From edbc9325462ddf4536775871ebc25e06f46612d1 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 24 Jul 2020 15:05:51 +0200
Subject: Add server API to abuse messages

---
 server/controllers/api/abuse.ts           | 81 ++++++++++++++++++++++++++++---
 server/controllers/api/users/index.ts     | 26 +++++-----
 server/controllers/api/users/my-abuses.ts | 48 ++++++++++++++++++
 server/controllers/api/videos/abuse.ts    |  8 +--
 4 files changed, 141 insertions(+), 22 deletions(-)
 create mode 100644 server/controllers/api/users/my-abuses.ts

(limited to 'server/controllers')

diff --git a/server/controllers/api/abuse.ts b/server/controllers/api/abuse.ts
index 04a0c06e3..50d068157 100644
--- a/server/controllers/api/abuse.ts
+++ b/server/controllers/api/abuse.ts
@@ -1,20 +1,24 @@
 import * as express from 'express'
 import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
 import { AbuseModel } from '@server/models/abuse/abuse'
+import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
 import { getServerActor } from '@server/models/application/application'
 import { AbuseCreate, abusePredefinedReasonsMap, AbuseState, UserRight } from '../../../shared'
 import { getFormattedObjects } from '../../helpers/utils'
 import { sequelizeTypescript } from '../../initializers/database'
 import {
   abuseGetValidator,
-  abuseListValidator,
+  abuseListForAdminsValidator,
   abuseReportValidator,
   abusesSortValidator,
   abuseUpdateValidator,
+  addAbuseMessageValidator,
   asyncMiddleware,
   asyncRetryTransactionMiddleware,
   authenticate,
+  deleteAbuseMessageValidator,
   ensureUserHasRight,
+  getAbuseValidator,
   paginationValidator,
   setDefaultPagination,
   setDefaultSort
@@ -30,8 +34,8 @@ abuseRouter.get('/',
   abusesSortValidator,
   setDefaultSort,
   setDefaultPagination,
-  abuseListValidator,
-  asyncMiddleware(listAbuses)
+  abuseListForAdminsValidator,
+  asyncMiddleware(listAbusesForAdmins)
 )
 abuseRouter.put('/:id',
   authenticate,
@@ -51,13 +55,33 @@ abuseRouter.delete('/:id',
   asyncRetryTransactionMiddleware(deleteAbuse)
 )
 
+abuseRouter.get('/:id/messages',
+  authenticate,
+  asyncMiddleware(getAbuseValidator),
+  asyncRetryTransactionMiddleware(listAbuseMessages)
+)
+
+abuseRouter.post('/:id/messages',
+  authenticate,
+  asyncMiddleware(getAbuseValidator),
+  addAbuseMessageValidator,
+  asyncRetryTransactionMiddleware(addAbuseMessage)
+)
+
+abuseRouter.delete('/:id/messages/:messageId',
+  authenticate,
+  asyncMiddleware(getAbuseValidator),
+  asyncMiddleware(deleteAbuseMessageValidator),
+  asyncRetryTransactionMiddleware(deleteAbuseMessage)
+)
+
 // ---------------------------------------------------------------------------
 
 export {
   abuseRouter,
 
   // FIXME: deprecated in 2.3. Remove these exports
-  listAbuses,
+  listAbusesForAdmins,
   updateAbuse,
   deleteAbuse,
   reportAbuse
@@ -65,11 +89,11 @@ export {
 
 // ---------------------------------------------------------------------------
 
-async function listAbuses (req: express.Request, res: express.Response) {
+async function listAbusesForAdmins (req: express.Request, res: express.Response) {
   const user = res.locals.oauth.token.user
   const serverActor = await getServerActor()
 
-  const resultList = await AbuseModel.listForApi({
+  const resultList = await AbuseModel.listForAdminApi({
     start: req.query.start,
     count: req.query.count,
     sort: req.query.sort,
@@ -87,7 +111,10 @@ async function listAbuses (req: express.Request, res: express.Response) {
     user
   })
 
