthorizationsHandler := aggregator.NewGetAuthorizationsHandler(aggregatorService) 28 listForCommunityHandler := aggregator.NewListForCommunityHandler(aggregatorService, communityService) 29 30 // Create registration handler 31 registerHandler := aggregator.NewRegisterHandler(userService, identityResolver) 32 33 // Query endpoints (public - no auth required) 34 // GET /xrpc/social.coves.aggregator.getServices?dids=did:plc:abc,did:plc:def 35 // Following app.bsky.feed.getFeedGenerators pattern 36 r.Get("/xrpc/social.coves.aggregator.getServices", getServicesHandler.HandleGetServices) 37 38 // GET /xrpc/social.coves.aggregator.getAuthorizations?aggregatorDid=did:plc:abc&enabledOnly=true 39 // Lists communities that authorized an aggregator 40 r.Get("/xrpc/social.coves.aggregator.getAuthorizations", getAuthorizationsHandler.HandleGetAuthorizations) 41 42 // GET /xrpc/social.coves.aggregator.listForCommunity?communityDid=did:plc:xyz&enabledOnly=true 43 // Lists aggregators authorized by a community 44 r.Get("/xrpc/social.coves.aggregator.listForCommunity", listForCommunityHandler.HandleListForCommunity) 45 46 // Registration endpoint (public - no auth required) 47 // Aggregators register themselves after creating their own PDS accounts 48 // POST /xrpc/social.coves.aggregator.register 49 // Rate limited to 10 requests per 10 minutes per IP to prevent abuse 50 registrationRateLimiter := middleware.NewRateLimiter(10, 10*time.Minute) 51 r.Post("/xrpc/social.coves.aggregator.register", 52 registrationRateLimiter.Middleware(http.HandlerFunc(registerHandler.HandleRegister)).ServeHTTP) 53 54 // Write endpoints (Phase 2 - require authentication and moderator permissions) 55 // TODO: Implement after Jetstream consumer is ready 56 // POST /xrpc/social.coves.aggregator.enable (requires auth + moderator) 57 // POST /xrpc/social.coves.aggregator.disable (requires auth + moderator) 58 // POST /xrpc/social.coves.aggregator.updateConfig (requires auth + moderator) 59} 60 61// RegisterAggregatorAPIKeyRoutes registers API key management endpoints for aggregators. 62// These endpoints require OAuth authentication and are only available to registered aggregators. 63// Call this function AFTER setting up the auth middleware. 64func RegisterAggregatorAPIKeyRoutes( 65 r chi.Router, 66 authMiddleware middleware.AuthMiddleware, 67 apiKeyService aggregators.APIKeyServiceInterface, 68 aggregatorService aggregators.Service, 69) { 70 // Create API key handlers 71 createAPIKeyHandler := aggregator.NewCreateAPIKeyHandler(apiKeyService, aggregatorService) 72 getAPIKeyHandler := aggregator.NewGetAPIKeyHandler(apiKeyService, aggregatorService) 73 revokeAPIKeyHandler := aggregator.NewRevokeAPIKeyHandler(apiKeyService, aggregatorService) 74 metricsHandler := aggregator.NewMetricsHandler(apiKeyService) 75 76 // API key management endpoints (require OAuth authentication) 77 // POST /xrpc/social.coves.aggregator.createApiKey 78 // Creates a new API key for the authenticated aggregator 79 r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.aggregator.createApiKey", 80 createAPIKeyHandler.HandleCreateAPIKey) 81 82 // GET /xrpc/social.coves.aggregator.getApiKey 83 // Gets info about the authenticated aggregator's API key (not the key itself) 84 r.With(authMiddleware.RequireAuth).Get("/xrpc/social.coves.aggregator.getApiKey", 85 getAPIKeyHandler.HandleGetAPIKey) 86 87 // POST /xrpc/social.coves.aggregator.revokeApiKey 88 // Revokes the authenticated aggregator's API key 89 r.With(authMiddleware.RequireAuth).Post("/xrpc/social.coves.aggregator.revokeApiKey", 90 revokeAPIKeyHandler.HandleRevokeAPIKey) 91 92 // GET /xrpc/social.coves.aggregator.getMetrics 93 // Returns operational metrics for the API key service (internal monitoring endpoint) 94 // No authentication required - metrics are non-sensitive operational data 95 r.Get("/xrpc/social.coves.aggregator.getMetrics", metricsHandler.HandleMetrics) 96}