2
1

abuse.ts 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. import * as express from 'express'
  2. import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
  3. import { logger } from '../../../helpers/logger'
  4. import { getFormattedObjects } from '../../../helpers/utils'
  5. import { sequelizeTypescript } from '../../../initializers'
  6. import {
  7. asyncMiddleware,
  8. asyncRetryTransactionMiddleware,
  9. authenticate,
  10. ensureUserHasRight,
  11. paginationValidator,
  12. setDefaultPagination,
  13. setDefaultSort,
  14. videoAbuseGetValidator,
  15. videoAbuseReportValidator,
  16. videoAbusesSortValidator,
  17. videoAbuseUpdateValidator
  18. } from '../../../middlewares'
  19. import { AccountModel } from '../../../models/account/account'
  20. import { VideoAbuseModel } from '../../../models/video/video-abuse'
  21. import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
  22. import { Notifier } from '../../../lib/notifier'
  23. import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
  24. const auditLogger = auditLoggerFactory('abuse')
  25. const abuseVideoRouter = express.Router()
  26. abuseVideoRouter.get('/abuse',
  27. authenticate,
  28. ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  29. paginationValidator,
  30. videoAbusesSortValidator,
  31. setDefaultSort,
  32. setDefaultPagination,
  33. asyncMiddleware(listVideoAbuses)
  34. )
  35. abuseVideoRouter.put('/:videoId/abuse/:id',
  36. authenticate,
  37. ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  38. asyncMiddleware(videoAbuseUpdateValidator),
  39. asyncRetryTransactionMiddleware(updateVideoAbuse)
  40. )
  41. abuseVideoRouter.post('/:videoId/abuse',
  42. authenticate,
  43. asyncMiddleware(videoAbuseReportValidator),
  44. asyncRetryTransactionMiddleware(reportVideoAbuse)
  45. )
  46. abuseVideoRouter.delete('/:videoId/abuse/:id',
  47. authenticate,
  48. ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  49. asyncMiddleware(videoAbuseGetValidator),
  50. asyncRetryTransactionMiddleware(deleteVideoAbuse)
  51. )
  52. // ---------------------------------------------------------------------------
  53. export {
  54. abuseVideoRouter
  55. }
  56. // ---------------------------------------------------------------------------
  57. async function listVideoAbuses (req: express.Request, res: express.Response) {
  58. const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)
  59. return res.json(getFormattedObjects(resultList.data, resultList.total))
  60. }
  61. async function updateVideoAbuse (req: express.Request, res: express.Response) {
  62. const videoAbuse = res.locals.videoAbuse
  63. if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  64. if (req.body.state !== undefined) videoAbuse.state = req.body.state
  65. await sequelizeTypescript.transaction(t => {
  66. return videoAbuse.save({ transaction: t })
  67. })
  68. // Do not send the delete to other instances, we updated OUR copy of this video abuse
  69. return res.type('json').status(204).end()
  70. }
  71. async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  72. const videoAbuse = res.locals.videoAbuse
  73. await sequelizeTypescript.transaction(t => {
  74. return videoAbuse.destroy({ transaction: t })
  75. })
  76. // Do not send the delete to other instances, we delete OUR copy of this video abuse
  77. return res.type('json').status(204).end()
  78. }
  79. async function reportVideoAbuse (req: express.Request, res: express.Response) {
  80. const videoInstance = res.locals.video
  81. const body: VideoAbuseCreate = req.body
  82. const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
  83. const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
  84. const abuseToCreate = {
  85. reporterAccountId: reporterAccount.id,
  86. reason: body.reason,
  87. videoId: videoInstance.id,
  88. state: VideoAbuseState.PENDING
  89. }
  90. const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
  91. videoAbuseInstance.Video = videoInstance
  92. videoAbuseInstance.Account = reporterAccount
  93. // We send the video abuse to the origin server
  94. if (videoInstance.isOwned() === false) {
  95. await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance)
  96. }
  97. Notifier.Instance.notifyOnNewVideoAbuse(videoAbuseInstance)
  98. auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
  99. return videoAbuseInstance
  100. })
  101. logger.info('Abuse report for video %s created.', videoInstance.name)
  102. return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
  103. }