]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/abuse.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Increase redundancy check params timeout
[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts
1 import * as express from 'express'
2 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
3 import { AbuseModel } from '@server/models/abuse/abuse'
4 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
5 import { getServerActor } from '@server/models/application/application'
6 import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
7 import { getFormattedObjects } from '../../helpers/utils'
8 import { sequelizeTypescript } from '../../initializers/database'
9 import {
10 abuseGetValidator,
11 abuseListForAdminsValidator,
12 abuseReportValidator,
13 abusesSortValidator,
14 abuseUpdateValidator,
15 addAbuseMessageValidator,
16 asyncMiddleware,
17 asyncRetryTransactionMiddleware,
18 authenticate,
19 checkAbuseValidForMessagesValidator,
20 deleteAbuseMessageValidator,
21 ensureUserHasRight,
22 getAbuseValidator,
23 paginationValidator,
24 setDefaultPagination,
25 setDefaultSort
26 } from '../../middlewares'
27 import { AccountModel } from '../../models/account/account'
28 import { Notifier } from '@server/lib/notifier'
29 import { logger } from '@server/helpers/logger'
30
31 const abuseRouter = express.Router()
32
33 abuseRouter.get('/',
34 authenticate,
35 ensureUserHasRight(UserRight.MANAGE_ABUSES),
36 paginationValidator,
37 abusesSortValidator,
38 setDefaultSort,
39 setDefaultPagination,
40 abuseListForAdminsValidator,
41 asyncMiddleware(listAbusesForAdmins)
42 )
43 abuseRouter.put('/:id',
44 authenticate,
45 ensureUserHasRight(UserRight.MANAGE_ABUSES),
46 asyncMiddleware(abuseUpdateValidator),
47 asyncRetryTransactionMiddleware(updateAbuse)
48 )
49 abuseRouter.post('/',
50 authenticate,
51 asyncMiddleware(abuseReportValidator),
52 asyncRetryTransactionMiddleware(reportAbuse)
53 )
54 abuseRouter.delete('/:id',
55 authenticate,
56 ensureUserHasRight(UserRight.MANAGE_ABUSES),
57 asyncMiddleware(abuseGetValidator),
58 asyncRetryTransactionMiddleware(deleteAbuse)
59 )
60
61 abuseRouter.get('/:id/messages',
62 authenticate,
63 asyncMiddleware(getAbuseValidator),
64 checkAbuseValidForMessagesValidator,
65 asyncRetryTransactionMiddleware(listAbuseMessages)
66 )
67
68 abuseRouter.post('/:id/messages',
69 authenticate,
70 asyncMiddleware(getAbuseValidator),
71 checkAbuseValidForMessagesValidator,
72 addAbuseMessageValidator,
73 asyncRetryTransactionMiddleware(addAbuseMessage)
74 )
75
76 abuseRouter.delete('/:id/messages/:messageId',
77 authenticate,
78 asyncMiddleware(getAbuseValidator),
79 checkAbuseValidForMessagesValidator,
80 asyncMiddleware(deleteAbuseMessageValidator),
81 asyncRetryTransactionMiddleware(deleteAbuseMessage)
82 )
83
84 // ---------------------------------------------------------------------------
85
86 export {
87 abuseRouter,
88
89 // FIXME: deprecated in 2.3. Remove these exports
90 listAbusesForAdmins,
91 updateAbuse,
92 deleteAbuse,
93 reportAbuse
94 }
95
96 // ---------------------------------------------------------------------------
97
98 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
99 const user = res.locals.oauth.token.user
100 const serverActor = await getServerActor()
101
102 const resultList = await AbuseModel.listForAdminApi({
103 start: req.query.start,
104 count: req.query.count,
105 sort: req.query.sort,
106 id: req.query.id,
107 filter: req.query.filter,
108 predefinedReason: req.query.predefinedReason,
109 search: req.query.search,
110 state: req.query.state,
111 videoIs: req.query.videoIs,
112 searchReporter: req.query.searchReporter,
113 searchReportee: req.query.searchReportee,
114 searchVideo: req.query.searchVideo,
