]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' | |
3 | import { logger } from '../../../helpers/logger' | |
4 | import { getFormattedObjects } from '../../../helpers/utils' | |
5 | import { sequelizeTypescript } from '../../../initializers' | |
6 | import { sendVideoAbuse } from '../../../lib/activitypub/send' | |
7 | import { | |
8 | asyncMiddleware, | |
9 | asyncRetryTransactionMiddleware, | |
10 | authenticate, | |
11 | ensureUserHasRight, | |
12 | paginationValidator, | |
13 | setDefaultPagination, | |
14 | setDefaultSort, | |
15 | videoAbuseGetValidator, | |
16 | videoAbuseReportValidator, | |
17 | videoAbusesSortValidator, | |
18 | videoAbuseUpdateValidator | |
19 | } from '../../../middlewares' | |
20 | import { AccountModel } from '../../../models/account/account' | |
21 | import { VideoModel } from '../../../models/video/video' | |
22 | import { VideoAbuseModel } from '../../../models/video/video-abuse' | |
23 | import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' | |
24 | import { UserModel } from '../../../models/account/user' | |
25 | ||
26 | const auditLogger = auditLoggerFactory('abuse') | |
27 | const abuseVideoRouter = express.Router() | |
28 | ||
29 | abuseVideoRouter.get('/abuse', | |
30 | authenticate, | |
31 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
32 | paginationValidator, | |
33 | videoAbusesSortValidator, | |
34 | setDefaultSort, | |
35 | setDefaultPagination, | |
36 | asyncMiddleware(listVideoAbuses) | |
37 | ) | |
38 | abuseVideoRouter.put('/:videoId/abuse/:id', | |
39 | authenticate, | |
40 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
41 | asyncMiddleware(videoAbuseUpdateValidator), | |
42 | asyncRetryTransactionMiddleware(updateVideoAbuse) | |
43 | ) | |
44 | abuseVideoRouter.post('/:videoId/abuse', | |
45 | authenticate, | |
46 | asyncMiddleware(videoAbuseReportValidator), | |
47 | asyncRetryTransactionMiddleware(reportVideoAbuse) | |
48 | ) | |
49 | abuseVideoRouter.delete('/:videoId/abuse/:id', | |
50 | authenticate, | |
51 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
52 | asyncMiddleware(videoAbuseGetValidator), | |
53 | asyncRetryTransactionMiddleware(deleteVideoAbuse) | |
54 | ) | |
55 | ||
56 | // --------------------------------------------------------------------------- | |
57 | ||
58 | export { | |
59 | abuseVideoRouter | |
60 | } | |
61 | ||
62 | // --------------------------------------------------------------------------- | |
63 | ||
64 | async function listVideoAbuses (req: express.Request, res: express.Response) { | |
65 | const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort) | |
66 | ||
67 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
68 | } | |
69 | ||
70 | async function updateVideoAbuse (req: express.Request, res: express.Response) { | |
71 | const videoAbuse: VideoAbuseModel = res.locals.videoAbuse | |
72 | ||
73 | if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment | |
74 | if (req.body.state !== undefined) videoAbuse.state = req.body.state | |
75 | ||
76 | await sequelizeTypescript.transaction(t => { | |
77 | return videoAbuse.save({ transaction: t }) | |
78 | }) | |
79 | ||
80 | // Do not send the delete to other instances, we updated OUR copy of this video abuse | |
81 | ||
82 | return res.type('json').status(204).end() | |
83 | } | |
84 | ||
85 | async function deleteVideoAbuse (req: express.Request, res: express.Response) { | |
86 | const videoAbuse: VideoAbuseModel = res.locals.videoAbuse | |
87 | ||
88 | await sequelizeTypescript.transaction(t => { | |
89 | return videoAbuse.destroy({ transaction: t }) | |
90 | }) | |
91 | ||
92 | // Do not send the delete to other instances, we delete OUR copy of this video abuse | |
93 | ||
94 | return res.type('json').status(204).end() | |
95 | } | |
96 | ||
97 | async function reportVideoAbuse (req: express.Request, res: express.Response) { | |
98 | const videoInstance = res.locals.video as VideoModel | |
99 | const body: VideoAbuseCreate = req.body | |
100 | ||
101 | const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => { | |
102 | const reporterAccount = await AccountModel.load((res.locals.oauth.token.User as UserModel).Account.id, t) | |
103 | ||
104 | const abuseToCreate = { | |
105 | reporterAccountId: reporterAccount.id, | |
106 | reason: body.reason, | |
107 | videoId: videoInstance.id, | |
108 | state: VideoAbuseState.PENDING | |
109 | } | |
110 | ||
111 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) | |
112 | videoAbuseInstance.Video = videoInstance | |
113 | videoAbuseInstance.Account = reporterAccount | |
114 | ||
115 | // We send the video abuse to the origin server | |
116 | if (videoInstance.isOwned() === false) { | |
117 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance) | |
118 | } | |
119 | ||
120 | auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) | |
121 | ||
122 | return videoAbuseInstance | |
123 | }) | |
124 | ||
125 | logger.info('Abuse report for video %s created.', videoInstance.name) | |
126 | ||
127 | return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() | |
128 | } |