1 import * as express from 'express'
2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
3 import { logger } from '../../../helpers/logger'
4 import { getFormattedObjects } from '../../../helpers/utils'
5 import { sequelizeTypescript } from '../../../initializers'
8 asyncRetryTransactionMiddleware,
14 videoAbuseGetValidator,
15 videoAbuseReportValidator,
16 videoAbusesSortValidator,
17 videoAbuseUpdateValidator
18 } from '../../../middlewares'
19 import { AccountModel } from '../../../models/account/account'
20 import { VideoAbuseModel } from '../../../models/video/video-abuse'
21 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
22 import { Notifier } from '../../../lib/notifier'
23 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
24 import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
25 import { getServerActor } from '@server/models/application/application'
27 const auditLogger = auditLoggerFactory('abuse')
28 const abuseVideoRouter = express.Router()
30 abuseVideoRouter.get('/abuse',
32 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
34 videoAbusesSortValidator,
37 asyncMiddleware(listVideoAbuses)
39 abuseVideoRouter.put('/:videoId/abuse/:id',
41 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
42 asyncMiddleware(videoAbuseUpdateValidator),
43 asyncRetryTransactionMiddleware(updateVideoAbuse)
45 abuseVideoRouter.post('/:videoId/abuse',
47 asyncMiddleware(videoAbuseReportValidator),
48 asyncRetryTransactionMiddleware(reportVideoAbuse)
50 abuseVideoRouter.delete('/:videoId/abuse/:id',
52 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
53 asyncMiddleware(videoAbuseGetValidator),
54 asyncRetryTransactionMiddleware(deleteVideoAbuse)
57 // ---------------------------------------------------------------------------
63 // ---------------------------------------------------------------------------
65 async function listVideoAbuses (req: express.Request, res: express.Response) {
66 const user = res.locals.oauth.token.user
67 const serverActor = await getServerActor()
69 const resultList = await VideoAbuseModel.listForApi({
70 start: req.query.start,
71 count: req.query.count,
73 search: req.query.search,
74 serverAccountId: serverActor.Account.id,
78 return res.json(getFormattedObjects(resultList.data, resultList.total))
81 async function updateVideoAbuse (req: express.Request, res: express.Response) {
82 const videoAbuse = res.locals.videoAbuse
84 if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
85 if (req.body.state !== undefined) videoAbuse.state = req.body.state
87 await sequelizeTypescript.transaction(t => {
88 return videoAbuse.save({ transaction: t })
91 // Do not send the delete to other instances, we updated OUR copy of this video abuse
93 return res.type('json').status(204).end()
96 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
97 const videoAbuse = res.locals.videoAbuse
99 await sequelizeTypescript.transaction(t => {
100 return videoAbuse.destroy({ transaction: t })
103 // Do not send the delete to other instances, we delete OUR copy of this video abuse
105 return res.type('json').status(204).end()
108 async function reportVideoAbuse (req: express.Request, res: express.Response) {
109 const videoInstance = res.locals.videoAll
110 const body: VideoAbuseCreate = req.body
112 const videoAbuse = await sequelizeTypescript.transaction(async t => {
113 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
115 const abuseToCreate = {
116 reporterAccountId: reporterAccount.id,
118 videoId: videoInstance.id,
119 state: VideoAbuseState.PENDING
122 const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
123 videoAbuseInstance.Video = videoInstance
124 videoAbuseInstance.Account = reporterAccount
126 // We send the video abuse to the origin server
127 if (videoInstance.isOwned() === false) {
128 await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
131 auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
133 return videoAbuseInstance
136 Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
138 logger.info('Abuse report for video %s created.', videoInstance.name)
140 return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()