Beast/clean unused endpoints

[dewabisma]

Cleaning unused endpoints and codes

---

Note

High Risk
Breaking removal of many authenticated user and raid APIs plus background sync; clients and ops configs must be updated, and orphaned DB tables/migrations may still exist without app-level access.

Overview
This PR narrows TaskMaster from a reward/blockchain server to a slimmer task-management API by deleting large swaths of handlers, models, repositories, background jobs, and configuration.

Removed product surface: reversible blockchain flows and related CLI flags (test_transaction, wallet/node overrides, run_once); user address APIs (stats, referral leaderboard, reward opt-in, ETH/X associate/dissociate, associated accounts); X OAuth link/callback/cookie flow; raid user flows (submissions, per-raid leaderboards) and the raid leaderboard synchronizer; GraphQL client on AppState (GraphQL remains only for --sync-transfers in main).

What remains: Dilithium challenge/verify auth and admin login; admin-only paginated GET /addresses (still joins opt-in/X/ETH in SQL but no repos for mutating those); referrals; raid quest admin CRUD plus public list; tweet sync and other existing config/risk/exchange routes.

Dependencies/config: Drops subxt, tower-cookies, quantus-cli-adjacent blockchain deps from the main crate manifest; trims TOML sections (blockchain, task_generation, reverser, x_association, raid_leaderboard, base_api_url); lockfile dedupes subxt 0.43.

^{Reviewed by Cursor Bugbot for commit 73e1b3c. Configure here.}

[n13]

Review — Beast/clean unused endpoints

Verdict: Approve on the code. It compiles cleanly, has no dangling references, and is internally consistent. The only real risk is non-code: this is a large breaking API removal, so please confirm the consumer-impact question below before merging.

What I verified

• Builds: cargo check --all-targets on the PR head (339c18e) → exit 0. The only warning is a pre-existing future-incompat from transitive sqlx-postgres/trie-db, unrelated to this PR.
• No dangling references to any removed symbol/module/crate (swept src/ for BlockchainConfig, RaidLeaderboardConfig, XAssociationConfig, get_base_api_url, get_x_association_keywords, Config::default, the deleted opt_in/x_association/eth_association/raid_submission/raid_leaderboard repos & models, and the dropped crates anyhow/dirs/rand/toml/tiny-keccak/subxt/tower-cookies).
• Cargo.toml dep removals are all genuinely unused in the retained code.
• Config consistency: the trimmed Config structs line up with default.toml/example.toml/test.toml and the removed Config helper methods.
• Module trees (handlers/, routes/, repositories/, models/, services/) match the deletions; errors.rs and handlers::HandlerError correctly dropped the Address/OAuth variants.
• Tests were refactored sensibly — association rows are now inserted via raw SQL in src/utils/test_db.rs since the repositories are gone.

Please confirm before merge (gating)

1. Consumer impact. This removes a large public surface (user address stats, referral leaderboard, reward opt-in, ETH/X associate–dissociate, X OAuth link/callback, raid submissions & per-raid leaderboards). The CORS allowlist still includes a frontend origin (http://localhost:4321). Please confirm with frontend / mobile / ops that nothing live calls these routes — the code can't answer this, and it's the dominant risk.

Non-blocking follow-ups

2. Orphaned tables. Migrations for opt_ins (002), eth_associations/x_associations (003) and raid_submissions (006/007) are kept, but there's no longer any application write path to them. The admin GET /addresses still LEFT JOINs opt_ins/eth_associations/x_associations and exposes is_opted_in / has_eth_address / has_x_account filters + sort columns (src/repositories/address.rs). For any data created after this PR these are permanent no-ops — only pre-existing rows would ever surface. Worth deciding intent:

   • keep them to display historical data (fine — maybe note it), or
   • drop the dead JOIN/filters/columns and add a migration to drop the now-unreachable tables.

   raid_submissions / raid_leaderboards have no reader at all anymore.

3. Nit: reset_database (src/utils/test_db.rs:14) truncates raid_submissions (now orphaned) but not raid_leaderboards — harmless inconsistency.

Not verified

• I didn't run the DB-backed tests locally (they need Postgres). The Test & Migrate check was still pending — let it go green (migrations + tests) before merging.

[dewabisma]

Yeah, the endpoints and codes removed should be safe one. We don't use many of them anymore. And existing migrations, is kept to not break production.

[n13]

Re-review — Beast/clean unused endpoints

Re-reviewed at HEAD 339c18e (unchanged since my last pass — diff vs. the previously reviewed commit is empty). Re-verified the build on a fresh worktree:

• cargo check --all-targets → exit 0. Only warning is the pre-existing sqlx-postgres / trie-db future-incompat from transitive deps, unrelated to this PR.
• Still no dangling references to any removed symbol/module/crate; the trimmed Cargo.toml deps and Config structs line up with default.toml / example.toml / test.toml.

My one gating question last time was consumer impact of the API removals. @dewabisma confirmed in-thread that the removed endpoints are no longer used and the migrations are intentionally kept so production data isn't broken. That clears the blocker.

Verdict

Approve. Internally consistent, compiles cleanly, and the consumer-impact risk is acknowledged by the author.

Non-blocking follow-up still stands: the admin GET /addresses keeps LEFT JOINing opt_ins / eth_associations / x_associations with no remaining write path, and raid_submissions / raid_leaderboards have no reader at all anymore — worth a later cleanup + drop migration unless you intend to keep surfacing historical rows.