PeerTube/server/controllers/api/abuse.ts

260 lines
7.5 KiB
TypeScript
Raw Normal View History

2021-08-27 07:32:44 -05:00
import express from 'express'
2020-08-06 07:58:01 -05:00
import { logger } from '@server/helpers/logger'
2020-07-01 09:05:30 -05:00
import { createAccountAbuse, createVideoAbuse, createVideoCommentAbuse } from '@server/lib/moderation'
2020-08-06 07:58:01 -05:00
import { Notifier } from '@server/lib/notifier'
2020-07-01 09:05:30 -05:00
import { AbuseModel } from '@server/models/abuse/abuse'
2020-07-24 08:05:51 -05:00
import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
2020-07-01 09:05:30 -05:00
import { getServerActor } from '@server/models/application/application'
2020-08-06 07:58:01 -05:00
import { abusePredefinedReasonsMap } from '@shared/core-utils/abuse'
2021-12-24 03:14:47 -06:00
import { AbuseCreate, AbuseState, HttpStatusCode, UserRight } from '@shared/models'
2020-07-01 09:05:30 -05:00
import { getFormattedObjects } from '../../helpers/utils'
import { sequelizeTypescript } from '../../initializers/database'
import {
abuseGetValidator,
2020-07-24 08:05:51 -05:00
abuseListForAdminsValidator,
2020-07-01 09:05:30 -05:00
abuseReportValidator,
abusesSortValidator,
abuseUpdateValidator,
2020-07-24 08:05:51 -05:00
addAbuseMessageValidator,
2023-06-20 07:17:34 -05:00
apiRateLimiter,
2020-07-01 09:05:30 -05:00
asyncMiddleware,
asyncRetryTransactionMiddleware,
authenticate,
checkAbuseValidForMessagesValidator,
2020-07-24 08:05:51 -05:00
deleteAbuseMessageValidator,
2020-07-01 09:05:30 -05:00
ensureUserHasRight,
2020-07-24 08:05:51 -05:00
getAbuseValidator,
openapiOperationDoc,
2020-07-01 09:05:30 -05:00
paginationValidator,
setDefaultPagination,
setDefaultSort
} from '../../middlewares'
import { AccountModel } from '../../models/account/account'
const abuseRouter = express.Router()
2023-06-20 07:17:34 -05:00
abuseRouter.use(apiRateLimiter)
2020-07-07 03:57:04 -05:00
abuseRouter.get('/',
openapiOperationDoc({ operationId: 'getAbuses' }),
2020-07-01 09:05:30 -05:00
authenticate,
ensureUserHasRight(UserRight.MANAGE_ABUSES),
paginationValidator,
abusesSortValidator,
setDefaultSort,
setDefaultPagination,
2020-07-24 08:05:51 -05:00
abuseListForAdminsValidator,
asyncMiddleware(listAbusesForAdmins)
2020-07-01 09:05:30 -05:00
)
2020-07-07 03:57:04 -05:00
abuseRouter.put('/:id',
2020-07-01 09:05:30 -05:00
authenticate,
ensureUserHasRight(UserRight.MANAGE_ABUSES),
asyncMiddleware(abuseUpdateValidator),
asyncRetryTransactionMiddleware(updateAbuse)
)
2020-07-07 03:57:04 -05:00
abuseRouter.post('/',
2020-07-01 09:05:30 -05:00
authenticate,
asyncMiddleware(abuseReportValidator),
asyncRetryTransactionMiddleware(reportAbuse)
)
2020-07-07 03:57:04 -05:00
abuseRouter.delete('/:id',
2020-07-01 09:05:30 -05:00
authenticate,
ensureUserHasRight(UserRight.MANAGE_ABUSES),
asyncMiddleware(abuseGetValidator),
asyncRetryTransactionMiddleware(deleteAbuse)
)
2020-07-24 08:05:51 -05:00
abuseRouter.get('/:id/messages',
authenticate,
asyncMiddleware(getAbuseValidator),
checkAbuseValidForMessagesValidator,
2020-07-24 08:05:51 -05:00
asyncRetryTransactionMiddleware(listAbuseMessages)
)
abuseRouter.post('/:id/messages',
authenticate,
asyncMiddleware(getAbuseValidator),
checkAbuseValidForMessagesValidator,
2020-07-24 08:05:51 -05:00
addAbuseMessageValidator,
asyncRetryTransactionMiddleware(addAbuseMessage)
)
abuseRouter.delete('/:id/messages/:messageId',
authenticate,
asyncMiddleware(getAbuseValidator),
checkAbuseValidForMessagesValidator,
2020-07-24 08:05:51 -05:00
asyncMiddleware(deleteAbuseMessageValidator),
asyncRetryTransactionMiddleware(deleteAbuseMessage)
)
2020-07-01 09:05:30 -05:00
// ---------------------------------------------------------------------------
export {
2020-11-10 07:41:20 -06:00
abuseRouter
2020-07-01 09:05:30 -05:00
}
// ---------------------------------------------------------------------------
2020-07-24 08:05:51 -05:00
async function listAbusesForAdmins (req: express.Request, res: express.Response) {
2020-07-01 09:05:30 -05:00
const user = res.locals.oauth.token.user
const serverActor = await getServerActor()
2020-07-24 08:05:51 -05:00
const resultList = await AbuseModel.listForAdminApi({
2020-07-01 09:05:30 -05:00
start: req.query.start,
count: req.query.count,
sort: req.query.sort,
id: req.query.id,
2020-07-07 03:57:04 -05:00
filter: req.query.filter,
2020-07-01 09:05:30 -05:00
predefinedReason: req.query.predefinedReason,
