blue_factory 0.1.5 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de68a9c6f0b159edc06d950cb3ad558537273ce95637a3c2b2ab183f0eeb52d9
-  data.tar.gz: 609d5127c0ee34fbc19bca7b3cb37b01cbde365e05f24699e8cd4b0bd226d340
+  metadata.gz: a6c7d1d14d831467efed09597e81ee9e1b15a1c6581c06ec4853cc800f966da7
+  data.tar.gz: f4e819cdcd5877d97af4bae043859844426f5e43432688df7a4afddce87df0ce
 SHA512:
-  metadata.gz: 25dee3b63c24fc48fce4b4aaa04ac8113c92e35df6464b8357053ef422fba14181c2cd3d7e26894fcbb14e736b029b2e5a3f45940d93fc294ddcbc52519f49bf
-  data.tar.gz: bad39da56a7a4cec3217dbf507197dc23c2951e855d8501bb89babe8a0966e3809065cbf9a0e1c7c038c77e0d5764a04feb8e6815c931962d40cd1bb29d5c391
+  metadata.gz: 4bb21855d3f9803637d352581717c7e8720dfa82a55f6908eaf50852ca357ddca1c2f193bff5188dcb51d2b6bce0d15196c1e0799189a7c2fea5f8a01ccee559
+  data.tar.gz: b23b812347edb6bdc140293044fafe56e73ff457466fd91512e669eef42501c863cadd700231e2e1234b3962513b86249b6fb408674df18f0859f594be499eec

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## [0.2.0] - 2025-10-16
+
+Breaking changes / deprecations:
+
+- changed `get_posts` API to (optionally) pass a `context` as the second param instead of `current_user`; context includes the user DID as `context.user.raw_did`, and will also include a verified DID in a future version
+- `enable_unsafe_auth` option is deprecated – for now, `get_posts` will still work with `(params, current_user)` if that option is set
+- `validate_responses` option is deprecated – responses are now always validated, also in production
+
+Also:
+
+- `get_posts` response can now return each post either as an AT URI string as before, or as a hash with URI in the `:post` field
+- added support for post reasons (repost, pin) via `:reason` field in the post hash
+- added support for post context info via `:context` field in the post hash and request ID info via `:req_id` in the response hash
+- added `accepts_interactions` property to the feed API which lets it accept user interactions feedback ("show more/less" etc.)
+- added support for accepting interactions sent to `app.bsky.feed.sendInteractions` via `on_interactions` handler
+
+## [0.1.6] - 2025-07-17
+
+- detect PDS hostname automatically in the `bluesky:publish` Rake task
+
 ## [0.1.5] - 2025-03-20
 
 - added support for feed content mode field (video feeds)

data/README.md

@@ -3,29 +3,31 @@
 A Ruby gem for hosting custom feeds for Bluesky.
 
 > [!NOTE]
-> ATProto Ruby gems collection: [skyfall](https://github.com/mackuba/skyfall) | [blue_factory](https://github.com/mackuba/blue_factory) | [minisky](https://github.com/mackuba/minisky) | [didkit](https://github.com/mackuba/didkit)
+> ATProto Ruby gems collection: [skyfall](https://tangled.org/@mackuba.eu/skyfall) | [blue_factory](https://tangled.org/@mackuba.eu/blue_factory) | [minisky](https://tangled.org/@mackuba.eu/minisky) | [didkit](https://tangled.org/@mackuba.eu/didkit)
 
 
 ## What does it do
 
 BlueFactory is a Ruby library which helps you build a web service that hosts custom feeds a.k.a. "[feed generators](https://github.com/bluesky-social/feed-generator)" for the Bluesky social network. It implements a simple HTTP server based on [Sinatra](https://sinatrarb.com) which provides the required endpoints for the feed generator interface. You need to provide the content for the feed by making a query to your preferred local database.
 
-A feed server will usually be run together with a second piece of code that streams posts from the Bluesky "firehose" stream, runs them through some kind of filter and saves some or all of them to the database. To build that part, you can use my other Ruby gem [Skyfall](https://github.com/mackuba/skyfall).
+A feed server will usually be run together with a second piece of code that streams posts from the Bluesky "firehose" stream, runs them through some kind of filter and saves some or all of them to the database. To build that part, you can use my other Ruby gem [Skyfall](https://tangled.org/@mackuba.eu/skyfall).
 
