]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { logger } from '@server/helpers/logger' | |
3 | import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation' | |
4 | import { Notifier } from '@server/lib/notifier' | |
5 | import { AbuseModel } from '@server/models/abuse/abuse' | |
6 | import { AbuseMessageModel } from '@server/models/abuse/abuse-message' | |
7 | import { getServerActor } from '@server/models/application/application' | |
8 | import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse' | |
9 | import { AbuseCreate, AbuseState, UserRight } from '../../../shared' | |
10 | import { getFormattedObjects } from '../../helpers/utils' | |
11 | import { sequelizeTypescript } from '../../initializers/database' | |
12 | import { | |
13 | abuseGetValidator, | |
14 | abuseListForAdminsValidator, | |
15 | abuseReportValidator, | |
16 | abusesSortValidator, | |
17 | abuseUpdateValidator, | |
18 | addAbuseMessageValidator, | |
19 | asyncMiddleware, | |
20 | asyncRetryTransactionMiddleware, | |
21 | authenticate, | |
22 | checkAbuseValidForMessagesValidator, | |
23 | deleteAbuseMessageValidator, | |
24 | ensureUserHasRight, | |
25 | getAbuseValidator, | |
26 | paginationValidator, | |
27 | setDefaultPagination, | |
28 | setDefaultSort | |
29 | } from '../../middlewares' | |
30 | import { AccountModel } from '../../models/account/account' | |
31 | ||
32 | const abuseRouter = express.Router() | |
33 | ||
34 | abuseRouter.get('/', | |
35 | authenticate, | |
36 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
37 | paginationValidator, | |
38 | abusesSortValidator, | |
39 | setDefaultSort, | |
40 | setDefaultPagination, | |
41 | abuseListForAdminsValidator, | |
42 | asyncMiddleware(listAbusesForAdmins) | |
43 | ) | |
44 | abuseRouter.put('/:id', | |
45 | authenticate, | |
46 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
47 | asyncMiddleware(abuseUpdateValidator), | |
48 | asyncRetryTransactionMiddleware(updateAbuse) | |
49 | ) | |
50 | abuseRouter.post('/', | |
51 | authenticate, | |
52 | asyncMiddleware(abuseReportValidator), | |
53 | asyncRetryTransactionMiddleware(reportAbuse) | |
54 | ) | |
55 | abuseRouter.delete('/:id', | |
56 | authenticate, | |
57 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
58 | asyncMiddleware(abuseGetValidator), | |
59 | asyncRetryTransactionMiddleware(deleteAbuse) | |
60 | ) | |
61 | ||
62 | abuseRouter.get('/:id/messages', | |
63 | authenticate, | |
64 | asyncMiddleware(getAbuseValidator), | |
65 | checkAbuseValidForMessagesValidator, | |
66 | asyncRetryTransactionMiddleware(listAbuseMessages) | |
67 | ) | |
68 | ||
69 | abuseRouter.post('/:id/messages', | |
70 | authenticate, | |
71 | asyncMiddleware(getAbuseValidator), | |
72 | checkAbuseValidForMessagesValidator, | |
73 | addAbuseMessageValidator, | |
74 | asyncRetryTransactionMiddleware(addAbuseMessage) | |
75 | ) | |
76 | ||
77 | abuseRouter.delete('/:id/messages/:messageId', | |
78 | authenticate, | |
79 | asyncMiddleware(getAbuseValidator), | |
80 | checkAbuseValidForMessagesValidator, | |
81 | asyncMiddleware(deleteAbuseMessageValidator), | |
82 | asyncRetryTransactionMiddleware(deleteAbuseMessage) | |
83 | ) | |
84 | ||
85 | // --------------------------------------------------------------------------- | |
86 | ||
87 | export { | |
88 | abuseRouter, | |
89 | ||
90 | // FIXME: deprecated in 2.3. Remove these exports | |
91 | listAbusesForAdmins, | |
92 | updateAbuse, | |
93 | deleteAbuse, | |
94 | reportAbuse | |
95 | } | |
96 | ||
97 | // --------------------------------------------------------------------------- | |
98 | ||
99 | async function listAbusesForAdmins (req: express.Request, res: express.Response) { | |
100 | const user = res.locals.oauth.token.user | |
101 | const serverActor = await getServerActor() | |
102 | ||
103 | const resultList = await AbuseModel.listForAdminApi({ | |
104 | start: req.query.start, | |
105 | count: req.query.count, | |
106 | sort: req.query.sort, | |
107 | id: req.query.id, | |
108 | filter: req.query.filter, | |
109 | predefinedReason: req.query.predefinedReason, | |
110 | search: req.query.search, | |
111 | state: req.query.state, | |
112 | videoIs: req.query.videoIs, | |
113 | searchReporter: req.query.searchReporter, | |
114 | searchReportee: req.query.searchReportee, | |
115 | searchVideo: req.query.searchVideo, | |
116 | searchVideoChannel: req.query.searchVideoChannel, | |
117 | serverAccountId: serverActor.Account.id, | |
