AdminReportController.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573
  1. <?php
  2. namespace App\Http\Controllers\Admin;
  3. use Cache;
  4. use Carbon\Carbon;
  5. use Illuminate\Http\Request;
  6. use Illuminate\Support\Facades\Redis;
  7. use App\Services\AccountService;
  8. use App\Services\StatusService;
  9. use App\{
  10. AccountInterstitial,
  11. Contact,
  12. Hashtag,
  13. Newsroom,
  14. OauthClient,
  15. Profile,
  16. Report,
  17. Status,
  18. Story,
  19. User
  20. };
  21. use Illuminate\Validation\Rule;
  22. use App\Services\StoryService;
  23. use App\Services\ModLogService;
  24. use App\Jobs\DeletePipeline\DeleteAccountPipeline;
  25. trait AdminReportController
  26. {
  27. public function reports(Request $request)
  28. {
  29. $filter = $request->input('filter') == 'closed' ? 'closed' : 'open';
  30. $page = $request->input('page') ?? 1;
  31. $ai = Cache::remember('admin-dash:reports:ai-count', 3600, function() {
  32. return AccountInterstitial::whereNotNull('appeal_requested_at')->whereNull('appeal_handled_at')->count();
  33. });
  34. $spam = Cache::remember('admin-dash:reports:spam-count', 3600, function() {
  35. return AccountInterstitial::whereType('post.autospam')->whereNull('appeal_handled_at')->count();
  36. });
  37. $mailVerifications = Redis::scard('email:manual');
  38. if($filter == 'open' && $page == 1) {
  39. $reports = Cache::remember('admin-dash:reports:list-cache', 300, function() use($page, $filter) {
  40. return Report::whereHas('status')
  41. ->whereHas('reportedUser')
  42. ->whereHas('reporter')
  43. ->orderBy('created_at','desc')
  44. ->when($filter, function($q, $filter) {
  45. return $filter == 'open' ?
  46. $q->whereNull('admin_seen') :
  47. $q->whereNotNull('admin_seen');
  48. })
  49. ->paginate(6);
  50. });
  51. } else {
  52. $reports = Report::whereHas('status')
  53. ->whereHas('reportedUser')
  54. ->whereHas('reporter')
  55. ->orderBy('created_at','desc')
  56. ->when($filter, function($q, $filter) {
  57. return $filter == 'open' ?
  58. $q->whereNull('admin_seen') :
  59. $q->whereNotNull('admin_seen');
  60. })
  61. ->paginate(6);
  62. }
  63. return view('admin.reports.home', compact('reports', 'ai', 'spam', 'mailVerifications'));
  64. }
  65. public function showReport(Request $request, $id)
  66. {
  67. $report = Report::findOrFail($id);
  68. return view('admin.reports.show', compact('report'));
  69. }
  70. public function appeals(Request $request)
  71. {
  72. $appeals = AccountInterstitial::whereNotNull('appeal_requested_at')
  73. ->whereNull('appeal_handled_at')
  74. ->latest()
  75. ->paginate(6);
  76. return view('admin.reports.appeals', compact('appeals'));
  77. }
  78. public function showAppeal(Request $request, $id)
  79. {
  80. $appeal = AccountInterstitial::whereNotNull('appeal_requested_at')
  81. ->whereNull('appeal_handled_at')
  82. ->findOrFail($id);
  83. $meta = json_decode($appeal->meta);
  84. return view('admin.reports.show_appeal', compact('appeal', 'meta'));
  85. }
  86. public function spam(Request $request)
  87. {
  88. $this->validate($request, [
  89. 'tab' => 'sometimes|in:home,not-spam,spam,settings,custom,exemptions'
  90. ]);
  91. $tab = $request->input('tab', 'home');
  92. $openCount = Cache::remember('admin-dash:reports:spam-count', 3600, function() {
  93. return AccountInterstitial::whereType('post.autospam')
  94. ->whereNull('appeal_handled_at')
  95. ->count();
  96. });
  97. $monthlyCount = Cache::remember('admin-dash:reports:spam-count:30d', 43200, function() {
  98. return AccountInterstitial::whereType('post.autospam')
  99. ->where('created_at', '>', now()->subMonth())
  100. ->count();
  101. });
  102. $totalCount = Cache::remember('admin-dash:reports:spam-count:total', 43200, function() {
  103. return AccountInterstitial::whereType('post.autospam')->count();
  104. });
  105. $uncategorized = Cache::remember('admin-dash:reports:spam-sync', 3600, function() {
  106. return AccountInterstitial::whereType('post.autospam')
  107. ->whereIsSpam(null)
  108. ->whereNotNull('appeal_handled_at')