 
 ## Installation
 
-    gem install blue_factory
+Add this to your `Gemfile`:
+
+    gem 'blue_factory', '~> 0.2'
 
 
 ## Usage
 
 The server is configured through the `BlueFactory` module. The two required settings are:
 
-- `publisher_did` - DID identifier of the account that you will publish the feed on (the string that starts with `did:plc:...`)
-- `hostname` - the hostname on which the feed service will be run
+- `publisher_did` – DID identifier of the account that you will publish the feed on (the string that starts with `did:plc:...`)
+- `hostname` – the hostname on which the feed service will be run
 
-You also need to configure at least one feed by passing a feed key and a feed object. The key is the identifier that will appear at the end of the feed URI - it must only contain characters that are valid in URLs (preferably all lowercase) and it can't be longer than 15 characters. The object is anything that implements the single required method `get_posts` (could be a class, a module or an instance).
+You also need to configure at least one feed by passing a feed key and a feed object. The key is the identifier (rkey) that will appear at the end of the feed URI – it must only contain characters that are valid in URLs (preferably all lowercase) and it can't be longer than 15 characters. The feed object is anything that implements the single required method `get_posts` (could be a class, a module or an instance).
 
 So a simple setup could look like this:
 
@@ -39,31 +41,85 @@ BlueFactory.add_feed 'starwars', StarWarsFeed.new
 ```
 
 
-### The feed object
+## The feed API
 
 The `get_posts` method of the feed object should:
 
 - accept a `params` argument which is a hash with fields: `:feed`, `:cursor` and `:limit` (the last two are optional)
-- optionally, accept a second `current_user` argument which is a string with the authenticated user's DID (depends on authentication config - [see below](#authentication))
-- return a hash with two fields: `:cursor` and `:posts`
+- optionally, it can accept a second `context` argument with additional info like the authenticated user's DID (see "[Authentication](#authentication)")
+- return a response hash with the posts data, with at least one key `:posts`
+
+
+### Parameters
 
-The `:feed` is the `at://` URI of the feed. The `:cursor` param, if included, should be a cursor returned by your feed from one of the previous requests, so it should be in the format used by the same function - but anyone can call the endpoint with any params, so you should validate it. The cursor is used for pagination to provide more pages further down in the feed (the first request to load the top of the feed doesn't include a cursor).
+The `:feed` is the `at://` URI of the feed.
+
+The `:cursor` param, if included, should be a cursor returned earlier by your feed from one of the previous requests, so it should be in the format used by the same function – but anyone can call the endpoint with any params, so you should validate it. The cursor is used for pagination to provide more pages further down in the feed (the first request to load the top of the feed doesn't include a cursor).
 
 The `:limit`, if included, should be a numeric value specifying the number of posts to return, and you should return at most that many posts in response. According to the spec, the maximum allowed value for the limit is 100, but again, you should verify this. The default limit is 50.
 
-The `:cursor` that you return is some kind of string that encodes the offset in the feed for a request for the next page. The structure of the cursor is something for you to decide, and it could possibly be a very long string (the actual length limit is uncertain). See the readme of the official [feed-generator repo](https://github.com/bluesky-social/feed-generator#pagination) for some guidelines on how to construct cursor strings.
+### Response
+
+The `:posts` in the response hash that you return should be an array of URIs of posts. You only return the URI of a post to the Bluesky server, not all contents of the post like text and embed data – the server will "hydrate" the posts with all the other data from its own database.
+
+The posts in the `get_posts` response from your feed object can be either:
+
+- strings with the `at://` URI of a post
+- hashes with the URI in the `:post` field and additional metadata
+
+A combination of both is also allowed – some posts can be returned as URI strings, and some as hashes.
+
+A response hash should also include a `:cursor`, which is some kind of string that encodes the offset in the feed, which will be passed back to you in a request for the next page. The structure of the cursor is something for you to decide, and it could possibly be a very long string (the actual length limit is uncertain). See the readme of the official [feed-generator repo](https://github.com/bluesky-social/feed-generator#pagination) for some guidelines on how to construct cursor strings. In practice, it's usually some combination of a timestamp in some form and/or an internal record ID, possibly with some separator like `:` or `-`.
+
+The response can also include a `:req_id`, which is a "request ID" assigned to this specific request (again, the form of which is decided by you), which may be useful for processing [interactions](#handling-feed-interactions).
+
+#### Post metadata:
 
-And finally, the `:posts` value should be an array of posts, returned as `at://` URI strings only. The Bluesky server that makes the request for the feed will provide all the other data for the posts based on the URIs you return.
+If the post entry in `:posts` array is a hash, apart from the `:post` field with the URI it can include:
 
-If you determine that the request is somehow invalid (e.g. the cursor doesn't match what you expect), you can also raise a `BlueFactory::InvalidRequestError` error, which will return a JSON error message with status 400. 
+* `:context` – some kind of internal metadata about this specific post in this specific response, e.g. identifying how this post ended up in that response, used for processing [interactions](#handling-feed-interactions)
+* `:reason` – information about why this post is being displayed, which can be shown to the user; currently supported reasons are:
+  - `{ :repost => repost_uri }` – the post is displayed because someone reposted it (the uri points to a `app.bsky.feed.repost` record)
+  - `{ :pin => true }` – the post is pinned at the top of the feed
 
-An example implementation could look like this:
+So the complete structure of your reponse in full form may look something like this:
+
+```rb
+{
+  posts: [
+    {
+      post: "at://.../app.bsky.feed.post/...",
+      reason: { pin: true }
+    },
+    "at://.../app.bsky.feed.post/...",
+    "at://.../app.bsky.feed.post/...",
+    "at://.../app.bsky.feed.post/...",
+    {
+      post: "at://.../app.bsky.feed.post/...",
+      reason: { repost: "at://.../app.bsky.feed.repost/..." },
+      context: 'qweqweqwe'
+    },
+    "at://.../app.bsky.feed.post/...",
+    ...
+  ],
+  cursor: "1760639159",
+  req_id: "req2048"
+}
+```
+
+### Error handling
+
+If you determine that the request is somehow invalid (e.g. the cursor doesn't match what you expect), you can also raise a `BlueFactory::InvalidRequestError` error, which will return a JSON error message with status 400. The `message` of the exception might be shown to the user in an error banner.
+
+### Example code
+
+A simple example implementation could look like this:
 
