server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import { sendVideoAbuse } from '../../../lib/activitypub/send'
   7 import {
   8   asyncMiddleware,
   9   asyncRetryTransactionMiddleware,
  10   authenticate,
  11   ensureUserHasRight,
  12   paginationValidator,
  13   setDefaultPagination,
  14   setDefaultSort,
  15   videoAbuseGetValidator,
  16   videoAbuseReportValidator,
  17   videoAbusesSortValidator,
  18   videoAbuseUpdateValidator
  19 } from '../../../middlewares'
  20 import { AccountModel } from '../../../models/account/account'
  21 import { VideoModel } from '../../../models/video/video'
  22 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  23 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  24
  25 const auditLogger = auditLoggerFactory('abuse')
  26 const abuseVideoRouter = express.Router()
  27
  28 abuseVideoRouter.get('/abuse',
  29   authenticate,
  30   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  31   paginationValidator,
  32   videoAbusesSortValidator,
  33   setDefaultSort,
  34   setDefaultPagination,
  35   asyncMiddleware(listVideoAbuses)
  36 )
  37 abuseVideoRouter.put('/:videoId/abuse/:id',
  38   authenticate,
  39   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  40   asyncMiddleware(videoAbuseUpdateValidator),
  41   asyncRetryTransactionMiddleware(updateVideoAbuse)
  42 )
  43 abuseVideoRouter.post('/:videoId/abuse',
  44   authenticate,
  45   asyncMiddleware(videoAbuseReportValidator),
  46   asyncRetryTransactionMiddleware(reportVideoAbuse)
  47 )
  48 abuseVideoRouter.delete('/:videoId/abuse/:id',
  49   authenticate,
  50   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  51   asyncMiddleware(videoAbuseGetValidator),
  52   asyncRetryTransactionMiddleware(deleteVideoAbuse)
  53 )
  54
  55 // ---------------------------------------------------------------------------
  56
  57 export {
  58   abuseVideoRouter
  59 }
  60
  61 // ---------------------------------------------------------------------------
  62
  63 async function listVideoAbuses (req: express.Request, res: express.Response) {
  64   const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  65
  66   return res.json(getFormattedObjects(resultList.data, resultList.total))
  67 }
  68
  69 async function updateVideoAbuse (req: express.Request, res: express.Response) {
  70   const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
  71
  72   if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  73   if (req.body.state !== undefined) videoAbuse.state = req.body.state
  74
  75   await sequelizeTypescript.transaction(t => {
  76     return videoAbuse.save({ transaction: t })
  77   })
  78
  79   // Do not send the delete to other instances, we updated OUR copy of this video abuse
  80
  81   return res.type('json').status(204).end()
  82 }
  83
  84 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  85   const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
  86
  87   await sequelizeTypescript.transaction(t => {
  88     return videoAbuse.destroy({ transaction: t })
  89   })
  90
  91   // Do not send the delete to other instances, we delete OUR copy of this video abuse
  92
  93   return res.type('json').status(204).end()
  94 }
  95
  96 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  97   const videoInstance = res.locals.video as VideoModel
  98   const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
  99   const body: VideoAbuseCreate = req.body
 100
 101   const abuseToCreate = {
 102     reporterAccountId: reporterAccount.id,
 103     reason: body.reason,
 104     videoId: videoInstance.id,
 105     state: VideoAbuseState.PENDING
 106   }
 107
 108   const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
 109     const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
 110     videoAbuseInstance.Video = videoInstance
 111     videoAbuseInstance.Account = reporterAccount
 112
 113     // We send the video abuse to the origin server
 114     if (videoInstance.isOwned() === false) {
 115       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance)
 116     }
 117
 118     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
 119
 120     return videoAbuseInstance
 121   })
 122
 123   logger.info('Abuse report for video %s created.', videoInstance.name)
 124   return res.json({
 125     videoAbuse: videoAbuse.toFormattedJSON()
 126   }).end()
 127 }