Done with all Reporting system

Author: Bavithbabu

Reporting-API.md

@@ -0,0 +1,208 @@
+# Reporting API
+
+## Overview
+
+| Property | Value |
+|---|---|
+| **Base URL (Production)** | `https://inscriptions.cdacb.in/api` |
+| **Authentication** | `Authorization: Bearer <jwt-token>` — required on all endpoints |
+
+---
+
+## Endpoints at a Glance
+
+| Method | Endpoint | Description |
+|---|---|---|
+| `POST` | `/report` | Submit a new report |
+| `GET` | `/reports` | Fetch all reports |
+| `POST` | `/moderate/{id}` | Moderate a specific report |
+
+---
+
+## 1. `POST /report`
+
+> Submit a report against a Post, Comment, or User for moderation review.
+
+**Auth:** `Required`  
+**Roles:** `user` · `admin`
+
+### Request
+
+```http
+POST https://inscriptions.cdacb.in/api/report
+Authorization: Bearer <jwt-token>
+Content-Type: application/json
+```
+
+### Request Body
+
+```json
+{
+  "targetType": "POST",
+  "targetId": "6817a9d9f2b7b12c34d56789",
+  "reason": "SPAM",
+  "details": "This post is repeatedly promoting unrelated links."
+}
+```
+
+### Fields
+
+| Field | Type | Required | Validation |
+|---|---|---|---|
+| `targetType` | `enum` | Yes | `POST` \| `COMMENT` \| `USER` |
+| `targetId` | `string` | Yes | Must be a valid existing resource ID |
+| `reason` | `enum` | Yes | See Reason Values below |
+| `details` | `string` | Yes | Max 1000 characters |
+
+### `reason` Values
+
+| Value | Description |
+|---|---|
+| `SPAM` | Unsolicited or repetitive content |
+| `HATE_SPEECH` | Content promoting hatred or discrimination |
+| `MISINFORMATION` | False or misleading information |
+| `HARASSMENT` | Targeting or bullying another user |
+| `EXPLICIT_CONTENT` | Inappropriate or adult content |
+| `OTHER` | Any other violation not listed above |
+
+### Examples
+
+**Report a Post for Spam**
+
+```json
+{
+  "targetType": "POST",
+  "targetId": "6817a9d9f2b7b12c34d56789",
+  "reason": "SPAM",
+  "details": "This post is repeatedly promoting unrelated links."
+}
+```
+
+**Report a User for Harassment**
+
+```json
+{
+  "targetType": "USER",
+  "targetId": "6817a9d9f2b7b12c34d56000",
+  "reason": "HARASSMENT",
+  "details": "This user has been sending threatening messages to multiple members."
+}
+```
+
+---
+
+## 2. `GET /reports`
+
+> Fetch all moderation reports. Supports optional filtering by report status.
+
+**Auth:** `Required`  
+**Roles:** `admin` · `moderator` · `human_moderator` · `ai_moderator`
+
+### Request
+
+```http
+GET https://inscriptions.cdacb.in/api/reports
+Authorization: Bearer <jwt-token>
+```
+
+### Query Parameters
+
+| Parameter | Type | Required | Description |
+|---|---|---|---|
+| `status` | `enum` | No | Filter reports by status. Omit to return all reports. |
+
+### `status` Allowed Values
+
+| Value | Description |
+|---|---|
+| `PENDING` | Report filed but not yet picked up by AI screening |
+| `AI_SCREENING` | AI is currently evaluating the report |
+| `ESCALATED` | AI flagged it — waiting for a human moderator |
+| `RESOLVED` | Final decision made, report is closed |
+
+### Example Requests
+
+```http
+GET /reports
+Authorization: Bearer <jwt-token>
+```
+Returns **all reports** regardless of status.
+
+```http
+GET /reports?status=ESCALATED
+Authorization: Bearer <jwt-token>
+```
+Returns only reports that are **waiting for human review**.
+
+```http
+GET /reports?status=PENDING
+Authorization: Bearer <jwt-token>
+```
+Returns reports that are **queued for AI screening**.
+
+---
+
+## 3. `POST /moderate/{id}`
+
+> Moderate an escalated report by taking a moderation action on the reported content or user.
+
+**Auth:** `Required`  
+**Roles:** `admin` · `moderator` · `human_moderator` · `ai_moderator`
+
+### Request
+
+```http
+POST https://inscriptions.cdacb.in/api/moderate/{id}
+Authorization: Bearer <jwt-token>
+Content-Type: application/json
+```
+
+### Path Parameter
+
+| Parameter | Type | Required | Description |
+|---|---|---|---|
+| `id` | `string` | Yes | The `_id` of the report to moderate (MongoDB ObjectId) |
+
+### Request Body
+
+```json
+{
+  "action": "REMOVE_CONTENT",
+  "note": "Content clearly violates community spam guidelines."
+}
+```
+
+### Body Fields
+
+| Field | Type | Required | Validation |
+|---|---|---|---|
+| `action` | `enum` | **Yes** (for `ESCALATED` reports) | See Allowed Actions below |
+| `note` | `string` | No | Moderator's reason or remarks. Max 1000 chars. |
+
+> **Important:** When the report status is `ESCALATED`, the `action` field is **required**. Omitting it or sending an invalid value will return `400 Bad Request`.
+
+### Allowed Actions
+
+> These are the only actions a human moderator can submit. The AI uses `ESCALATE` and `NONE` internally — do not pass those.
+
+| Action | What it does |
+|---|---|
+| `WARN` | Issues a warning to the content author. Content remains visible. |
+| `REMOVE_CONTENT` | Deletes the reported post or comment. Increments author report count. |
+| `BAN_AUTHOR` | Deletes the content and permanently bans the content author. |
+| `BAN_REPORTER` | Blacklists the reporter (used when the report is false/abusive). Restores the reported content. |
+| `DISMISS` | Dismisses the report as invalid. Restores the reported content. |
+
+### Notes
+
+- This endpoint is for **human moderation only**. It is called when a report has `status: ESCALATED` (i.e., the AI could not auto-resolve it).
+- A moderator **cannot moderate their own content**. If the moderator's ID matches the content author's ID, the request will be rejected with `400`.
+- The `action` field is **required for `ESCALATED` reports**. Only these values are accepted: `WARN`, `REMOVE_CONTENT`, `BAN_AUTHOR`, `BAN_REPORTER`, `DISMISS`.
+- Every action is permanently recorded in `auditEntries` — this is the full audit trail for the report.
+- **Side effects by action:**
+  - `REMOVE_CONTENT` — deletes the post or comment from the platform.
+  - `BAN_AUTHOR` — deletes the content and marks the author as blacklisted.
+  - `BAN_REPORTER` — blacklists the reporter and restores the reported content to `ACCEPTED` status.
+  - `DISMISS` — restores the reported content to `ACCEPTED` status, no penalty applied.
+  - `WARN` — restores the content and increments the author's report count.
+- Once a report is `RESOLVED`, calling this endpoint again will return `400 Bad Request`.

