Add ban evasion reporting to edge function

Added ban evasion reporting to the `upload-image` edge function for both DELETE and POST operations. This ensures that all ban evasion attempts, including those via direct API calls, are logged to `system_alerts` and visible on the `/admin/error-monitoring` dashboard.
2025-12-20 08:31:12 -05:00 · 2025-11-08 00:58:00 +00:00
parent 714a1707ce
commit 576899cf25
1 changed files with 46 additions and 0 deletions
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -70,6 +70,36 @@ const createAuthenticatedSupabaseClient = (authHeader: string) => {
  })
 }

+/**
+ * Report ban evasion attempts to system alerts
+ */
+async function reportBanEvasionToAlerts(
+  supabaseClient: any,
+  userId: string,
+  action: string,
+  requestId: string
+): Promise<void> {
+  try {
+    await supabaseClient.rpc('create_system_alert', {
+      p_alert_type: 'ban_attempt',
+      p_severity: 'high',
+      p_message: `Banned user attempted image upload: ${action}`,
+      p_metadata: {
+        user_id: userId,
+        action,
+        request_id: requestId,
+        timestamp: new Date().toISOString()
+      }
+    });
+  } catch (error) {
+    // Non-blocking - log but don't fail the response
+    edgeLogger.warn('Failed to report ban evasion', { 
+      error: error instanceof Error ? error.message : String(error),
+      requestId 
+    });
+  }
+}
+
 // Apply strict rate limiting (5 requests/minute) to prevent abuse
 const uploadRateLimiter = rateLimiters.strict;

@@ -164,7 +194,15 @@ serve(withRateLimit(async (req) => {
      }

      if (profile.banned) {
+        // Report ban evasion attempt (non-blocking)
+        await reportBanEvasionToAlerts(supabase, user.id, 'image_delete', tracking.requestId);
+        
        const duration = endRequest(tracking);
+        edgeLogger.warn('Banned user blocked from image deletion', { 
+          userId: user.id, 
+          requestId: tracking.requestId 
+        });
+        
        return new Response(
          JSON.stringify({ 
            error: 'Account suspended',
@@ -375,7 +413,15 @@ serve(withRateLimit(async (req) => {
      }

      if (profile.banned) {
+        // Report ban evasion attempt (non-blocking)
+        await reportBanEvasionToAlerts(supabase, user.id, 'image_upload', tracking.requestId);
+        
        const duration = endRequest(tracking);
+        edgeLogger.warn('Banned user blocked from image upload', { 
+          userId: user.id, 
+          requestId: tracking.requestId 
+        });
+        
        return new Response(
          JSON.stringify({ 
            error: 'Account suspended',