peertube/server/middlewares/validators/abuse.ts

import * as express from 'express'
import { body, param, query } from 'express-validator'
import {
  isAbuseFilterValid,
  isAbuseModerationCommentValid,
  isAbusePredefinedReasonsValid,
  isAbusePredefinedReasonValid,
  isAbuseReasonValid,
  isAbuseStateValid,
  isAbuseTimestampCoherent,
  isAbuseTimestampValid,
  isAbuseVideoIsValid
} from '@server/helpers/custom-validators/abuses'
import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'
import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'
import { logger } from '@server/helpers/logger'
import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'
import { AbuseCreate } from '@shared/models'
import { areValidationErrors } from './utils'

const abuseReportValidator = [
  body('account.id')
    .optional()
    .custom(isIdValid)
    .withMessage('Should have a valid accountId'),

  body('video.id')
    .optional()
    .custom(isIdOrUUIDValid)
    .withMessage('Should have a valid videoId'),
  body('video.startAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid starting time value'),
  body('video.endAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid ending time value')
    .bail()
    .custom(isAbuseTimestampCoherent)
    .withMessage('Should have a startAt timestamp beginning before endAt'),

  body('comment.id')
    .optional()
    .custom(isIdValid)
    .withMessage('Should have a valid commentId'),

  body('reason')
    .custom(isAbuseReasonValid)
    .withMessage('Should have a valid reason'),

  body('predefinedReasons')
    .optional()
    .custom(isAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseReport parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    const body: AbuseCreate = req.body

    if (body.video?.id && !await doesVideoExist(body.video.id, res)) return
    if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return
    if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return

    if (!body.video?.id && !body.account?.id && !body.comment?.id) {
      res.status(400)
        .json({ error: 'video id or account id or comment id is required.' })

      return
    }

    return next()
  }
]

const abuseGetValidator = [
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAbuseExist(req.params.id, res)) return

    return next()
  }
]

const abuseUpdateValidator = [
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  body('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),
  body('moderationComment')
    .optional()
    .custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesAbuseExist(req.params.id, res)) return

    return next()
  }
]

const abuseListValidator = [
  query('id')
    .optional()
    .custom(isIdValid).withMessage('Should have a valid id'),
  query('filter')
    .optional()
    .custom(isAbuseFilterValid)
    .withMessage('Should have a valid filter'),
  query('predefinedReason')
    .optional()
    .custom(isAbusePredefinedReasonValid)
    .withMessage('Should have a valid predefinedReason'),
  query('search')
    .optional()
    .custom(exists).withMessage('Should have a valid search'),
  query('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  query('videoIs')
    .optional()
    .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
  query('searchReporter')
    .optional()
    .custom(exists).withMessage('Should have a valid reporter search'),
  query('searchReportee')
    .optional()
    .custom(exists).withMessage('Should have a valid reportee search'),
  query('searchVideo')
    .optional()
    .custom(exists).withMessage('Should have a valid video search'),
  query('searchVideoChannel')
    .optional()
    .custom(exists).withMessage('Should have a valid video channel search'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking abuseListValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// FIXME: deprecated in 2.3. Remove these validators

const videoAbuseReportValidator = [
  param('videoId')
    .custom(isIdOrUUIDValid)
    .not()
    .isEmpty()
    .withMessage('Should have a valid videoId'),
  body('reason')
    .custom(isAbuseReasonValid)
    .withMessage('Should have a valid reason'),
  body('predefinedReasons')
    .optional()
    .custom(isAbusePredefinedReasonsValid)
    .withMessage('Should have a valid list of predefined reasons'),
  body('startAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid starting time value'),
  body('endAt')
    .optional()
    .customSanitizer(toIntOrNull)
    .custom(isAbuseTimestampValid)
    .withMessage('Should have valid ending time value'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoExist(req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseGetValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseUpdateValidator = [
  param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
  param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),
  body('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  body('moderationComment')
    .optional()
    .custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),

  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return
    if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return

    return next()
  }
]

const videoAbuseListValidator = [
  query('id')
    .optional()
    .custom(isIdValid).withMessage('Should have a valid id'),
  query('predefinedReason')
    .optional()
    .custom(isAbusePredefinedReasonValid)
    .withMessage('Should have a valid predefinedReason'),
  query('search')
    .optional()
    .custom(exists).withMessage('Should have a valid search'),
  query('state')
    .optional()
    .custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),
  query('videoIs')
    .optional()
    .custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),
  query('searchReporter')
    .optional()
    .custom(exists).withMessage('Should have a valid reporter search'),
  query('searchReportee')
    .optional()
    .custom(exists).withMessage('Should have a valid reportee search'),
  query('searchVideo')
    .optional()
    .custom(exists).withMessage('Should have a valid video search'),
  query('searchVideoChannel')
    .optional()
    .custom(exists).withMessage('Should have a valid video channel search'),

