]>
Commit | Line | Data |
---|---|---|
41fb13c3 | 1 | import express from 'express' |
d95d1559 C |
2 | import { body, param, query } from 'express-validator' |
3 | import { | |
7a4ea932 | 4 | areAbusePredefinedReasonsValid, |
57f6896f | 5 | isAbuseFilterValid, |
edbc9325 | 6 | isAbuseMessageValid, |
d95d1559 | 7 | isAbuseModerationCommentValid, |
d95d1559 C |
8 | isAbusePredefinedReasonValid, |
9 | isAbuseReasonValid, | |
10 | isAbuseStateValid, | |
11 | isAbuseTimestampCoherent, | |
12 | isAbuseTimestampValid, | |
13 | isAbuseVideoIsValid | |
14 | } from '@server/helpers/custom-validators/abuses' | |
d4a8e7a6 | 15 | import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' |
d95d1559 | 16 | import { logger } from '@server/helpers/logger' |
edbc9325 C |
17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
18 | import { AbuseCreate, UserRight } from '@shared/models' | |
c0e8b12e | 19 | import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' |
10363c74 | 20 | import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared' |
d95d1559 C |
21 | |
22 | const abuseReportValidator = [ | |
57f6896f C |
23 | body('account.id') |
24 | .optional() | |
396f6f01 | 25 | .custom(isIdValid), |
57f6896f C |
26 | |
27 | body('video.id') | |
28 | .optional() | |
d4a8e7a6 | 29 | .customSanitizer(toCompleteUUID) |
396f6f01 | 30 | .custom(isIdOrUUIDValid), |
57f6896f | 31 | body('video.startAt') |
d95d1559 C |
32 | .optional() |
33 | .customSanitizer(toIntOrNull) | |
396f6f01 | 34 | .custom(isAbuseTimestampValid), |
57f6896f | 35 | body('video.endAt') |
d95d1559 C |
36 | .optional() |
37 | .customSanitizer(toIntOrNull) | |
38 | .custom(isAbuseTimestampValid) | |
d95d1559 C |
39 | .bail() |
40 | .custom(isAbuseTimestampCoherent) | |
41 | .withMessage('Should have a startAt timestamp beginning before endAt'), | |
42 | ||
57f6896f C |
43 | body('comment.id') |
44 | .optional() | |
396f6f01 | 45 | .custom(isIdValid), |
57f6896f C |
46 | |
47 | body('reason') | |
396f6f01 | 48 | .custom(isAbuseReasonValid), |
57f6896f C |
49 | |
50 | body('predefinedReasons') | |
51 | .optional() | |
396f6f01 | 52 | .custom(areAbusePredefinedReasonsValid), |
57f6896f | 53 | |
d95d1559 | 54 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
d95d1559 | 55 | if (areValidationErrors(req, res)) return |
d95d1559 | 56 | |
57f6896f C |
57 | const body: AbuseCreate = req.body |
58 | ||
59 | if (body.video?.id && !await doesVideoExist(body.video.id, res)) return | |
60 | if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return | |
61 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return | |
62 | ||
63 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { | |
76148b27 | 64 | res.fail({ message: 'video id or account id or comment id is required.' }) |
57f6896f C |
65 | return |
66 | } | |
d95d1559 C |
67 | |
68 | return next() | |
69 | } | |
70 | ] | |
71 | ||
72 | const abuseGetValidator = [ | |
396f6f01 C |
73 | param('id') |
74 | .custom(isIdValid), | |
d95d1559 C |
75 | |
76 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d95d1559 | 77 | if (areValidationErrors(req, res)) return |
57f6896f | 78 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
79 | |
80 | return next() | |
81 | } | |
82 | ] | |
83 | ||
84 | const abuseUpdateValidator = [ | |
396f6f01 C |
85 | param('id') |
86 | .custom(isIdValid), | |
57f6896f | 87 | |
d95d1559 C |
88 | body('state') |
89 | .optional() | |
396f6f01 | 90 | .custom(isAbuseStateValid), |
d95d1559 C |
91 | body('moderationComment') |
92 | .optional() | |
396f6f01 | 93 | .custom(isAbuseModerationCommentValid), |
d95d1559 C |
94 | |
95 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d95d1559 | 96 | if (areValidationErrors(req, res)) return |
57f6896f | 97 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
98 | |
99 | return next() | |
100 | } | |
101 | ] | |
102 | ||
edbc9325 | 103 | const abuseListForAdminsValidator = [ |
d95d1559 C |
104 | query('id') |
105 | .optional() | |
396f6f01 | 106 | .custom(isIdValid), |
57f6896f C |
107 | query('filter') |
108 | .optional() | |
396f6f01 | 109 | .custom(isAbuseFilterValid), |
d95d1559 C |
110 | query('predefinedReason') |
111 | .optional() | |
396f6f01 | 112 | .custom(isAbusePredefinedReasonValid), |
d95d1559 C |
113 | query('search') |
114 | .optional() | |
396f6f01 | 115 | .custom(exists), |
d95d1559 C |
116 | query('state') |
117 | .optional() | |
396f6f01 | 118 | .custom(isAbuseStateValid), |
