From edbc9325462ddf4536775871ebc25e06f46612d1 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 24 Jul 2020 15:05:51 +0200
Subject: Add server API to abuse messages

---
 server/middlewares/user-right.ts       |   6 +-
 server/middlewares/validators/abuse.ts | 105 ++++++++++++++++++++++++++++++---
 2 files changed, 99 insertions(+), 12 deletions(-)

(limited to 'server/middlewares')

diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts
index 4da7b9802..4d836485c 100644
--- a/server/middlewares/user-right.ts
+++ b/server/middlewares/user-right.ts
@@ -9,11 +9,7 @@ function ensureUserHasRight (userRight: UserRight) {
       const message = `User ${user.username} does not have right ${UserRight[userRight]} to access to ${req.path}.`
       logger.info(message)
 
-      return res.status(403)
-        .json({
-          error: message
-        })
-        .end()
+      return res.status(403).json({ error: message })
     }
 
     return next()
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 966d1f7fb..cb0bc658a 100644
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -2,8 +2,9 @@ import * as express from 'express'
 import { body, param, query } from 'express-validator'
 import {
   isAbuseFilterValid,
+  isAbuseMessageValid,
   isAbuseModerationCommentValid,
-  isAbusePredefinedReasonsValid,
+  areAbusePredefinedReasonsValid,
   isAbusePredefinedReasonValid,
   isAbuseReasonValid,
   isAbuseStateValid,
@@ -15,7 +16,8 @@ import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers
 import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
 import { logger } from '@server/helpers/logger'
 import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
-import { AbuseCreate } from '@shared/models'
+import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
+import { AbuseCreate, UserRight } from '@shared/models'
 import { areValidationErrors } from './utils'
 
 const abuseReportValidator = [
@@ -53,7 +55,7 @@ const abuseReportValidator = [
 
   body('predefinedReasons')
     .optional()
-    .custom(isAbusePredefinedReasonsValid)
+    .custom(areAbusePredefinedReasonsValid)
     .withMessage('Should have a valid list of predefined reasons'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -111,7 +113,7 @@ const abuseUpdateValidator = [
   }
 ]
 
-const abuseListValidator = [
+const abuseListForAdminsValidator = [
   query('id')
     .optional()
     .custom(isIdValid).withMessage('Should have a valid id'),
@@ -146,7 +148,7 @@ const abuseListValidator = [
     .custom(exists).withMessage('Should have a valid video channel search'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking abuseListValidator parameters', { parameters: req.body })
+    logger.debug('Checking abuseListForAdminsValidator parameters', { parameters: req.body })
 
     if (areValidationErrors(req, res)) return
 
@@ -154,6 +156,91 @@ const abuseListValidator = [
   }
 ]
 
+const abuseListForUserValidator = [
+  query('id')
+    .optional()
+    .custom(isIdValid).withMessage('Should have a valid id'),
+
+  query('search')
+    .optional()
+    .custom(exists).withMessage('Should have a valid search'),
+
+  query('state')
+    .optional()
+    .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking abuseListForUserValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
+
+const getAbuseValidator = [
+  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking getAbuseValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+    if (!await doesAbuseExist(req.params.id, res)) return
+
+    const user = res.locals.oauth.token.user
+    const abuse = res.locals.abuse
+
+    if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuse.reporterAccountId !== user.Account.id) {
+      const message = `User ${user.username} does not have right to get abuse ${abuse.id}`
+      logger.warn(message)
+
+      return res.status(403).json({ error: message })
+    }
+
+    return next()
+  }
+]
+
+const addAbuseMessageValidator = [
+  body('message').custom(isAbuseMessageValid).not().isEmpty().withMessage('Should have a valid abuse message'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking addAbuseMessageValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
+
+const deleteAbuseMessageValidator = [
+  param('messageId').custom(isIdValid).not().isEmpty().withMessage('Should have a valid message id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking deleteAbuseMessageValidator parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+
+    const user = res.locals.oauth.token.user
+    const abuse = res.locals.abuse
+
+    const messageId = parseInt(req.params.messageId + '', 10)
+    const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
+
+    if (!abuseMessage) {
+      return res.status(404).json({ error: 'Abuse message not found' })
+    }
+
+    if (user.hasRight(UserRight.MANAGE_ABUSES) !== true && abuseMessage.accountId !== user.Account.id) {
+      return res.status(403).json({ error: 'Cannot delete this abuse message' })
+    }
+
+    res.locals.abuseMessage = abuseMessage
+
+    return next()
+  }
+]
+
 // FIXME: deprecated in 2.3. Remove these validators
 
 const videoAbuseReportValidator = [
@@ -167,7 +254,7 @@ const videoAbuseReportValidator = [
     .withMessage('Should have a valid reason'),
   body('predefinedReasons')
     .optional()
-    .custom(isAbusePredefinedReasonsValid)
+    .custom(areAbusePredefinedReasonsValid)
     .withMessage('Should have a valid list of predefined reasons'),
   body('startAt')
     .optional()
@@ -266,10 +353,14 @@ const videoAbuseListValidator = [
 // ---------------------------------------------------------------------------
 
 export {
-  abuseListValidator,
+  abuseListForAdminsValidator,
   abuseReportValidator,
   abuseGetValidator,
+  addAbuseMessageValidator,
   abuseUpdateValidator,
+  deleteAbuseMessageValidator,
+  abuseListForUserValidator,
+  getAbuseValidator,
   videoAbuseReportValidator,
   videoAbuseGetValidator,
   videoAbuseUpdateValidator,
-- 
cgit v1.2.3