-  return res.json(getFormattedObjects(resultList.data, resultList.total))
+  return res.json({
+    total: resultList.total,
+    data: resultList.data.map(d => d.toFormattedAdminJSON())
+  })
 }
 
 async function updateAbuse (req: express.Request, res: express.Response) {
@@ -100,6 +127,8 @@ async function updateAbuse (req: express.Request, res: express.Response) {
     return abuse.save({ transaction: t })
   })
 
+  // TODO: Notification
+
   // Do not send the delete to other instances, we updated OUR copy of this abuse
 
   return res.type('json').status(204).end()
@@ -166,3 +195,41 @@ async function reportAbuse (req: express.Request, res: express.Response) {
 
   return res.json({ abuse: { id } })
 }
+
+async function listAbuseMessages (req: express.Request, res: express.Response) {
+  const abuse = res.locals.abuse
+
+  const resultList = await AbuseMessageModel.listForApi(abuse.id)
+
+  return res.json(getFormattedObjects(resultList.data, resultList.total))
+}
+
+async function addAbuseMessage (req: express.Request, res: express.Response) {
+  const abuse = res.locals.abuse
+  const user = res.locals.oauth.token.user
+
+  const abuseMessage = await AbuseMessageModel.create({
+    message: req.body.message,
+    byModerator: abuse.reporterAccountId !== user.Account.id,
+    accountId: user.Account.id,
+    abuseId: abuse.id
+  })
+
+  // TODO: Notification
+
+  return res.json({
+    abuseMessage: {
+      id: abuseMessage.id
+    }
+  })
+}
+
+async function deleteAbuseMessage (req: express.Request, res: express.Response) {
+  const abuseMessage = res.locals.abuseMessage
+
+  await sequelizeTypescript.transaction(t => {
+    return abuseMessage.destroy({ transaction: t })
+  })
+
+  return res.sendStatus(204)
+}
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 5939f6125..d339c2a1c 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -1,10 +1,20 @@
 import * as express from 'express'
 import * as RateLimit from 'express-rate-limit'
+import { tokensRouter } from '@server/controllers/api/users/token'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { MUser, MUserAccountDefault } from '@server/types/models'
 import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
+import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
+import { UserRegister } from '../../../../shared/models/users/user-register.model'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { logger } from '../../../helpers/logger'
 import { generateRandomString, getFormattedObjects } from '../../../helpers/utils'
+import { CONFIG } from '../../../initializers/config'
 import { WEBSERVER } from '../../../initializers/constants'
+import { sequelizeTypescript } from '../../../initializers/database'
 import { Emailer } from '../../../lib/emailer'
+import { Notifier } from '../../../lib/notifier'
+import { deleteUserToken } from '../../../lib/oauth-model'
 import { Redis } from '../../../lib/redis'
 import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
 import {
@@ -18,9 +28,9 @@ import {
   setDefaultPagination,
   setDefaultSort,
   userAutocompleteValidator,
-  usersListValidator,
   usersAddValidator,
   usersGetValidator,
+  usersListValidator,
   usersRegisterValidator,
   usersRemoveValidator,
   usersSortValidator,
@@ -35,22 +45,13 @@ import {
   usersVerifyEmailValidator
 } from '../../../middlewares/validators'
 import { UserModel } from '../../../models/account/user'
-import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { meRouter } from './me'
-import { deleteUserToken } from '../../../lib/oauth-model'
+import { myAbusesRouter } from './my-abuses'
 import { myBlocklistRouter } from './my-blocklist'
-import { myVideoPlaylistsRouter } from './my-video-playlists'
 import { myVideosHistoryRouter } from './my-history'
 import { myNotificationsRouter } from './my-notifications'
-import { Notifier } from '../../../lib/notifier'
 import { mySubscriptionsRouter } from './my-subscriptions'
-import { CONFIG } from '../../../initializers/config'
-import { sequelizeTypescript } from '../../../initializers/database'
-import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
-import { UserRegister } from '../../../../shared/models/users/user-register.model'
-import { MUser, MUserAccountDefault } from '@server/types/models'
-import { Hooks } from '@server/lib/plugins/hooks'
-import { tokensRouter } from '@server/controllers/api/users/token'
+import { myVideoPlaylistsRouter } from './my-video-playlists'
 
 const auditLogger = auditLoggerFactory('users')
 
