feat(kagi-news): update Python client for API key authentication

+2 -3

aggregators/kagi-news/.env.example

··· 1 - # Aggregator Identity (pre-created account credentials) 2 - AGGREGATOR_HANDLE=kagi-news.local.coves.dev 3 - AGGREGATOR_PASSWORD=your-secure-password-here 1 + # Coves API Key (get from https://coves.social after OAuth login) 2 + COVES_API_KEY=ckapi_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 4 3 5 4 # Optional: Override Coves API URL (defaults to config.yaml) 6 5 # COVES_API_URL=http://localhost:3001

+2

aggregators/kagi-news/config.example.yaml

··· 2 2 3 3 # Coves API endpoint 4 4 coves_api_url: "https://coves.social" 5 + # API key is loaded from COVES_API_KEY environment variable 6 + # Get your API key from https://coves.social after OAuth login 5 7 6 8 # Feed-to-community mappings 7 9 # Handle format: c-{name}.{instance} (e.g., c-worldnews.coves.social)

-1

aggregators/kagi-news/requirements.txt

··· 2 2 feedparser==6.0.11 3 3 beautifulsoup4==4.12.3 4 4 requests==2.31.0 5 - atproto==0.0.55 6 5 pyyaml==6.0.1 7 6 8 7 # Testing

