Skip to content

Add backend support for /warn command#38

Open
itasimo wants to merge 3 commits into
mainfrom
itasimo/warning
Open

Add backend support for /warn command#38
itasimo wants to merge 3 commits into
mainfrom
itasimo/warning

Conversation

@itasimo

@itasimo itasimo commented Jun 27, 2026

Copy link
Copy Markdown
Collaborator

Related to telegram#82

itasimo added 2 commits June 25, 2026 23:19
Add warning schema to the database
Add TRPC endpoints for managing warnings
Add loggerProcedure is used to log any errors that occur during the execution of these procedures, to replace the try/catch statements in the TRPC endpoint handlers
Add support to automatically expire warnings, kick and ban users
- Fixed a bug where `deleteById`, `getTotalActiveCount`, and `getActiveCountInGroup` did not account for warning expiration states
- Updated `deleteById` to return a success/failure status to the client.
@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

Changes

Warning moderation

Layer / File(s) Summary
Warning storage and schema
drizzle/0015_bitter_nighthawk.sql, drizzle/meta/..., src/db/schema/tg/...
Adds the warnings table, Drizzle metadata, schema registration, and warning-related audit types.
Warning router procedures
src/routers/tg/index.ts, src/routers/tg/warnings.ts
Adds warning creation, retrieval, soft deletion, and active-count procedures.
Warning expiration maintenance
src/cron.ts
Marks warnings older than one year as expired during scheduled maintenance.

Procedure error logging

Layer / File(s) Summary
tRPC logging middleware
src/utils/loggerProc.ts
Logs failed procedure executions, converts failures to internal errors, and preserves successful results.

Project configuration updates

Layer / File(s) Summary
Authentication and build configuration
pnpm-workspace.yaml, src/auth/index.ts
Adds build permissions for esbuild and sharp and explicitly types the authentication export.

Sequence Diagram(s)

sequenceDiagram
  participant TelegramClient
  participant WarningsRouter
  participant WarningDatabase
  participant Cron
  TelegramClient->>WarningsRouter: create, retrieve, delete, or count warnings
  WarningsRouter->>WarningDatabase: execute warning operation
  WarningDatabase-->>WarningsRouter: return rows, counts, or deletion result
  Cron->>WarningDatabase: mark warnings older than one year expired
  WarningDatabase-->>Cron: return updated row count
Loading
🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: backend support for the /warn command.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
src/cron.ts (1)

26-29: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Optimize .returning() to prevent excessive memory allocations.

By default, .returning() fetches all columns for the updated rows. Since this cron job only uses updated.length for logging, returning just the id column reduces the amount of data transferred and allocated into memory when many warnings expire at once.

⚡ Proposed optimization
     const updated = await DB.update(SCHEMA.TG.warnings)
       .set({ isExpired: true })
       .where(and(lt(SCHEMA.TG.warnings.createdAt, twelveMonthsAgo), eq(SCHEMA.TG.warnings.isExpired, false)))
-      .returning()
+      .returning({ id: SCHEMA.TG.warnings.id })
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/cron.ts` around lines 26 - 29, Update the warnings update query in the
cron job to make returning() select only the warning id column, while preserving
updated.length for logging and the existing update conditions.
src/routers/tg/warnings.ts (1)

32-34: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win

Enforce safe integers for Telegram IDs using .int(). Telegram User and Group IDs are large numbers that comfortably fit within JS safe integer limits, but standard z.number() accepts float/decimal values. In Zod 4, .int() explicitly guarantees precision and prevents float validation issues.

  • src/routers/tg/warnings.ts#L32-L34: append .int() to targetId, adminId, and groupId.
  • src/routers/tg/warnings.ts#L56-L56: append .int() to targetId.
  • src/routers/tg/warnings.ts#L96-L97: append .int() to id and groupId.
  • src/routers/tg/warnings.ts#L125-L125: append .int() to targetId.
  • src/routers/tg/warnings.ts#L143-L144: append .int() to targetId and groupId.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/routers/tg/warnings.ts` around lines 32 - 34, Update the Zod schemas in
src/routers/tg/warnings.ts at lines 32-34, 56, 96-97, 125, and 143-144 to append
.int() to every listed Telegram ID field: targetId, adminId, groupId, and id.
Preserve the existing numeric validation while rejecting decimal values at all
affected sites.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/routers/tg/warnings.ts`:
- Around line 129-131: Update both warning-count queries in
src/routers/tg/warnings.ts at lines 129-131 and 149-151 to destructure the first
row from await DB.select(...), then return result?.count ?? 0 instead of the raw
Drizzle array. Ensure both procedures continue returning a single numeric count.

