PeerTube/server/core/lib/moderation.ts

259 lines
7.6 KiB
TypeScript
Raw Normal View History

2022-09-23 08:32:56 -05:00
import express, { VideoUploadFile } from 'express'
import { PathLike } from 'fs-extra/esm'
import { Transaction } from 'sequelize'
import { AbuseAuditView, auditLoggerFactory } from '@server/helpers/audit-logger.js'
import { afterCommitIfTransaction } from '@server/helpers/database-utils.js'
import { logger } from '@server/helpers/logger.js'
import { AbuseModel } from '@server/models/abuse/abuse.js'
import { VideoAbuseModel } from '@server/models/abuse/video-abuse.js'
import { VideoCommentAbuseModel } from '@server/models/abuse/video-comment-abuse.js'
import { VideoFileModel } from '@server/models/video/video-file.js'
import { FilteredModelAttributes } from '@server/types/index.js'
2020-07-01 09:05:30 -05:00
import {
MAbuseFull,
MAccountDefault,
MAccountLight,
2022-09-23 04:38:18 -05:00
MComment,
2020-07-01 09:05:30 -05:00
MCommentAbuseAccountVideo,
MCommentOwnerVideo,
MUser,
2024-02-12 03:47:52 -06:00
MUserDefault,
2020-07-01 09:05:30 -05:00
MVideoAbuseVideoFull,
MVideoAccountLightBlacklistAllFiles
} from '@server/types/models/index.js'
import { LiveVideoCreate, VideoCommentCreate, VideoCreate, VideoImportCreate } from '@peertube/peertube-models'
import { UserModel } from '../models/user/user.js'
import { VideoCommentModel } from '../models/video/video-comment.js'
import { VideoModel } from '../models/video/video.js'
import { sendAbuse } from './activitypub/send/send-flag.js'
import { Notifier } from './notifier/index.js'
2019-07-18 07:28:37 -05:00
export type AcceptResult = {
accepted: boolean
errorMessage?: string
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2023-07-19 09:02:49 -05:00
function isLocalVideoFileAccepted (object: {
2020-01-31 09:56:52 -06:00
videoBody: VideoCreate
Resumable video uploads (#3933) * WIP: resumable video uploads relates to #324 * fix review comments * video upload: error handling * fix audio upload * fixes after self review * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/middlewares/validators/videos/videos.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * update after code review * refactor upload route - restore multipart upload route - move resumable to dedicated upload-resumable route - move checks to middleware - do not leak internal fs structure in response * fix yarn.lock upon rebase * factorize addVideo for reuse in both endpoints * add resumable upload API to openapi spec * add initial test and test helper for resumable upload * typings for videoAddResumable middleware * avoid including aws and google packages via node-uploadx, by only including uploadx/core * rename ex-isAudioBg to more explicit name mentioning it is a preview file for audio * add video-upload-tmp-folder-cleaner job * stronger typing of video upload middleware * reduce dependency to @uploadx/core * add audio upload test * refactor resumable uploads cleanup from job to scheduler * refactor resumable uploads scheduler to compare to last execution time * make resumable upload validator to always cleanup on failure * move legacy upload request building outside of uploadVideo test helper * filter upload-resumable middlewares down to POST, PUT, DELETE also begin to type metadata * merge add duration functions * stronger typings and documentation for uploadx behaviour, move init validator up * refactor(client/video-edit): options > uploadxOptions * refactor(client/video-edit): remove obsolete else * scheduler/remove-dangling-resum: rename tag * refactor(server/video): add UploadVideoFiles type * refactor(mw/validators): restructure eslint disable * refactor(mw/validators/videos): rename import * refactor(client/vid-upload): rename html elem id * refactor(sched/remove-dangl): move fn to method * refactor(mw/async): add method typing * refactor(mw/vali/video): double quote > single * refactor(server/upload-resum): express