Enhance GOWS: Block, Unblock, And Report Contacts

Hey guys! In today's digital world, ensuring a safe and secure communication environment is super important, especially when dealing with platforms like WhatsApp. One user highlighted a critical need to enhance the capabilities of GOWS (Go WhatsApp Server) to effectively manage contacts by adding features to block, unblock, and report abusive accounts. This article dives into the proposed solutions, alternatives considered, and the acceptance criteria for these enhancements. Let's get started!

The Problem: Limited Contact Management in GOWS

The main issue is the inability to quickly stop abuse and spam when using GOWS. Currently, GOWS lacks the functionality to block or report contacts directly. While the feature matrix mentions block/unblock contact options for WEBJS, these aren't available for GOWS. Although the HTTP API exposes /api/contacts/block and /api/contacts/unblock in OpenAPI, they only work with WEBJS right now. Additionally, there's no "report" endpoint in the current OpenAPI specification. This limitation makes it difficult for users to maintain a safe communication environment, which is crucial for a positive user experience. Quickly addressing abuse and spam is essential, and the current setup falls short in providing the necessary tools for GOWS users.

Why is this Important?

Imagine you're running a business or a community group on WhatsApp. Suddenly, you're bombarded with spam messages or abusive content. Without the ability to quickly block or report these contacts, your communication channels can become chaotic and unsafe. This not only disrupts your operations but also puts your users at risk. Effective contact management is vital for maintaining order and security in any communication platform. The absence of these features in GOWS creates a significant gap in its functionality, making it harder for users to control their environment and protect themselves from unwanted interactions.

The Impact of Missing Features

Without the ability to block, unblock, and report contacts, GOWS users are left with limited options to handle abuse and spam. This can lead to several negative outcomes:

• Increased Spam and Abuse: Without reporting and blocking mechanisms, malicious users can continue to send spam and abusive messages, disrupting conversations and potentially harming other users.
• Operational Inefficiency: Businesses and organizations using GOWS may find it difficult to manage their communications effectively, as they lack the tools to filter out unwanted contacts and content.
• Security Risks: In severe cases, the inability to report abusive accounts can lead to security breaches and privacy violations.
• User Dissatisfaction: Users who experience spam or abuse are likely to become dissatisfied with the platform, potentially leading to churn and negative feedback.

Clearly, enhancing GOWS with these essential contact management features is not just a matter of convenience but a necessity for ensuring a safe, secure, and efficient communication experience.

Proposed Solution: Parity and New Functionality for GOWS

The proposed solution aims to bring parity to GOWS by implementing existing endpoints and introducing a new endpoint for reporting abusive accounts. This involves several key steps:

Implementing Existing Endpoints for GOWS

The first part of the solution is to ensure that the /api/contacts/block and /api/contacts/unblock endpoints work seamlessly with GOWS. Currently, these endpoints are functional only for WEBJS, which creates an inconsistency in the platform's capabilities. Bringing these functionalities to GOWS is crucial for providing a consistent experience across all engines. The request body for these endpoints will remain the same (contactId, session) to ensure backward compatibility, which means existing setups won't break when these features are implemented.

• POST /api/contacts/block: This endpoint will allow users to block specific contacts, preventing them from sending messages or engaging in further communication.
• POST /api/contacts/unblock: Conversely, this endpoint will enable users to unblock previously blocked contacts, restoring their ability to communicate.

Introducing a New Endpoint for Reporting Abusive Accounts

In addition to parity, a new endpoint is proposed to report abusive accounts. This is a significant enhancement that will allow users to flag accounts for spam, abuse, or other violations. The new POST /api/contacts/report endpoint will provide a standardized way to report problematic contacts, making it easier for administrators to take appropriate action. This endpoint will be implemented across all engines, starting with GOWS and WEBJS, to ensure broad coverage and effectiveness.

Request Body Proposal

The request body for the new /api/contacts/report endpoint is designed to provide detailed information about the reported account and the reason for the report. Here's the proposed structure:

{
  "contactId": "[email protected]",
  "session": "default",
  "reason": "spam | abuse | other",
  "includeLastNMessages": 0
}

Let's break down each field:

• contactId: The unique identifier of the contact being reported (e.g., "[email protected]").
• session: The session ID associated with the user initiating the report (e.g., "default").
• reason: A string indicating the reason for the report, which can be one of the predefined values: "spam", "abuse", or "other". This helps categorize the reports for efficient processing.
• includeLastNMessages: An integer specifying the number of recent messages to include with the report. This can provide additional context and evidence for the reported behavior.