115 searchVideoChannel: req.query.searchVideoChannel,
116 serverAccountId: serverActor.Account.id,
117 user
118 })
119
120 return res.json({
121 total: resultList.total,
122 data: resultList.data.map(d => d.toFormattedAdminJSON())
123 })
124 }
125
126 async function updateAbuse (req: express.Request, res: express.Response) {
127 const abuse = res.locals.abuse
128 let stateUpdated = false
129
130 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
131
132 if (req.body.state !== undefined) {
133 abuse.state = req.body.state
134 stateUpdated = true
135 }
136
137 await sequelizeTypescript.transaction(t => {
138 return abuse.save({ transaction: t })
139 })
140
141 if (stateUpdated === true) {
142 AbuseModel.loadFull(abuse.id)
143 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
144 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
145 }
146
147 // Do not send the delete to other instances, we updated OUR copy of this abuse
148
149 return res.sendStatus(204)
150 }
151
152 async function deleteAbuse (req: express.Request, res: express.Response) {
153 const abuse = res.locals.abuse
154
155 await sequelizeTypescript.transaction(t => {
156 return abuse.destroy({ transaction: t })
157 })
158
159 // Do not send the delete to other instances, we delete OUR copy of this abuse
160
161 return res.sendStatus(204)
162 }
163
164 async function reportAbuse (req: express.Request, res: express.Response) {
165 const videoInstance = res.locals.videoAll
166 const commentInstance = res.locals.videoCommentFull
167 const accountInstance = res.locals.account
168
169 const body: AbuseCreate = req.body
170
171 const { id } = await sequelizeTypescript.transaction(async t => {
172 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
173 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
174
175 const baseAbuse = {
176 reporterAccountId: reporterAccount.id,
177 reason: body.reason,
178 state: AbuseState.PENDING,
179 predefinedReasons
180 }
181
182 if (body.video) {
183 return createVideoAbuse({
184 baseAbuse,
185 videoInstance,
186 reporterAccount,
187 transaction: t,
188 startAt: body.video.startAt,
189 endAt: body.video.endAt
190 })
191 }
192
193 if (body.comment) {
194 return createVideoCommentAbuse({
195 baseAbuse,
196 commentInstance,
197 reporterAccount,
198 transaction: t
199 })
200 }
201
202 // Account report
203 return createAccountAbuse({
204 baseAbuse,
205 accountInstance,
206 reporterAccount,
207 transaction: t
208 })
209 })
210
211 return res.json({ abuse: { id } })
212 }
213
214 async function listAbuseMessages (req: express.Request, res: express.Response) {
215 const abuse = res.locals.abuse
216
217 const resultList = await AbuseMessageModel.listForApi(abuse.id)
218
219 return res.json(getFormattedObjects(resultList.data, resultList.total))
220 }
221
222 async function addAbuseMessage (req: express.Request, res: express.Response) {
223 const abuse = res.locals.abuse
224 const user = res.locals.oauth.token.user
225
226 const abuseMessage = await AbuseMessageModel.create({
227 message: req.body.message,
228 byModerator: abuse.reporterAccountId !== user.Account.id,
229 accountId: user.Account.id,
230 abuseId: abuse.id
231 })
232
233 AbuseModel.loadFull(abuse.id)
234 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
235 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
236
237 return res.json({
238 abuseMessage: {
239 id: abuseMessage.id
240 }
241 })
242 }
243
244 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
245 const abuseMessage = res.locals.abuseMessage
246
247 await sequelizeTypescript.transaction(t => {
248 return abuseMessage.destroy({ transaction: t })
249 })
250
251 return res.sendStatus(204)
252 }
ActivityPub-federated video streaming platform using P2P directly in your web browser