X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fvideos%2Fabuse.ts;h=ca70230a2f475eb05e7a7f40c9821a62fdf15b12;hb=dae86118ed5d4026d04acb9d0e36829b9ad8eb4e;hp=3dd884354a7ff9940d6b999b4416ba182d8532ab;hpb=e02643f32e4c97ca307f8fc5b69be79c40d70a3b;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index 3dd884354..ca70230a2 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts @@ -1,41 +1,55 @@ -import express = require('express') -import { waterfall } from 'async' - -import { database as db } from '../../../initializers/database' -import friends = require('../../../lib/friends') -import { - logger, - getFormatedObjects, - retryTransactionWrapper, - startSerializableTransaction, - commitTransaction, - rollbackTransaction -} from '../../../helpers' +import * as express from 'express' +import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' +import { logger } from '../../../helpers/logger' +import { getFormattedObjects } from '../../../helpers/utils' +import { sequelizeTypescript } from '../../../initializers' import { + asyncMiddleware, + asyncRetryTransactionMiddleware, authenticate, - ensureIsAdmin, + ensureUserHasRight, paginationValidator, + setDefaultPagination, + setDefaultSort, + videoAbuseGetValidator, videoAbuseReportValidator, videoAbusesSortValidator, - setVideoAbusesSort, - setPagination + videoAbuseUpdateValidator } from '../../../middlewares' +import { AccountModel } from '../../../models/account/account' +import { VideoAbuseModel } from '../../../models/video/video-abuse' +import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' +import { Notifier } from '../../../lib/notifier' +import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' +const auditLogger = auditLoggerFactory('abuse') const abuseVideoRouter = express.Router() abuseVideoRouter.get('/abuse', authenticate, - ensureIsAdmin, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), paginationValidator, videoAbusesSortValidator, - setVideoAbusesSort, - setPagination, - listVideoAbuses + setDefaultSort, + setDefaultPagination, + asyncMiddleware(listVideoAbuses) ) -abuseVideoRouter.post('/:id/abuse', +abuseVideoRouter.put('/:videoId/abuse/:id', authenticate, - videoAbuseReportValidator, - reportVideoAbuseRetryWrapper + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseUpdateValidator), + asyncRetryTransactionMiddleware(updateVideoAbuse) +) +abuseVideoRouter.post('/:videoId/abuse', + authenticate, + asyncMiddleware(videoAbuseReportValidator), + asyncRetryTransactionMiddleware(reportVideoAbuse) +) +abuseVideoRouter.delete('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + asyncMiddleware(videoAbuseGetValidator), + asyncRetryTransactionMiddleware(deleteVideoAbuse) ) // --------------------------------------------------------------------------- @@ -46,72 +60,70 @@ export { // --------------------------------------------------------------------------- -function listVideoAbuses (req, res, next) { - db.VideoAbuse.listForApi(req.query.start, req.query.count, req.query.sort, function (err, abusesList, abusesTotal) { - if (err) return next(err) +async function listVideoAbuses (req: express.Request, res: express.Response) { + const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort) - res.json(getFormatedObjects(abusesList, abusesTotal)) - }) + return res.json(getFormattedObjects(resultList.data, resultList.total)) } -function reportVideoAbuseRetryWrapper (req, res, next) { - const options = { - arguments: [ req, res ], - errorMessage: 'Cannot report abuse to the video with many retries.' - } +async function updateVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse - retryTransactionWrapper(reportVideoAbuse, options, function (err) { - if (err) return next(err) + if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment + if (req.body.state !== undefined) videoAbuse.state = req.body.state - return res.type('json').status(204).end() + await sequelizeTypescript.transaction(t => { + return videoAbuse.save({ transaction: t }) }) + + // Do not send the delete to other instances, we updated OUR copy of this video abuse + + return res.type('json').status(204).end() } -function reportVideoAbuse (req, res, finalCallback) { +async function deleteVideoAbuse (req: express.Request, res: express.Response) { + const videoAbuse = res.locals.videoAbuse + + await sequelizeTypescript.transaction(t => { + return videoAbuse.destroy({ transaction: t }) + }) + + // Do not send the delete to other instances, we delete OUR copy of this video abuse + + return res.type('json').status(204).end() +} + +async function reportVideoAbuse (req: express.Request, res: express.Response) { const videoInstance = res.locals.video - const reporterUsername = res.locals.oauth.token.User.username - - const abuse = { - reporterUsername, - reason: req.body.reason, - videoId: videoInstance.id, - reporterPodId: null // This is our pod that reported this abuse - } - - waterfall([ - - startSerializableTransaction, - - function createAbuse (t, callback) { - db.VideoAbuse.create(abuse).asCallback(function (err, abuse) { - return callback(err, t, abuse) - }) - }, - - function sendToFriendsIfNeeded (t, abuse, callback) { - // We send the information to the destination pod - if (videoInstance.isOwned() === false) { - const reportData = { - reporterUsername, - reportReason: abuse.reason, - videoRemoteId: videoInstance.remoteId - } - - friends.reportAbuseVideoToFriend(reportData, videoInstance) - } - - return callback(null, t) - }, - - commitTransaction - - ], function andFinally (err, t) { - if (err) { - logger.debug('Cannot update the video.', { error: err }) - return rollbackTransaction(err, t, finalCallback) + const body: VideoAbuseCreate = req.body + + const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => { + const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) + + const abuseToCreate = { + reporterAccountId: reporterAccount.id, + reason: body.reason, + videoId: videoInstance.id, + state: VideoAbuseState.PENDING + } + + const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) + videoAbuseInstance.Video = videoInstance + videoAbuseInstance.Account = reporterAccount + + // We send the video abuse to the origin server + if (videoInstance.isOwned() === false) { + await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance) } - logger.info('Abuse report for video %s created.', videoInstance.name) - return finalCallback(null) + Notifier.Instance.notifyOnNewVideoAbuse(videoAbuseInstance) + + auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) + + return videoAbuseInstance }) + + logger.info('Abuse report for video %s created.', videoInstance.name) + + return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() }