X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fabuse.ts;h=59bdf6257c3282302d594be51e376a2e5a0b48b1;hb=26b7305a232e547709f433a6edf700bf495935d8;hp=88204120fb4a42ce8cb3185e23e687c5713682cf;hpb=65fcc3119c334b75dd13bcfdebf186afdc580a8f;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index 88204120f..59bdf6257 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -1,41 +1,55 @@
-import express = require('express')
-import { waterfall } from 'async'
-
-const db = require('../../../initializers/database')
-import friends = require('../../../lib/friends')
-import {
-  logger,
-  getFormatedObjects,
-  retryTransactionWrapper,
-  startSerializableTransaction,
-  commitTransaction,
-  rollbackTransaction
-} from '../../../helpers'
+import * as express from 'express'
+import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
+import { logger } from '../../../helpers/logger'
+import { getFormattedObjects } from '../../../helpers/utils'
+import { sequelizeTypescript } from '../../../initializers'
+import { sendVideoAbuse } from '../../../lib/activitypub/send'
 import {
+  asyncMiddleware,
+  asyncRetryTransactionMiddleware,
   authenticate,
-  ensureIsAdmin,
+  ensureUserHasRight,
   paginationValidator,
+  setDefaultPagination,
+  setDefaultSort,
+  videoAbuseGetValidator,
   videoAbuseReportValidator,
   videoAbusesSortValidator,
-  setVideoAbusesSort,
-  setPagination
+  videoAbuseUpdateValidator
 } from '../../../middlewares'
+import { AccountModel } from '../../../models/account/account'
+import { VideoModel } from '../../../models/video/video'
+import { VideoAbuseModel } from '../../../models/video/video-abuse'
+import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
 
+const auditLogger = auditLoggerFactory('abuse')
 const abuseVideoRouter = express.Router()
 
 abuseVideoRouter.get('/abuse',
   authenticate,
-  ensureIsAdmin,
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
   paginationValidator,
   videoAbusesSortValidator,
-  setVideoAbusesSort,
-  setPagination,
-  listVideoAbuses
+  setDefaultSort,
+  setDefaultPagination,
+  asyncMiddleware(listVideoAbuses)
 )
-abuseVideoRouter.post('/:id/abuse',
+abuseVideoRouter.put('/:videoId/abuse/:id',
   authenticate,
-  videoAbuseReportValidator,
-  reportVideoAbuseRetryWrapper
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseUpdateValidator),
+  asyncRetryTransactionMiddleware(updateVideoAbuse)
+)
+abuseVideoRouter.post('/:videoId/abuse',
+  authenticate,
+  asyncMiddleware(videoAbuseReportValidator),
+  asyncRetryTransactionMiddleware(reportVideoAbuse)
+)
+abuseVideoRouter.delete('/:videoId/abuse/:id',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+  asyncMiddleware(videoAbuseGetValidator),
+  asyncRetryTransactionMiddleware(deleteVideoAbuse)
 )
 
 // ---------------------------------------------------------------------------
@@ -46,72 +60,68 @@ export {
 
 // ---------------------------------------------------------------------------
 
-function listVideoAbuses (req, res, next) {
-  db.VideoAbuse.listForApi(req.query.start, req.query.count, req.query.sort, function (err, abusesList, abusesTotal) {
-    if (err) return next(err)
+async function listVideoAbuses (req: express.Request, res: express.Response) {
+  const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
 
-    res.json(getFormatedObjects(abusesList, abusesTotal))
-  })
+  return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
 
-function reportVideoAbuseRetryWrapper (req, res, next) {
-  const options = {
-    arguments: [ req, res ],
-    errorMessage: 'Cannot report abuse to the video with many retries.'
-  }
+async function updateVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
 
-  retryTransactionWrapper(reportVideoAbuse, options, function (err) {
-    if (err) return next(err)
+  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
+  if (req.body.state !== undefined) videoAbuse.state = req.body.state
 
-    return res.type('json').status(204).end()
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.save({ transaction: t })
   })
-}
 
-function reportVideoAbuse (req, res, finalCallback) {
-  const videoInstance = res.locals.video
-  const reporterUsername = res.locals.oauth.token.User.username
+  // Do not send the delete to other instances, we updated OUR copy of this video abuse
 
-  const abuse = {
-    reporterUsername,
-    reason: req.body.reason,
-    videoId: videoInstance.id,
-    reporterPodId: null // This is our pod that reported this abuse
-  }
+  return res.type('json').status(204).end()
+}
 
-  waterfall([
+async function deleteVideoAbuse (req: express.Request, res: express.Response) {
+  const videoAbuse: VideoAbuseModel = res.locals.videoAbuse
 
-    startSerializableTransaction,
+  await sequelizeTypescript.transaction(t => {
+    return videoAbuse.destroy({ transaction: t })
+  })
 
-    function createAbuse (t, callback) {
-      db.VideoAbuse.create(abuse).asCallback(function (err, abuse) {
-        return callback(err, t, abuse)
-      })
-    },
+  // Do not send the delete to other instances, we delete OUR copy of this video abuse
 
-    function sendToFriendsIfNeeded (t, abuse, callback) {
-      // We send the information to the destination pod
-      if (videoInstance.isOwned() === false) {
-        const reportData = {
-          reporterUsername,
-          reportReason: abuse.reason,
-          videoRemoteId: videoInstance.remoteId
-        }
+  return res.type('json').status(204).end()
+}
 
-        friends.reportAbuseVideoToFriend(reportData, videoInstance)
-      }
+async function reportVideoAbuse (req: express.Request, res: express.Response) {
+  const videoInstance = res.locals.video as VideoModel
+  const reporterAccount = res.locals.oauth.token.User.Account as AccountModel
+  const body: VideoAbuseCreate = req.body
 
-      return callback(null, t)
-    },
+  const abuseToCreate = {
+    reporterAccountId: reporterAccount.id,
+    reason: body.reason,
+    videoId: videoInstance.id,
+    state: VideoAbuseState.PENDING
+  }
 
-    commitTransaction
+  const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
+    const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
+    videoAbuseInstance.Video = videoInstance
+    videoAbuseInstance.Account = reporterAccount
 
-  ], function andFinally (err, t) {
-    if (err) {
-      logger.debug('Cannot update the video.', { error: err })
-      return rollbackTransaction(err, t, finalCallback)
+    // We send the video abuse to the origin server
+    if (videoInstance.isOwned() === false) {
+      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
     }
 
-    logger.info('Abuse report for video %s created.', videoInstance.name)
-    return finalCallback(null)
+    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
+
+    return videoAbuseInstance
   })
+
+  logger.info('Abuse report for video %s created.', videoInstance.name)
+  return res.json({
+    videoAbuse: videoAbuse.toFormattedJSON()
+  }).end()
 }