server/controllers/api/videos/abuse.ts

   1 import * as express from 'express'
   2 import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
   3 import { logger } from '../../../helpers/logger'
   4 import { getFormattedObjects } from '../../../helpers/utils'
   5 import { sequelizeTypescript } from '../../../initializers'
   6 import {
   7   asyncMiddleware,
   8   asyncRetryTransactionMiddleware,
   9   authenticate,
  10   ensureUserHasRight,
  11   paginationValidator,
  12   setDefaultPagination,
  13   setDefaultSort,
  14   videoAbuseGetValidator,
  15   videoAbuseReportValidator,
  16   videoAbusesSortValidator,
  17   videoAbuseUpdateValidator
  18 } from '../../../middlewares'
  19 import { AccountModel } from '../../../models/account/account'
  20 import { VideoAbuseModel } from '../../../models/video/video-abuse'
  21 import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  22 import { Notifier } from '../../../lib/notifier'
  23 import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
  24 import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
  25
  26 const auditLogger = auditLoggerFactory('abuse')
  27 const abuseVideoRouter = express.Router()
  28
  29 abuseVideoRouter.get('/abuse',
  30   authenticate,
  31   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  32   paginationValidator,
  33   videoAbusesSortValidator,
  34   setDefaultSort,
  35   setDefaultPagination,
  36   asyncMiddleware(listVideoAbuses)
  37 )
  38 abuseVideoRouter.put('/:videoId/abuse/:id',
  39   authenticate,
  40   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  41   asyncMiddleware(videoAbuseUpdateValidator),
  42   asyncRetryTransactionMiddleware(updateVideoAbuse)
  43 )
  44 abuseVideoRouter.post('/:videoId/abuse',
  45   authenticate,
  46   asyncMiddleware(videoAbuseReportValidator),
  47   asyncRetryTransactionMiddleware(reportVideoAbuse)
  48 )
  49 abuseVideoRouter.delete('/:videoId/abuse/:id',
  50   authenticate,
  51   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  52   asyncMiddleware(videoAbuseGetValidator),
  53   asyncRetryTransactionMiddleware(deleteVideoAbuse)
  54 )
  55
  56 // ---------------------------------------------------------------------------
  57
  58 export {
  59   abuseVideoRouter
  60 }
  61
  62 // ---------------------------------------------------------------------------
  63
  64 async function listVideoAbuses (req: express.Request, res: express.Response) {
  65   const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  66
  67   return res.json(getFormattedObjects(resultList.data, resultList.total))
  68 }
  69
  70 async function updateVideoAbuse (req: express.Request, res: express.Response) {
  71   const videoAbuse = res.locals.videoAbuse
  72
  73   if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  74   if (req.body.state !== undefined) videoAbuse.state = req.body.state
  75
  76   await sequelizeTypescript.transaction(t => {
  77     return videoAbuse.save({ transaction: t })
  78   })
  79
  80   // Do not send the delete to other instances, we updated OUR copy of this video abuse
  81
  82   return res.type('json').status(204).end()
  83 }
  84
  85 async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  86   const videoAbuse = res.locals.videoAbuse
  87
  88   await sequelizeTypescript.transaction(t => {
  89     return videoAbuse.destroy({ transaction: t })
  90   })
  91
  92   // Do not send the delete to other instances, we delete OUR copy of this video abuse
  93
  94   return res.type('json').status(204).end()
  95 }
  96
  97 async function reportVideoAbuse (req: express.Request, res: express.Response) {
  98   const videoInstance = res.locals.videoAll
  99   const body: VideoAbuseCreate = req.body
 100
 101   const videoAbuse = await sequelizeTypescript.transaction(async t => {
 102     const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
 103
 104     const abuseToCreate = {
 105       reporterAccountId: reporterAccount.id,
 106       reason: body.reason,
 107       videoId: videoInstance.id,
 108       state: VideoAbuseState.PENDING
 109     }
 110
 111     const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
 112     videoAbuseInstance.Video = videoInstance
 113     videoAbuseInstance.Account = reporterAccount
 114
 115     // We send the video abuse to the origin server
 116     if (videoInstance.isOwned() === false) {
 117       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
 118     }
 119
 120     auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
 121
 122     return videoAbuseInstance
 123   })
 124
 125   Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
 126
 127   logger.info('Abuse report for video %s created.', videoInstance.name)
 128
 129   return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
 130 }