  109. ->exists();
  110. });
  111. $avg = Cache::remember('admin-dash:reports:spam-count:avg', 43200, function() {
  112. if(config('database.default') != 'mysql') {
  113. return 0;
  114. }
  115. return AccountInterstitial::selectRaw('*, count(id) as counter')
  116. ->whereType('post.autospam')
  117. ->groupBy('user_id')
  118. ->get()
  119. ->avg('counter');
  120. });
  121. $avgOpen = Cache::remember('admin-dash:reports:spam-count:avgopen', 43200, function() {
  122. if(config('database.default') != 'mysql') {
  123. return "0";
  124. }
  125. $seconds = AccountInterstitial::selectRaw('DATE(created_at) AS start_date, AVG(TIME_TO_SEC(TIMEDIFF(appeal_handled_at, created_at))) AS timediff')->whereType('post.autospam')->whereNotNull('appeal_handled_at')->where('created_at', '>', now()->subMonth())->get();
  126. if(!$seconds) {
  127. return "0";
  128. }
  129. $mins = floor($seconds->avg('timediff') / 60);
  130. if($mins < 60) {
  131. return $mins . ' min(s)';
  132. }
  133. if($mins < 2880) {
  134. return floor($mins / 60) . ' hour(s)';
  135. }
  136. return floor($mins / 60 / 24) . ' day(s)';
  137. });
  138. $avgCount = $totalCount && $avg ? floor($totalCount / $avg) : "0";
  139. if(in_array($tab, ['home', 'spam', 'not-spam'])) {
  140. $appeals = AccountInterstitial::whereType('post.autospam')
  141. ->when($tab, function($q, $tab) {
  142. switch($tab) {
  143. case 'home':
  144. return $q->whereNull('appeal_handled_at');
  145. break;
  146. case 'spam':
  147. return $q->whereIsSpam(true);
  148. break;
  149. case 'not-spam':
  150. return $q->whereIsSpam(false);
  151. break;
  152. }
  153. })
  154. ->latest()
  155. ->paginate(6);
  156. if($tab !== 'home') {
  157. $appeals = $appeals->appends(['tab' => $tab]);
  158. }
  159. } else {
  160. $appeals = new class {
  161. public function count() {
  162. return 0;
  163. }
  164. public function render() {
  165. return;
  166. }
  167. };
  168. }
  169. return view('admin.reports.spam', compact('tab', 'appeals', 'openCount', 'monthlyCount', 'totalCount', 'avgCount', 'avgOpen', 'uncategorized'));
  170. }
  171. public function showSpam(Request $request, $id)
  172. {
  173. $appeal = AccountInterstitial::whereType('post.autospam')
  174. ->findOrFail($id);
  175. $meta = json_decode($appeal->meta);
  176. return view('admin.reports.show_spam', compact('appeal', 'meta'));
  177. }
  178. public function fixUncategorizedSpam(Request $request)
  179. {
  180. if(Cache::get('admin-dash:reports:spam-sync-active')) {
  181. return redirect('/i/admin/reports/autospam');
  182. }
  183. Cache::put('admin-dash:reports:spam-sync-active', 1, 900);
  184. AccountInterstitial::chunk(500, function($reports) {
  185. foreach($reports as $report) {
  186. if($report->item_type != 'App\Status') {
  187. continue;
  188. }
  189. if($report->type != 'post.autospam') {
  190. continue;
  191. }
  192. if($report->is_spam != null) {
  193. continue;
  194. }
  195. $status = StatusService::get($report->item_id, false);
  196. if(!$status) {
  197. return;
  198. }
  199. $scope = $status['visibility'];
  200. $report->is_spam = $scope == 'unlisted';
  201. $report->in_violation = $report->is_spam;
  202. $report->severity_index = 1;
  203. $report->save();
  204. }
  205. });
  206. Cache::forget('admin-dash:reports:spam-sync');
  207. return redirect('/i/admin/reports/autospam');
  208. }
  209. public function updateSpam(Request $request, $id)
  210. {
  211. $this->validate($request, [
  212. 'action' => 'required|in:dismiss,approve,dismiss-all,approve-all,delete-account'
  213. ]);
  214. $action = $request->input('action');
  215. $appeal = AccountInterstitial::whereType('post.autospam')
  216. ->whereNull('appeal_handled_at')
  217. ->findOrFail($id);
  218. $meta = json_decode($appeal->meta);
  219. $res = ['status' => 'success'];
  220. $now = now();
  221. Cache::forget('admin-dash:reports:spam-count:total');
  222. Cache::forget('admin-dash:reports:spam-count:30d');
  223. if($action == 'delete-account') {
  224. if(config('pixelfed.account_deletion') == false) {
