feat: make whitelist configgurable

[dewabisma]

Summary

Make whitelist targets for tweet aggregation configurable from admin panel.

Changes

• add flag ignore to tweet author
• remove whitelist from config
• add endpoints for managing whitelist

[n13]

Code Review: Feat - Configurable Whitelist

The PR introduces database-driven whitelist management for tweet authors, replacing the static configuration file. This is a good move for flexibility.

Here are my findings and suggestions:

1. get_whitelist Logic Issue

In src/repositories/tweet_author.rs, the get_whitelist method retrieves authors who are not ignored (is_ignored = false).

pub async fn get_whitelist(&self) -> Result<Vec<String>, DbError> {
    let authors = sqlx::query_as::<_, TweetAuthor>("SELECT * FROM tweet_authors WHERE is_ignored = false")
        .fetch_all(&self.pool)
        .await?;
    // ...
}

However, TweetAuthor represents all authors encountered by the system, including those from random tweets or raids. By filtering only on is_ignored = false, you might be inadvertently whitelisting every author the system knows about (since is_ignored likely defaults to false).

Recommendation:
You need a specific flag for "whitelisted" status, or explicit logic.

• If is_ignored is the only flag: Does false mean "Active/Whitelisted" and true mean "Ignored/Blacklisted"?
• If so, when a random user is inserted (e.g., via a raid submission), do they default to false? If yes, they become part of the whitelist sync loop, which might be unintended.
• Consider adding an is_whitelisted boolean column instead, or clarify that only manually added authors should be in this table (which seems unlikely given upsert_many usage).

2. Efficiency in get_whitelist

The current implementation fetches the entire TweetAuthor struct for every whitelisted user just to map their IDs.

let authors = sqlx::query_as::<_, TweetAuthor>("SELECT * FROM tweet_authors ...")
// ...
let whitelist: Vec<String> = authors.iter().map(|f| f.id.clone()).collect();

Optimization: Select only the id column directly.

let ids = sqlx::query_scalar::<_, String>("SELECT id FROM tweet_authors WHERE is_ignored = false")
    .fetch_all(&self.pool)
    .await?;
Ok(ids)

3. Handle upsert Return Type

In handle_create_tweet_author, you use state.db.tweet_authors.upsert.
The repository method returns DbResult<String> (the ID), but the handler wraps it in SuccessResponse::new(create_response).

Just double-check that returning just the ID string is sufficient for the frontend, or if they need the full author object back (which the repo fetches anyway via RETURNING *).

4. Naming Consistency

• Endpoints: /tweet-authors/:id/ignore vs /tweet-authors/:id/watch
• Repository: make_ignored_from_whitelist vs make_watched_in_whitelist

The terms "ignore" and "watch" are good, but "whitelist" in the function name make_ignored_from_whitelist might be confusing if the concept is just "active status".
Suggestion: set_ignore_status(id, status: bool) could replace both methods and reduce code duplication.

5. Tests

The tests look good and cover the new endpoints.

• Ensure that test_create_tweet_author_success verifies that the new author defaults to the correct is_ignored state (presumably false).

Summary

The main concern is point #1: ensuring that "all authors in DB" != "whitelist". If tweet_authors table accumulates thousands of random users from raids, get_whitelist will return all of them, causing the TweetSynchronizerService to sync thousands of users unnecessarily.

Fix: Add is_whitelisted column (default false) and only set it to true for manually added authors.