V0.1.1 release, close to actual release. Bug & security fixes/improvements.

agent1_batch2.md

@@ -0,0 +1,64 @@
+# Agent 1 — Batch 2 Implementation Report
+
+## Task
+Implement `POST /api/content/:cxid/report` in `crates/cgcx-server/src/main.rs`.
+
+## Changes Made
+
+### 1. `crates/cgcx-server/Cargo.toml`
+- Added dependency:
+  ```toml
+  reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
+  ```
+
+### 2. `crates/cgcx-server/src/main.rs`
+- **Imports**: Added `ReportRepo` to the `cgcx_db` import list.
+- **AppState**: Added `http_client: reqwest::Client` field.
+- **Main initialization**: Created `reqwest::Client::new()` and included it in `AppState`.
+- **Route**: Added `.route("/api/content/:cxid/report", post(report_content))` to the main router.
+  - The route is automatically covered by the existing `tower_governor::GovernorLayer` applied to the whole app.
+- **Structs**:
+  - Added `ReportRequest { reason: String }` for JSON deserialization.
+- **Handler `report_content`**:
+  1. Parses `cxid` from path parameter.
+  2. Looks up content via `ContentRepo::get`; returns `404 Not Found` if missing.
+  3. Validates content is active (not `Deleted` or `Blacklisted`); returns `404` otherwise.
+  4. Counts associated files via `ContentFileRepo::list_by_content`.
+  5. Inserts a report row via `ReportRepo::insert` with `reporter_user_id = 0`.
+  6. Constructs an HTML notification message matching the bot’s report format:
+     ```
+     <b>[ NEW REPORT ]</b> #{report_id}
+
+     CXID: <code>{cxid}</code>
+     Reporter: <i>web</i>
+     Owner: <code>{content.user_id}</code>
+     Uploaded: <i>{content.created_at}</i>
+     Files: <b>{file_count}</b>
+     ```
+  7. Sends the message to **all** configured `review_group_ids` via direct HTTPS `POST` to the Telegram Bot API (`{api_base}/bot{token}/sendMessage`).
+  8. Includes an inline keyboard with the same admin actions as bot reports:
+     - `[ Rmv + Ban ]` → `v1:admin:delblk:{report_id}`
+     - `[ Delete Only ]` → `v1:admin:del:{report_id}`
+     - `[ Blacklist Only ]` → `v1:admin:blk:{report_id}`
+     - `[ Ignore ]` → `v1:admin:ign:{report_id}`
+  9. If any HTTPS call fails, logs a `tracing::warn` but **does not** fail the HTTP request.
+  10. Returns `204 No Content` on success.
+
+## Validation
+
+- `cargo check -p cgcx-server` — **PASSED** (clean compile, no warnings).
+- The router merge order places the new route inside the same `Router` that gets the general governor layer, so rate limiting applies automatically.
+
+## Open Risks / Notes
+
+1. **Foreign Key for `reporter_user_id = 0`**: The `reports` table has `FOREIGN KEY (reporter_user_id) REFERENCES users(id)`. If SQLite `PRAGMA foreign_keys = ON` is active and no user with `id = 0` exists, the insert will fail with a database error (returned as `500 Internal Server Error`). This matches the explicit instruction to use `0` for web submissions, but the project may need a dummy user row or a schema adjustment if this becomes an issue in production.
+2. **Telegram API failures are non-blocking**: As required, a failed notification is only logged; the caller still receives `204`. This means review groups could miss reports if the network or Telegram API is down.
+3. **No dedicated rate limit for reports**: The endpoint shares the general API rate-limit bucket. If high report volume is expected, a separate governor config (like the password route) could be considered later.
+
+## Recommended Next Step
+
+- Verify the frontend report submission flow end-to-end against the new endpoint.
+- Optionally seed a user with `id = 0` (or relax the FK) if web reports trigger foreign-key violations.
+
+---
+**Date**: 2026-05-24