feat: :spakles: Implement Content Sanitization and Filtering Service (#115)

Author: laryhills

Backend/SorobanSecurityPortalApi.Tests/Services/ContentFilterServiceTests.cs

@@ -20,6 +20,7 @@ public class Db : DbContext
         public DbSet<FileModel> File { get; set; }
         public DbSet<CompanyModel> Company { get; set; }
         public DbSet<BookmarkModel> Bookmark { get; set; }
+        public DbSet<ModerationLogModel> ModerationLog { get; set; }
         public DbSet<UserProfileModel> UserProfiles { get; set; }
 
 

Backend/SorobanSecurityPortalApi/Common/Data/Db.cs

@@ -28,6 +28,9 @@ public interface IExtendedConfig
     double TrigramContentWeight { get; }
     double VectorContentWeight { get; }
     double MinRelevanceForSearch { get; }
+    bool ProfanityFilterEnabled { get; }
+    List<string> ProfanityWords { get; }
+    List<string> TrustedDomains { get; }
     void Reset();
 }
 
@@ -182,6 +185,49 @@ private T GetValue<T>(string key, T defaultValue)
     [Tooltip("The Min Relevance for Search is used to specify the minimum relevance score for search results. This is used to filter out low-relevance results from search queries.")]
     public double MinRelevanceForSearch => GetValue<double>("MinRelevanceForSearch", 6);
 
+    [Category(CategoryAttribute.ConfigCategoryEnum.ContentFilter)]
+    [DataType(DataTypeAttribute.ConfigDataTypeEnum.Boolean)]
+    [Description("Enable Profanity Filter")]
+    [Tooltip("Enables the profanity filter for user-generated content. When enabled, content containing profane words will be flagged for moderation.")]
+    public bool ProfanityFilterEnabled => GetValue<bool>("ProfanityFilterEnabled", false);
+
+    [Category(CategoryAttribute.ConfigCategoryEnum.ContentFilter)]
+    [DataType(DataTypeAttribute.ConfigDataTypeEnum.Multiline)]
+    [Description("Custom Profanity Words (one per line)")]
+    [Tooltip("Additional words to filter beyond the default dictionary. Enter one word per line. Words are matched case-insensitively. The system will notify you if a word already exists in the default dictionary.")]
+    public List<string> ProfanityWords
+    {
+        get
+        {
+            var words = GetValue<string>("ProfanityWords", "");
+            return string.IsNullOrWhiteSpace(words)
+                ? new List<string>()
+                : words.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
+                       .Select(w => w.Trim())
+                       .Where(w => !string.IsNullOrWhiteSpace(w))
+                       .ToList();
+        }
+    }
+
+    [Category(CategoryAttribute.ConfigCategoryEnum.ContentFilter)]
+    [DataType(DataTypeAttribute.ConfigDataTypeEnum.Link)]
+    [Description("View Default Profanity Dictionary")]
+    [Tooltip("Click to view the built-in profanity words that are always active. These words cannot be modified, but you can add custom words above.")]
+    public string DefaultProfanityWordsLink => "/api/settings/default-profanity-words";
+
+    [Category(CategoryAttribute.ConfigCategoryEnum.ContentFilter)]
+    [Description("Trusted Domains")]
+    [Tooltip("Comma-separated list of trusted domains for URLs in content (e.g., github.com,stellar.org). If empty, all HTTPS URLs are allowed but flagged for moderation.")]
+    public List<string> TrustedDomains
+    {
+        get
+        {
+            var domains = GetValue<string>("TrustedDomains", "");
+            return string.IsNullOrWhiteSpace(domains)
+                ? new List<string>()
+                : domains.Split(',', StringSplitOptions.RemoveEmptyEntries).Select(d => d.Trim()).ToList();
+        }
+    }
 
 }
 
@@ -218,7 +264,8 @@ public enum ConfigDataTypeEnum
         Color,
         Hidden,
         Link,
-        Dropdown
+        Dropdown,
+        Multiline
     }
 }
 
@@ -261,5 +308,7 @@ public enum ConfigCategoryEnum
         Authentication,
         [System.ComponentModel.Description("Search")]
         Search,
+        [System.ComponentModel.Description("Content Filter")]
+        ContentFilter,
     }
 }

