Implement report processing

Author: komarov

models/user/spam_report.go models/user/spamreport.gomodels/user/spam_report.go renamed to models/user/spamreport.go

@@ -11,14 +11,36 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 )
 
+// SpamReportStatusType is used to support a spam report lifecycle:
+//
+// Pending -> Processing
+// Processing -> Processed|Dismissed
+//
+// "Processing" status works as a lock for a record that is being processed.
 type SpamReportStatusType int
 
 const (
-	SpamReportStatusTypePending   = iota // 0
-	SpamReportStatusTypeProcessed        // 1
-	SpamReportStatusTypeDismissed        // 2
+	SpamReportStatusTypePending    = iota // 0
+	SpamReportStatusTypeProcessing        // 1
+	SpamReportStatusTypeProcessed         // 2
+	SpamReportStatusTypeDismissed         // 3
 )
 
+func (t SpamReportStatusType) String() string {
+	switch t {
+	case SpamReportStatusTypePending:
+		return "Pending"
+	case SpamReportStatusTypeProcessing:
+		return "Processing"
+	case SpamReportStatusTypeProcessed:
+		return "Processed"
+	case SpamReportStatusTypeDismissed:
+		return "Dismissed"
+	default:
+		panic(fmt.Sprintf("unknown SpamReportStatusType: %d", t))
+	}
+}
+
 type SpamReport struct {
 	ID          int64                `xorm:"pk autoincr"`
 	UserID      int64                `xorm:"UNIQUE"`
@@ -38,7 +60,7 @@ func init() {
 
 type ListSpamReportResults struct {
 	ID           int64
-	Status       int
+	Status       SpamReportStatusType
 	UserName     string
 	ReporterName string
 }

routers/web/admin/spamreports.go

@@ -1,16 +1,20 @@
 // Copyright 2025 The Gitea Authors.
 // SPDX-License-Identifier: MIT
 
+// BLENDER: spam reporting
+
 package admin
 
 import (
 	"net/http"
+	"strconv"
 
 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/context"
+	user_service "code.gitea.io/gitea/services/user"
 )
 
 const (
@@ -50,3 +54,31 @@ func SpamReports(ctx *context.Context) {
 
 	ctx.HTML(http.StatusOK, tplSpamReports)
 }
+
+func SpamReportsPost(ctx *context.Context) {
+	action := ctx.FormString("action")
+	// ctx.Req.PostForm is now parsed due to the call to FormString above
+	spamReportIDs := make([]int64, 0, len(ctx.Req.PostForm["spamreport_id"]))
+	for _, idStr := range ctx.Req.PostForm["spamreport_id"] {
+		id, err := strconv.ParseInt(idStr, 10, 64)
+		if err != nil {
+			ctx.ServerError("ParseSpamReportID", err)
+			return
+		}
+		spamReportIDs = append(spamReportIDs, id)
+	}
+
+	if action == "process" {
+		if err := user_service.ProcessSpamReports(ctx, spamReportIDs); err != nil {
+			ctx.ServerError("ProcessSpamReports", err)
+			return
+		}
+	}
+	if action == "dismiss" {
+		if err := user_service.DismissSpamReports(ctx, spamReportIDs); err != nil {
+			ctx.ServerError("DismissSpamReports", err)
+			return
+		}
+	}
+	ctx.Redirect(setting.AppSubURL + "/-/admin/spamreports")
+}

routers/web/user/setting/spam_report.go routers/web/user/setting/spamreport.gorouters/web/user/setting/spam_report.go renamed to routers/web/user/setting/spamreport.go

