]>
Commit | Line | Data |
---|---|---|
d95d1559 C |
1 | import * as express from 'express' |
2 | import { body, param, query } from 'express-validator' | |
3 | import { | |
7a4ea932 | 4 | areAbusePredefinedReasonsValid, |
57f6896f | 5 | isAbuseFilterValid, |
edbc9325 | 6 | isAbuseMessageValid, |
d95d1559 | 7 | isAbuseModerationCommentValid, |
d95d1559 C |
8 | isAbusePredefinedReasonValid, |
9 | isAbuseReasonValid, | |
10 | isAbuseStateValid, | |
11 | isAbuseTimestampCoherent, | |
12 | isAbuseTimestampValid, | |
13 | isAbuseVideoIsValid | |
14 | } from '@server/helpers/custom-validators/abuses' | |
15 | import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc' | |
16 | import { logger } from '@server/helpers/logger' | |
edbc9325 C |
17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
18 | import { AbuseCreate, UserRight } from '@shared/models' | |
2d53be02 | 19 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' |
10363c74 | 20 | import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared' |
d95d1559 C |
21 | |
22 | const abuseReportValidator = [ | |
57f6896f C |
23 | body('account.id') |
24 | .optional() | |
25 | .custom(isIdValid) | |
26 | .withMessage('Should have a valid accountId'), | |
27 | ||
28 | body('video.id') | |
29 | .optional() | |
d95d1559 | 30 | .custom(isIdOrUUIDValid) |
d95d1559 | 31 | .withMessage('Should have a valid videoId'), |
57f6896f | 32 | body('video.startAt') |
d95d1559 C |
33 | .optional() |
34 | .customSanitizer(toIntOrNull) | |
35 | .custom(isAbuseTimestampValid) | |
36 | .withMessage('Should have valid starting time value'), | |
57f6896f | 37 | body('video.endAt') |
d95d1559 C |
38 | .optional() |
39 | .customSanitizer(toIntOrNull) | |
40 | .custom(isAbuseTimestampValid) | |
41 | .withMessage('Should have valid ending time value') | |
42 | .bail() | |
43 | .custom(isAbuseTimestampCoherent) | |
44 | .withMessage('Should have a startAt timestamp beginning before endAt'), | |
45 | ||
57f6896f C |
46 | body('comment.id') |
47 | .optional() | |
48 | .custom(isIdValid) | |
49 | .withMessage('Should have a valid commentId'), | |
50 | ||
51 | body('reason') | |
52 | .custom(isAbuseReasonValid) | |
53 | .withMessage('Should have a valid reason'), | |
54 | ||
55 | body('predefinedReasons') | |
56 | .optional() | |
edbc9325 | 57 | .custom(areAbusePredefinedReasonsValid) |
57f6896f C |
58 | .withMessage('Should have a valid list of predefined reasons'), |
59 | ||
d95d1559 C |
60 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
61 | logger.debug('Checking abuseReport parameters', { parameters: req.body }) | |
62 | ||
63 | if (areValidationErrors(req, res)) return | |
d95d1559 | 64 | |
57f6896f C |
65 | const body: AbuseCreate = req.body |
66 | ||
67 | if (body.video?.id && !await doesVideoExist(body.video.id, res)) return | |
68 | if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return | |
69 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return | |
70 | ||
71 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { | |
76148b27 | 72 | res.fail({ message: 'video id or account id or comment id is required.' }) |
57f6896f C |
73 | return |
74 | } | |
d95d1559 C |
75 | |
76 | return next() | |
77 | } | |
78 | ] | |
79 | ||
80 | const abuseGetValidator = [ | |
d95d1559 C |
81 | param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), |
82 | ||
83 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
84 | logger.debug('Checking abuseGetValidator parameters', { parameters: req.body }) | |
85 | ||
86 | if (areValidationErrors(req, res)) return | |
57f6896f | 87 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
88 | |
89 | return next() | |
90 | } | |
91 | ] | |
92 | ||
93 | const abuseUpdateValidator = [ | |
d95d1559 | 94 | param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), |
57f6896f | 95 | |
d95d1559 C |
96 | body('state') |
97 | .optional() | |
57f6896f | 98 | .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), |
d95d1559 C |
99 | body('moderationComment') |
100 | .optional() | |
57f6896f | 101 | .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'), |
d95d1559 C |
102 | |
103 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
104 | logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body }) | |
105 | ||
106 | if (areValidationErrors(req, res)) return | |
57f6896f | 107 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
108 | |
109 | return next() | |
110 | } | |
111 | ] | |
112 | ||
edbc9325 | 113 | const abuseListForAdminsValidator = [ |
d95d1559 C |
114 | query('id') |
115 | .optional() | |
116 | .custom(isIdValid).withMessage('Should have a valid id'), | |
57f6896f C |
117 | query('filter') |
118 | .optional() | |
119 | .custom(isAbuseFilterValid) | |
120 | .withMessage('Should have a valid filter'), | |
d95d1559 C |
121 | query('predefinedReason') |
122 | .optional() | |
123 | .custom(isAbusePredefinedReasonValid) | |
124 | .withMessage('Should have a valid predefinedReason'), | |
125 | query('search') | |
126 | .optional() | |
127 | .custom(exists).withMessage('Should have a valid search'), | |
128 | query('state') | |
129 | .optional() | |
310b5219 | 130 | .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), |
