1 import express from 'express'
2 import { body, param, query } from 'express-validator'
4 areAbusePredefinedReasonsValid,
7 isAbuseModerationCommentValid,
8 isAbusePredefinedReasonValid,
11 isAbuseTimestampCoherent,
12 isAbuseTimestampValid,
14 } from '@server/helpers/custom-validators/abuses'
15 import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
16 import { logger } from '@server/helpers/logger'
17 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
18 import { AbuseCreate, UserRight } from '@shared/models'
19 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
20 import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
22 const abuseReportValidator = [
29 .customSanitizer(toCompleteUUID)
30 .custom(isIdOrUUIDValid),
33 .customSanitizer(toIntOrNull)
34 .custom(isAbuseTimestampValid),
37 .customSanitizer(toIntOrNull)
38 .custom(isAbuseTimestampValid)
40 .custom(isAbuseTimestampCoherent)
41 .withMessage('Should have a startAt timestamp beginning before endAt'),
48 .custom(isAbuseReasonValid),
50 body('predefinedReasons')
52 .custom(areAbusePredefinedReasonsValid),
54 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
55 if (areValidationErrors(req, res)) return
57 const body: AbuseCreate = req.body
59 if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
60 if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
61 if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
63 if (!body.video?.id && !body.account?.id && !body.comment?.id) {
64 res.fail({ message: 'video id or account id or comment id is required.' })
72 const abuseGetValidator = [
76 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
77 if (areValidationErrors(req, res)) return
78 if (!await doesAbuseExist(req.params.id, res)) return
84 const abuseUpdateValidator = [
90 .custom(isAbuseStateValid),
91 body('moderationComment')
93 .custom(isAbuseModerationCommentValid),
95 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
96 if (areValidationErrors(req, res)) return
97 if (!await doesAbuseExist(req.params.id, res)) return
103 const abuseListForAdminsValidator = [
109 .custom(isAbuseFilterValid),
110 query('predefinedReason')
112 .custom(isAbusePredefinedReasonValid),
118 .custom(isAbuseStateValid),
121 .custom(isAbuseVideoIsValid),
122 query('searchReporter')
125 query('searchReportee')
131 query('searchVideoChannel')
135 (req: express.Request, res: express.Response, next: express.NextFunction) => {
136 if (areValidationErrors(req, res)) return
142 const abuseListForUserValidator = [
153 .custom(isAbuseStateValid),
155 (req: express.Request, res: express.Response, next: express.NextFunction) => {
156 if (areValidationErrors(req, res)) return
162 const getAbuseValidator = [
166 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
167 if (areValidationErrors(req, res)) return
168 if (!await doesAbuseExist(req.params.id, res)) return
170 const user = res.locals.oauth.token.user
171 const abuse = res.locals.abuse
173 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
174 const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
178 status: HttpStatusCode.FORBIDDEN_403,
187 const checkAbuseValidForMessagesValidator = [
188 (req: express.Request, res: express.Response, next: express.NextFunction) => {
189 const abuse = res.locals.abuse
190 if (abuse.ReporterAccount.isOwned() === false) {
191 return res.fail({ message: 'This abuse was created by a user of your instance.' })
198 const addAbuseMessageValidator = [
200 .custom(isAbuseMessageValid),
202 (req: express.Request, res: express.Response, next: express.NextFunction) => {
203 if (areValidationErrors(req, res)) return
209 const deleteAbuseMessageValidator = [
213 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
214 if (areValidationErrors(req, res)) return
216 const user = res.locals.oauth.token.user
217 const abuse = res.locals.abuse
219 const messageId = parseInt(req.params.messageId + '', 10)
220 const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
224 status: HttpStatusCode.NOT_FOUND_404,
225 message: 'Abuse message not found'
229 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
231 status: HttpStatusCode.FORBIDDEN_403,
232 message: 'Cannot delete this abuse message'
236 res.locals.abuseMessage = abuseMessage
242 // ---------------------------------------------------------------------------
245 abuseListForAdminsValidator,
246 abuseReportValidator,
248 addAbuseMessageValidator,
249 checkAbuseValidForMessagesValidator,
250 abuseUpdateValidator,
251 deleteAbuseMessageValidator,
252 abuseListForUserValidator,