server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import { sendVideoAbuse } from '../../../lib/activitypub/send'
   7 import {
   8   asyncMiddleware,
   9   asyncRetryTransactionMiddleware,
  10   authenticate,
  11   ensureUserHasRight,
  12   paginationValidator,
  13   setDefaultPagination,
  14   setDefaultSort,
  15   videoAbuseReportValidator,
  16   videoAbusesSortValidator
  17 } from '../../../middlewares'
  18 import { AccountModel } from '../../../models/account/account'
  19 import { VideoModel } from '../../../models/video/video'
  20 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  21 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  22
  23 const auditLogger = auditLoggerFactory('abuse')
  24 const abuseVideoRouter = express.Router()
  25
  26 abuseVideoRouter.get('/abuse',
  27   authenticate,
  28   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  29   paginationValidator,
  30   videoAbusesSortValidator,
  31   setDefaultSort,
  32   setDefaultPagination,
  33   asyncMiddleware(listVideoAbuses)
  34 )
  35 abuseVideoRouter.post('/:id/abuse',
  36   authenticate,
  37   asyncMiddleware(videoAbuseReportValidator),
  38   asyncRetryTransactionMiddleware(reportVideoAbuse)
  39 )
  40
  41 // ---------------------------------------------------------------------------
  42
  43 export {
  44   abuseVideoRouter
  45 }
  46
  47 // ---------------------------------------------------------------------------
  48
  49 async function listVideoAbuses (req: express.Request, res: express.Response, next: express.NextFunction) {
  50   const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  51
  52   return res.json(getFormattedObjects(resultList.data, resultList.total))
  53 }
  54
  55 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  56   const videoInstance = res.locals.video as VideoModel
  57   const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
  58   const body: VideoAbuseCreate = req.body
  59
  60   const abuseToCreate = {
  61     reporterAccountId: reporterAccount.id,
  62     reason: body.reason,
  63     videoId: videoInstance.id
  64   }
  65
  66   await sequelizeTypescript.transaction(async t => {
  67     const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
  68     videoAbuseInstance.Video = videoInstance
  69     videoAbuseInstance.Account = reporterAccount
  70
  71     // We send the video abuse to the origin server
  72     if (videoInstance.isOwned() === false) {
  73       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
  74     }
  75
  76     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
  77     logger.info('Abuse report for video %s created.', videoInstance.name)
  78   })
  79
  80   return res.type('json').status(204).end()
  81 }