-import * as express from 'express'
+import express from 'express'
import { body, param, query } from 'express-validator'
import {
+ areAbusePredefinedReasonsValid,
isAbuseFilterValid,
+ isAbuseMessageValid,
isAbuseModerationCommentValid,
- isAbusePredefinedReasonsValid,
isAbusePredefinedReasonValid,
isAbuseReasonValid,
isAbuseStateValid,
isAbuseTimestampValid,
isAbuseVideoIsValid
} from '@server/helpers/custom-validators/abuses'
-import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'
-import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
+import { exists, isIdOrUUIDValid, isIdValid, toCompleteUUID, toIntOrNull } from '@server/helpers/custom-validators/misc'
import { logger } from '@server/helpers/logger'
-import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
-import { AbuseCreate } from '@shared/models'
-import { areValidationErrors } from './utils'
+import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
+import { AbuseCreate, UserRight } from '@shared/models'
+import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
+import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
+import { forceNumber } from '@shared/core-utils'
const abuseReportValidator = [
body('account.id')
.optional()
- .custom(isIdValid)
- .withMessage('Should have a valid accountId'),
+ .custom(isIdValid),
body('video.id')
.optional()
- .custom(isIdOrUUIDValid)
- .withMessage('Should have a valid videoId'),
+ .customSanitizer(toCompleteUUID)
+ .custom(isIdOrUUIDValid),
body('video.startAt')
.optional()
.customSanitizer(toIntOrNull)
- .custom(isAbuseTimestampValid)
- .withMessage('Should have valid starting time value'),
+ .custom(isAbuseTimestampValid),
body('video.endAt')
.optional()
.customSanitizer(toIntOrNull)
.custom(isAbuseTimestampValid)
- .withMessage('Should have valid ending time value')
.bail()
.custom(isAbuseTimestampCoherent)
.withMessage('Should have a startAt timestamp beginning before endAt'),
body('comment.id')
.optional()
- .custom(isIdValid)
- .withMessage('Should have a valid commentId'),
+ .custom(isIdValid),
body('reason')
- .custom(isAbuseReasonValid)
- .withMessage('Should have a valid reason'),
+ .custom(isAbuseReasonValid),
body('predefinedReasons')
.optional()
- .custom(isAbusePredefinedReasonsValid)
- .withMessage('Should have a valid list of predefined reasons'),
+ .custom(areAbusePredefinedReasonsValid),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking abuseReport parameters', { parameters: req.body })
-
if (areValidationErrors(req, res)) return
const body: AbuseCreate = req.body
if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return
if (!body.video?.id && !body.account?.id && !body.comment?.id) {
- res.status(400)
- .json({ error: 'video id or account id or comment id is required.' })
-
+ res.fail({ message: 'video id or account id or comment id is required.' })
return
}
]
const abuseGetValidator = [
- param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+ param('id')
+ .custom(isIdValid),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })
-
if (areValidationErrors(req, res)) return
if (!await doesAbuseExist(req.params.id, res)) return
]
const abuseUpdateValidator = [
- param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+ param('id')
+ .custom(isIdValid),
body('state')
.optional()
- .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
+ .custom(isAbuseStateValid),
body('moderationComment')
.optional()
- .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'),
+ .custom(isAbuseModerationCommentValid),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })
-
if (areValidationErrors(req, res)) return
if (!await doesAbuseExist(req.params.id, res)) return
}
]
-const abuseListValidator = [
+const abuseListForAdminsValidator = [
query('id')
.optional()
- .custom(isIdValid).withMessage('Should have a valid id'),
+ .custom(isIdValid),
query('filter')
.optional()
- .custom(isAbuseFilterValid)
- .withMessage('Should have a valid filter'),
+ .custom(isAbuseFilterValid),
query('predefinedReason')
.optional()
- .custom(isAbusePredefinedReasonValid)
- .withMessage('Should have a valid predefinedReason'),
+ .custom(isAbusePredefinedReasonValid),
query('search')
.optional()
- .custom(exists).withMessage('Should have a valid search'),
+ .custom(exists),
query('state')
.optional()
- .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
+ .custom(isAbuseStateValid),
query('videoIs')
.optional()
- .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
+ .custom(isAbuseVideoIsValid),
query('searchReporter')
.optional()
- .custom(exists).withMessage('Should have a valid reporter search'),
+ .custom(exists),
query('searchReportee')
.optional()
- .custom(exists).withMessage('Should have a valid reportee search'),
+ .custom(exists),
query('searchVideo')
.optional()
- .custom(exists).withMessage('Should have a valid video search'),
+ .custom(exists),
query('searchVideoChannel')
.optional()
- .custom(exists).withMessage('Should have a valid video channel search'),
+ .custom(exists),
(req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking abuseListValidator parameters', { parameters: req.body })
