1 import * as express from 'express'
2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
3 import { logger } from '../../../helpers/logger'
4 import { getFormattedObjects, getServerActor } from '../../../helpers/utils'
5 import { sequelizeTypescript } from '../../../initializers'
8 asyncRetryTransactionMiddleware,
14 videoAbuseGetValidator,
15 videoAbuseReportValidator,
16 videoAbusesSortValidator,
17 videoAbuseUpdateValidator
18 } from '../../../middlewares'
19 import { AccountModel } from '../../../models/account/account'
20 import { VideoAbuseModel } from '../../../models/video/video-abuse'
21 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
22 import { Notifier } from '../../../lib/notifier'
23 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
24 import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
26 const auditLogger = auditLoggerFactory('abuse')
27 const abuseVideoRouter = express.Router()
29 abuseVideoRouter.get('/abuse',
31 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
33 videoAbusesSortValidator,
36 asyncMiddleware(listVideoAbuses)
38 abuseVideoRouter.put('/:videoId/abuse/:id',
40 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
41 asyncMiddleware(videoAbuseUpdateValidator),
42 asyncRetryTransactionMiddleware(updateVideoAbuse)
44 abuseVideoRouter.post('/:videoId/abuse',
46 asyncMiddleware(videoAbuseReportValidator),
47 asyncRetryTransactionMiddleware(reportVideoAbuse)
49 abuseVideoRouter.delete('/:videoId/abuse/:id',
51 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
52 asyncMiddleware(videoAbuseGetValidator),
53 asyncRetryTransactionMiddleware(deleteVideoAbuse)
56 // ---------------------------------------------------------------------------
62 // ---------------------------------------------------------------------------
64 async function listVideoAbuses (req: express.Request, res: express.Response) {
65 const user = res.locals.oauth.token.user
66 const serverActor = await getServerActor()
68 const resultList = await VideoAbuseModel.listForApi({
69 start: req.query.start,
70 count: req.query.count,
72 search: req.query.search,
73 serverAccountId: serverActor.Account.id,
77 return res.json(getFormattedObjects(resultList.data, resultList.total))
80 async function updateVideoAbuse (req: express.Request, res: express.Response) {
81 const videoAbuse = res.locals.videoAbuse
83 if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
84 if (req.body.state !== undefined) videoAbuse.state = req.body.state
86 await sequelizeTypescript.transaction(t => {
87 return videoAbuse.save({ transaction: t })
90 // Do not send the delete to other instances, we updated OUR copy of this video abuse
92 return res.type('json').status(204).end()
95 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
96 const videoAbuse = res.locals.videoAbuse
98 await sequelizeTypescript.transaction(t => {
99 return videoAbuse.destroy({ transaction: t })
102 // Do not send the delete to other instances, we delete OUR copy of this video abuse
104 return res.type('json').status(204).end()
107 async function reportVideoAbuse (req: express.Request, res: express.Response) {
108 const videoInstance = res.locals.videoAll
109 const body: VideoAbuseCreate = req.body
111 const videoAbuse = await sequelizeTypescript.transaction(async t => {
112 const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
114 const abuseToCreate = {
115 reporterAccountId: reporterAccount.id,
117 videoId: videoInstance.id,
118 state: VideoAbuseState.PENDING
121 const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
122 videoAbuseInstance.Video = videoInstance
123 videoAbuseInstance.Account = reporterAccount
125 // We send the video abuse to the origin server
126 if (videoInstance.isOwned() === false) {
127 await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
130 auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
132 return videoAbuseInstance
135 Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
137 logger.info('Abuse report for video %s created.', videoInstance.name)
139 return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()