[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts

import * as express from 'express'
import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
import { AbuseModel } from '@server/models/abuse/abuse'
import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
import { getServerActor } from '@server/models/application/application'
import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
import { getFormattedObjects } from '../../helpers/utils'
import { sequelizeTypescript } from '../../initializers/database'
import {
  abuseGetValidator,
  abuseListForAdminsValidator,
  abuseReportValidator,
  abusesSortValidator,
  abuseUpdateValidator,
  addAbuseMessageValidator,
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  checkAbuseValidForMessagesValidator,
  deleteAbuseMessageValidator,
  ensureUserHasRight,
  getAbuseValidator,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort
} from '../../middlewares'
import { AccountModel } from '../../models/account/account'
import { Notifier } from '@server/lib/notifier'
import { logger } from '@server/helpers/logger'

const abuseRouter = express.Router()

abuseRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  paginationValidator,
  abusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  abuseListForAdminsValidator,
  asyncMiddleware(listAbusesForAdmins)
)
abuseRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateAbuse)
)
abuseRouter.post('/',
  authenticate,
  asyncMiddleware(abuseReportValidator),
  asyncRetryTransactionMiddleware(reportAbuse)
)
abuseRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseGetValidator),
  asyncRetryTransactionMiddleware(deleteAbuse)
)

abuseRouter.get('/:id/messages',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  checkAbuseValidForMessagesValidator,
  asyncRetryTransactionMiddleware(listAbuseMessages)
)

abuseRouter.post('/:id/messages',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  checkAbuseValidForMessagesValidator,
  addAbuseMessageValidator,
  asyncRetryTransactionMiddleware(addAbuseMessage)
)

abuseRouter.delete('/:id/messages/:messageId',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  checkAbuseValidForMessagesValidator,
  asyncMiddleware(deleteAbuseMessageValidator),
  asyncRetryTransactionMiddleware(deleteAbuseMessage)
)

// ---------------------------------------------------------------------------

export {
  abuseRouter,

  // FIXME: deprecated in 2.3. Remove these exports
  listAbusesForAdmins,
  updateAbuse,
  deleteAbuse,
  reportAbuse
}

// ---------------------------------------------------------------------------

async function listAbusesForAdmins (req: express.Request, res: express.Response) {
  const user = res.locals.oauth.token.user
  const serverActor = await getServerActor()

  const resultList = await AbuseModel.listForAdminApi({
    start: req.query.start,
    count: req.query.count,
    sort: req.query.sort,
    id: req.query.id,
    filter: req.query.filter,
    predefinedReason: req.query.predefinedReason,
    search: req.query.search,
    state: req.query.state,
    videoIs: req.query.videoIs,
    searchReporter: req.query.searchReporter,
    searchReportee: req.query.searchReportee,
    searchVideo: req.query.searchVideo,
    searchVideoChannel: req.query.searchVideoChannel,
    serverAccountId: serverActor.Account.id,
    user
  })

  return res.json({
    total: resultList.total,
    data: resultList.data.map(d => d.toFormattedAdminJSON())
  })
}

async function updateAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse
  let stateUpdated = false

  if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment

  if (req.body.state !== undefined) {
    abuse.state = req.body.state
    stateUpdated = true
  }

  await sequelizeTypescript.transaction(t => {
    return abuse.save({ transaction: t })
  })

  if (stateUpdated === true) {
    AbuseModel.loadFull(abuse.id)
      .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
      .catch(err => logger.error('Cannot notify on abuse state change', { err }))
  }

  // Do not send the delete to other instances, we updated OUR copy of this abuse

  return res.sendStatus(204)
}

async function deleteAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  await sequelizeTypescript.transaction(t => {
    return abuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this abuse

  return res.sendStatus(204)
}

async function reportAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.videoAll
  const commentInstance = res.locals.videoCommentFull
  const accountInstance = res.locals.account

  const body: AbuseCreate = req.body

  const { id } = await sequelizeTypescript.transaction(async t => {
    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
    const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])

    const baseAbuse = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      state: AbuseState.PENDING,
      predefinedReasons
    }

    if (body.video) {
      return createVideoAbuse({
        baseAbuse,
        videoInstance,
        reporterAccount,
        transaction: t,
        startAt: body.video.startAt,
        endAt: body.video.endAt
      })
    }

    if (body.comment) {
      return createVideoCommentAbuse({
        baseAbuse,
        commentInstance,
        reporterAccount,
        transaction: t
      })
    }

    // Account report
    return createAccountAbuse({
      baseAbuse,
      accountInstance,
      reporterAccount,
      transaction: t
    })
  })

  return res.json({ abuse: { id } })
}

async function listAbuseMessages (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  const resultList = await AbuseMessageModel.listForApi(abuse.id)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function addAbuseMessage (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse
  const user = res.locals.oauth.token.user

  const abuseMessage = await AbuseMessageModel.create({
    message: req.body.message,
    byModerator: abuse.reporterAccountId !== user.Account.id,
    accountId: user.Account.id,
    abuseId: abuse.id
  })

