]>
Commit | Line | Data |
---|---|---|
41fb13c3 | 1 | import express from 'express' |
d95d1559 C |
2 | import { body, param, query } from 'express-validator' |
3 | import { | |
7a4ea932 | 4 | areAbusePredefinedReasonsValid, |
57f6896f | 5 | isAbuseFilterValid, |
edbc9325 | 6 | isAbuseMessageValid, |
d95d1559 | 7 | isAbuseModerationCommentValid, |
d95d1559 C |
8 | isAbusePredefinedReasonValid, |
9 | isAbuseReasonValid, | |
10 | isAbuseStateValid, | |
11 | isAbuseTimestampCoherent, | |
12 | isAbuseTimestampValid, | |
13 | isAbuseVideoIsValid | |
14 | } from '@server/helpers/custom-validators/abuses' | |
d4a8e7a6 | 15 | import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc' |
d95d1559 | 16 | import { logger } from '@server/helpers/logger' |
edbc9325 C |
17 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' |
18 | import { AbuseCreate, UserRight } from '@shared/models' | |
c0e8b12e | 19 | import { HttpStatusCode } from '../../../shared/models/http/http-error-codes' |
10363c74 | 20 | import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared' |
d95d1559 C |
21 | |
22 | const abuseReportValidator = [ | |
57f6896f C |
23 | body('account.id') |
24 | .optional() | |
396f6f01 | 25 | .custom(isIdValid), |
57f6896f C |
26 | |
27 | body('video.id') | |
28 | .optional() | |
d4a8e7a6 | 29 | .customSanitizer(toCompleteUUID) |
396f6f01 | 30 | .custom(isIdOrUUIDValid), |
57f6896f | 31 | body('video.startAt') |
d95d1559 C |
32 | .optional() |
33 | .customSanitizer(toIntOrNull) | |
396f6f01 | 34 | .custom(isAbuseTimestampValid), |
57f6896f | 35 | body('video.endAt') |
d95d1559 C |
36 | .optional() |
37 | .customSanitizer(toIntOrNull) | |
38 | .custom(isAbuseTimestampValid) | |
d95d1559 C |
39 | .bail() |
40 | .custom(isAbuseTimestampCoherent) | |
41 | .withMessage('Should have a startAt timestamp beginning before endAt'), | |
42 | ||
57f6896f C |
43 | body('comment.id') |
44 | .optional() | |
396f6f01 | 45 | .custom(isIdValid), |
57f6896f C |
46 | |
47 | body('reason') | |
396f6f01 | 48 | .custom(isAbuseReasonValid), |
57f6896f C |
49 | |
50 | body('predefinedReasons') | |
51 | .optional() | |
396f6f01 | 52 | .custom(areAbusePredefinedReasonsValid), |
57f6896f | 53 | |
d95d1559 C |
54 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
55 | logger.debug('Checking abuseReport parameters', { parameters: req.body }) | |
56 | ||
57 | if (areValidationErrors(req, res)) return | |
d95d1559 | 58 | |
57f6896f C |
59 | const body: AbuseCreate = req.body |
60 | ||
61 | if (body.video?.id && !await doesVideoExist(body.video.id, res)) return | |
62 | if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return | |
63 | if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return | |
64 | ||
65 | if (!body.video?.id && !body.account?.id && !body.comment?.id) { | |
76148b27 | 66 | res.fail({ message: 'video id or account id or comment id is required.' }) |
57f6896f C |
67 | return |
68 | } | |
d95d1559 C |
69 | |
70 | return next() | |
71 | } | |
72 | ] | |
73 | ||
74 | const abuseGetValidator = [ | |
396f6f01 C |
75 | param('id') |
76 | .custom(isIdValid), | |
d95d1559 C |
77 | |
78 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
79 | logger.debug('Checking abuseGetValidator parameters', { parameters: req.body }) | |
80 | ||
81 | if (areValidationErrors(req, res)) return | |
57f6896f | 82 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
83 | |
84 | return next() | |
85 | } | |
86 | ] | |
87 | ||
88 | const abuseUpdateValidator = [ | |
396f6f01 C |
89 | param('id') |
90 | .custom(isIdValid), | |
57f6896f | 91 | |
d95d1559 C |
92 | body('state') |
93 | .optional() | |
396f6f01 | 94 | .custom(isAbuseStateValid), |
d95d1559 C |
95 | body('moderationComment') |
96 | .optional() | |
396f6f01 | 97 | .custom(isAbuseModerationCommentValid), |
d95d1559 C |
98 | |
99 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
100 | logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body }) | |
101 | ||
102 | if (areValidationErrors(req, res)) return | |
57f6896f | 103 | if (!await doesAbuseExist(req.params.id, res)) return |
d95d1559 C |
104 | |
105 | return next() | |
106 | } | |
107 | ] | |
108 | ||
edbc9325 | 109 | const abuseListForAdminsValidator = [ |
d95d1559 C |
110 | query('id') |
111 | .optional() | |
396f6f01 | 112 | .custom(isIdValid), |
57f6896f C |
113 | query('filter') |
114 | .optional() | |
396f6f01 | 115 | .custom(isAbuseFilterValid), |
d95d1559 C |
116 | query('predefinedReason') |
117 | .optional() | |
396f6f01 | 118 | .custom(isAbusePredefinedReasonValid), |
d95d1559 C |
119 | query('search') |
120 | .optional() | |
396f6f01 | 121 | .custom(exists), |
d95d1559 C |
122 | query('state') |
123 | .optional() | |
396f6f01 | 124 | .custom(isAbuseStateValid), |
d95d1559 C |
125 | query('videoIs') |
126 | .optional() | |
396f6f01 | 127 | .custom(isAbuseVideoIsValid), |
d95d1559 C |
128 | query('searchReporter') |
