1 import express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { AbuseCreate, AbuseState, HttpStatusCode, UserRight } from '@shared/models'
10 import { getFormattedObjects } from '../../helpers/utils'
11 import { sequelizeTypescript } from '../../initializers/database'
14 abuseListForAdminsValidator,
18 addAbuseMessageValidator,
20 asyncRetryTransactionMiddleware,
22 checkAbuseValidForMessagesValidator,
23 deleteAbuseMessageValidator,
30 } from '../../middlewares'
31 import { AccountModel } from '../../models/account/account'
33 const abuseRouter = express.Router()
36 openapiOperationDoc({ operationId: 'getAbuses' }),
38 ensureUserHasRight(UserRight.MANAGE_ABUSES),
43 abuseListForAdminsValidator,
44 asyncMiddleware(listAbusesForAdmins)
46 abuseRouter.put('/:id',
48 ensureUserHasRight(UserRight.MANAGE_ABUSES),
49 asyncMiddleware(abuseUpdateValidator),
50 asyncRetryTransactionMiddleware(updateAbuse)
54 asyncMiddleware(abuseReportValidator),
55 asyncRetryTransactionMiddleware(reportAbuse)
57 abuseRouter.delete('/:id',
59 ensureUserHasRight(UserRight.MANAGE_ABUSES),
60 asyncMiddleware(abuseGetValidator),
61 asyncRetryTransactionMiddleware(deleteAbuse)
64 abuseRouter.get('/:id/messages',
66 asyncMiddleware(getAbuseValidator),
67 checkAbuseValidForMessagesValidator,
68 asyncRetryTransactionMiddleware(listAbuseMessages)
71 abuseRouter.post('/:id/messages',
73 asyncMiddleware(getAbuseValidator),
74 checkAbuseValidForMessagesValidator,
75 addAbuseMessageValidator,
76 asyncRetryTransactionMiddleware(addAbuseMessage)
79 abuseRouter.delete('/:id/messages/:messageId',
81 asyncMiddleware(getAbuseValidator),
82 checkAbuseValidForMessagesValidator,
83 asyncMiddleware(deleteAbuseMessageValidator),
84 asyncRetryTransactionMiddleware(deleteAbuseMessage)
87 // ---------------------------------------------------------------------------
93 // ---------------------------------------------------------------------------
95 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
96 const user = res.locals.oauth.token.user
97 const serverActor = await getServerActor()
99 const resultList = await AbuseModel.listForAdminApi({
100 start: req.query.start,
101 count: req.query.count,
102 sort: req.query.sort,
104 filter: req.query.filter,
105 predefinedReason: req.query.predefinedReason,
106 search: req.query.search,
107 state: req.query.state,
108 videoIs: req.query.videoIs,
109 searchReporter: req.query.searchReporter,
110 searchReportee: req.query.searchReportee,
111 searchVideo: req.query.searchVideo,
112 searchVideoChannel: req.query.searchVideoChannel,
113 serverAccountId: serverActor.Account.id,
118 total: resultList.total,
119 data: resultList.data.map(d => d.toFormattedAdminJSON())
123 async function updateAbuse (req: express.Request, res: express.Response) {
124 const abuse = res.locals.abuse
125 let stateUpdated = false
127 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
129 if (req.body.state !== undefined) {
130 abuse.state = req.body.state
134 await sequelizeTypescript.transaction(t => {
135 return abuse.save({ transaction: t })
138 if (stateUpdated === true) {
139 AbuseModel.loadFull(abuse.id)
140 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
141 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
144 // Do not send the delete to other instances, we updated OUR copy of this abuse
146 return res.status(HttpStatusCode.NO_CONTENT_204).end()
149 async function deleteAbuse (req: express.Request, res: express.Response) {
150 const abuse = res.locals.abuse
152 await sequelizeTypescript.transaction(t => {
153 return abuse.destroy({ transaction: t })
156 // Do not send the delete to other instances, we delete OUR copy of this abuse
158 return res.status(HttpStatusCode.NO_CONTENT_204).end()
161 async function reportAbuse (req: express.Request, res: express.Response) {
162 const videoInstance = res.locals.videoAll
163 const commentInstance = res.locals.videoCommentFull
164 const accountInstance = res.locals.account
166 const body: AbuseCreate = req.body
168 const { id } = await sequelizeTypescript.transaction(async t => {
169 const user = res.locals.oauth.token.User
170 // Don't send abuse notification if reporter is an admin/moderator
171 const skipNotification = user.hasRight(UserRight.MANAGE_ABUSES)
173 const reporterAccount = await AccountModel.load(user.Account.id, t)
174 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
177 reporterAccountId: reporterAccount.id,
179 state: AbuseState.PENDING,
184 return createVideoAbuse({
189 startAt: body.video.startAt,
190 endAt: body.video.endAt,
196 return createVideoCommentAbuse({
206 return createAccountAbuse({
215 return res.json({ abuse: { id } })
218 async function listAbuseMessages (req: express.Request, res: express.Response) {
219 const abuse = res.locals.abuse
221 const resultList = await AbuseMessageModel.listForApi(abuse.id)
223 return res.json(getFormattedObjects(resultList.data, resultList.total))
226 async function addAbuseMessage (req: express.Request, res: express.Response) {
227 const abuse = res.locals.abuse
228 const user = res.locals.oauth.token.user
230 const abuseMessage = await AbuseMessageModel.create({
231 message: req.body.message,
232 byModerator: abuse.reporterAccountId !== user.Account.id,
233 accountId: user.Account.id,
237 AbuseModel.loadFull(abuse.id)
238 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
239 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
248 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
249 const abuseMessage = res.locals.abuseMessage
251 await sequelizeTypescript.transaction(t => {
252 return abuseMessage.destroy({ transaction: t })
255 return res.status(HttpStatusCode.NO_CONTENT_204).end()