Backend/SorobanSecurityPortalApi/Common/ExtendedConfig.cs

@@ -13,9 +13,14 @@ namespace SorobanSecurityPortalApi.Controllers
     public class SettingsController : ControllerBase
     {
         private readonly ISettingsService _settingsService;
-        public SettingsController(ISettingsService settingsService)           
+        private readonly IContentFilterService _contentFilterService;
+        
+        public SettingsController(
+            ISettingsService settingsService,
+            IContentFilterService contentFilterService)           
         {
             _settingsService = settingsService;
+            _contentFilterService = contentFilterService;
         }
 
         [HttpGet]
@@ -43,5 +48,44 @@ public IActionResult Reboot()
             _settingsService.Reboot();
             return Ok();
         }
+
+        [HttpGet("default-profanity-words")]
+        [RoleAuthorize(Role.Admin)]
+        [CombinedAuthorize]
+        public IActionResult GetDefaultProfanityWords()
+        {
+            var words = _contentFilterService.GetDefaultProfanityWords();
+            return Ok(new { words = words.OrderBy(w => w).ToList(), count = words.Count });
+        }
+
+        [HttpPost("validate-profanity-words")]
+        [RoleAuthorize(Role.Admin)]
+        [CombinedAuthorize]
+        public IActionResult ValidateProfanityWords([FromBody] ValidateProfanityWordsRequest request)
+        {
+            var defaultWords = _contentFilterService.GetDefaultProfanityWords();
+            var customWords = request.Words
+                .Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries)
+                .Select(w => w.Trim().ToLowerInvariant())
+                .Where(w => !string.IsNullOrWhiteSpace(w))
+                .ToList();
+
+            var duplicatesInDefault = customWords
+                .Where(w => defaultWords.Contains(w))
+                .ToList();
+
+            var duplicatesInCustom = customWords
+                .GroupBy(w => w)
+                .Where(g => g.Count() > 1)
+                .Select(g => g.Key)
+                .ToList();
+
+            return Ok(new 
+            { 
+                duplicatesInDefault = duplicatesInDefault,
+                duplicatesInCustom = duplicatesInCustom,
+                hasDuplicates = duplicatesInDefault.Any() || duplicatesInCustom.Any()
+            });
+        }
     }
 }

Backend/SorobanSecurityPortalApi/Controllers/SettingsController.cs

@@ -0,0 +1,62 @@
+using Microsoft.EntityFrameworkCore;
+using SorobanSecurityPortalApi.Common.Data;
+using SorobanSecurityPortalApi.Models.DbModels;
+
+namespace SorobanSecurityPortalApi.Data.Processors
+{
+    public class ModerationLogProcessor : IModerationLogProcessor
+    {
+        private readonly IDbContextFactory<Db> _dbFactory;
+
+        public ModerationLogProcessor(IDbContextFactory<Db> dbFactory)
+        {
+            _dbFactory = dbFactory;
+        }
+
+        public async Task Add(ModerationLogModel moderationLog)
+        {
+            await using var db = await _dbFactory.CreateDbContextAsync();
+            db.ModerationLog.Add(moderationLog);
+            await db.SaveChangesAsync();
+        }
+
+        public async Task<List<ModerationLogModel>> GetByUserId(int userId, int limit = 100)
+        {
+            await using var db = await _dbFactory.CreateDbContextAsync();
+            return await db.ModerationLog
+                .AsNoTracking()
+                .Where(m => m.UserId == userId)
+                .OrderByDescending(m => m.CreatedAt)
+                .Take(limit)
+                .ToListAsync();
+        }
+
+        public async Task<ModerationLogModel?> GetLastByUserId(int userId)
+        {
+            await using var db = await _dbFactory.CreateDbContextAsync();
+            return await db.ModerationLog
+                .AsNoTracking()
+                .Where(m => m.UserId == userId)
+                .OrderByDescending(m => m.CreatedAt)
+                .FirstOrDefaultAsync();
+        }
+
+        public async Task<bool> HasDuplicateContent(int userId, string content, TimeSpan timeWindow)
+        {
+            await using var db = await _dbFactory.CreateDbContextAsync();
+            var threshold = DateTime.UtcNow.Subtract(timeWindow);
+            return await db.ModerationLog
+                .AsNoTracking()
+                .Where(m => m.UserId == userId && m.OriginalContent == content && m.CreatedAt >= threshold)
+                .AnyAsync();
+        }
+    }
+
+    public interface IModerationLogProcessor
+    {
+        Task Add(ModerationLogModel moderationLog);
+        Task<List<ModerationLogModel>> GetByUserId(int userId, int limit = 100);
+        Task<ModerationLogModel?> GetLastByUserId(int userId);
+        Task<bool> HasDuplicateContent(int userId, string content, TimeSpan timeWindow);
+    }
+}

