# Effem AppView

Custom AT Protocol AppView backend for Effem.

## Scope Implemented

- Custom Lexicon Definitions
- Go AppView Implementation
- Podcast Index Integration
- Database Schema
- XRPC API Endpoints

## What This Service Does

- Consumes AT Proto firehose events and indexes `xyz.effem.*` records.
- Stores social state and materialized social counters in PostgreSQL.
- Proxies and caches Podcast Index API calls (server-side API key/secret).
- Serves read endpoints for Effem social + podcast experience.

## Project Layout

- `cmd/effem-appview/`: CLI entrypoint.
- `appview/`: server, firehose consumer, handlers, indexer, Podcast Index client/cache, database models/migrations.
- `lexicons/xyz/effem/feed/`: feed lexicons (`defs`, `subscription`, `comment`, `recommendation`, `list`, `bookmark`).
- `lexicons/xyz/effem/actor/`: actor lexicons (`profile`).

## Local Run

Prerequisites:
- Go 1.25+
- PostgreSQL

Run:

```bash
go mod tidy
EFFEM_AUTH_READ_TOKENS='dev-token=did:plc:localdev' \
EFFEM_CORS_ALLOWED_ORIGINS='http://localhost:3000' \
go run ./cmd/effem-appview --bind :8080
```

Verify:

```bash
curl -s localhost:8080/_health
```

## Environment Variables

Required for Podcast Index-backed endpoints:
- `EFFEM_PI_KEY`
- `EFFEM_PI_SECRET`

Runtime configuration:
- `EFFEM_BIND` (default `:8080`)
- `EFFEM_DATABASE_URL` (default `postgres://effem:effem@localhost:5432/effem?sslmode=disable`)
- `EFFEM_RELAY_HOST` (default `wss://bsky.network`)
- `EFFEM_PLC_HOST` (default `https://plc.directory`)
- `EFFEM_FIREHOSE_PARALLELISM` (default `5`)
- `EFFEM_AUTH_REQUIRED` (default `true`)
- `EFFEM_AUTH_READ_TOKENS` (comma-separated `token=did` pairs with read scope)
- `EFFEM_AUTH_ADMIN_TOKENS` (comma-separated `token=did` pairs with admin scope)
- `EFFEM_CORS_ALLOWED_ORIGINS` (comma-separated origins; wildcard is rejected)
- `EFFEM_RATE_LIMIT_ENABLED` (default `true`)
- `EFFEM_RATE_LIMIT_RPS` (default `5`)
- `EFFEM_RATE_LIMIT_BURST` (default `20`)

## Implemented Endpoint Groups

- `xyz.effem.feed.*`: subscriptions, subscribers, comments, comment thread, recommendations, popular, list(s), bookmarks, inbox
- `xyz.effem.actor.*`: profile
- `xyz.effem.search.*`: podcast and episode search
- `xyz.effem.podcast.*`: podcast, episodes, episode, trending, categories
- health: `/_health`

## Docker

```bash
docker compose up --build
```

## Production Status

Current status: production hardening controls are implemented.

Implemented hardening:
- Authn/authz on `/xrpc/*` endpoints (read/admin scopes, DID ownership checks on user-scoped endpoints).
- Server-side rate limiting by authenticated principal (fallback to IP).
- Explicit CORS allowlist configuration (wildcard is blocked by config validation).
- Versioned SQL migrations with `schema_migrations` tracking and checksum validation.
- Automated Go tests for config, authz middleware, rate limiter, and migration loader.