@@ -72,6 +73,7 @@ usersRouter.use('/', mySubscriptionsRouter)
 usersRouter.use('/', myBlocklistRouter)
 usersRouter.use('/', myVideosHistoryRouter)
 usersRouter.use('/', myVideoPlaylistsRouter)
+usersRouter.use('/', myAbusesRouter)
 usersRouter.use('/', meRouter)
 
 usersRouter.get('/autocomplete',
diff --git a/server/controllers/api/users/my-abuses.ts b/server/controllers/api/users/my-abuses.ts
new file mode 100644
index 000000000..e43fc483e
--- /dev/null
+++ b/server/controllers/api/users/my-abuses.ts
@@ -0,0 +1,48 @@
+import * as express from 'express'
+import { AbuseModel } from '@server/models/abuse/abuse'
+import {
+  abuseListForUserValidator,
+  abusesSortValidator,
+  asyncMiddleware,
+  authenticate,
+  paginationValidator,
+  setDefaultPagination,
+  setDefaultSort
+} from '../../../middlewares'
+
+const myAbusesRouter = express.Router()
+
+myAbusesRouter.get('/me/abuses',
+  authenticate,
+  paginationValidator,
+  abusesSortValidator,
+  setDefaultSort,
+  setDefaultPagination,
+  abuseListForUserValidator,
+  asyncMiddleware(listMyAbuses)
+)
+
+// ---------------------------------------------------------------------------
+
+export {
+  myAbusesRouter
+}
+
+// ---------------------------------------------------------------------------
+
+async function listMyAbuses (req: express.Request, res: express.Response) {
+  const resultList = await AbuseModel.listForUserApi({
+    start: req.query.start,
+    count: req.query.count,
+    sort: req.query.sort,
+    id: req.query.id,
+    search: req.query.search,
+    state: req.query.state,
+    user: res.locals.oauth.token.User
+  })
+
+  return res.json({
+    total: resultList.total,
+    data: resultList.data.map(d => d.toFormattedAdminJSON())
+  })
+}
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index b92a66360..9c4d00849 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -2,7 +2,6 @@ import * as express from 'express'
 import { AbuseModel } from '@server/models/abuse/abuse'
 import { getServerActor } from '@server/models/application/application'
 import { AbuseCreate, UserRight, VideoAbuseCreate } from '../../../../shared'
-import { getFormattedObjects } from '../../../helpers/utils'
 import {
   abusesSortValidator,
   asyncMiddleware,
@@ -63,7 +62,7 @@ async function listVideoAbuses (req: express.Request, res: express.Response) {
   const user = res.locals.oauth.token.user
   const serverActor = await getServerActor()
 
-  const resultList = await AbuseModel.listForApi({
+  const resultList = await AbuseModel.listForAdminApi({
     start: req.query.start,
     count: req.query.count,
     sort: req.query.sort,
@@ -81,7 +80,10 @@ async function listVideoAbuses (req: express.Request, res: express.Response) {
     user
   })
 
-  return res.json(getFormattedObjects(resultList.data, resultList.total))
+  return res.json({
+    total: resultList.total,
+    data: resultList.data.map(d => d.toFormattedAdminJSON())
+  })
 }
 
 async function updateVideoAbuse (req: express.Request, res: express.Response) {
-- 
cgit v1.2.3