src/main/java/com/cadac/stone_inscription/post/service/PostServiceImp.java

@@ -41,6 +41,7 @@
 import com.cadac.stone_inscription.repository.InscriptionPostRepo;
 import com.cadac.stone_inscription.repository.PublicPostDescriptionRepo;
 import com.cadac.stone_inscription.repository.UserRepository;
+import com.cadac.stone_inscription.user.service.BlacklistGuardService;
 import com.cadac.stone_inscription.util.UserResponse;
 
 @Service
@@ -69,6 +70,9 @@ public class PostServiceImp implements PostService {
     @Autowired
     private ContentDeleteService contentDeleteService;
 
+    @Autowired
+    private BlacklistGuardService blacklistGuardService;
+
     @Value("${app.backend.url}")
     private String backendUrl;
 
@@ -79,6 +83,7 @@ public ResponseEntity<?> addPostWithFile(InscriptionPostDto inscriptionPostDto,
             String usernameFromToken) {
 
         User user = userRepository.findByEmail(usernameFromToken);
+        blacklistGuardService.ensureCanCreateOrModifyContent(user);
         List<ImageMetaAndInfo> ls = validateAndExtractImages(files, user.getId(), Collections.emptySet(), true);
 
         // Below Line To use for Threshold similarty
@@ -232,6 +237,7 @@ public ResponseEntity<?> getAllUserPost(String usernameFromToken) {
     public ResponseEntity<?> addPoastDiscription(String usernameFromToken, String postId, String discription) {
 
         User user = userRepository.findByEmail(usernameFromToken);
+        blacklistGuardService.ensureCanCreateOrModifyContent(user);
         InscriptionPost post = inscriptionPostRepo.findById(new ObjectId(postId))
                 .orElseThrow(() -> new StoneInscriptionException("Unprocesable request", HttpStatus.BAD_REQUEST));
 
@@ -255,6 +261,7 @@ public ResponseEntity<?> getPostDiscription(String postId) {
     @Override
     public ResponseEntity<?> updatePostDiscription(String usernameFromToken, String postId, String discription) {
         User user = userRepository.findByEmail(usernameFromToken);
+        blacklistGuardService.ensureCanCreateOrModifyContent(user);
         Optional<PublicPostDescription> postDiscription = publicPostDescriptionRepo.findById(new ObjectId(postId));
 
         if (postDiscription.isEmpty()) {
@@ -396,6 +403,7 @@ public ResponseEntity<?> updatePost(String usernameFromToken, InscriptionPostDto
 
         InscriptionPost post = getOwnedPost(usernameFromToken, postId);
         User user = userRepository.findByEmail(usernameFromToken);
+        blacklistGuardService.ensureCanCreateOrModifyContent(user);
         List<String> existingImageIds = getExistingImageIds(post);
         List<String> imagesToDelete = validateDeletedImageIds(existingImageIds, deletedImageIds, false);
         Set<String> deletableImageIds = new HashSet<>(imagesToDelete);
@@ -441,6 +449,7 @@ public ResponseEntity<?> updatePost(String usernameFromToken, InscriptionPostDto
     public ResponseEntity<?> addImagesToPost(String usernameFromToken, String postId, MultipartFile[] files) {
         InscriptionPost post = getOwnedPost(usernameFromToken, postId);
         User user = userRepository.findByEmail(usernameFromToken);
+        blacklistGuardService.ensureCanCreateOrModifyContent(user);
         List<ImageMetaAndInfo> newImages = validateAndExtractImages(files, user.getId(), Collections.emptySet(), true);
 
