sparrowtek.com / effem-AppView
this repo has no description
fork atom
Go 99.6%
Dockerfile 0.4%
11 1 0

Clone this repository

https://tangled.org/sparrowtek.com/effem-AppView
git@tangled.org:sparrowtek.com/effem-AppView

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

Effem AppView#

Custom AT Protocol AppView backend for Effem.

Scope Implemented#

  • Custom Lexicon Definitions
  • Go AppView Implementation
  • Podcast Index Integration
  • Database Schema
  • XRPC API Endpoints

What This Service Does#

  • Consumes AT Proto firehose events and indexes xyz.effem.* records.
  • Stores social state and materialized social counters in PostgreSQL.
  • Proxies and caches Podcast Index API calls (server-side API key/secret).
  • Serves read endpoints for Effem social + podcast experience.

Project Layout#

  • cmd/effem-appview/: CLI entrypoint.
  • appview/: server, firehose consumer, handlers, indexer, Podcast Index client/cache, database models/migrations.
  • lexicons/xyz/effem/feed/: feed lexicons (defs, subscription, comment, recommendation, list, bookmark).
  • lexicons/xyz/effem/actor/: actor lexicons (profile).

Local Run#

Prerequisites:

  • Go 1.25+
  • PostgreSQL

Run:

go mod tidy
EFFEM_AUTH_READ_TOKENS='dev-token=did:plc:localdev' \
EFFEM_CORS_ALLOWED_ORIGINS='http://localhost:3000' \
go run ./cmd/effem-appview --bind :8080

Verify:

curl -s localhost:8080/_health

Environment Variables#

Required for Podcast Index-backed endpoints:

  • EFFEM_PI_KEY
  • EFFEM_PI_SECRET

Runtime configuration:

  • EFFEM_BIND (default :8080)
  • EFFEM_DATABASE_URL (default postgres://effem:effem@localhost:5432/effem?sslmode=disable)
  • EFFEM_RELAY_HOST (default wss://bsky.network)
  • EFFEM_PLC_HOST (default https://plc.directory)
  • EFFEM_FIREHOSE_PARALLELISM (default 5)
  • EFFEM_AUTH_REQUIRED (default true)
  • EFFEM_AUTH_READ_TOKENS (comma-separated token=did pairs with read scope)
  • EFFEM_AUTH_ADMIN_TOKENS (comma-separated token=did pairs with admin scope)
  • EFFEM_CORS_ALLOWED_ORIGINS (comma-separated origins; wildcard is rejected)
  • EFFEM_RATE_LIMIT_ENABLED (default true)
  • EFFEM_RATE_LIMIT_RPS (default 5)
  • EFFEM_RATE_LIMIT_BURST (default 20)

Implemented Endpoint Groups#

  • xyz.effem.feed.*: subscriptions, subscribers, comments, comment thread, recommendations, popular, list(s), bookmarks, inbox
  • xyz.effem.actor.*: profile
  • xyz.effem.search.*: podcast and episode search
  • xyz.effem.podcast.*: podcast, episodes, episode, trending, categories
  • health: /_health

Docker#

docker compose up --build

Production Status#

Current status: production hardening controls are implemented.

Implemented hardening:

  • Authn/authz on /xrpc/* endpoints (read/admin scopes, DID ownership checks on user-scoped endpoints).
  • Server-side rate limiting by authenticated principal (fallback to IP).
  • Explicit CORS allowlist configuration (wildcard is blocked by config validation).
  • Versioned SQL migrations with schema_migrations tracking and checksum validation.
  • Automated Go tests for config, authz middleware, rate limiter, and migration loader.