owned this note
owned this note
---
tags: cofacts
---
# Cofacts spam removal automation
> Initially proposed:
> https://g0v.hackmd.io/uefTz4yURImgtem--itaMw?both#Op-%E5%9E%83%E5%9C%BE%E8%A8%8A%E6%81%AF%E5%8F%8D%E5%88%B6
## Purpose
We should be able to deal with simple spam more easily.
- No SSH access needed
- More people can approve and run takedowns
- Approvals are logged and openly accessible
When a spammer comes to Cofacts to post spam, we should be able to:
1. Automatically detect such spam.
2. Automatically generate announcement for both automatically detected and manually reported spam.
3. Approve announcement and command to execute on Github; can require just one approval, and give permission to more people.
4. Can execute the command on the approved and merged PR, with no SSH needed.
## Phases and changes
It is easier if we implement "backwards" -- start with command automation first, then the Github approval part, and put the automatic detection in the last phase.
### Phase 1: Script execution automation
:::spoiler Legacy design: Google Pub/sub
> This design is abandoned in favor of Cloudflare Zero Trust managed APIs.
> See https://g0v.hackmd.io/_e0nyj04SoCzxdM38CzuYQ#Op-%E5%A4%96%E9%83%A8%E6%95%B4%E5%90%88%EF%BC%9AAdmin-API for reason
Target: Can execute block user script (or any other scripts) on Google cloud console.
The UI that submits message
#### API
- A service that runs along with API server
- Subscribes to pubsub
- Calls scripts as functions
#### Google Pubsub
- Create a pubsub topic just for scripts
- Design message schema
- Include script name to execute + arguments
- Executes script on google cloud console
:::
A new OpenAPI server is spinned up to host admin APIs.
- its implementation exists alongside with rumors-api, so that the admin APIs can leverage scripts and util functions in rumors-api
- The APIs are not exposed via nginx; instead, they map to certain domains using Cloudflare Tunnels
- `dev-admin-api.cofacts.tw` --> `cofacts-api-staging:5500`
- `admin-api.cofacts.tw` --> `api:5500`
#### API
Implement the following endpoint using feTS & OpenAPI. The path hierarchy is designed for easier management using Cloudflare.
- `/moderation` series: designed for Cofacts automations, including
- POST `/moderation/blockedUser`: block a user (or update block info). Map to current `blockUser` script.
- POST `/moderation/article/media`: replace the media of an article. Map to current `replaceMedia` script.
- POST `/moderation/aiReply`: regenerate AI reply. Map to current `genAIReply` script.
- `/badge` series: reserved for Badge operations (TBA)
- Others: feTS provides `/docs` for Swagger UI, and `/openapi.json` for OpenAPI spec file.
We log all access to the API to console. Fields to be included:
- The invoked endpoint
- `user` - who initiated the request. Can be:
- email, when [identity-based authentication](https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/application-token/#identity-based-authentication) is used
- [Client ID of the service token](https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/application-token/#service-token-authentication)
- request payload
#### Cloudflare Zero Trust
##### Tunnels
`admin-api.cofacts.tw`: production site rumors-admin-api
`dev-admin-api.cofacts.tw`: staging site rumors-admin-api
##### Applications
> When multiple rules are set for a common root path, the more specific rule takes precedence. For example, when setting rules for `dashboard.com/eng` and `dashboard.com/eng/exec` separately, the more specific rule for `dashboard.com/eng/exec` takes precedence, and no rule is inherited from `dashboard.com/eng`. If no separate, specific rule is set for `dashboard.com/eng/exec`, it will inherit any rules set for `dashboard.com/eng`.
>
> [name=[Cloudflare documentation](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/#policy-inheritance)]
General rule:
`(dev-)admin-api.cofacts.tw`: Allow all users & any service tokens
- Any emails within specific access groups can access after login
- They can access `/docs` to read documentation
- Emails not in whitelist can't even receive login codes
- Can use any service token to get `/openapi.json` to generate types, etc
More specific rules:
- `(dev-)admin-api.cofacts.tw/badge`: Only allow badge manager and Cofacts WG email logins & service tokens
- `(dev-)admin-api.cofacts.tw/moderation`: Only allow Cofacts WG email logins & service tokens
Email logins are included in the policy so that they work in Swagger UI.
##### Access groups
- Cofacts WG email logins: emails ending with `@cofacts.tw`
- Cofacts WG service tokens
- Badge manager email logins: emails ending in TFC and specific white lists
- Badge manager service tokens
### Phase 2: Command template in PR template
#### Command template
> - API: `/path/to/invoke`
> - Body:
> ```json
> {...}
> ```
#### Takedowns Github action
- On PR creation & edit, if the pull request description includes the pattern above, check the API and its body.
- On PR merge, if the pull request description includes the pattern above, call the API with specified body with Cofacts WG service tokens.
### Phase 3: Automatic detection
#### GitHub action
- Use GitHub app to create a takedown pull request, if LLM recognize a reply as second scam(二次詐騙) or sexual content
- Schduled query reply after `LAST_SCANNED_AT`
- Filtered out known users that existed in pervious pr by parsing the pr title
- List the 10 more replies written by the suspicious user for the moderator to review and determine if they are a spammer.
:::spoiler Outdated design
#### Google Pubsub
- Create a new Pubsub topic for Cofacts' object creation
- Define schema: object type + inserted doc
#### API
- Publish event on Mutation APIs
- for creation of reply, article, etc
#### Google cloudrun/cloud function (?)
- Subscribe to the topic & calls cloudrun / cloud function.
- Consume pubsub topics, detect spam and make Github pull requests when necessary.
:::