d95d1559 C |
119 | query('videoIs') |
120 | .optional() | |
396f6f01 | 121 | .custom(isAbuseVideoIsValid), |
d95d1559 C |
122 | query('searchReporter') |
123 | .optional() | |
396f6f01 | 124 | .custom(exists), |
d95d1559 C |
125 | query('searchReportee') |
126 | .optional() | |
396f6f01 | 127 | .custom(exists), |
d95d1559 C |
128 | query('searchVideo') |
129 | .optional() | |
396f6f01 | 130 | .custom(exists), |
d95d1559 C |
131 | query('searchVideoChannel') |
132 | .optional() | |
396f6f01 | 133 | .custom(exists), |
d95d1559 C |
134 | |
135 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
d95d1559 C |
136 | if (areValidationErrors(req, res)) return |
137 | ||
138 | return next() | |
139 | } | |
140 | ] | |
141 | ||
edbc9325 C |
142 | const abuseListForUserValidator = [ |
143 | query('id') | |
144 | .optional() | |
396f6f01 | 145 | .custom(isIdValid), |
edbc9325 C |
146 | |
147 | query('search') | |
148 | .optional() | |
396f6f01 | 149 | .custom(exists), |
edbc9325 C |
150 | |
151 | query('state') | |
152 | .optional() | |
396f6f01 | 153 | .custom(isAbuseStateValid), |
edbc9325 C |
154 | |
155 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 C |
156 | if (areValidationErrors(req, res)) return |
157 | ||
158 | return next() | |
159 | } | |
160 | ] | |
161 | ||
162 | const getAbuseValidator = [ | |
396f6f01 C |
163 | param('id') |
164 | .custom(isIdValid), | |
edbc9325 C |
165 | |
166 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 C |
167 | if (areValidationErrors(req, res)) return |
168 | if (!await doesAbuseExist(req.params.id, res)) return | |
169 | ||
170 | const user = res.locals.oauth.token.user | |
171 | const abuse = res.locals.abuse | |
172 | ||
173 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) { | |
174 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` | |
175 | logger.warn(message) | |
176 | ||
76148b27 RK |
177 | return res.fail({ |
178 | status: HttpStatusCode.FORBIDDEN_403, | |
179 | message | |
180 | }) | |
edbc9325 C |
181 | } |
182 | ||
183 | return next() | |
184 | } | |
185 | ] | |
186 | ||
94148c90 C |
187 | const checkAbuseValidForMessagesValidator = [ |
188 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
94148c90 C |
189 | const abuse = res.locals.abuse |
190 | if (abuse.ReporterAccount.isOwned() === false) { | |
76148b27 | 191 | return res.fail({ message: 'This abuse was created by a user of your instance.' }) |
94148c90 C |
192 | } |
193 | ||
194 | return next() | |
195 | } | |
196 | ] | |
197 | ||
edbc9325 | 198 | const addAbuseMessageValidator = [ |
396f6f01 C |
199 | body('message') |
200 | .custom(isAbuseMessageValid), | |
edbc9325 C |
201 | |
202 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 C |
203 | if (areValidationErrors(req, res)) return |
204 | ||
205 | return next() | |
206 | } | |
207 | ] | |
208 | ||
209 | const deleteAbuseMessageValidator = [ | |
396f6f01 C |
210 | param('messageId') |
211 | .custom(isIdValid), | |
edbc9325 C |
212 | |
213 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 C |
214 | if (areValidationErrors(req, res)) return |
215 | ||
216 | const user = res.locals.oauth.token.user | |
217 | const abuse = res.locals.abuse | |
218 | ||
219 | const messageId = parseInt(req.params.messageId + '', 10) | |
220 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) | |
221 | ||
222 | if (!abuseMessage) { | |
76148b27 RK |
223 | return res.fail({ |
224 | status: HttpStatusCode.NOT_FOUND_404, | |
225 | message: 'Abuse message not found' | |
226 | }) | |
edbc9325 C |
227 | } |
228 | ||
229 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { | |
76148b27 RK |
230 | return res.fail({ |
231 | status: HttpStatusCode.FORBIDDEN_403, | |
232 | message: 'Cannot delete this abuse message' | |
233 | }) | |
edbc9325 C |
234 | } |
235 | ||
236 | res.locals.abuseMessage = abuseMessage | |
237 | ||
238 | return next() | |
239 | } | |
240 | ] | |
241 | ||
d95d1559 C |
242 | // --------------------------------------------------------------------------- |
243 | ||
244 | export { | |
edbc9325 | 245 | abuseListForAdminsValidator, |
d95d1559 C |
246 | abuseReportValidator, |
247 | abuseGetValidator, | |
edbc9325 | 248 | addAbuseMessageValidator, |
94148c90 | 249 | checkAbuseValidForMessagesValidator, |
d95d1559 | 250 | abuseUpdateValidator, |
edbc9325 C |
251 | deleteAbuseMessageValidator, |
252 | abuseListForUserValidator, | |
7a4ea932 | 253 | getAbuseValidator |
d95d1559 | 254 | } |