@@ -1,10 +1,11 @@
 // Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
+// BLENDER: spam reporting
+
 package setting
 
 import (
-	"fmt"
 	"net/http"
 
 	user_model "code.gitea.io/gitea/models/user"
@@ -15,9 +16,7 @@ import (
 
 func SpamReportUserPost(ctx *context.Context) {
 	canReportSpam, err := user_service.CanReportSpam(ctx, ctx.Doer)
-	fmt.Println("here0")
 	if err != nil {
-		fmt.Println("here1")
 		ctx.ServerError("CanReportSpam", err)
 		return
 	}
@@ -28,7 +27,6 @@ func SpamReportUserPost(ctx *context.Context) {
 
 	user, err := user_model.GetUserByName(ctx, username)
 	if err != nil {
-		fmt.Println("here2")
 		ctx.NotFoundOrServerError("GetUserByName", user_model.IsErrUserNotExist, nil)
 		return
 	}

routers/web/web.go

@@ -677,7 +677,7 @@ func registerRoutes(m *web.Router) {
 			m.Post("", web.Bind(forms.BlockUserForm{}), user_setting.BlockedUsersPost)
 		})
 
-		m.Post("/spam_report", user_setting.SpamReportUserPost)
+		m.Post("/spamreport", user_setting.SpamReportUserPost)
 	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "EnablePackages", setting.Packages.Enabled))
 
 	m.Group("/user", func() {
@@ -752,6 +752,7 @@ func registerRoutes(m *web.Router) {
 
 		m.Group("/spamreports", func() {
 			m.Get("", admin.SpamReports)
+			m.Post("", admin.SpamReportsPost)
 		})
 
