jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9960b4fc9b7bd5c967a79a6c8b20b3f1b58fbea
social-media/docs/TASKS/product-feedback/002-protected-feedback-screenshots.md

55 lines
2.1 KiB
Markdown
Raw Blame History

# Task: Protected feedback screenshots
## Goal
Store feedback screenshots through blob storage and expose them only through authenticated, feedback-scoped access.
## Feature Spec
- `docs/FEATURES/product-feedback.md`
## Scope
- Add screenshot metadata to feedback reports or a related feedback screenshot entity.
- Store uploaded annotated screenshots with the existing `IBlobStorage` abstraction.
- Use a dedicated feedback storage container/prefix.
- Validate content type and maximum upload size on the backend.
- Add API support for attaching a screenshot when creating feedback or immediately after creation.
- Add a protected screenshot download/preview endpoint.
- Enforce screenshot access:
- reporter can access screenshots for their own reports
- developers can access all feedback screenshots
- no public/static blob URL access for feedback screenshots
- Return enough screenshot metadata for frontend preview/download flows without exposing unauthenticated blob URLs.
- Document that future feedback deletion must remove associated screenshot blobs.
## Likely Files
- `backend/src/Socialize.Api/Infrastructure/BlobStorage/Contracts/*`
- `backend/src/Socialize.Api/Infrastructure/BlobStorage/Services/*`
- `backend/src/Socialize.Api/Modules/Feedback/**`
- `backend/src/Socialize.Api/Data/AppDbContext.cs`
- `backend/tests/Socialize.Tests/**`
## Notes
- Existing portrait/logo blob behavior may expose static URLs; feedback screenshots must not rely on that public URL pattern.
- Prefer an endpoint that streams the blob after checking feedback access.
- Annotated screenshots are expected to be compressed PNG or JPEG files.
## Validation
```bash
dotnet build backend/Socialize.slnx
dotnet test backend/Socialize.slnx
```
## Done When
- [ ] Feedback screenshots are stored via `IBlobStorage`.
- [ ] Feedback screenshots use a dedicated storage area/prefix.
- [ ] Invalid or oversized screenshots are rejected with clear API errors.
- [ ] Screenshot access requires authentication.
- [ ] Reporter/developer access rules are enforced for downloads/previews.
- [ ] Backend tests cover authorized and unauthorized screenshot access.
Reference in New Issue View Git Blame Copy Permalink