[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts

import * as express from 'express'
import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
import { AbuseModel } from '@server/models/abuse/abuse'
import { getServerActor } from '@server/models/application/application'
import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
import { getFormattedObjects } from '../../helpers/utils'
import { sequelizeTypescript } from '../../initializers/database'
import {
  abuseGetValidator,
  abuseListValidator,
  abuseReportValidator,
  abusesSortValidator,
  abuseUpdateValidator,
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort
} from '../../middlewares'
import { AccountModel } from '../../models/account/account'

const abuseRouter = express.Router()

abuseRouter.get('/',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  paginationValidator,
  abusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  abuseListValidator,
  asyncMiddleware(listAbuses)
)
abuseRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateAbuse)
)
abuseRouter.post('/',
  authenticate,
  asyncMiddleware(abuseReportValidator),
  asyncRetryTransactionMiddleware(reportAbuse)
)
abuseRouter.delete('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_ABUSES),
  asyncMiddleware(abuseGetValidator),
  asyncRetryTransactionMiddleware(deleteAbuse)
)

// ---------------------------------------------------------------------------

export {
  abuseRouter,

  // FIXME: deprecated in 2.3. Remove these exports
  listAbuses,
  updateAbuse,
  deleteAbuse,
  reportAbuse
}

// ---------------------------------------------------------------------------

async function listAbuses (req: express.Request, res: express.Response) {
  const user = res.locals.oauth.token.user
  const serverActor = await getServerActor()

  const resultList = await AbuseModel.listForApi({
    start: req.query.start,
    count: req.query.count,
    sort: req.query.sort,
    id: req.query.id,
    filter: req.query.filter,
    predefinedReason: req.query.predefinedReason,
    search: req.query.search,
    state: req.query.state,
    videoIs: req.query.videoIs,
    searchReporter: req.query.searchReporter,
    searchReportee: req.query.searchReportee,
    searchVideo: req.query.searchVideo,
    searchVideoChannel: req.query.searchVideoChannel,
    serverAccountId: serverActor.Account.id,
    user
  })

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function updateAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) abuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return abuse.save({ transaction: t })
  })

  // Do not send the delete to other instances, we updated OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function deleteAbuse (req: express.Request, res: express.Response) {
  const abuse = res.locals.abuse

  await sequelizeTypescript.transaction(t => {
    return abuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function reportAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.videoAll
  const commentInstance = res.locals.videoCommentFull
  const accountInstance = res.locals.account

  const body: AbuseCreate = req.body

  const { id } = await sequelizeTypescript.transaction(async t => {
    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
    const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])

    const baseAbuse = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      state: AbuseState.PENDING,
      predefinedReasons
    }

    if (body.video) {
      return createVideoAbuse({
        baseAbuse,
        videoInstance,
        reporterAccount,
        transaction: t,
        startAt: body.video.startAt,
        endAt: body.video.endAt
      })
    }

    if (body.comment) {
      return createVideoCommentAbuse({
        baseAbuse,
        commentInstance,
        reporterAccount,
        transaction: t
      })
    }

    // Account report
    return createAccountAbuse({
      baseAbuse,
      accountInstance,
      reporterAccount,
      transaction: t
    })
  })

