1 import * as express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { AbuseCreate, AbuseState, UserRight } from '../../../shared'
10 import { getFormattedObjects } from '../../helpers/utils'
11 import { sequelizeTypescript } from '../../initializers/database'
14 abuseListForAdminsValidator,
18 addAbuseMessageValidator,
20 asyncRetryTransactionMiddleware,
22 checkAbuseValidForMessagesValidator,
23 deleteAbuseMessageValidator,
29 } from '../../middlewares'
30 import { AccountModel } from '../../models/account/account'
32 const abuseRouter = express.Router()
36 ensureUserHasRight(UserRight.MANAGE_ABUSES),
41 abuseListForAdminsValidator,
42 asyncMiddleware(listAbusesForAdmins)
44 abuseRouter.put('/:id',
46 ensureUserHasRight(UserRight.MANAGE_ABUSES),
47 asyncMiddleware(abuseUpdateValidator),
48 asyncRetryTransactionMiddleware(updateAbuse)
52 asyncMiddleware(abuseReportValidator),
53 asyncRetryTransactionMiddleware(reportAbuse)
55 abuseRouter.delete('/:id',
57 ensureUserHasRight(UserRight.MANAGE_ABUSES),
58 asyncMiddleware(abuseGetValidator),
59 asyncRetryTransactionMiddleware(deleteAbuse)
62 abuseRouter.get('/:id/messages',
64 asyncMiddleware(getAbuseValidator),
65 checkAbuseValidForMessagesValidator,
66 asyncRetryTransactionMiddleware(listAbuseMessages)
69 abuseRouter.post('/:id/messages',
71 asyncMiddleware(getAbuseValidator),
72 checkAbuseValidForMessagesValidator,
73 addAbuseMessageValidator,
74 asyncRetryTransactionMiddleware(addAbuseMessage)
77 abuseRouter.delete('/:id/messages/:messageId',
79 asyncMiddleware(getAbuseValidator),
80 checkAbuseValidForMessagesValidator,
81 asyncMiddleware(deleteAbuseMessageValidator),
82 asyncRetryTransactionMiddleware(deleteAbuseMessage)
85 // ---------------------------------------------------------------------------
90 // FIXME: deprecated in 2.3. Remove these exports
97 // ---------------------------------------------------------------------------
99 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
100 const user = res.locals.oauth.token.user
101 const serverActor = await getServerActor()
103 const resultList = await AbuseModel.listForAdminApi({
104 start: req.query.start,
105 count: req.query.count,
106 sort: req.query.sort,
108 filter: req.query.filter,
109 predefinedReason: req.query.predefinedReason,
110 search: req.query.search,
111 state: req.query.state,
112 videoIs: req.query.videoIs,
113 searchReporter: req.query.searchReporter,
114 searchReportee: req.query.searchReportee,
115 searchVideo: req.query.searchVideo,
116 searchVideoChannel: req.query.searchVideoChannel,
117 serverAccountId: serverActor.Account.id,
122 total: resultList.total,
123 data: resultList.data.map(d => d.toFormattedAdminJSON())
127 async function updateAbuse (req: express.Request, res: express.Response) {
128 const abuse = res.locals.abuse
129 let stateUpdated = false
131 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
133 if (req.body.state !== undefined) {
134 abuse.state = req.body.state
138 await sequelizeTypescript.transaction(t => {
139 return abuse.save({ transaction: t })
142 if (stateUpdated === true) {
143 AbuseModel.loadFull(abuse.id)
144 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
145 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
148 // Do not send the delete to other instances, we updated OUR copy of this abuse
150 return res.sendStatus(204)
153 async function deleteAbuse (req: express.Request, res: express.Response) {
154 const abuse = res.locals.abuse
156 await sequelizeTypescript.transaction(t => {
157 return abuse.destroy({ transaction: t })
160 // Do not send the delete to other instances, we delete OUR copy of this abuse
162 return res.sendStatus(204)
165 async function reportAbuse (req: express.Request, res: express.Response) {
166 const videoInstance = res.locals.videoAll
167 const commentInstance = res.locals.videoCommentFull
168 const accountInstance = res.locals.account
170 const body: AbuseCreate = req.body
172 const { id } = await sequelizeTypescript.transaction(async t => {
173 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
174 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
177 reporterAccountId: reporterAccount.id,
179 state: AbuseState.PENDING,
184 return createVideoAbuse({
189 startAt: body.video.startAt,
190 endAt: body.video.endAt
195 return createVideoCommentAbuse({
204 return createAccountAbuse({
212 return res.json({ abuse: { id } })
215 async function listAbuseMessages (req: express.Request, res: express.Response) {
216 const abuse = res.locals.abuse
218 const resultList = await AbuseMessageModel.listForApi(abuse.id)
220 return res.json(getFormattedObjects(resultList.data, resultList.total))
223 async function addAbuseMessage (req: express.Request, res: express.Response) {
224 const abuse = res.locals.abuse
225 const user = res.locals.oauth.token.user
227 const abuseMessage = await AbuseMessageModel.create({
228 message: req.body.message,
229 byModerator: abuse.reporterAccountId !== user.Account.id,
230 accountId: user.Account.id,
234 AbuseModel.loadFull(abuse.id)
235 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
236 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
245 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
246 const abuseMessage = res.locals.abuseMessage
248 await sequelizeTypescript.transaction(t => {
249 return abuseMessage.destroy({ transaction: t })
252 return res.sendStatus(204)