  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body })

    if (areValidationErrors(req, res)) return

    return next()
  }
]

// ---------------------------------------------------------------------------

export {
  abuseListValidator,
  abuseReportValidator,
  abuseGetValidator,
  abuseUpdateValidator,
  videoAbuseReportValidator,
  videoAbuseGetValidator,
  videoAbuseUpdateValidator,
  videoAbuseListValidator
}
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`import * as express from 'express'`
			`import { body, param, query } from 'express-validator'`
			`import {`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`isAbuseFilterValid,`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`isAbuseModerationCommentValid,`
			`isAbusePredefinedReasonsValid,`
			`isAbusePredefinedReasonValid,`
			`isAbuseReasonValid,`
			`isAbuseStateValid,`
			`isAbuseTimestampCoherent,`
			`isAbuseTimestampValid,`
			`isAbuseVideoIsValid`
			`} from '@server/helpers/custom-validators/abuses'`
			`import { exists, isIdOrUUIDValid, isIdValid, toIntOrNull } from '@server/helpers/custom-validators/misc'`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`import { doesCommentIdExist } from '@server/helpers/custom-validators/video-comments'`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`import { logger } from '@server/helpers/logger'`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`import { doesAbuseExist, doesAccountIdExist, doesVideoAbuseExist, doesVideoExist } from '@server/helpers/middlewares'`
			`import { AbuseCreate } from '@shared/models'`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`import { areValidationErrors } from './utils'`

			`const abuseReportValidator = [`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`body('account.id')`
			`.optional()`
			`.custom(isIdValid)`
			`.withMessage('Should have a valid accountId'),`

			`body('video.id')`
			`.optional()`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`.custom(isIdOrUUIDValid)`
			`.withMessage('Should have a valid videoId'),`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`body('video.startAt')`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`.optional()`
			`.customSanitizer(toIntOrNull)`
			`.custom(isAbuseTimestampValid)`
			`.withMessage('Should have valid starting time value'),`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`body('video.endAt')`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`.optional()`
			`.customSanitizer(toIntOrNull)`
			`.custom(isAbuseTimestampValid)`
			`.withMessage('Should have valid ending time value')`
			`.bail()`
			`.custom(isAbuseTimestampCoherent)`
			`.withMessage('Should have a startAt timestamp beginning before endAt'),`

Implement abuses check params 2020-07-07 04:57:04 -04:00			`body('comment.id')`
			`.optional()`
			`.custom(isIdValid)`
			`.withMessage('Should have a valid commentId'),`

			`body('reason')`
			`.custom(isAbuseReasonValid)`
			`.withMessage('Should have a valid reason'),`

			`body('predefinedReasons')`
			`.optional()`
			`.custom(isAbusePredefinedReasonsValid)`
			`.withMessage('Should have a valid list of predefined reasons'),`

Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking abuseReport parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`

Implement abuses check params 2020-07-07 04:57:04 -04:00			`const body: AbuseCreate = req.body`

			`if (body.video?.id && !await doesVideoExist(body.video.id, res)) return`
			`if (body.account?.id && !await doesAccountIdExist(body.account.id, res)) return`
			`if (body.comment?.id && !await doesCommentIdExist(body.comment.id, res)) return`

			`if (!body.video?.id && !body.account?.id && !body.comment?.id) {`
			`res.status(400)`
			`.json({ error: 'video id or account id or comment id is required.' })`

			`return`
			`}`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00
			`return next()`
			`}`
			`]`

			`const abuseGetValidator = [`
			`param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),`

			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking abuseGetValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`if (!await doesAbuseExist(req.params.id, res)) return`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00
			`return next()`
			`}`
			`]`

			`const abuseUpdateValidator = [`
			`param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),`
Implement abuses check params 2020-07-07 04:57:04 -04:00
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`body('state')`
			`.optional()`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`.custom(isAbuseStateValid).withMessage('Should have a valid abuse state'),`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`body('moderationComment')`
			`.optional()`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`.custom(isAbuseModerationCommentValid).withMessage('Should have a valid moderation comment'),`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00
			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking abuseUpdateValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`if (!await doesAbuseExist(req.params.id, res)) return`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00
			`return next()`
			`}`
			`]`

