[github/Chocobozzz/PeerTube.git] / server / controllers / api / videos / abuse.ts

import * as express from 'express'
import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse, videoAbusePredefinedReasonsMap } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects } from '../../../helpers/utils'
import { sequelizeTypescript } from '../../../initializers/database'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  videoAbuseGetValidator,
  videoAbuseReportValidator,
  videoAbusesSortValidator,
  videoAbuseUpdateValidator,
  videoAbuseListValidator
} from '../../../middlewares'
import { AccountModel } from '../../../models/account/account'
import { VideoAbuseModel } from '../../../models/video/video-abuse'
import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
import { Notifier } from '../../../lib/notifier'
import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
import { MVideoAbuseAccountVideo } from '../../../types/models/video'
import { getServerActor } from '@server/models/application/application'
import { MAccountDefault } from '@server/types/models'

const auditLogger = auditLoggerFactory('abuse')
const abuseVideoRouter = express.Router()

abuseVideoRouter.get('/abuse',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  paginationValidator,
  videoAbusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  videoAbuseListValidator,
  asyncMiddleware(listVideoAbuses)
)
abuseVideoRouter.put('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateVideoAbuse)
)
abuseVideoRouter.post('/:videoId/abuse',
  authenticate,
  asyncMiddleware(videoAbuseReportValidator),
  asyncRetryTransactionMiddleware(reportVideoAbuse)
)
abuseVideoRouter.delete('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseGetValidator),
  asyncRetryTransactionMiddleware(deleteVideoAbuse)
)

// ---------------------------------------------------------------------------

export {
  abuseVideoRouter
}

// ---------------------------------------------------------------------------

async function listVideoAbuses (req: express.Request, res: express.Response) {
  const user = res.locals.oauth.token.user
  const serverActor = await getServerActor()

  const resultList = await VideoAbuseModel.listForApi({
    start: req.query.start,
    count: req.query.count,
    sort: req.query.sort,
    id: req.query.id,
    predefinedReason: req.query.predefinedReason,
    search: req.query.search,
    state: req.query.state,
    videoIs: req.query.videoIs,
    searchReporter: req.query.searchReporter,
    searchReportee: req.query.searchReportee,
    searchVideo: req.query.searchVideo,
    searchVideoChannel: req.query.searchVideoChannel,
    serverAccountId: serverActor.Account.id,
    user
  })

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function updateVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) videoAbuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.save({ transaction: t })
  })

  // Do not send the delete to other instances, we updated OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.videoAll
  const body: VideoAbuseCreate = req.body
  let reporterAccount: MAccountDefault
  let videoAbuseJSON: VideoAbuse

  const videoAbuseInstance = await sequelizeTypescript.transaction(async t => {
    reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
    const predefinedReasons = body.predefinedReasons?.map(r => videoAbusePredefinedReasonsMap[r])

    const abuseToCreate = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      videoId: videoInstance.id,
      state: VideoAbuseState.PENDING,
      predefinedReasons,
      startAt: body.startAt,
      endAt: body.endAt
    }

    const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
    videoAbuseInstance.Video = videoInstance
    videoAbuseInstance.Account = reporterAccount

    // We send the video abuse to the origin server
    if (videoInstance.isOwned() === false) {
      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
    }

    videoAbuseJSON = videoAbuseInstance.toFormattedJSON()
    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON))

    return videoAbuseInstance
  })

  Notifier.Instance.notifyOnNewVideoAbuse({
    videoAbuse: videoAbuseJSON,
    videoAbuseInstance,
    reporter: reporterAccount.Actor.getIdentifier()
  })

  logger.info('Abuse report for video "%s" created.', videoInstance.name)