 ```rb
 require 'time'
 
 class StarWarsFeed
-  def get_posts(params, current_user = nil)
+  def get_posts(params)
     limit = check_query_limit(params)
     query = Post.select('uri, time').order('time DESC').limit(limit)
 
@@ -90,7 +146,7 @@ class StarWarsFeed
 end
 ```
 
-### Starting the server
+## Running the server
 
 The server itself is run using the `BlueFactory::Server` class, which is a subclass of `Sinatra::Base` and is used as described in the [Sinatra documentation](https://sinatrarb.com/intro.html) (as a "modular application").
 
@@ -128,24 +184,20 @@ server {
 
 ## Authentication
 
-Feeds are authenticated using a technology called [JSON Web Tokens](https://jwt.io). If a user is logged in, when they open, refresh or scroll down a feed in their app, requests are made to the feed service from the Bluesky network's IP address with user's authentication token in the `Authorization` HTTP header. (This is not the same kind of token as the access token that you use to make API calls - it does not let you perform any actions on user's behalf.)
+Feeds are authenticated using a technology called [JSON Web Tokens](https://jwt.io). If a user is logged in, when they open, refresh or scroll down a feed in their app, requests are made to the feed service from the Bluesky network's IP address with user's authentication token in the `Authorization` HTTP header. (This is not the same kind of token as the access token that you use to make API calls – it does not let you perform any actions on user's behalf.)
 
-At the moment, Blue Factory handles authentication in a very simplified way - it extracts the user's DID from the authentication header, but it does not verify the signature. This means that anyone with some programming knowledge can trivially prepare a fake token and make requests to the `getFeedSkeleton` endpoint as a different user.
+At the moment, Blue Factory handles authentication in a very simplified way – it extracts the user's DID from the authentication header, but it does not verify the signature. This means that anyone with some programming knowledge can trivially prepare a fake token and make requests to the `getFeedSkeleton` endpoint as a different user.
 
 As such, this authentication should not be used for anything critical. It may be used for things like logging, analytics, or as "security by obscurity" to just discourage others from accessing the feed in the app. You can also use this to build personalized feeds, as long as it's not a problem that the user DID may be fake.
 
-To use this simple authentication, set the `enable_unsafe_auth` option:
-
-```rb
-BlueFactory.set :enable_unsafe_auth, true
-```
+To use this simple authentication, make a `get_posts` method that accepts two arguments: the second argument is a `context`, from which you can get user info via `context.user.raw_did`. `context.user.token` returns the whole Base64-encoded JWT token.
 
-The user's DID extracted from the token is passed as a second argument to `#get_posts`. You may, for example, return an empty list when the user is not authorized to use it:
+So this way you could, for example, return an empty list when the user is not authorized to use it:
 
