feat: reporting

2026-06-28 14:44:15 +00:00 · 2025-05-02 18:32:01 +01:00 · 2025-05-02 18:32:01 +01:00 · f633648fee
commit f633648fee
parent 334b6ec9b6
15 changed files with 494 additions and 11 deletions
--- a/src/app/api/report/route.ts
+++ b/src/app/api/report/route.ts
@ -0,0 +1,93 @@
+import { NextRequest, NextResponse } from "next/server";
+import { z } from "zod";
+import { ReportReason, ReportStatus, ReportType } from "@prisma/client";
+
+import { auth } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+import { RateLimit } from "@/lib/rate-limit";
+
+const reportSchema = z.object({
+	id: z.coerce.number({ message: "ID must be a number" }).int({ message: "ID must be an integer" }).positive({ message: "ID must be valid" }),
+	type: z.enum(["mii", "user"], { message: "Type must be either 'mii' or 'user'" }),
+	reason: z.enum(["inappropriate", "spam", "copyright", "other"], {
+		message: "Reason must be either 'inappropriate', 'spam', 'copyright', or 'other'",
+	}),
+	notes: z.string().trim().max(256).optional(),
+});
+
+const getReportSchema = z.object({
+	status: z.enum(["open", "resolved", "dismissed"], { message: "Status must be either 'open', 'resolved', or 'dismissed'" }).default("open"),
+});
+
+export async function POST(request: NextRequest) {
+	const session = await auth();
+	if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+	const rateLimit = new RateLimit(request, 2);
+	const check = await rateLimit.handle();
+	if (check) return check;
+
+	const body = await request.json();
+	const parsed = reportSchema.safeParse(body);
+
+	if (!parsed.success) return rateLimit.sendResponse({ error: parsed.error.errors[0].message }, 400);
+	const { id, type, reason, notes } = parsed.data;
+
+	// Check if the Mii or User exists
+	if (type === "mii") {
+		const mii = await prisma.mii.findUnique({ where: { id } });
+		if (!mii) return rateLimit.sendResponse({ error: "Mii not found" }, 404);
+	} else {
+		const user = await prisma.user.findUnique({ where: { id } });
+		if (!user) return rateLimit.sendResponse({ error: "User not found" }, 404);
+	}
+
+	// Check if user creating the report has already reported the same target before
+	const existing = await prisma.report.findFirst({
+		where: {
+			targetId: id,
+			reportType: type.toUpperCase() as ReportType,
+			authorId: Number(session.user.id),
+		},
+	});
+
+	if (existing) return rateLimit.sendResponse({ error: "You have already reported this" }, 400);
+
+	try {
+		await prisma.report.create({
+			data: {
+				reportType: type.toUpperCase() as ReportType,
+				targetId: id,
+				reason: reason.toUpperCase() as ReportReason,
+				reasonNotes: notes,
+				authorId: Number(session.user.id),
+			},
+		});
+	} catch (error) {
+		console.error("Report creation failed", error);
+		return rateLimit.sendResponse({ error: "Failed to create report" }, 500);
+	}
+
+	return rateLimit.sendResponse({ success: true });
+}
+
+export async function GET(request: NextRequest) {
+	const session = await auth();
+	if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+	// Check if user is an admin
+	if (Number(session.user.id) != Number(process.env.NEXT_PUBLIC_ADMIN_USER_ID))
+		return NextResponse.json({ error: "You're not an admin" }, { status: 403 });
+
+	const parsed = getReportSchema.safeParse(Object.fromEntries(request.nextUrl.searchParams));
+	if (!parsed.success) return NextResponse.json({ error: parsed.error.errors[0].message }, { status: 400 });
+	const { status } = parsed.data;
+
+	const reports = await prisma.report.findMany({
+		where: {
+			status: (status.toUpperCase() as ReportStatus) ?? "OPEN",
+		},
+	});
+
+	return NextResponse.json({ success: true, reports });
+}
--- a/src/app/mii/[id]/image/route.ts
+++ b/src/app/mii/[id]/image/route.ts
@ -35,6 +35,6 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
 		const buffer = await fs.readFile(filePath);
 		return new NextResponse(buffer);
 	} catch {
-		return rateLimit.sendResponse({ success: false, error: "Image not found" }, 404);
+		return rateLimit.sendResponse({ error: "Image not found" }, 404);
 	}
 }
--- a/src/app/mii/[id]/page.tsx
+++ b/src/app/mii/[id]/page.tsx
@ -176,6 +176,9 @@ export default async function MiiPage({ params }: Props) {
 							</>
 						)}

+						<Link href={`/report/mii/${mii.id}`} title="Report Mii" data-tooltip="Report" className="aspect-square">
+							<Icon icon="material-symbols:flag-rounded" />
+						</Link>
 						<ScanTutorialButton />
 					</div>
 				</div>
--- a/src/app/privacy/page.tsx
+++ b/src/app/privacy/page.tsx
@ -83,7 +83,7 @@ export default function PrivacyPage() {

