Major improvement, security handling, file handling +fixes

2026-05-23 00:13:56 +02:00
parent 2129081599
commit a7b44af91a
25 changed files with 925 additions and 116 deletions
--- a/README.md
+++ b/README.md
@@ -21,7 +21,12 @@ cg.cx lets Telegram users upload media, documents, or plain text and receive a s
 | **Auto-Destruct**           | Uploaders can set a max view count; content self-destructs once the limit is reached.                                                   |
 | **Password Protection**     | Optional per-content passwords with Argon2id-hashed verification and HMAC-SHA256 session cookies.                                       |
 | **Admin Moderation**        | Blacklist / whitelist user IDs, delete content, review reports via Telegram admin groups.                                               |
-| **Reporting**               | Users can report content; reports are routed to review groups with inline admin actions.                                                |
+| **Reporting**               | Users can report content via the homepage Misc section or the Telegram bot; reports are routed to review groups with inline admin actions. |
+| **Author Visibility**       | Uploaders can toggle whether their Telegram username/ID is shown on the share page.                                                     |
+| **Username Tracking**       | Username changes are logged to a JSON file for audit and moderation purposes.                                                             |
+| **Global Ban Config**       | Optional `global_ban` flag propagates punishments across all configured admin groups, review groups, and active forward chats.            |
+| **Content Deduplication**   | BLAKE3 plaintext hashing enables automatic reuse of existing encrypted files when identical content is re-uploaded.                       |
+| **Hash Blacklist**          | Moderators can block re-uploads of known-banned content by its plaintext hash at ingestion time.                                          |
 | **Streaming Decryption**    | Large encrypted files are decrypted and streamed chunk-by-chunk without loading into memory.                                            |
 | **Content Typing & Safety** | Automatic MIME detection and render flags flag dangerous/executable files for safe handling.                                            |

@@ -265,6 +270,11 @@ Migrations are managed by `rusqlite_migration` and embedded into the `cgcx-db` c

 - `migrations/001_init.sql` - Creates `users`, `contents`, `content_files`, `reports`, and `admin_actions` tables.
 - `migrations/002_indexes.sql` - Adds performance indexes on foreign keys, status columns, and report state.
+- `migrations/003_forward_system.sql` - Forward definitions, submissions, and per-forward access lists.
+- `migrations/004_punishments.sql` - Punishment records with auto-expiration support.
+- `migrations/005_show_author.sql` - Adds `show_author` column to `contents`.
+- `migrations/006_dedup.sql` - Adds `plaintext_hash` and `ref_count` to `content_files` for deduplication.
+- `migrations/007_hash_blacklist.sql` - Creates the `hash_blacklist` table for blocked content hashes.

 On startup, both the bot and server call `db.run_migrations()`, which applies any pending migrations automatically. The database is opened with:

@@ -362,15 +372,16 @@ Admin commands are restricted to users in configured `admin_group_ids` who also
 | Command          | Usage                      | Description                                                                                    |
 | ---------------- | -------------------------- | ---------------------------------------------------------------------------------------------- |
 | `/reload`        | `/reload`                  | Reloads moderation lists from disk (`data/blacklisted_ids.json`, `data/whitelisted_ids.json`). |
-| `/blacklist_uid` | `/blacklist_uid <user_id>` | Blacklists a Telegram user ID and sets their role to `banned`.                                 |
-| `/whitelist_uid` | `/whitelist_uid <user_id>` | Whitelists a Telegram user ID (relevant in whitelist mode).                                    |
+| `/blacklist_uid` | `/blacklist_uid <user_id>` | Blacklists a Telegram user ID globally and sets their role to `banned`. Shows usage info if the ID is missing. |
+| `/whitelist_uid` | `/whitelist_uid <user_id>` | Removes a user from the global blacklist and restores their role to `user`. Shows usage info if the ID is missing. |

 ### Review Groups

 Reports submitted by users are forwarded to all configured `review_group_ids` with an inline keyboard:

- **🗑 Delete** - Sets content status to `deleted`.
- **⛔ Blacklist User** - Blacklists the uploader and bans them.
+- **🗑⛔ Rmv + Ban** - Deletes the reported content and blacklists the uploader.
+- **🗑 Delete Only** - Deletes the reported content.
+- **⛔ Blacklist Only** - Blacklists the uploader and sets their role to `banned`.
 - **📝 Ignore** - Dismisses the report.

 ### Moderation Modes