Backend/SorobanSecurityPortalApi/Data/Processors/ModerationLogProcessor.cs

@@ -0,0 +1,32 @@
+damn
+hell
+crap
+shit
+fuck
+ass
+bitch
+bastard
+dick
+piss
+cock
+slut
+whore
+fag
+nigger
+nigga
+retard
+moron
+idiot
+stupid
+dumb
+jerk
+asshole
+motherfucker
+bullshit
+goddamn
+penis
+vagina
+porn
+sex
+nude
+xxx

Backend/SorobanSecurityPortalApi/Data/default-profanity-words.txt

@@ -0,0 +1,69 @@
+using System;
+using System.Collections.Generic;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+using SorobanSecurityPortalApi.Models.DbModels;
+
+#nullable disable
+
+namespace SorobanSecurityPortalApi.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddModerationLog : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "moderation_log",
+                columns: table => new
+                {
+                    id = table.Column<int>(type: "integer", nullable: false)
+                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
+                    user_id = table.Column<int>(type: "integer", nullable: false),
+                    original_content = table.Column<string>(type: "text", nullable: false),
+                    sanitized_content = table.Column<string>(type: "text", nullable: false),
+                    filter_reason = table.Column<string>(type: "text", nullable: false),
+                    is_blocked = table.Column<bool>(type: "boolean", nullable: false),
+                    requires_moderation = table.Column<bool>(type: "boolean", nullable: false),
+                    warnings = table.Column<string>(type: "text", nullable: false),
+                    created_at = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("pk_moderation_log", x => x.id);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "ix_moderation_log_user_id",
+                table: "moderation_log",
+                column: "user_id");
+
+            migrationBuilder.CreateIndex(
+                name: "ix_moderation_log_created_at",
+                table: "moderation_log",
+                column: "created_at");
+
+            migrationBuilder.UpdateData(
+                table: "login",
+                keyColumn: "login_id",
+                keyValue: 1,
+                columns: new[] { "connected_accounts", "created" },
+                values: new object[] { new List<ConnectedAccountModel>(), new DateTime(2026, 1, 22, 0, 0, 0, 0, DateTimeKind.Utc) });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "moderation_log");
+
+            migrationBuilder.UpdateData(
+                table: "login",
+                keyColumn: "login_id",
+                keyValue: 1,
+                columns: new[] { "connected_accounts", "created" },
+                values: new object[] { new List<ConnectedAccountModel>(), new DateTime(2025, 11, 30, 2, 29, 25, 139, DateTimeKind.Utc).AddTicks(1314) });
+        }
+    }
+}

Backend/SorobanSecurityPortalApi/Migrations/20260122000000_AddModerationLog.cs

@@ -0,0 +1,20 @@
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace SorobanSecurityPortalApi.Models.DbModels
+{
+    [Table("moderation_log")]
+    public class ModerationLogModel
+    {
+        [Key]
+        public int Id { get; set; }
+        public int UserId { get; set; }
+        public string OriginalContent { get; set; } = string.Empty;
+        public string SanitizedContent { get; set; } = string.Empty;
+        public string FilterReason { get; set; } = string.Empty;
+        public bool IsBlocked { get; set; }
+        public bool RequiresModeration { get; set; }
+        public string Warnings { get; set; } = string.Empty;
+        public DateTime CreatedAt { get; set; }
+    }
+}

Backend/SorobanSecurityPortalApi/Models/DbModels/ModerationLogModel.cs

@@ -0,0 +1,10 @@
+namespace SorobanSecurityPortalApi.Models.ViewModels
+{
+    public class ContentFilterResult
+    {
+        public bool IsBlocked { get; set; }
+        public bool RequiresModeration { get; set; }
+        public string SanitizedContent { get; set; } = string.Empty;
+        public List<string> Warnings { get; set; } = new();
+    }
+}

Backend/SorobanSecurityPortalApi/Models/ViewModels/ContentFilterResult.cs

@@ -0,0 +1,7 @@
+namespace SorobanSecurityPortalApi.Models.ViewModels
+{
+    public class ValidateProfanityWordsRequest
+    {
+        public string Words { get; set; } = string.Empty;
+    }
+}