 ```rb
 class HiddenFeed
-  def get_posts(params, current_user)
-    if AUTHORIZED_USERS.include?(current_user)
+  def get_posts(params, context)
+    if AUTHORIZED_USERS.include?(context.user.raw_did)
       # ...
     else
       { posts: [] }
@@ -158,8 +210,8 @@ Alternatively, you can raise a `BlueFactory::AuthorizationError` with an optiona
 
 ```rb
 class HiddenFeed
-  def get_posts(params, current_user)
-    if AUTHORIZED_USERS.include?(current_user)
+  def get_posts(params, context)
+    if AUTHORIZED_USERS.include?(context.user.raw_did)
       # ...
     else
       raise BlueFactory::AuthorizationError, "You shall not pass!"
@@ -173,14 +225,14 @@ end
 
 ### Unauthenticated access
 
-Please note that the `current_user` may be nil - this will happen if the authentication header is not set at all. Since the [bsky.app](https://bsky.app) website is now open to the public and can be accessed without authentication, people can also access your feeds without being logged in.
+Please note that there might not be any user information in the context – this will happen if the authentication header is not set at all. Since the [bsky.app](https://bsky.app) website can be accessed while logged out, people can also access your feeds this way. In that case, `context.user` will exist, but `context.user.token` and `context.user.raw_did` will be nil. You can also use the `context.has_auth?` method as a shortcut.
 
-If you want the feed to only be available to logged in users (even if it's a non-personalized feed), simply raise an `AuthorizationError` if `current_user` is nil:
+If you want the feed to only be available to logged in users (even if it's a non-personalized feed), simply raise an `AuthorizationError` if there's no authentication info:
 
 ```rb
 class RestrictedFeed
-  def get_posts(params, current_user)
-    if current_user.nil?
+  def get_posts(params, context)
+    if !context.has_auth?
       raise BlueFactory::AuthorizationError, "Log in to see this feed"
     end
 
@@ -190,6 +242,51 @@ end
 ```
 
 
+## Handling feed interactions
+
+If that makes sense in your feed, you can opt in to receiving "feed interaction" events from the users who view it. Interactions are either explicit actions that the user takes – they can press the "Show more like this" or "Show less like this" buttons in the context menu on a post they see in your feed – or implicit events that get sent automatically.
+
+To receive interactions, your feed needs to opt in to that (the "Show more/less" buttons are only displayed in your feed if you do). This is done by setting an `acceptsInteractions` field in the feed generator record – in BlueFactory, you need to add an `accepts_interactions` property or method to your feed object and return `true` from it (and re-publish the feed if it was already live).
+
+The interactions are sent to your feed by making a `POST` request to the `app.bsky.feed.sendInteractions` endpoint. BlueFactory passes these to you using a handler which you configure this way:
+
+```rb
+BlueFactory.on_interactions do |interactions, context|
+  interactions.each do |i|
+    unless i.type == :seen
+      puts "[#{Time.now}] #{context.user.raw_did}: #{i.type} #{i.item}"
+    end
+  end
+end
+```
+
+or, alternatively:
+
+```rb
+BlueFactory.interactions_handler = proc { ... }
+```
+
+There is one shared handler for all the feeds you're hosting – to find out what a given interaction is about, you need to add the fields `:req_id` and/or `:context` to the feed response (see "[Feed API – Response](#response)").
+
+An `Interaction` has such properties:
+
+- `item` – at:// URI of a post the interaction is about
+- `event` – name of the interaction type as specified in the lexicon, e.g. `app.bsky.feed.defs#requestLess`
+- `context` – the context that was assigned in your response to this specific post
+- `req_id` – the request ID that was assigned in your response to the request
+- `type` – a short symbolic code of the interaction type
+
+Currently enabled interaction types are:
+
+- `:request_more` – user asked to see more posts like this
+- `:request_less` – user asked to see fewer posts like this
+- `:like` – user pressed like on the post
+- `:repost` – user reposted the post
+- `:reply` – user replied to the post
+- `:quote` – user quoted the post
+- `:seen` – user has seen the post (scrolled down to it)
+
+
 ## Additional configuration & customizing
 
 You can use the [Sinatra API](https://sinatrarb.com/intro.html#configuration) to do any additional configuration, like changing the server port, enabling/disabling logging and so on.
@@ -204,7 +301,7 @@ You can also add additional routes, e.g. to make a redirect or print something o
 
 ```rb
 BlueFactory::Server.get '/' do
-  redirect 'https://github.com/mackuba/blue_factory'
+  redirect 'https://welcome.example.com'
 end
 ```
 
@@ -221,18 +318,19 @@ You also need to load your `BlueFactory` configuration and your feed classes her
 
 To publish the feed, you will need to provide some additional info about the feed, like its public name, through a few more methods in the feed object (the same one that responds to `#get_posts`):
 
-- `display_name` (required) - the publicly visible name of your feed, e.g. "WWDC 23" (should be something short)
-- `description` (optional) - a longer (~1-2 lines) description of what the feed does, displayed on the feed page as the "bio"
-- `avatar_file` (optional) - path to an avatar image from the project's root (PNG or JPG)
-- `content_mode` (optional) - return `:video` to create a video feed
+- `display_name` (required) – the publicly visible name of your feed, e.g. "Cat Pics" (should be something short)
+- `description` (optional) – a longer (~1-2 lines) description of what the feed does, displayed on the feed page as the "bio"
+- `avatar_file` (optional) – path to an avatar image from the project's root (PNG or JPG)
+- `content_mode` (optional) – return `:video` to create a video feed, which is displayed with a special layout
+- `accepts_interactions` (optional) – return `true` to opt in to receiving [interactions](#handling-feed-interactions)
 
-When you're ready, run the rake task passing the feed key (you will be asked for the uploader account's password):
+When you're ready, run the rake task passing the feed key (you will be asked for the uploader's account password or app password):
 
