Comment moderation: pre_comment filter, anti-abuse, IP redaction

[tayebmokni]

Summary

Implement the comment moderation pipeline: insert-time spam scoring via pre_comment filter hook, anti-abuse rules (honeypot, time-on-page, per-IP rate limit, dedupe), and the comment.transitioned hook for admin moderation changes.

Design reference

• docs/01-core-cms.md §6.3 (Moderation & spam)
• docs/01-core-cms.md §6.4 (What we don't do)

Acceptance criteria

• pre_comment filter chain runs on insert; returns {score 0-100, reason}; status set to spam if score ≥ threshold (configurable, default 80)
• Honeypot field email_confirm rejected if non-empty
• Min time-on-page enforced (default 3s) — measured via signed timestamp issued on the post page render
• Per-IP rate limit: 10 comments / 10 min via Redis token bucket
• Dedupe: hash of (email, IP, post_id) checked against recent submissions (last hour)
• author_ip redacted to /24 (IPv4) or /64 (IPv6) by a daily Asynq job for rows older than 90 days
• comment.transitioned hook fires on every admin-driven status change
• Trackback/pingback endpoints NOT implemented (intentional)
• Integration tests cover honeypot trip, rate limit, dedupe, IP redaction

Dependencies

#16

Complexity

M

[tayebmokni]

Closing — shipped in the final-wave PR (#487-#492). Auto-close only fires for first ref.