			`const abuseListValidator = [`
			`query('id')`
			`.optional()`
			`.custom(isIdValid).withMessage('Should have a valid id'),`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`query('filter')`
			`.optional()`
			`.custom(isAbuseFilterValid)`
			`.withMessage('Should have a valid filter'),`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00			`query('predefinedReason')`
			`.optional()`
			`.custom(isAbusePredefinedReasonValid)`
			`.withMessage('Should have a valid predefinedReason'),`
			`query('search')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid search'),`
			`query('state')`
			`.optional()`
			`.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),`
			`query('videoIs')`
			`.optional()`
			`.custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),`
			`query('searchReporter')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid reporter search'),`
			`query('searchReportee')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid reportee search'),`
			`query('searchVideo')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid video search'),`
			`query('searchVideoChannel')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid video channel search'),`

			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking abuseListValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`

			`return next()`
			`}`
			`]`

			`// FIXME: deprecated in 2.3. Remove these validators`

			`const videoAbuseReportValidator = [`
			`param('videoId')`
			`.custom(isIdOrUUIDValid)`
			`.not()`
			`.isEmpty()`
			`.withMessage('Should have a valid videoId'),`
			`body('reason')`
			`.custom(isAbuseReasonValid)`
			`.withMessage('Should have a valid reason'),`
			`body('predefinedReasons')`
			`.optional()`
			`.custom(isAbusePredefinedReasonsValid)`
			`.withMessage('Should have a valid list of predefined reasons'),`
			`body('startAt')`
			`.optional()`
			`.customSanitizer(toIntOrNull)`
			`.custom(isAbuseTimestampValid)`
			`.withMessage('Should have valid starting time value'),`
			`body('endAt')`
			`.optional()`
			`.customSanitizer(toIntOrNull)`
			`.custom(isAbuseTimestampValid)`
Implement abuses check params 2020-07-07 04:57:04 -04:00			`.withMessage('Should have valid ending time value'),`
Use 3 tables to represent abuses 2020-07-01 10:05:30 -04:00
			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking videoAbuseReport parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
			`if (!await doesVideoExist(req.params.videoId, res)) return`

			`return next()`
			`}`
			`]`

			`const videoAbuseGetValidator = [`
			`param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),`
			`param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),`

			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking videoAbuseGetValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
			`if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return`

			`return next()`
			`}`
			`]`

			`const videoAbuseUpdateValidator = [`
			`param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),`
			`param('id').custom(isIdValid).not().isEmpty().withMessage('Should have a valid id'),`
			`body('state')`
			`.optional()`
			`.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),`
			`body('moderationComment')`
			`.optional()`
			`.custom(isAbuseModerationCommentValid).withMessage('Should have a valid video moderation comment'),`

			`async (req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking videoAbuseUpdateValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`
			`if (!await doesVideoAbuseExist(req.params.id, req.params.videoId, res)) return`

			`return next()`
			`}`
			`]`

			`const videoAbuseListValidator = [`
			`query('id')`
			`.optional()`
			`.custom(isIdValid).withMessage('Should have a valid id'),`
			`query('predefinedReason')`
			`.optional()`
			`.custom(isAbusePredefinedReasonValid)`
			`.withMessage('Should have a valid predefinedReason'),`
			`query('search')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid search'),`
			`query('state')`
			`.optional()`
			`.custom(isAbuseStateValid).withMessage('Should have a valid video abuse state'),`
			`query('videoIs')`
			`.optional()`
			`.custom(isAbuseVideoIsValid).withMessage('Should have a valid "video is" attribute'),`
			`query('searchReporter')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid reporter search'),`
			`query('searchReportee')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid reportee search'),`
			`query('searchVideo')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid video search'),`
			`query('searchVideoChannel')`
			`.optional()`
			`.custom(exists).withMessage('Should have a valid video channel search'),`

			`(req: express.Request, res: express.Response, next: express.NextFunction) => {`
			`logger.debug('Checking videoAbuseListValidator parameters', { parameters: req.body })`

			`if (areValidationErrors(req, res)) return`

			`return next()`
			`}`
			`]`

			`// ---------------------------------------------------------------------------`

			`export {`
			`abuseListValidator,`
			`abuseReportValidator,`
			`abuseGetValidator,`
			`abuseUpdateValidator,`
			`videoAbuseReportValidator,`
			`videoAbuseGetValidator,`
			`videoAbuseUpdateValidator,`
			`videoAbuseListValidator`
			`}`