 ```
 bundle exec rake bluesky:publish KEY=wwdc
 ```
 
-For non-Bluesky PDSes, you need to also add an env var `SERVER_URL=https://your.pds.host`.
+You also need to republish the feed by running the same task again any time you make changes to these properties and you want them to take effect.
 
 
 ## Credits

data/lib/blue_factory/configuration.rb

@@ -1,9 +1,11 @@
 require_relative 'modules/configurable'
+require_relative 'modules/interactions'
 require_relative 'modules/feeds'
 
 module BlueFactory
   extend Configurable
   extend Feeds
+  extend Interactions
 
   def self.service_did
     'did:web:' + hostname
@@ -15,5 +17,20 @@ module BlueFactory
 
   configurable :publisher_did, :hostname, :validate_responses, :enable_unsafe_auth
 
-  set :validate_responses, (environment != :production)
+  def self.set(property, value)
+    if property.to_sym == :enable_unsafe_auth
+      puts "==="
+      puts "WARNING: option :enable_unsafe_auth and old API get_posts(args, user_did) is deprecated and will be removed in version 0.3."
+      puts "Switch to get_posts(args, context) instead and get the user DID from: context.user.raw_did."
+      puts "==="
+      @enable_unsafe_auth = value
+    elsif property.to_sym == :validate_responses
+      puts "==="
+      puts "WARNING: option :validate_responses is deprecated and will be removed in version 0.3. " +
+        "Responses are now always validated, also in production."
+      puts "==="
+    else
+      super
+    end
+  end
 end

data/lib/blue_factory/errors.rb

@@ -23,6 +23,9 @@ module BlueFactory
   class InvalidResponseError < StandardError
   end
 
+  class InvalidFeedClassError < StandardError
+  end
+
   class UnsupportedAlgorithmError < StandardError
   end
 end

data/lib/blue_factory/interaction.rb

@@ -0,0 +1,23 @@
+module BlueFactory
+  class Interaction
+    EVENTS = {
+      'app.bsky.feed.defs#interactionLike' => :like,
+      'app.bsky.feed.defs#interactionQuote' => :quote,
+      'app.bsky.feed.defs#interactionReply' => :reply,
+      'app.bsky.feed.defs#interactionRepost' => :repost,
+      'app.bsky.feed.defs#interactionSeen' => :seen,
+      'app.bsky.feed.defs#requestLess' => :request_less,
+      'app.bsky.feed.defs#requestMore' => :request_more
+    }
+
+    attr_reader :item, :event, :context, :req_id, :type
+
+    def initialize(data)
+      @item = data['item']
+      @event = data['event']
+      @context = data['feedContext']
+      @req_id = data['reqId']
+      @type = EVENTS[@event]
+    end
+  end
+end

data/lib/blue_factory/modules/configurable.rb

@@ -14,7 +14,7 @@ module BlueFactory
       if @properties.include?(property.to_sym)
         self.instance_variable_set("@#{property}", value)
       else
-        raise NoMethodError
+        raise NoMethodError, "No such property: #{property}"
       end
     end
 

data/lib/blue_factory/modules/interactions.rb

@@ -0,0 +1,9 @@
+module BlueFactory
+  module Interactions
+    def on_interactions(&block)
+      @interactions_handler = block
+    end
+
+    attr_accessor :interactions_handler
+  end
+end

data/lib/blue_factory/output_generator.rb

@@ -0,0 +1,83 @@
+require_relative 'errors'
+
+module BlueFactory
+  class OutputGenerator
+    AT_URI_REGEXP = %r(^at://did:(plc:[a-z0-9]+|web:[a-z0-9\-]+(\.[a-z0-9\-]+)+)/app\.bsky\.feed\.post/[a-z0-9]+$)
+
+    def generate(response)
+      output = {}
+
+      raise InvalidResponseError, ":posts key is missing" unless response.has_key?(:posts)
+      raise InvalidResponseError, ":posts should be an array" unless response[:posts].is_a?(Array)
+
+      output[:feed] = response[:posts].map { |x| process_post_element(x) }
+
+      if cursor = response[:cursor]
+        output[:cursor] = cursor.to_s
+      end
+
+      if req_id = response[:req_id]
+        output[:reqId] = req_id.to_s
+      end
+
+      output
+    end
+
+    def process_post_element(object)
+      if object.is_a?(String)
+        validate_uri(object)
+        { post: object }
+      elsif object.is_a?(Hash)
+        process_post_hash(object)
+      else
+        raise InvalidResponseError, "Invalid post entry, expected string or hash: #{object.inspect}"
+      end
+    end
+
+    def process_post_hash(object)
+      post = {}
+
