replit/token-gated-economy
Archived
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
a95fd76ebd4301fd144ef76528349487c20a4bed
token-gated-economy/artifacts/api-server/src/routes/admin-relay-queue.ts
alexpaynex a95fd76ebd task/32: Event moderation queue + Timmy AI review 
## What was built
Full moderation pipeline: relay_event_queue table, strfry inject helper,
ModerationService with Claude haiku review, policy tier routing, 30s poll loop,
admin approve/reject/list endpoints.

## DB schema (`lib/db/src/schema/relay-event-queue.ts`)
relay_event_queue: event_id (PK), pubkey (FK → nostr_identities), kind,
raw_event (text JSON), status (pending/approved/rejected/auto_approved),
reviewed_by (timmy_ai/admin/null), review_reason, created_at, decided_at.
Exported from schema/index.ts. Pushed via pnpm run push.

## strfry HTTP client (`artifacts/api-server/src/lib/strfry.ts`)
injectEvent(rawEventJson) — POST {STRFRY_URL}/import (NDJSON).
STRFRY_URL defaults to "http://strfry:7777" (Docker internal network).
5s timeout; graceful failure in dev when strfry not running; never throws.

## ModerationService (`artifacts/api-server/src/lib/moderation.ts`)
- enqueue(event) — insert pending row; idempotent onConflictDoNothing
- autoReview(eventId) — Claude haiku prompt: approve or flag. On flag, marks
  reviewedBy=timmy_ai and leaves pending for admin. On approve, calls decide().
- decide(eventId, status, reason, reviewedBy) — updates DB + calls injectEvent
- processPending(limit=10) — batch poll: auto-review up to limit pending events
- Stub mode: auto-approves all events when Anthropic key absent

## Policy endpoint update (`artifacts/api-server/src/routes/relay.ts`)
Tier routing in evaluatePolicy:
  read/none → reject (unchanged)
  write + elite tier → injectEvent + accept (elite bypass; shadowReject if inject fails)
  write + non-elite → enqueue + shadowReject (held for moderation)
Imports db/nostrIdentities directly for tier check. Both inject and enqueue errors
are fail-closed (reject vs shadowReject respectively).

## Background poll loop (`artifacts/api-server/src/index.ts`)
setInterval every 30s calling moderationService.processPending(10).
Interval configurable via MODERATION_POLL_MS env var.
Errors caught per-event; poll loop never crashes the server.

## Admin queue routes (`artifacts/api-server/src/routes/admin-relay-queue.ts`)
ADMIN_SECRET Bearer auth (same pattern as admin-relay.ts).
GET  /api/admin/relay/queue?status=...        — list all / by status
POST /api/admin/relay/queue/:eventId/approve  — approve + inject into strfry
POST /api/admin/relay/queue/:eventId/reject   — reject (no inject)
409 on duplicate decisions. Registered in routes/index.ts.

## Smoke tests (all pass)
Unknown → reject ✓; elite → shadowReject (strfry unavailable in dev) ✓;
non-elite write → shadowReject + pending in queue ✓; admin approve → approved ✓;
moderation poll loop started ✓; TypeScript 0 errors.
2026-03-19 20:35:39 +00:00

