X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fabuse.ts;h=2af7b386413ec33ee545a8adc30755ebb1c4958c;hb=444c0a0e017824fb4ce526281a22c4abe0a13c50;hp=d9b4e8772fabfe766d72ce3970b18e1884b1bb9f;hpb=8e13fa7d09e9925b4559cbba6c5d72c5ff1bd391;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index d9b4e8772..2af7b3864 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -1,25 +1,32 @@
 import * as express from 'express'
-
-import { database as db } from '../../../initializers/database'
-import {
-  logger,
-  getFormattedObjects,
-  retryTransactionWrapper
-} from '../../../helpers'
+import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse } from '../../../../shared'
+import { logger } from '../../../helpers/logger'
+import { getFormattedObjects } from '../../../helpers/utils'
+import { sequelizeTypescript } from '../../../initializers/database'
 import {
+  asyncMiddleware,
+  asyncRetryTransactionMiddleware,
   authenticate,
   ensureUserHasRight,
   paginationValidator,
+  setDefaultPagination,
+  setDefaultSort,
+  videoAbuseGetValidator,
   videoAbuseReportValidator,
   videoAbusesSortValidator,
-  setVideoAbusesSort,
-  setPagination,
-  asyncMiddleware
+  videoAbuseUpdateValidator,
+  videoAbuseListValidator
 } from '../../../middlewares'
-import { VideoInstance } from '../../../models'
-import { VideoAbuseCreate, UserRight } from '../../../../shared'
-import { sendVideoAbuse } from '../../../lib/index'
-
+import { AccountModel } from '../../../models/account/account'
+import { VideoAbuseModel } from '../../../models/video/video-abuse'
+import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
+import { Notifier } from '../../../lib/notifier'
+import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
+import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
+import { getServerActor } from '@server/models/application/application'
+import { MAccountDefault } from '@server/typings/models'
+
+const auditLogger = auditLoggerFactory('abuse')
 const abuseVideoRouter = express.Router()
 
 abuseVideoRouter.get('/abuse',
@@ -27,14 +34,27 @@ abuseVideoRouter.get('/abuse',
   ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
   paginationValidator,
   videoAbusesSortValidator,
-  setVideoAbusesSort,
-  setPagination,
+  setDefaultSort,
+  setDefaultPagination,
+  videoAbuseListValidator,
   asyncMiddleware(listVideoAbuses)
 )
-abuseVideoRouter.post('/:id/abuse',
+abuseVideoRouter.put('/:videoId/abuse/:id',
   authenticate,
-  videoAbuseReportValidator,
-  asyncMiddleware(reportVideoAbuseRetryWrapper)
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseUpdateValidator),
+  asyncRetryTransactionMiddleware(updateVideoAbuse)
+)
+abuseVideoRouter.post('/:videoId/abuse',
+  authenticate,
+  asyncMiddleware(videoAbuseReportValidator),
+  asyncRetryTransactionMiddleware(reportVideoAbuse)
+)
+abuseVideoRouter.delete('/:videoId/abuse/:id',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseGetValidator),
+  asyncRetryTransactionMiddleware(deleteVideoAbuse)
 )
 
 // ---------------------------------------------------------------------------
@@ -45,42 +65,94 @@ export {
 
 // ---------------------------------------------------------------------------
 
-async function listVideoAbuses (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const resultList = await db.VideoAbuse.listForApi(req.query.start, req.query.count, req.query.sort)
+async function listVideoAbuses (req: express.Request, res: express.Response) {
+  const user = res.locals.oauth.token.user
+  const serverActor = await getServerActor()
+
+  const resultList = await VideoAbuseModel.listForApi({
+    start: req.query.start,
+    count: req.query.count,
+    sort: req.query.sort,
+    id: req.query.id,
+    search: req.query.search,
+    state: req.query.state,
+    videoIs: req.query.videoIs,
+    searchReporter: req.query.searchReporter,
+    searchReportee: req.query.searchReportee,
+    searchVideo: req.query.searchVideo,
+    searchVideoChannel: req.query.searchVideoChannel,
+    serverAccountId: serverActor.Account.id,
+    user
+  })
 
   return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
 
-async function reportVideoAbuseRetryWrapper (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const options = {
-    arguments: [ req, res ],
-    errorMessage: 'Cannot report abuse to the video with many retries.'
-  }
+async function updateVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse = res.locals.videoAbuse
+
+  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
+  if (req.body.state !== undefined) videoAbuse.state = req.body.state
+
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.save({ transaction: t })
+  })
+
+  // Do not send the delete to other instances, we updated OUR copy of this video abuse
+
+  return res.type('json').status(204).end()
+}
+
+async function deleteVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse = res.locals.videoAbuse
+
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.destroy({ transaction: t })
+  })
 
-  await retryTransactionWrapper(reportVideoAbuse, options)
+  // Do not send the delete to other instances, we delete OUR copy of this video abuse
 
   return res.type('json').status(204).end()
 }
 
 async function reportVideoAbuse (req: express.Request, res: express.Response) {
-  const videoInstance = res.locals.video as VideoInstance
-  const reporterAccount = res.locals.oauth.token.User.Account
+  const videoInstance = res.locals.videoAll
   const body: VideoAbuseCreate = req.body
+  let reporterAccount: MAccountDefault
+  let videoAbuseJSON: VideoAbuse
 
-  const abuseToCreate = {
-    reporterAccountId: reporterAccount.id,
-    reason: body.reason,
-    videoId: videoInstance.id
-  }
+  const videoAbuseInstance = await sequelizeTypescript.transaction(async t => {
+    reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
 
-  await db.sequelize.transaction(async t => {
-    const videoAbuseInstance = await db.VideoAbuse.create(abuseToCreate, { transaction: t })
+    const abuseToCreate = {
+      reporterAccountId: reporterAccount.id,
+      reason: body.reason,
+      videoId: videoInstance.id,
+      state: VideoAbuseState.PENDING
+    }
+
+    const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
+    videoAbuseInstance.Video = videoInstance
+    videoAbuseInstance.Account = reporterAccount
 
     // We send the video abuse to the origin server
     if (videoInstance.isOwned() === false) {
-      await sendVideoAbuse(reporterAccount, videoAbuseInstance, videoInstance, t)
+      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
     }
+
+    videoAbuseJSON = videoAbuseInstance.toFormattedJSON()
+    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON))
+
+    return videoAbuseInstance
+  })
+
+  Notifier.Instance.notifyOnNewVideoAbuse({
+    videoAbuse: videoAbuseJSON,
+    videoAbuseInstance,
+    reporter: reporterAccount.Actor.getIdentifier()
   })
 
   logger.info('Abuse report for video %s created.', videoInstance.name)
+
+  return res.json({ videoAbuse: videoAbuseJSON }).end()
 }