feat(privacy): user blocklist with private chat enforcement

- add blocked_users table and migration
- add users API: block, unblock, list blocked users
- prevent private chat creation and private messaging when block relation exists
- add block/unblock action in private chat info panel

alembic/versions/0010_blocked_users.py

@@ -0,0 +1,46 @@
+"""add blocked users table
+
+Revision ID: 0010_blocked_users
+Revises: 0009_chat_notification_settings
+Create Date: 2026-03-08 14:25:00.000000
+"""
+
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+revision: str = "0010_blocked_users"
+down_revision: Union[str, Sequence[str], None] = "0009_chat_notification_settings"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "blocked_users",
+        sa.Column("id", sa.Integer(), nullable=False),
+        sa.Column("user_id", sa.Integer(), nullable=False),
+        sa.Column("blocked_user_id", sa.Integer(), nullable=False),
+        sa.Column("created_at", sa.DateTime(timezone=True), nullable=False, server_default=sa.func.now()),
+        sa.ForeignKeyConstraint(["user_id"], ["users.id"], name=op.f("fk_blocked_users_user_id_users"), ondelete="CASCADE"),
+        sa.ForeignKeyConstraint(
+            ["blocked_user_id"],
+            ["users.id"],
+            name=op.f("fk_blocked_users_blocked_user_id_users"),
+            ondelete="CASCADE",
+        ),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_blocked_users")),
+        sa.UniqueConstraint("user_id", "blocked_user_id", name="uq_blocked_users_user_target"),
+    )
+    op.create_index(op.f("ix_blocked_users_id"), "blocked_users", ["id"], unique=False)
+    op.create_index(op.f("ix_blocked_users_user_id"), "blocked_users", ["user_id"], unique=False)
+    op.create_index(op.f("ix_blocked_users_blocked_user_id"), "blocked_users", ["blocked_user_id"], unique=False)
+
+
+def downgrade() -> None:
+    op.drop_index(op.f("ix_blocked_users_blocked_user_id"), table_name="blocked_users")
+    op.drop_index(op.f("ix_blocked_users_user_id"), table_name="blocked_users")
+    op.drop_index(op.f("ix_blocked_users_id"), table_name="blocked_users")
+    op.drop_table("blocked_users")

app/chats/service.py

@@ -22,7 +22,7 @@ from app.messages.repository import (
     list_chat_message_ids,
 )
 from app.realtime.presence import get_users_online_map
-from app.users.repository import get_user_by_id
+from app.users.repository import get_user_by_id, has_block_relation_between_users
 
 
 async def serialize_chat_for_user(db: AsyncSession, *, user_id: int, chat: Chat) -> ChatRead:
@@ -103,6 +103,11 @@ async def create_chat_for_user(db: AsyncSession, *, creator_id: int, payload: Ch
             detail="Private chat requires exactly one target user.",
         )
     if payload.type == ChatType.PRIVATE:
+        if await has_block_relation_between_users(db, user_a_id=creator_id, user_b_id=member_ids[0]):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Cannot create private chat due to block settings",
+            )
         existing_chat = await repository.find_private_chat_between_users(
             db,
             user_a_id=creator_id,

app/messages/service.py

@@ -10,6 +10,7 @@ from app.messages.models import Message
 from app.messages.spam_guard import enforce_message_spam_policy
 from app.messages.schemas import MessageCreateRequest, MessageForwardRequest, MessageStatusUpdateRequest, MessageUpdateRequest
 from app.notifications.service import dispatch_message_notifications
+from app.users.repository import has_block_relation_between_users
 
 
 async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: MessageCreateRequest) -> Message:
@@ -22,6 +23,10 @@ async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: Mess
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="You are not a member of this chat")
     if chat.type == ChatType.CHANNEL and membership.role == ChatMemberRole.MEMBER:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Only admins can post in channels")
+    if chat.type == ChatType.PRIVATE:
+        counterpart_id = await chats_repository.get_private_counterpart_user_id(db, chat_id=payload.chat_id, user_id=sender_id)
+        if counterpart_id and await has_block_relation_between_users(db, user_a_id=sender_id, user_b_id=counterpart_id):
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Cannot send message due to block settings")
     if payload.reply_to_message_id is not None:
         reply_to = await repository.get_message_by_id(db, payload.reply_to_message_id)
         if not reply_to or reply_to.chat_id != payload.chat_id:

