[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / abuse.ts

import * as express from 'express'
import { body, param, query } from 'express-validator'
import {
  isAbuseFilterValid,
  isAbuseModerationCommentValid,
  isAbusePredefinedReasonsValid,
  isAbusePredefinedReasonValid,
  isAbuseReasonValid,
  isAbuseStateValid,
  isAbuseTimestampCoherent,
  isAbuseTimestampValid,
  isAbuseVideoIsValid
} from '@server/helpers/custom-validators/abuses'
import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'
import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
import { logger } from '@server/helpers/logger'
import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
import { AbuseCreate } from '@shared/models'
import { areValidationErrors } from './utils'

const abuseReportValidator = [
  body('account.id')
    .optional()
    .custom(isIdValid)
    .withMessage('Should have a valid accountId'),

  body('video.id')
    .optional()
    .custom(isIdOrUUIDValid)
    .withMessage('Should have a valid videoId'),
  body('video.startAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid starting time value'),
  body('video.endAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid ending time value')
    .bail()
    .custom(isAbuseTimestampCoherent)
    .withMessage('Should have a startAt timestamp beginning before endAt'),

  body('comment.id')
    .optional()
    .custom(isIdValid)
    .withMessage('Should have a valid commentId'),

  body('reason')
    .custom(isAbuseReasonValid)
    .withMessage('Should have a valid reason'),

  body('predefinedReasons')
    .optional()
    .custom(isAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseReport parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    const body: AbuseCreate = req.body

    if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
    if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
    if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return

    if (!body.video?.id && !body.account?.id && !body.comment?.id) {
      res.status(400)
        .json({ error: 'video id or account id or comment id is required.' })

      return
    }

    return next()
  }
]

const abuseGetValidator = [
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAbuseExist(req.params.id, res)) return

    return next()
  }
]

const abuseUpdateValidator = [
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  body('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
  body('moderationComment')
    .optional()
    .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAbuseExist(req.params.id, res)) return

    return next()
  }
]

const abuseListValidator = [
  query('id')
    .optional()
    .custom(isIdValid).withMessage('Should have a valid id'),
  query('filter')
    .optional()
    .custom(isAbuseFilterValid)
    .withMessage('Should have a valid filter'),
  query('predefinedReason')
    .optional()
    .custom(isAbusePredefinedReasonValid)
    .withMessage('Should have a valid predefinedReason'),
  query('search')
    .optional()
    .custom(exists).withMessage('Should have a valid search'),
  query('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  query('videoIs')
    .optional()
    .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
  query('searchReporter')
    .optional()
    .custom(exists).withMessage('Should have a valid reporter search'),
  query('searchReportee')
    .optional()
    .custom(exists).withMessage('Should have a valid reportee search'),
  query('searchVideo')
    .optional()
    .custom(exists).withMessage('Should have a valid video search'),
  query('searchVideoChannel')
    .optional()
    .custom(exists).withMessage('Should have a valid video channel search'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseListValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// FIXME: deprecated in 2.3. Remove these validators

