[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts

import * as express from 'express'
import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
import { AbuseModel } from '@server/models/abuse/abuse'
import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
import { getServerActor } from '@server/models/application/application'
import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
import { getFormattedObjects } from '../../helpers/utils'
import { sequelizeTypescript } from '../../initializers/database'
import {
  abuseGetValidator,
  abuseListForAdminsValidator,
  abuseReportValidator,
  abusesSortValidator,
  abuseUpdateValidator,
  addAbuseMessageValidator,
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  deleteAbuseMessageValidator,
  ensureUserHasRight,
  getAbuseValidator,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort
} from '../../middlewares'
import { AccountModel } from '../../models/account/account'

const abuseRouter = express.Router()

abuseRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  paginationValidator,
  abusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  abuseListForAdminsValidator,
  asyncMiddleware(listAbusesForAdmins)
)
abuseRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateAbuse)
)
abuseRouter.post('/',
  authenticate,
  asyncMiddleware(abuseReportValidator),
  asyncRetryTransactionMiddleware(reportAbuse)
)
abuseRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseGetValidator),
  asyncRetryTransactionMiddleware(deleteAbuse)
)

abuseRouter.get('/:id/messages',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  asyncRetryTransactionMiddleware(listAbuseMessages)
)

abuseRouter.post('/:id/messages',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  addAbuseMessageValidator,
  asyncRetryTransactionMiddleware(addAbuseMessage)
)

abuseRouter.delete('/:id/messages/:messageId',
  authenticate,
  asyncMiddleware(getAbuseValidator),
  asyncMiddleware(deleteAbuseMessageValidator),
  asyncRetryTransactionMiddleware(deleteAbuseMessage)
)

// ---------------------------------------------------------------------------

export {
  abuseRouter,

  // FIXME: deprecated in 2.3. Remove these exports
  listAbusesForAdmins,
  updateAbuse,
  deleteAbuse,
  reportAbuse
}

// ---------------------------------------------------------------------------

async function listAbusesForAdmins (req: express.Request, res: express.Response) {
  const user = res.locals.oauth.token.user
  const serverActor = await getServerActor()

  const resultList = await AbuseModel.listForAdminApi({
    start: req.query.start,
    count: req.query.count,
    sort: req.query.sort,
    id: req.query.id,
    filter: req.query.filter,
    predefinedReason: req.query.predefinedReason,
    search: req.query.search,
    state: req.query.state,
    videoIs: req.query.videoIs,
    searchReporter: req.query.searchReporter,
    searchReportee: req.query.searchReportee,
    searchVideo: req.query.searchVideo,
    searchVideoChannel: req.query.searchVideoChannel,
    serverAccountId: serverActor.Account.id,
    user
  })

  return res.json({
    total: resultList.total,
    data: resultList.data.map(d => d.toFormattedAdminJSON())
  })
}

async function updateAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) abuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return abuse.save({ transaction: t })
  })

  // TODO: Notification

  // Do not send the delete to other instances, we updated OUR copy of this abuse

  return res.type('json').status(204).end()
}

async function deleteAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  await sequelizeTypescript.transaction(t => {
    return abuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this abuse

  return res.type('json').status(204).end()
}

async function reportAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.videoAll
  const commentInstance = res.locals.videoCommentFull
  const accountInstance = res.locals.account

  const body: AbuseCreate = req.body

  const { id } = await sequelizeTypescript.transaction(async t => {
    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
    const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])

    const baseAbuse = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      state: AbuseState.PENDING,
      predefinedReasons
    }

    if (body.video) {
      return createVideoAbuse({
        baseAbuse,
        videoInstance,
        reporterAccount,
        transaction: t,
        startAt: body.video.startAt,
        endAt: body.video.endAt
      })
    }

    if (body.comment) {
      return createVideoCommentAbuse({
        baseAbuse,
        commentInstance,
        reporterAccount,
        transaction: t
      })
    }

    // Account report
    return createAccountAbuse({
      baseAbuse,
      accountInstance,
      reporterAccount,
      transaction: t
    })
  })

  return res.json({ abuse: { id } })
}

async function listAbuseMessages (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  const resultList = await AbuseMessageModel.listForApi(abuse.id)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function addAbuseMessage (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse
  const user = res.locals.oauth.token.user

  const abuseMessage = await AbuseMessageModel.create({
    message: req.body.message,
    byModerator: abuse.reporterAccountId !== user.Account.id,
    accountId: user.Account.id,
    abuseId: abuse.id
  })

