]>
Commit | Line | Data |
---|---|---|
d95d1559 C |
1 | import * as express from 'express' |
2 | import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation' | |
3 | import { AbuseModel } from '@server/models/abuse/abuse' | |
edbc9325 | 4 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
d95d1559 C |
5 | import { getServerActor } from '@server/models/application/application' |
6 | import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared' | |
7 | import { getFormattedObjects } from '../../helpers/utils' | |
8 | import { sequelizeTypescript } from '../../initializers/database' | |
9 | import { | |
10 | abuseGetValidator, | |
edbc9325 | 11 | abuseListForAdminsValidator, |
d95d1559 C |
12 | abuseReportValidator, |
13 | abusesSortValidator, | |
14 | abuseUpdateValidator, | |
edbc9325 | 15 | addAbuseMessageValidator, |
d95d1559 C |
16 | asyncMiddleware, |
17 | asyncRetryTransactionMiddleware, | |
18 | authenticate, | |
edbc9325 | 19 | deleteAbuseMessageValidator, |
d95d1559 | 20 | ensureUserHasRight, |
edbc9325 | 21 | getAbuseValidator, |
d95d1559 C |
22 | paginationValidator, |
23 | setDefaultPagination, | |
24 | setDefaultSort | |
25 | } from '../../middlewares' | |
26 | import { AccountModel } from '../../models/account/account' | |
27 | ||
28 | const abuseRouter = express.Router() | |
29 | ||
57f6896f | 30 | abuseRouter.get('/', |
d95d1559 C |
31 | authenticate, |
32 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
33 | paginationValidator, | |
34 | abusesSortValidator, | |
35 | setDefaultSort, | |
36 | setDefaultPagination, | |
edbc9325 C |
37 | abuseListForAdminsValidator, |
38 | asyncMiddleware(listAbusesForAdmins) | |
d95d1559 | 39 | ) |
57f6896f | 40 | abuseRouter.put('/:id', |
d95d1559 C |
41 | authenticate, |
42 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
43 | asyncMiddleware(abuseUpdateValidator), | |
44 | asyncRetryTransactionMiddleware(updateAbuse) | |
45 | ) | |
57f6896f | 46 | abuseRouter.post('/', |
d95d1559 C |
47 | authenticate, |
48 | asyncMiddleware(abuseReportValidator), | |
49 | asyncRetryTransactionMiddleware(reportAbuse) | |
50 | ) | |
57f6896f | 51 | abuseRouter.delete('/:id', |
d95d1559 C |
52 | authenticate, |
53 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
54 | asyncMiddleware(abuseGetValidator), | |
55 | asyncRetryTransactionMiddleware(deleteAbuse) | |
56 | ) | |
57 | ||
edbc9325 C |
58 | abuseRouter.get('/:id/messages', |
59 | authenticate, | |
60 | asyncMiddleware(getAbuseValidator), | |
61 | asyncRetryTransactionMiddleware(listAbuseMessages) | |
62 | ) | |
63 | ||
64 | abuseRouter.post('/:id/messages', | |
65 | authenticate, | |
66 | asyncMiddleware(getAbuseValidator), | |
67 | addAbuseMessageValidator, | |
68 | asyncRetryTransactionMiddleware(addAbuseMessage) | |
69 | ) | |
70 | ||
71 | abuseRouter.delete('/:id/messages/:messageId', | |
72 | authenticate, | |
73 | asyncMiddleware(getAbuseValidator), | |
74 | asyncMiddleware(deleteAbuseMessageValidator), | |
75 | asyncRetryTransactionMiddleware(deleteAbuseMessage) | |
76 | ) | |
77 | ||
d95d1559 C |
78 | // --------------------------------------------------------------------------- |
79 | ||
80 | export { | |
81 | abuseRouter, | |
82 | ||
83 | // FIXME: deprecated in 2.3. Remove these exports | |
edbc9325 | 84 | listAbusesForAdmins, |
d95d1559 C |
85 | updateAbuse, |
86 | deleteAbuse, | |
87 | reportAbuse | |
88 | } | |
89 | ||
90 | // --------------------------------------------------------------------------- | |
91 | ||
edbc9325 | 92 | async function listAbusesForAdmins (req: express.Request, res: express.Response) { |
d95d1559 C |
93 | const user = res.locals.oauth.token.user |
94 | const serverActor = await getServerActor() | |
95 | ||
edbc9325 | 96 | const resultList = await AbuseModel.listForAdminApi({ |
d95d1559 C |
97 | start: req.query.start, |
98 | count: req.query.count, | |
99 | sort: req.query.sort, | |
100 | id: req.query.id, | |
57f6896f | 101 | filter: req.query.filter, |
d95d1559 C |
102 | predefinedReason: req.query.predefinedReason, |
103 | search: req.query.search, | |
104 | state: req.query.state, | |
105 | videoIs: req.query.videoIs, | |
106 | searchReporter: req.query.searchReporter, | |
107 | searchReportee: req.query.searchReportee, | |