app/users/models.py

@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import TYPE_CHECKING
 
-from sqlalchemy import Boolean, DateTime, String, func
+from sqlalchemy import Boolean, DateTime, ForeignKey, String, UniqueConstraint, func
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from app.database.base import Base
@@ -42,3 +42,13 @@ class User(Base):
         back_populates="user",
         cascade="all, delete-orphan",
     )
+
+
+class BlockedUser(Base):
+    __tablename__ = "blocked_users"
+    __table_args__ = (UniqueConstraint("user_id", "blocked_user_id", name="uq_blocked_users_user_target"),)
+
+    id: Mapped[int] = mapped_column(primary_key=True, index=True)
+    user_id: Mapped[int] = mapped_column(ForeignKey("users.id", ondelete="CASCADE"), nullable=False, index=True)
+    blocked_user_id: Mapped[int] = mapped_column(ForeignKey("users.id", ondelete="CASCADE"), nullable=False, index=True)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), nullable=False)

app/users/repository.py

@@ -1,9 +1,9 @@
 from datetime import datetime, timezone
 
-from sqlalchemy import func, select
+from sqlalchemy import and_, func, or_, select
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from app.users.models import User
+from app.users.models import BlockedUser, User
 
 
 async def create_user(db: AsyncSession, *, email: str, name: str, username: str, password_hash: str) -> User:
@@ -58,3 +58,52 @@ async def update_user_last_seen_now(db: AsyncSession, *, user_id: int) -> User |
     user.last_seen_at = datetime.now(timezone.utc)
     await db.flush()
     return user
+
+
+async def block_user(db: AsyncSession, *, user_id: int, blocked_user_id: int) -> BlockedUser:
+    existing = await get_block_relation(db, user_id=user_id, blocked_user_id=blocked_user_id)
+    if existing:
+        return existing
+    relation = BlockedUser(user_id=user_id, blocked_user_id=blocked_user_id)
+    db.add(relation)
+    await db.flush()
+    return relation
+
+
+async def unblock_user(db: AsyncSession, *, user_id: int, blocked_user_id: int) -> None:
+    relation = await get_block_relation(db, user_id=user_id, blocked_user_id=blocked_user_id)
+    if relation:
+        await db.delete(relation)
+
+
+async def get_block_relation(db: AsyncSession, *, user_id: int, blocked_user_id: int) -> BlockedUser | None:
+    result = await db.execute(
+        select(BlockedUser).where(
+            BlockedUser.user_id == user_id,
+            BlockedUser.blocked_user_id == blocked_user_id,
+        )
+    )
+    return result.scalar_one_or_none()
+
+
+async def has_block_relation_between_users(db: AsyncSession, *, user_a_id: int, user_b_id: int) -> bool:
+    result = await db.execute(
+        select(BlockedUser.id).where(
+            or_(
+                and_(BlockedUser.user_id == user_a_id, BlockedUser.blocked_user_id == user_b_id),
+                and_(BlockedUser.user_id == user_b_id, BlockedUser.blocked_user_id == user_a_id),
+            )
+        ).limit(1)
+    )
+    return result.scalar_one_or_none() is not None
+
+
+async def list_blocked_users(db: AsyncSession, *, user_id: int) -> list[User]:
+    stmt = (
+        select(User)
+        .join(BlockedUser, BlockedUser.blocked_user_id == User.id)
+        .where(BlockedUser.user_id == user_id)
+        .order_by(User.username.asc())
+    )
+    result = await db.execute(stmt)
+    return list(result.scalars().all())

app/users/router.py

@@ -5,7 +5,15 @@ from app.auth.service import get_current_user
 from app.database.session import get_db
 from app.users.models import User
 from app.users.schemas import UserProfileUpdate, UserRead, UserSearchRead
-from app.users.service import get_user_by_id, get_user_by_username, search_users_by_username, update_user_profile
+from app.users.service import (
+    block_user,
+    get_user_by_id,
+    get_user_by_username,
+    list_blocked_users,
+    search_users_by_username,
+    unblock_user,
+    update_user_profile,
+)
 
 router = APIRouter(prefix="/users", tags=["users"])
 
@@ -61,3 +69,36 @@ async def update_profile(
         avatar_url=payload.avatar_url,
     )
     return updated
+
+
+@router.get("/blocked", response_model=list[UserSearchRead])
+async def read_blocked_users(
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> list[UserSearchRead]:
+    return await list_blocked_users(db, user_id=current_user.id)
+
+
+@router.post("/{user_id}/block", status_code=status.HTTP_204_NO_CONTENT)
+async def block_user_endpoint(
+    user_id: int,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> None:
+    if user_id == current_user.id:
+        raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="Cannot block yourself")
+    target = await get_user_by_id(db, user_id)
+    if not target:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+    await block_user(db, user_id=current_user.id, blocked_user_id=user_id)
+
+
+@router.delete("/{user_id}/block", status_code=status.HTTP_204_NO_CONTENT)
+async def unblock_user_endpoint(
+    user_id: int,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> None:
+    if user_id == current_user.id:
+        return
+    await unblock_user(db, user_id=current_user.id, blocked_user_id=user_id)

