From d95d15598847c7f020aa056e7e6e0c02d2bbf732 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 1 Jul 2020 16:05:30 +0200 Subject: Use 3 tables to represent abuses --- server/controllers/api/abuse.ts | 168 +++++++++++++++++++++++++++++++++ server/controllers/api/index.ts | 2 + server/controllers/api/videos/abuse.ts | 109 ++++++--------------- 3 files changed, 199 insertions(+), 80 deletions(-) create mode 100644 server/controllers/api/abuse.ts (limited to 'server/controllers/api') diff --git a/server/controllers/api/abuse.ts b/server/controllers/api/abuse.ts new file mode 100644 index 000000000..ee046cb3a --- /dev/null +++ b/server/controllers/api/abuse.ts @@ -0,0 +1,168 @@ +import * as express from 'express' +import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation' +import { AbuseModel } from '@server/models/abuse/abuse' +import { getServerActor } from '@server/models/application/application' +import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared' +import { getFormattedObjects } from '../../helpers/utils' +import { sequelizeTypescript } from '../../initializers/database' +import { + abuseGetValidator, + abuseListValidator, + abuseReportValidator, + abusesSortValidator, + abuseUpdateValidator, + asyncMiddleware, + asyncRetryTransactionMiddleware, + authenticate, + ensureUserHasRight, + paginationValidator, + setDefaultPagination, + setDefaultSort +} from '../../middlewares' +import { AccountModel } from '../../models/account/account' + +const abuseRouter = express.Router() + +abuseRouter.get('/abuse', + authenticate, + ensureUserHasRight(UserRight.MANAGE_ABUSES), + paginationValidator, + abusesSortValidator, + setDefaultSort, + setDefaultPagination, + abuseListValidator, + asyncMiddleware(listAbuses) +) +abuseRouter.put('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_ABUSES), + asyncMiddleware(abuseUpdateValidator), + asyncRetryTransactionMiddleware(updateAbuse) +) +abuseRouter.post('/:videoId/abuse', + authenticate, + asyncMiddleware(abuseReportValidator), + asyncRetryTransactionMiddleware(reportAbuse) +) +abuseRouter.delete('/:videoId/abuse/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_ABUSES), + asyncMiddleware(abuseGetValidator), + asyncRetryTransactionMiddleware(deleteAbuse) +) + +// --------------------------------------------------------------------------- + +export { + abuseRouter, + + // FIXME: deprecated in 2.3. Remove these exports + listAbuses, + updateAbuse, + deleteAbuse, + reportAbuse +} + +// --------------------------------------------------------------------------- + +async function listAbuses (req: express.Request, res: express.Response) { + const user = res.locals.oauth.token.user + const serverActor = await getServerActor() + + const resultList = await AbuseModel.listForApi({ + start: req.query.start, + count: req.query.count, + sort: req.query.sort, + id: req.query.id, + filter: 'video', + predefinedReason: req.query.predefinedReason, + search: req.query.search, + state: req.query.state, + videoIs: req.query.videoIs, + searchReporter: req.query.searchReporter, + searchReportee: req.query.searchReportee, + searchVideo: req.query.searchVideo, + searchVideoChannel: req.query.searchVideoChannel, + serverAccountId: serverActor.Account.id, + user + }) + + return res.json(getFormattedObjects(resultList.data, resultList.total)) +} + +async function updateAbuse (req: express.Request, res: express.Response) { + const abuse = res.locals.abuse + + if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment + if (req.body.state !