X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fabuse.ts;h=bce50aefbeeeb6fc12a6d9935d056febba0855fe;hb=80fdaf064562aff968f4c9cea1cf220bc12a70da;hp=68db025b7f3bf67a0ec079b61039bdd5fdd01171;hpb=4d4e5cd4dca78480ec7f40e747f424cd107376a4;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index 68db025b7..bce50aefb 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts @@ -1,41 +1,59 @@ import * as express from 'express' -import { waterfall } from 'async' - -import { database as db } from '../../../initializers/database' -import * as friends from '../../../lib/friends' -import { - logger, - getFormatedObjects, - retryTransactionWrapper, - startSerializableTransaction, - commitTransaction, - rollbackTransaction -} from '../../../helpers' +import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' +import { logger } from '../../../helpers/logger' +import { getFormattedObjects } from '../../../helpers/utils' +import { sequelizeTypescript } from '../../../initializers/database' import { + asyncMiddleware, + asyncRetryTransactionMiddleware, authenticate, - ensureIsAdmin, + ensureUserHasRight, paginationValidator, + setDefaultPagination, + setDefaultSort, + videoAbuseGetValidator, videoAbuseReportValidator, videoAbusesSortValidator, - setVideoAbusesSort, - setPagination + videoAbuseUpdateValidator, + videoAbuseListValidator } from '../../../middlewares' - +import { AccountModel } from '../../../models/account/account' +import { VideoAbuseModel } from '../../../models/video/video-abuse' +import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' +import { Notifier } from '../../../lib/notifier' +import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' +import { MVideoAbuseAccountVideo } from '../../../typings/models/video' +import { getServerActor } from '@server/models/application/application' + +const auditLogger = auditLoggerFactory('abuse') const abuseVideoRouter = express.Router() abuseVideoRouter.get('/abuse', authenticate, - ensureIsAdmin, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), paginationValidator, videoAbusesSortValidator, - setVideoAbusesSort, - setPagination, - listVideoAbuses + setDefaultSort, + setDefaultPagination, + videoAbuseListValidator, + asyncMiddleware(listVideoAbuses) ) -abuseVideoRouter.post('/:id/abuse', +abuseVideoRouter.put('/:videoId/abuse/:id', authenticate, - videoAbuseReportValidator, - reportVideoAbuseRetryWrapper + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseUpdateValidator), + asyncRetryTransactionMiddleware(updateVideoAbuse) +) +abuseVideoRouter.post('/:videoId/abuse', + authenticate, + asyncMiddleware(videoAbuseReportValidator), + asyncRetryTransactionMiddleware(reportVideoAbuse) +) +abuseVideoRouter.delete('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseGetValidator), + asyncRetryTransactionMiddleware(deleteVideoAbuse) ) // --------------------------------------------------------------------------- @@ -46,72 +64,87 @@ export { // --------------------------------------------------------------------------- -function listVideoAbuses (req, res, next) { - db.VideoAbuse.listForApi(req.query.start, req.query.count, req.query.sort, function (err, abusesList, abusesTotal) { - if (err) return next(err) - - res.json(getFormatedObjects(abusesList, abusesTotal)) +async function listVideoAbuses (req: express.Request, res: express.Response) { + const user = res.locals.oauth.token.user + const serverActor = await getServerActor() + + const resultList = await VideoAbuseModel.listForApi({ + start: req.query.start, + count: req.query.count, + sort: req.query.sort, + id: req.query.id, + search: req.query.search, + state: req.query.state, + videoIs: req.query.videoIs, + searchReporter: req.query.searchReporter, + searchReportee: req.query.searchReportee, + searchVideo: req.query.searchVideo, + searchVideoChannel: req.query.searchVideoChannel, + serverAccountId: serverActor.Account.id, + user }) + + return res.json(getFormattedObjects(resultList.data, resultList.total)) } -function reportVideoAbuseRetryWrapper (req, res, next) { - const options = { - arguments: [ req, res ], - errorMessage: 'Cannot report abuse to the video with many retries.' - } +async function updateVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse - retryTransactionWrapper(reportVideoAbuse, options, function (err) { - if (err) return next(err) + if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment + if (req.body.state !== undefined) videoAbuse.state = req.body.state - return res.type('json').status(204).end() + await sequelizeTypescript.transaction(t => { + return videoAbuse.save({ transaction: t }) }) -} -function reportVideoAbuse (req, res, finalCallback) { - const videoInstance = res.locals.video - const reporterUsername = res.locals.oauth.token.User.username + // Do not send the delete to other instances, we updated OUR copy of this video abuse - const abuse = { - reporterUsername, - reason: req.body.reason, - videoId: videoInstance.id, - reporterPodId: null // This is our pod that reported this abuse - } + return res.type('json').status(204).end() +} - waterfall([ +async function deleteVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse - startSerializableTransaction, + await sequelizeTypescript.transaction(t => { + return videoAbuse.destroy({ transaction: t }) + }) - function createAbuse (t, callback) { - db.VideoAbuse.create(abuse).asCallback(function (err, abuse) { - return callback(err, t, abuse) - }) - }, + // Do not send the delete to other instances, we delete OUR copy of this video abuse + + return res.type('json').status(204).end() +} - function sendToFriendsIfNeeded (t, abuse, callback) { - // We send the information to the destination pod - if (videoInstance.isOwned() === false) { - const reportData = { - reporterUsername, - reportReason: abuse.reason, - videoRemoteId: videoInstance.remoteId - } +async function reportVideoAbuse (req: express.Request, res: express.Response) { + const videoInstance = res.locals.videoAll + const body: VideoAbuseCreate = req.body - friends.reportAbuseVideoToFriend(reportData, videoInstance) - } + const videoAbuse = await sequelizeTypescript.transaction(async t => { + const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) - return callback(null, t) - }, + const abuseToCreate = { + reporterAccountId: reporterAccount.id, + reason: body.reason, + videoId: videoInstance.id, + state: VideoAbuseState.PENDING + } - commitTransaction + const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) + videoAbuseInstance.Video = videoInstance + videoAbuseInstance.Account = reporterAccount - ], function andFinally (err, t) { - if (err) { - logger.debug('Cannot update the video.', { error: err }) - return rollbackTransaction(err, t, finalCallback) + // We send the video abuse to the origin server + if (videoInstance.isOwned() === false) { + await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) } - logger.info('Abuse report for video %s created.', videoInstance.name) - return finalCallback(null) + auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) + + return videoAbuseInstance }) + + Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse) + + logger.info('Abuse report for video %s created.', videoInstance.name) + + return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() }