+133 -55

aggregators/kagi-news/src/coves_client.py

··· 1 1 """ 2 2 Coves API Client for posting to communities. 3 3 4 - Handles authentication and posting via XRPC. 4 + Handles API key authentication and posting via XRPC. 5 5 """ 6 6 import logging 7 7 import requests 8 8 from typing import Dict, List, Optional 9 - from atproto import Client 10 9 11 10 logger = logging.getLogger(__name__) 12 11 13 12 13 + class CovesAPIError(Exception): 14 + """Base exception for Coves API errors.""" 15 + 16 + def __init__(self, message: str, status_code: int = None, response_body: str = None): 17 + super().__init__(message) 18 + self.status_code = status_code 19 + self.response_body = response_body 20 + 21 + 22 + class CovesAuthenticationError(CovesAPIError): 23 + """Raised when authentication fails (401 Unauthorized).""" 24 + pass 25 + 26 + 27 + class CovesNotFoundError(CovesAPIError): 28 + """Raised when a resource is not found (404 Not Found).""" 29 + pass 30 + 31 + 32 + class CovesRateLimitError(CovesAPIError): 33 + """Raised when rate limit is exceeded (429 Too Many Requests).""" 34 + pass 35 + 36 + 37 + class CovesForbiddenError(CovesAPIError): 38 + """Raised when access is forbidden (403 Forbidden).""" 39 + pass 40 + 41 + 14 42 class CovesClient: 15 43 """ 16 44 Client for posting to Coves communities via XRPC. 17 45 18 46 Handles: 19 - - Authentication with aggregator credentials 47 + - API key authentication 20 48 - Creating posts in communities (social.coves.community.post.create) 21 49 - External embed formatting 22 50 """ 23 51 24 - def __init__(self, api_url: str, handle: str, password: str, pds_url: Optional[str] = None): 25 - """ 26 - Initialize Coves client. 27 - 28 - Args: 29 - api_url: Coves AppView URL for posting (e.g., "http://localhost:8081") 30 - handle: Aggregator handle (e.g., "kagi-news.coves.social") 31 - password: Aggregator password/app password 32 - pds_url: Optional PDS URL for authentication (defaults to api_url) 33 - """ 34 - self.api_url = api_url 35 - self.pds_url = pds_url or api_url # Auth through PDS, post through AppView 36 - self.handle = handle 37 - self.password = password 38 - self.client = Client(base_url=self.pds_url) # Use PDS for auth 39 - self._authenticated = False 52 + # API key format constants (must match Go constants in apikey_service.go) 53 + API_KEY_PREFIX = "ckapi_" 54 + API_KEY_TOTAL_LENGTH = 70 # 6 (prefix) + 64 (32 bytes hex-encoded) 40 55 41 - def authenticate(self): 56 + def __init__(self, api_url: str, api_key: str): 42 57 """ 43 - Authenticate with Coves API. 58 + Initialize Coves client with API key authentication. 44 59 45 - Uses com.atproto.server.createSession directly to avoid 46 - Bluesky-specific endpoints that don't exist on Coves PDS. 60 + Args: 61 + api_url: Coves API URL for posting (e.g., "https://coves.social") 62 + api_key: Coves API key (e.g., "ckapi_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") 47 63 48 64 Raises: 49 - Exception: If authentication fails 65 + ValueError: If api_key format is invalid 50 66 """ 51 - try: 52 - logger.info(f"Authenticating as {self.handle}") 53 - 54 - # Use createSession directly (avoid app.bsky.actor.getProfile) 55 - session = self.client.com.atproto.server.create_session( 56 - {"identifier": self.handle, "password": self.password} 67 + # Validate API key format for early failure with clear error 68 + if not api_key: 69 + raise ValueError("API key cannot be empty") 70 + if not api_key.startswith(self.API_KEY_PREFIX): 71 + raise ValueError(f"API key must start with '{self.API_KEY_PREFIX}'") 72 + if len(api_key) != self.API_KEY_TOTAL_LENGTH: 73 + raise ValueError( 74 + f"API key must be {self.API_KEY_TOTAL_LENGTH} characters " 75 + f"(got {len(api_key)})" 57 76 ) 58 77 59 - # Manually set session (skip profile fetch) 60 - self.client._session = session 61 - self._authenticated = True 62 - self.did = session.did 78 + self.api_url = api_url.rstrip('/') 79 + self.api_key = api_key 80 + self.session = requests.Session() 81 + self.session.headers['Authorization'] = f'Bearer {api_key}' 82 + self.session.headers['Content-Type'] = 'application/json' 63 83 64 - logger.info(f"Authentication successful (DID: {self.did})") 65 - except Exception as e: 66 - logger.error(f"Authentication failed: {e}") 67 - raise 84 + def authenticate(self): 85 + """ 86 + No-op for API key authentication. 