const videoAbuseReportValidator = [
  param('videoId')
    .custom(isIdOrUUIDValid)
    .not()
    .isEmpty()
    .withMessage('Should have a valid videoId'),
  body('reason')
    .custom(isAbuseReasonValid)
    .withMessage('Should have a valid reason'),
  body('predefinedReasons')
    .optional()
    .custom(isAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),
  body('startAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid starting time value'),
  body('endAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid ending time value'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseGetValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseUpdateValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
  body('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  body('moderationComment')
    .optional()
    .custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseListValidator = [
  query('id')
    .optional()
    .custom(isIdValid).withMessage('Should have a valid id'),
  query('predefinedReason')
    .optional()
    .custom(isAbusePredefinedReasonValid)
    .withMessage('Should have a valid predefinedReason'),
  query('search')
    .optional()
    .custom(exists).withMessage('Should have a valid search'),
  query('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  query('videoIs')
    .optional()
    .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
  query('searchReporter')
    .optional()
    .custom(exists).withMessage('Should have a valid reporter search'),
  query('searchReportee')
    .optional()
    .custom(exists).withMessage('Should have a valid reportee search'),
  query('searchVideo')
    .optional()
    .custom(exists).withMessage('Should have a valid video search'),
  query('searchVideoChannel')
    .optional()
    .custom(exists).withMessage('Should have a valid video channel search'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  abuseListValidator,
  abuseReportValidator,
  abuseGetValidator,
  abuseUpdateValidator,
  videoAbuseReportValidator,
  videoAbuseGetValidator,
  videoAbuseUpdateValidator,
  videoAbuseListValidator
}
Commit	Line	Data
d95d1559 C	1	import * as express from 'express'
	2	import { body, param, query } from 'express-validator'
	3	import {
57f6896f	4	isAbuseFilterValid,
d95d1559 C	5	isAbuseModerationCommentValid,
	6	isAbusePredefinedReasonsValid,
	7	isAbusePredefinedReasonValid,
	8	isAbuseReasonValid,
	9	isAbuseStateValid,
	10	isAbuseTimestampCoherent,
	11	isAbuseTimestampValid,
	12	isAbuseVideoIsValid
	13	} from '@server/helpers/custom-validators/abuses'
	14	import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'
57f6896f	15	import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
d95d1559	16	import { logger } from '@server/helpers/logger'
57f6896f C	17	import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
57f6896f C	18	import { AbuseCreate } from '@shared/models'
d95d1559 C	19	import { areValidationErrors } from './utils'
	20
	21	const abuseReportValidator = [
57f6896f C	22	body('account.id')
	23	.optional()
	24	.custom(isIdValid)
	25	.withMessage('Should have a valid accountId'),
	26
	27	body('video.id')
	28	.optional()
d95d1559	29	.custom(isIdOrUUIDValid)
d95d1559	30	.withMessage('Should have a valid videoId'),
57f6896f	31	body('video.startAt')
d95d1559 C	32	.optional()
	33	.customSanitizer(toIntOrNull)
	34	.custom(isAbuseTimestampValid)
	35	.withMessage('Should have valid starting time value'),
57f6896f	36	body('video.endAt')
d95d1559 C	37	.optional()
	38	.customSanitizer(toIntOrNull)
	39	.custom(isAbuseTimestampValid)
	40	.withMessage('Should have valid ending time value')
	41	.bail()
	42	.custom(isAbuseTimestampCoherent)
	43	.withMessage('Should have a startAt timestamp beginning before endAt'),
	44
57f6896f C	45	body('comment.id')
	46	.optional()
	47	.custom(isIdValid)
	48	.withMessage('Should have a valid commentId'),
	49
	50	body('reason')
	51	.custom(isAbuseReasonValid)
	52	.withMessage('Should have a valid reason'),
	53
	54	body('predefinedReasons')
	55	.optional()
	56	.custom(isAbusePredefinedReasonsValid)
	57	.withMessage('Should have a valid list of predefined reasons'),
	58
d95d1559 C	59	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	60	logger.debug('Checking abuseReport parameters', { parameters: req.body })
	61
	62	if (areValidationErrors(req, res)) return
d95d1559	63
57f6896f C	64	const body: AbuseCreate = req.body
	65
	66	if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
	67	if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
	68	if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
	69
	70	if (!body.video?.id && !body.account?.id && !body.comment?.id) {
	71	res.status(400)
	72	.json({ error: 'video id or account id or comment id is required.' })
	73
	74	return
	75	}
d95d1559 C	76
	77	return next()
	78	}
	79	]
	80
	81	const abuseGetValidator = [
d95d1559 C	82	param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
	83
	84	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	85	logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })
	86
	87	if (areValidationErrors(req, res)) return
57f6896f	88	if (!await doesAbuseExist(req.params.id, res)) return
d95d1559 C	89
	90	return next()
	91	}
	92	]
	93
	94	const abuseUpdateValidator = [
d95d1559	95	param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
57f6896f	96
d95d1559 C	97	body('state')
d95d1559 C	98	.optional()
57f6896f	99	.custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
d95d1559 C	100	body('moderationComment')
d95d1559 C	101	.optional()
57f6896f	102	.custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'),
d95d1559 C	103
