Add server API to abuse messages

author: Chocobozzz <me@florianbigard.com> 2020-07-24 15:05:51 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2020-07-31 11:35:19 +0200
commit: edbc9325462ddf4536775871ebc25e06f46612d1 (patch)
tree: 9671dd51303e75d48d4f4f9a1df7a1960e33780d /server/middlewares
parent: 20516920d2b72c8a18bc24b9740f7176aa962da2 (diff)
download: PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.tar.gz
PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.tar.zst
PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.zip
2 files changed, 99 insertions, 12 deletions
diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts
index 4da7b9802..4d836485c 100644
--- a/server/middlewares/user-right.ts
+++ b/server/middlewares/user-right.ts
@@ -9,11 +9,7 @@ function ensureUserHasRight (userRight: UserRight) {
      const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`
      logger.info(message)
-      return res.status(403)
+      return res.status(403).json({ error: message })
-        .json({
-          error: message
-        })
-        .end()
    }
    return next()
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 966d1f7fb..cb0bc658a 100644
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -2,8 +2,9 @@ import * as express from 'express'
 import { body, param, query } from 'express-validator'
 import {
  isAbuseFilterValid,
+  isAbuseMessageValid,
  isAbuseModerationCommentValid,
-  isAbusePredefinedReasonsValid,
+  areAbusePredefinedReasonsValid,
  isAbusePredefinedReasonValid,
  isAbuseReasonValid,
  isAbuseStateValid,
@@ -15,7 +16,8 @@ import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers
 import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
 import { logger } from '@server/helpers/logger'
 import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
-import { AbuseCreate } from '@shared/models'
+import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
+import { AbuseCreate, UserRight } from '@shared/models'
 import { areValidationErrors } from './utils'
 const abuseReportValidator = [
@@ -53,7 +55,7 @@ const abuseReportValidator = [
  body('predefinedReasons')
    .optional()
-    .custom(isAbusePredefinedReasonsValid)
+    .custom(areAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -111,7 +113,7 @@ const abuseUpdateValidator = [
  }
 ]
-const abuseListValidator = [
+const abuseListForAdminsValidator = [
  query('id')
    .optional()
    .custom(isIdValid).withMessage('Should have a valid id'),
@@ -146,7 +148,7 @@ const abuseListValidator = [
    .custom(exists).withMessage('Should have a valid video channel search'),
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking abuseListValidator parameters', { parameters: req.body })
+    logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body })
    if (areValidationErrors(req, res)) return
@@ -154,6 +156,91 @@ const abuseListValidator = [
  }
 ]
+const abuseListForUserValidator = [
+  query('id')
+    .optional()
+    .custom(isIdValid).withMessage('Should have a valid id'),
+  query('search')
+    .optional()
+    .custom(exists).withMessage('Should have a valid search'),
+  query('state')
+    .optional()
+    .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    return next()
+  }
+]
+const getAbuseValidator = [
+  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking getAbuseValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    if (!await doesAbuseExist(req.params.id, res)) return
+    const user = res.locals.oauth.token.user
+    const abuse = res.locals.abuse
+    if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
+      const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
+      logger.warn(message)
+      return res.status(403).json({ error: message })
+    }
+    return next()
+  }
+]
+const addAbuseMessageValidator = [
+  body('message').custom(isAbuseMessageValid).not().isEmpty().withMessage('Should have a valid abuse message'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    return next()
+  }
+]
+const deleteAbuseMessageValidator = [
+  param('messageId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid message id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body })
+    if (areValidationErrors(req, res)) return
+    const user = res.locals.oauth.token.user
+    const abuse = res.locals.abuse
+    const messageId = parseInt(req.params.messageId + '', 10)
+    const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
+    if (!abuseMessage) {
+      return res.status(404).json({ error: 'Abuse message not found' })
+    }
+    if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
