36 lines
1.2 KiB
JavaScript
36 lines
1.2 KiB
JavaScript
import { json, error } from '@sveltejs/kit';
|
|
import { nanoid } from 'nanoid';
|
|
import { insertReport, getPersonalityById } from '$lib/server/db.js';
|
|
import { checkPublishRate, getClientIp } from '$lib/server/ratelimit.js';
|
|
|
|
const VALID_REASONS = ['incorrect-data', 'duplicate', 'inappropriate', 'spam', 'other'];
|
|
|
|
export async function POST({ request }) {
|
|
const ip = getClientIp(request);
|
|
const rate = checkPublishRate(ip);
|
|
if (!rate.allowed) throw error(429, `Too many reports. Try again later.`);
|
|
|
|
let body;
|
|
try { body = await request.json(); }
|
|
catch { throw error(400, 'Invalid JSON'); }
|
|
|
|
const { personality_id, reason, notes } = body;
|
|
|
|
if (!personality_id || typeof personality_id !== 'string') throw error(400, 'Missing personality_id');
|
|
if (!VALID_REASONS.includes(reason)) throw error(400, 'Invalid reason');
|
|
|
|
const record = getPersonalityById(personality_id);
|
|
if (!record || record.deleted_at) throw error(404, 'Personality not found');
|
|
|
|
insertReport({
|
|
id: nanoid(10),
|
|
personality_id,
|
|
reason,
|
|
notes: typeof notes === 'string' ? notes.trim().slice(0, 500) : null,
|
|
reporter_ip: ip,
|
|
created_at: new Date().toISOString()
|
|
});
|
|
|
|
return json({ success: true }, { status: 201 });
|
|
}
|