Technical review queue (#4775)

* chore: fix typo in status message * feat(labrinth): overhaul malware scanner report storage and routes * chore: address some review comments * feat: add Delphi to Docker Compose `with-delphi` profile * chore: fix unused import Clippy lint * feat(labrinth/delphi): use PAT token authorization with project read scopes * chore: expose file IDs in version queries * fix: accept null decompiled source payloads from Delphi * tweak(labrinth): expose base62 file IDs more consistently for Delphi * feat(labrinth/delphi): support new Delphi report severity field * chore(labrinth): run `cargo sqlx prepare` to fix Docker build errors * tweak: add route for fetching Delphi issue type schema, abstract Labrinth away from issue types * chore: run `cargo sqlx prepare` * chore: fix typo on frontend generated state file message * feat: update to use new Delphi issue schema * wip: tech review endpoints * wip: add ToSchema for dependent types * wip: report issues return * wip * wip: returning more data * wip * Fix up db query * Delphi configuration to talk to Labrinth * Get Delphi working with Labrinth * Add Delphi dummy fixture * Better Delphi logging * Improve utoipa for tech review routes * Add more sorting options for tech review queue * Oops join * New routes for fetching issues and reports * Fix which kind of ID is returned in tech review endpoints * Deduplicate tech review report rows * Reduce info sent for projects * Fetch more thread info * Address PR comments * fix ci * fix postgres version mismatch * fix version creation * Implement routes * fix up tech review * Allow adding a moderation comment to Delphi rejections * fix up rebase * exclude rejected projects from tech review * add status change msg to tech review thread * cargo sqlx prepare * also ignore withheld projects * More filtering on issue search * wip: report routes * Fix up for build * cargo sqlx prepare * fix thread message privacy * New tech review search route * submit route * details have statuses now * add default to drid status * dedup issue details * fix sqlx query on empty files * fixes * Dedupe issue detail statuses and message on entering tech rev * Fix qa issues * Fix qa issues * fix review comments * typos * fix ci * feat: tech review frontend (#4781) * chore: fix typo in status message * feat(labrinth): overhaul malware scanner report storage and routes * chore: address some review comments * feat: add Delphi to Docker Compose `with-delphi` profile * chore: fix unused import Clippy lint * feat(labrinth/delphi): use PAT token authorization with project read scopes * chore: expose file IDs in version queries * fix: accept null decompiled source payloads from Delphi * tweak(labrinth): expose base62 file IDs more consistently for Delphi * feat(labrinth/delphi): support new Delphi report severity field * chore(labrinth): run `cargo sqlx prepare` to fix Docker build errors * tweak: add route for fetching Delphi issue type schema, abstract Labrinth away from issue types * chore: run `cargo sqlx prepare` * chore: fix typo on frontend generated state file message * feat: update to use new Delphi issue schema * wip: tech review endpoints * wip: add ToSchema for dependent types * wip: report issues return * wip * wip: returning more data * wip * Fix up db query * Delphi configuration to talk to Labrinth * Get Delphi working with Labrinth * Add Delphi dummy fixture * Better Delphi logging * Improve utoipa for tech review routes * Add more sorting options for tech review queue * Oops join * New routes for fetching issues and reports * Fix which kind of ID is returned in tech review endpoints * Deduplicate tech review report rows * Reduce info sent for projects * Fetch more thread info * Address PR comments * fix ci * fix ci * fix postgres version mismatch * fix version creation * Implement routes * feat: batch scan alert * feat: layout * feat: introduce surface variables * fix: theme selector * feat: rough draft of tech review card * feat: tab switcher * feat: batch scan btn * feat: api-client module for tech review * draft: impl * feat: auto icons * fix: layout issues * feat: fixes to code blocks + flag labels * feat: temp remove mock data * fix: search sort types * fix: intl & lint * chore: re-enable mock data * fix: flag badges + auto open first issue in file tab * feat: update for new routes * fix: more qa issues * feat: lazy load sources * fix: re-enable auth middleware * feat: impl threads * fix: lint & severity * feat: download btn + switch to using NavTabs with new local mode option * feat: re-add toplevel btns * feat: reports page consistency * fix: consistency on project queue * fix: icons + sizing * fix: colors and gaps * fix: impl endpoints * feat: load all flags on file tab * feat: thread generics changes * feat: more qa * feat: fix collapse * fix: qa * feat: msg modal * fix: ISO import * feat: qa fixes * fix: empty state basic * fix: collapsible region * fix: collapse thread by default * feat: rough draft of new process/flow * fix labrinth build * fix thread message privacy * New tech review search route * feat: qa fixes * feat: QA changes * fix: verdict on detail not whole issue * fix: lint + intl * fix: lint * fix: thread message for tech rev verdict * feat: use anim frames * fix: exports + typecheck * polish: qa changes * feat: qa * feat: qa polish * feat: fix malic modal * fix: lint * fix: qa + lint * fix: pagination * fix: lint * fix: qa * intl extract * fix ci --------- Signed-off-by: Calum H. <contact@cal.engineer> Co-authored-by: Alejandro González <me@alegon.dev> Co-authored-by: aecsocket <aecsocket@tutanota.com> --------- Signed-off-by: Calum H. <contact@cal.engineer> Co-authored-by: Alejandro González <me@alegon.dev> Co-authored-by: Calum H. <contact@cal.engineer>
2025-12-20 11:43:04 +00:00
parent 1e9e13aebb
commit 39f2b0ecb6
109 changed files with 6281 additions and 2017 deletions
--- a/apps/labrinth/src/routes/internal/admin.rs
+++ b/apps/labrinth/src/routes/internal/admin.rs
@@ -1,12 +1,9 @@
 use crate::auth::validate::get_user_record_from_bearer_token;
-use crate::database::models::thread_item::ThreadMessageBuilder;
 use crate::database::redis::RedisPool;
 use crate::models::analytics::Download;
 use crate::models::ids::ProjectId;
 use crate::models::pats::Scopes;
-use crate::models::threads::MessageBody;
 use crate::queue::analytics::AnalyticsQueue;
-use crate::queue::moderation::AUTOMOD_ID;
 use crate::queue::session::AuthQueue;
 use crate::routes::ApiError;
 use crate::search::SearchConfig;
@@ -17,17 +14,14 @@ use modrinth_maxmind::MaxMind;
 use serde::Deserialize;
 use sqlx::PgPool;
 use std::collections::HashMap;
-use std::fmt::Write;
 use std::net::Ipv4Addr;
 use std::sync::Arc;
-use tracing::info;