108 | searchVideo: req.query.searchVideo, | |
109 | searchVideoChannel: req.query.searchVideoChannel, | |
110 | serverAccountId: serverActor.Account.id, | |
111 | user | |
112 | }) | |
113 | ||
edbc9325 C |
114 | return res.json({ |
115 | total: resultList.total, | |
116 | data: resultList.data.map(d => d.toFormattedAdminJSON()) | |
117 | }) | |
d95d1559 C |
118 | } |
119 | ||
120 | async function updateAbuse (req: express.Request, res: express.Response) { | |
121 | const abuse = res.locals.abuse | |
122 | ||
123 | if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment | |
124 | if (req.body.state !== undefined) abuse.state = req.body.state | |
125 | ||
126 | await sequelizeTypescript.transaction(t => { | |
127 | return abuse.save({ transaction: t }) | |
128 | }) | |
129 | ||
edbc9325 C |
130 | // TODO: Notification |
131 | ||
310b5219 | 132 | // Do not send the delete to other instances, we updated OUR copy of this abuse |
d95d1559 C |
133 | |
134 | return res.type('json').status(204).end() | |
135 | } | |
136 | ||
137 | async function deleteAbuse (req: express.Request, res: express.Response) { | |
138 | const abuse = res.locals.abuse | |
139 | ||
140 | await sequelizeTypescript.transaction(t => { | |
141 | return abuse.destroy({ transaction: t }) | |
142 | }) | |
143 | ||
310b5219 | 144 | // Do not send the delete to other instances, we delete OUR copy of this abuse |
d95d1559 C |
145 | |
146 | return res.type('json').status(204).end() | |
147 | } | |
148 | ||
149 | async function reportAbuse (req: express.Request, res: express.Response) { | |
150 | const videoInstance = res.locals.videoAll | |
151 | const commentInstance = res.locals.videoCommentFull | |
152 | const accountInstance = res.locals.account | |
153 | ||
154 | const body: AbuseCreate = req.body | |
155 | ||
156 | const { id } = await sequelizeTypescript.transaction(async t => { | |
157 | const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | |
158 | const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) | |
159 | ||
160 | const baseAbuse = { | |
161 | reporterAccountId: reporterAccount.id, | |
162 | reason: body.reason, | |
163 | state: AbuseState.PENDING, | |
164 | predefinedReasons | |
165 | } | |
166 | ||
167 | if (body.video) { | |
168 | return createVideoAbuse({ | |
169 | baseAbuse, | |
170 | videoInstance, | |
171 | reporterAccount, | |
172 | transaction: t, | |
173 | startAt: body.video.startAt, | |
174 | endAt: body.video.endAt | |
175 | }) | |
176 | } | |
177 | ||
178 | if (body.comment) { | |
179 | return createVideoCommentAbuse({ | |
180 | baseAbuse, | |
181 | commentInstance, | |
182 | reporterAccount, | |
183 | transaction: t | |
184 | }) | |
185 | } | |
186 | ||
187 | // Account report | |
188 | return createAccountAbuse({ | |
189 | baseAbuse, | |
190 | accountInstance, | |
191 | reporterAccount, | |
192 | transaction: t | |
193 | }) | |
194 | }) | |
195 | ||
196 | return res.json({ abuse: { id } }) | |
197 | } | |
edbc9325 C |
198 | |
199 | async function listAbuseMessages (req: express.Request, res: express.Response) { | |
200 | const abuse = res.locals.abuse | |
201 | ||
202 | const resultList = await AbuseMessageModel.listForApi(abuse.id) | |
203 | ||
204 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
205 | } | |
206 | ||
207 | async function addAbuseMessage (req: express.Request, res: express.Response) { | |
208 | const abuse = res.locals.abuse | |
209 | const user = res.locals.oauth.token.user | |
210 | ||
211 | const abuseMessage = await AbuseMessageModel.create({ | |
212 | message: req.body.message, | |
213 | byModerator: abuse.reporterAccountId !== user.Account.id, | |
214 | accountId: user.Account.id, | |
215 | abuseId: abuse.id | |
216 | }) | |
217 | ||
218 | // TODO: Notification | |
219 | ||
220 | return res.json({ | |
221 | abuseMessage: { | |
222 | id: abuseMessage.id | |
223 | } | |
224 | }) | |
225 | } | |
226 | ||
227 | async function deleteAbuseMessage (req: express.Request, res: express.Response) { | |
228 | const abuseMessage = res.locals.abuseMessage | |
229 | ||
230 | await sequelizeTypescript.transaction(t => { | |
231 | return abuseMessage.destroy({ transaction: t }) | |
232 | }) | |
233 | ||
234 | return res.sendStatus(204) | |
235 | } |