== undefined) abuse.state = req.body.state + + await sequelizeTypescript.transaction(t => { + return abuse.save({ transaction: t }) + }) + + // Do not send the delete to other instances, we updated OUR copy of this video abuse + + return res.type('json').status(204).end() +} + +async function deleteAbuse (req: express.Request, res: express.Response) { + const abuse = res.locals.abuse + + await sequelizeTypescript.transaction(t => { + return abuse.destroy({ transaction: t }) + }) + + // Do not send the delete to other instances, we delete OUR copy of this video abuse + + return res.type('json').status(204).end() +} + +async function reportAbuse (req: express.Request, res: express.Response) { + const videoInstance = res.locals.videoAll + const commentInstance = res.locals.videoCommentFull + const accountInstance = res.locals.account + + const body: AbuseCreate = req.body + + const { id } = await sequelizeTypescript.transaction(async t => { + const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) + const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r]) + + const baseAbuse = { + reporterAccountId: reporterAccount.id, + reason: body.reason, + state: AbuseState.PENDING, + predefinedReasons + } + + if (body.video) { + return createVideoAbuse({ + baseAbuse, + videoInstance, + reporterAccount, + transaction: t, + startAt: body.video.startAt, + endAt: body.video.endAt + }) + } + + if (body.comment) { + return createVideoCommentAbuse({ + baseAbuse, + commentInstance, + reporterAccount, + transaction: t + }) + } + + // Account report + return createAccountAbuse({ + baseAbuse, + accountInstance, + reporterAccount, + transaction: t + }) + }) + + return res.json({ abuse: { id } }) +} diff --git a/server/controllers/api/index.ts b/server/controllers/api/index.ts index c334a26b4..eda9e04d1 100644 --- a/server/controllers/api/index.ts +++ b/server/controllers/api/index.ts @@ -3,6 +3,7 @@ import * as express from 'express' import * as RateLimit from 'express-rate-limit' import { badRequest } from '../../helpers/express-utils' import { CONFIG } from '../../initializers/config' +import { abuseRouter } from './abuse' import { accountsRouter } from './accounts' import { bulkRouter } from './bulk' import { configRouter } from './config' @@ -32,6 +33,7 @@ const apiRateLimiter = RateLimit({ apiRouter.use(apiRateLimiter) apiRouter.use('/server', serverRouter) +apiRouter.use('/abuses', abuseRouter) apiRouter.use('/bulk', bulkRouter) apiRouter.use('/oauth-clients', oauthClientsRouter) apiRouter.use('/config', configRouter) diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index ab2074459..b92a66360 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts @@ -1,9 +1,10 @@ import * as express from 'express' -import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse, videoAbusePredefinedReasonsMap } from '../../../../shared' -import { logger } from '../../../helpers/logger' +import { AbuseModel } from '@server/models/abuse/abuse' +import { getServerActor } from '@server/models/application/application' +import { AbuseCreate, UserRight, VideoAbuseCreate } from '../../../../shared' import { getFormattedObjects } from '../../../helpers/utils' -import { sequelizeTypescript } from '../../../initializers/database' import { + abusesSortValidator, asyncMiddleware, asyncRetryTransactionMiddleware, authenticate, @@ -12,28 +13,21 @@ import { setDefaultPagination, setDefaultSort, videoAbuseGetValidator, + videoAbuseListValidator, videoAbuseReportValidator, - videoAbusesSortValidator, - videoAbuseUpdateValidator, - videoAbuseListValidator + videoAbuseUpdateValidator } from '../../../middlewares' -import { AccountModel } from '../../../models/account/account' -import { VideoAbuseModel } from '../../../models/video/video-abuse' -import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' -import { Notifier } from '../../../lib/notifier' -import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' -import { MVideoAbuseAccountVideo } from '../../../types/models/video' -import { getServerActor } from '@server/models/application/application' -import { MAccountDefault } from '@server/types/models' +import { deleteAbuse, reportAbuse, updateAbuse } from '../abuse' + +// FIXME: deprecated in 2.3. Remove this controller -const auditLogger = auditLoggerFactory('abuse') const abuseVideoRouter = express.Router() abuseVideoRouter.get('/abuse', authenticate, - ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + