[github/Chocobozzz/PeerTube.git] / server / controllers / api / videos / abuse.ts

import * as express from 'express'
import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
import { sequelizeTypescript } from '../../../initializers'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  videoAbuseGetValidator,
  videoAbuseReportValidator,
  videoAbusesSortValidator,
  videoAbuseUpdateValidator
} from '../../../middlewares'
import { AccountModel } from '../../../models/account/account'
import { VideoAbuseModel } from '../../../models/video/video-abuse'
import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
import { Notifier } from '../../../lib/notifier'
import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
import { MVideoAbuseAccountVideo } from '../../../typings/models/video'

const auditLogger = auditLoggerFactory('abuse')
const abuseVideoRouter = express.Router()

abuseVideoRouter.get('/abuse',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  paginationValidator,
  videoAbusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listVideoAbuses)
)
abuseVideoRouter.put('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateVideoAbuse)
)
abuseVideoRouter.post('/:videoId/abuse',
  authenticate,
  asyncMiddleware(videoAbuseReportValidator),
  asyncRetryTransactionMiddleware(reportVideoAbuse)
)
abuseVideoRouter.delete('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseGetValidator),
  asyncRetryTransactionMiddleware(deleteVideoAbuse)
)

// ---------------------------------------------------------------------------

export {
  abuseVideoRouter
}

// ---------------------------------------------------------------------------

async function listVideoAbuses (req: express.Request, res: express.Response) {
  const user = res.locals.oauth.token.user
  const serverActor = await getServerActor()

  const resultList = await VideoAbuseModel.listForApi({
    start: req.query.start,
    count: req.query.count,
    sort: req.query.sort,
    serverAccountId: serverActor.Account.id,
    user
  })

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function updateVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) videoAbuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.save({ transaction: t })
  })

  // Do not send the delete to other instances, we updated OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.videoAll
  const body: VideoAbuseCreate = req.body

  const videoAbuse = await sequelizeTypescript.transaction(async t => {
    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)

    const abuseToCreate = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      videoId: videoInstance.id,
      state: VideoAbuseState.PENDING
    }

    const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
    videoAbuseInstance.Video = videoInstance
    videoAbuseInstance.Account = reporterAccount

    // We send the video abuse to the origin server
    if (videoInstance.isOwned() === false) {
      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
    }

    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))

    return videoAbuseInstance
  })

  Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)

  logger.info('Abuse report for video %s created.', videoInstance.name)

  return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
}
Commit	Line	Data
	1	import * as express from 'express'
	2	import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
	3	import { logger } from '../../../helpers/logger'
	4	import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
	5	import { sequelizeTypescript } from '../../../initializers'
	6	import {
	7	asyncMiddleware,
	8	asyncRetryTransactionMiddleware,
	9	authenticate,
	10	ensureUserHasRight,
	11	paginationValidator,
	12	setDefaultPagination,
	13	setDefaultSort,
	14	videoAbuseGetValidator,
	15	videoAbuseReportValidator,
	16	videoAbusesSortValidator,
	17	videoAbuseUpdateValidator
	18	} from '../../../middlewares'
	19	import { AccountModel } from '../../../models/account/account'
	20	import { VideoAbuseModel } from '../../../models/video/video-abuse'
	21	import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
	22	import { Notifier } from '../../../lib/notifier'
	23	import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
	24	import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
	25
	26	const auditLogger = auditLoggerFactory('abuse')
	27	const abuseVideoRouter = express.Router()
	28
	29	abuseVideoRouter.get('/abuse',
	30	authenticate,
	31	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	32	paginationValidator,
	33	videoAbusesSortValidator,
	34	setDefaultSort,
	35	setDefaultPagination,
	36	asyncMiddleware(listVideoAbuses)
	37	)
	38	abuseVideoRouter.put('/:videoId/abuse/:id',
	39	authenticate,
	40	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	41	asyncMiddleware(videoAbuseUpdateValidator),
	42	asyncRetryTransactionMiddleware(updateVideoAbuse)
	43	)
	44	abuseVideoRouter.post('/:videoId/abuse',
	45	authenticate,
	46	asyncMiddleware(videoAbuseReportValidator),
	47	asyncRetryTransactionMiddleware(reportVideoAbuse)
	48	)
	49	abuseVideoRouter.delete('/:videoId/abuse/:id',
	50	authenticate,
	51	ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
	52	asyncMiddleware(videoAbuseGetValidator),
	53	asyncRetryTransactionMiddleware(deleteVideoAbuse)
	54	)
	55
	56	// ---------------------------------------------------------------------------
	57
	58	export {
	59	abuseVideoRouter
	60	}
	61
	62	// ---------------------------------------------------------------------------
	63
	64	async function listVideoAbuses (req: express.Request, res: express.Response) {
	65	const user = res.locals.oauth.token.user
	66	const serverActor = await getServerActor()
	67
	68	const resultList = await VideoAbuseModel.listForApi({
	69	start: req.query.start,
	70	count: req.query.count,
	71	sort: req.query.sort,
	72	serverAccountId: serverActor.Account.id,
	73	user
	74	})
	75
	76	return res.json(getFormattedObjects(resultList.data, resultList.total))
	77	}
	78
	79	async function updateVideoAbuse (req: express.Request, res: express.Response) {
	80	const videoAbuse = res.locals.videoAbuse
	81
	82	if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
	83	if (req.body.state !== undefined) videoAbuse.state = req.body.state
	84
	85	await sequelizeTypescript.transaction(t => {
	86	return videoAbuse.save({ transaction: t })
	87	})
	88
	89	// Do not send the delete to other instances, we updated OUR copy of this video abuse
	90
	91	return res.type('json').status(204).end()
	92	}
	93
	94	async function deleteVideoAbuse (req: express.Request, res: express.Response) {
	95	const videoAbuse = res.locals.videoAbuse
	96
	97	await sequelizeTypescript.transaction(t => {
	98	return videoAbuse.destroy({ transaction: t })
	99	})
	100
	101	// Do not send the delete to other instances, we delete OUR copy of this video abuse
	102
	103	return res.type('json').status(204).end()
	104	}
	105
	106	async function reportVideoAbuse (req: express.Request, res: express.Response) {
	107	const videoInstance = res.locals.videoAll
	108	const body: VideoAbuseCreate = req.body
	109
	110	const videoAbuse = await sequelizeTypescript.transaction(async t => {
	111	const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
	112
	113	const abuseToCreate = {
	114	reporterAccountId: reporterAccount.id,
	115	reason: body.reason,
	116	videoId: videoInstance.id,
	117	state: VideoAbuseState.PENDING
	118	}
	119
	120	const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
	121	videoAbuseInstance.Video = videoInstance
	122	videoAbuseInstance.Account = reporterAccount
	123
	124	// We send the video abuse to the origin server
	125	if (videoInstance.isOwned() === false) {
	126	await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
	127	}
	128
	129	auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
	130
	131	return videoAbuseInstance
	132	})
	133
	134	Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
	135
	136	logger.info('Abuse report for video %s created.', videoInstance.name)
	137
	138	return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
	139	}