1 import express from 'express'
2 import { body, param, query } from 'express-validator'
4 areAbusePredefinedReasonsValid,
7 isAbuseModerationCommentValid,
8 isAbusePredefinedReasonValid,
11 isAbuseTimestampCoherent,
12 isAbuseTimestampValid,
14 } from '@server/helpers/custom-validators/abuses'
15 import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
16 import { logger } from '@server/helpers/logger'
17 import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
18 import { AbuseCreate, UserRight } from '@shared/models'
19 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
20 import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
21 import { forceNumber } from '@shared/core-utils'
23 const abuseReportValidator = [
30 .customSanitizer(toCompleteUUID)
31 .custom(isIdOrUUIDValid),
34 .customSanitizer(toIntOrNull)
35 .custom(isAbuseTimestampValid),
38 .customSanitizer(toIntOrNull)
39 .custom(isAbuseTimestampValid)
41 .custom(isAbuseTimestampCoherent)
42 .withMessage('Should have a startAt timestamp beginning before endAt'),
49 .custom(isAbuseReasonValid),
51 body('predefinedReasons')
53 .custom(areAbusePredefinedReasonsValid),
55 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
56 if (areValidationErrors(req, res)) return
58 const body: AbuseCreate = req.body
60 if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
61 if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
62 if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
64 if (!body.video?.id && !body.account?.id && !body.comment?.id) {
65 res.fail({ message: 'video id or account id or comment id is required.' })
73 const abuseGetValidator = [
77 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
78 if (areValidationErrors(req, res)) return
79 if (!await doesAbuseExist(req.params.id, res)) return
85 const abuseUpdateValidator = [
91 .custom(isAbuseStateValid),
92 body('moderationComment')
94 .custom(isAbuseModerationCommentValid),
96 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
97 if (areValidationErrors(req, res)) return
98 if (!await doesAbuseExist(req.params.id, res)) return
104 const abuseListForAdminsValidator = [
110 .custom(isAbuseFilterValid),
111 query('predefinedReason')
113 .custom(isAbusePredefinedReasonValid),
119 .custom(isAbuseStateValid),
122 .custom(isAbuseVideoIsValid),
123 query('searchReporter')
126 query('searchReportee')
132 query('searchVideoChannel')
136 (req: express.Request, res: express.Response, next: express.NextFunction) => {
137 if (areValidationErrors(req, res)) return
143 const abuseListForUserValidator = [
154 .custom(isAbuseStateValid),
156 (req: express.Request, res: express.Response, next: express.NextFunction) => {
157 if (areValidationErrors(req, res)) return
163 const getAbuseValidator = [
167 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
168 if (areValidationErrors(req, res)) return
169 if (!await doesAbuseExist(req.params.id, res)) return
171 const user = res.locals.oauth.token.user
172 const abuse = res.locals.abuse
174 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
175 const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
179 status: HttpStatusCode.FORBIDDEN_403,
188 const checkAbuseValidForMessagesValidator = [
189 (req: express.Request, res: express.Response, next: express.NextFunction) => {
190 const abuse = res.locals.abuse
191 if (abuse.ReporterAccount.isOwned() === false) {
192 return res.fail({ message: 'This abuse was created by a user of your instance.' })
199 const addAbuseMessageValidator = [
201 .custom(isAbuseMessageValid),
203 (req: express.Request, res: express.Response, next: express.NextFunction) => {
204 if (areValidationErrors(req, res)) return
210 const deleteAbuseMessageValidator = [
214 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
215 if (areValidationErrors(req, res)) return
217 const user = res.locals.oauth.token.user
218 const abuse = res.locals.abuse
220 const messageId = forceNumber(req.params.messageId)
221 const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
225 status: HttpStatusCode.NOT_FOUND_404,
226 message: 'Abuse message not found'
230 if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
232 status: HttpStatusCode.FORBIDDEN_403,
233 message: 'Cannot delete this abuse message'
237 res.locals.abuseMessage = abuseMessage
243 // ---------------------------------------------------------------------------
246 abuseListForAdminsValidator,
247 abuseReportValidator,
249 addAbuseMessageValidator,
250 checkAbuseValidForMessagesValidator,
251 abuseUpdateValidator,
252 deleteAbuseMessageValidator,
253 abuseListForUserValidator,