]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/controllers/api/abuse.ts
projects / github / Chocobozzz / PeerTube.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Refactor requests
[github/Chocobozzz/PeerTube.git] / server / controllers / api / abuse.ts
1 import * as express from 'express'
2 import { logger } from '@server/helpers/logger'
3 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
4 import { Notifier } from '@server/lib/notifier'
5 import { AbuseModel } from '@server/models/abuse/abuse'
6 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
7 import { getServerActor } from '@server/models/application/application'
8 import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
9 import { HttpStatusCode } from '@shared/models'
10 import { AbuseCreate, AbuseState, UserRight } from '../../../shared'
11 import { getFormattedObjects } from '../../helpers/utils'
12 import { sequelizeTypescript } from '../../initializers/database'
13 import {
14 abuseGetValidator,
15 abuseListForAdminsValidator,
16 abuseReportValidator,
17 abusesSortValidator,
18 abuseUpdateValidator,
19 addAbuseMessageValidator,
20 asyncMiddleware,
21 asyncRetryTransactionMiddleware,
22 authenticate,
23 checkAbuseValidForMessagesValidator,
24 deleteAbuseMessageValidator,
25 ensureUserHasRight,
26 getAbuseValidator,
27 openapiOperationDoc,
28 paginationValidator,
29 setDefaultPagination,
30 setDefaultSort
31 } from '../../middlewares'
32 import { AccountModel } from '../../models/account/account'
33
34 const abuseRouter = express.Router()
35
36 abuseRouter.get('/',
37 openapiOperationDoc({ operationId: 'getAbuses' }),
38 authenticate,
39 ensureUserHasRight(UserRight.MANAGE_ABUSES),
40 paginationValidator,
41 abusesSortValidator,
42 setDefaultSort,
43 setDefaultPagination,
44 abuseListForAdminsValidator,
45 asyncMiddleware(listAbusesForAdmins)
46 )
47 abuseRouter.put('/:id',
48 authenticate,
49 ensureUserHasRight(UserRight.MANAGE_ABUSES),
50 asyncMiddleware(abuseUpdateValidator),
51 asyncRetryTransactionMiddleware(updateAbuse)
52 )
53 abuseRouter.post('/',
54 authenticate,
55 asyncMiddleware(abuseReportValidator),
56 asyncRetryTransactionMiddleware(reportAbuse)
57 )
58 abuseRouter.delete('/:id',
59 authenticate,
60 ensureUserHasRight(UserRight.MANAGE_ABUSES),
61 asyncMiddleware(abuseGetValidator),
62 asyncRetryTransactionMiddleware(deleteAbuse)
63 )
64
65 abuseRouter.get('/:id/messages',
66 authenticate,
67 asyncMiddleware(getAbuseValidator),
68 checkAbuseValidForMessagesValidator,
69 asyncRetryTransactionMiddleware(listAbuseMessages)
70 )
71
72 abuseRouter.post('/:id/messages',
73 authenticate,
74 asyncMiddleware(getAbuseValidator),
75 checkAbuseValidForMessagesValidator,
76 addAbuseMessageValidator,
77 asyncRetryTransactionMiddleware(addAbuseMessage)
78 )
79
80 abuseRouter.delete('/:id/messages/:messageId',
81 authenticate,
82 asyncMiddleware(getAbuseValidator),
83 checkAbuseValidForMessagesValidator,
84 asyncMiddleware(deleteAbuseMessageValidator),
85 asyncRetryTransactionMiddleware(deleteAbuseMessage)
86 )
87
88 // ---------------------------------------------------------------------------
89
90 export {
91 abuseRouter
92 }
93
94 // ---------------------------------------------------------------------------
95
96 async function listAbusesForAdmins (req: express.Request, res: express.Response) {
97 const user = res.locals.oauth.token.user
98 const serverActor = await getServerActor()
99
100 const resultList = await AbuseModel.listForAdminApi({
101 start: req.query.start,
102 count: req.query.count,
103 sort: req.query.sort,
104 id: req.query.id,
105 filter: req.query.filter,
106 predefinedReason: req.query.predefinedReason,
107 search: req.query.search,
108 state: req.query.state,
109 videoIs: req.query.videoIs,
110 searchReporter: req.query.searchReporter,
111 searchReportee: req.query.searchReportee,
112 searchVideo: req.query.searchVideo,