In `@src/utils/loggerProc.ts`:
- Around line 12-16: In the !result.ok branch, remove the new TRPCError throw so
the middleware returns the original result and preserves tRPC error codes and
payloads. Keep the existing action/router context for logging, and optionally
downgrade expected client-error codes such as BAD_REQUEST from logger.error to
logger.warn or logger.info.

---

Nitpick comments:
In `@src/cron.ts`:
- Around line 26-29: Update the warnings update query in the cron job to make
returning() select only the warning id column, while preserving updated.length
for logging and the existing update conditions.

In `@src/routers/tg/warnings.ts`:
- Around line 32-34: Update the Zod schemas in src/routers/tg/warnings.ts at
lines 32-34, 56, 96-97, 125, and 143-144 to append .int() to every listed
Telegram ID field: targetId, adminId, groupId, and id. Preserve the existing
numeric validation while rejecting decimal values at all affected sites.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 873849cd-db34-4e92-949d-8608807986b4

📥 Commits

Reviewing files that changed from the base of the PR and between 7a1fda9 and f77b1c6.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (12)
  • drizzle/0015_bitter_nighthawk.sql
  • drizzle/meta/0015_snapshot.json
  • drizzle/meta/_journal.json
  • pnpm-workspace.yaml
  • src/auth/index.ts
  • src/cron.ts
  • src/db/schema/tg/audit-log.ts
  • src/db/schema/tg/index.ts
  • src/db/schema/tg/warnings.ts
  • src/routers/tg/index.ts
  • src/routers/tg/warnings.ts
  • src/utils/loggerProc.ts

Comment on lines +129 to +131
return await DB.select({ count: count() })
.from(SCHEMA.TG.warnings)
.where(and(eq(SCHEMA.TG.warnings.targetId, input.targetId), isNull(SCHEMA.TG.warnings.deletedAt), eq(SCHEMA.TG.warnings.isExpired, false)))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Extract the numeric count instead of returning the raw Drizzle array. Drizzle's count() coupled with .select() returns an array of objects (e.g., [{ count: 2 }]). Exposing this internal ORM structure directly to the tRPC client breaks the expected single-number return format implied by the procedure names.

  • src/routers/tg/warnings.ts#L129-L131: destructure [result] from await DB.select(...) and return result?.count ?? 0.
  • src/routers/tg/warnings.ts#L149-L151: destructure [result] from await DB.select(...) and return result?.count ?? 0.
📍 Affects 1 file
  • src/routers/tg/warnings.ts#L129-L131 (this comment)
  • src/routers/tg/warnings.ts#L149-L151
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/routers/tg/warnings.ts` around lines 129 - 131, Update both warning-count
queries in src/routers/tg/warnings.ts at lines 129-131 and 149-151 to
destructure the first row from await DB.select(...), then return result?.count
?? 0 instead of the raw Drizzle array. Ensure both procedures continue returning
a single numeric count.

Comment thread src/utils/loggerProc.ts
Comment on lines +12 to +16
if (!result.ok) {
const { action, router } = getActionInfo(path)
logger.error({ error: result.error }, `Error while executing ${action} in ${router} router`)
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "INTERNAL_SERVER_ERROR" })
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win

Do not mask original tRPC errors.

Throwing a new INTERNAL_SERVER_ERROR overrides all legitimate client-side errors, such as Zod validation failures (BAD_REQUEST) or authorization issues (UNAUTHORIZED). This prevents clients from properly handling and displaying invalid input errors.

Remove the throw statement and let the middleware return the unmodified result. tRPC natively handles result payloads and will correctly propagate the original error status and payload back to the client.

Additionally, consider checking result.error.code to log expected client errors (like BAD_REQUEST) as .warn() or .info() instead of .error() to reduce log noise.

🐛 Proposed fix
     if (!result.ok) {
         const { action, router } = getActionInfo(path)
         logger.error({ error: result.error }, `Error while executing ${action} in ${router} router`)
-        throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "INTERNAL_SERVER_ERROR" })
     }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if (!result.ok) {
const { action, router } = getActionInfo(path)
logger.error({ error: result.error }, `Error while executing ${action} in ${router} router`)
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: "INTERNAL_SERVER_ERROR" })
}
if (!result.ok) {
const { action, router } = getActionInfo(path)
logger.error({ error: result.error }, `Error while executing ${action} in ${router} router`)
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/utils/loggerProc.ts` around lines 12 - 16, In the !result.ok branch,
remove the new TRPCError throw so the middleware returns the original result and
preserves tRPC error codes and payloads. Keep the existing action/router context
for logging, and optionally downgrade expected client-error codes such as
BAD_REQUEST from logger.error to logger.warn or logger.info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant