server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import {
   7   asyncMiddleware,
   8   asyncRetryTransactionMiddleware,
   9   authenticate,
  10   ensureUserHasRight,
  11   paginationValidator,
  12   setDefaultPagination,
  13   setDefaultSort,
  14   videoAbuseGetValidator,
  15   videoAbuseReportValidator,
  16   videoAbusesSortValidator,
  17   videoAbuseUpdateValidator
  18 } from '../../../middlewares'
  19 import { AccountModel } from '../../../models/account/account'
  20 import { VideoModel } from '../../../models/video/video'
  21 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  22 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  23 import { UserModel } from '../../../models/account/user'
  24 import { Notifier } from '../../../lib/notifier'
  25 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
  26
  27 const auditLogger = auditLoggerFactory('abuse')
  28 const abuseVideoRouter = express.Router()
  29
  30 abuseVideoRouter.get('/abuse',
  31   authenticate,
  32   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  33   paginationValidator,
  34   videoAbusesSortValidator,
  35   setDefaultSort,
  36   setDefaultPagination,
  37   asyncMiddleware(listVideoAbuses)
  38 )
  39 abuseVideoRouter.put('/:videoId/abuse/:id',
  40   authenticate,
  41   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  42   asyncMiddleware(videoAbuseUpdateValidator),
  43   asyncRetryTransactionMiddleware(updateVideoAbuse)
  44 )
  45 abuseVideoRouter.post('/:videoId/abuse',
  46   authenticate,
  47   asyncMiddleware(videoAbuseReportValidator),
  48   asyncRetryTransactionMiddleware(reportVideoAbuse)
  49 )
  50 abuseVideoRouter.delete('/:videoId/abuse/:id',
  51   authenticate,
  52   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  53   asyncMiddleware(videoAbuseGetValidator),
  54   asyncRetryTransactionMiddleware(deleteVideoAbuse)
  55 )
  56
  57 // ---------------------------------------------------------------------------
  58
  59 export {
  60   abuseVideoRouter
  61 }
  62
  63 // ---------------------------------------------------------------------------
  64
  65 async function listVideoAbuses (req: express.Request, res: express.Response) {
  66   const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  67
  68   return res.json(getFormattedObjects(resultList.data, resultList.total))
  69 }
  70
  71 async function updateVideoAbuse (req: express.Request, res: express.Response) {
  72   const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
  73
  74   if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  75   if (req.body.state !== undefined) videoAbuse.state = req.body.state
  76
  77   await sequelizeTypescript.transaction(t => {
  78     return videoAbuse.save({ transaction: t })
  79   })
  80
  81   // Do not send the delete to other instances, we updated OUR copy of this video abuse
  82
  83   return res.type('json').status(204).end()
  84 }
  85
  86 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  87   const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
  88
  89   await sequelizeTypescript.transaction(t => {
  90     return videoAbuse.destroy({ transaction: t })
  91   })
  92
  93   // Do not send the delete to other instances, we delete OUR copy of this video abuse
  94
  95   return res.type('json').status(204).end()
  96 }
  97
  98 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  99   const videoInstance = res.locals.video as VideoModel
 100   const body: VideoAbuseCreate = req.body
 101
 102   const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
 103     const reporterAccount = await AccountModel.load((res.locals.oauth.token.User as UserModel).Account.id, t)
 104
 105     const abuseToCreate = {
 106       reporterAccountId: reporterAccount.id,
 107       reason: body.reason,
 108       videoId: videoInstance.id,
 109       state: VideoAbuseState.PENDING
 110     }
 111
 112     const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
 113     videoAbuseInstance.Video = videoInstance
 114     videoAbuseInstance.Account = reporterAccount
 115
 116     // We send the video abuse to the origin server
 117     if (videoInstance.isOwned() === false) {
 118       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance)
 119     }
 120
 121     Notifier.Instance.notifyOnNewVideoAbuse(videoAbuseInstance)
 122
 123     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
 124
 125     return videoAbuseInstance
 126   })
 127
 128   logger.info('Abuse report for video %s created.', videoInstance.name)
 129
 130   return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
 131 }