Add blacklist reason field

[github/Chocobozzz/PeerTube.git] / server / controllers / api / users.ts

diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index c80f27a23c53b19b4dc96c91cc89ece3c7026873..543b20baa647604a9339a62c370b77419ab49761 100644 (file)
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -29,7 +29,14 @@ import {
   usersUpdateValidator,
   usersVideoRatingValidator
 } from '../../middlewares'
-import { usersAskResetPasswordValidator, usersResetPasswordValidator, videosSortValidator } from '../../middlewares/validators'
+import {
+  deleteMeValidator,
+  usersAskResetPasswordValidator,
+  usersBlockingValidator,
+  usersResetPasswordValidator,
+  videoImportsSortValidator,
+  videosSortValidator
+} from '../../middlewares/validators'
 import { AccountVideoRateModel } from '../../models/account/account-video-rate'
 import { UserModel } from '../../models/account/user'
 import { OAuthTokenModel } from '../../models/oauth/oauth-token'
@@ -39,6 +46,10 @@ import { createReqFiles } from '../../helpers/express-utils'
 import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
 import { updateAvatarValidator } from '../../middlewares/validators/avatar'
 import { updateActorAvatarFile } from '../../lib/avatar'
+import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
+import { VideoImportModel } from '../../models/video/video-import'
+
+const auditLogger = auditLoggerFactory('users')
 
 const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
 const loginRateLimiter = new RateLimit({
@@ -53,12 +64,26 @@ usersRouter.get('/me',
   authenticate,
   asyncMiddleware(getUserInformation)
 )
+usersRouter.delete('/me',
+  authenticate,
+  asyncMiddleware(deleteMeValidator),
+  asyncMiddleware(deleteMe)
+)
 
 usersRouter.get('/me/video-quota-used',
   authenticate,
   asyncMiddleware(getUserVideoQuotaUsed)
 )
 
+usersRouter.get('/me/videos/imports',
+  authenticate,
+  paginationValidator,
+  videoImportsSortValidator,
+  setDefaultSort,
+  setDefaultPagination,
+  asyncMiddleware(getUserVideoImports)
+)
+
 usersRouter.get('/me/videos',
   authenticate,
   paginationValidator,
@@ -84,6 +109,19 @@ usersRouter.get('/',
   asyncMiddleware(listUsers)
 )
 
+usersRouter.post('/:id/block',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_USERS),
+  asyncMiddleware(usersBlockingValidator),
+  asyncMiddleware(blockUser)
+)
+usersRouter.post('/:id/unblock',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_USERS),
+  asyncMiddleware(usersBlockingValidator),
+  asyncMiddleware(unblockUser)
+)
+
 usersRouter.get('/:id',
   authenticate,
   ensureUserHasRight(UserRight.MANAGE_USERS),
@@ -163,18 +201,30 @@ async function getUserVideos (req: express.Request, res: express.Response, next:
     user.Account.id,
     req.query.start as number,
     req.query.count as number,
-    req.query.sort as VideoSortField,
-    false // Display my NSFW videos
+    req.query.sort as VideoSortField
   )
 
   const additionalAttributes = {
     waitTranscoding: true,
     state: true,
-    scheduledUpdate: true
+    scheduledUpdate: true,
+    blacklistInfo: true
   }
   return res.json(getFormattedObjects(resultList.data, resultList.total, { additionalAttributes }))
 }
 
+async function getUserVideoImports (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const user = res.locals.oauth.token.User as UserModel
+  const resultList = await VideoImportModel.listUserVideoImportsForApi(
+    user.id,
+    req.query.start as number,
+    req.query.count as number,
+    req.query.sort
+  )
+
+  return res.json(getFormattedObjects(resultList.data, resultList.total))
+}
+
 async function createUser (req: express.Request, res: express.Response) {
   const body: UserCreate = req.body
   const userToCreate = new UserModel({
@@ -189,6 +239,7 @@ async function createUser (req: express.Request, res: express.Response) {
 
   const { user, account } = await createUserAccountAndChannel(userToCreate)
 
+  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
   logger.info('User %s with its channel and account created.', body.username)
 
   return res.json({
@@ -205,7 +256,7 @@ async function createUser (req: express.Request, res: express.Response) {
 async function registerUser (req: express.Request, res: express.Response) {
   const body: UserCreate = req.body
 
