PeerTube/server/controllers/api/videos/abuse.ts

import * as express from 'express'
import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
import { logger } from '../../../helpers/logger'
import { getFormattedObjects } from '../../../helpers/utils'
import { sequelizeTypescript } from '../../../initializers'
import {
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
  ensureUserHasRight,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
  videoAbuseGetValidator,
  videoAbuseReportValidator,
  videoAbusesSortValidator,
  videoAbuseUpdateValidator
} from '../../../middlewares'
import { AccountModel } from '../../../models/account/account'
import { VideoAbuseModel } from '../../../models/video/video-abuse'
import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
import { Notifier } from '../../../lib/notifier'
import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'

const auditLogger = auditLoggerFactory('abuse')
const abuseVideoRouter = express.Router()

abuseVideoRouter.get('/abuse',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  paginationValidator,
  videoAbusesSortValidator,
  setDefaultSort,
  setDefaultPagination,
  asyncMiddleware(listVideoAbuses)
)
abuseVideoRouter.put('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseUpdateValidator),
  asyncRetryTransactionMiddleware(updateVideoAbuse)
)
abuseVideoRouter.post('/:videoId/abuse',
  authenticate,
  asyncMiddleware(videoAbuseReportValidator),
  asyncRetryTransactionMiddleware(reportVideoAbuse)
)
abuseVideoRouter.delete('/:videoId/abuse/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
  asyncMiddleware(videoAbuseGetValidator),
  asyncRetryTransactionMiddleware(deleteVideoAbuse)
)

// ---------------------------------------------------------------------------

export {
  abuseVideoRouter
}

// ---------------------------------------------------------------------------

async function listVideoAbuses (req: express.Request, res: express.Response) {
  const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)

  return res.json(getFormattedObjects(resultList.data, resultList.total))
}

async function updateVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
  if (req.body.state !== undefined) videoAbuse.state = req.body.state

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.save({ transaction: t })
  })

  // Do not send the delete to other instances, we updated OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function deleteVideoAbuse (req: express.Request, res: express.Response) {
  const videoAbuse = res.locals.videoAbuse

  await sequelizeTypescript.transaction(t => {
    return videoAbuse.destroy({ transaction: t })
  })

  // Do not send the delete to other instances, we delete OUR copy of this video abuse

  return res.type('json').status(204).end()
}

async function reportVideoAbuse (req: express.Request, res: express.Response) {
  const videoInstance = res.locals.video
  const body: VideoAbuseCreate = req.body

  const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {
    const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)

    const abuseToCreate = {
      reporterAccountId: reporterAccount.id,
      reason: body.reason,
      videoId: videoInstance.id,
      state: VideoAbuseState.PENDING
    }

    const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
    videoAbuseInstance.Video = videoInstance
    videoAbuseInstance.Account = reporterAccount

    // We send the video abuse to the origin server
    if (videoInstance.isOwned() === false) {
      await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
    }

    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))

    return videoAbuseInstance
  })

  Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)

  logger.info('Abuse report for video %s created.', videoInstance.name)

  return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
}
require -> import 2017-06-05 21:53:49 +02:00			`import * as express from 'express'`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'`
Propagate old comment on new follow 2017-12-28 11:16:08 +01:00			`import { logger } from '../../../helpers/logger'`
			`import { getFormattedObjects } from '../../../helpers/utils'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`import { sequelizeTypescript } from '../../../initializers'`
First typescript iteration 2017-05-15 22:22:03 +02:00			`import {`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`asyncMiddleware,`
			`asyncRetryTransactionMiddleware,`
			`authenticate,`
			`ensureUserHasRight,`
			`paginationValidator,`
			`setDefaultPagination,`
			`setDefaultSort,`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`videoAbuseGetValidator,`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`videoAbuseReportValidator,`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`videoAbusesSortValidator,`
			`videoAbuseUpdateValidator`
First typescript iteration 2017-05-15 22:22:03 +02:00			`} from '../../../middlewares'`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`import { AccountModel } from '../../../models/account/account'`
			`import { VideoAbuseModel } from '../../../models/video/video-abuse'`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'`
Add user notification base code 2018-12-26 10:36:24 +01:00			`import { Notifier } from '../../../lib/notifier'`
Correctly send Flag/Dislike/View activities 2019-01-15 14:52:33 +01:00			`import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'`
First typescript iteration 2017-05-15 22:22:03 +02:00
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`const auditLogger = auditLoggerFactory('abuse')`
First typescript iteration 2017-05-15 22:22:03 +02:00			`const abuseVideoRouter = express.Router()`

