Add POST /manage/import (auth-protected) that fetches emotes from a
legacy JSON endpoint, downloads each image, uploads it to S3, and
inserts it into the DB with the original timestamps preserved.
- Skip emotes whose name already exists (best-effort duplicate detection
across SQLite and PostgreSQL via error code + message fallback)
- Validate source_url against a configurable host allowlist
([import] allowed_hosts in config, default ["smutba.se"])
- dry_run: true previews the import without writing to S3 or DB;
result statuses are "would_import" / "would_skip" instead of
"imported" / "skipped"
- Add db.name_exists() for efficient per-name existence checks used
by dry-run
- Add reqwest (rustls-tls + json) and url dependencies
- Integration tests: auth guard, allowlist rejection, mirror +
skip-duplicates, dry-run no-persist
All write endpoints and the manage
routes are gated behind HTTP Basic Auth middleware; credentials are
configured via [auth] in config.toml or APP__AUTH__USERNAME /
APP__AUTH__PASSWORD environment variables.
Ganonmaster