use > all * proper http methud enum server/middlewares/async.ts * properly type http methods * factorize common video upload validation steps * add check for maximum partially uploaded file size * fix audioBg use * fix extname(filename) in addVideo * document parameters for uploadx's resumable protocol * clear META files in scheduler * last audio refactor before cramming preview in the initial POST form data * refactor as mulitpart/form-data initial post request this allows preview/thumbnail uploads alongside the initial request, and cleans up the upload form * Add more tests for resumable uploads * Refactor remove dangling resumable uploads * Prepare changelog * Add more resumable upload tests * Remove user quota check for resumable uploads * Fix upload error handler * Update nginx template for upload-resumable * Cleanup comment * Remove unused express methods * Prefer to use got instead of raw http * Don't retry on error 500 Co-authored-by: Rigel Kent <par@rigelk.eu> Co-authored-by: Rigel Kent <sendmemail@rigelk.eu> Co-authored-by: Chocobozzz <me@florianbigard.com>
2021-05-10 04:13:41 -05:00
videoFile: VideoUploadFile
2024-02-12 03:47:52 -06:00
user: MUserDefault
2019-07-18 07:28:37 -05:00
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2020-11-06 06:59:50 -06:00
function isLocalLiveVideoAccepted (object: {
liveVideoBody: LiveVideoCreate
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2019-07-18 07:28:37 -05:00
function isLocalVideoThreadAccepted (_object: {
2022-09-23 08:32:56 -05:00
req: express.Request
2020-01-31 09:56:52 -06:00
commentBody: VideoCommentCreate
video: VideoModel
2019-07-18 07:28:37 -05:00
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// Stub function that can be filtered by plugins
2019-07-18 07:28:37 -05:00
function isLocalVideoCommentReplyAccepted (_object: {
2022-09-23 08:32:56 -05:00
req: express.Request
2020-01-31 09:56:52 -06:00
commentBody: VideoCommentCreate
parentComment: VideoCommentModel
video: VideoModel
2019-07-18 07:28:37 -05:00
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
2019-07-18 07:28:37 -05:00
2022-09-23 04:38:18 -05:00
// Stub function that can be filtered by plugins
2019-07-18 07:28:37 -05:00
function isRemoteVideoCommentAccepted (_object: {
2022-09-23 04:38:18 -05:00
comment: MComment
2019-07-18 07:28:37 -05:00
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
function isPreImportVideoAccepted (object: {
videoImportBody: VideoImportCreate
user: MUser
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// Stub function that can be filtered by plugins
function isPostImportVideoAccepted (object: {
videoFilePath: PathLike
videoFile: VideoFileModel
user: MUser
}): AcceptResult {
return { accepted: true }
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
2020-07-01 09:05:30 -05:00
async function createVideoAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
videoInstance: MVideoAccountLightBlacklistAllFiles
startAt: number
endAt: number
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 07:27:32 -06:00
skipNotification: boolean
2020-07-01 09:05:30 -05:00
}) {
2021-12-09 07:27:32 -06:00
const { baseAbuse, videoInstance, startAt, endAt, transaction, reporterAccount, skipNotification } = options
2020-07-01 09:05:30 -05:00
const associateFun = async (abuseInstance: MAbuseFull) => {
const videoAbuseInstance: MVideoAbuseVideoFull = await VideoAbuseModel.create({
abuseId: abuseInstance.id,
videoId: videoInstance.id,
2022-07-13 04:58:01 -05:00
startAt,
endAt
2020-07-01 09:05:30 -05:00
}, { transaction })
videoAbuseInstance.Video = videoInstance
abuseInstance.VideoAbuse = videoAbuseInstance
return { isOwned: videoInstance.isOwned() }
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: videoInstance.VideoChannel.Account,
transaction,
2021-12-09 07:27:32 -06:00
skipNotification,
2020-07-01 09:05:30 -05:00
associateFun
})
}
function createVideoCommentAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
commentInstance: MCommentOwnerVideo
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 07:27:32 -06:00
skipNotification: boolean
2020-07-01 09:05:30 -05:00
}) {
2021-12-09 07:27:32 -06:00
const { baseAbuse, commentInstance, transaction, reporterAccount, skipNotification } = options
2020-07-01 09:05:30 -05:00
const associateFun = async (abuseInstance: MAbuseFull) => {
const commentAbuseInstance: MCommentAbuseAccountVideo = await VideoCommentAbuseModel.create({
abuseId: abuseInstance.id,
videoCommentId: commentInstance.id
}, { transaction })
commentAbuseInstance.VideoComment = commentInstance
abuseInstance.VideoCommentAbuse = commentAbuseInstance
return { isOwned: commentInstance.isOwned() }
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: commentInstance.Account,
transaction,
2021-12-09 07:27:32 -06:00
skipNotification,
2020-07-01 09:05:30 -05:00
associateFun
})
}
function createAccountAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
accountInstance: MAccountDefault
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 07:27:32 -06:00
skipNotification: boolean
2020-07-01 09:05:30 -05:00
}) {
2021-12-09 07:27:32 -06:00
const { baseAbuse, accountInstance, transaction, reporterAccount, skipNotification } = options
2020-07-01 09:05:30 -05:00
2021-08-25 09:14:11 -05:00
const associateFun = () => {
return Promise.resolve({ isOwned: accountInstance.isOwned() })
2020-07-01 09:05:30 -05:00
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: accountInstance,
transaction,
2021-12-09 07:27:32 -06:00
skipNotification,
2020-07-01 09:05:30 -05:00
associateFun
})
}
2022-09-23 04:38:18 -05:00
// ---------------------------------------------------------------------------
2019-07-18 07:28:37 -05:00
export {
2020-11-06 06:59:50 -06:00
isLocalLiveVideoAccepted,
2023-07-19 09:02:49 -05:00
isLocalVideoFileAccepted,
2019-07-18 07:28:37 -05:00
isLocalVideoThreadAccepted,
isRemoteVideoCommentAccepted,
isLocalVideoCommentReplyAccepted,
isPreImportVideoAccepted,
2020-07-01 09:05:30 -05:00
isPostImportVideoAccepted,
createAbuse,
createVideoAbuse,
createVideoCommentAbuse,
createAccountAbuse
}
// ---------------------------------------------------------------------------
async function createAbuse (options: {
base: FilteredModelAttributes<AbuseModel>
reporterAccount: MAccountDefault
flaggedAccount: MAccountLight
2022-11-15 08:00:19 -06:00
associateFun: (abuseInstance: MAbuseFull) => Promise<{ isOwned: boolean }>
2021-12-09 07:27:32 -06:00
skipNotification: boolean
2020-07-01 09:05:30 -05:00
transaction: Transaction
}) {
2021-12-09 07:27:32 -06:00
const { base, reporterAccount, flaggedAccount, associateFun, transaction, skipNotification } = options
2020-07-01 09:05:30 -05:00
const auditLogger = auditLoggerFactory('abuse')
const abuseAttributes = Object.assign({}, base, { flaggedAccountId: flaggedAccount.id })
const abuseInstance: MAbuseFull = await AbuseModel.create(abuseAttributes, { transaction })
abuseInstance.ReporterAccount = reporterAccount
abuseInstance.FlaggedAccount = flaggedAccount
const { isOwned } = await associateFun(abuseInstance)
if (isOwned === false) {
2021-06-15 02:17:19 -05:00
sendAbuse(reporterAccount.Actor, abuseInstance, abuseInstance.FlaggedAccount, transaction)
2020-07-01 09:05:30 -05:00
}
2020-07-24 08:05:51 -05:00
const abuseJSON = abuseInstance.toFormattedAdminJSON()
2020-07-01 09:05:30 -05:00
auditLogger.create(reporterAccount.Actor.getIdentifier(), new AbuseAuditView(abuseJSON))
2021-12-09 07:27:32 -06:00
if (!skipNotification) {
afterCommitIfTransaction(transaction, () => {
Notifier.Instance.notifyOnNewAbuse({
abuse: abuseJSON,
abuseInstance,
reporter: reporterAccount.Actor.getIdentifier()
})
2021-03-04 09:12:46 -06:00
})
2021-12-09 07:27:32 -06:00
}
2020-07-01 09:05:30 -05:00
logger.info('Abuse report %d created.', abuseInstance.id)
return abuseJSON
2019-07-18 07:28:37 -05:00
}