118 | user | |
119 | }) | |
120 | ||
121 | return res.json({ | |
122 | total: resultList.total, | |
123 | data: resultList.data.map(d => d.toFormattedAdminJSON()) | |
124 | }) | |
125 | } | |
126 | ||
127 | async function updateAbuse (req: express.Request, res: express.Response) { | |
128 | const abuse = res.locals.abuse | |
129 | let stateUpdated = false | |
130 | ||
131 | if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment | |
132 | ||
133 | if (req.body.state !== undefined) { | |
134 | abuse.state = req.body.state | |
135 | stateUpdated = true | |
136 | } | |
137 | ||
138 | await sequelizeTypescript.transaction(t => { | |
139 | return abuse.save({ transaction: t }) | |
140 | }) | |
141 | ||
142 | if (stateUpdated === true) { | |
143 | AbuseModel.loadFull(abuse.id) | |
144 | .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull)) | |
145 | .catch(err => logger.error('Cannot notify on abuse state change', { err })) | |
146 | } | |
147 | ||
148 | // Do not send the delete to other instances, we updated OUR copy of this abuse | |
149 | ||
150 | return res.sendStatus(204) | |
151 | } | |
152 | ||
153 | async function deleteAbuse (req: express.Request, res: express.Response) { | |
154 | const abuse = res.locals.abuse | |
155 | ||
156 | await sequelizeTypescript.transaction(t => { | |
157 | return abuse.destroy({ transaction: t }) | |
158 | }) | |
159 | ||
160 | // Do not send the delete to other instances, we delete OUR copy of this abuse | |
161 | ||
162 | return res.sendStatus(204) | |
163 | } | |
164 | ||
165 | async function reportAbuse (req: express.Request, res: express.Response) { | |
166 | const videoInstance = res.locals.videoAll | |
167 | const commentInstance = res.locals.videoCommentFull | |
168 | const accountInstance = res.locals.account | |
169 | ||
170 | const body: AbuseCreate = req.body | |
171 | ||
172 | const { id } = await sequelizeTypescript.transaction(async t => { | |
173 | const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | |
174 | const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) | |
175 | ||
176 | const baseAbuse = { | |
177 | reporterAccountId: reporterAccount.id, | |
178 | reason: body.reason, | |
179 | state: AbuseState.PENDING, | |
180 | predefinedReasons | |
181 | } | |
182 | ||
183 | if (body.video) { | |
184 | return createVideoAbuse({ | |
185 | baseAbuse, | |
186 | videoInstance, | |
187 | reporterAccount, | |
188 | transaction: t, | |
189 | startAt: body.video.startAt, | |
190 | endAt: body.video.endAt | |
191 | }) | |
192 | } | |
193 | ||
194 | if (body.comment) { | |
195 | return createVideoCommentAbuse({ | |
196 | baseAbuse, | |
197 | commentInstance, | |
198 | reporterAccount, | |
199 | transaction: t | |
200 | }) | |
201 | } | |
202 | ||
203 | // Account report | |
204 | return createAccountAbuse({ | |
205 | baseAbuse, | |
206 | accountInstance, | |
207 | reporterAccount, | |
208 | transaction: t | |
209 | }) | |
210 | }) | |
211 | ||
212 | return res.json({ abuse: { id } }) | |
213 | } | |
214 | ||
215 | async function listAbuseMessages (req: express.Request, res: express.Response) { | |
216 | const abuse = res.locals.abuse | |
217 | ||
218 | const resultList = await AbuseMessageModel.listForApi(abuse.id) | |
219 | ||
220 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
221 | } | |
222 | ||
223 | async function addAbuseMessage (req: express.Request, res: express.Response) { | |
224 | const abuse = res.locals.abuse | |
225 | const user = res.locals.oauth.token.user | |
226 | ||
227 | const abuseMessage = await AbuseMessageModel.create({ | |
228 | message: req.body.message, | |
229 | byModerator: abuse.reporterAccountId !== user.Account.id, | |
230 | accountId: user.Account.id, | |
231 | abuseId: abuse.id | |
232 | }) | |
233 | ||
234 | AbuseModel.loadFull(abuse.id) | |
235 | .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage)) | |
236 | .catch(err => logger.error('Cannot notify on new abuse message', { err })) | |
237 | ||
238 | return res.json({ | |
239 | abuseMessage: { | |
240 | id: abuseMessage.id | |
241 | } | |
242 | }) | |
243 | } | |
244 | ||
245 | async function deleteAbuseMessage (req: express.Request, res: express.Response) { | |
246 | const abuseMessage = res.locals.abuseMessage | |
247 | ||
248 | await sequelizeTypescript.transaction(t => { | |
249 | return abuseMessage.destroy({ transaction: t }) | |
250 | }) | |
251 | ||
252 | return res.sendStatus(204) | |
253 | } |