server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import {
   7   asyncMiddleware,
   8   asyncRetryTransactionMiddleware,
   9   authenticate,
  10   ensureUserHasRight,
  11   paginationValidator,
  12   setDefaultPagination,
  13   setDefaultSort,
  14   videoAbuseGetValidator,
  15   videoAbuseReportValidator,
  16   videoAbusesSortValidator,
  17   videoAbuseUpdateValidator
  18 } from '../../../middlewares'
  19 import { AccountModel } from '../../../models/account/account'
  20 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  21 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  22 import { Notifier } from '../../../lib/notifier'
  23 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
  24
  25 const auditLogger = auditLoggerFactory('abuse')
  26 const abuseVideoRouter = express.Router()
  27
  28 abuseVideoRouter.get('/abuse',
  29   authenticate,
  30   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  31   paginationValidator,
  32   videoAbusesSortValidator,
  33   setDefaultSort,
  34   setDefaultPagination,
  35   asyncMiddleware(listVideoAbuses)
  36 )
  37 abuseVideoRouter.put('/:videoId/abuse/:id',
  38   authenticate,
  39   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  40   asyncMiddleware(videoAbuseUpdateValidator),
  41   asyncRetryTransactionMiddleware(updateVideoAbuse)
  42 )
  43 abuseVideoRouter.post('/:videoId/abuse',
  44   authenticate,
  45   asyncMiddleware(videoAbuseReportValidator),
  46   asyncRetryTransactionMiddleware(reportVideoAbuse)
  47 )
  48 abuseVideoRouter.delete('/:videoId/abuse/:id',
  49   authenticate,
  50   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  51   asyncMiddleware(videoAbuseGetValidator),
  52   asyncRetryTransactionMiddleware(deleteVideoAbuse)
  53 )
  54
  55 // ---------------------------------------------------------------------------
  56
  57 export {
  58   abuseVideoRouter
  59 }
  60
  61 // ---------------------------------------------------------------------------
  62
  63 async function listVideoAbuses (req: express.Request, res: express.Response) {
  64   const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  65
  66   return res.json(getFormattedObjects(resultList.data, resultList.total))
  67 }
  68
  69 async function updateVideoAbuse (req: express.Request, res: express.Response) {
  70   const videoAbuse = res.locals.videoAbuse
  71
  72   if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  73   if (req.body.state !== undefined) videoAbuse.state = req.body.state
  74
  75   await sequelizeTypescript.transaction(t => {
  76     return videoAbuse.save({ transaction: t })
  77   })
  78
  79   // Do not send the delete to other instances, we updated OUR copy of this video abuse
  80
  81   return res.type('json').status(204).end()
  82 }
  83
  84 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  85   const videoAbuse = res.locals.videoAbuse
  86
  87   await sequelizeTypescript.transaction(t => {
  88     return videoAbuse.destroy({ transaction: t })
  89   })
  90
  91   // Do not send the delete to other instances, we delete OUR copy of this video abuse
  92
  93   return res.type('json').status(204).end()
  94 }
  95
  96 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  97   const videoInstance = res.locals.video
  98   const body: VideoAbuseCreate = req.body
  99
 100   const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
 101     const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
 102
 103     const abuseToCreate = {
 104       reporterAccountId: reporterAccount.id,
 105       reason: body.reason,
 106       videoId: videoInstance.id,
 107       state: VideoAbuseState.PENDING
 108     }
 109
 110     const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
 111     videoAbuseInstance.Video = videoInstance
 112     videoAbuseInstance.Account = reporterAccount
 113
 114     // We send the video abuse to the origin server
 115     if (videoInstance.isOwned() === false) {
 116       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
 117     }
 118
 119     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
 120
 121     return videoAbuseInstance
 122   })
 123
 124   Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
 125
 126   logger.info('Abuse report for video %s created.', videoInstance.name)
 127
 128   return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
 129 }