X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fabuse.ts;h=4ae899b7e7e91f5e64ed18ab169e60fb28bc5334;hb=8319d6ae72d4da6de51bd3d4b5c68040fc8dc3b4;hp=3413ae894d40fcf32b170a18e5a4e569533f7a14;hpb=90d4bb8125e80c8060416d4d135ddeaf0a622ede;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index 3413ae894..4ae899b7e 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts @@ -1,9 +1,8 @@ import * as express from 'express' -import { UserRight, VideoAbuseCreate } from '../../../../shared' +import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' import { logger } from '../../../helpers/logger' -import { getFormattedObjects } from '../../../helpers/utils' +import { getFormattedObjects, getServerActor } from '../../../helpers/utils' import { sequelizeTypescript } from '../../../initializers' -import { sendVideoAbuse } from '../../../lib/activitypub/send' import { asyncMiddleware, asyncRetryTransactionMiddleware, @@ -12,13 +11,19 @@ import { paginationValidator, setDefaultPagination, setDefaultSort, + videoAbuseGetValidator, videoAbuseReportValidator, - videoAbusesSortValidator + videoAbusesSortValidator, + videoAbuseUpdateValidator } from '../../../middlewares' import { AccountModel } from '../../../models/account/account' -import { VideoModel } from '../../../models/video/video' import { VideoAbuseModel } from '../../../models/video/video-abuse' +import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' +import { Notifier } from '../../../lib/notifier' +import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' +import { MVideoAbuseAccountVideo } from '../../../typings/models/video' +const auditLogger = auditLoggerFactory('abuse') const abuseVideoRouter = express.Router() abuseVideoRouter.get('/abuse', @@ -30,11 +35,23 @@ abuseVideoRouter.get('/abuse', setDefaultPagination, asyncMiddleware(listVideoAbuses) ) -abuseVideoRouter.post('/:id/abuse', +abuseVideoRouter.put('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseUpdateValidator), + asyncRetryTransactionMiddleware(updateVideoAbuse) +) +abuseVideoRouter.post('/:videoId/abuse', authenticate, asyncMiddleware(videoAbuseReportValidator), asyncRetryTransactionMiddleware(reportVideoAbuse) ) +abuseVideoRouter.delete('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseGetValidator), + asyncRetryTransactionMiddleware(deleteVideoAbuse) +) // --------------------------------------------------------------------------- @@ -44,34 +61,79 @@ export { // --------------------------------------------------------------------------- -async function listVideoAbuses (req: express.Request, res: express.Response, next: express.NextFunction) { - const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort) +async function listVideoAbuses (req: express.Request, res: express.Response) { + const user = res.locals.oauth.token.user + const serverActor = await getServerActor() + + const resultList = await VideoAbuseModel.listForApi({ + start: req.query.start, + count: req.query.count, + sort: req.query.sort, + serverAccountId: serverActor.Account.id, + user + }) return res.json(getFormattedObjects(resultList.data, resultList.total)) } +async function updateVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse + + if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment + if (req.body.state !== undefined) videoAbuse.state = req.body.state + + await sequelizeTypescript.transaction(t => { + return videoAbuse.save({ transaction: t }) + }) + + // Do not send the delete to other instances, we updated OUR copy of this video abuse + + return res.type('json').status(204).end() +} + +async function deleteVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse + + await sequelizeTypescript.transaction(t => { + return videoAbuse.destroy({ transaction: t }) + }) + + // Do not send the delete to other instances, we delete OUR copy of this video abuse + + return res.type('json').status(204).end() +} + async function reportVideoAbuse (req: express.Request, res: express.Response) { - const videoInstance = res.locals.video as VideoModel - const reporterAccount = res.locals.oauth.token.User.Account as AccountModel + const videoInstance = res.locals.videoAll const body: VideoAbuseCreate = req.body - const abuseToCreate = { - reporterAccountId: reporterAccount.id, - reason: body.reason, - videoId: videoInstance.id - } + const videoAbuse = await sequelizeTypescript.transaction(async t => { + const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) + + const abuseToCreate = { + reporterAccountId: reporterAccount.id, + reason: body.reason, + videoId: videoInstance.id, + state: VideoAbuseState.PENDING + } - await sequelizeTypescript.transaction(async t => { - const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) + const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) videoAbuseInstance.Video = videoInstance + videoAbuseInstance.Account = reporterAccount // We send the video abuse to the origin server if (videoInstance.isOwned() === false) { await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) } + + auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) + + return videoAbuseInstance }) + Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse) + logger.info('Abuse report for video %s created.', videoInstance.name) - return res.type('json').status(204).end() + return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() }