         List<String> updatedImageIds = getExistingImageIds(post);

src/main/java/com/cadac/stone_inscription/report/service/ReportService.java

@@ -26,6 +26,7 @@
 import com.cadac.stone_inscription.report.specification.Specification;
 import com.cadac.stone_inscription.repository.UserAuthRepository;
 import com.cadac.stone_inscription.repository.UserRepository;
+import com.cadac.stone_inscription.user.service.BlacklistGuardService;
 import com.cadac.stone_inscription.util.UserResponse;
 
 import lombok.RequiredArgsConstructor;
@@ -43,18 +44,25 @@ public class ReportService {
     private final AiModerationHandler aiModerationHandler;
     private final HumanModerationHandler humanModerationHandler;
     private final List<Specification<ReportValidationContext>> reportSpecifications;
+    private final BlacklistGuardService blacklistGuardService;
 
     public ResponseEntity<?> createReport(String reporterEmail, CreateReportRequest request) {
         User reporter = getUserByEmail(reporterEmail);
+        blacklistGuardService.ensureCanReport(reporter);
         ResolvedReportTarget target = reportTargetResolver.resolve(request.getTargetType(), request.getTargetId());
 
         validateReportRequest(reporter, target);
 
         ModerationReport report = reportFactory.create(reporter, target, request);
         moderationReportRepository.save(report);
         reportActionService.markTargetUnderReview(target, reporter, request.getDetails());
+        moderateReportInternal(report, target, null, null);
 
-        return UserResponse.responseHandler("Report created successfully", HttpStatus.CREATED, report);
+        String message = report.getStatus() == ReportStatus.ESCALATED
+                ? "Report created and escalated for human moderation"
+                : "Report created and moderated successfully";
+
+        return UserResponse.responseHandler(message, HttpStatus.CREATED, report);
     }
 
     public ResponseEntity<?> getReports(String requesterEmail, ReportStatus status) {
@@ -82,19 +90,7 @@ public ResponseEntity<?> moderateReport(String actorEmail, String reportId, Mode
             ensureModerator(actorEmail);
         }
 
-        ModerationHandler moderationPipeline = buildModerationPipeline();
-        ModerationExecutionContext context = ModerationExecutionContext.builder()
-                .report(report)
-                .target(target)
-                .actor(actor)
-                .actorLabel(actor.getId().toHexString())
-                .requestedAction(request == null ? null : request.getAction())
-                .note(request == null ? null : request.getNote())
-                .reportActionService(reportActionService)
-                .build();
-
-        moderationPipeline.handle(context);
-        moderationReportRepository.save(report);
+        moderateReportInternal(report, target, actor, request);
 
         String message = report.getStatus() == ReportStatus.ESCALATED
                 ? "Report escalated for human moderation"
@@ -125,6 +121,26 @@ private ModerationHandler buildModerationPipeline() {
         return aiModerationHandler;
     }
 
+    private void moderateReportInternal(
+            ModerationReport report,
+            ResolvedReportTarget target,
+            User actor,
+            ModerateReportRequest request) {
+        ModerationHandler moderationPipeline = buildModerationPipeline();
+        ModerationExecutionContext context = ModerationExecutionContext.builder()
+                .report(report)
+                .target(target)
+                .actor(actor)
+                .actorLabel(actor == null || actor.getId() == null ? null : actor.getId().toHexString())
+                .requestedAction(request == null ? null : request.getAction())
+                .note(request == null ? null : request.getNote())
+                .reportActionService(reportActionService)
+                .build();
+
+        moderationPipeline.handle(context);
+        moderationReportRepository.save(report);
+    }
+
     private User getUserByEmail(String email) {
         User user = userRepository.findByEmail(email);
         if (user == null) {

src/main/java/com/cadac/stone_inscription/user/service/BlacklistGuardService.java

@@ -0,0 +1,25 @@
+package com.cadac.stone_inscription.user.service;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Service;
+
+import com.cadac.stone_inscription.entity.User;
+import com.cadac.stone_inscription.exception.StoneInscriptionException;
+
+@Service
+public class BlacklistGuardService {
+
+    public void ensureCanCreateOrModifyContent(User user) {
+        ensureNotBlacklisted(user, "Blacklisted users cannot create or modify content.");
+    }
+
+    public void ensureCanReport(User user) {
+        ensureNotBlacklisted(user, "Blacklisted users cannot file reports.");
+    }
+
+    private void ensureNotBlacklisted(User user, String message) {
+        if (user != null && Boolean.TRUE.equals(user.getBlackListed())) {
+            throw new StoneInscriptionException(message, HttpStatus.FORBIDDEN);
+        }
+    }
+}