import * as express from 'express'
-import { waterfall } from 'async'
-
-import { database as db } from '../../../initializers/database'
-import * as friends from '../../../lib/friends'
-import {
- logger,
- getFormatedObjects,
- retryTransactionWrapper,
- startSerializableTransaction,
- commitTransaction,
- rollbackTransaction
-} from '../../../helpers'
+import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared'
+import { logger } from '../../../helpers/logger'
+import { getFormattedObjects } from '../../../helpers/utils'
+import { sequelizeTypescript } from '../../../initializers'
import {
+ asyncMiddleware,
+ asyncRetryTransactionMiddleware,
authenticate,
- ensureIsAdmin,
+ ensureUserHasRight,
paginationValidator,
+ setDefaultPagination,
+ setDefaultSort,
+ videoAbuseGetValidator,
videoAbuseReportValidator,
videoAbusesSortValidator,
- setVideoAbusesSort,
- setPagination
+ videoAbuseUpdateValidator,
+ videoAbuseListValidator
} from '../../../middlewares'
-
+import { AccountModel } from '../../../models/account/account'
+import { VideoAbuseModel } from '../../../models/video/video-abuse'
+import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
+import { Notifier } from '../../../lib/notifier'
+import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag'
+import { MVideoAbuseAccountVideo } from '../../../typings/models/video'
+import { getServerActor } from '@server/models/application/application'
+
+const auditLogger = auditLoggerFactory('abuse')
const abuseVideoRouter = express.Router()
abuseVideoRouter.get('/abuse',
authenticate,
- ensureIsAdmin,
+ ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
paginationValidator,
videoAbusesSortValidator,
- setVideoAbusesSort,
- setPagination,
- listVideoAbuses
+ setDefaultSort,
+ setDefaultPagination,
+ videoAbuseListValidator,
+ asyncMiddleware(listVideoAbuses)
)
-abuseVideoRouter.post('/:id/abuse',
+abuseVideoRouter.put('/:videoId/abuse/:id',
authenticate,
- videoAbuseReportValidator,
- reportVideoAbuseRetryWrapper
+ ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+ asyncMiddleware(videoAbuseUpdateValidator),
+ asyncRetryTransactionMiddleware(updateVideoAbuse)
+)
+abuseVideoRouter.post('/:videoId/abuse',
+ authenticate,
+ asyncMiddleware(videoAbuseReportValidator),
+ asyncRetryTransactionMiddleware(reportVideoAbuse)
+)
+abuseVideoRouter.delete('/:videoId/abuse/:id',
+ authenticate,
+ ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES),
+ asyncMiddleware(videoAbuseGetValidator),
+ asyncRetryTransactionMiddleware(deleteVideoAbuse)
)
// ---------------------------------------------------------------------------
// ---------------------------------------------------------------------------
-function listVideoAbuses (req, res, next) {
- db.VideoAbuse.listForApi(req.query.start, req.query.count, req.query.sort, function (err, abusesList, abusesTotal) {
- if (err) return next(err)
-
- res.json(getFormatedObjects(abusesList, abusesTotal))
+async function listVideoAbuses (req: express.Request, res: express.Response) {
+ const user = res.locals.oauth.token.user
+ const serverActor = await getServerActor()
+
+ const resultList = await VideoAbuseModel.listForApi({
+ start: req.query.start,
+ count: req.query.count,
+ sort: req.query.sort,
+ id: req.query.id,
+ search: req.query.search,
+ state: req.query.state,
+ videoIs: req.query.videoIs,
+ searchReporter: req.query.searchReporter,
+ searchReportee: req.query.searchReportee,
+ searchVideo: req.query.searchVideo,
+ searchVideoChannel: req.query.searchVideoChannel,
+ serverAccountId: serverActor.Account.id,
+ user
})
+
+ return res.json(getFormattedObjects(resultList.data, resultList.total))
}
-function reportVideoAbuseRetryWrapper (req, res, next) {
- const options = {
- arguments: [ req, res ],
- errorMessage: 'Cannot report abuse to the video with many retries.'
- }
+async function updateVideoAbuse (req: express.Request, res: express.Response) {
+ const videoAbuse = res.locals.videoAbuse
- retryTransactionWrapper(reportVideoAbuse, options, function (err) {
- if (err) return next(err)
+ if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment
+ if (req.body.state !== undefined) videoAbuse.state = req.body.state
- return res.type('json').status(204).end()
+ await sequelizeTypescript.transaction(t => {
+ return videoAbuse.save({ transaction: t })
})
-}
-function reportVideoAbuse (req, res, finalCallback) {
- const videoInstance = res.locals.video
- const reporterUsername = res.locals.oauth.token.User.username
+ // Do not send the delete to other instances, we updated OUR copy of this video abuse
- const abuse = {
- reporterUsername,
- reason: req.body.reason,
- videoId: videoInstance.id,
- reporterPodId: null // This is our pod that reported this abuse
- }
+ return res.type('json').status(204).end()
+}
- waterfall([
+async function deleteVideoAbuse (req: express.Request, res: express.Response) {
+ const videoAbuse = res.locals.videoAbuse
- startSerializableTransaction,
+ await sequelizeTypescript.transaction(t => {
+ return videoAbuse.destroy({ transaction: t })
+ })
- function createAbuse (t, callback) {
- db.VideoAbuse.create(abuse).asCallback(function (err, abuse) {
- return callback(err, t, abuse)
- })
- },
+ // Do not send the delete to other instances, we delete OUR copy of this video abuse
+
+ return res.type('json').status(204).end()
+}
- function sendToFriendsIfNeeded (t, abuse, callback) {
- // We send the information to the destination pod
- if (videoInstance.isOwned() === false) {
- const reportData = {
- reporterUsername,
- reportReason: abuse.reason,
- videoRemoteId: videoInstance.remoteId
- }
+async function reportVideoAbuse (req: express.Request, res: express.Response) {
+ const videoInstance = res.locals.videoAll
+ const body: VideoAbuseCreate = req.body
- friends.reportAbuseVideoToFriend(reportData, videoInstance)
- }
+ const videoAbuse = await sequelizeTypescript.transaction(async t => {
+ const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t)
- return callback(null, t)
- },
+ const abuseToCreate = {
+ reporterAccountId: reporterAccount.id,
+ reason: body.reason,
+ videoId: videoInstance.id,
+ state: VideoAbuseState.PENDING
+ }
- commitTransaction
+ const videoAbuseInstance: MVideoAbuseAccountVideo = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
+ videoAbuseInstance.Video = videoInstance
+ videoAbuseInstance.Account = reporterAccount
- ], function andFinally (err, t) {
- if (err) {
- logger.debug('Cannot update the video.', { error: err })
- return rollbackTransaction(err, t, finalCallback)
+ // We send the video abuse to the origin server
+ if (videoInstance.isOwned() === false) {
+ await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
}
- logger.info('Abuse report for video %s created.', videoInstance.name)
- return finalCallback(null)
+ auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
+
+ return videoAbuseInstance
})
+
+ Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse)
+
+ logger.info('Abuse report for video %s created.', videoInstance.name)
+
+ return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end()
}