+      if object[:post]
+        validate_uri(object[:post])
+        post[:post] = object[:post]
+      else
+        raise InvalidResponseError, "Post hash is missing a :post key"
+      end
+
+      if object[:reason]
+        post[:reason] = process_post_reason(object[:reason])
+      end
+
+      if object[:context]
+        post[:feedContext] = object[:context].to_s
+      end
+
+      post
+    end
+
+    def process_post_reason(reason)
+      raise InvalidResponseError, "Invalid post reason: #{reason.inspect}" unless reason.is_a?(Hash)
+
+      if reason[:repost]
+        {
+          "$type" => "app.bsky.feed.defs#skeletonReasonRepost",
+          "repost" => reason[:repost]
+        }
+      elsif reason[:pin]
+        {
+          "$type" => "app.bsky.feed.defs#skeletonReasonPin"
+        }
+      else
+        raise InvalidResponseError, "Invalid post reason: #{reason.inspect}"
+      end
+    end
+
+    def validate_uri(uri)
+      if !uri.is_a?(String)
+        raise InvalidResponseError, "Post URI should be a string: #{uri.inspect}"
+      elsif uri !~ AT_URI_REGEXP
+        raise InvalidResponseError, "Invalid post URI: #{uri.inspect}"
+      end
+    end
+  end
+end

data/lib/blue_factory/request_context.rb

@@ -0,0 +1,23 @@
+require_relative 'user_info'
+
+module BlueFactory
+  class RequestContext
+    attr_accessor :request
+
+    def initialize(request)
+      @request = request
+    end
+
+    def env
+      @request.env
+    end
+
+    def user
+      UserInfo.new(env['HTTP_AUTHORIZATION'])
+    end
+
+    def has_auth?
+      env['HTTP_AUTHORIZATION'] != nil
+    end
+  end
+end

data/lib/blue_factory/server.rb

@@ -1,14 +1,14 @@
-require 'base64'
 require 'json'
 require 'sinatra/base'
 
 require_relative 'configuration'
 require_relative 'errors'
+require_relative 'interaction'
+require_relative 'output_generator'
+require_relative 'request_context'
 
 module BlueFactory
   class Server < Sinatra::Base
-    AT_URI_REGEXP = %r(^at://did:plc:[a-z0-9]+/app\.bsky\.feed\.post/[a-z0-9]+$)
-
     configure do
       disable :static
       enable :quiet
@@ -37,83 +37,46 @@ module BlueFactory
         [status, JSON.generate({ error: name, message: message })]
       end
 
-      def get_feed
-        if params[:feed].to_s.empty?
-          raise InvalidResponseError, "Error: Params must have the property \"feed\""
+      def get_feed(feed_uri)
+        if feed_uri.to_s.empty?
+          raise InvalidRequestError, "Error: Params must have the property \"feed\""
         end
 
-        if params[:feed] !~ %r(^at://[\w\-\.\:]+/[\w\.]+/[\w\.\-]+$)
-          raise InvalidResponseError, "Error: feed must be a valid at-uri"
+        if feed_uri !~ %r(^at://[\w\-\.\:]+/[\w\.]+/[\w\.\-]+$)
+          raise InvalidRequestError, "Error: feed must be a valid at-uri"
         end
 
-        feed_key = params[:feed].split('/').last
+        feed_key = feed_uri.split('/').last
         feed = config.get_feed(feed_key)
 
-        if feed.nil? || feed_uri(feed_key) != params[:feed]
+        if feed.nil? || feed_uri(feed_key) != feed_uri
           raise UnsupportedAlgorithmError, "Unsupported algorithm"
         end
 
         feed
       end
-
-      def parse_did_from_token
-        auth = env['HTTP_AUTHORIZATION']
-
-        if auth.to_s.strip.empty?
-          return nil
-        end
-
-        if !auth.start_with?('Bearer ')
-          raise AuthorizationError, "Unsupported authorization method"
-        end
-
-        token = auth.gsub(/^Bearer /, '')
-        parts = token.split('.')
-        raise AuthorizationError.new("Invalid JWT format", "BadJwt") unless parts.length == 3
-
-        begin
-          payload = JSON.parse(Base64.decode64(parts[1]))
-          payload['iss']
-        rescue StandardError => e
-          raise AuthorizationError.new("Invalid JWT format", "BadJwt")
-        end
-      end
-
-      def validate_response(response)
-        cursor = response[:cursor]
-        raise InvalidResponseError, ":cursor key is missing" unless response.has_key?(:cursor)
-        raise InvalidResponseError, ":cursor should be a string or nil" unless cursor.nil? || cursor.is_a?(String)
-
-        posts = response[:posts]
-        raise InvalidResponseError, ":posts key is missing" unless response.has_key?(:posts)