 pub fn config(cfg: &mut web::ServiceConfig) {
    cfg.service(
        web::scope("admin")
            .service(count_download)
-            .service(force_reindex)
-            .service(delphi_result_ingest),
+            .service(force_reindex),
    );
 }

@@ -163,98 +157,3 @@ pub async fn force_reindex(
    index_projects(pool.as_ref().clone(), redis.clone(), &config).await?;
    Ok(HttpResponse::NoContent().finish())
 }
-
-#[derive(Deserialize)]
-pub struct DelphiIngest {
-    pub url: String,
-    pub project_id: crate::models::ids::ProjectId,
-    pub version_id: crate::models::ids::VersionId,
-    pub issues: HashMap<String, HashMap<String, String>>,
-}
-
-#[post("/_delphi", guard = "admin_key_guard")]
-pub async fn delphi_result_ingest(
-    pool: web::Data<PgPool>,
-    redis: web::Data<RedisPool>,
-    body: web::Json<DelphiIngest>,
-) -> Result<HttpResponse, ApiError> {
-    if body.issues.is_empty() {
-        info!("No issues found for file {}", body.url);
-        return Ok(HttpResponse::NoContent().finish());
-    }
-
-    let webhook_url = dotenvy::var("DELPHI_SLACK_WEBHOOK")?;
-
-    let project = crate::database::models::DBProject::get_id(
-        body.project_id.into(),
-        &**pool,
-        &redis,
-    )
-    .await?
-    .ok_or_else(|| {
-        ApiError::InvalidInput(format!(
-            "Project {} does not exist",
-            body.project_id
-        ))
-    })?;
-
-    let mut header = format!("Suspicious traces found at {}", body.url);
-
-    for (issue, trace) in &body.issues {
-        for (path, code) in trace {
-            write!(
-                &mut header,
-                "\n issue {issue} found at file {path}: \n ```\n{code}\n```"
-            )
-            .unwrap();
-        }
-    }
-
-    crate::util::webhook::send_slack_project_webhook(
-        body.project_id,
-        &pool,
-        &redis,
-        webhook_url,
-        Some(header),
-    )
-    .await
-    .ok();
-
-    let mut thread_header = format!(
-        "Suspicious traces found at [version {}](https://modrinth.com/project/{}/version/{})",
-        body.version_id, body.project_id, body.version_id
-    );
-
-    for (issue, trace) in &body.issues {
-        for path in trace.keys() {
-            write!(
-                &mut thread_header,
-                "\n\n- issue {issue} found at file {path}"
-            )
-            .unwrap();
-        }
-
-        if trace.is_empty() {
-            write!(&mut thread_header, "\n\n- issue {issue} found").unwrap();
-        }
-    }
-
-    let mut transaction = pool.begin().await?;
-    ThreadMessageBuilder {
-        author_id: Some(crate::database::models::DBUserId(AUTOMOD_ID)),
-        body: MessageBody::Text {
-            body: thread_header,
-            private: true,
-            replying_to: None,
-            associated_images: vec![],
-        },
-        thread_id: project.thread_id,
-        hide_identity: false,
-    }
-    .insert(&mut transaction)
-    .await?;
-
-    transaction.commit().await?;
-
-    Ok(HttpResponse::NoContent().finish())
-}