164 lines
5.2 KiB
TypeScript
Raw Blame History

/**
* admin-relay-queue.ts — Admin endpoints for the event moderation queue.
*
* Protected by ADMIN_SECRET Bearer token (same pattern as admin-relay.ts).
*
* Routes:
* GET /api/admin/relay/queue — list queue (filterable by status)
* POST /api/admin/relay/queue/:eventId/approve — admin approve
* POST /api/admin/relay/queue/:eventId/reject — admin reject
*/
import { Router, type Request, type Response, type NextFunction } from "express";
import { db, relayEventQueue, type QueueStatus, QUEUE_STATUSES } from "@workspace/db";
import { eq } from "drizzle-orm";
import { makeLogger } from "../lib/logger.js";
import { moderationService } from "../lib/moderation.js";
const logger = makeLogger("admin-relay-queue");
const router = Router();
const ADMIN_SECRET = process.env["ADMIN_SECRET"] ?? "";
const IS_PROD = process.env["NODE_ENV"] === "production";
if (!ADMIN_SECRET && IS_PROD) {
logger.error("ADMIN_SECRET not set in production — admin relay queue routes are unprotected");
}
// ── Admin auth middleware ─────────────────────────────────────────────────────
function requireAdmin(req: Request, res: Response, next: NextFunction): void {
if (ADMIN_SECRET) {
const authHeader = req.headers["authorization"] ?? "";
const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : "";
if (token !== ADMIN_SECRET) {
res.status(401).json({ error: "Unauthorized" });
return;
}
} else {
const ip = req.ip ?? "";
const isLocal = ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1";
if (!isLocal) {
res.status(401).json({ error: "Unauthorized" });
return;
}
}
next();
}
// ── GET /admin/relay/queue ────────────────────────────────────────────────────
// Query param: ?status=pending|approved|rejected|auto_approved
// Default: returns all statuses.
router.get("/admin/relay/queue", requireAdmin, async (req: Request, res: Response) => {
const statusParam = req.query["status"] as string | undefined;
if (statusParam && !QUEUE_STATUSES.includes(statusParam as QueueStatus)) {
res.status(400).json({
error: `Invalid status '${statusParam}'. Must be one of: ${QUEUE_STATUSES.join(", ")}`,
});
return;
}
const rows = statusParam
? await db
.select()
.from(relayEventQueue)
.where(eq(relayEventQueue.status, statusParam as QueueStatus))
.orderBy(relayEventQueue.createdAt)
: await db
.select()
.from(relayEventQueue)
.orderBy(relayEventQueue.createdAt);
res.json({
total: rows.length,
events: rows.map((r) => ({
eventId: r.eventId,
pubkey: r.pubkey,
kind: r.kind,
status: r.status,
reviewedBy: r.reviewedBy,
reviewReason: r.reviewReason,
createdAt: r.createdAt,
decidedAt: r.decidedAt,
})),
});
});
// ── POST /admin/relay/queue/:eventId/approve ──────────────────────────────────
router.post(
"/admin/relay/queue/:eventId/approve",
requireAdmin,
async (req: Request, res: Response) => {
const { eventId } = req.params as { eventId: string };
const body = req.body as { reason?: string };
const reason = body.reason ?? "admin approval";
const rows = await db
.select({ status: relayEventQueue.status })
.from(relayEventQueue)
.where(eq(relayEventQueue.eventId, eventId))
.limit(1);
if (!rows[0]) {
res.status(404).json({ error: "Event not found in queue" });
return;
}
if (rows[0].status === "approved" || rows[0].status === "auto_approved") {
res.status(409).json({ error: "Event already approved" });
return;
}
await moderationService.decide(eventId, "approved", reason, "admin");
logger.info("admin approved queued event", {
eventId: eventId.slice(0, 8),
reason,
});
res.json({ ok: true, eventId, status: "approved", reason });
},
);
// ── POST /admin/relay/queue/:eventId/reject ───────────────────────────────────
router.post(
"/admin/relay/queue/:eventId/reject",
requireAdmin,
async (req: Request, res: Response) => {
const { eventId } = req.params as { eventId: string };
const body = req.body as { reason?: string };
const reason = body.reason ?? "admin rejection";
const rows = await db
.select({ status: relayEventQueue.status })
.from(relayEventQueue)
.where(eq(relayEventQueue.eventId, eventId))
.limit(1);
if (!rows[0]) {
res.status(404).json({ error: "Event not found in queue" });
return;
}
if (rows[0].status === "rejected") {
res.status(409).json({ error: "Event already rejected" });
return;
}
await moderationService.decide(eventId, "rejected", reason, "admin");
logger.info("admin rejected queued event", {
eventId: eventId.slice(0, 8),
reason,
});
res.json({ ok: true, eventId, status: "rejected", reason });
},
);
export default router;
Reference in New Issue View Git Blame Copy Permalink