-        raise InvalidResponseError, ":posts should be an array of strings" unless posts.is_a?(Array)
-        raise InvalidResponseError, ":posts should be an array of strings" unless posts.all? { |x| x.is_a?(String) }
-
-        if bad_uri = posts.detect { |x| x !~ AT_URI_REGEXP }
-          raise InvalidResponseError, "Invalid post URI: #{bad_uri}"
-        end
-      end
     end
 
     get '/xrpc/app.bsky.feed.getFeedSkeleton' do
       begin
-        feed = get_feed
+        feed = get_feed(params[:feed])
+        get_posts = feed.method(:get_posts)
         args = params.slice(:feed, :cursor, :limit)
 
         if config.enable_unsafe_auth
-          did = parse_did_from_token
-          response = feed.get_posts(args, did)
-        else
+          context = RequestContext.new(request)
+          response = feed.get_posts(args, context.user.raw_did)
+        elsif get_posts.arity == 1
           response = feed.get_posts(args)
+        elsif get_posts.arity == 2
+          context = RequestContext.new(request)
+          response = feed.get_posts(args, context)
+        else
+          raise InvalidFeedClassError, "get_posts method has invalid API (arity #{get_posts.arity})"
         end
 
-        validate_response(response) if config.validate_responses
-
-        output = {}
-        output[:feed] = response[:posts].map { |s| { post: s }}
-        output[:cursor] = response[:cursor] if response[:cursor]
-
-        return json_response(output)
+        json = OutputGenerator.new.generate(response)
+        return json_response(json)
       rescue InvalidRequestError => e
         return json_error(e.error_type || "InvalidRequest", e.message)
       rescue AuthorizationError => e
@@ -121,19 +84,24 @@ module BlueFactory
       rescue UnsupportedAlgorithmError => e
         return json_error("UnsupportedAlgorithm", e.message)
       rescue InvalidResponseError => e
-        return json_error("InvalidResponse", e.message)
+        if settings.development?
+          return json_error("InvalidResponse", e.message, status: 500)
+        else
+          request.logger&.<< "#{e.class}: #{e.message}\n"
+          return json_error("InvalidResponse", "Feed response was invalid", status: 500)
+        end
       end
     end
 
     get '/xrpc/app.bsky.feed.describeFeedGenerator' do
-      return json_response({
+      json_response({
         did: config.service_did,
         feeds: config.feed_keys.map { |f| { uri: feed_uri(f) }}
       })
     end
 
     get '/.well-known/did.json' do
-      return json_response({
+      json_response({
         '@context': ['https://www.w3.org/ns/did/v1'],
         id: config.service_did,
         service: [
@@ -145,5 +113,18 @@ module BlueFactory
         ]
       })
     end
+
+    post '/xrpc/app.bsky.feed.sendInteractions' do
+      if config.interactions_handler
+        json = JSON.parse(request.body.read)
+        interactions = json['interactions'].map { |x| Interaction.new(x) }
+        context = RequestContext.new(request)
+
+        config.interactions_handler.call(interactions, context)
+        status 200
+      else
+        json_error('MethodNotImplemented', 'Method Not Implemented', status: 501)
+      end
+    end
   end
 end

data/lib/blue_factory/tasks/publish.rake

@@ -22,6 +22,8 @@ namespace :bluesky do
       exit 1
     end
 
+    publisher_did = BlueFactory.publisher_did
+
     feed = BlueFactory.get_feed(feed_key)
 
     if feed.nil?
@@ -71,21 +73,29 @@ namespace :bluesky do
       avatar_data = File.read(avatar_file)
     end
 
-    server = ENV['SERVER_URL'] || "https://bsky.social"
+    did_url = if publisher_did.start_with?('did:plc:')
+      "https://plc.directory/#{publisher_did}"
+    else
+      web_domain = did.gsub(/^did\:web\:/, '')
+      "https://#{web_domain}/.well-known/did.json"
+    end
+
+    did_json = BlueFactory::Net.get_request(did_url)
+    pds_host = did_json['service'].detect { |x| x['id'] == '#atproto_pds' }['serviceEndpoint']
 
-    print "Enter password for your publisher account (#{BlueFactory.publisher_did}): "
+    print "Enter password for your publisher account (#{publisher_did}): "
     password = STDIN.noecho(&:gets).chomp
     puts
 
