README.md at main · sparrowtek.com/effem-AppView

sparrowtek.com / effem-AppView
fork atom
this repo has no description
fork atom
effem-AppView / README.md
at main 91 lines 2.9 kB view raw view rendered
wrap content
radmakr.com update readme 3w ago
35135978
 1# Effem AppView
 2
 3Custom AT Protocol AppView backend for Effem.
 4
 5## Scope Implemented
 6
 7- Custom Lexicon Definitions
 8- Go AppView Implementation
 9- Podcast Index Integration
10- Database Schema
11- XRPC API Endpoints
12
13## What This Service Does
14
15- Consumes AT Proto firehose events and indexes `xyz.effem.*` records.
16- Stores social state and materialized social counters in PostgreSQL.
17- Proxies and caches Podcast Index API calls (server-side API key/secret).
18- Serves read endpoints for Effem social + podcast experience.
19
20## Project Layout
21
22- `cmd/effem-appview/`: CLI entrypoint.
23- `appview/`: server, firehose consumer, handlers, indexer, Podcast Index client/cache, database models/migrations.
24- `lexicons/xyz/effem/feed/`: feed lexicons (`defs`, `subscription`, `comment`, `recommendation`, `list`, `bookmark`).
25- `lexicons/xyz/effem/actor/`: actor lexicons (`profile`).
26
27## Local Run
28
29Prerequisites:
30- Go 1.25+
31- PostgreSQL
32
33Run:
34
35```bash
36go mod tidy
37EFFEM_AUTH_READ_TOKENS='dev-token=did:plc:localdev' \
38EFFEM_CORS_ALLOWED_ORIGINS='http://localhost:3000' \
39go run ./cmd/effem-appview --bind :8080
40```
41
42Verify:
43
44```bash
45curl -s localhost:8080/_health
46```
47
48## Environment Variables
49
50Required for Podcast Index-backed endpoints:
51- `EFFEM_PI_KEY`
52- `EFFEM_PI_SECRET`
53
54Runtime configuration:
55- `EFFEM_BIND` (default `:8080`)
56- `EFFEM_DATABASE_URL` (default `postgres://effem:effem@localhost:5432/effem?sslmode=disable`)
57- `EFFEM_RELAY_HOST` (default `wss://bsky.network`)
58- `EFFEM_PLC_HOST` (default `https://plc.directory`)
59- `EFFEM_FIREHOSE_PARALLELISM` (default `5`)
60- `EFFEM_AUTH_REQUIRED` (default `true`)
61- `EFFEM_AUTH_READ_TOKENS` (comma-separated `token=did` pairs with read scope)
62- `EFFEM_AUTH_ADMIN_TOKENS` (comma-separated `token=did` pairs with admin scope)
63- `EFFEM_CORS_ALLOWED_ORIGINS` (comma-separated origins; wildcard is rejected)
64- `EFFEM_RATE_LIMIT_ENABLED` (default `true`)
65- `EFFEM_RATE_LIMIT_RPS` (default `5`)
66- `EFFEM_RATE_LIMIT_BURST` (default `20`)
67
68## Implemented Endpoint Groups
69
70- `xyz.effem.feed.*`: subscriptions, subscribers, comments, comment thread, recommendations, popular, list(s), bookmarks, inbox
71- `xyz.effem.actor.*`: profile
72- `xyz.effem.search.*`: podcast and episode search
73- `xyz.effem.podcast.*`: podcast, episodes, episode, trending, categories
74- health: `/_health`
75
76## Docker
77
78```bash
79docker compose up --build
80```
81
82## Production Status
83
84Current status: production hardening controls are implemented.
85
86Implemented hardening:
87- Authn/authz on `/xrpc/*` endpoints (read/admin scopes, DID ownership checks on user-scoped endpoints).
88- Server-side rate limiting by authenticated principal (fallback to IP).
89- Explicit CORS allowlist configuration (wildcard is blocked by config validation).
90- Versioned SQL migrations with `schema_migrations` tracking and checksum validation.
91- Automated Go tests for config, authz middleware, rate limiter, and migration loader.