PeerTube/server/lib/moderation.ts

259 lines
7.6 KiB
TypeScript
Raw Normal View History

2022-09-23 15:32:56 +02:00
import express, { VideoUploadFile } from 'express'
2020-07-01 16:05:30 +02:00
import { PathLike } from 'fs-extra'
import { Transaction } from 'sequelize/types'
import { AbuseAuditView, auditLoggerFactory } from '@server/helpers/audit-logger'
Resumable video uploads (#3933) * WIP: resumable video uploads relates to #324 * fix review comments * video upload: error handling * fix audio upload * fixes after self review * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/middlewares/validators/videos/videos.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * update after code review * refactor upload route - restore multipart upload route - move resumable to dedicated upload-resumable route - move checks to middleware - do not leak internal fs structure in response * fix yarn.lock upon rebase * factorize addVideo for reuse in both endpoints * add resumable upload API to openapi spec * add initial test and test helper for resumable upload * typings for videoAddResumable middleware * avoid including aws and google packages via node-uploadx, by only including uploadx/core * rename ex-isAudioBg to more explicit name mentioning it is a preview file for audio * add video-upload-tmp-folder-cleaner job * stronger typing of video upload middleware * reduce dependency to @uploadx/core * add audio upload test * refactor resumable uploads cleanup from job to scheduler * refactor resumable uploads scheduler to compare to last execution time * make resumable upload validator to always cleanup on failure * move legacy upload request building outside of uploadVideo test helper * filter upload-resumable middlewares down to POST, PUT, DELETE also begin to type metadata * merge add duration functions * stronger typings and documentation for uploadx behaviour, move init validator up * refactor(client/video-edit): options > uploadxOptions * refactor(client/video-edit): remove obsolete else * scheduler/remove-dangling-resum: rename tag * refactor(server/video): add UploadVideoFiles type * refactor(mw/validators): restructure eslint disable * refactor(mw/validators/videos): rename import * refactor(client/vid-upload): rename html elem id * refactor(sched/remove-dangl): move fn to method * refactor(mw/async): add method typing * refactor(mw/vali/video): double quote > single * refactor(server/upload-resum): express use > all * proper http methud enum server/middlewares/async.ts * properly type http methods * factorize common video upload validation steps * add check for maximum partially uploaded file size * fix audioBg use * fix extname(filename) in addVideo * document parameters for uploadx's resumable protocol * clear META files in scheduler * last audio refactor before cramming preview in the initial POST form data * refactor as mulitpart/form-data initial post request this allows preview/thumbnail uploads alongside the initial request, and cleans up the upload form * Add more tests for resumable uploads * Refactor remove dangling resumable uploads * Prepare changelog * Add more resumable upload tests * Remove user quota check for resumable uploads * Fix upload error handler * Update nginx template for upload-resumable * Cleanup comment * Remove unused express methods * Prefer to use got instead of raw http * Don't retry on error 500 Co-authored-by: Rigel Kent <par@rigelk.eu> Co-authored-by: Rigel Kent <sendmemail@rigelk.eu> Co-authored-by: Chocobozzz <me@florianbigard.com>
2021-05-10 11:13:41 +02:00
import { afterCommitIfTransaction } from '@server/helpers/database-utils'
2020-07-01 16:05:30 +02:00
import { logger } from '@server/helpers/logger'
import { AbuseModel } from '@server/models/abuse/abuse'
import { VideoAbuseModel } from '@server/models/abuse/video-abuse'
import { VideoCommentAbuseModel } from '@server/models/abuse/video-comment-abuse'
import { VideoFileModel } from '@server/models/video/video-file'
import { FilteredModelAttributes } from '@server/types'
import {
MAbuseFull,
MAccountDefault,
MAccountLight,
2022-09-23 11:38:18 +02:00
MComment,
2020-07-01 16:05:30 +02:00
MCommentAbuseAccountVideo,
MCommentOwnerVideo,
MUser,
MVideoAbuseVideoFull,
MVideoAccountLightBlacklistAllFiles
} from '@server/types/models'
2020-11-06 13:59:50 +01:00
import { LiveVideoCreate, VideoCreate, VideoImportCreate } from '../../shared/models/videos'
2021-07-09 14:15:11 +02:00
import { VideoCommentCreate } from '../../shared/models/videos/comment'
2021-05-11 11:27:40 +02:00
import { UserModel } from '../models/user/user'
2020-07-01 16:05:30 +02:00
import { VideoModel } from '../models/video/video'
import { VideoCommentModel } from '../models/video/video-comment'
import { sendAbuse } from './activitypub/send/send-flag'
import { Notifier } from './notifier'
2019-07-18 14:28:37 +02:00
export type AcceptResult = {
accepted: boolean
errorMessage?: string
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2023-07-19 16:02:49 +02:00
function isLocalVideoFileAccepted (object: {