  return res.json({ abuse: { id } })
}
Commit	Line	Data
d95d1559 C	1	import * as express from 'express'
	2	import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
	3	import { AbuseModel } from '@server/models/abuse/abuse'
	4	import { getServerActor } from '@server/models/application/application'
	5	import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
	6	import { getFormattedObjects } from '../../helpers/utils'
	7	import { sequelizeTypescript } from '../../initializers/database'
	8	import {
	9	abuseGetValidator,
	10	abuseListValidator,
	11	abuseReportValidator,
	12	abusesSortValidator,
	13	abuseUpdateValidator,
	14	asyncMiddleware,
	15	asyncRetryTransactionMiddleware,
	16	authenticate,
	17	ensureUserHasRight,
	18	paginationValidator,
	19	setDefaultPagination,
	20	setDefaultSort
	21	} from '../../middlewares'
	22	import { AccountModel } from '../../models/account/account'
	23
	24	const abuseRouter = express.Router()
	25
57f6896f	26	abuseRouter.get('/',
d95d1559 C	27	authenticate,
	28	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	29	paginationValidator,
	30	abusesSortValidator,
	31	setDefaultSort,
	32	setDefaultPagination,
	33	abuseListValidator,
	34	asyncMiddleware(listAbuses)
	35	)
57f6896f	36	abuseRouter.put('/:id',
d95d1559 C	37	authenticate,
	38	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	39	asyncMiddleware(abuseUpdateValidator),
	40	asyncRetryTransactionMiddleware(updateAbuse)
	41	)
57f6896f	42	abuseRouter.post('/',
d95d1559 C	43	authenticate,
	44	asyncMiddleware(abuseReportValidator),
	45	asyncRetryTransactionMiddleware(reportAbuse)
	46	)
57f6896f	47	abuseRouter.delete('/:id',
d95d1559 C	48	authenticate,
	49	ensureUserHasRight(UserRight.MANAGE_ABUSES),
	50	asyncMiddleware(abuseGetValidator),
	51	asyncRetryTransactionMiddleware(deleteAbuse)
	52	)
	53
	54	// ---------------------------------------------------------------------------
	55
	56	export {
	57	abuseRouter,
	58
	59	// FIXME: deprecated in 2.3. Remove these exports
	60	listAbuses,
	61	updateAbuse,
	62	deleteAbuse,
	63	reportAbuse
	64	}
	65
	66	// ---------------------------------------------------------------------------
	67
	68	async function listAbuses (req: express.Request, res: express.Response) {
	69	const user = res.locals.oauth.token.user
	70	const serverActor = await getServerActor()
	71
	72	const resultList = await AbuseModel.listForApi({
	73	start: req.query.start,
	74	count: req.query.count,
	75	sort: req.query.sort,
	76	id: req.query.id,
57f6896f	77	filter: req.query.filter,
d95d1559 C	78	predefinedReason: req.query.predefinedReason,
	79	search: req.query.search,
	80	state: req.query.state,
	81	videoIs: req.query.videoIs,
	82	searchReporter: req.query.searchReporter,
	83	searchReportee: req.query.searchReportee,
	84	searchVideo: req.query.searchVideo,
	85	searchVideoChannel: req.query.searchVideoChannel,
	86	serverAccountId: serverActor.Account.id,
	87	user
	88	})
	89
	90	return res.json(getFormattedObjects(resultList.data, resultList.total))
	91	}
	92
	93	async function updateAbuse (req: express.Request, res: express.Response) {
	94	const abuse = res.locals.abuse
	95
	96	if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
	97	if (req.body.state !== undefined) abuse.state = req.body.state
	98
	99	await sequelizeTypescript.transaction(t => {
	100	return abuse.save({ transaction: t })
	101	})
	102
	103	// Do not send the delete to other instances, we updated OUR copy of this video abuse
	104
	105	return res.type('json').status(204).end()
	106	}
	107
	108	async function deleteAbuse (req: express.Request, res: express.Response) {
	109	const abuse = res.locals.abuse
	110
	111	await sequelizeTypescript.transaction(t => {
	112	return abuse.destroy({ transaction: t })
	113	})
	114
	115	// Do not send the delete to other instances, we delete OUR copy of this video abuse
	116
	117	return res.type('json').status(204).end()
	118	}
	119
	120	async function reportAbuse (req: express.Request, res: express.Response) {
	121	const videoInstance = res.locals.videoAll
	122	const commentInstance = res.locals.videoCommentFull
	123	const accountInstance = res.locals.account
	124
	125	const body: AbuseCreate = req.body
	126
	127	const { id } = await sequelizeTypescript.transaction(async t => {
	128	const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
	129	const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
	130
	131	const baseAbuse = {
	132	reporterAccountId: reporterAccount.id,
	133	reason: body.reason,
	134	state: AbuseState.PENDING,
	135	predefinedReasons
	136	}
	137
	138	if (body.video) {
	139	return createVideoAbuse({
	140	baseAbuse,
	141	videoInstance,
142	reporterAccount,
143	transaction: t,
144	startAt: body.video.startAt,
145	endAt: body.video.endAt
146	})
147	}
148
149	if (body.comment) {
150	return createVideoCommentAbuse({
151	baseAbuse,
152	commentInstance,
153	reporterAccount,
154	transaction: t
155	})
156	}
157
158	// Account report
159	return createAccountAbuse({
160	baseAbuse,
161	accountInstance,
162	reporterAccount,
163	transaction: t
164	})
165	})
166
167	return res.json({ abuse: { id } })
168	}