87 + 88 + API key is set in the session headers during initialization. 89 + This method is kept for backward compatibility with existing code 90 + that calls authenticate() before making requests. 91 + """ 92 + logger.info("Using API key authentication (no session creation needed)") 68 93 69 94 def create_post( 70 95 self, ··· 90 115 AT Proto URI of created post (e.g., "at://did:plc:.../social.coves.post/...") 91 116 92 117 Raises: 93 - Exception: If post creation fails 118 + requests.HTTPError: If post creation fails 94 119 """ 95 - if not self._authenticated: 96 - self.authenticate() 97 - 98 120 try: 99 121 # Prepare post data for social.coves.community.post.create endpoint 100 122 post_data = { ··· 119 141 # This provides validation, authorization, and business logic 120 142 logger.info(f"Creating post in community: {community_handle}") 121 143 122 - # Make direct HTTP request to XRPC endpoint 144 + # Make HTTP request to XRPC endpoint using session with API key 123 145 url = f"{self.api_url}/xrpc/social.coves.community.post.create" 124 - headers = { 125 - "Authorization": f"Bearer {self.client._session.access_jwt}", 126 - "Content-Type": "application/json" 127 - } 128 - 129 - response = requests.post(url, json=post_data, headers=headers, timeout=30) 146 + response = self.session.post(url, json=post_data, timeout=30) 130 147 131 - # Log detailed error if request fails 148 + # Handle specific error cases 132 149 if not response.ok: 133 150 error_body = response.text 134 151 logger.error(f"Post creation failed ({response.status_code}): {error_body}") 135 - response.raise_for_status() 152 + self._raise_for_status(response) 153 + 154 + try: 155 + result = response.json() 156 + post_uri = result["uri"] 157 + except (ValueError, KeyError) as e: 158 + # ValueError for invalid JSON, KeyError for missing 'uri' field 159 + logger.error(f"Failed to parse post creation response: {e}") 160 + raise CovesAPIError( 161 + f"Invalid response from server: {e}", 162 + status_code=response.status_code, 163 + response_body=response.text 164 + ) 136 165 137 - result = response.json() 138 - post_uri = result["uri"] 139 166 logger.info(f"Post created: {post_uri}") 140 167 return post_uri 141 168 142 - except Exception as e: 143 - logger.error(f"Failed to create post: {e}") 169 + except requests.RequestException as e: 170 + # Network errors, timeouts, etc. 171 + logger.error(f"Network error creating post: {e}") 172 + raise 173 + except CovesAPIError: 174 + # Re-raise our custom exceptions as-is 144 175 raise 145 176 146 177 def create_external_embed( ··· 175 206 "$type": "social.coves.embed.external", 176 207 "external": external 177 208 } 209 + 210 + def _raise_for_status(self, response: requests.Response) -> None: 211 + """ 212 + Raise specific exceptions based on HTTP status code. 213 + 214 + Args: 215 + response: The HTTP response object 216 + 217 + Raises: 218 + CovesAuthenticationError: For 401 Unauthorized 219 + CovesNotFoundError: For 404 Not Found 220 + CovesRateLimitError: For 429 Too Many Requests 221 + CovesAPIError: For other 4xx/5xx errors 222 + """ 223 + status_code = response.status_code 224 + error_body = response.text 225 + 226 + if status_code == 401: 227 + raise CovesAuthenticationError( 228 + f"Authentication failed: {error_body}", 229 + status_code=status_code, 230 + response_body=error_body 231 + ) 232 + elif status_code == 403: 233 + raise CovesForbiddenError( 234 + f"Access forbidden: {error_body}", 235 + status_code=status_code, 236 + response_body=error_body 237 + ) 238 + elif status_code == 404: 239 + raise CovesNotFoundError( 240 + f"Resource not found: {error_body}", 241 + status_code=status_code, 242 + response_body=error_body 243 + ) 244 + elif status_code == 429: 245 + raise CovesRateLimitError( 246 + f"Rate limit exceeded: {error_body}", 247 + status_code=status_code, 248 + response_body=error_body 249 + ) 250 + else: 251 + raise CovesAPIError( 252 + f"API request failed ({status_code}): {error_body}", 253 + status_code=status_code, 254 + response_body=error_body 255 + ) 178 256 179 257 def _get_timestamp(self) -> str: 180 258 """