search: req.query.search,
state: req.query.state,
videoIs: req.query.videoIs,
searchReporter: req.query.searchReporter,
searchReportee: req.query.searchReportee,
searchVideo: req.query.searchVideo,
searchVideoChannel: req.query.searchVideoChannel,
serverAccountId: serverActor.Account.id,
user
})
2020-07-24 08:05:51 -05:00
return res.json({
total: resultList.total,
data: resultList.data.map(d => d.toFormattedAdminJSON())
})
2020-07-01 09:05:30 -05:00
}
async function updateAbuse (req: express.Request, res: express.Response) {
const abuse = res.locals.abuse
let stateUpdated = false
2020-07-01 09:05:30 -05:00
if (req.body.moderationComment !== undefined) abuse.moderationComment = req.body.moderationComment
if (req.body.state !== undefined) {
abuse.state = req.body.state
stateUpdated = true
}
2020-07-01 09:05:30 -05:00
await sequelizeTypescript.transaction(t => {
return abuse.save({ transaction: t })
})
if (stateUpdated === true) {
AbuseModel.loadFull(abuse.id)
.then(abuseFull => Notifier.Instance.notifyOnAbuseStateChange(abuseFull))
.catch(err => logger.error('Cannot notify on abuse state change', { err }))
}
2020-07-24 08:05:51 -05:00
2020-07-08 08:51:46 -05:00
// Do not send the delete to other instances, we updated OUR copy of this abuse
2020-07-01 09:05:30 -05:00
return res.status(HttpStatusCode.NO_CONTENT_204).end()
2020-07-01 09:05:30 -05:00
}
async function deleteAbuse (req: express.Request, res: express.Response) {
const abuse = res.locals.abuse
await sequelizeTypescript.transaction(t => {
return abuse.destroy({ transaction: t })
})
2020-07-08 08:51:46 -05:00
// Do not send the delete to other instances, we delete OUR copy of this abuse
2020-07-01 09:05:30 -05:00
return res.status(HttpStatusCode.NO_CONTENT_204).end()
2020-07-01 09:05:30 -05:00
}
async function reportAbuse (req: express.Request, res: express.Response) {
const videoInstance = res.locals.videoAll
const commentInstance = res.locals.videoCommentFull
const accountInstance = res.locals.account
const body: AbuseCreate = req.body
const { id } = await sequelizeTypescript.transaction(async t => {
2021-12-09 07:27:32 -06:00
const user = res.locals.oauth.token.User
// Don't send abuse notification if reporter is an admin/moderator
const skipNotification = user.hasRight(UserRight.MANAGE_ABUSES)
const reporterAccount = await AccountModel.load(user.Account.id, t)
2020-07-01 09:05:30 -05:00
const predefinedReasons = body.predefinedReasons?.map(r => abusePredefinedReasonsMap[r])
const baseAbuse = {
reporterAccountId: reporterAccount.id,
reason: body.reason,
state: AbuseState.PENDING,
predefinedReasons
}
if (body.video) {
return createVideoAbuse({
baseAbuse,
videoInstance,
reporterAccount,
transaction: t,
startAt: body.video.startAt,
2021-12-09 07:27:32 -06:00
endAt: body.video.endAt,
skipNotification
2020-07-01 09:05:30 -05:00
})
}
if (body.comment) {
return createVideoCommentAbuse({
baseAbuse,
commentInstance,
reporterAccount,
2021-12-09 07:27:32 -06:00
transaction: t,
skipNotification
2020-07-01 09:05:30 -05:00
})
}
// Account report
return createAccountAbuse({
baseAbuse,
accountInstance,
reporterAccount,
2021-12-09 07:27:32 -06:00
transaction: t,
skipNotification
2020-07-01 09:05:30 -05:00
})
})
return res.json({ abuse: { id } })
}
2020-07-24 08:05:51 -05:00
async function listAbuseMessages (req: express.Request, res: express.Response) {
const abuse = res.locals.abuse
const resultList = await AbuseMessageModel.listForApi(abuse.id)
return res.json(getFormattedObjects(resultList.data, resultList.total))
}
async function addAbuseMessage (req: express.Request, res: express.Response) {
const abuse = res.locals.abuse
const user = res.locals.oauth.token.user
const abuseMessage = await AbuseMessageModel.create({
message: req.body.message,
byModerator: abuse.reporterAccountId !== user.Account.id,
accountId: user.Account.id,
abuseId: abuse.id
})
AbuseModel.loadFull(abuse.id)
.then(abuseFull => Notifier.Instance.notifyOnAbuseMessage(abuseFull, abuseMessage))
.catch(err => logger.error('Cannot notify on new abuse message', { err }))
2020-07-24 08:05:51 -05:00
return res.json({
abuseMessage: {
id: abuseMessage.id
}
})
}
async function deleteAbuseMessage (req: express.Request, res: express.Response) {
const abuseMessage = res.locals.abuseMessage
await sequelizeTypescript.transaction(t => {
return abuseMessage.destroy({ transaction: t })
})
return res.status(HttpStatusCode.NO_CONTENT_204).end()
2020-07-24 08:05:51 -05:00
}