 					<section>
 						<p className="mb-2">As a user, you have the right to:</p>
-						<ul className="list-disc list-inside">
+						<ul className="list-disc list-inside indent-4">
 							<li>Access the personal data we hold about you.</li>
 							<li>Request corrections to any inaccurate or incomplete information.</li>
 							<li>Request the deletion of your personal data.</li>
--- a/src/app/profile/settings/page.tsx
+++ b/src/app/profile/settings/page.tsx
@ -1,9 +1,5 @@
 import { Metadata } from "next";
 import { redirect } from "next/navigation";
-import Image from "next/image";
-import Link from "next/link";
-
-import { Icon } from "@iconify/react";

 import { auth } from "@/lib/auth";
 import { prisma } from "@/lib/prisma";
--- a/src/app/report/mii/[id]/page.tsx
+++ b/src/app/report/mii/[id]/page.tsx
@ -0,0 +1,47 @@
+import { Metadata } from "next";
+import { redirect } from "next/navigation";
+
+import { auth } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+
+import ReportMiiForm from "@/components/report/mii-form";
+
+interface Props {
+	params: Promise<{ id: string }>;
+}
+
+export const metadata: Metadata = {
+	title: "Report Mii - TomodachiShare",
+	description: "Report a Mii on TomodachiShare",
+	robots: {
+		index: false,
+		follow: false,
+	},
+};
+
+export default async function ReportMiiPage({ params }: Props) {
+	const session = await auth();
+	const { id } = await params;
+
+	const mii = await prisma.mii.findUnique({
+		where: {
+			id: Number(id),
+		},
+		include: {
+			_count: {
+				select: {
+					likedBy: true,
+				},
+			},
+		},
+	});
+
+	if (!session) redirect("/login");
+	if (!mii) redirect("/404");
+
+	return (
+		<div className="flex justify-center w-full">
+			<ReportMiiForm mii={mii} likes={mii._count.likedBy} />
+		</div>
+	);
+}
--- a/src/app/report/user/[id]/page.tsx
+++ b/src/app/report/user/[id]/page.tsx
@ -0,0 +1,40 @@
+import { Metadata } from "next";
+import { redirect } from "next/navigation";
+
+import { auth } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+
+import ReportUserForm from "@/components/report/user-form";
+
+interface Props {
+	params: Promise<{ id: string }>;
+}
+
+export const metadata: Metadata = {
+	title: "Report User - TomodachiShare",
+	description: "Report a user on TomodachiShare",
+	robots: {
+		index: false,
+		follow: false,
+	},
+};
+
+export default async function ReportUserPage({ params }: Props) {
+	const session = await auth();
+	const { id } = await params;
+
+	const user = await prisma.user.findUnique({
+		where: {
+			id: Number(id),
+		},
+	});
+
+	if (!session) redirect("/login");
+	if (!user) redirect("/404");
+
+	return (
+		<div className="flex justify-center w-full">
+			<ReportUserForm user={user} />
+		</div>
+	);
+}
--- a/src/app/terms-of-service/page.tsx
+++ b/src/app/terms-of-service/page.tsx
@ -10,7 +10,7 @@ export default function PrivacyPage() {
 		<div>
 			<h1 className="text-2xl font-bold">Terms of Service</h1>
 			<h2 className="font-light">
-				<strong className="font-medium">Effective Date:</strong> April 23, 2025
+				<strong className="font-medium">Effective Date:</strong> May 02, 2025
 			</h2>

 			<hr className="border-black/20 mt-1 mb-4" />
@ -33,7 +33,7 @@ export default function PrivacyPage() {

 					<section>
 						<p className="mb-2">As a user of this site, you must abide by these guidelines:</p>
-						<ul className="list-disc list-inside">
+						<ul className="list-disc list-inside indent-4">
 							<li>Nothing that would interfere with or gain unauthorized access to the website or its systems.</li>
 							<li>Nothing that is against the law in the United Kingdom.</li>
 							<li>No NSFW, violent, gory, or inappropriate Miis or images.</li>
@ -44,6 +44,9 @@ export default function PrivacyPage() {
 							<li>Avoid using inappropriate language. Profanity may be automatically censored.</li>
 							<li>No use of automated scripts, bots, or scrapers to access or interact with the site.</li>
 						</ul>
+						<p className="mt-2">
+							If you find anybody or a Mii breaking these rules, please report it by going to their page and clicking the &quot;Report&quot; button.
+						</p>
 					</section>
 				</li>
 				<li>
@ -96,10 +99,10 @@ export default function PrivacyPage() {
 							<a href="mailto:hello@trafficlunar.net" className="text-blue-700">
 								hello@trafficlunar.net
 							</a>
-							.
+							or by reporting the Mii on its page.
 						</p>
 						<p className="mb-2">Please include:</p>
-						<ul className="list-disc list-inside">
+						<ul className="list-disc list-inside indent-4">
 							<li>Your name and contact information</li>
 							<li>A description of the copyrighted work</li>
 							<li>A link to the allegedly infringing material</li>