]>
Commit | Line | Data |
---|---|---|
41fb13c3 | 1 | import express from 'express' |
bd45d503 | 2 | import { logger } from '@server/helpers/logger' |
d95d1559 | 3 | import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation' |
bd45d503 | 4 | import { Notifier } from '@server/lib/notifier' |
d95d1559 | 5 | import { AbuseModel } from '@server/models/abuse/abuse' |
edbc9325 | 6 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
d95d1559 | 7 | import { getServerActor } from '@server/models/application/application' |
bd45d503 | 8 | import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse' |
d17c7b4e | 9 | import { AbuseCreate, AbuseState, HttpStatusCode, UserRight } from '@shared/models' |
d95d1559 C |
10 | import { getFormattedObjects } from '../../helpers/utils' |
11 | import { sequelizeTypescript } from '../../initializers/database' | |
12 | import { | |
13 | abuseGetValidator, | |
edbc9325 | 14 | abuseListForAdminsValidator, |
d95d1559 C |
15 | abuseReportValidator, |
16 | abusesSortValidator, | |
17 | abuseUpdateValidator, | |
edbc9325 | 18 | addAbuseMessageValidator, |
d95d1559 C |
19 | asyncMiddleware, |
20 | asyncRetryTransactionMiddleware, | |
21 | authenticate, | |
94148c90 | 22 | checkAbuseValidForMessagesValidator, |
edbc9325 | 23 | deleteAbuseMessageValidator, |
d95d1559 | 24 | ensureUserHasRight, |
edbc9325 | 25 | getAbuseValidator, |
1333ab1f | 26 | openapiOperationDoc, |
d95d1559 C |
27 | paginationValidator, |
28 | setDefaultPagination, | |
29 | setDefaultSort | |
30 | } from '../../middlewares' | |
31 | import { AccountModel } from '../../models/account/account' | |
32 | ||
33 | const abuseRouter = express.Router() | |
34 | ||
57f6896f | 35 | abuseRouter.get('/', |
1333ab1f | 36 | openapiOperationDoc({ operationId: 'getAbuses' }), |
d95d1559 C |
37 | authenticate, |
38 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
39 | paginationValidator, | |
40 | abusesSortValidator, | |
41 | setDefaultSort, | |
42 | setDefaultPagination, | |
edbc9325 C |
43 | abuseListForAdminsValidator, |
44 | asyncMiddleware(listAbusesForAdmins) | |
d95d1559 | 45 | ) |
57f6896f | 46 | abuseRouter.put('/:id', |
d95d1559 C |
47 | authenticate, |
48 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
49 | asyncMiddleware(abuseUpdateValidator), | |
50 | asyncRetryTransactionMiddleware(updateAbuse) | |
51 | ) | |
57f6896f | 52 | abuseRouter.post('/', |
d95d1559 C |
53 | authenticate, |
54 | asyncMiddleware(abuseReportValidator), | |
55 | asyncRetryTransactionMiddleware(reportAbuse) | |
56 | ) | |
57f6896f | 57 | abuseRouter.delete('/:id', |
d95d1559 C |
58 | authenticate, |
59 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
60 | asyncMiddleware(abuseGetValidator), | |
61 | asyncRetryTransactionMiddleware(deleteAbuse) | |
62 | ) | |
63 | ||
edbc9325 C |
64 | abuseRouter.get('/:id/messages', |
65 | authenticate, | |
66 | asyncMiddleware(getAbuseValidator), | |
94148c90 | 67 | checkAbuseValidForMessagesValidator, |
edbc9325 C |
68 | asyncRetryTransactionMiddleware(listAbuseMessages) |
69 | ) | |
70 | ||
71 | abuseRouter.post('/:id/messages', | |
72 | authenticate, | |
73 | asyncMiddleware(getAbuseValidator), | |
94148c90 | 74 | checkAbuseValidForMessagesValidator, |
edbc9325 C |
75 | addAbuseMessageValidator, |
76 | asyncRetryTransactionMiddleware(addAbuseMessage) | |
77 | ) | |
78 | ||
79 | abuseRouter.delete('/:id/messages/:messageId', | |
80 | authenticate, | |
81 | asyncMiddleware(getAbuseValidator), | |
94148c90 | 82 | checkAbuseValidForMessagesValidator, |
edbc9325 C |
83 | asyncMiddleware(deleteAbuseMessageValidator), |
84 | asyncRetryTransactionMiddleware(deleteAbuseMessage) | |
85 | ) | |
86 | ||
d95d1559 C |
87 | // --------------------------------------------------------------------------- |
88 | ||
89 | export { | |
7a4ea932 | 90 | abuseRouter |
d95d1559 C |
91 | } |
92 | ||
93 | // --------------------------------------------------------------------------- | |
94 | ||
edbc9325 | 95 | async function listAbusesForAdmins (req: express.Request, res: express.Response) { |
d95d1559 C |
96 | const user = res.locals.oauth.token.user |
97 | const serverActor = await getServerActor() | |
98 | ||
edbc9325 | 99 | const resultList = await AbuseModel.listForAdminApi({ |
d95d1559 C |
100 | start: req.query.start, |
101 | count: req.query.count, | |
102 | sort: req.query.sort, | |
103 | id: req.query.id, | |
57f6896f | 104 | filter: req.query.filter, |
d95d1559 C |
105 | predefinedReason: req.query.predefinedReason, |
106 | search: req.query.search, | |
107 | state: req.query.state, | |
108 | videoIs: req.query.videoIs, | |
109 | searchReporter: req.query.searchReporter, | |
110 | searchReportee: req.query.searchReportee, | |
111 | searchVideo: req.query.searchVideo, | |
112 | searchVideoChannel: req.query.searchVideoChannel, | |
113 | serverAccountId: serverActor.Account.id, | |
114 | user | |
115 | }) | |
116 | ||
edbc9325 C |
117 | return res.json({ |
118 | total: resultList.total, | |