app/users/service.py

@@ -52,3 +52,21 @@ async def update_user_profile(
     await db.commit()
     await db.refresh(user)
     return user
+
+
+async def block_user(db: AsyncSession, *, user_id: int, blocked_user_id: int) -> None:
+    await repository.block_user(db, user_id=user_id, blocked_user_id=blocked_user_id)
+    await db.commit()
+
+
+async def unblock_user(db: AsyncSession, *, user_id: int, blocked_user_id: int) -> None:
+    await repository.unblock_user(db, user_id=user_id, blocked_user_id=blocked_user_id)
+    await db.commit()
+
+
+async def has_block_relation_between_users(db: AsyncSession, *, user_a_id: int, user_b_id: int) -> bool:
+    return await repository.has_block_relation_between_users(db, user_a_id=user_a_id, user_b_id=user_b_id)
+
+
+async def list_blocked_users(db: AsyncSession, *, user_id: int) -> list[User]:
+    return await repository.list_blocked_users(db, user_id=user_id)

web/src/api/users.ts

@@ -24,3 +24,16 @@ export async function getUserById(userId: number): Promise<AuthUser> {
   const { data } = await http.get<AuthUser>(`/users/${userId}`);
   return data;
 }
+
+export async function listBlockedUsers(): Promise<UserSearchItem[]> {
+  const { data } = await http.get<UserSearchItem[]>("/users/blocked");
+  return data;
+}
+
+export async function blockUser(userId: number): Promise<void> {
+  await http.post(`/users/${userId}/block`);
+}
+
+export async function unblockUser(userId: number): Promise<void> {
+  await http.delete(`/users/${userId}/block`);
+}

web/src/components/ChatInfoPanel.tsx

@@ -11,7 +11,7 @@ import {
   updateChatMemberRole,
   updateChatTitle
 } from "../api/chats";
-import { getUserById, searchUsers } from "../api/users";
+import { blockUser, getUserById, listBlockedUsers, searchUsers, unblockUser } from "../api/users";
 import type { AuthUser, ChatDetail, ChatMember, UserSearchItem } from "../chat/types";
 import { useAuthStore } from "../store/authStore";
 import { useChatStore } from "../store/chatStore";
@@ -37,6 +37,8 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
   const [searchResults, setSearchResults] = useState<UserSearchItem[]>([]);
   const [muted, setMuted] = useState(false);
   const [savingMute, setSavingMute] = useState(false);
+  const [counterpartBlocked, setCounterpartBlocked] = useState(false);
+  const [savingBlock, setSavingBlock] = useState(false);
 
   const myRole = useMemo(() => members.find((m) => m.user_id === me?.id)?.role, [members, me?.id]);
   const isGroupLike = chat?.type === "group" || chat?.type === "channel";
@@ -73,6 +75,14 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
         if (!cancelled) {
           setMuted(notificationSettings.muted);
         }
+        if (detail.type === "private" && !detail.is_saved && detail.counterpart_user_id) {
+          const blocked = await listBlockedUsers();
+          if (!cancelled) {
+            setCounterpartBlocked(blocked.some((u) => u.id === detail.counterpart_user_id));
+          }
+        } else if (!cancelled) {
+          setCounterpartBlocked(false);
+        }
         await refreshMembers(chatId);
       } catch {
         if (!cancelled) setError("Failed to load chat info");
@@ -282,6 +292,31 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
               </div>
             ) : null}
 
+            {chat.type === "private" && !chat.is_saved && chat.counterpart_user_id ? (
+              <button
+                className="mb-3 w-full rounded bg-slate-700 px-3 py-2 text-sm disabled:opacity-60"
+                disabled={savingBlock}
+                onClick={async () => {
+                  setSavingBlock(true);
+                  try {
+                    if (counterpartBlocked) {
+                      await unblockUser(chat.counterpart_user_id!);
+                      setCounterpartBlocked(false);
+                    } else {
+                      await blockUser(chat.counterpart_user_id!);
+                      setCounterpartBlocked(true);
+                    }
+                  } catch {
+                    setError("Failed to update block status");
+                  } finally {
+                    setSavingBlock(false);
+                  }
+                }}
+              >
+                {counterpartBlocked ? "Unblock user" : "Block user"}
+              </button>
+            ) : null}
+
             {showMembersSection && (chat.type === "group" || chat.type === "channel") ? (
               <button
                 className="w-full rounded bg-slate-700 px-3 py-2 text-sm"