feat(privacy): user blocklist with private chat enforcement

- add blocked_users table and migration - add users API: block, unblock, list blocked users - prevent private chat creation and private messaging when block relation exists - add block/unblock action in private chat info panel
2026-03-08 02:19:37 +03:00
parent ea8a50ee05
commit 159a8ba516
9 changed files with 228 additions and 6 deletions
--- a/app/messages/service.py
+++ b/app/messages/service.py
@@ -10,6 +10,7 @@ from app.messages.models import Message
 from app.messages.spam_guard import enforce_message_spam_policy
 from app.messages.schemas import MessageCreateRequest, MessageForwardRequest, MessageStatusUpdateRequest, MessageUpdateRequest
 from app.notifications.service import dispatch_message_notifications
+from app.users.repository import has_block_relation_between_users


 async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: MessageCreateRequest) -> Message:
@@ -22,6 +23,10 @@ async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: Mess
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="You are not a member of this chat")
    if chat.type == ChatType.CHANNEL and membership.role == ChatMemberRole.MEMBER:
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Only admins can post in channels")
+    if chat.type == ChatType.PRIVATE:
+        counterpart_id = await chats_repository.get_private_counterpart_user_id(db, chat_id=payload.chat_id, user_id=sender_id)
+        if counterpart_id and await has_block_relation_between_users(db, user_a_id=sender_id, user_b_id=counterpart_id):
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Cannot send message due to block settings")
    if payload.reply_to_message_id is not None:
        reply_to = await repository.get_message_by_id(db, payload.reply_to_message_id)
        if not reply_to or reply_to.chat_id != payload.chat_id: