bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom
coves / internal / api / routes / discover.go
at main 37 lines 1.5 kB view raw
1package routes 2 3import ( 4 "Coves/internal/api/handlers/discover" 5 "Coves/internal/api/middleware" 6 "Coves/internal/core/blueskypost" 7 discoverCore "Coves/internal/core/discover" 8 "Coves/internal/core/votes" 9 10 "github.com/go-chi/chi/v5" 11) 12 13// RegisterDiscoverRoutes registers discover-related XRPC endpoints 14// 15// SECURITY & RATE LIMITING: 16// - Discover feed is PUBLIC (works without authentication) 17// - Optional auth: if authenticated, includes viewer vote state on posts 18// - Protected by global rate limiter: 100 requests/minute per IP (main.go:84) 19// - Query timeout enforced via context (prevents long-running queries) 20// - Result limit capped at 50 posts per request (validated in service layer) 21// - No caching currently implemented (future: 30-60s cache for hot feed) 22func RegisterDiscoverRoutes( 23 r chi.Router, 24 discoverService discoverCore.Service, 25 voteService votes.Service, 26 blueskyService blueskypost.Service, 27 authMiddleware *middleware.OAuthAuthMiddleware, 28) { 29 // Create handlers 30 getDiscoverHandler := discover.NewGetDiscoverHandler(discoverService, voteService, blueskyService) 31 32 // GET /xrpc/social.coves.feed.getDiscover 33 // Public endpoint with optional auth for viewer-specific state (vote state) 34 // Shows posts from ALL communities (not personalized) 35 // Rate limited: 100 req/min per IP via global middleware 36 r.With(authMiddleware.OptionalAuth).Get("/xrpc/social.coves.feed.getDiscover", getDiscoverHandler.HandleGetDiscover) 37}