# spam management for forgejo

## Usage

- create an API token for your admin account, and write it in an `api_token`
  file at the root of the repo
- remove `model.json` if you want to start with no pre-existing model of what is
  spam or not. Or keep it to use the current classifier. The file gets updated
  when using the tool: the classifier learns from spam/legit decisions and
  should get progressively better at identifying spam.
- run: `cargo run`
- classify users as spam/not spam. Right now the classification is stored
  locally in `db.json`, no concrete action is taken. (Ultimately we will want to
  lock/delete accounts, etc.)

## Todos

- take concrete actions for spam accounts: lock the account, send a warning
  email, then delete+purge account after some time.
- add backend to store data on garage instead of local files
- replate the `api_token` file with a better mechanism: oauth maybe?
- improve error handling