Expected Behavior

• Success (201): Upon successful submission of a report, the endpoint will return a 201 status code, indicating that the report has been created.
• Not Implemented (501): If the engine doesn't support reporting yet, the endpoint will return a 501 status code with a JSON response: { "message": "Not implemented for this engine" }. This ensures that users are informed when a feature is not available and prevents confusion.

Security Considerations

To maintain security and prevent abuse of these endpoints, the same security measures used for other contacts endpoints will be applied. This includes requiring an X-Api-Key for authentication. Securing these endpoints is crucial for preventing unauthorized access and ensuring that only legitimate reports are processed.

Alternatives Considered

Before proposing the final solution, several alternatives were considered. Each alternative had its own set of pros and cons, and the final decision was made based on the best overall approach for GOWS users.

Switching the Session to WEBJS

One alternative was to switch the session to WEBJS solely for blocking and unblocking contacts. This works because WEBJS already supports these functionalities. However, this approach has a significant drawback: it breaks the GOWS-only setup. Switching engines can be complex and may not be feasible for users who rely on GOWS for specific reasons, such as performance or integration with other systems. Therefore, while this alternative provides a temporary workaround, it's not a long-term solution.

Server-Side Filtering

Another alternative considered was server-side filtering to ignore messages from specific contacts. This involves implementing logic on the server to filter out messages from unwanted contacts. While this approach can help reduce spam and abuse, it doesn't actually block or notify WhatsApp about the problematic contact. Server-side filtering is essentially a way to hide the issue rather than address it directly. It also lacks the functionality to report abusive accounts, which is crucial for maintaining a safe environment.

Manual Blocking via Device UI

Manually blocking contacts via the device UI was also considered. This involves using the WhatsApp application on a device to block contacts individually. While this approach works for a small number of contacts, it doesn't scale well. Manual blocking is time-consuming and impractical for managing a large number of contacts or dealing with widespread spam campaigns. It's also not feasible for automated systems that need to handle contact management programmatically.

Acceptance Criteria: Ensuring a Robust Implementation

To ensure that the proposed solution is implemented effectively and meets the needs of GOWS users, specific acceptance criteria have been defined. These criteria serve as a checklist for the development team and ensure that the final product is robust, reliable, and user-friendly.

Core Functionality

• POST /api/contacts/block and /unblock work on GOWS: This is the most critical criterion. The existing block and unblock endpoints must function correctly within GOWS, providing parity with WEBJS.
• New POST /api/contacts/report added to OpenAPI and implemented at least for GOWS: The new reporting endpoint must be added to the OpenAPI specification and implemented for GOWS. Implementation for WEBJS is optional but desirable.
• Clear 501 Not Implemented for engines lacking support: If an engine doesn't support the reporting functionality, a clear 501 status code with the message "Not implemented for this engine" must be returned.

Documentation and Testing

• Tests + docs updated: Comprehensive tests must be written to ensure the functionality works as expected, and the documentation (including the feature matrix and examples) must be updated to reflect the new capabilities. This includes providing examples with the X-Api-Key for authentication.

Why These Criteria Matter

These acceptance criteria are crucial for several reasons:

• Ensuring Functionality: The core functionality criteria guarantee that the essential features (block, unblock, and report) work as intended in GOWS. This directly addresses the original problem and provides users with the necessary tools to manage contacts effectively.
• Providing Clarity: The 501 Not Implemented criterion ensures that users are clearly informed when a feature is not available for a specific engine. This prevents confusion and helps users understand the limitations of the system.
• Promoting Reliability: Updated tests and documentation are essential for ensuring the long-term reliability and usability of the new features. Comprehensive tests help catch bugs and prevent regressions, while clear documentation makes it easier for users to understand how to use the features.

Conclusion: A Safer GOWS Experience

The proposed enhancements to GOWS—adding the ability to block, unblock, and report contacts—represent a significant step forward in creating a safer and more manageable communication environment. By implementing existing endpoints and introducing a new reporting endpoint, GOWS users will have the tools they need to combat spam and abuse effectively. These improvements are not just about adding features; they're about empowering users to maintain control over their communication channels and protect themselves from unwanted interactions. The outlined acceptance criteria ensure that these enhancements are implemented robustly and reliably. Thanks to these changes, GOWS users can look forward to a safer and more secure experience, enabling them to enforce safety policies without needing to switch engines. This enhancement will undoubtedly make GOWS a more powerful and user-friendly platform for all its users.