]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/abuse.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove deprecated abuse api
[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts
1 import * as express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { AbuseCreate, AbuseState, UserRight } from '../../../shared'
10 import { getFormattedObjects } from '../../helpers/utils'
11 import { sequelizeTypescript } from '../../initializers/database'
12 import {
13 abuseGetValidator,
14 abuseListForAdminsValidator,
15 abuseReportValidator,
16 abusesSortValidator,
17 abuseUpdateValidator,
18 addAbuseMessageValidator,
19 asyncMiddleware,
20 asyncRetryTransactionMiddleware,
21 authenticate,
22 checkAbuseValidForMessagesValidator,
23 deleteAbuseMessageValidator,
24 ensureUserHasRight,
25 getAbuseValidator,
26 paginationValidator,
27 setDefaultPagination,
28 setDefaultSort
29 } from '../../middlewares'
30 import { AccountModel } from '../../models/account/account'
31
32 const abuseRouter = express.Router()
33
34 abuseRouter.get('/',
35 authenticate,
36 ensureUserHasRight(UserRight.MANAGE_ABUSES),
37 paginationValidator,
38 abusesSortValidator,
39 setDefaultSort,
40 setDefaultPagination,
41 abuseListForAdminsValidator,
42 asyncMiddleware(listAbusesForAdmins)
43 )
44 abuseRouter.put('/:id',
45 authenticate,
46 ensureUserHasRight(UserRight.MANAGE_ABUSES),
47 asyncMiddleware(abuseUpdateValidator),
48 asyncRetryTransactionMiddleware(updateAbuse)
49 )
50 abuseRouter.post('/',
51 authenticate,
52 asyncMiddleware(abuseReportValidator),
53 asyncRetryTransactionMiddleware(reportAbuse)
54 )
55 abuseRouter.delete('/:id',
56 authenticate,
57 ensureUserHasRight(UserRight.MANAGE_ABUSES),
58 asyncMiddleware(abuseGetValidator),
59 asyncRetryTransactionMiddleware(deleteAbuse)
60 )
61
62 abuseRouter.get('/:id/messages',
63 authenticate,
64 asyncMiddleware(getAbuseValidator),
65 checkAbuseValidForMessagesValidator,
66 asyncRetryTransactionMiddleware(listAbuseMessages)
67 )
68
69 abuseRouter.post('/:id/messages',
70 authenticate,
71 asyncMiddleware(getAbuseValidator),
72 checkAbuseValidForMessagesValidator,
73 addAbuseMessageValidator,
74 asyncRetryTransactionMiddleware(addAbuseMessage)
75 )
76
77 abuseRouter.delete('/:id/messages/:messageId',
78 authenticate,
79 asyncMiddleware(getAbuseValidator),
80 checkAbuseValidForMessagesValidator,
81 asyncMiddleware(deleteAbuseMessageValidator),
82 asyncRetryTransactionMiddleware(deleteAbuseMessage)
83 )
84
85 // ---------------------------------------------------------------------------
86
87 export {
88 abuseRouter
89 }
90
91 // ---------------------------------------------------------------------------
92
93 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
94 const user = res.locals.oauth.token.user
95 const serverActor = await getServerActor()
96
97 const resultList = await AbuseModel.listForAdminApi({
98 start: req.query.start,
99 count: req.query.count,
100 sort: req.query.sort,
101 id: req.query.id,
102 filter: req.query.filter,
103 predefinedReason: req.query.predefinedReason,
104 search: req.query.search,
105 state: req.query.state,
106 videoIs: req.query.videoIs,
107 searchReporter: req.query.searchReporter,
108 searchReportee: req.query.searchReportee,
109 searchVideo: req.query.searchVideo,
110 searchVideoChannel: req.query.searchVideoChannel,
111 serverAccountId: serverActor.Account.id,
112 user
113 })
114
115 return res.json({
116 total: resultList.total,
117 data: resultList.data.map(d => d.toFormattedAdminJSON())
118 })
119 }
120
121 async function updateAbuse (req: express.Request, res: express.Response) {
122 const abuse = res.locals.abuse
123 let stateUpdated = false
124
125 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
126
127 if (req.body.state !== undefined) {
128 abuse.state = req.body.state
129 stateUpdated = true
130 }
131
132 await sequelizeTypescript.transaction(t => {
133 return abuse.save({ transaction: t })
134 })
135
136 if (stateUpdated === true) {
137 AbuseModel.loadFull(abuse.id)
138 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
139 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
140 }
141
142 // Do not send the delete to other instances, we updated OUR copy of this abuse
143
144 return res.sendStatus(204)
145 }
146
147 async function deleteAbuse (req: express.Request, res: express.Response) {
148 const abuse = res.locals.abuse
149
150 await sequelizeTypescript.transaction(t => {
151 return abuse.destroy({ transaction: t })
152 })
153
154 // Do not send the delete to other instances, we delete OUR copy of this abuse
155
156 return res.sendStatus(204)
157 }
158
159 async function reportAbuse (req: express.Request, res: express.Response) {
160 const videoInstance = res.locals.videoAll
161 const commentInstance = res.locals.videoCommentFull
162 const accountInstance = res.locals.account
163
164 const body: AbuseCreate = req.body
165
166 const { id } = await sequelizeTypescript.transaction(async t => {
167 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
168 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
169
170 const baseAbuse = {
171 reporterAccountId: reporterAccount.id,
172 reason: body.reason,
173 state: AbuseState.PENDING,
174 predefinedReasons
175 }
176
177 if (body.video) {
178 return createVideoAbuse({
179 baseAbuse,
180 videoInstance,
181 reporterAccount,
182 transaction: t,
183 startAt: body.video.startAt,
184 endAt: body.video.endAt
185 })
186 }
187
188 if (body.comment) {
189 return createVideoCommentAbuse({
190 baseAbuse,
191 commentInstance,
192 reporterAccount,
193 transaction: t
194 })
195 }
196
197 // Account report
198 return createAccountAbuse({
199 baseAbuse,
200 accountInstance,
201 reporterAccount,
202 transaction: t
203 })
204 })
205
206 return res.json({ abuse: { id } })
207 }
208
209 async function listAbuseMessages (req: express.Request, res: express.Response) {
210 const abuse = res.locals.abuse
211
212 const resultList = await AbuseMessageModel.listForApi(abuse.id)
213
214 return res.json(getFormattedObjects(resultList.data, resultList.total))
215 }
216
217 async function addAbuseMessage (req: express.Request, res: express.Response) {
218 const abuse = res.locals.abuse
219 const user = res.locals.oauth.token.user
220
221 const abuseMessage = await AbuseMessageModel.create({
222 message: req.body.message,
223 byModerator: abuse.reporterAccountId !== user.Account.id,
224 accountId: user.Account.id,
225 abuseId: abuse.id
226 })
227
228 AbuseModel.loadFull(abuse.id)
229 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
230 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
231
232 return res.json({
233 abuseMessage: {
234 id: abuseMessage.id
235 }
236 })
237 }
238
239 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
240 const abuseMessage = res.locals.abuseMessage
241
242 await sequelizeTypescript.transaction(t => {
243 return abuseMessage.destroy({ transaction: t })
244 })
245
246 return res.sendStatus(204)
247 }
ActivityPub-federated video streaming platform using P2P directly in your web browser