1 import * as express from 'express'
2 import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse, videoAbusePredefinedReasonsMap } from '../../../../shared'
3 import { logger } from '../../../helpers/logger'
4 import { getFormattedObjects } from '../../../helpers/utils'
5 import { sequelizeTypescript } from '../../../initializers/database'
8 asyncRetryTransactionMiddleware,
14 videoAbuseGetValidator,
15 videoAbuseReportValidator,
16 videoAbusesSortValidator,
17 videoAbuseUpdateValidator,
18 videoAbuseListValidator
19 } from '../../../middlewares'
20 import { AccountModel } from '../../../models/account/account'
21 import { VideoAbuseModel } from '../../../models/video/video-abuse'
22 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
23 import { Notifier } from '../../../lib/notifier'
24 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
25 import { MVideoAbuseAccountVideo } from '../../../types/models/video'
26 import { getServerActor } from '@server/models/application/application'
27 import { MAccountDefault } from '@server/types/models'
29 const auditLogger = auditLoggerFactory('abuse')
30 const abuseVideoRouter = express.Router()
32 abuseVideoRouter.get('/abuse',
34 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
36 videoAbusesSortValidator,
39 videoAbuseListValidator,
40 asyncMiddleware(listVideoAbuses)
42 abuseVideoRouter.put('/:videoId/abuse/:id',
44 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
45 asyncMiddleware(videoAbuseUpdateValidator),
46 asyncRetryTransactionMiddleware(updateVideoAbuse)
48 abuseVideoRouter.post('/:videoId/abuse',
50 asyncMiddleware(videoAbuseReportValidator),
51 asyncRetryTransactionMiddleware(reportVideoAbuse)
53 abuseVideoRouter.delete('/:videoId/abuse/:id',
55 ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
56 asyncMiddleware(videoAbuseGetValidator),
57 asyncRetryTransactionMiddleware(deleteVideoAbuse)
60 // ---------------------------------------------------------------------------
66 // ---------------------------------------------------------------------------
68 async function listVideoAbuses (req: express.Request, res: express.Response) {
69 const user = res.locals.oauth.token.user
70 const serverActor = await getServerActor()
72 const resultList = await VideoAbuseModel.listForApi({
73 start: req.query.start,
74 count: req.query.count,
77 predefinedReason: req.query.predefinedReason,
78 search: req.query.search,
79 state: req.query.state,
80 videoIs: req.query.videoIs,
81 searchReporter: req.query.searchReporter,
82 searchReportee: req.query.searchReportee,
83 searchVideo: req.query.searchVideo,
84 searchVideoChannel: req.query.searchVideoChannel,
85 serverAccountId: serverActor.Account.id,
89 return res.json(getFormattedObjects(resultList.data, resultList.total))
92 async function updateVideoAbuse (req: express.Request, res: express.Response) {
93 const videoAbuse = res.locals.videoAbuse
95 if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
96 if (req.body.state !== undefined) videoAbuse.state = req.body.state
98 await sequelizeTypescript.transaction(t => {
99 return videoAbuse.save({ transaction: t })
102 // Do not send the delete to other instances, we updated OUR copy of this video abuse
104 return res.type('json').status(204).end()
107 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
108 const videoAbuse = res.locals.videoAbuse
110 await sequelizeTypescript.transaction(t => {
111 return videoAbuse.destroy({ transaction: t })
114 // Do not send the delete to other instances, we delete OUR copy of this video abuse
116 return res.type('json').status(204).end()
119 async function reportVideoAbuse (req: express.Request, res: express.Response) {
120 const videoInstance = res.locals.videoAll
121 const body: VideoAbuseCreate = req.body
122 let reporterAccount: MAccountDefault
123 let videoAbuseJSON: VideoAbuse
125 const videoAbuseInstance = await sequelizeTypescript.transaction(async t => {
126 reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
127 const predefinedReasons = body.predefinedReasons?.map(r => videoAbusePredefinedReasonsMap[r])
129 const abuseToCreate = {
130 reporterAccountId: reporterAccount.id,
132 videoId: videoInstance.id,
133 state: VideoAbuseState.PENDING,
135 startAt: body.startAt,
139 const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
140 videoAbuseInstance.Video = videoInstance
141 videoAbuseInstance.Account = reporterAccount
143 // We send the video abuse to the origin server
144 if (videoInstance.isOwned() === false) {
145 await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
148 videoAbuseJSON = videoAbuseInstance.toFormattedJSON()
149 auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON))
151 return videoAbuseInstance
154 Notifier.Instance.notifyOnNewVideoAbuse({
155 videoAbuse: videoAbuseJSON,
157 reporter: reporterAccount.Actor.getIdentifier()
160 logger.info('Abuse report for video "%s" created.', videoInstance.name)
162 return res.json({ videoAbuse: videoAbuseJSON }).end()