  // TODO: Notification

  return res.json({
    abuseMessage: {
      id: abuseMessage.id
    }
  })
}

async function deleteAbuseMessage (req: express.Request, res: express.Response) {
  const abuseMessage = res.locals.abuseMessage

  await sequelizeTypescript.transaction(t => {
    return abuseMessage.destroy({ transaction: t })
  })

  return res.sendStatus(204)
}
Commit	Line	Data
d95d1559 C	1	import * as express from 'express'
	2	import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
	3	import { AbuseModel } from '@server/models/abuse/abuse'
edbc9325	4	import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
d95d1559 C	5	import { getServerActor } from '@server/models/application/application'
	6	import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
	7	import { getFormattedObjects } from '../../helpers/utils'
	8	import { sequelizeTypescript } from '../../initializers/database'
	9	import {
	10	abuseGetValidator,
edbc9325	11	abuseListForAdminsValidator,
d95d1559 C	12	abuseReportValidator,
	13	abusesSortValidator,
	14	abuseUpdateValidator,
edbc9325	15	addAbuseMessageValidator,
d95d1559 C	16	asyncMiddleware,
	17	asyncRetryTransactionMiddleware,
	18	authenticate,
edbc9325	19	deleteAbuseMessageValidator,
d95d1559	20	ensureUserHasRight,
edbc9325	21	getAbuseValidator,
d95d1559 C	22	paginationValidator,
	23	setDefaultPagination,
	24	setDefaultSort
	25	} from '../../middlewares'
	26	import { AccountModel } from '../../models/account/account'
	27
	28	const abuseRouter = express.Router()
	29
57f6896f	30	abuseRouter.get('/',
d95d1559 C	31	authenticate,
	32	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	33	paginationValidator,
	34	abusesSortValidator,
	35	setDefaultSort,
	36	setDefaultPagination,
edbc9325 C	37	abuseListForAdminsValidator,
edbc9325 C	38	asyncMiddleware(listAbusesForAdmins)
d95d1559	39	)
57f6896f	40	abuseRouter.put('/:id',
d95d1559 C	41	authenticate,
	42	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	43	asyncMiddleware(abuseUpdateValidator),
	44	asyncRetryTransactionMiddleware(updateAbuse)
	45	)
57f6896f	46	abuseRouter.post('/',
d95d1559 C	47	authenticate,
	48	asyncMiddleware(abuseReportValidator),
	49	asyncRetryTransactionMiddleware(reportAbuse)
	50	)
57f6896f	51	abuseRouter.delete('/:id',
d95d1559 C	52	authenticate,
	53	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	54	asyncMiddleware(abuseGetValidator),
	55	asyncRetryTransactionMiddleware(deleteAbuse)
	56	)
	57
edbc9325 C	58	abuseRouter.get('/:id/messages',
	59	authenticate,
	60	asyncMiddleware(getAbuseValidator),
	61	asyncRetryTransactionMiddleware(listAbuseMessages)
	62	)
	63
	64	abuseRouter.post('/:id/messages',
	65	authenticate,
	66	asyncMiddleware(getAbuseValidator),
	67	addAbuseMessageValidator,
	68	asyncRetryTransactionMiddleware(addAbuseMessage)
	69	)
	70
	71	abuseRouter.delete('/:id/messages/:messageId',
	72	authenticate,
	73	asyncMiddleware(getAbuseValidator),
	74	asyncMiddleware(deleteAbuseMessageValidator),
	75	asyncRetryTransactionMiddleware(deleteAbuseMessage)
	76	)
	77
d95d1559 C	78	// ---------------------------------------------------------------------------
	79
	80	export {
	81	abuseRouter,
	82
	83	// FIXME: deprecated in 2.3. Remove these exports
edbc9325	84	listAbusesForAdmins,
d95d1559 C	85	updateAbuse,
	86	deleteAbuse,
	87	reportAbuse
	88	}
	89
	90	// ---------------------------------------------------------------------------
	91
edbc9325	92	async function listAbusesForAdmins (req: express.Request, res: express.Response) {
d95d1559 C	93	const user = res.locals.oauth.token.user
	94	const serverActor = await getServerActor()
	95
edbc9325	96	const resultList = await AbuseModel.listForAdminApi({
d95d1559 C	97	start: req.query.start,
	98	count: req.query.count,
	99	sort: req.query.sort,
	100	id: req.query.id,
57f6896f	101	filter: req.query.filter,
d95d1559 C	102	predefinedReason: req.query.predefinedReason,