ensureUserHasRight(UserRight.MANAGE_ABUSES), paginationValidator, - videoAbusesSortValidator, + abusesSortValidator, setDefaultSort, setDefaultPagination, videoAbuseListValidator, @@ -41,7 +35,7 @@ abuseVideoRouter.get('/abuse', ) abuseVideoRouter.put('/:videoId/abuse/:id', authenticate, - ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + ensureUserHasRight(UserRight.MANAGE_ABUSES), asyncMiddleware(videoAbuseUpdateValidator), asyncRetryTransactionMiddleware(updateVideoAbuse) ) @@ -52,7 +46,7 @@ abuseVideoRouter.post('/:videoId/abuse', ) abuseVideoRouter.delete('/:videoId/abuse/:id', authenticate, - ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), + ensureUserHasRight(UserRight.MANAGE_ABUSES), asyncMiddleware(videoAbuseGetValidator), asyncRetryTransactionMiddleware(deleteVideoAbuse) ) @@ -69,11 +63,12 @@ async function listVideoAbuses (req: express.Request, res: express.Response) { const user = res.locals.oauth.token.user const serverActor = await getServerActor() - const resultList = await VideoAbuseModel.listForApi({ + const resultList = await AbuseModel.listForApi({ start: req.query.start, count: req.query.count, sort: req.query.sort, id: req.query.id, + filter: 'video', predefinedReason: req.query.predefinedReason, search: req.query.search, state: req.query.state, @@ -90,74 +85,28 @@ async function listVideoAbuses (req: express.Request, res: express.Response) { } async function updateVideoAbuse (req: express.Request, res: express.Response) { - const videoAbuse = res.locals.videoAbuse - - if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment - if (req.body.state !== undefined) videoAbuse.state = req.body.state - - await sequelizeTypescript.transaction(t => { - return videoAbuse.save({ transaction: t }) - }) - - // Do not send the delete to other instances, we updated OUR copy of this video abuse - - return res.type('json').status(204).end() + return updateAbuse(req, res) } async function deleteVideoAbuse (req: express.Request, res: express.Response) { - const videoAbuse = res.locals.videoAbuse - - await sequelizeTypescript.transaction(t => { - return videoAbuse.destroy({ transaction: t }) - }) - - // Do not send the delete to other instances, we delete OUR copy of this video abuse - - return res.type('json').status(204).end() + return deleteAbuse(req, res) } async function reportVideoAbuse (req: express.Request, res: express.Response) { - const videoInstance = res.locals.videoAll - const body: VideoAbuseCreate = req.body - let reporterAccount: MAccountDefault - let videoAbuseJSON: VideoAbuse - - const videoAbuseInstance = await sequelizeTypescript.transaction(async t => { - reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) - const predefinedReasons = body.predefinedReasons?.map(r => videoAbusePredefinedReasonsMap[r]) - - const abuseToCreate = { - reporterAccountId: reporterAccount.id, - reason: body.reason, - videoId: videoInstance.id, - state: VideoAbuseState.PENDING, - predefinedReasons, - startAt: body.startAt, - endAt: body.endAt - } - - const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) - videoAbuseInstance.Video = videoInstance - videoAbuseInstance.Account = reporterAccount - - // We send the video abuse to the origin server - if (videoInstance.isOwned() === false) { - await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) - } + const oldBody = req.body as VideoAbuseCreate - videoAbuseJSON = videoAbuseInstance.toFormattedJSON() - auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON)) + req.body = { + accountId: res.locals.videoAll.VideoChannel.accountId, - return videoAbuseInstance - }) + reason: oldBody.reason, + predefinedReasons: oldBody.predefinedReasons, - Notifier.Instance.notifyOnNewVideoAbuse({ - videoAbuse: videoAbuseJSON, - videoAbuseInstance, - reporter: reporterAccount.Actor.getIdentifier() - }) - - logger.info('Abuse report for video "%s" created.', videoInstance.name) + video: { + id: res.locals.videoAll.id, + startAt: oldBody.startAt, + endAt: oldBody.endAt + } + } as AbuseCreate - return res.json({ videoAbuse: videoAbuseJSON }).end() + return reportAbuse(req, res) } -- cgit v1.2.3