server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import {
   7   asyncMiddleware,
   8   asyncRetryTransactionMiddleware,
   9   authenticate,
  10   ensureUserHasRight,
  11   paginationValidator,
  12   setDefaultPagination,
  13   setDefaultSort,
  14   videoAbuseGetValidator,
  15   videoAbuseReportValidator,
  16   videoAbusesSortValidator,
  17   videoAbuseUpdateValidator,
  18   videoAbuseListValidator
  19 } from '../../../middlewares'
  20 import { AccountModel } from '../../../models/account/account'
  21 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  22 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  23 import { Notifier } from '../../../lib/notifier'
  24 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
  25 import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
  26 import { getServerActor } from '@server/models/application/application'
  27
  28 const auditLogger = auditLoggerFactory('abuse')
  29 const abuseVideoRouter = express.Router()
  30
  31 abuseVideoRouter.get('/abuse',
  32   authenticate,
  33   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  34   paginationValidator,
  35   videoAbusesSortValidator,
  36   setDefaultSort,
  37   setDefaultPagination,
  38   videoAbuseListValidator,
  39   asyncMiddleware(listVideoAbuses)
  40 )
  41 abuseVideoRouter.put('/:videoId/abuse/:id',
  42   authenticate,
  43   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  44   asyncMiddleware(videoAbuseUpdateValidator),
  45   asyncRetryTransactionMiddleware(updateVideoAbuse)
  46 )
  47 abuseVideoRouter.post('/:videoId/abuse',
  48   authenticate,
  49   asyncMiddleware(videoAbuseReportValidator),
  50   asyncRetryTransactionMiddleware(reportVideoAbuse)
  51 )
  52 abuseVideoRouter.delete('/:videoId/abuse/:id',
  53   authenticate,
  54   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  55   asyncMiddleware(videoAbuseGetValidator),
  56   asyncRetryTransactionMiddleware(deleteVideoAbuse)
  57 )
  58
  59 // ---------------------------------------------------------------------------
  60
  61 export {
  62   abuseVideoRouter
  63 }
  64
  65 // ---------------------------------------------------------------------------
  66
  67 async function listVideoAbuses (req: express.Request, res: express.Response) {
  68   const user = res.locals.oauth.token.user
  69   const serverActor = await getServerActor()
  70
  71   const resultList = await VideoAbuseModel.listForApi({
  72     start: req.query.start,
  73     count: req.query.count,
  74     sort: req.query.sort,
  75     id: req.query.id,
  76     search: req.query.search,
  77     state: req.query.state,
  78     videoIs: req.query.videoIs,
  79     searchReporter: req.query.searchReporter,
  80     searchReportee: req.query.searchReportee,
  81     searchVideo: req.query.searchVideo,
  82     searchVideoChannel: req.query.searchVideoChannel,
  83     serverAccountId: serverActor.Account.id,
  84     user
  85   })
  86
  87   return res.json(getFormattedObjects(resultList.data, resultList.total))
  88 }
  89
  90 async function updateVideoAbuse (req: express.Request, res: express.Response) {
  91   const videoAbuse = res.locals.videoAbuse
  92
  93   if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  94   if (req.body.state !== undefined) videoAbuse.state = req.body.state
  95
  96   await sequelizeTypescript.transaction(t => {
  97     return videoAbuse.save({ transaction: t })
  98   })
  99
 100   // Do not send the delete to other instances, we updated OUR copy of this video abuse
 101
 102   return res.type('json').status(204).end()
 103 }
 104
 105 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
 106   const videoAbuse = res.locals.videoAbuse
 107
 108   await sequelizeTypescript.transaction(t => {
 109     return videoAbuse.destroy({ transaction: t })
 110   })
 111
 112   // Do not send the delete to other instances, we delete OUR copy of this video abuse
 113
 114   return res.type('json').status(204).end()
 115 }
 116
 117 async function reportVideoAbuse (req: express.Request, res: express.Response) {
 118   const videoInstance = res.locals.videoAll
 119   const body: VideoAbuseCreate = req.body
 120
 121   const videoAbuse = await sequelizeTypescript.transaction(async t => {
 122     const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
 123
 124     const abuseToCreate = {
 125       reporterAccountId: reporterAccount.id,
 126       reason: body.reason,
 127       videoId: videoInstance.id,
 128       state: VideoAbuseState.PENDING
 129     }
 130
 131     const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
 132     videoAbuseInstance.Video = videoInstance
 133     videoAbuseInstance.Account = reporterAccount
 134
 135     // We send the video abuse to the origin server
 136     if (videoInstance.isOwned() === false) {
 137       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
 138     }
 139
 140     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
 141
 142     return videoAbuseInstance
 143   })
 144
 145   Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
 146
 147   logger.info('Abuse report for video %s created.', videoInstance.name)
 148
 149   return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
 150 }