]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation' | |
3 | import { AbuseModel } from '@server/models/abuse/abuse' | |
4 | import { getServerActor } from '@server/models/application/application' | |
5 | import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared' | |
6 | import { getFormattedObjects } from '../../helpers/utils' | |
7 | import { sequelizeTypescript } from '../../initializers/database' | |
8 | import { | |
9 | abuseGetValidator, | |
10 | abuseListValidator, | |
11 | abuseReportValidator, | |
12 | abusesSortValidator, | |
13 | abuseUpdateValidator, | |
14 | asyncMiddleware, | |
15 | asyncRetryTransactionMiddleware, | |
16 | authenticate, | |
17 | ensureUserHasRight, | |
18 | paginationValidator, | |
19 | setDefaultPagination, | |
20 | setDefaultSort | |
21 | } from '../../middlewares' | |
22 | import { AccountModel } from '../../models/account/account' | |
23 | ||
24 | const abuseRouter = express.Router() | |
25 | ||
26 | abuseRouter.get('/', | |
27 | authenticate, | |
28 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
29 | paginationValidator, | |
30 | abusesSortValidator, | |
31 | setDefaultSort, | |
32 | setDefaultPagination, | |
33 | abuseListValidator, | |
34 | asyncMiddleware(listAbuses) | |
35 | ) | |
36 | abuseRouter.put('/:id', | |
37 | authenticate, | |
38 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
39 | asyncMiddleware(abuseUpdateValidator), | |
40 | asyncRetryTransactionMiddleware(updateAbuse) | |
41 | ) | |
42 | abuseRouter.post('/', | |
43 | authenticate, | |
44 | asyncMiddleware(abuseReportValidator), | |
45 | asyncRetryTransactionMiddleware(reportAbuse) | |
46 | ) | |
47 | abuseRouter.delete('/:id', | |
48 | authenticate, | |
49 | ensureUserHasRight(UserRight.MANAGE_ABUSES), | |
50 | asyncMiddleware(abuseGetValidator), | |
51 | asyncRetryTransactionMiddleware(deleteAbuse) | |
52 | ) | |
53 | ||
54 | // --------------------------------------------------------------------------- | |
55 | ||
56 | export { | |
57 | abuseRouter, | |
58 | ||
59 | // FIXME: deprecated in 2.3. Remove these exports | |
60 | listAbuses, | |
61 | updateAbuse, | |
62 | deleteAbuse, | |
63 | reportAbuse | |
64 | } | |
65 | ||
66 | // --------------------------------------------------------------------------- | |
67 | ||
68 | async function listAbuses (req: express.Request, res: express.Response) { | |
69 | const user = res.locals.oauth.token.user | |
70 | const serverActor = await getServerActor() | |
71 | ||
72 | const resultList = await AbuseModel.listForApi({ | |
73 | start: req.query.start, | |
74 | count: req.query.count, | |
75 | sort: req.query.sort, | |
76 | id: req.query.id, | |
77 | filter: req.query.filter, | |
78 | predefinedReason: req.query.predefinedReason, | |
79 | search: req.query.search, | |
80 | state: req.query.state, | |
81 | videoIs: req.query.videoIs, | |
82 | searchReporter: req.query.searchReporter, | |
83 | searchReportee: req.query.searchReportee, | |
84 | searchVideo: req.query.searchVideo, | |
85 | searchVideoChannel: req.query.searchVideoChannel, | |
86 | serverAccountId: serverActor.Account.id, | |
87 | user | |
88 | }) | |
89 | ||
90 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
91 | } | |
92 | ||
93 | async function updateAbuse (req: express.Request, res: express.Response) { | |
94 | const abuse = res.locals.abuse | |
95 | ||
96 | if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment | |
97 | if (req.body.state !== undefined) abuse.state = req.body.state | |
98 | ||
99 | await sequelizeTypescript.transaction(t => { | |
100 | return abuse.save({ transaction: t }) | |
101 | }) | |
102 | ||
103 | // Do not send the delete to other instances, we updated OUR copy of this video abuse | |
104 | ||
105 | return res.type('json').status(204).end() | |
106 | } | |
107 | ||
108 | async function deleteAbuse (req: express.Request, res: express.Response) { | |
109 | const abuse = res.locals.abuse | |
110 | ||
111 | await sequelizeTypescript.transaction(t => { | |
112 | return abuse.destroy({ transaction: t }) | |
113 | }) | |
114 | ||
115 | // Do not send the delete to other instances, we delete OUR copy of this video abuse | |
116 | ||
117 | return res.type('json').status(204).end() | |
118 | } | |
119 | ||
120 | async function reportAbuse (req: express.Request, res: express.Response) { | |
121 | const videoInstance = res.locals.videoAll | |
122 | const commentInstance = res.locals.videoCommentFull | |
123 | const accountInstance = res.locals.account | |
124 | ||
125 | const body: AbuseCreate = req.body | |
126 | ||
127 | const { id } = await sequelizeTypescript.transaction(async t => { | |
128 | const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | |
129 | const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) | |
130 | ||
131 | const baseAbuse = { | |
132 | reporterAccountId: reporterAccount.id, | |
133 | reason: body.reason, | |
134 | state: AbuseState.PENDING, | |
135 | predefinedReasons | |
136 | } | |
137 | ||
138 | if (body.video) { | |
139 | return createVideoAbuse({ | |
140 | baseAbuse, | |
141 | videoInstance, | |
142 | reporterAccount, | |
143 | transaction: t, | |
144 | startAt: body.video.startAt, | |
145 | endAt: body.video.endAt | |
146 | }) | |
147 | } | |
148 | ||
149 | if (body.comment) { | |
150 | return createVideoCommentAbuse({ | |
151 | baseAbuse, | |
152 | commentInstance, | |
153 | reporterAccount, | |
154 | transaction: t | |
155 | }) | |
156 | } | |
157 | ||
158 | // Account report | |
159 | return createAccountAbuse({ | |
160 | baseAbuse, | |
161 | accountInstance, | |
162 | reporterAccount, | |
163 | transaction: t | |
164 | }) | |
165 | }) | |
166 | ||
167 | return res.json({ abuse: { id } }) | |
168 | } |