119 | data: resultList.data.map(d => d.toFormattedAdminJSON()) | |
120 | }) | |
d95d1559 C |
121 | } |
122 | ||
123 | async function updateAbuse (req: express.Request, res: express.Response) { | |
124 | const abuse = res.locals.abuse | |
594d3e48 | 125 | let stateUpdated = false |
d95d1559 C |
126 | |
127 | if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment | |
594d3e48 C |
128 | |
129 | if (req.body.state !== undefined) { | |
130 | abuse.state = req.body.state | |
131 | stateUpdated = true | |
132 | } | |
d95d1559 C |
133 | |
134 | await sequelizeTypescript.transaction(t => { | |
135 | return abuse.save({ transaction: t }) | |
136 | }) | |
137 | ||
594d3e48 C |
138 | if (stateUpdated === true) { |
139 | AbuseModel.loadFull(abuse.id) | |
140 | .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull)) | |
141 | .catch(err => logger.error('Cannot notify on abuse state change', { err })) | |
142 | } | |
edbc9325 | 143 | |
310b5219 | 144 | // Do not send the delete to other instances, we updated OUR copy of this abuse |
d95d1559 | 145 | |
76148b27 | 146 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
d95d1559 C |
147 | } |
148 | ||
149 | async function deleteAbuse (req: express.Request, res: express.Response) { | |
150 | const abuse = res.locals.abuse | |
151 | ||
152 | await sequelizeTypescript.transaction(t => { | |
153 | return abuse.destroy({ transaction: t }) | |
154 | }) | |
155 | ||
310b5219 | 156 | // Do not send the delete to other instances, we delete OUR copy of this abuse |
d95d1559 | 157 | |
76148b27 | 158 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
d95d1559 C |
159 | } |
160 | ||
161 | async function reportAbuse (req: express.Request, res: express.Response) { | |
162 | const videoInstance = res.locals.videoAll | |
163 | const commentInstance = res.locals.videoCommentFull | |
164 | const accountInstance = res.locals.account | |
165 | ||
166 | const body: AbuseCreate = req.body | |
167 | ||
168 | const { id } = await sequelizeTypescript.transaction(async t => { | |
9e847c17 C |
169 | const user = res.locals.oauth.token.User |
170 | // Don't send abuse notification if reporter is an admin/moderator | |
171 | const skipNotification = user.hasRight(UserRight.MANAGE_ABUSES) | |
172 | ||
173 | const reporterAccount = await AccountModel.load(user.Account.id, t) | |
d95d1559 C |
174 | const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) |
175 | ||
176 | const baseAbuse = { | |
177 | reporterAccountId: reporterAccount.id, | |
178 | reason: body.reason, | |
179 | state: AbuseState.PENDING, | |
180 | predefinedReasons | |
181 | } | |
182 | ||
183 | if (body.video) { | |
184 | return createVideoAbuse({ | |
185 | baseAbuse, | |
186 | videoInstance, | |
187 | reporterAccount, | |
188 | transaction: t, | |
189 | startAt: body.video.startAt, | |
9e847c17 C |
190 | endAt: body.video.endAt, |
191 | skipNotification | |
d95d1559 C |
192 | }) |
193 | } | |
194 | ||
195 | if (body.comment) { | |
196 | return createVideoCommentAbuse({ | |
197 | baseAbuse, | |
198 | commentInstance, | |
199 | reporterAccount, | |
9e847c17 C |
200 | transaction: t, |
201 | skipNotification | |
d95d1559 C |
202 | }) |
203 | } | |
204 | ||
205 | // Account report | |
206 | return createAccountAbuse({ | |
207 | baseAbuse, | |
208 | accountInstance, | |
209 | reporterAccount, | |
9e847c17 C |
210 | transaction: t, |
211 | skipNotification | |
d95d1559 C |
212 | }) |
213 | }) | |
214 | ||
215 | return res.json({ abuse: { id } }) | |
216 | } | |
edbc9325 C |
217 | |
218 | async function listAbuseMessages (req: express.Request, res: express.Response) { | |
219 | const abuse = res.locals.abuse | |
220 | ||
221 | const resultList = await AbuseMessageModel.listForApi(abuse.id) | |
222 | ||
223 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
224 | } | |
225 | ||
226 | async function addAbuseMessage (req: express.Request, res: express.Response) { | |
227 | const abuse = res.locals.abuse | |
228 | const user = res.locals.oauth.token.user | |
229 | ||
230 | const abuseMessage = await AbuseMessageModel.create({ | |
231 | message: req.body.message, | |
232 | byModerator: abuse.reporterAccountId !== user.Account.id, | |
233 | accountId: user.Account.id, | |
234 | abuseId: abuse.id | |
235 | }) | |
236 | ||
594d3e48 C |
237 | AbuseModel.loadFull(abuse.id) |
238 | .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage)) | |
239 | .catch(err => logger.error('Cannot notify on new abuse message', { err })) | |
edbc9325 C |
240 | |
241 | return res.json({ | |
242 | abuseMessage: { | |
243 | id: abuseMessage.id | |
244 | } | |
245 | }) | |
246 | } | |
247 | ||
248 | async function deleteAbuseMessage (req: express.Request, res: express.Response) { | |
249 | const abuseMessage = res.locals.abuseMessage | |
250 | ||
251 | await sequelizeTypescript.transaction(t => { | |
252 | return abuseMessage.destroy({ transaction: t }) | |
253 | }) | |
254 | ||
76148b27 | 255 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
edbc9325 | 256 | } |