+      return res.status(403).json({ error: 'Cannot delete this abuse message' })
+    }
+    res.locals.abuseMessage = abuseMessage
+    return next()
+  }
+]
 // FIXME: deprecated in 2.3. Remove these validators
 const videoAbuseReportValidator = [
@@ -167,7 +254,7 @@ const videoAbuseReportValidator = [
    .withMessage('Should have a valid reason'),
  body('predefinedReasons')
    .optional()
-    .custom(isAbusePredefinedReasonsValid)
+    .custom(areAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),
  body('startAt')
    .optional()
@@ -266,10 +353,14 @@ const videoAbuseListValidator = [
 // ---------------------------------------------------------------------------
 export {
-  abuseListValidator,
+  abuseListForAdminsValidator,
  abuseReportValidator,
  abuseGetValidator,
+  addAbuseMessageValidator,
  abuseUpdateValidator,
+  deleteAbuseMessageValidator,
+  abuseListForUserValidator,
+  getAbuseValidator,
  videoAbuseReportValidator,
  videoAbuseGetValidator,
  videoAbuseUpdateValidator,
author	Chocobozzz <me@florianbigard.com>	2020-07-24 15:05:51 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2020-07-31 11:35:19 +0200
commit	edbc9325462ddf4536775871ebc25e06f46612d1 (patch)
tree	9671dd51303e75d48d4f4f9a1df7a1960e33780d /server/middlewares
parent	20516920d2b72c8a18bc24b9740f7176aa962da2 (diff)
download	PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.tar.gz PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.tar.zst PeerTube-edbc9325462ddf4536775871ebc25e06f46612d1.zip

diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts index 4da7b9802..4d836485c 100644 --- a/server/middlewares/user-right.ts +++ b/server/middlewares/user-right.ts
@@ -9,11 +9,7 @@ function ensureUserHasRight (userRight: UserRight) {
9	const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`	9	const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`
10	logger.info(message)	10	logger.info(message)
11		11
12	return res.status(403)	12	return res.status(403).json({ error: message })
13	.json({
14	error: message
15	})
16	.end()
17	}	13	}
18		14
19	return next()	15	return next()


diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts index 966d1f7fb..cb0bc658a 100644 --- a/server/middlewares/validators/abuse.ts +++ b/server/middlewares/validators/abuse.ts
@@ -2,8 +2,9 @@ import * as express from 'express'
2	import { body, param, query } from 'express-validator'	2	import { body, param, query } from 'express-validator'
3	import {	3	import {
4	isAbuseFilterValid,	4	isAbuseFilterValid,
		5	isAbuseMessageValid,
5	isAbuseModerationCommentValid,	6	isAbuseModerationCommentValid,
6	isAbusePredefinedReasonsValid,	7	areAbusePredefinedReasonsValid,
7	isAbusePredefinedReasonValid,	8	isAbusePredefinedReasonValid,
8	isAbuseReasonValid,	9	isAbuseReasonValid,
9	isAbuseStateValid,	10	isAbuseStateValid,
@@ -15,7 +16,8 @@ import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers
15	import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'	16	import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
16	import { logger } from '@server/helpers/logger'	17	import { logger } from '@server/helpers/logger'
17	import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'	18	import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
18	import { AbuseCreate } from '@shared/models'	19	import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
		20	import { AbuseCreate, UserRight } from '@shared/models'
19	import { areValidationErrors } from './utils'	21	import { areValidationErrors } from './utils'
20		22
21	const abuseReportValidator = [	23	const abuseReportValidator = [
@@ -53,7 +55,7 @@ const abuseReportValidator = [
53		55
54	body('predefinedReasons')	56	body('predefinedReasons')
55	.optional()	57	.optional()
56	.custom(isAbusePredefinedReasonsValid)	58	.custom(areAbusePredefinedReasonsValid)
57	.withMessage('Should have a valid list of predefined reasons'),	59	.withMessage('Should have a valid list of predefined reasons'),
58		60
59	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	61	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -111,7 +113,7 @@ const abuseUpdateValidator = [
111	}	113	}
112	]	114	]
113		115
114	const abuseListValidator = [	116	const abuseListForAdminsValidator = [
115	query('id')	117	query('id')
116	.optional()	118	.optional()
117	.custom(isIdValid).withMessage('Should have a valid id'),	119	.custom(isIdValid).withMessage('Should have a valid id'),
@@ -146,7 +148,7 @@ const abuseListValidator = [
146	.custom(exists).withMessage('Should have a valid video channel search'),	148	.custom(exists).withMessage('Should have a valid video channel search'),
147		149
