1 import * as express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { HttpStatusCode } from '@shared/models'
10 import { AbuseCreate, AbuseState, UserRight } from '../../../shared'
11 import { getFormattedObjects } from '../../helpers/utils'
12 import { sequelizeTypescript } from '../../initializers/database'
15 abuseListForAdminsValidator,
19 addAbuseMessageValidator,
21 asyncRetryTransactionMiddleware,
23 checkAbuseValidForMessagesValidator,
24 deleteAbuseMessageValidator,
31 } from '../../middlewares'
32 import { AccountModel } from '../../models/account/account'
34 const abuseRouter = express.Router()
37 openapiOperationDoc({ operationId: 'getAbuses' }),
39 ensureUserHasRight(UserRight.MANAGE_ABUSES),
44 abuseListForAdminsValidator,
45 asyncMiddleware(listAbusesForAdmins)
47 abuseRouter.put('/:id',
49 ensureUserHasRight(UserRight.MANAGE_ABUSES),
50 asyncMiddleware(abuseUpdateValidator),
51 asyncRetryTransactionMiddleware(updateAbuse)
55 asyncMiddleware(abuseReportValidator),
56 asyncRetryTransactionMiddleware(reportAbuse)
58 abuseRouter.delete('/:id',
60 ensureUserHasRight(UserRight.MANAGE_ABUSES),
61 asyncMiddleware(abuseGetValidator),
62 asyncRetryTransactionMiddleware(deleteAbuse)
65 abuseRouter.get('/:id/messages',
67 asyncMiddleware(getAbuseValidator),
68 checkAbuseValidForMessagesValidator,
69 asyncRetryTransactionMiddleware(listAbuseMessages)
72 abuseRouter.post('/:id/messages',
74 asyncMiddleware(getAbuseValidator),
75 checkAbuseValidForMessagesValidator,
76 addAbuseMessageValidator,
77 asyncRetryTransactionMiddleware(addAbuseMessage)
80 abuseRouter.delete('/:id/messages/:messageId',
82 asyncMiddleware(getAbuseValidator),
83 checkAbuseValidForMessagesValidator,
84 asyncMiddleware(deleteAbuseMessageValidator),
85 asyncRetryTransactionMiddleware(deleteAbuseMessage)
88 // ---------------------------------------------------------------------------
94 // ---------------------------------------------------------------------------
96 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
97 const user = res.locals.oauth.token.user
98 const serverActor = await getServerActor()
100 const resultList = await AbuseModel.listForAdminApi({
101 start: req.query.start,
102 count: req.query.count,
103 sort: req.query.sort,
105 filter: req.query.filter,
106 predefinedReason: req.query.predefinedReason,
107 search: req.query.search,
108 state: req.query.state,
109 videoIs: req.query.videoIs,
110 searchReporter: req.query.searchReporter,
111 searchReportee: req.query.searchReportee,
112 searchVideo: req.query.searchVideo,
113 searchVideoChannel: req.query.searchVideoChannel,
114 serverAccountId: serverActor.Account.id,
119 total: resultList.total,
120 data: resultList.data.map(d => d.toFormattedAdminJSON())
124 async function updateAbuse (req: express.Request, res: express.Response) {
125 const abuse = res.locals.abuse
126 let stateUpdated = false
128 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
130 if (req.body.state !== undefined) {
131 abuse.state = req.body.state
135 await sequelizeTypescript.transaction(t => {
136 return abuse.save({ transaction: t })
139 if (stateUpdated === true) {
140 AbuseModel.loadFull(abuse.id)
141 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
142 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
145 // Do not send the delete to other instances, we updated OUR copy of this abuse
147 return res.status(HttpStatusCode.NO_CONTENT_204).end()
150 async function deleteAbuse (req: express.Request, res: express.Response) {
151 const abuse = res.locals.abuse
153 await sequelizeTypescript.transaction(t => {
154 return abuse.destroy({ transaction: t })
157 // Do not send the delete to other instances, we delete OUR copy of this abuse
159 return res.status(HttpStatusCode.NO_CONTENT_204).end()
162 async function reportAbuse (req: express.Request, res: express.Response) {
163 const videoInstance = res.locals.videoAll
164 const commentInstance = res.locals.videoCommentFull
165 const accountInstance = res.locals.account
167 const body: AbuseCreate = req.body
169 const { id } = await sequelizeTypescript.transaction(async t => {
170 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
171 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
174 reporterAccountId: reporterAccount.id,
176 state: AbuseState.PENDING,
181 return createVideoAbuse({
186 startAt: body.video.startAt,
187 endAt: body.video.endAt
192 return createVideoCommentAbuse({
201 return createAccountAbuse({
209 return res.json({ abuse: { id } })
212 async function listAbuseMessages (req: express.Request, res: express.Response) {
213 const abuse = res.locals.abuse
215 const resultList = await AbuseMessageModel.listForApi(abuse.id)
217 return res.json(getFormattedObjects(resultList.data, resultList.total))
220 async function addAbuseMessage (req: express.Request, res: express.Response) {
221 const abuse = res.locals.abuse
222 const user = res.locals.oauth.token.user
224 const abuseMessage = await AbuseMessageModel.create({
225 message: req.body.message,
226 byModerator: abuse.reporterAccountId !== user.Account.id,
227 accountId: user.Account.id,
231 AbuseModel.loadFull(abuse.id)
232 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
233 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
242 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
243 const abuseMessage = res.locals.abuseMessage
245 await sequelizeTypescript.transaction(t => {
246 return abuseMessage.destroy({ transaction: t })
249 return res.status(HttpStatusCode.NO_CONTENT_204).end()