  AbuseModel.loadFull(abuse.id)
    .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
    .catch(err => logger.error('Cannot notify on new abuse message', { err }))

  return res.json({
    abuseMessage: {
      id: abuseMessage.id
    }
  })
}

async function deleteAbuseMessage (req: express.Request, res: express.Response) {
  const abuseMessage = res.locals.abuseMessage

  await sequelizeTypescript.transaction(t => {
    return abuseMessage.destroy({ transaction: t })
  })

  return res.sendStatus(204)
}
Commit	Line	Data
d95d1559 C	1	import * as express from 'express'
	2	import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
	3	import { AbuseModel } from '@server/models/abuse/abuse'
edbc9325	4	import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
d95d1559 C	5	import { getServerActor } from '@server/models/application/application'
	6	import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
	7	import { getFormattedObjects } from '../../helpers/utils'
	8	import { sequelizeTypescript } from '../../initializers/database'
	9	import {
	10	abuseGetValidator,
edbc9325	11	abuseListForAdminsValidator,
d95d1559 C	12	abuseReportValidator,
	13	abusesSortValidator,
	14	abuseUpdateValidator,
edbc9325	15	addAbuseMessageValidator,
d95d1559 C	16	asyncMiddleware,
	17	asyncRetryTransactionMiddleware,
	18	authenticate,
94148c90	19	checkAbuseValidForMessagesValidator,
edbc9325	20	deleteAbuseMessageValidator,
d95d1559	21	ensureUserHasRight,
edbc9325	22	getAbuseValidator,
d95d1559 C	23	paginationValidator,
	24	setDefaultPagination,
	25	setDefaultSort
	26	} from '../../middlewares'
	27	import { AccountModel } from '../../models/account/account'
594d3e48 C	28	import { Notifier } from '@server/lib/notifier'
594d3e48 C	29	import { logger } from '@server/helpers/logger'
d95d1559 C	30
	31	const abuseRouter = express.Router()
	32
57f6896f	33	abuseRouter.get('/',
d95d1559 C	34	authenticate,
	35	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	36	paginationValidator,
	37	abusesSortValidator,
	38	setDefaultSort,
	39	setDefaultPagination,
edbc9325 C	40	abuseListForAdminsValidator,
edbc9325 C	41	asyncMiddleware(listAbusesForAdmins)
d95d1559	42	)
57f6896f	43	abuseRouter.put('/:id',
d95d1559 C	44	authenticate,
	45	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	46	asyncMiddleware(abuseUpdateValidator),
	47	asyncRetryTransactionMiddleware(updateAbuse)
	48	)
57f6896f	49	abuseRouter.post('/',
d95d1559 C	50	authenticate,
	51	asyncMiddleware(abuseReportValidator),
	52	asyncRetryTransactionMiddleware(reportAbuse)
	53	)
57f6896f	54	abuseRouter.delete('/:id',
d95d1559 C	55	authenticate,
	56	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	57	asyncMiddleware(abuseGetValidator),
	58	asyncRetryTransactionMiddleware(deleteAbuse)
	59	)
	60
edbc9325 C	61	abuseRouter.get('/:id/messages',
	62	authenticate,
	63	asyncMiddleware(getAbuseValidator),
94148c90	64	checkAbuseValidForMessagesValidator,
edbc9325 C	65	asyncRetryTransactionMiddleware(listAbuseMessages)
	66	)
	67
	68	abuseRouter.post('/:id/messages',
	69	authenticate,
	70	asyncMiddleware(getAbuseValidator),
94148c90	71	checkAbuseValidForMessagesValidator,
edbc9325 C	72	addAbuseMessageValidator,
	73	asyncRetryTransactionMiddleware(addAbuseMessage)
	74	)
	75
	76	abuseRouter.delete('/:id/messages/:messageId',
	77	authenticate,
	78	asyncMiddleware(getAbuseValidator),
94148c90	79	checkAbuseValidForMessagesValidator,
edbc9325 C	80	asyncMiddleware(deleteAbuseMessageValidator),
	81	asyncRetryTransactionMiddleware(deleteAbuseMessage)
	82	)
	83
d95d1559 C	84	// ---------------------------------------------------------------------------
	85
	86	export {
	87	abuseRouter,
	88
	89	// FIXME: deprecated in 2.3. Remove these exports
edbc9325	90	listAbusesForAdmins,
d95d1559 C	91	updateAbuse,
	92	deleteAbuse,
	93	reportAbuse
	94	}
	95
	96	// ---------------------------------------------------------------------------
	97
edbc9325	98	async function listAbusesForAdmins (req: express.Request, res: express.Response) {
d95d1559 C	99	const user = res.locals.oauth.token.user
	100	const serverActor = await getServerActor()
	101
edbc9325	102	const resultList = await AbuseModel.listForAdminApi({
d95d1559 C	103	start: req.query.start,
	104	count: req.query.count,
	105	sort: req.query.sort,
	106	id: req.query.id,
57f6896f	107	filter: req.query.filter,
