+++
title = "quotesdb/api: admin moderation endpoints (list reports, delete/hide from report)"
priority = 5
status = "todo"
ticket_type = "feature"
dependencies = ["8a7fba", "77237f"]
+++
## Summary
Add admin endpoints for viewing and acting on reported quotes.

## Endpoints
GET /api/admin/reports?page=N
- Returns paginated list of reported quotes (10/page)
- Each entry: quote summary + report count + most recent report date
- Requires X-Admin-Auth-Code header (admin auth)
- Returns 403 on auth mismatch

GET /api/admin/reports/:quote_id
- Returns the full quote + all reports for that quote (id, reason, created_at)
- Requires X-Admin-Auth-Code header

DELETE /api/admin/reports/:quote_id/quote
- Deletes the quote (cascades to reports via FK)
- Requires X-Admin-Auth-Code header

POST /api/admin/reports/:quote_id/hide
- Sets hidden=1 on the quote
- Requires X-Admin-Auth-Code header

DELETE /api/admin/reports/:quote_id/reports
- Clears all reports for a quote (dismiss reports without acting on the quote)
- Requires X-Admin-Auth-Code header

## Notes
- Admin auth is validated against the admin_auth_code in the DB (same as existing admin endpoints)
- Depends on: 8a7fba (hidden flag), 77237f (reports table)

## Acceptance Criteria
- [ ] All endpoints return correct data
- [ ] All endpoints require and validate admin auth
- [ ] Pagination works for GET /api/admin/reports
- [ ] Delete cascades correctly
- [ ] Unit tests for each endpoint

## Validation
```sh
cargo fmt && cargo check && cargo clippy && cargo test
```