+5 -9

aggregators/kagi-news/src/main.py

··· 71 71 if coves_client: 72 72 self.coves_client = coves_client 73 73 else: 74 - # Get credentials from environment 75 - aggregator_handle = os.getenv('AGGREGATOR_HANDLE') 76 - aggregator_password = os.getenv('AGGREGATOR_PASSWORD') 77 - pds_url = os.getenv('PDS_URL') # Optional: separate PDS for auth 74 + # Get API key from environment 75 + api_key = os.getenv('COVES_API_KEY') 78 76 79 - if not aggregator_handle or not aggregator_password: 77 + if not api_key: 80 78 raise ValueError( 81 - "Missing AGGREGATOR_HANDLE or AGGREGATOR_PASSWORD environment variables" 79 + "COVES_API_KEY environment variable required" 82 80 ) 83 81 84 82 self.coves_client = CovesClient( 85 83 api_url=self.config.coves_api_url, 86 - handle=aggregator_handle, 87 - password=aggregator_password, 88 - pds_url=pds_url # Auth through PDS if specified 84 + api_key=api_key 89 85 ) 90 86 91 87 def run(self):

+127 -3

aggregators/kagi-news/tests/test_coves_client.py

··· 4 4 Tests the client's local functionality without requiring live infrastructure. 5 5 """ 6 6 import pytest 7 - from src.coves_client import CovesClient 7 + from unittest.mock import Mock 8 + from src.coves_client import ( 9 + CovesClient, 10 + CovesAPIError, 11 + CovesAuthenticationError, 12 + CovesForbiddenError, 13 + CovesNotFoundError, 14 + CovesRateLimitError, 15 + ) 16 + 17 + 18 + # Valid test API key (70 chars total: 6 prefix + 64 hex chars) 19 + VALID_TEST_API_KEY = "ckapi_" + "a" * 64 20 + 21 + 22 + class TestAPIKeyValidation: 23 + """Tests for API key format validation in constructor.""" 24 + 25 + def test_rejects_empty_api_key(self): 26 + """Empty API key should raise ValueError.""" 27 + with pytest.raises(ValueError, match="cannot be empty"): 28 + CovesClient(api_url="http://localhost", api_key="") 29 + 30 + def test_rejects_wrong_prefix(self): 31 + """API key with wrong prefix should raise ValueError.""" 32 + wrong_prefix_key = "wrong_" + "a" * 64 33 + with pytest.raises(ValueError, match="must start with 'ckapi_'"): 34 + CovesClient(api_url="http://localhost", api_key=wrong_prefix_key) 35 + 36 + def test_rejects_short_api_key(self): 37 + """API key that is too short should raise ValueError.""" 38 + short_key = "ckapi_tooshort" 39 + with pytest.raises(ValueError, match="must be 70 characters"): 40 + CovesClient(api_url="http://localhost", api_key=short_key) 41 + 42 + def test_rejects_long_api_key(self): 43 + """API key that is too long should raise ValueError.""" 44 + long_key = "ckapi_" + "a" * 100 45 + with pytest.raises(ValueError, match="must be 70 characters"): 46 + CovesClient(api_url="http://localhost", api_key=long_key) 47 + 48 + def test_accepts_valid_api_key(self): 49 + """Valid API key format should be accepted.""" 50 + client = CovesClient(api_url="http://localhost", api_key=VALID_TEST_API_KEY) 51 + assert client.api_key == VALID_TEST_API_KEY 52 + 53 + 54 + class TestRaiseForStatus: 55 + """Tests for _raise_for_status method.""" 56 + 57 + @pytest.fixture 58 + def client(self): 59 + """Create a CovesClient instance for testing.""" 60 + return CovesClient(api_url="http://localhost", api_key=VALID_TEST_API_KEY) 61 + 62 + def test_raises_authentication_error_for_401(self, client): 63 + """401 response should raise CovesAuthenticationError.""" 64 + mock_response = Mock() 65 + mock_response.status_code = 401 66 + mock_response.text = "Invalid API key" 67 + 68 + with pytest.raises(CovesAuthenticationError) as exc_info: 69 + client._raise_for_status(mock_response) 70 + 71 + assert exc_info.value.status_code == 401 72 + assert "Authentication failed" in str(exc_info.value) 73 + 74 + def test_raises_forbidden_error_for_403(self, client): 75 + """403 response should raise CovesForbiddenError.""" 76 + mock_response = Mock() 77 + mock_response.status_code = 403 78 + mock_response.text = "Not authorized for this community" 79 + 80 + with pytest.raises(CovesForbiddenError) as exc_info: 81 + client._raise_for_status(mock_response) 82 + 83 + assert exc_info.value.status_code == 403 84 + assert "Access forbidden" in str(exc_info.value) 85 + 86 + def test_raises_not_found_error_for_404(self, client): 87 + """404 response should raise CovesNotFoundError.""" 88 + mock_response = Mock() 89 + mock_response.status_code = 404 90 + mock_response.text = "Community not found" 91 + 92 + with pytest.raises(CovesNotFoundError) as exc_info: 93 + client._raise_for_status(mock_response) 94 + 95 + assert exc_info.value.status_code == 404 96 + assert "Resource not found" in str(exc_info.value) 97 + 98 + def test_raises_rate_limit_error_for_429(self, client): 99 + """429 response should raise CovesRateLimitError.""" 100 + mock_response = Mock() 101 + mock_response.status_code = 429 102 + mock_response.text = "Rate limit exceeded" 103 + 104 + with pytest.raises(CovesRateLimitError) as exc_info: 105 + client._raise_for_status(mock_response) 106 + 107 + assert exc_info.value.status_code == 429 108 + assert "Rate limit exceeded" in str(exc_info.value) 109 + 110 + def test_raises_generic_api_error_for_500(self, client): 111 + """500 response should raise generic CovesAPIError.""" 112 + mock_response = Mock() 113 + mock_response.status_code = 500 114 + mock_response.text = "Internal server error" 115 + 116 + with pytest.raises(CovesAPIError) as exc_info: 117 + client._raise_for_status(mock_response) 118 + 119 + assert exc_info.value.status_code == 500 120 + assert not isinstance(exc_info.value, CovesAuthenticationError) 121 + assert not isinstance(exc_info.value, CovesNotFoundError) 122 + 123 + def test_exception_includes_response_body(self, client): 124 + """Exception should include the response body.""" 125 + mock_response = Mock() 126 + mock_response.status_code = 400 127 + mock_response.text = '{"error": "Bad request details"}' 128 + 129 + with pytest.raises(CovesAPIError) as exc_info: 130 + client._raise_for_status(mock_response) 131 + 132 + assert exc_info.value.response_body == '{"error": "Bad request details"}' 8 133 9 134 10 135 class TestCreateExternalEmbed: ··· 15 140 """Create a CovesClient instance for testing.""" 16 141 return CovesClient( 17 142 api_url="http://localhost:8081", 18 - handle="test.handle", 19 - password="test_password" 143 + api_key=VALID_TEST_API_KEY 20 144 ) 21 145 22 146 def test_creates_embed_without_sources(self, client):