]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' | |
3 | import { logger } from '../../../helpers/logger' | |
4 | import { getFormattedObjects, getServerActor } from '../../../helpers/utils' | |
5 | import { sequelizeTypescript } from '../../../initializers' | |
6 | import { | |
7 | asyncMiddleware, | |
8 | asyncRetryTransactionMiddleware, | |
9 | authenticate, | |
10 | ensureUserHasRight, | |
11 | paginationValidator, | |
12 | setDefaultPagination, | |
13 | setDefaultSort, | |
14 | videoAbuseGetValidator, | |
15 | videoAbuseReportValidator, | |
16 | videoAbusesSortValidator, | |
17 | videoAbuseUpdateValidator | |
18 | } from '../../../middlewares' | |
19 | import { AccountModel } from '../../../models/account/account' | |
20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' | |
21 | import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' | |
22 | import { Notifier } from '../../../lib/notifier' | |
23 | import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' | |
24 | import { MVideoAbuseAccountVideo } from '../../../typings/models/video' | |
25 | ||
26 | const auditLogger = auditLoggerFactory('abuse') | |
27 | const abuseVideoRouter = express.Router() | |
28 | ||
29 | abuseVideoRouter.get('/abuse', | |
30 | authenticate, | |
31 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
32 | paginationValidator, | |
33 | videoAbusesSortValidator, | |
34 | setDefaultSort, | |
35 | setDefaultPagination, | |
36 | asyncMiddleware(listVideoAbuses) | |
37 | ) | |
38 | abuseVideoRouter.put('/:videoId/abuse/:id', | |
39 | authenticate, | |
40 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
41 | asyncMiddleware(videoAbuseUpdateValidator), | |
42 | asyncRetryTransactionMiddleware(updateVideoAbuse) | |
43 | ) | |
44 | abuseVideoRouter.post('/:videoId/abuse', | |
45 | authenticate, | |
46 | asyncMiddleware(videoAbuseReportValidator), | |
47 | asyncRetryTransactionMiddleware(reportVideoAbuse) | |
48 | ) | |
49 | abuseVideoRouter.delete('/:videoId/abuse/:id', | |
50 | authenticate, | |
51 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
52 | asyncMiddleware(videoAbuseGetValidator), | |
53 | asyncRetryTransactionMiddleware(deleteVideoAbuse) | |
54 | ) | |
55 | ||
56 | // --------------------------------------------------------------------------- | |
57 | ||
58 | export { | |
59 | abuseVideoRouter | |
60 | } | |
61 | ||
62 | // --------------------------------------------------------------------------- | |
63 | ||
64 | async function listVideoAbuses (req: express.Request, res: express.Response) { | |
65 | const user = res.locals.oauth.token.user | |
66 | const serverActor = await getServerActor() | |
67 | ||
68 | const resultList = await VideoAbuseModel.listForApi({ | |
69 | start: req.query.start, | |
70 | count: req.query.count, | |
71 | sort: req.query.sort, | |
72 | serverAccountId: serverActor.Account.id, | |
73 | user | |
74 | }) | |
75 | ||
76 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
77 | } | |
78 | ||
79 | async function updateVideoAbuse (req: express.Request, res: express.Response) { | |
80 | const videoAbuse = res.locals.videoAbuse | |
81 | ||
82 | if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment | |
83 | if (req.body.state !== undefined) videoAbuse.state = req.body.state | |
84 | ||
85 | await sequelizeTypescript.transaction(t => { | |
86 | return videoAbuse.save({ transaction: t }) | |
87 | }) | |
88 | ||
89 | // Do not send the delete to other instances, we updated OUR copy of this video abuse | |
90 | ||
91 | return res.type('json').status(204).end() | |
92 | } | |
93 | ||
94 | async function deleteVideoAbuse (req: express.Request, res: express.Response) { | |
95 | const videoAbuse = res.locals.videoAbuse | |
96 | ||
97 | await sequelizeTypescript.transaction(t => { | |
98 | return videoAbuse.destroy({ transaction: t }) | |
99 | }) | |
100 | ||
101 | // Do not send the delete to other instances, we delete OUR copy of this video abuse | |
102 | ||
103 | return res.type('json').status(204).end() | |
104 | } | |
105 | ||
106 | async function reportVideoAbuse (req: express.Request, res: express.Response) { | |
107 | const videoInstance = res.locals.videoAll | |
108 | const body: VideoAbuseCreate = req.body | |
109 | ||
110 | const videoAbuse = await sequelizeTypescript.transaction(async t => { | |
111 | const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | |
112 | ||
113 | const abuseToCreate = { | |
114 | reporterAccountId: reporterAccount.id, | |
115 | reason: body.reason, | |
116 | videoId: videoInstance.id, | |
117 | state: VideoAbuseState.PENDING | |
118 | } | |
119 | ||
120 | const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) | |
121 | videoAbuseInstance.Video = videoInstance | |
122 | videoAbuseInstance.Account = reporterAccount | |
123 | ||
124 | // We send the video abuse to the origin server | |
125 | if (videoInstance.isOwned() === false) { | |
126 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) | |
127 | } | |
128 | ||
129 | auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) | |
130 | ||
131 | return videoAbuseInstance | |
132 | }) | |
133 | ||
134 | Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse) | |
135 | ||
136 | logger.info('Abuse report for video %s created.', videoInstance.name) | |
137 | ||
138 | return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() | |
139 | } |