2020-01-31 16:56:52 +01:00
videoBody: VideoCreate
Resumable video uploads (#3933) * WIP: resumable video uploads relates to #324 * fix review comments * video upload: error handling * fix audio upload * fixes after self review * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/middlewares/validators/videos/videos.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * Update server/controllers/api/videos/index.ts Co-authored-by: Rigel Kent <par@rigelk.eu> * update after code review * refactor upload route - restore multipart upload route - move resumable to dedicated upload-resumable route - move checks to middleware - do not leak internal fs structure in response * fix yarn.lock upon rebase * factorize addVideo for reuse in both endpoints * add resumable upload API to openapi spec * add initial test and test helper for resumable upload * typings for videoAddResumable middleware * avoid including aws and google packages via node-uploadx, by only including uploadx/core * rename ex-isAudioBg to more explicit name mentioning it is a preview file for audio * add video-upload-tmp-folder-cleaner job * stronger typing of video upload middleware * reduce dependency to @uploadx/core * add audio upload test * refactor resumable uploads cleanup from job to scheduler * refactor resumable uploads scheduler to compare to last execution time * make resumable upload validator to always cleanup on failure * move legacy upload request building outside of uploadVideo test helper * filter upload-resumable middlewares down to POST, PUT, DELETE also begin to type metadata * merge add duration functions * stronger typings and documentation for uploadx behaviour, move init validator up * refactor(client/video-edit): options > uploadxOptions * refactor(client/video-edit): remove obsolete else * scheduler/remove-dangling-resum: rename tag * refactor(server/video): add UploadVideoFiles type * refactor(mw/validators): restructure eslint disable * refactor(mw/validators/videos): rename import * refactor(client/vid-upload): rename html elem id * refactor(sched/remove-dangl): move fn to method * refactor(mw/async): add method typing * refactor(mw/vali/video): double quote > single * refactor(server/upload-resum): express use > all * proper http methud enum server/middlewares/async.ts * properly type http methods * factorize common video upload validation steps * add check for maximum partially uploaded file size * fix audioBg use * fix extname(filename) in addVideo * document parameters for uploadx's resumable protocol * clear META files in scheduler * last audio refactor before cramming preview in the initial POST form data * refactor as mulitpart/form-data initial post request this allows preview/thumbnail uploads alongside the initial request, and cleans up the upload form * Add more tests for resumable uploads * Refactor remove dangling resumable uploads * Prepare changelog * Add more resumable upload tests * Remove user quota check for resumable uploads * Fix upload error handler * Update nginx template for upload-resumable * Cleanup comment * Remove unused express methods * Prefer to use got instead of raw http * Don't retry on error 500 Co-authored-by: Rigel Kent <par@rigelk.eu> Co-authored-by: Rigel Kent <sendmemail@rigelk.eu> Co-authored-by: Chocobozzz <me@florianbigard.com>
2021-05-10 11:13:41 +02:00
videoFile: VideoUploadFile
2019-07-18 14:28:37 +02:00
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2020-11-06 13:59:50 +01:00
function isLocalLiveVideoAccepted (object: {
liveVideoBody: LiveVideoCreate
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
2019-07-18 14:28:37 +02:00
function isLocalVideoThreadAccepted (_object: {
2022-09-23 15:32:56 +02:00
req: express.Request
2020-01-31 16:56:52 +01:00
commentBody: VideoCommentCreate
video: VideoModel
2019-07-18 14:28:37 +02:00
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// Stub function that can be filtered by plugins
2019-07-18 14:28:37 +02:00
function isLocalVideoCommentReplyAccepted (_object: {
2022-09-23 15:32:56 +02:00
req: express.Request
2020-01-31 16:56:52 +01:00
commentBody: VideoCommentCreate
parentComment: VideoCommentModel
video: VideoModel
2019-07-18 14:28:37 +02:00
user: UserModel
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
2019-07-18 14:28:37 +02:00
2022-09-23 11:38:18 +02:00
// Stub function that can be filtered by plugins
2019-07-18 14:28:37 +02:00
function isRemoteVideoCommentAccepted (_object: {
2022-09-23 11:38:18 +02:00
comment: MComment
2019-07-18 14:28:37 +02:00
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
// Stub function that can be filtered by plugins
function isPreImportVideoAccepted (object: {
videoImportBody: VideoImportCreate
user: MUser
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// Stub function that can be filtered by plugins
function isPostImportVideoAccepted (object: {
videoFilePath: PathLike
videoFile: VideoFileModel
user: MUser
}): AcceptResult {
return { accepted: true }
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
2020-07-01 16:05:30 +02:00
