docs(communities): add blob upload proxy system design

A community based topic aggregation platform built on atproto

Adds design documentation for blob upload proxy system to enable
image/video posts in communities from external PDS users.

Problem:
Users on external PDSs cannot directly upload blobs to community-owned
PDS repositories because they lack authentication credentials for the
community's PDS.

Solution:
Coves AppView acts as an authenticated proxy for blob uploads via
social.coves.blob.uploadForCommunity endpoint.

Flow:
1. User uploads blob to AppView
2. AppView validates user can post to community
3. AppView uses community's PDS credentials to upload blob
4. AppView returns CID to user
5. User creates post record referencing the CID
6. Post and blob both live in community's PDS

Status: Design documented, implementation TODO
Priority: CRITICAL for Beta - Required for rich media posts

Implementation checklist includes:
- Handler endpoint
- User authorization validation
- Community credential management
- Upload proxy logic
- Security measures (size limits, content-type validation, rate limiting)

bretton.dev 4 months ago 5c895653 c049aa32

+40

1 changed file

expand all

unified split

docs

PRD_COMMUNITIES.md

+40

docs/PRD_COMMUNITIES.md

··· 201 201 202 202 --- 203 203 204 + ### Blob Upload Proxy System 205 + **Status:** Design documented, implementation TODO 206 + **Priority:** CRITICAL for Beta - Required for image/video posts in communities 207 + 208 + **Problem:** Users on external PDSs cannot directly upload blobs to community-owned PDS repositories because they lack authentication credentials for the community's PDS. 209 + 210 + **Solution:** Coves AppView acts as an authenticated proxy for blob uploads: 211 + 212 + **Flow:** 213 + 1. User uploads blob to Coves AppView via `social.coves.blob.uploadForCommunity` 214 + 2. AppView validates user can post to community (not banned, community accessible) 215 + 3. AppView uses community's PDS credentials to upload blob via `com.atproto.repo.uploadBlob` 216 + 4. AppView returns CID to user 217 + 5. User creates post record referencing the CID 218 + 6. Post and blob both live in community's PDS 219 + 220 + **Implementation Checklist:** 221 + - [ ] Handler: `social.coves.blob.uploadForCommunity` endpoint 222 + - [ ] Validation: Check user authorization to post in community 223 + - [ ] Credential Management: Reuse community token refresh logic 224 + - [ ] Upload Proxy: Forward blob to community's PDS with community credentials 225 + - [ ] Security: Size limits, content-type validation, rate limiting 226 + - [ ] Testing: E2E test with federated user uploading to community 227 + 228 + **Why This Approach:** 229 + - ✅ Works with federated users (any PDS) 230 + - ✅ Reuses existing community credential infrastructure 231 + - ✅ Matches V2 architecture (AppView orchestrates, communities own data) 232 + - ✅ Blobs stored on correct PDS (community's repository) 233 + - ❌ AppView becomes upload intermediary (bandwidth cost) 234 + 235 + **Alternative Considered:** Direct user uploads to community PDS 236 + - Rejected: Would require creating temporary user accounts on every community PDS (complex, insecure) 237 + 238 + **See:** Design discussion in context of ATProto blob architecture 239 + 240 + --- 241 + 204 242 ### Posts in Communities 205 243 **Status:** Lexicon designed, implementation TODO 206 244 **Priority:** HIGHEST for Beta 1 ··· 214 252 - [ ] Decide membership requirements for posting 215 253 216 254 **Without posts, communities exist but can't be used!** 255 + 256 + **Depends on:** Blob Upload Proxy System (for image/video posts) 217 257 218 258 --- 219 259