benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(privacy): user blocklist with private chat enforcement
Some checks failed
CI / test (push) Failing after 21s
Details

Browse Source 
- add blocked_users table and migration
- add users API: block, unblock, list blocked users
- prevent private chat creation and private messaging when block relation exists
- add block/unblock action in private chat info panel
This commit is contained in:
Alex
2026-03-08 02:19:37 +03:00
parent ea8a50ee05
commit 159a8ba516
9 changed files with 228 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
app/users/router.py
View File

@@ -5,7 +5,15 @@ from app.auth.service import get_current_user
from app.database.session import get_db
from app.users.models import User
from app.users.schemas import UserProfileUpdate, UserRead, UserSearchRead
from app.users.service import get_user_by_id, get_user_by_username, search_users_by_username, update_user_profile
from app.users.service import (
block_user,
get_user_by_id,
get_user_by_username,
list_blocked_users,
search_users_by_username,
unblock_user,
update_user_profile,
)
router = APIRouter(prefix="/users", tags=["users"])
@@ -61,3 +69,36 @@ async def update_profile(
avatar_url=payload.avatar_url,
)
return updated
@router.get("/blocked", response_model=list[UserSearchRead])
async def read_blocked_users(
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> list[UserSearchRead]:
return await list_blocked_users(db, user_id=current_user.id)
@router.post("/{user_id}/block", status_code=status.HTTP_204_NO_CONTENT)
async def block_user_endpoint(
user_id: int,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> None:
if user_id == current_user.id:
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Cannot block yourself")
target = await get_user_by_id(db, user_id)
if not target:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
await block_user(db, user_id=current_user.id, blocked_user_id=user_id)
@router.delete("/{user_id}/block", status_code=status.HTTP_204_NO_CONTENT)
async def unblock_user_endpoint(
user_id: int,
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> None:
if user_id == current_user.id:
return
await unblock_user(db, user_id=current_user.id, blocked_user_id=user_id)