From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 3 Mar 2026 14:35:17 +0000 (+0000)
Subject: api: Don't accept any repeat reports by the same user
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ed7ae2eed647a2b970789659a4fa813e93d6d63e;p=dbl.git

api: Don't accept any repeat reports by the same user

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/dbl/api/reports.py b/src/dbl/api/reports.py
index 57e01ef..5b3e5fd 100644
--- a/src/dbl/api/reports.py
+++ b/src/dbl/api/reports.py
@@ -110,6 +110,10 @@ async def create_report(
 	if not list:
 		raise fastapi.HTTPException(400, "Could not find list '%s'" % report.list)
 
+	# Check if something has already been reported
+	if await list.recently_reported(name=report.name, reported_by=user, block=report.block):
+		raise fastapi.HTTPException(409, "%s has already been reported by %s" % (report.name, user))
+
 	# Create the report
 	return await list.report(
 		name        = report.name,
diff --git a/src/dbl/lists.py b/src/dbl/lists.py
index 51223b9..955f275 100644
--- a/src/dbl/lists.py
+++ b/src/dbl/lists.py
@@ -562,6 +562,29 @@ class List(sqlmodel.SQLModel, database.BackendMixin, table=True):
 
 	pending_reports : int = 0
 
+	# Recently Reported?
+
+	async def recently_reported(self, name, reported_by, block=None):
+		"""
+			Called to check if we have already received this report by the same user
+		"""
+		# We fetch the last report of the name by the given user.
+		reports = self.backend.reports.get(
+			list=self, name=name, reported_by=reported_by, limit=1,
+		)
+
+		# If block has been given, we also check if this matches
+		async for report in reports:
+			# If block has not been specified, we count every match
+			if block is None:
+				return True
+
+			# Otherwise the block must match
+			return report.block == block
+
+		# Nothing found
+		return False
+
 	# History
 
 	def get_history(self, before=None, limit=None):