129 | .optional() | |
396f6f01 | 130 | .custom(exists), |
d95d1559 C |
131 | query('searchReportee') |
132 | .optional() | |
396f6f01 | 133 | .custom(exists), |
d95d1559 C |
134 | query('searchVideo') |
135 | .optional() | |
396f6f01 | 136 | .custom(exists), |
d95d1559 C |
137 | query('searchVideoChannel') |
138 | .optional() | |
396f6f01 | 139 | .custom(exists), |
d95d1559 C |
140 | |
141 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
edbc9325 | 142 | logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body }) |
d95d1559 C |
143 | |
144 | if (areValidationErrors(req, res)) return | |
145 | ||
146 | return next() | |
147 | } | |
148 | ] | |
149 | ||
edbc9325 C |
150 | const abuseListForUserValidator = [ |
151 | query('id') | |
152 | .optional() | |
396f6f01 | 153 | .custom(isIdValid), |
edbc9325 C |
154 | |
155 | query('search') | |
156 | .optional() | |
396f6f01 | 157 | .custom(exists), |
edbc9325 C |
158 | |
159 | query('state') | |
160 | .optional() | |
396f6f01 | 161 | .custom(isAbuseStateValid), |
edbc9325 C |
162 | |
163 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
164 | logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body }) | |
165 | ||
166 | if (areValidationErrors(req, res)) return | |
167 | ||
168 | return next() | |
169 | } | |
170 | ] | |
171 | ||
172 | const getAbuseValidator = [ | |
396f6f01 C |
173 | param('id') |
174 | .custom(isIdValid), | |
edbc9325 C |
175 | |
176 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
177 | logger.debug('Checking getAbuseValidator parameters', { parameters: req.body }) | |
178 | ||
179 | if (areValidationErrors(req, res)) return | |
180 | if (!await doesAbuseExist(req.params.id, res)) return | |
181 | ||
182 | const user = res.locals.oauth.token.user | |
183 | const abuse = res.locals.abuse | |
184 | ||
185 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) { | |
186 | const message = `User ${user.username} does not have right to get abuse ${abuse.id}` | |
187 | logger.warn(message) | |
188 | ||
76148b27 RK |
189 | return res.fail({ |
190 | status: HttpStatusCode.FORBIDDEN_403, | |
191 | message | |
192 | }) | |
edbc9325 C |
193 | } |
194 | ||
195 | return next() | |
196 | } | |
197 | ] | |
198 | ||
94148c90 C |
199 | const checkAbuseValidForMessagesValidator = [ |
200 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
201 | logger.debug('Checking checkAbuseValidForMessagesValidator parameters', { parameters: req.body }) | |
202 | ||
203 | const abuse = res.locals.abuse | |
204 | if (abuse.ReporterAccount.isOwned() === false) { | |
76148b27 | 205 | return res.fail({ message: 'This abuse was created by a user of your instance.' }) |
94148c90 C |
206 | } |
207 | ||
208 | return next() | |
209 | } | |
210 | ] | |
211 | ||
edbc9325 | 212 | const addAbuseMessageValidator = [ |
396f6f01 C |
213 | body('message') |
214 | .custom(isAbuseMessageValid), | |
edbc9325 C |
215 | |
216 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
217 | logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body }) | |
218 | ||
219 | if (areValidationErrors(req, res)) return | |
220 | ||
221 | return next() | |
222 | } | |
223 | ] | |
224 | ||
225 | const deleteAbuseMessageValidator = [ | |
396f6f01 C |
226 | param('messageId') |
227 | .custom(isIdValid), | |
edbc9325 C |
228 | |
229 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | |
230 | logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body }) | |
231 | ||
232 | if (areValidationErrors(req, res)) return | |
233 | ||
234 | const user = res.locals.oauth.token.user | |
235 | const abuse = res.locals.abuse | |
236 | ||
237 | const messageId = parseInt(req.params.messageId + '', 10) | |
238 | const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id) | |
239 | ||
240 | if (!abuseMessage) { | |
76148b27 RK |
241 | return res.fail({ |
242 | status: HttpStatusCode.NOT_FOUND_404, | |
243 | message: 'Abuse message not found' | |
244 | }) | |
edbc9325 C |
245 | } |
246 | ||
247 | if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) { | |
76148b27 RK |
248 | return res.fail({ |
249 | status: HttpStatusCode.FORBIDDEN_403, | |
250 | message: 'Cannot delete this abuse message' | |
251 | }) | |
edbc9325 C |
252 | } |
253 | ||
254 | res.locals.abuseMessage = abuseMessage | |
255 | ||
256 | return next() | |
257 | } | |
258 | ] | |
259 | ||
d95d1559 C |
260 | // --------------------------------------------------------------------------- |
261 | ||
262 | export { | |
edbc9325 | 263 | abuseListForAdminsValidator, |
d95d1559 C |
264 | abuseReportValidator, |
265 | abuseGetValidator, | |
edbc9325 | 266 | addAbuseMessageValidator, |
94148c90 | 267 | checkAbuseValidForMessagesValidator, |
d95d1559 | 268 | abuseUpdateValidator, |
edbc9325 C |
269 | deleteAbuseMessageValidator, |
270 | abuseListForUserValidator, | |
7a4ea932 | 271 | getAbuseValidator |
d95d1559 | 272 | } |