  return res.json({ videoAbuse: videoAbuseJSON }).end()
}
Commit	Line	Data
4d4e5cd4	1	import * as express from 'express'
1ebddadd	2	import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse, videoAbusePredefinedReasonsMap } from '../../../../shared'
da854ddd	3	import { logger } from '../../../helpers/logger'
8dc8a34e	4	import { getFormattedObjects } from '../../../helpers/utils'
80fdaf06	5	import { sequelizeTypescript } from '../../../initializers/database'
65fcc311	6	import {
90d4bb81 C	7	asyncMiddleware,
	8	asyncRetryTransactionMiddleware,
	9	authenticate,
	10	ensureUserHasRight,
	11	paginationValidator,
	12	setDefaultPagination,
	13	setDefaultSort,
268eebed	14	videoAbuseGetValidator,
90d4bb81	15	videoAbuseReportValidator,
268eebed	16	videoAbusesSortValidator,
feb34f6b C	17	videoAbuseUpdateValidator,
feb34f6b C	18	videoAbuseListValidator
65fcc311	19	} from '../../../middlewares'
3fd3ab2d	20	import { AccountModel } from '../../../models/account/account'
3fd3ab2d	21	import { VideoAbuseModel } from '../../../models/video/video-abuse'
80e36cd9	22	import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
cef534ed	23	import { Notifier } from '../../../lib/notifier'
1e7eb25f	24	import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
26d6bf65	25	import { MVideoAbuseAccountVideo } from '../../../types/models/video'
8dc8a34e	26	import { getServerActor } from '@server/models/application/application'
26d6bf65	27	import { MAccountDefault } from '@server/types/models'
65fcc311	28
80e36cd9	29	const auditLogger = auditLoggerFactory('abuse')
65fcc311 C	30	const abuseVideoRouter = express.Router()
	31
	32	abuseVideoRouter.get('/abuse',
	33	authenticate,
954605a8	34	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
65fcc311 C	35	paginationValidator,
65fcc311 C	36	videoAbusesSortValidator,
1174a847	37	setDefaultSort,
f05a1c30	38	setDefaultPagination,
feb34f6b	39	videoAbuseListValidator,
eb080476	40	asyncMiddleware(listVideoAbuses)
d33242b0	41	)
268eebed C	42	abuseVideoRouter.put('/:videoId/abuse/:id',
	43	authenticate,
	44	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	45	asyncMiddleware(videoAbuseUpdateValidator),
	46	asyncRetryTransactionMiddleware(updateVideoAbuse)
	47	)
	48	abuseVideoRouter.post('/:videoId/abuse',
65fcc311	49	authenticate,
a2431b7d	50	asyncMiddleware(videoAbuseReportValidator),
90d4bb81	51	asyncRetryTransactionMiddleware(reportVideoAbuse)
d33242b0	52	)
268eebed C	53	abuseVideoRouter.delete('/:videoId/abuse/:id',
	54	authenticate,
	55	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	56	asyncMiddleware(videoAbuseGetValidator),
	57	asyncRetryTransactionMiddleware(deleteVideoAbuse)
	58	)
d33242b0 C	59
	60	// ---------------------------------------------------------------------------
	61
65fcc311 C	62	export {
	63	abuseVideoRouter
	64	}
d33242b0 C	65
	66	// ---------------------------------------------------------------------------
	67
268eebed	68	async function listVideoAbuses (req: express.Request, res: express.Response) {
f0a47bc9 C	69	const user = res.locals.oauth.token.user
	70	const serverActor = await getServerActor()
	71
	72	const resultList = await VideoAbuseModel.listForApi({
	73	start: req.query.start,
	74	count: req.query.count,
	75	sort: req.query.sort,
feb34f6b	76	id: req.query.id,
1ebddadd	77	predefinedReason: req.query.predefinedReason,
844db39e	78	search: req.query.search,
feb34f6b C	79	state: req.query.state,
	80	videoIs: req.query.videoIs,
	81	searchReporter: req.query.searchReporter,
	82	searchReportee: req.query.searchReportee,
	83	searchVideo: req.query.searchVideo,
	84	searchVideoChannel: req.query.searchVideoChannel,
f0a47bc9 C	85	serverAccountId: serverActor.Account.id,
	86	user
	87	})
eb080476 C	88
eb080476 C	89	return res.json(getFormattedObjects(resultList.data, resultList.total))
d33242b0 C	90	}
d33242b0 C	91
268eebed	92	async function updateVideoAbuse (req: express.Request, res: express.Response) {
dae86118	93	const videoAbuse = res.locals.videoAbuse
268eebed C	94
	95	if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
	96	if (req.body.state !== undefined) videoAbuse.state = req.body.state
	97
	98	await sequelizeTypescript.transaction(t => {
	99	return videoAbuse.save({ transaction: t })
	100	})
	101
	102	// Do not send the delete to other instances, we updated OUR copy of this video abuse
	103
	104	return res.type('json').status(204).end()
	105	}
	106
	107	async function deleteVideoAbuse (req: express.Request, res: express.Response) {
dae86118	108	const videoAbuse = res.locals.videoAbuse
268eebed C	109
	110	await sequelizeTypescript.transaction(t => {
	111	return videoAbuse.destroy({ transaction: t })
	112	})
	113
	114	// Do not send the delete to other instances, we delete OUR copy of this video abuse
	115
	116	return res.type('json').status(204).end()
	117	}
	118
eb080476	119	async function reportVideoAbuse (req: express.Request, res: express.Response) {
453e83ea	120	const videoInstance = res.locals.videoAll
4771e000	121	const body: VideoAbuseCreate = req.body
df4c603d RK	122	let reporterAccount: MAccountDefault
df4c603d RK	123	let videoAbuseJSON: VideoAbuse
d33242b0	124
df4c603d RK	125	const videoAbuseInstance = await sequelizeTypescript.transaction(async t => {
df4c603d RK	126	reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
1ebddadd	127	const predefinedReasons = body.predefinedReasons?.map(r => videoAbusePredefinedReasonsMap[r])
91411dba C	128
	129	const abuseToCreate = {
	130	reporterAccountId: reporterAccount.id,
	131	reason: body.reason,
	132	videoId: videoInstance.id,
1ebddadd RK	133	state: VideoAbuseState.PENDING,
	134	predefinedReasons,
	135	startAt: body.startAt,
	136	endAt: body.endAt
91411dba C	137	}
91411dba C	138
453e83ea	139	const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
21e0727a	140	videoAbuseInstance.Video = videoInstance
80e36cd9	141	videoAbuseInstance.Account = reporterAccount
8e13fa7d C	142
8e13fa7d C	143	// We send the video abuse to the origin server
eb080476	144	if (videoInstance.isOwned() === false) {
2284f202	145	await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
eb080476	146	}
eb080476	147
df4c603d RK	148	videoAbuseJSON = videoAbuseInstance.toFormattedJSON()
df4c603d RK	149	auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON))
268eebed C	150
268eebed C	151	return videoAbuseInstance
80e36cd9	152	})
90d4bb81	153
df4c603d RK	154	Notifier.Instance.notifyOnNewVideoAbuse({
	155	videoAbuse: videoAbuseJSON,
	156	videoAbuseInstance,
	157	reporter: reporterAccount.Actor.getIdentifier()
	158	})
2284f202	159
1ebddadd	160	logger.info('Abuse report for video "%s" created.', videoInstance.name)
91411dba	161
1d26d05f	162	return res.json({ videoAbuse: videoAbuseJSON }).end()
d33242b0	163	}