cyberrapists/cg_api_secure-webshare
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b004e1594877a863c2eb96183fa99dbde1a781763165f62c55d1842dc56640b4
cg_api_secure-webshare/agent1_batch2.md

3.5 KiB
Raw Blame History

Agent 1 — Batch 2 Implementation Report

Task

Implement POST /api/content/:cxid/report in crates/cgcx-server/src/main.rs.

Changes Made

1. crates/cgcx-server/Cargo.toml

  • Added dependency: 
    reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }

2. crates/cgcx-server/src/main.rs

  • Imports: Added ReportRepo to the cgcx_db import list.
  • AppState: Added http_client: reqwest::Client field.
  • Main initialization: Created reqwest::Client::new() and included it in AppState.
  • Route: Added .route("/api/content/:cxid/report", post(report_content)) to the main router.
    • The route is automatically covered by the existing tower_governor::GovernorLayer applied to the whole app.
  • Structs:
    • Added ReportRequest { reason: String } for JSON deserialization.
  • Handler report_content:
    1. Parses cxid from path parameter.
    2. Looks up content via ContentRepo::get; returns 404 Not Found if missing.
    3. Validates content is active (not Deleted or Blacklisted); returns 404 otherwise.
    4. Counts associated files via ContentFileRepo::list_by_content.
    5. Inserts a report row via ReportRepo::insert with reporter_user_id = 0.
    6. Constructs an HTML notification message matching the bots report format: 
      <b>[ NEW REPORT ]</b> #{report_id}

CXID: <code>{cxid}</code>
Reporter: <i>web</i>
Owner: <code>{content.user_id}</code>
Uploaded: <i>{content.created_at}</i>
Files: <b>{file_count}</b>
    7. Sends the message to all configured review_group_ids via direct HTTPS POST to the Telegram Bot API ({api_base}/bot{token}/sendMessage).
    8. Includes an inline keyboard with the same admin actions as bot reports:
      • [ Rmv + Ban ]v1:admin:delblk:{report_id}
      • [ Delete Only ]v1:admin:del:{report_id}
      • [ Blacklist Only ]v1:admin:blk:{report_id}
      • [ Ignore ]v1:admin:ign:{report_id}
    9. If any HTTPS call fails, logs a tracing::warn but does not fail the HTTP request.
    10. Returns 204 No Content on success.

Validation

  • cargo check -p cgcx-serverPASSED (clean compile, no warnings).
  • The router merge order places the new route inside the same Router that gets the general governor layer, so rate limiting applies automatically.

Open Risks / Notes

  1. Foreign Key for reporter_user_id = 0: The reports table has FOREIGN KEY (reporter_user_id) REFERENCES users(id). If SQLite PRAGMA foreign_keys = ON is active and no user with id = 0 exists, the insert will fail with a database error (returned as 500 Internal Server Error). This matches the explicit instruction to use 0 for web submissions, but the project may need a dummy user row or a schema adjustment if this becomes an issue in production.
  2. Telegram API failures are non-blocking: As required, a failed notification is only logged; the caller still receives 204. This means review groups could miss reports if the network or Telegram API is down.
  3. No dedicated rate limit for reports: The endpoint shares the general API rate-limit bucket. If high report volume is expected, a separate governor config (like the password route) could be considered later.

Recommended Next Step

  • Verify the frontend report submission flow end-to-end against the new endpoint.
  • Optionally seed a user with id = 0 (or relax the FK) if web reports trigger foreign-key violations.

Date: 2026-05-24

Reference in New Issue View Git Blame Copy Permalink