PeerTube/server/controllers/api/videos/abuse.ts

159 lines
5.3 KiB
TypeScript
Raw Normal View History

2017-06-05 14:53:49 -05:00
import * as express from 'express'
import { UserRight, VideoAbuseCreate, VideoAbuseState, VideoAbuse } from '../../../../shared'
2017-12-28 04:16:08 -06:00
import { logger } from '../../../helpers/logger'
2020-04-23 02:32:53 -05:00
import { getFormattedObjects } from '../../../helpers/utils'
2020-05-07 07:58:24 -05:00
import { sequelizeTypescript } from '../../../initializers/database'
2017-05-15 15:22:03 -05:00
import {
2018-06-13 07:27:40 -05:00
asyncMiddleware,
asyncRetryTransactionMiddleware,
authenticate,
ensureUserHasRight,
paginationValidator,
setDefaultPagination,
setDefaultSort,
videoAbuseGetValidator,
2018-06-13 07:27:40 -05:00
videoAbuseReportValidator,
videoAbusesSortValidator,
2020-05-06 10:39:07 -05:00
videoAbuseUpdateValidator,
videoAbuseListValidator
2017-05-15 15:22:03 -05:00
} from '../../../middlewares'
2017-12-12 10:53:50 -06:00
import { AccountModel } from '../../../models/account/account'
import { VideoAbuseModel } from '../../../models/video/video-abuse'
import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
2018-12-26 03:36:24 -06:00
import { Notifier } from '../../../lib/notifier'
import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
2019-08-15 04:53:26 -05:00
import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
2020-04-23 02:32:53 -05:00
import { getServerActor } from '@server/models/application/application'
import { MAccountDefault } from '@server/typings/models'
2017-05-15 15:22:03 -05:00
const auditLogger = auditLoggerFactory('abuse')
2017-05-15 15:22:03 -05:00
const abuseVideoRouter = express.Router()
abuseVideoRouter.get('/abuse',
authenticate,
ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
2017-05-15 15:22:03 -05:00
paginationValidator,
videoAbusesSortValidator,
2018-01-17 03:50:33 -06:00
setDefaultSort,
setDefaultPagination,
2020-05-06 10:39:07 -05:00
videoAbuseListValidator,
2017-10-25 04:55:06 -05:00
asyncMiddleware(listVideoAbuses)
2017-05-05 09:53:35 -05:00
)
abuseVideoRouter.put('/:videoId/abuse/:id',
authenticate,
ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
asyncMiddleware(videoAbuseUpdateValidator),
asyncRetryTransactionMiddleware(updateVideoAbuse)
)
abuseVideoRouter.post('/:videoId/abuse',
2017-05-15 15:22:03 -05:00
authenticate,
2017-11-27 10:30:46 -06:00
asyncMiddleware(videoAbuseReportValidator),
2018-06-13 07:27:40 -05:00
asyncRetryTransactionMiddleware(reportVideoAbuse)
2017-05-05 09:53:35 -05:00
)
abuseVideoRouter.delete('/:videoId/abuse/:id',
authenticate,
ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
asyncMiddleware(videoAbuseGetValidator),
asyncRetryTransactionMiddleware(deleteVideoAbuse)
)
2017-05-05 09:53:35 -05:00
// ---------------------------------------------------------------------------
2017-05-15 15:22:03 -05:00
export {
abuseVideoRouter
}
2017-05-05 09:53:35 -05:00
// ---------------------------------------------------------------------------
async function listVideoAbuses (req: express.Request, res: express.Response) {
2019-08-29 07:31:04 -05:00
const user = res.locals.oauth.token.user
const serverActor = await getServerActor()
const resultList = await VideoAbuseModel.listForApi({
start: req.query.start,
count: req.query.count,
sort: req.query.sort,
2020-05-06 10:39:07 -05:00
id: req.query.id,
search: req.query.search,
2020-05-06 10:39:07 -05:00
state: req.query.state,
videoIs: req.query.videoIs,
searchReporter: req.query.searchReporter,
searchReportee: req.query.searchReportee,
searchVideo: req.query.searchVideo,
searchVideoChannel: req.query.searchVideoChannel,
2019-08-29 07:31:04 -05:00
serverAccountId: serverActor.Account.id,
user
})
2017-10-25 04:55:06 -05:00
return res.json(getFormattedObjects(resultList.data, resultList.total))
2017-05-05 09:53:35 -05:00
}
async function updateVideoAbuse (req: express.Request, res: express.Response) {
2019-03-19 04:35:15 -05:00
const videoAbuse = res.locals.videoAbuse
if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
if (req.body.state !== undefined) videoAbuse.state = req.body.state
await sequelizeTypescript.transaction(t => {
return videoAbuse.save({ transaction: t })
})
// Do not send the delete to other instances, we updated OUR copy of this video abuse
return res.type('json').status(204).end()
}
async function deleteVideoAbuse (req: express.Request, res: express.Response) {
2019-03-19 04:35:15 -05:00
const videoAbuse = res.locals.videoAbuse
await sequelizeTypescript.transaction(t => {
return videoAbuse.destroy({ transaction: t })
})
// Do not send the delete to other instances, we delete OUR copy of this video abuse
return res.type('json').status(204).end()
}
2017-10-25 04:55:06 -05:00
async function reportVideoAbuse (req: express.Request, res: express.Response) {
2019-08-15 04:53:26 -05:00
const videoInstance = res.locals.videoAll
const body: VideoAbuseCreate = req.body
let reporterAccount: MAccountDefault
let videoAbuseJSON: VideoAbuse
2017-05-05 09:53:35 -05:00
const videoAbuseInstance = await sequelizeTypescript.transaction(async t => {
reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
const abuseToCreate = {
reporterAccountId: reporterAccount.id,
reason: body.reason,
videoId: videoInstance.id,
state: VideoAbuseState.PENDING
}
2019-08-15 04:53:26 -05:00
const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
2017-11-16 10:04:19 -06:00
videoAbuseInstance.Video = videoInstance
videoAbuseInstance.Account = reporterAccount
2017-11-15 08:12:23 -06:00
// We send the video abuse to the origin server
2017-10-25 04:55:06 -05:00
if (videoInstance.isOwned() === false) {
2019-07-29 04:59:29 -05:00
await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
2017-10-25 04:55:06 -05:00
}
videoAbuseJSON = videoAbuseInstance.toFormattedJSON()
auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseJSON))
return videoAbuseInstance
})
2018-06-13 07:27:40 -05:00
Notifier.Instance.notifyOnNewVideoAbuse({
videoAbuse: videoAbuseJSON,
videoAbuseInstance,
reporter: reporterAccount.Actor.getIdentifier()
})
2019-07-29 04:59:29 -05:00
logger.info('Abuse report for video %s created.', videoInstance.name)
return res.json({ videoAbuse: videoAbuseJSON }).end()
2017-05-05 09:53:35 -05:00
}