			`abuseVideoRouter.get('/abuse',`
			`authenticate,`
Support roles with rights and add moderator role 2017-10-27 16:55:03 +02:00			`ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),`
First typescript iteration 2017-05-15 22:22:03 +02:00			`paginationValidator,`
			`videoAbusesSortValidator,`
Set sort refractoring 2018-01-17 10:50:33 +01:00			`setDefaultSort,`
Don't show videos of remote instance after unfollow 2018-01-18 10:53:54 +01:00			`setDefaultPagination,`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`asyncMiddleware(listVideoAbuses)`
Server: split videos controller 2017-05-05 16:53:35 +02:00			`)`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`abuseVideoRouter.put('/:videoId/abuse/:id',`
			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),`
			`asyncMiddleware(videoAbuseUpdateValidator),`
			`asyncRetryTransactionMiddleware(updateVideoAbuse)`
			`)`
			`abuseVideoRouter.post('/:videoId/abuse',`
First typescript iteration 2017-05-15 22:22:03 +02:00			`authenticate,`
Refractor validators 2017-11-27 17:30:46 +01:00			`asyncMiddleware(videoAbuseReportValidator),`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00			`asyncRetryTransactionMiddleware(reportVideoAbuse)`
Server: split videos controller 2017-05-05 16:53:35 +02:00			`)`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`abuseVideoRouter.delete('/:videoId/abuse/:id',`
			`authenticate,`
			`ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),`
			`asyncMiddleware(videoAbuseGetValidator),`
			`asyncRetryTransactionMiddleware(deleteVideoAbuse)`
			`)`
Server: split videos controller 2017-05-05 16:53:35 +02:00
			`// ---------------------------------------------------------------------------`

First typescript iteration 2017-05-15 22:22:03 +02:00			`export {`
			`abuseVideoRouter`
			`}`
Server: split videos controller 2017-05-05 16:53:35 +02:00
			`// ---------------------------------------------------------------------------`

Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`async function listVideoAbuses (req: express.Request, res: express.Response) {`
Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort)`
Use async/await in controllers 2017-10-25 11:55:06 +02:00
			`return res.json(getFormattedObjects(resultList.data, resultList.total))`
Server: split videos controller 2017-05-05 16:53:35 +02:00			`}`

Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`async function updateVideoAbuse (req: express.Request, res: express.Response) {`
Cleanup express locals typings 2019-03-19 10:35:15 +01:00			`const videoAbuse = res.locals.videoAbuse`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00
			`if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment`
			`if (req.body.state !== undefined) videoAbuse.state = req.body.state`

			`await sequelizeTypescript.transaction(t => {`
			`return videoAbuse.save({ transaction: t })`
			`})`

			`// Do not send the delete to other instances, we updated OUR copy of this video abuse`

			`return res.type('json').status(204).end()`
			`}`

			`async function deleteVideoAbuse (req: express.Request, res: express.Response) {`
Cleanup express locals typings 2019-03-19 10:35:15 +01:00			`const videoAbuse = res.locals.videoAbuse`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00
			`await sequelizeTypescript.transaction(t => {`
			`return videoAbuse.destroy({ transaction: t })`
			`})`

			`// Do not send the delete to other instances, we delete OUR copy of this video abuse`

			`return res.type('json').status(204).end()`
			`}`

Use async/await in controllers 2017-10-25 11:55:06 +02:00			`async function reportVideoAbuse (req: express.Request, res: express.Response) {`
Cleanup express locals typings 2019-03-19 10:35:15 +01:00			`const videoInstance = res.locals.video`
Better typescript typing for a better world 2017-07-10 19:43:21 +02:00			`const body: VideoAbuseCreate = req.body`
Server: split videos controller 2017-05-05 16:53:35 +02:00
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => {`
Cleanup express locals typings 2019-03-19 10:35:15 +01:00			`const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00
			`const abuseToCreate = {`
			`reporterAccountId: reporterAccount.id,`
			`reason: body.reason,`
			`videoId: videoInstance.id,`
			`state: VideoAbuseState.PENDING`
			`}`

Move models to typescript-sequelize 2017-12-12 17:53:50 +01:00			`const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })`
Federate video abuses 2017-11-16 17:04:19 +01:00			`videoAbuseInstance.Video = videoInstance`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`videoAbuseInstance.Account = reporterAccount`
Add video abuse to activity pub 2017-11-15 15:12:23 +01:00
			`// We send the video abuse to the origin server`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`if (videoInstance.isOwned() === false) {`
Add gitlab ci support 2019-07-29 11:59:29 +02:00			`await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)`
Use async/await in controllers 2017-10-25 11:55:06 +02:00			`}`

Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))`
Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00
			`return videoAbuseInstance`
Add audit logs in various modules - Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config 2018-07-31 14:04:26 +02:00			`})`
Refractor retry transaction function 2018-06-13 14:27:40 +02:00
Add gitlab ci support 2019-07-29 11:59:29 +02:00			`Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)`

Add state and moderationComment for abuses on server side 2018-08-10 16:54:01 +02:00			`logger.info('Abuse report for video %s created.', videoInstance.name)`
Limit associations fetch when loading token 2018-09-20 10:13:13 +02:00
			`return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()`
Server: split videos controller 2017-05-05 16:53:35 +02:00			`}`