	104	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	105	logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })
	106
	107	if (areValidationErrors(req, res)) return
57f6896f	108	if (!await doesAbuseExist(req.params.id, res)) return
d95d1559 C	109
	110	return next()
	111	}
	112	]
	113
	114	const abuseListValidator = [
	115	query('id')
	116	.optional()
	117	.custom(isIdValid).withMessage('Should have a valid id'),
57f6896f C	118	query('filter')
	119	.optional()
	120	.custom(isAbuseFilterValid)
	121	.withMessage('Should have a valid filter'),
d95d1559 C	122	query('predefinedReason')
	123	.optional()
	124	.custom(isAbusePredefinedReasonValid)
	125	.withMessage('Should have a valid predefinedReason'),
	126	query('search')
	127	.optional()
	128	.custom(exists).withMessage('Should have a valid search'),
	129	query('state')
	130	.optional()
	131	.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
	132	query('videoIs')
	133	.optional()
	134	.custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
	135	query('searchReporter')
	136	.optional()
	137	.custom(exists).withMessage('Should have a valid reporter search'),
	138	query('searchReportee')
	139	.optional()
	140	.custom(exists).withMessage('Should have a valid reportee search'),
	141	query('searchVideo')
	142	.optional()
	143	.custom(exists).withMessage('Should have a valid video search'),
	144	query('searchVideoChannel')
	145	.optional()
	146	.custom(exists).withMessage('Should have a valid video channel search'),
	147
	148	(req: express.Request, res: express.Response, next: express.NextFunction) => {
	149	logger.debug('Checking abuseListValidator parameters', { parameters: req.body })
	150
	151	if (areValidationErrors(req, res)) return
	152
	153	return next()
	154	}
	155	]
	156
	157	// FIXME: deprecated in 2.3. Remove these validators
	158
	159	const videoAbuseReportValidator = [
	160	param('videoId')
	161	.custom(isIdOrUUIDValid)
	162	.not()
	163	.isEmpty()
	164	.withMessage('Should have a valid videoId'),
	165	body('reason')
	166	.custom(isAbuseReasonValid)
	167	.withMessage('Should have a valid reason'),
	168	body('predefinedReasons')
	169	.optional()
	170	.custom(isAbusePredefinedReasonsValid)
	171	.withMessage('Should have a valid list of predefined reasons'),
	172	body('startAt')
	173	.optional()
	174	.customSanitizer(toIntOrNull)
	175	.custom(isAbuseTimestampValid)
	176	.withMessage('Should have valid starting time value'),
	177	body('endAt')
	178	.optional()
	179	.customSanitizer(toIntOrNull)
	180	.custom(isAbuseTimestampValid)
57f6896f	181	.withMessage('Should have valid ending time value'),
d95d1559 C	182
	183	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	184	logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
	185
	186	if (areValidationErrors(req, res)) return
	187	if (!await doesVideoExist(req.params.videoId, res)) return
	188
	189	return next()
	190	}
	191	]
	192
	193	const videoAbuseGetValidator = [
	194	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
	195	param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
	196
	197	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	198	logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })
	199
	200	if (areValidationErrors(req, res)) return
	201	if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return
	202
	203	return next()
	204	}
	205	]
	206
	207	const videoAbuseUpdateValidator = [
	208	param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
	209	param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
	210	body('state')
	211	.optional()
	212	.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
	213	body('moderationComment')
	214	.optional()
	215	.custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),
	216
	217	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
	218	logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })
	219
	220	if (areValidationErrors(req, res)) return
	221	if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return
	222
	223	return next()
	224	}
	225	]
	226
	227	const videoAbuseListValidator = [
	228	query('id')
	229	.optional()
	230	.custom(isIdValid).withMessage('Should have a valid id'),
	231	query('predefinedReason')
	232	.optional()
	233	.custom(isAbusePredefinedReasonValid)
	234	.withMessage('Should have a valid predefinedReason'),
	235	query('search')
	236	.optional()
	237	.custom(exists).withMessage('Should have a valid search'),
	238	query('state')
	239	.optional()
	240	.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
	241	query('videoIs')
	242	.optional()
	243	.custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
	244	query('searchReporter')
	245	.optional()
246	.custom(exists).withMessage('Should have a valid reporter search'),
247	query('searchReportee')
248	.optional()
249	.custom(exists).withMessage('Should have a valid reportee search'),
250	query('searchVideo')
251	.optional()
252	.custom(exists).withMessage('Should have a valid video search'),
253	query('searchVideoChannel')
254	.optional()
255	.custom(exists).withMessage('Should have a valid video channel search'),
256
257	(req: express.Request, res: express.Response, next: express.NextFunction) => {
258	logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body })
259
260	if (areValidationErrors(req, res)) return
261
262	return next()
263	}
264	]
265
266	// ---------------------------------------------------------------------------
267
268	export {
269	abuseListValidator,
270	abuseReportValidator,
271	abuseGetValidator,
272	abuseUpdateValidator,
273	videoAbuseReportValidator,
274	videoAbuseGetValidator,
275	videoAbuseUpdateValidator,
276	videoAbuseListValidator
277	}