jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7535d460dc0262367e4eecf0dedbb76c77690a2
social-media/docs/TASKS/product-feedback/002-protected-feedback-screenshots.md

2.1 KiB
Raw Blame History

Task: Protected feedback screenshots

Goal

Store feedback screenshots through blob storage and expose them only through authenticated, feedback-scoped access.

Feature Spec

  • docs/FEATURES/product-feedback.md

Scope

  • Add screenshot metadata to feedback reports or a related feedback screenshot entity.
  • Store uploaded annotated screenshots with the existing IBlobStorage abstraction.
  • Use a dedicated feedback storage container/prefix.
  • Validate content type and maximum upload size on the backend.
  • Add API support for attaching a screenshot when creating feedback or immediately after creation.
  • Add a protected screenshot download/preview endpoint.
  • Enforce screenshot access:
    • reporter can access screenshots for their own reports
    • developers can access all feedback screenshots
    • no public/static blob URL access for feedback screenshots
  • Return enough screenshot metadata for frontend preview/download flows without exposing unauthenticated blob URLs.
  • Document that future feedback deletion must remove associated screenshot blobs.

Likely Files

  • backend/src/Socialize.Api/Infrastructure/BlobStorage/Contracts/*
  • backend/src/Socialize.Api/Infrastructure/BlobStorage/Services/*
  • backend/src/Socialize.Api/Modules/Feedback/**
  • backend/src/Socialize.Api/Data/AppDbContext.cs
  • backend/tests/Socialize.Tests/**

Notes

  • Existing portrait/logo blob behavior may expose static URLs; feedback screenshots must not rely on that public URL pattern.
  • Prefer an endpoint that streams the blob after checking feedback access.
  • Annotated screenshots are expected to be compressed PNG or JPEG files.

Validation

dotnet build backend/Socialize.slnx
dotnet test backend/Socialize.slnx

Done When

  • Feedback screenshots are stored via IBlobStorage.
  • Feedback screenshots use a dedicated storage area/prefix.
  • Invalid or oversized screenshots are rejected with clear API errors.
  • Screenshot access requires authentication.
  • Reporter/developer access rules are enforced for downloads/previews.
  • Backend tests cover authorized and unauthorized screenshot access.
Reference in New Issue View Git Blame Copy Permalink