-
if (areValidationErrors(req, res)) return
return next()
}
]
-// FIXME: deprecated in 2.3. Remove these validators
-
-const videoAbuseReportValidator = [
- param('videoId')
- .custom(isIdOrUUIDValid)
- .not()
- .isEmpty()
- .withMessage('Should have a valid videoId'),
- body('reason')
- .custom(isAbuseReasonValid)
- .withMessage('Should have a valid reason'),
- body('predefinedReasons')
- .optional()
- .custom(isAbusePredefinedReasonsValid)
- .withMessage('Should have a valid list of predefined reasons'),
- body('startAt')
+const abuseListForUserValidator = [
+ query('id')
.optional()
- .customSanitizer(toIntOrNull)
- .custom(isAbuseTimestampValid)
- .withMessage('Should have valid starting time value'),
- body('endAt')
+ .custom(isIdValid),
+
+ query('search')
.optional()
- .customSanitizer(toIntOrNull)
- .custom(isAbuseTimestampValid)
- .withMessage('Should have valid ending time value'),
+ .custom(exists),
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })
+ query('state')
+ .optional()
+ .custom(isAbuseStateValid),
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
- if (!await doesVideoExist(req.params.videoId, res)) return
return next()
}
]
-const videoAbuseGetValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
- param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+const getAbuseValidator = [
+ param('id')
+ .custom(isIdValid),
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })
-
if (areValidationErrors(req, res)) return
- if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return
+ if (!await doesAbuseExist(req.params.id, res)) return
+
+ const user = res.locals.oauth.token.user
+ const abuse = res.locals.abuse
+
+ if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
+ const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
+ logger.warn(message)
+
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message
+ })
+ }
return next()
}
]
-const videoAbuseUpdateValidator = [
- param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
- param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
- body('state')
- .optional()
- .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
- body('moderationComment')
- .optional()
- .custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),
+const checkAbuseValidForMessagesValidator = [
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ const abuse = res.locals.abuse
+ if (abuse.ReporterAccount.isOwned() === false) {
+ return res.fail({ message: 'This abuse was created by a user of your instance.' })
+ }
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })
+ return next()
+ }
+]
+const addAbuseMessageValidator = [
+ body('message')
+ .custom(isAbuseMessageValid),
+
+ (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
- if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return
return next()
}
]
-const videoAbuseListValidator = [
- query('id')
- .optional()
- .custom(isIdValid).withMessage('Should have a valid id'),
- query('predefinedReason')
- .optional()
- .custom(isAbusePredefinedReasonValid)
- .withMessage('Should have a valid predefinedReason'),
- query('search')
- .optional()
- .custom(exists).withMessage('Should have a valid search'),
- query('state')
- .optional()
- .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
- query('videoIs')
- .optional()
- .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
- query('searchReporter')
- .optional()
- .custom(exists).withMessage('Should have a valid reporter search'),
- query('searchReportee')
- .optional()
- .custom(exists).withMessage('Should have a valid reportee search'),
- query('searchVideo')
- .optional()
- .custom(exists).withMessage('Should have a valid video search'),
- query('searchVideoChannel')
- .optional()
- .custom(exists).withMessage('Should have a valid video channel search'),
-
- (req: express.Request, res: express.Response, next: express.NextFunction) => {
- logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body })
+const deleteAbuseMessageValidator = [
+ param('messageId')
+ .custom(isIdValid),
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return
+ const user = res.locals.oauth.token.user
+ const abuse = res.locals.abuse
+
+ const messageId = forceNumber(req.params.messageId)
+ const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
+
+ if (!abuseMessage) {
+ return res.fail({
+ status: HttpStatusCode.NOT_FOUND_404,
+ message: 'Abuse message not found'
+ })
+ }
+
+ if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Cannot delete this abuse message'
+ })
+ }
+
+ res.locals.abuseMessage = abuseMessage
+
return next()
}
]
// ---------------------------------------------------------------------------
export {
- abuseListValidator,
+ abuseListForAdminsValidator,
abuseReportValidator,
abuseGetValidator,
+ addAbuseMessageValidator,
+ checkAbuseValidForMessagesValidator,
abuseUpdateValidator,
- videoAbuseReportValidator,
- videoAbuseGetValidator,
- videoAbuseUpdateValidator,
- videoAbuseListValidator
+ deleteAbuseMessageValidator,
+ abuseListForUserValidator,
+ getAbuseValidator
}
projects / github / Chocobozzz / PeerTube.git / blobdiff