c9d8e0c7e6
SECURITY CLEANUP COMPLETED High Priority - Sensitive Data Removed: - Delete directus_ecosystem_with_keys.js (contained DB password & API keys) - Delete directus_ecosystem_updated.js (contained credentials) - Delete directus_ecosystem_final.js (CRITICAL: real OpenAI API key) - Delete temp_server.env (complete production secrets) - Delete check_config.js (API key inspection script) - Delete extract_keys.ps1/.bat (key extraction scripts) - Delete fix_database_url.sh (server IP & SSH paths) - Delete setup_fcm_server.sh (sensitive config procedures) Medium Priority - AI-Generated Test Files: - Delete 5 test JavaScript files (OpenAI, Go backend, Vision API tests) - Delete 10 test registration JSON files (registration flow tests) - Delete 4 temporary Go files (AI-generated patches) Low Priority - Temporary Artifacts: - Delete _tmp_* files and directories - Delete log files (api_logs.txt, web_errors.log, flutter_01.log, log.ini) - Delete import requests.py (Python test script) Files Secured (Legitimate): - Keep .env file (contains legitimate production secrets) - Keep production scripts and configuration files - Keep organized migrations and documentation Cleanup Summary: - 30+ files removed - Risk level: HIGH LOW - No exposed API keys or credentials - Clean project structure - Enhanced security posture Documentation Added: - SECURITY_AUDIT_CLEANUP.md - Complete audit report - SQL_MIGRATION_ORGANIZATION.md - Migration organization guide - ENHANCED_REGISTRATION_FLOW.md - Registration system docs - TURNSTILE_INTEGRATION_COMPLETE.md - Security integration docs - USER_APPEAL_SYSTEM.md - Appeal system documentation Benefits: - Eliminated API key exposure - Removed sensitive server information - Clean AI-generated test artifacts - Professional project organization - Enhanced security practices - Comprehensive documentation
5.2 KiB
5.2 KiB
User Appeal System - Comprehensive Guide
🎯 Overview
A nuanced violation and appeal system that prioritizes content moderation over immediate bans. Users get multiple chances with clear progression from warnings to suspensions to bans.
📊 Violation Tiers
🚫 Hard Violations (No Appeal)
- Racial slurs, hate speech, explicit threats
- Illegal content, CSAM, terrorism
- Immediate content deletion
- Account status change: warning → suspended → banned
- No appeal option
⚠️ Soft Violations (Appealable)
- Borderline content, gray areas
- Context-dependent issues
- Content hidden pending moderation
- User can appeal with explanation
- Monthly appeal limits apply
🔄 Violation Progression
Account Status Levels
- 🟢 Active - Normal user status
- 🟡 Warning - First serious violation
- 🟠 Suspended - Multiple violations
- 🔴 Banned - Too many violations
Thresholds (30-day window)
- 1 Hard Violation → Warning
- 2 Hard Violations → Suspended
- 3 Hard Violations → Banned
- 3 Total Violations → Warning
- 5 Total Violations → Suspended
- 8 Total Violations → Banned
🛡️ Content Handling
Hard Violations
- ✅ Content deleted immediately
- ✅ Posts/comments removed
- ✅ User notified of account status change
- ✅ Violation recorded in history
Soft Violations
- ✅ Content hidden (status: pending_moderation)
- ✅ User can appeal within 72 hours
- ✅ 3 appeals per month limit
- ✅ Content restored if appeal approved
📋 User Interface
In User Settings
- 📊 Violation Summary - Total counts, current status
- 📜 Violation History - Detailed list of all violations
- 🚩 Appeal Options - For appealable violations
- ⏰ Appeal Deadlines - Clear time limits
- 📈 Progress Tracking - See account status progression
Appeal Process
- User submits appeal with reason (10-1000 chars)
- Optional context and evidence URLs
- Admin reviews within 24-48 hours
- Decision: Approved (content restored) or Rejected (content stays hidden)
🔧 API Endpoints
User Endpoints
GET /api/v1/appeals - Get user violations
GET /api/v1/appeals/summary - Get violation summary
POST /api/v1/appeals - Create appeal
GET /api/v1/appeals/:id - Get appeal details
Admin Endpoints
GET /api/v1/admin/appeals/pending - Get pending appeals
PATCH /api/v1/admin/appeals/:id/review - Review appeal
GET /api/v1/admin/appeals/stats - Get appeal statistics
📊 Database Schema
Key Tables
- user_violations - Individual violation records
- user_appeals - Appeal submissions and decisions
- user_violation_history - Daily violation tracking
- appeal_guidelines - Configurable rules
Violation Tracking
- Content deletion status
- Account status changes
- Appeal history
- Progressive penalties
🎛️ Admin Tools
In Directus
- user_violations collection - Review all violations
- user_appeals collection - Manage appeals
- user_violation_history - Track patterns
- appeal_guidelines - Configure rules
Review Workflow
- See pending appeals in Directus
- Review violation details and user appeal
- Approve/Reject with decision reasoning
- System handles content restoration and status updates
🔄 Appeal Outcomes
Approved Appeal
- ✅ Content restored (if soft violation)
- ✅ Violation marked as "overturned"
- ✅ Account status may improve
- ✅ User notified of decision
Rejected Appeal
- ❌ Content stays hidden/deleted
- ❌ Violation marked as "upheld"
- ❌ Account status may worsen
- ❌ User notified of decision
📈 Analytics & Tracking
Metrics Available
- Violation trends by type and user
- Appeal success rates
- Account status progression
- Content deletion statistics
- Repeat offender patterns
Automated Actions
- Content deletion for hard violations
- Account status updates based on thresholds
- Appeal deadline enforcement
- Monthly appeal limit enforcement
🚀 Benefits
For Users
- Fair treatment with clear progression
- Appeal options for gray areas
- Transparency about violations
- Multiple chances before ban
For Platform
- Reduced moderation burden with automation
- Clear audit trail for all decisions
- Scalable violation management
- Data-driven policy enforcement
🎯 Implementation Status
✅ Fully Deployed
- Database schema created
- API endpoints implemented
- Violation logic active
- Appeal system functional
- Directus integration complete
✅ Ready for Use
- Users can view violations in settings
- Appeals can be submitted and reviewed
- Content automatically managed
- Account status progression active
The system provides a balanced approach that protects the platform while giving users fair opportunities to correct mistakes.