async function createVideoAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
videoInstance: MVideoAccountLightBlacklistAllFiles
startAt: number
endAt: number
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 14:27:32 +01:00
skipNotification: boolean
2020-07-01 16:05:30 +02:00
}) {
2021-12-09 14:27:32 +01:00
const { baseAbuse, videoInstance, startAt, endAt, transaction, reporterAccount, skipNotification } = options
2020-07-01 16:05:30 +02:00
const associateFun = async (abuseInstance: MAbuseFull) => {
const videoAbuseInstance: MVideoAbuseVideoFull = await VideoAbuseModel.create({
abuseId: abuseInstance.id,
videoId: videoInstance.id,
2022-07-13 11:58:01 +02:00
startAt,
endAt
2020-07-01 16:05:30 +02:00
}, { transaction })
videoAbuseInstance.Video = videoInstance
abuseInstance.VideoAbuse = videoAbuseInstance
return { isOwned: videoInstance.isOwned() }
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: videoInstance.VideoChannel.Account,
transaction,
2021-12-09 14:27:32 +01:00
skipNotification,
2020-07-01 16:05:30 +02:00
associateFun
})
}
function createVideoCommentAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
commentInstance: MCommentOwnerVideo
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 14:27:32 +01:00
skipNotification: boolean
2020-07-01 16:05:30 +02:00
}) {
2021-12-09 14:27:32 +01:00
const { baseAbuse, commentInstance, transaction, reporterAccount, skipNotification } = options
2020-07-01 16:05:30 +02:00
const associateFun = async (abuseInstance: MAbuseFull) => {
const commentAbuseInstance: MCommentAbuseAccountVideo = await VideoCommentAbuseModel.create({
abuseId: abuseInstance.id,
videoCommentId: commentInstance.id
}, { transaction })
commentAbuseInstance.VideoComment = commentInstance
abuseInstance.VideoCommentAbuse = commentAbuseInstance
return { isOwned: commentInstance.isOwned() }
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: commentInstance.Account,
transaction,
2021-12-09 14:27:32 +01:00
skipNotification,
2020-07-01 16:05:30 +02:00
associateFun
})
}
function createAccountAbuse (options: {
baseAbuse: FilteredModelAttributes<AbuseModel>
accountInstance: MAccountDefault
transaction: Transaction
reporterAccount: MAccountDefault
2021-12-09 14:27:32 +01:00
skipNotification: boolean
2020-07-01 16:05:30 +02:00
}) {
2021-12-09 14:27:32 +01:00
const { baseAbuse, accountInstance, transaction, reporterAccount, skipNotification } = options
2020-07-01 16:05:30 +02:00
2021-08-25 16:14:11 +02:00
const associateFun = () => {
return Promise.resolve({ isOwned: accountInstance.isOwned() })
2020-07-01 16:05:30 +02:00
}
return createAbuse({
base: baseAbuse,
reporterAccount,
flaggedAccount: accountInstance,
transaction,
2021-12-09 14:27:32 +01:00
skipNotification,
2020-07-01 16:05:30 +02:00
associateFun
})
}
2022-09-23 11:38:18 +02:00
// ---------------------------------------------------------------------------
2019-07-18 14:28:37 +02:00
export {
2020-11-06 13:59:50 +01:00
isLocalLiveVideoAccepted,
2023-07-19 16:02:49 +02:00
isLocalVideoFileAccepted,
2019-07-18 14:28:37 +02:00
isLocalVideoThreadAccepted,
isRemoteVideoCommentAccepted,
isLocalVideoCommentReplyAccepted,
isPreImportVideoAccepted,
2020-07-01 16:05:30 +02:00
isPostImportVideoAccepted,
createAbuse,
createVideoAbuse,
createVideoCommentAbuse,
createAccountAbuse
}
// ---------------------------------------------------------------------------
async function createAbuse (options: {
base: FilteredModelAttributes<AbuseModel>
reporterAccount: MAccountDefault
flaggedAccount: MAccountLight
2022-11-15 15:00:19 +01:00
associateFun: (abuseInstance: MAbuseFull) => Promise<{ isOwned: boolean }>
2021-12-09 14:27:32 +01:00
skipNotification: boolean
2020-07-01 16:05:30 +02:00
transaction: Transaction
}) {
2021-12-09 14:27:32 +01:00
const { base, reporterAccount, flaggedAccount, associateFun, transaction, skipNotification } = options
2020-07-01 16:05:30 +02:00
const auditLogger = auditLoggerFactory('abuse')
const abuseAttributes = Object.assign({}, base, { flaggedAccountId: flaggedAccount.id })
const abuseInstance: MAbuseFull = await AbuseModel.create(abuseAttributes, { transaction })
abuseInstance.ReporterAccount = reporterAccount
abuseInstance.FlaggedAccount = flaggedAccount
const { isOwned } = await associateFun(abuseInstance)
if (isOwned === false) {
2021-06-15 09:17:19 +02:00
sendAbuse(reporterAccount.Actor, abuseInstance, abuseInstance.FlaggedAccount, transaction)
2020-07-01 16:05:30 +02:00
}
2020-07-24 15:05:51 +02:00
const abuseJSON = abuseInstance.toFormattedAdminJSON()
2020-07-01 16:05:30 +02:00
auditLogger.create(reporterAccount.Actor.getIdentifier(), new AbuseAuditView(abuseJSON))
2021-12-09 14:27:32 +01:00
if (!skipNotification) {
afterCommitIfTransaction(transaction, () => {
Notifier.Instance.notifyOnNewAbuse({
abuse: abuseJSON,
abuseInstance,
reporter: reporterAccount.Actor.getIdentifier()
})
2021-03-04 16:12:46 +01:00
})
2021-12-09 14:27:32 +01:00
}
2020-07-01 16:05:30 +02:00
logger.info('Abuse report %d created.', abuseInstance.id)
return abuseJSON
2019-07-18 14:28:37 +02:00
}