Add handling of content reports (#949)

* add config vars for sending complaint mails

* add ComplaintNotification

* clearer naming

* add ComplaintController

* add route

* add ExternalComplaintNotification

* templating

* switch order of notifications

* add WIP tests

* restrict email validation to rfc filter

* fix email validation rule condition

* add multi mail address test case

* refactored class naming

* WIP persist notifications in database

* add ComplaintRecord class

* extend test cases

* adjust field names to UI code

* fix testRecordOnMailFail status code assert

* adjust parameter names in test case

* reduce size limit of text fields to 1000

* fix field names in test

* remove form contents from externail mail notification

Author: deer-wmde

app/ComplaintRecord.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Carbon;
+
+/**
+ * App\ComplaintRecord.
+ *
+ * @property int $id
+ * @property string|null $name
+ * @property string|null $mail_address
+ * @property string $reason
+ * @property string $offending_urls
+ * @property \Illuminate\Support\Carbon|null $dispatched_at
+ * @property \Illuminate\Support\Carbon|null $created_at
+ * @property \Illuminate\Support\Carbon|null $updated_at
+ * @mixin \Eloquent
+ */
+class ComplaintRecord extends Model
+{
+    use HasFactory;
+
+    protected $fillable = [
+        'name',
+        'mail_address',
+        'reason',
+        'offending_urls',
+    ];
+
+    public function markAsDispatched()
+    {
+        $this->dispatched_at = Carbon::now();
+    }
+}

app/Http/Controllers/ComplaintController.php

@@ -0,0 +1,110 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Notifications\ComplaintNotificationExternal;
+use App\Notifications\ComplaintNotification;
+use App\Rules\ReCaptchaValidation;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Notification;
+use Illuminate\Validation\Rule;
+use App\ComplaintRecord;
+use Illuminate\Support\Facades\Log;
+
+class ComplaintController extends Controller
+{
+    /**
+     * @var \App\Rules\ReCaptchaValidation
+     */
+    protected $recaptchaValidation;
+
+    public function __construct(ReCaptchaValidation $recaptchaValidation) {
+        $this->recaptchaValidation = $recaptchaValidation;
+    }
+
+    /**
+     * Handle a complaint report page request for the application.
+     *
+     * @param \Illuminate\Http\Request  $request
+     */
+    public function sendMessage(Request $request): \Illuminate\Http\JsonResponse
+    {
+        $validator = $this->validator($request->all());
+
+        if ($validator->fails()) {
+            $failed = $validator->failed();
+
+            if (isset($failed['recaptcha'])) {
+                abort(401);
+            } else {
+                abort(400);
+            }
+        }
+
+        $validated = $validator->safe();
+
+        $complaintRecord = new ComplaintRecord;
+        $complaintRecord->name = $validated['name'];
+        $complaintRecord->mail_address = $validated['email'];
+        $complaintRecord->reason = $validated['message'];
+        $complaintRecord->offending_urls = $validated['url'];
+        $complaintRecord->save();
+
+        if (! empty($complaintRecord->mail_address)) {
+            Notification::route('mail', [
+               $complaintRecord->mail_address,
+            ])->notify(
+                new ComplaintNotificationExternal(
+                    $complaintRecord->offending_urls,
+                    $complaintRecord->reason,
+                    $complaintRecord->name,
+                    $complaintRecord->mail_address,
+                )
+            );
+        }
+
+        Notification::route('mail', [
+            config('app.complaint-mail-recipient'),
+        ])->notify(
+    new ComplaintNotification(
+            $complaintRecord->offending_urls,
+            $complaintRecord->reason,
+            $complaintRecord->name,
+            $complaintRecord->mail_address,
+            )
+        );
+
+        $complaintRecord->markAsDispatched();
+        $complaintRecord->save();
+
+        return response()->json('Success', 200);
+    }
+
+    /**
+     * Get a validator for an incoming complaint report page request.
+     */
+    protected function validator(array $data): \Illuminate\Validation\Validator
+    {
+        $data['name'] = $data['name'] ?? '';
+        $data['email'] = $data['email'] ?? '';
+
+        $validation = [
+            'recaptcha'      => ['required', 'string', 'bail', $this->recaptchaValidation],
+            'name'           => ['nullable', 'string', 'max:300'],
+            'message'        => ['required', 'string', 'max:1000'],
+            'url'            => ['required', 'string', 'max:1000'],
+
+            'email'    => [
+                'nullable',
+                'max:300',
+                Rule::when(
+                    !empty($data['email']),
+                    ['email:rfc']
+                ),
+            ],
+        ];
+
+        return Validator::make($data, $validation);
+    }
+}