  225. abort(404);
  226. }
  227. $user = User::findOrFail($appeal->user_id);
  228. $profile = $user->profile;
  229. if($user->is_admin == true) {
  230. $mid = $request->user()->id;
  231. abort_if($user->id < $mid, 403);
  232. }
  233. $ts = now()->addMonth();
  234. $user->status = 'delete';
  235. $profile->status = 'delete';
  236. $user->delete_after = $ts;
  237. $profile->delete_after = $ts;
  238. $user->save();
  239. $profile->save();
  240. ModLogService::boot()
  241. ->objectUid($user->id)
  242. ->objectId($user->id)
  243. ->objectType('App\User::class')
  244. ->user($request->user())
  245. ->action('admin.user.delete')
  246. ->accessLevel('admin')
  247. ->save();
  248. Cache::forget('profiles:private');
  249. DeleteAccountPipeline::dispatch($user)->onQueue('high');
  250. return;
  251. }
  252. if($action == 'dismiss') {
  253. $appeal->is_spam = true;
  254. $appeal->appeal_handled_at = $now;
  255. $appeal->save();
  256. Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $appeal->user->profile_id);
  257. Cache::forget('pf:bouncer_v0:recent_by_pid:' . $appeal->user->profile_id);
  258. Cache::forget('admin-dash:reports:spam-count');
  259. return $res;
  260. }
  261. if($action == 'dismiss-all') {
  262. AccountInterstitial::whereType('post.autospam')
  263. ->whereItemType('App\Status')
  264. ->whereNull('appeal_handled_at')
  265. ->whereUserId($appeal->user_id)
  266. ->update(['appeal_handled_at' => $now, 'is_spam' => true]);
  267. Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $appeal->user->profile_id);
  268. Cache::forget('pf:bouncer_v0:recent_by_pid:' . $appeal->user->profile_id);
  269. Cache::forget('admin-dash:reports:spam-count');
  270. return $res;
  271. }
  272. if($action == 'approve-all') {
  273. AccountInterstitial::whereType('post.autospam')
  274. ->whereItemType('App\Status')
  275. ->whereNull('appeal_handled_at')
  276. ->whereUserId($appeal->user_id)
  277. ->get()
  278. ->each(function($report) use($meta) {
  279. $report->is_spam = false;
  280. $report->appeal_handled_at = now();
  281. $report->save();
  282. $status = Status::find($report->item_id);
  283. if($status) {
  284. $status->is_nsfw = $meta->is_nsfw;
  285. $status->scope = 'public';
  286. $status->visibility = 'public';
  287. $status->save();
  288. StatusService::del($status->id, true);
  289. }
  290. });
  291. Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $appeal->user->profile_id);
  292. Cache::forget('pf:bouncer_v0:recent_by_pid:' . $appeal->user->profile_id);
  293. Cache::forget('admin-dash:reports:spam-count');
  294. return $res;
  295. }
  296. $status = $appeal->status;
  297. $status->is_nsfw = $meta->is_nsfw;
  298. $status->scope = 'public';
  299. $status->visibility = 'public';
  300. $status->save();
  301. $appeal->is_spam = false;
  302. $appeal->appeal_handled_at = now();
  303. $appeal->save();
  304. StatusService::del($status->id);
  305. Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $appeal->user->profile_id);
  306. Cache::forget('pf:bouncer_v0:recent_by_pid:' . $appeal->user->profile_id);
  307. Cache::forget('admin-dash:reports:spam-count');
  308. return $res;
  309. }
  310. public function updateAppeal(Request $request, $id)
  311. {
  312. $this->validate($request, [
  313. 'action' => 'required|in:dismiss,approve'
  314. ]);
  315. $action = $request->input('action');
  316. $appeal = AccountInterstitial::whereNotNull('appeal_requested_at')
  317. ->whereNull('appeal_handled_at')
  318. ->findOrFail($id);
  319. if($action == 'dismiss') {
  320. $appeal->appeal_handled_at = now();
  321. $appeal->save();
  322. Cache::forget('admin-dash:reports:ai-count');
  323. return redirect('/i/admin/reports/appeals');
  324. }
  325. switch ($appeal->type) {
  326. case 'post.cw':
  327. $status = $appeal->status;
  328. $status->is_nsfw = false;
  329. $status->save();
  330. break;
  331. case 'post.unlist':
  332. $status = $appeal->status;
  333. $status->scope = 'public';
  334. $status->visibility = 'public';
  335. $status->save();
  336. break;
  337. default:
  338. # code...