113 searchVideoChannel: req.query.searchVideoChannel,
114 serverAccountId: serverActor.Account.id,
115 user
116 })
117
118 return res.json({
119 total: resultList.total,
120 data: resultList.data.map(d => d.toFormattedAdminJSON())
121 })
122 }
123
124 async function updateAbuse (req: express.Request, res: express.Response) {
125 const abuse = res.locals.abuse
126 let stateUpdated = false
127
128 if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
129
130 if (req.body.state !== undefined) {
131 abuse.state = req.body.state
132 stateUpdated = true
133 }
134
135 await sequelizeTypescript.transaction(t => {
136 return abuse.save({ transaction: t })
137 })
138
139 if (stateUpdated === true) {
140 AbuseModel.loadFull(abuse.id)
141 .then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
142 .catch(err => logger.error('Cannot notify on abuse state change', { err }))
143 }
144
145 // Do not send the delete to other instances, we updated OUR copy of this abuse
146
147 return res.status(HttpStatusCode.NO_CONTENT_204).end()
148 }
149
150 async function deleteAbuse (req: express.Request, res: express.Response) {
151 const abuse = res.locals.abuse
152
153 await sequelizeTypescript.transaction(t => {
154 return abuse.destroy({ transaction: t })
155 })
156
157 // Do not send the delete to other instances, we delete OUR copy of this abuse
158
159 return res.status(HttpStatusCode.NO_CONTENT_204).end()
160 }
161
162 async function reportAbuse (req: express.Request, res: express.Response) {
163 const videoInstance = res.locals.videoAll
164 const commentInstance = res.locals.videoCommentFull
165 const accountInstance = res.locals.account
166
167 const body: AbuseCreate = req.body
168
169 const { id } = await sequelizeTypescript.transaction(async t => {
170 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
171 const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
172
173 const baseAbuse = {
174 reporterAccountId: reporterAccount.id,
175 reason: body.reason,
176 state: AbuseState.PENDING,
177 predefinedReasons
178 }
179
180 if (body.video) {
181 return createVideoAbuse({
182 baseAbuse,
183 videoInstance,
184 reporterAccount,
185 transaction: t,
186 startAt: body.video.startAt,
187 endAt: body.video.endAt
188 })
189 }
190
191 if (body.comment) {
192 return createVideoCommentAbuse({
193 baseAbuse,
194 commentInstance,
195 reporterAccount,
196 transaction: t
197 })
198 }
199
200 // Account report
201 return createAccountAbuse({
202 baseAbuse,
203 accountInstance,
204 reporterAccount,
205 transaction: t
206 })
207 })
208
209 return res.json({ abuse: { id } })
210 }
211
212 async function listAbuseMessages (req: express.Request, res: express.Response) {
213 const abuse = res.locals.abuse
214
215 const resultList = await AbuseMessageModel.listForApi(abuse.id)
216
217 return res.json(getFormattedObjects(resultList.data, resultList.total))
218 }
219
220 async function addAbuseMessage (req: express.Request, res: express.Response) {
221 const abuse = res.locals.abuse
222 const user = res.locals.oauth.token.user
223
224 const abuseMessage = await AbuseMessageModel.create({
225 message: req.body.message,
226 byModerator: abuse.reporterAccountId !== user.Account.id,
227 accountId: user.Account.id,
228 abuseId: abuse.id
229 })
230
231 AbuseModel.loadFull(abuse.id)
232 .then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
233 .catch(err => logger.error('Cannot notify on new abuse message', { err }))
234
235 return res.json({
236 abuseMessage: {
237 id: abuseMessage.id
238 }
239 })
240 }
241
242 async function deleteAbuseMessage (req: express.Request, res: express.Response) {
243 const abuseMessage = res.locals.abuseMessage
244
245 await sequelizeTypescript.transaction(t => {
246 return abuseMessage.destroy({ transaction: t })
247 })
248
249 return res.status(HttpStatusCode.NO_CONTENT_204).end()
250 }
ActivityPub-federated video streaming platform using P2P directly in your web browser