148	(req: express.Request, res: express.Response, next: express.NextFunction) => {	150	(req: express.Request, res: express.Response, next: express.NextFunction) => {
149	logger.debug('Checking abuseListValidator parameters', { parameters: req.body })	151	logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body })
150		152
151	if (areValidationErrors(req, res)) return	153	if (areValidationErrors(req, res)) return
152		154
@@ -154,6 +156,91 @@ const abuseListValidator = [
154	}	156	}
155	]	157	]
156		158
		159	const abuseListForUserValidator = [
		160	query('id')
		161	.optional()
		162	.custom(isIdValid).withMessage('Should have a valid id'),
		163
		164	query('search')
		165	.optional()
		166	.custom(exists).withMessage('Should have a valid search'),
		167
		168	query('state')
		169	.optional()
		170	.custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
		171
		172	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		173	logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body })
		174
		175	if (areValidationErrors(req, res)) return
		176
		177	return next()
		178	}
		179	]
		180
		181	const getAbuseValidator = [
		182	param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
		183
		184	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		185	logger.debug('Checking getAbuseValidator parameters', { parameters: req.body })
		186
		187	if (areValidationErrors(req, res)) return
		188	if (!await doesAbuseExist(req.params.id, res)) return
		189
		190	const user = res.locals.oauth.token.user
		191	const abuse = res.locals.abuse
		192
		193	if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
		194	const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
		195	logger.warn(message)
		196
		197	return res.status(403).json({ error: message })
		198	}
		199
		200	return next()
		201	}
		202	]
		203
		204	const addAbuseMessageValidator = [
		205	body('message').custom(isAbuseMessageValid).not().isEmpty().withMessage('Should have a valid abuse message'),
		206
		207	(req: express.Request, res: express.Response, next: express.NextFunction) => {
		208	logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body })
		209
		210	if (areValidationErrors(req, res)) return
		211
		212	return next()
		213	}
		214	]
		215
		216	const deleteAbuseMessageValidator = [
		217	param('messageId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid message id'),
		218
		219	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		220	logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body })
		221
		222	if (areValidationErrors(req, res)) return
		223
		224	const user = res.locals.oauth.token.user
		225	const abuse = res.locals.abuse
		226
		227	const messageId = parseInt(req.params.messageId + '', 10)
		228	const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
		229
		230	if (!abuseMessage) {
		231	return res.status(404).json({ error: 'Abuse message not found' })
		232	}
		233
		234	if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
		235	return res.status(403).json({ error: 'Cannot delete this abuse message' })
		236	}
		237
		238	res.locals.abuseMessage = abuseMessage
		239
		240	return next()
		241	}
		242	]
		243
157	// FIXME: deprecated in 2.3. Remove these validators	244	// FIXME: deprecated in 2.3. Remove these validators
158		245
159	const videoAbuseReportValidator = [	246	const videoAbuseReportValidator = [
@@ -167,7 +254,7 @@ const videoAbuseReportValidator = [
167	.withMessage('Should have a valid reason'),	254	.withMessage('Should have a valid reason'),
168	body('predefinedReasons')	255	body('predefinedReasons')
169	.optional()	256	.optional()
170	.custom(isAbusePredefinedReasonsValid)	257	.custom(areAbusePredefinedReasonsValid)
171	.withMessage('Should have a valid list of predefined reasons'),	258	.withMessage('Should have a valid list of predefined reasons'),
172	body('startAt')	259	body('startAt')
173	.optional()	260	.optional()
@@ -266,10 +353,14 @@ const videoAbuseListValidator = [
266	// ---------------------------------------------------------------------------	353	// ---------------------------------------------------------------------------
267		354
268	export {	355	export {
269	abuseListValidator,	356	abuseListForAdminsValidator,
270	abuseReportValidator,	357	abuseReportValidator,
271	abuseGetValidator,	358	abuseGetValidator,
		359	addAbuseMessageValidator,
272	abuseUpdateValidator,	360	abuseUpdateValidator,
		361	deleteAbuseMessageValidator,
		362	abuseListForUserValidator,
		363	getAbuseValidator,
273	videoAbuseReportValidator,	364	videoAbuseReportValidator,
274	videoAbuseGetValidator,	365	videoAbuseGetValidator,
275	videoAbuseUpdateValidator,	366	videoAbuseUpdateValidator,