  339. break;
  340. }
  341. $appeal->appeal_handled_at = now();
  342. $appeal->save();
  343. StatusService::del($status->id, true);
  344. Cache::forget('admin-dash:reports:ai-count');
  345. return redirect('/i/admin/reports/appeals');
  346. }
  347. public function updateReport(Request $request, $id)
  348. {
  349. $this->validate($request, [
  350. 'action' => 'required|string',
  351. ]);
  352. $action = $request->input('action');
  353. $actions = [
  354. 'ignore',
  355. 'cw',
  356. 'unlist',
  357. 'delete',
  358. 'shadowban',
  359. 'ban',
  360. ];
  361. if (!in_array($action, $actions)) {
  362. return abort(403);
  363. }
  364. $report = Report::findOrFail($id);
  365. $this->handleReportAction($report, $action);
  366. Cache::forget('admin-dash:reports:list-cache');
  367. return response()->json(['msg'=> 'Success']);
  368. }
  369. public function handleReportAction(Report $report, $action)
  370. {
  371. $item = $report->reported();
  372. $report->admin_seen = Carbon::now();
  373. switch ($action) {
  374. case 'ignore':
  375. $report->not_interested = true;
  376. break;
  377. case 'cw':
  378. Cache::forget('status:thumb:'.$item->id);
  379. $item->is_nsfw = true;
  380. $item->save();
  381. $report->nsfw = true;
  382. StatusService::del($item->id, true);
  383. break;
  384. case 'unlist':
  385. $item->visibility = 'unlisted';
  386. $item->save();
  387. Cache::forget('profiles:private');
  388. StatusService::del($item->id, true);
  389. break;
  390. case 'delete':
  391. // Todo: fire delete job
  392. $report->admin_seen = null;
  393. StatusService::del($item->id, true);
  394. break;
  395. case 'shadowban':
  396. // Todo: fire delete job
  397. $report->admin_seen = null;
  398. break;
  399. case 'ban':
  400. // Todo: fire delete job
  401. $report->admin_seen = null;
  402. break;
  403. default:
  404. $report->admin_seen = null;
  405. break;
  406. }
  407. $report->save();
  408. return $this;
  409. }
  410. protected function actionMap()
  411. {
  412. return [
  413. '1' => 'ignore',
  414. '2' => 'cw',
  415. '3' => 'unlist',
  416. '4' => 'delete',
  417. '5' => 'shadowban',
  418. '6' => 'ban'
  419. ];
  420. }
  421. public function bulkUpdateReport(Request $request)
  422. {
  423. $this->validate($request, [
  424. 'action' => 'required|integer|min:1|max:10',
  425. 'ids' => 'required|array'
  426. ]);
  427. $action = $this->actionMap()[$request->input('action')];
  428. $ids = $request->input('ids');
  429. $reports = Report::whereIn('id', $ids)->whereNull('admin_seen')->get();
  430. foreach($reports as $report) {
  431. $this->handleReportAction($report, $action);
  432. }
  433. $res = [
  434. 'message' => 'Success',
  435. 'code' => 200
  436. ];
  437. return response()->json($res);
  438. }
  439. public function reportMailVerifications(Request $request)
  440. {
  441. $ids = Redis::smembers('email:manual');
  442. $ignored = Redis::smembers('email:manual-ignored');
  443. $reports = [];
  444. if($ids) {
  445. $reports = collect($ids)
  446. ->filter(function($id) use($ignored) {
  447. return !in_array($id, $ignored);
  448. })
  449. ->map(function($id) {
  450. $user = User::whereProfileId($id)->first();
  451. if(!$user) {
  452. return [];
  453. }
  454. $account = AccountService::get($id);
  455. if(!$account) {
  456. return [];
  457. }
  458. $account['email'] = $user->email;
  459. return $account;
  460. })
  461. ->filter(function($res) {
  462. return $res && isset($res['id']);
  463. })
  464. ->values();
  465. }
  466. return view('admin.reports.mail_verification', compact('reports', 'ignored'));
  467. }
  468. public function reportMailVerifyIgnore(Request $request)
  469. {
  470. $id = $request->input('id');
  471. Redis::sadd('email:manual-ignored', $id);
  472. return redirect('/i/admin/reports');
  473. }
  474. public function reportMailVerifyApprove(Request $request)
  475. {
  476. $id = $request->input('id');
  477. $user = User::whereProfileId($id)->firstOrFail();
  478. Redis::srem('email:manual', $id);
  479. Redis::srem('email:manual-ignored', $id);
  480. $user->email_verified_at = now();
  481. $user->save();
  482. return redirect('/i/admin/reports');
  483. }
  484. public function reportMailVerifyClearIgnored(Request $request)
  485. {
  486. Redis::del('email:manual-ignored');
  487. return [200];
  488. }
  489. }