1 import express from 'express'
2 import { body, param, query } from 'express-validator'
4 areAbusePredefinedReasonsValid,
7 isAbuseModerationCommentValid,
8 isAbusePredefinedReasonValid,
11 isAbuseTimestampCoherent,
12 isAbuseTimestampValid,
14 } from '@server/helpers/custom-validators/abuses'
15 import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
16 import { logger } from '@server/helpers/logger'
17 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
18 import { AbuseCreate, UserRight } from '@shared/models'
19 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
20 import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
22 const abuseReportValidator = [
29 .customSanitizer(toCompleteUUID)
30 .custom(isIdOrUUIDValid),
33 .customSanitizer(toIntOrNull)
34 .custom(isAbuseTimestampValid),
37 .customSanitizer(toIntOrNull)
38 .custom(isAbuseTimestampValid)
40 .custom(isAbuseTimestampCoherent)
41 .withMessage('Should have a startAt timestamp beginning before endAt'),
48 .custom(isAbuseReasonValid),
50 body('predefinedReasons')
52 .custom(areAbusePredefinedReasonsValid),
54 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
55 logger.debug('Checking abuseReport parameters', { parameters: req.body })
57 if (areValidationErrors(req, res)) return
59 const body: AbuseCreate = req.body
61 if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
62 if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
63 if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
65 if (!body.video?.id && !body.account?.id && !body.comment?.id) {
66 res.fail({ message: 'video id or account id or comment id is required.' })
74 const abuseGetValidator = [
78 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79 logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })
81 if (areValidationErrors(req, res)) return
82 if (!await doesAbuseExist(req.params.id, res)) return
88 const abuseUpdateValidator = [
94 .custom(isAbuseStateValid),
95 body('moderationComment')
97 .custom(isAbuseModerationCommentValid),
99 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
100 logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })
102 if (areValidationErrors(req, res)) return
103 if (!await doesAbuseExist(req.params.id, res)) return
109 const abuseListForAdminsValidator = [
115 .custom(isAbuseFilterValid),
116 query('predefinedReason')
118 .custom(isAbusePredefinedReasonValid),
124 .custom(isAbuseStateValid),
127 .custom(isAbuseVideoIsValid),
128 query('searchReporter')
131 query('searchReportee')
137 query('searchVideoChannel')
141 (req: express.Request, res: express.Response, next: express.NextFunction) => {
142 logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body })
144 if (areValidationErrors(req, res)) return
150 const abuseListForUserValidator = [
161 .custom(isAbuseStateValid),
163 (req: express.Request, res: express.Response, next: express.NextFunction) => {
164 logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body })
166 if (areValidationErrors(req, res)) return
172 const getAbuseValidator = [
176 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
177 logger.debug('Checking getAbuseValidator parameters', { parameters: req.body })
179 if (areValidationErrors(req, res)) return
180 if (!await doesAbuseExist(req.params.id, res)) return
182 const user = res.locals.oauth.token.user
183 const abuse = res.locals.abuse
185 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
186 const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
190 status: HttpStatusCode.FORBIDDEN_403,
199 const checkAbuseValidForMessagesValidator = [
200 (req: express.Request, res: express.Response, next: express.NextFunction) => {
201 logger.debug('Checking checkAbuseValidForMessagesValidator parameters', { parameters: req.body })
203 const abuse = res.locals.abuse
204 if (abuse.ReporterAccount.isOwned() === false) {
205 return res.fail({ message: 'This abuse was created by a user of your instance.' })
212 const addAbuseMessageValidator = [
214 .custom(isAbuseMessageValid),
216 (req: express.Request, res: express.Response, next: express.NextFunction) => {
217 logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body })
219 if (areValidationErrors(req, res)) return
225 const deleteAbuseMessageValidator = [
229 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
230 logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body })
232 if (areValidationErrors(req, res)) return
234 const user = res.locals.oauth.token.user
235 const abuse = res.locals.abuse
237 const messageId = parseInt(req.params.messageId + '', 10)
238 const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
242 status: HttpStatusCode.NOT_FOUND_404,
243 message: 'Abuse message not found'
247 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
249 status: HttpStatusCode.FORBIDDEN_403,
250 message: 'Cannot delete this abuse message'
254 res.locals.abuseMessage = abuseMessage
260 // ---------------------------------------------------------------------------
263 abuseListForAdminsValidator,
264 abuseReportValidator,
266 addAbuseMessageValidator,
267 checkAbuseValidForMessagesValidator,
268 abuseUpdateValidator,
269 deleteAbuseMessageValidator,
270 abuseListForUserValidator,