# Task: Protected feedback screenshots ## Goal Store feedback screenshots through blob storage and expose them only through authenticated, feedback-scoped access. ## Feature Spec - `docs/FEATURES/product-feedback.md` ## Scope - Add screenshot metadata to feedback reports or a related feedback screenshot entity. - Store uploaded annotated screenshots with the existing `IBlobStorage` abstraction. - Use a dedicated feedback storage container/prefix. - Validate content type and maximum upload size on the backend. - Add API support for attaching a screenshot when creating feedback or immediately after creation. - Add a protected screenshot download/preview endpoint. - Enforce screenshot access: - reporter can access screenshots for their own reports - developers can access all feedback screenshots - no public/static blob URL access for feedback screenshots - Return enough screenshot metadata for frontend preview/download flows without exposing unauthenticated blob URLs. - Document that future feedback deletion must remove associated screenshot blobs. ## Likely Files - `backend/src/Socialize.Api/Infrastructure/BlobStorage/Contracts/*` - `backend/src/Socialize.Api/Infrastructure/BlobStorage/Services/*` - `backend/src/Socialize.Api/Modules/Feedback/**` - `backend/src/Socialize.Api/Data/AppDbContext.cs` - `backend/tests/Socialize.Tests/**` ## Notes - Existing portrait/logo blob behavior may expose static URLs; feedback screenshots must not rely on that public URL pattern. - Prefer an endpoint that streams the blob after checking feedback access. - Annotated screenshots are expected to be compressed PNG or JPEG files. ## Validation ```bash dotnet build backend/Socialize.slnx dotnet test backend/Socialize.slnx ``` ## Done When - [ ] Feedback screenshots are stored via `IBlobStorage`. - [ ] Feedback screenshots use a dedicated storage area/prefix. - [ ] Invalid or oversized screenshots are rejected with clear API errors. - [ ] Screenshot access requires authentication. - [ ] Reporter/developer access rules are enforced for downloads/previews. - [ ] Backend tests cover authorized and unauthorized screenshot access.