-    json = BlueFactory::Net.post_request(server, 'com.atproto.server.createSession', {
-      identifier: BlueFactory.publisher_did,
+    json = BlueFactory::Net.post_request(pds_host, 'com.atproto.server.createSession', {
+      identifier: publisher_did,
       password: password
     })
 
     access_token = json['accessJwt']
 
     if avatar_data
-      json = BlueFactory::Net.post_request(server, 'com.atproto.repo.uploadBlob', avatar_data,
+      json = BlueFactory::Net.post_request(pds_host, 'com.atproto.repo.uploadBlob', avatar_data,
         content_type: encoding, auth: access_token)
 
       avatar_ref = json['blob']
@@ -100,9 +110,10 @@ namespace :bluesky do
 
     record[:avatar] = avatar_ref if avatar_ref
     record[:contentMode] = feed_content_mode if feed_content_mode
+    record[:acceptsInteractions] = true if feed.respond_to?(:accepts_interactions) && feed.accepts_interactions
 
-    json = BlueFactory::Net.post_request(server, 'com.atproto.repo.putRecord', {
-      repo: BlueFactory.publisher_did,
+    json = BlueFactory::Net.post_request(pds_host, 'com.atproto.repo.putRecord', {
+      repo: publisher_did,
       collection: BlueFactory::FEED_GENERATOR_TYPE,
       rkey: feed_key,
       record: record

data/lib/blue_factory/tasks/support.rb

@@ -1,10 +1,27 @@
 require 'json'
 require 'net/http'
+require 'uri'
 
 module BlueFactory
   module Net
     class ResponseError < StandardError; end
 
+    def self.get_request(server, method = nil, params = nil, auth: nil)
+      headers = {}
+      headers['Authorization'] = "Bearer #{auth}" if auth
+
+      url = method ? URI("#{server}/xrpc/#{method}") : URI(server)
+
+      if params && !params.empty?
+        url.query = URI.encode_www_form(params)
+      end
+
+      response = ::Net::HTTP.get_response(url, headers)
+      raise ResponseError, "Invalid response: #{response.code} #{response.body}" if response.code.to_i / 100 != 2
+
+      JSON.parse(response.body)
+    end
+
     def self.post_request(server, method, data, auth: nil, content_type: "application/json")
       headers = {}
       headers['Content-Type'] = content_type

data/lib/blue_factory/user_info.rb

@@ -0,0 +1,38 @@
+require 'base64'
+require 'json'
+
+require_relative 'errors'
+
+module BlueFactory
+  class UserInfo
+    def initialize(auth_header)
+      @auth = auth_header
+    end
+
+    def token
+      @token ||= begin
+        if @auth.nil? || @auth.strip.empty?
+          nil
+        elsif !@auth.start_with?('Bearer ')
+          raise AuthorizationError, "Unsupported authorization method"
+        else
+          @auth.gsub(/^Bearer /, '')
+        end
+      end
+    end
+
+    def raw_did
+      return nil if token.nil?
+
+      parts = token.split('.')
+      raise AuthorizationError.new("Invalid JWT format", "BadJwt") unless parts.length == 3
+
+      begin
+        payload = JSON.parse(Base64.decode64(parts[1]))
+        payload['iss']
+      rescue StandardError => e
+        raise AuthorizationError.new("Invalid JWT format", "BadJwt")
+      end
+    end
+  end
+end

data/lib/blue_factory/version.rb

@@ -1,3 +1,3 @@
 module BlueFactory
-  VERSION = "0.1.5"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: blue_factory
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.2.0
 platform: ruby
 authors:
 - Kuba Suder
 bindir: bin
 cert_chain: []
-date: 2025-03-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -40,12 +40,17 @@ files:
 - lib/blue_factory.rb
 - lib/blue_factory/configuration.rb
 - lib/blue_factory/errors.rb
+- lib/blue_factory/interaction.rb
 - lib/blue_factory/modules/configurable.rb
 - lib/blue_factory/modules/feeds.rb
+- lib/blue_factory/modules/interactions.rb
+- lib/blue_factory/output_generator.rb
 - lib/blue_factory/rake.rb
+- lib/blue_factory/request_context.rb
 - lib/blue_factory/server.rb
 - lib/blue_factory/tasks/publish.rake
 - lib/blue_factory/tasks/support.rb
+- lib/blue_factory/user_info.rb
 - lib/blue_factory/version.rb
 - sig/blue_factory.rbs
 homepage: https://github.com/mackuba/blue_factory
@@ -69,7 +74,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.5
+rubygems_version: 3.6.9
 specification_version: 4
 summary: A Ruby gem for hosting custom feeds for Bluesky
 test_files: []