app/Notifications/ComplaintNotification.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace App\Notifications;
+
+use Illuminate\Notifications\Messages\DatabaseMessage;
+use Illuminate\Notifications\Messages\MailMessage;
+use Illuminate\Notifications\Notification;
+use Illuminate\Support\Facades\Lang;
+
+/**
+ * A notification to be sent when the legal complaint form is being used.
+ */
+class ComplaintNotification extends Notification
+{
+    public $offendingUrls;
+    public $reason;
+    public $name;
+    public $mailAddress;
+
+    /**
+     * Create a notification instance.
+     *
+     * @param  string  $offendingUrls
+     * @param  string  $reason
+     * @param  string  $name
+     * @param  string  $mailAddress
+     * @return void
+     */
+    public function __construct($offendingUrls, $reason, $name=null, $mailAddress=null)
+    {
+        $this->offendingUrls = $offendingUrls;
+        $this->reason = $reason;
+        $this->name = $name;
+        $this->mailAddress = $mailAddress;
+    }
+
+    /**
+     * Get the notification's channels.
+     *
+     * @param  mixed  $notifiable
+     * @return array|string
+     */
+    public function via($notifiable)
+    {
+        return ['database', 'mail'];
+    }
+
+    /**
+     * Build the mail representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return \Illuminate\Notifications\Messages\MailMessage
+     */
+    public function toMail($notifiable)
+    {
+        $name = $this->name;
+        $mailAddress = $this->mailAddress;
+
+        if (empty($name)) {
+            $name = 'None';
+        }
+
+        if (empty($mailAddress)) {
+            $mailAddress = 'None';
+        }
+
+        $mailFrom = config('app.complaint-mail-sender');
+        $mailSubject = config('app.name') . ': Report of Illegal Content';
+
+        return (new MailMessage)
+            ->from($mailFrom)
+            ->subject($mailSubject)
+            ->line(Lang::get('A message via the wikibase.cloud form for reporting illegal content has been submitted.'))
+            ->line(Lang::get('Reporter name: ') . $name)
+            ->line(Lang::get('Reporter email address: ') . $mailAddress)
+            ->line(Lang::get('Reason why the information in question is illegal content:'))
+            ->line($this->reason)
+            ->line(Lang::get('URL(s) for the content in question:'))
+            ->line($this->offendingUrls)
+            ->line('---');
+    }
+
+    public function toDatabase($notifiable) {
+        $mail = $this->toMail($notifiable);
+
+        return (new DatabaseMessage($mail->toArray()));
+    }
+}

app/Notifications/ComplaintNotificationExternal.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Notifications;
+
+use App\Notifications\ComplaintNotification;
+use Illuminate\Notifications\Messages\MailMessage;
+use Illuminate\Support\Facades\Lang;
+
+/**
+ * A notification to be sent when the legal complaint form is being used.
+ */
+class ComplaintNotificationExternal extends ComplaintNotification
+{
+    /**
+     * Build the mail representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return \Illuminate\Notifications\Messages\MailMessage
+     */
+    public function toMail($notifiable)
+    {
+        $name = $this->name;
+
+        if (empty($name)) {
+            $name = 'None';
+        }
+
+        $mailFrom = config('app.complaint-mail-sender');
+        $mailSubject = config('app.name') . ': Report of Illegal Content';
+
+        return (new MailMessage)
+            ->from($mailFrom)
+            ->subject($mailSubject)
+            ->line(Lang::get('Your message via the wikibase.cloud form for reporting illegal content has been submitted.'))
+            ->line('---');
+    }
+}

config/app.php

@@ -10,6 +10,9 @@
     'contact-mail-recipient' => env('WBSTACK_CONTACT_MAIL_RECIPIENT', 'wikibase-cloud-owner@lists.wikimedia.org'),
     'contact-mail-sender' => env('WBSTACK_CONTACT_MAIL_SENDER', 'contact-<subject>@wikibase.cloud'),
 
+    'complaint-mail-recipient' => env('WBSTACK_COMPLAINT_MAIL_RECIPIENT', 'dsa-meldung@wikimedia.de'),
+    'complaint-mail-sender' => env('WBSTACK_COMPLAINT_MAIL_SENDER', 'dsa@wikibase.cloud'),
+
     /*
     |--------------------------------------------------------------------------
     | Application Name

database/factories/ComplaintRecordFactory.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Database\Factories;
+
+use App\ComplaintRecord;
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @template TModel of \App\ComplaintRecord
+ *
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<TModel>
+ */
+class ComplaintRecordFactory extends Factory
+{
+    /**
+     * The name of the factory's corresponding model.
+     *
+     * @var class-string<TModel>
+     */
+    protected $model = ComplaintRecord::class;
+
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'dispatched' => null,
+        ];
+    }
+}

database/migrations/2025_07_18_103841_create_complaint_records_table.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('complaint_records', function (Blueprint $table) {
+            $table->id();
+            $table->timestamps();
+            $table->timestamp('dispatched_at')->nullable();
+            $table->string('name')->nullable();
+            $table->string('mail_address')->nullable();
+            $table->text('reason');
+            $table->text('offending_urls');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('complaint_records');
+    }
+};

routes/api.php

@@ -18,6 +18,7 @@
     $router->post('user/forgotPassword', ['uses' => 'Auth\ForgotPasswordController@sendResetLinkEmail']);
     $router->post('user/resetPassword', ['uses' => 'Auth\ResetPasswordController@reset']);
     $router->post('contact/sendMessage', ['uses' => 'ContactController@sendMessage']);
+    $router->post('complaint/sendMessage', ['uses' => 'ComplaintController@sendMessage']);
 
     $router->post('auth/login', ['uses' => 'Auth\LoginController@postLogin'])->name('login');
     // Authed