-  const user = new UserModel({
+  const userToCreate = new UserModel({
     username: body.username,
     password: body.password,
     email: body.email,
@@ -215,8 +266,9 @@ async function registerUser (req: express.Request, res: express.Response) {
     videoQuota: CONFIG.USER.VIDEO_QUOTA
   })
 
-  await createUserAccountAndChannel(user)
+  const { user } = await createUserAccountAndChannel(userToCreate)
 
+  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
   logger.info('User %s with its channel and account registered.', body.username)
 
   return res.type('json').status(204).end()
@@ -240,6 +292,23 @@ async function getUserVideoQuotaUsed (req: express.Request, res: express.Respons
   return res.json(data)
 }
 
+async function unblockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const user: UserModel = res.locals.user
+
+  await changeUserBlock(res, user, false)
+
+  return res.status(204).end()
+}
+
+async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const user: UserModel = res.locals.user
+  const reason = req.body.reason
+
+  await changeUserBlock(res, user, true, reason)
+
+  return res.status(204).end()
+}
+
 function getUser (req: express.Request, res: express.Response, next: express.NextFunction) {
   return res.json((res.locals.user as UserModel).toFormattedJSON())
 }
@@ -264,11 +333,23 @@ async function listUsers (req: express.Request, res: express.Response, next: exp
   return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
 
+async function deleteMe (req: express.Request, res: express.Response) {
+  const user: UserModel = res.locals.oauth.token.User
+
+  await user.destroy()
+
+  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+
+  return res.sendStatus(204)
+}
+
 async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const user = await UserModel.loadById(req.params.id)
+  const user: UserModel = res.locals.user
 
   await user.destroy()
 
+  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+
   return res.sendStatus(204)
 }
 
@@ -276,6 +357,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
   const body: UserUpdateMe = req.body
 
   const user: UserModel = res.locals.oauth.token.user
+  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
 
   if (body.password !== undefined) user.password = body.password
   if (body.email !== undefined) user.email = body.email
@@ -290,6 +372,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
     await user.Account.save({ transaction: t })
 
     await sendUpdateActor(user.Account, t)
+
+    auditLogger.update(
+      res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+      new UserAuditView(user.toFormattedJSON()),
+      oldUserAuditView
+    )
   })
 
   return res.sendStatus(204)
@@ -297,10 +385,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
 
 async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
   const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
-  const account = res.locals.oauth.token.user.Account
+  const user: UserModel = res.locals.oauth.token.user
+  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
+  const account = user.Account
 
   const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
 
+  auditLogger.update(
+    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+    new UserAuditView(user.toFormattedJSON()),
+    oldUserAuditView
+  )
+
   return res
     .json({
       avatar: avatar.toFormattedJSON()
@@ -310,20 +406,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
 
 async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
   const body: UserUpdate = req.body
-  const user = res.locals.user as UserModel
-  const roleChanged = body.role !== undefined && body.role !== user.role
+  const userToUpdate = res.locals.user as UserModel
+  const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
+  const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
 
-  if (body.email !== undefined) user.email = body.email
-  if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
-  if (body.role !== undefined) user.role = body.role
+  if (body.email !== undefined) userToUpdate.email = body.email
+  if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
+  if (body.role !== undefined) userToUpdate.role = body.role
 
-  await user.save()
+  const user = await userToUpdate.save()
 
   // Destroy user token to refresh rights
   if (roleChanged) {
-    await OAuthTokenModel.deleteUserToken(user.id)
+    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
   }
 
+  auditLogger.update(
+    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+    new UserAuditView(user.toFormattedJSON()),
+    oldUserAuditView
+  )
+
   // Don't need to send this update to followers, these attributes are not propagated
 
   return res.sendStatus(204)
@@ -351,3 +454,24 @@ async function resetUserPassword (req: express.Request, res: express.Response, n
 function success (req: express.Request, res: express.Response, next: express.NextFunction) {
   res.end()
 }
+
+async function changeUserBlock (res: express.Response, user: UserModel, block: boolean, reason?: string) {
+  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
+
+  user.blocked = block
+  user.blockedReason = reason || null
+
+  await sequelizeTypescript.transaction(async t => {
+    await OAuthTokenModel.deleteUserToken(user.id, t)
+
+    await user.save({ transaction: t })
+  })
+
+  await Emailer.Instance.addUserBlockJob(user, block, reason)
+
+  auditLogger.update(
+    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+    new UserAuditView(user.toFormattedJSON()),
+    oldUserAuditView
+  )
+}