use well-formed xrpc error + clean up readme

2025-06-04 23:16:44 +01:00 · 2025-06-04 23:16:44 +01:00 · a7259f9f88
commit a7259f9f88
parent a25ec9f235
3 changed files with 10 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -4,9 +4,11 @@ the application comprises a video CDN and a client that fetches a record and dis
 the appview does not ingest from any event stream, but rather fetches videos on-demand.

 there is an allowlist of trusted users whose videos can be proxied,
-since re-serving arbitrary user content can be a big liability.
+since rehosting arbitrary user content can be a big liability.

 ## to-do list

+- loading indicator when we're fetching from PDS / CDN
+- better validation / rpc via lexicon.ts
 - video cdn garbage collection (so that disk usage doesn't grow unbounded)
 - etc
--- a/appview/main.ts
+++ b/appview/main.ts
@ -49,8 +49,12 @@ async function fetchVideo(req: Request): Promise<Response> {

  if (!db.inAllowlist(body.repo)) {
    return new Response(
-      JSON.stringify({ error: "repo is not allowlisted on AppView" }),
+      JSON.stringify({
+        error: "Denied",
+        message: "repo is not allowlisted on AppView",
+      }),
      {
+        status: 400,
        headers: {
          "content-type": "application/json",
          "access-control-allow-origin": "*",
--- a/lexicon/fetchVideo.json
+++ b/lexicon/fetchVideo.json
@ -32,7 +32,8 @@
            }
          }
        }
-      }
+      },
+      "errors": [{ "name": "Denied" }]
    }
  }
 }