]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/abuse.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
replace numbers with typed http status codes (#3409)
[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts
1 import * as express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
10 import { AbuseCreate, AbuseState, UserRight } from '../../../shared'
11 import { getFormattedObjects } from '../../helpers/utils'
12 import { sequelizeTypescript } from '../../initializers/database'
13 import {
14 abuseGetValidator,
15 abuseListForAdminsValidator,
16 abuseReportValidator,
17 abusesSortValidator,
18 abuseUpdateValidator,
19 addAbuseMessageValidator,
20 asyncMiddleware,
21 asyncRetryTransactionMiddleware,
22 authenticate,
23 checkAbuseValidForMessagesValidator,
24 deleteAbuseMessageValidator,
25 ensureUserHasRight,
26 getAbuseValidator,
27 paginationValidator,
28 setDefaultPagination,
29 setDefaultSort
30 } from '../../middlewares'
31 import { AccountModel } from '../../models/account/account'
32
33 const abuseRouter = express.Router()
34
35 abuseRouter.get('/',
36 authenticate,
37 ensureUserHasRight(UserRight.MANAGE_ABUSES),
38 paginationValidator,
39 abusesSortValidator,
40 setDefaultSort,
41 setDefaultPagination,
42 abuseListForAdminsValidator,
43 asyncMiddleware(listAbusesForAdmins)
44 )
45 abuseRouter.put('/:id',
46 authenticate,
47 ensureUserHasRight(UserRight.MANAGE_ABUSES),
48 asyncMiddleware(abuseUpdateValidator),
49 asyncRetryTransactionMiddleware(updateAbuse)
50 )
51 abuseRouter.post('/',
52 authenticate,
53 asyncMiddleware(abuseReportValidator),
54 asyncRetryTransactionMiddleware(reportAbuse)
55 )
56 abuseRouter.delete('/:id',
57 authenticate,
58 ensureUserHasRight(UserRight.MANAGE_ABUSES),
59 asyncMiddleware(abuseGetValidator),
60 asyncRetryTransactionMiddleware(deleteAbuse)
61 )
62
63 abuseRouter.get('/:id/messages',
64 authenticate,
65 asyncMiddleware(getAbuseValidator),
66 checkAbuseValidForMessagesValidator,
67 asyncRetryTransactionMiddleware(listAbuseMessages)
68 )
69
70 abuseRouter.post('/:id/messages',
71 authenticate,
72 asyncMiddleware(getAbuseValidator),
73 checkAbuseValidForMessagesValidator,
74 addAbuseMessageValidator,
75 asyncRetryTransactionMiddleware(addAbuseMessage)
76 )
77
78 abuseRouter.delete('/:id/messages/:messageId',
79 authenticate,
80 asyncMiddleware(getAbuseValidator),
81 checkAbuseValidForMessagesValidator,
82 asyncMiddleware(deleteAbuseMessageValidator),
83 asyncRetryTransactionMiddleware(deleteAbuseMessage)
84 )
85
86 // ---------------------------------------------------------------------------
87
88 export {
89 abuseRouter
90 }
91
92 // ---------------------------------------------------------------------------
93
94 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
95 const user = res.locals.oauth.token.user
96 const serverActor = await getServerActor()
97
98 const resultList = await AbuseModel.listForAdminApi({
99 start: req.query.start,
100 count: req.query.count,
101 sort: req.query.sort,
102 id: req.query.id,
103 filter: req.query.filter,
104 predefinedReason: req.query.predefinedReason,
105 search: req.query.search,
106 state: req.query.state,
107 videoIs: req.query.videoIs,
108 searchReporter: req.query.searchReporter,
109 searchReportee: req.query.searchReportee,
110 searchVideo: req.query.searchVideo,
111 searchVideoChannel: req.query.searchVideoChannel,
112 serverAccountId: serverActor.Account.id,
113 user
114 })
115
116 return res.json({
117 total: resultList.total,
118 data: resultList.data.map(d => d.toFormattedAdminJSON())
119 })
120 }
121
122 async function updateAbuse (req: express.Request, res: express.Response) {
123 const abuse = res.locals.abuse
124 let stateUpdated = false
125
126 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
127
128 if (req.body.state !== undefined) {
129 abuse.state = req.body.state
130 stateUpdated = true
131 }
132
133 await sequelizeTypescript.transaction(t => {
134 return abuse.save({ transaction: t })
135 })
136
137 if (stateUpdated === true) {
138 AbuseModel.loadFull(abuse.id)
139 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
140 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
141 }
142
143 // Do not send the delete to other instances, we updated OUR copy of this abuse
144
145 return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
146 }
147
148 async function deleteAbuse (req: express.Request, res: express.Response) {
149 const abuse = res.locals.abuse
150
151 await sequelizeTypescript.transaction(t => {
152 return abuse.destroy({ transaction: t })
153 })
154
155 // Do not send the delete to other instances, we delete OUR copy of this abuse
156
157 return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
158 }
159
160 async function reportAbuse (req: express.Request, res: express.Response) {
161 const videoInstance = res.locals.videoAll
162 const commentInstance = res.locals.videoCommentFull
163 const accountInstance = res.locals.account
164
165 const body: AbuseCreate = req.body
166
167 const { id } = await sequelizeTypescript.transaction(async t => {
168 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
169 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
170
171 const baseAbuse = {
172 reporterAccountId: reporterAccount.id,
173 reason: body.reason,
174 state: AbuseState.PENDING,
175 predefinedReasons
176 }
177
178 if (body.video) {
179 return createVideoAbuse({
180 baseAbuse,
181 videoInstance,
182 reporterAccount,
183 transaction: t,
184 startAt: body.video.startAt,
185 endAt: body.video.endAt
186 })
187 }
188
189 if (body.comment) {
190 return createVideoCommentAbuse({
191 baseAbuse,
192 commentInstance,
193 reporterAccount,
194 transaction: t
195 })
196 }
197
198 // Account report
199 return createAccountAbuse({
200 baseAbuse,
201 accountInstance,
202 reporterAccount,
203 transaction: t
204 })
205 })
206
207 return res.json({ abuse: { id } })
208 }
209
210 async function listAbuseMessages (req: express.Request, res: express.Response) {
211 const abuse = res.locals.abuse
212
213 const resultList = await AbuseMessageModel.listForApi(abuse.id)
214
215 return res.json(getFormattedObjects(resultList.data, resultList.total))
216 }
217
218 async function addAbuseMessage (req: express.Request, res: express.Response) {
219 const abuse = res.locals.abuse
220 const user = res.locals.oauth.token.user
221
222 const abuseMessage = await AbuseMessageModel.create({
223 message: req.body.message,
224 byModerator: abuse.reporterAccountId !== user.Account.id,
225 accountId: user.Account.id,
226 abuseId: abuse.id
227 })
228
229 AbuseModel.loadFull(abuse.id)
230 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
231 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
232
233 return res.json({
234 abuseMessage: {
235 id: abuseMessage.id
236 }
237 })
238 }
239
240 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
241 const abuseMessage = res.locals.abuseMessage
242
243 await sequelizeTypescript.transaction(t => {
244 return abuseMessage.destroy({ transaction: t })
245 })
246
247 return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
248 }
ActivityPub-federated video streaming platform using P2P directly in your web browser