	103	search: req.query.search,
	104	state: req.query.state,
	105	videoIs: req.query.videoIs,
	106	searchReporter: req.query.searchReporter,
	107	searchReportee: req.query.searchReportee,
	108	searchVideo: req.query.searchVideo,
	109	searchVideoChannel: req.query.searchVideoChannel,
	110	serverAccountId: serverActor.Account.id,
	111	user
	112	})
	113
edbc9325 C	114	return res.json({
	115	total: resultList.total,
	116	data: resultList.data.map(d => d.toFormattedAdminJSON())
	117	})
d95d1559 C	118	}
	119
	120	async function updateAbuse (req: express.Request, res: express.Response) {
	121	const abuse = res.locals.abuse
	122
	123	if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
	124	if (req.body.state !== undefined) abuse.state = req.body.state
	125
	126	await sequelizeTypescript.transaction(t => {
	127	return abuse.save({ transaction: t })
	128	})
	129
edbc9325 C	130	// TODO: Notification
edbc9325 C	131
310b5219	132	// Do not send the delete to other instances, we updated OUR copy of this abuse
d95d1559 C	133
	134	return res.type('json').status(204).end()
	135	}
	136
	137	async function deleteAbuse (req: express.Request, res: express.Response) {
	138	const abuse = res.locals.abuse
	139
	140	await sequelizeTypescript.transaction(t => {
	141	return abuse.destroy({ transaction: t })
	142	})
	143
310b5219	144	// Do not send the delete to other instances, we delete OUR copy of this abuse
d95d1559 C	145
	146	return res.type('json').status(204).end()
	147	}
	148
	149	async function reportAbuse (req: express.Request, res: express.Response) {
	150	const videoInstance = res.locals.videoAll
	151	const commentInstance = res.locals.videoCommentFull
	152	const accountInstance = res.locals.account
	153
	154	const body: AbuseCreate = req.body
	155
	156	const { id } = await sequelizeTypescript.transaction(async t => {
	157	const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
	158	const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
	159
	160	const baseAbuse = {
	161	reporterAccountId: reporterAccount.id,
	162	reason: body.reason,
	163	state: AbuseState.PENDING,
	164	predefinedReasons
	165	}
	166
	167	if (body.video) {
	168	return createVideoAbuse({
	169	baseAbuse,
	170	videoInstance,
	171	reporterAccount,
	172	transaction: t,
	173	startAt: body.video.startAt,
	174	endAt: body.video.endAt
	175	})
	176	}
	177
	178	if (body.comment) {
	179	return createVideoCommentAbuse({
	180	baseAbuse,
	181	commentInstance,
	182	reporterAccount,
	183	transaction: t
	184	})
	185	}
	186
	187	// Account report
	188	return createAccountAbuse({
	189	baseAbuse,
	190	accountInstance,
	191	reporterAccount,
	192	transaction: t
	193	})
	194	})
	195
	196	return res.json({ abuse: { id } })
	197	}
edbc9325 C	198
	199	async function listAbuseMessages (req: express.Request, res: express.Response) {
	200	const abuse = res.locals.abuse
	201
	202	const resultList = await AbuseMessageModel.listForApi(abuse.id)
	203
	204	return res.json(getFormattedObjects(resultList.data, resultList.total))
	205	}
	206
	207	async function addAbuseMessage (req: express.Request, res: express.Response) {
	208	const abuse = res.locals.abuse
	209	const user = res.locals.oauth.token.user
	210
	211	const abuseMessage = await AbuseMessageModel.create({
	212	message: req.body.message,
	213	byModerator: abuse.reporterAccountId !== user.Account.id,
	214	accountId: user.Account.id,
	215	abuseId: abuse.id
	216	})
	217
	218	// TODO: Notification
	219
	220	return res.json({
	221	abuseMessage: {
	222	id: abuseMessage.id
	223	}
	224	})
	225	}
	226
	227	async function deleteAbuseMessage (req: express.Request, res: express.Response) {
	228	const abuseMessage = res.locals.abuseMessage
	229
	230	await sequelizeTypescript.transaction(t => {
	231	return abuseMessage.destroy({ transaction: t })
	232	})
	233
	234	return res.sendStatus(204)
	235	}