 		m.Group("/orgs", func() {

services/user/spam_report.go

@@ -0,0 +1,161 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+// BLENDER: spam reporting
+
+package user
+
+import (
+	"context"
+	"fmt"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/organization"
+	issues_model "code.gitea.io/gitea/models/issues"
+	project_model "code.gitea.io/gitea/models/project"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/structs"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+// CanReportSpam tells if a doer is allowed to report spam.
+func CanReportSpam(ctx context.Context, doer *user_model.User) (bool, error) {
+		count, err := organization.GetOrganizationCount(ctx, doer)
+		if err != nil {
+			return false, fmt.Errorf("GetOrganizationCount: %w", err)
+		}
+		return count > 0, nil
+}
+
+// CreateSpamReport inserts a new record in default status=Pending
+// for further processing, either manual or automatical.
+func CreateSpamReport(ctx context.Context, reporter, user *user_model.User) error {
+	return db.Insert(ctx, &user_model.SpamReport{
+		ReporterID: reporter.ID,
+		UserID:     user.ID,
+	})
+}
+
+// ProcessSpamReports updates only reports in status "Pending" to avoid race conditions.
+func ProcessSpamReports(ctx context.Context, spamReportIDs []int64) error {
+	e := db.GetEngine(ctx)
+	var spamReports []user_model.SpamReport
+	err := e.In("id", spamReportIDs).Find(&spamReports)
+	if err != nil {
+		return fmt.Errorf("failed to fetch SpamReports: %w", err)
+	}
+
+	for _, spamReport := range spamReports {
+		id := spamReport.ID
+		count, err := e.ID(id).And("status = ?", user_model.SpamReportStatusTypePending).
+			Update(&user_model.SpamReport{Status: user_model.SpamReportStatusTypeProcessing})
+		if err != nil {
+			return fmt.Errorf("failed to set SpamReport.Status to Processing for id=%d: %w", id, err)
+		}
+		if count < 1 {
+			log.Info("Skipping SpamReport id=%d, status wasn't Pending", id)
+			continue
+		}
+
+		userID := spamReport.UserID
+		user := &user_model.User{ID: userID}
+		has, err := e.Get(user)
+		if err != nil {
+			return fmt.Errorf("failed to fetch user  userID=%d: %w", userID, err)
+		}
+		if !has {
+			return fmt.Errorf("user id=%d was not found", userID)
+		}
+
+		// Clean up everything and update report status if there were no errors.
+		// On failure the report will be processed partially and it will be stuck in Processing status.
+		//
+		// Not wrapping into a transaction due to a deadlock happening on sqlite
+		// when querying for comments after they were deleted, may need more investigation.
+		log.Info("Processing SpamReport id=%d for user %s", id, user.Name)
+
+		// UpdateUser and UpdateAuth to clean the profile and prohibit logins.
+		if err := UpdateUser(ctx, user,
+			&UpdateOptions{
+				Description: optional.Some(""),
+				FullName: optional.Some("Confirmed Spammer"),
+				IsActive: optional.Some(false),
+				IsRestricted: optional.Some(true),
+				Location: optional.Some(""),
+				MaxRepoCreation: optional.Some(0),
+				Visibility: optional.Some(structs.VisibleTypeLimited),
+				Website: optional.Some(""),
+			},
+		); err != nil {
+			return fmt.Errorf("failed to UpdateUser: %w", err)
+		}
+		if err := UpdateAuth(ctx, user, &UpdateAuthOptions{ProhibitLogin: optional.Some(true)}); err != nil {
+			return fmt.Errorf("failed to UpdateAuth: %w", err)
+		}
+
+		// Clean up all comments.
+		log.Info("Cleaning up comments by user %s", user.Name)
+		const batchSize = 50
+		for {
+			log.Info("started loop")
+			comments := make([]*issues_model.Comment, 0, batchSize)
+			if err := e.Where("type=? AND poster_id=?", issues_model.CommentTypeComment, userID).Limit(batchSize, 0).Find(&comments); err != nil {
+				return fmt.Errorf("failed to find comments to delete: %w", err)
+			}
+			log.Info("found %d comments", len(comments))
+			if len(comments) == 0 {
+				break
+			}
+
+			for _, comment := range comments {
+				log.Info("deleting comment %+v", *comment)
+				if err := issues_model.DeleteComment(ctx, comment); err != nil {
+					return fmt.Errorf("failed to delete comments: %w", err)
+				}
+			}
+			log.Info("finished loop")
+			e.Context(ctx).Close()
+		}
+
+		// Clean up all personal repos.
+		log.Info("Cleaning up personal repositories of user %s", user.Name)
+		if err := repo_service.DeleteOwnerRepositoriesDirectly(ctx, user); err != nil {
+			return fmt.Errorf("failed to clean up repositories: %w", err)
+		}
+
+		// Clean up all personal projects.
+		log.Info("Cleaning up personal projects of user %s", user.Name)
+		projectIDs, err := project_model.GetAllProjectsIDsByOwnerIDAndType(ctx, user.ID, project_model.TypeIndividual)
+		if err != nil {
+			return fmt.Errorf("failed to fetch personal project ids: %w", err)
+		}
+		for _, projectID := range projectIDs {
+			if err := project_model.DeleteProjectByID(ctx, projectID); err != nil {
+				return fmt.Errorf("failed to clean up personal project id=%d: %w", projectID, err)
+			}
+		}
+
+		// Everything is cleaned up, marking the spam report as Processed.
+		count, err = e.ID(id).And("status = ?", user_model.SpamReportStatusTypeProcessing).
+			Update(&user_model.SpamReport{Status: user_model.SpamReportStatusTypeProcessed})
+		if err != nil {
+			return fmt.Errorf("failed to set SpamReport.Status to Processed for id=%d: %w", id, err)
+		}
+		if count < 1 {
+			return fmt.Errorf("SpamReport id=%d status wasn't Processing, rolling back the transaction", id)
+		}
+		log.Info("Processed SpamReport id=%d for user %s", id, user.Name)
+	}
+	return nil
+}
+
+// DismissSpamReports updates only reports in status "Pending" to avoid race conditions
+// with the actual processing.
+func DismissSpamReports(ctx context.Context, spamReportIDs []int64) error {
+	_, err := db.GetEngine(ctx).In("id", spamReportIDs).
+		And("status = ?", user_model.SpamReportStatusTypePending).
+		Update(&user_model.SpamReport{Status: user_model.SpamReportStatusTypeDismissed})
+	return err
+}