d95d1559 C |
131 | query('videoIs') |
132 | .optional() | |
133 | .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'), | |
134 | query('searchReporter') | |
135 | .optional() | |
136 | .custom(exists).withMessage('Should have a valid reporter search'), | |
137 | query('searchReportee') | |
138 | .optional() | |
139 | .custom(exists).withMessage('Should have a valid reportee search'), | |
140 | query('searchVideo') | |
141 | .optional() | |
142 | .custom(exists).withMessage('Should have a valid video search'), | |
143 | query('searchVideoChannel') | |
144 | .optional() | |
145 | .custom(exists).withMessage('Should have a valid video channel search'), | |
146 | ||
147 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 | 148 | logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body }) |
d95d1559 C |
149 | |
150 | if (areValidationErrors(req, res)) return | |
151 | ||
152 | return next() | |
153 | } | |
154 | ] | |
155 | ||
edbc9325 C |
156 | const abuseListForUserValidator = [ |
157 | query('id') | |
158 | .optional() | |
159 | .custom(isIdValid).withMessage('Should have a valid id'), | |
160 | ||
161 | query('search') | |
162 | .optional() | |
163 | .custom(exists).withMessage('Should have a valid search'), | |
164 | ||
165 | query('state') | |
166 | .optional() | |
167 | .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'), | |
168 | ||
169 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
170 | logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body }) | |
171 | ||
172 | if (areValidationErrors(req, res)) return | |
173 | ||
174 | return next() | |
175 | } | |
176 | ] | |
177 | ||
178 | const getAbuseValidator = [ | |
179 | param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'), | |
180 | ||
181 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
182 | logger.debug('Checking getAbuseValidator parameters', { parameters: req.body }) | |
183 | ||
184 | if (areValidationErrors(req, res)) return | |
185 | if (!await doesAbuseExist(req.params.id, res)) return | |
186 | ||
187 | const user = res.locals.oauth.token.user | |
188 | const abuse = res.locals.abuse | |
189 | ||
190 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) { | |
191 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` | |
192 | logger.warn(message) | |
193 | ||
76148b27 RK |
194 | return res.fail({ |
195 | status: HttpStatusCode.FORBIDDEN_403, | |
196 | message | |
197 | }) | |
edbc9325 C |
198 | } |
199 | ||
200 | return next() | |
201 | } | |
202 | ] | |
203 | ||
94148c90 C |
204 | const checkAbuseValidForMessagesValidator = [ |
205 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
206 | logger.debug('Checking checkAbuseValidForMessagesValidator parameters', { parameters: req.body }) | |
207 | ||
208 | const abuse = res.locals.abuse | |
209 | if (abuse.ReporterAccount.isOwned() === false) { | |
76148b27 | 210 | return res.fail({ message: 'This abuse was created by a user of your instance.' }) |
94148c90 C |
211 | } |
212 | ||
213 | return next() | |
214 | } | |
215 | ] | |
216 | ||
edbc9325 C |
217 | const addAbuseMessageValidator = [ |
218 | body('message').custom(isAbuseMessageValid).not().isEmpty().withMessage('Should have a valid abuse message'), | |
219 | ||
220 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
221 | logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body }) | |
222 | ||
223 | if (areValidationErrors(req, res)) return | |
224 | ||
225 | return next() | |
226 | } | |
227 | ] | |
228 | ||
229 | const deleteAbuseMessageValidator = [ | |
230 | param('messageId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid message id'), | |
231 | ||
232 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
233 | logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body }) | |
234 | ||
235 | if (areValidationErrors(req, res)) return | |
236 | ||
237 | const user = res.locals.oauth.token.user | |
238 | const abuse = res.locals.abuse | |
239 | ||
240 | const messageId = parseInt(req.params.messageId + '', 10) | |
241 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) | |
242 | ||
243 | if (!abuseMessage) { | |
76148b27 RK |
244 | return res.fail({ |
245 | status: HttpStatusCode.NOT_FOUND_404, | |
246 | message: 'Abuse message not found' | |
247 | }) | |
edbc9325 C |
248 | } |
249 | ||
250 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { | |
76148b27 RK |
251 | return res.fail({ |
252 | status: HttpStatusCode.FORBIDDEN_403, | |
253 | message: 'Cannot delete this abuse message' | |
254 | }) | |
edbc9325 C |
255 | } |
256 | ||
257 | res.locals.abuseMessage = abuseMessage | |
258 | ||
259 | return next() | |
260 | } | |
261 | ] | |
262 | ||
d95d1559 C |
263 | // --------------------------------------------------------------------------- |
264 | ||
265 | export { | |
edbc9325 | 266 | abuseListForAdminsValidator, |
d95d1559 C |
267 | abuseReportValidator, |
268 | abuseGetValidator, | |
edbc9325 | 269 | addAbuseMessageValidator, |
94148c90 | 270 | checkAbuseValidForMessagesValidator, |
d95d1559 | 271 | abuseUpdateValidator, |
edbc9325 C |
272 | deleteAbuseMessageValidator, |
273 | abuseListForUserValidator, | |
7a4ea932 | 274 | getAbuseValidator |
d95d1559 | 275 | } |