d95d1559 C	108	predefinedReason: req.query.predefinedReason,
	109	search: req.query.search,
	110	state: req.query.state,
	111	videoIs: req.query.videoIs,
	112	searchReporter: req.query.searchReporter,
	113	searchReportee: req.query.searchReportee,
	114	searchVideo: req.query.searchVideo,
	115	searchVideoChannel: req.query.searchVideoChannel,
	116	serverAccountId: serverActor.Account.id,
	117	user
	118	})
	119
edbc9325 C	120	return res.json({
	121	total: resultList.total,
	122	data: resultList.data.map(d => d.toFormattedAdminJSON())
	123	})
d95d1559 C	124	}
	125
	126	async function updateAbuse (req: express.Request, res: express.Response) {
	127	const abuse = res.locals.abuse
594d3e48	128	let stateUpdated = false
d95d1559 C	129
d95d1559 C	130	if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
594d3e48 C	131
	132	if (req.body.state !== undefined) {
	133	abuse.state = req.body.state
	134	stateUpdated = true
	135	}
d95d1559 C	136
	137	await sequelizeTypescript.transaction(t => {
	138	return abuse.save({ transaction: t })
	139	})
	140
594d3e48 C	141	if (stateUpdated === true) {
	142	AbuseModel.loadFull(abuse.id)
	143	.then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
	144	.catch(err => logger.error('Cannot notify on abuse state change', { err }))
	145	}
edbc9325	146
310b5219	147	// Do not send the delete to other instances, we updated OUR copy of this abuse
d95d1559	148
594d3e48	149	return res.sendStatus(204)
d95d1559 C	150	}
	151
	152	async function deleteAbuse (req: express.Request, res: express.Response) {
	153	const abuse = res.locals.abuse
	154
	155	await sequelizeTypescript.transaction(t => {
	156	return abuse.destroy({ transaction: t })
	157	})
	158
310b5219	159	// Do not send the delete to other instances, we delete OUR copy of this abuse
d95d1559	160
594d3e48	161	return res.sendStatus(204)
d95d1559 C	162	}
	163
	164	async function reportAbuse (req: express.Request, res: express.Response) {
	165	const videoInstance = res.locals.videoAll
	166	const commentInstance = res.locals.videoCommentFull
	167	const accountInstance = res.locals.account
	168
	169	const body: AbuseCreate = req.body
	170
	171	const { id } = await sequelizeTypescript.transaction(async t => {
	172	const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
	173	const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
	174
	175	const baseAbuse = {
	176	reporterAccountId: reporterAccount.id,
	177	reason: body.reason,
	178	state: AbuseState.PENDING,
	179	predefinedReasons
	180	}
	181
	182	if (body.video) {
	183	return createVideoAbuse({
	184	baseAbuse,
	185	videoInstance,
	186	reporterAccount,
	187	transaction: t,
	188	startAt: body.video.startAt,
	189	endAt: body.video.endAt
	190	})
	191	}
	192
	193	if (body.comment) {
	194	return createVideoCommentAbuse({
	195	baseAbuse,
	196	commentInstance,
	197	reporterAccount,
	198	transaction: t
	199	})
	200	}
	201
	202	// Account report
	203	return createAccountAbuse({
	204	baseAbuse,
	205	accountInstance,
	206	reporterAccount,
	207	transaction: t
	208	})
	209	})
	210
	211	return res.json({ abuse: { id } })
	212	}
edbc9325 C	213
	214	async function listAbuseMessages (req: express.Request, res: express.Response) {
	215	const abuse = res.locals.abuse
	216
	217	const resultList = await AbuseMessageModel.listForApi(abuse.id)
	218
	219	return res.json(getFormattedObjects(resultList.data, resultList.total))
	220	}
	221
	222	async function addAbuseMessage (req: express.Request, res: express.Response) {
	223	const abuse = res.locals.abuse
	224	const user = res.locals.oauth.token.user
	225
	226	const abuseMessage = await AbuseMessageModel.create({
	227	message: req.body.message,
	228	byModerator: abuse.reporterAccountId !== user.Account.id,
	229	accountId: user.Account.id,
	230	abuseId: abuse.id
	231	})
	232
594d3e48 C	233	AbuseModel.loadFull(abuse.id)
	234	.then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
	235	.catch(err => logger.error('Cannot notify on new abuse message', { err }))
edbc9325 C	236
	237	return res.json({
	238	abuseMessage: {
	239	id: abuseMessage.id
	240	}
	241	})
	242	}
	243
	244	async function deleteAbuseMessage (req: express.Request, res: express.Response) {
	245	const abuseMessage = res.locals.abuseMessage
	246
	247	await sequelizeTypescript.transaction(t => {
	248	return abuseMessage.destroy({ transaction: t })
	249	})
	250
	251	return res.sendStatus(204)
	252	}