[github/Chocobozzz/PeerTube.git] / server / controllers / api / videos / abuse.ts

import * as express from 'express'
import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects } from '../../../helpers/utils'
import { sequelizeTypescript } from '../../../initializers'
import { sendVideoAbuse } from '../../../lib/activitypub/send'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  videoAbuseGetValidator,
  videoAbuseReportValidator,
  videoAbusesSortValidator,
  videoAbuseUpdateValidator
} from '../../../middlewares'
import { AccountModel } from '../../../models/account/account'
import { VideoModel } from '../../../models/video/video'
import { VideoAbuseModel } from '../../../models/video/video-abuse'
import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'

const auditLogger = auditLoggerFactory('abuse')
const abuseVideoRouter = express.Router()

abuseVideoRouter.get('/abuse',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  paginationValidator,
  videoAbusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listVideoAbuses)
)
abuseVideoRouter.put('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateVideoAbuse)
)
abuseVideoRouter.post('/:videoId/abuse',
  authenticate,
  asyncMiddleware(videoAbuseReportValidator),
  asyncRetryTransactionMiddleware(reportVideoAbuse)
)
abuseVideoRouter.delete('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseGetValidator),
  asyncRetryTransactionMiddleware(deleteVideoAbuse)
)

// ---------------------------------------------------------------------------

export {
  abuseVideoRouter
}

// ---------------------------------------------------------------------------

async function listVideoAbuses (req: express.Request, res: express.Response) {
  const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function updateVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse

  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) videoAbuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.save({ transaction: t })
  })

  // Do not send the delete to other instances, we updated OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.video as VideoModel
  const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
  const body: VideoAbuseCreate = req.body

  const abuseToCreate = {
    reporterAccountId: reporterAccount.id,
    reason: body.reason,
    videoId: videoInstance.id,
    state: VideoAbuseState.PENDING
  }

  const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
    const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
    videoAbuseInstance.Video = videoInstance
    videoAbuseInstance.Account = reporterAccount

    // We send the video abuse to the origin server
    if (videoInstance.isOwned() === false) {
      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
    }

    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))

    return videoAbuseInstance
  })

  logger.info('Abuse report for video %s created.', videoInstance.name)
  return res.json({
    videoAbuse: videoAbuse.toFormattedJSON()
  }).end()
}
Commit	Line	Data
4d4e5cd4	1	import * as express from 'express'
268eebed	2	import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
da854ddd C	3	import { logger } from '../../../helpers/logger'
da854ddd C	4	import { getFormattedObjects } from '../../../helpers/utils'
3fd3ab2d	5	import { sequelizeTypescript } from '../../../initializers'
50d6de9c	6	import { sendVideoAbuse } from '../../../lib/activitypub/send'
65fcc311	7	import {
90d4bb81 C	8	asyncMiddleware,
	9	asyncRetryTransactionMiddleware,
	10	authenticate,
	11	ensureUserHasRight,
	12	paginationValidator,
	13	setDefaultPagination,
	14	setDefaultSort,
268eebed	15	videoAbuseGetValidator,
90d4bb81	16	videoAbuseReportValidator,
268eebed C	17	videoAbusesSortValidator,
268eebed C	18	videoAbuseUpdateValidator
65fcc311	19	} from '../../../middlewares'
3fd3ab2d C	20	import { AccountModel } from '../../../models/account/account'
	21	import { VideoModel } from '../../../models/video/video'
	22	import { VideoAbuseModel } from '../../../models/video/video-abuse'
80e36cd9	23	import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
65fcc311	24
80e36cd9	25	const auditLogger = auditLoggerFactory('abuse')
65fcc311 C	26	const abuseVideoRouter = express.Router()
	27
	28	abuseVideoRouter.get('/abuse',
	29	authenticate,
954605a8	30	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
65fcc311 C	31	paginationValidator,
65fcc311 C	32	videoAbusesSortValidator,
1174a847	33	setDefaultSort,
f05a1c30	34	setDefaultPagination,
eb080476	35	asyncMiddleware(listVideoAbuses)
d33242b0	36	)
268eebed C	37	abuseVideoRouter.put('/:videoId/abuse/:id',
	38	authenticate,
	39	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	40	asyncMiddleware(videoAbuseUpdateValidator),
	41	asyncRetryTransactionMiddleware(updateVideoAbuse)
	42	)
	43	abuseVideoRouter.post('/:videoId/abuse',
65fcc311	44	authenticate,
a2431b7d	45	asyncMiddleware(videoAbuseReportValidator),
90d4bb81	46	asyncRetryTransactionMiddleware(reportVideoAbuse)
d33242b0	47	)
268eebed C	48	abuseVideoRouter.delete('/:videoId/abuse/:id',
	49	authenticate,
	50	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	51	asyncMiddleware(videoAbuseGetValidator),
	52	asyncRetryTransactionMiddleware(deleteVideoAbuse)
	53	)
d33242b0 C	54
	55	// ---------------------------------------------------------------------------
	56
65fcc311 C	57	export {
	58	abuseVideoRouter
	59	}
d33242b0 C	60
	61	// ---------------------------------------------------------------------------
	62
268eebed	63	async function listVideoAbuses (req: express.Request, res: express.Response) {
3fd3ab2d	64	const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
eb080476 C	65
eb080476 C	66	return res.json(getFormattedObjects(resultList.data, resultList.total))
d33242b0 C	67	}
d33242b0 C	68
268eebed C	69	async function updateVideoAbuse (req: express.Request, res: express.Response) {
	70	const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
	71
	72	if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
	73	if (req.body.state !== undefined) videoAbuse.state = req.body.state
	74
	75	await sequelizeTypescript.transaction(t => {
	76	return videoAbuse.save({ transaction: t })
	77	})
	78
	79	// Do not send the delete to other instances, we updated OUR copy of this video abuse
	80
	81	return res.type('json').status(204).end()
	82	}
	83
	84	async function deleteVideoAbuse (req: express.Request, res: express.Response) {
	85	const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
	86
	87	await sequelizeTypescript.transaction(t => {
	88	return videoAbuse.destroy({ transaction: t })
	89	})
	90
	91	// Do not send the delete to other instances, we delete OUR copy of this video abuse
	92
	93	return res.type('json').status(204).end()
	94	}
	95
eb080476	96	async function reportVideoAbuse (req: express.Request, res: express.Response) {
3fd3ab2d C	97	const videoInstance = res.locals.video as VideoModel
3fd3ab2d C	98	const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
4771e000	99	const body: VideoAbuseCreate = req.body
d33242b0	100
eb080476	101	const abuseToCreate = {
8e13fa7d	102	reporterAccountId: reporterAccount.id,
4771e000	103	reason: body.reason,
268eebed C	104	videoId: videoInstance.id,
268eebed C	105	state: VideoAbuseState.PENDING
d33242b0 C	106	}
d33242b0 C	107
268eebed	108	const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
3fd3ab2d	109	const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
21e0727a	110	videoAbuseInstance.Video = videoInstance
80e36cd9	111	videoAbuseInstance.Account = reporterAccount
8e13fa7d C	112
8e13fa7d C	113	// We send the video abuse to the origin server
eb080476	114	if (videoInstance.isOwned() === false) {
50d6de9c	115	await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
eb080476	116	}
eb080476	117
80e36cd9	118	auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
268eebed C	119
268eebed C	120	return videoAbuseInstance
80e36cd9	121	})
90d4bb81	122
268eebed C	123	logger.info('Abuse report for video %s created.', videoInstance.name)
	124	return res.json({
	125	videoAbuse: videoAbuse.toFormattedJSON()
	126	}).end()
d33242b0	127	}