feat: moderation dashboard

apps/meteor/app/api/server/index.ts

@@ -47,5 +47,6 @@ import './v1/voip/extensions';
 import './v1/voip/queues';
 import './v1/voip/omnichannel';
 import './v1/voip';
+import './v1/moderation';
 
 export { API, APIClass, defaultRateLimiterOptions } from './api';

apps/meteor/app/api/server/v1/chat.ts

@@ -4,6 +4,7 @@ import { Messages, Users, Rooms, Subscriptions } from '@rocket.chat/models';
 import { escapeRegExp } from '@rocket.chat/string-helpers';
 import { Message } from '@rocket.chat/core-services';
 import type { IMessage } from '@rocket.chat/core-typings';
+import { isChatReportMessageProps } from '@rocket.chat/rest-typings';
 
 import { roomAccessAttributes } from '../../../authorization/server';
 import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
@@ -17,6 +18,7 @@ import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
 import { getPaginationItems } from '../helpers/getPaginationItems';
 import { canAccessRoomAsync, canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom';
 import { canSendMessageAsync } from '../../../authorization/server/functions/canSendMessage';
+import { reportMessage } from '../../../../server/lib/moderation/reportMessage';
 
 API.v1.addRoute(
 	'chat.delete',
@@ -359,7 +361,7 @@ API.v1.addRoute(
 
 API.v1.addRoute(
 	'chat.reportMessage',
-	{ authRequired: true },
+	{ authRequired: true, validateParams: isChatReportMessageProps },
 	{
 		async post() {
 			const { messageId, description } = this.bodyParams;
@@ -371,7 +373,7 @@ API.v1.addRoute(
 				return API.v1.failure('The required "description" param is missing.');
 			}
 
-			await Meteor.callAsync('reportMessage', messageId, description);
+			await reportMessage(messageId, description, this.userId);
 
 			return API.v1.success();
 		},

apps/meteor/app/api/server/v1/moderation.ts

@@ -0,0 +1,240 @@
+import {
+	isReportHistoryProps,
+	isArchiveReportProps,
+	isReportInfoParams,
+	isReportMessageHistoryParams,
+	isModerationDeleteMsgHistoryParams,
+	isReportsByMsgIdParams,
+} from '@rocket.chat/rest-typings';
+import { ModerationReports, Users, Messages } from '@rocket.chat/models';
+import type { IModerationReport } from '@rocket.chat/core-typings';
+
+import { API } from '../api';
+import { deleteReportedMessages } from '../../../../server/lib/moderation/deleteReportedMessages';
+import { getPaginationItems } from '../helpers/getPaginationItems';
+
+type ReportMessage = Pick<IModerationReport, '_id' | 'message' | 'ts' | 'room'>;
+
+API.v1.addRoute(
+	'moderation.reportsByUsers',
+	{
+		authRequired: true,
+		validateParams: isReportHistoryProps,
+		permissionsRequired: ['view-moderation-console'],
+	},
+	{
+		async get() {
+			const { latest: _latest, oldest: _oldest, selector = '' } = this.queryParams;
+
+			const { count = 20, offset = 0 } = await getPaginationItems(this.queryParams);
+			const { sort } = await this.parseJsonQuery();
+
+			const latest = _latest ? new Date(_latest) : new Date();
+			const oldest = _oldest ? new Date(_oldest) : new Date(0);
+
+			const reports = await ModerationReports.findReportsGroupedByUser(latest, oldest, selector, { offset, count, sort }).toArray();
+
+			if (reports.length === 0) {
+				return API.v1.success({
+					reports,
+					count: 0,
+					offset,
+					total: 0,
+				});
+			}
+
+			const total = await ModerationReports.countReportsInRange(latest, oldest, selector);
+
+			return API.v1.success({
+				reports,
+				count: reports.length,
+				offset,
+				total,
+			});
+		},
+	},
+);
+
+API.v1.addRoute(
+	'moderation.user.reportedMessages',
+	{
+		authRequired: true,
+		validateParams: isReportMessageHistoryParams,
+		permissionsRequired: ['view-moderation-console'],
+	},
+	{
+		async get() {
+			const { userId, selector = '' } = this.queryParams;
+
+			const { sort } = await this.parseJsonQuery();
+
+			const { count = 50, offset = 0 } = await getPaginationItems(this.queryParams);
+
+			const user = await Users.findOneById(userId, { projection: { _id: 1 } });
+			if (!user) {
+				return API.v1.failure('error-invalid-user');
+			}
+
+			const { cursor, totalCount } = ModerationReports.findReportedMessagesByReportedUserId(userId, selector, { offset, count, sort });
+
+			const [reports, total] = await Promise.all([cursor.toArray(), totalCount]);
+
+			const uniqueMessages: ReportMessage[] = [];
+			const visited = new Set<string>();
+			for (const report of reports) {
+				if (visited.has(report.message._id)) {
+					continue;
+				}
+				visited.add(report.message._id);
+				uniqueMessages.push(report);
+			}
+
+			return API.v1.success({
+				messages: uniqueMessages,
+				count: reports.length,
+				total,
+				offset,
+			});
+		},
+	},
+);
+
+API.v1.addRoute(
+	'moderation.user.deleteReportedMessages',
+	{
+		authRequired: true,
+		validateParams: isModerationDeleteMsgHistoryParams,
+		permissionsRequired: ['manage-moderation-actions'],
+	},
+	{
+		async post() {
+			// TODO change complicated params
+			const { userId, reason } = this.bodyParams;
+
+			const sanitizedReason = reason?.trim() ? reason : 'No reason provided';
+
+			const { user: moderator } = this;
+
+			const { count = 50, offset = 0 } = await getPaginationItems(this.queryParams);
+
+			const user = await Users.findOneById(userId, { projection: { _id: 1 } });
+			if (!user) {
+				return API.v1.failure('error-invalid-user');
+			}
+
+			const { cursor, totalCount } = ModerationReports.findReportedMessagesByReportedUserId(userId, '', {
+				offset,
+				count,
+				sort: { ts: -1 },
+			});
+
+			const [messages, total] = await Promise.all([cursor.toArray(), totalCount]);
+
+			if (total === 0) {
+				return API.v1.failure('No reported messages found for this user.');
+			}
+
+			await deleteReportedMessages(
+				messages.map((message) => message.message),
+				moderator,
+			);
+
+			await ModerationReports.hideReportsByUserId(userId, this.userId, sanitizedReason, 'DELETE Messages');
+
+			return API.v1.success();
+		},
+	},
+);
+
+API.v1.addRoute(
+	'moderation.dismissReports',
+	{
+		authRequired: true,
+		validateParams: isArchiveReportProps,
+		permissionsRequired: ['manage-moderation-actions'],
+	},
+	{
+		async post() {
+			// TODO change complicated camelcases to simple verbs/nouns
+			const { userId, msgId, reason, action: actionParam } = this.bodyParams;
+
+			if (userId) {
+				const user = await Users.findOneById(userId, { projection: { _id: 1 } });
+				if (!user) {
+					return API.v1.failure('user-not-found');
+				}
+			}
+
+			if (msgId) {
+				const message = await Messages.findOneById(msgId, { projection: { _id: 1 } });
+				if (!message) {
+					return API.v1.failure('error-message-not-found');
+				}
+			}
+
+			const sanitizedReason: string = reason?.trim() ? reason : 'No reason provided';
+			const action: string = actionParam ?? 'None';
+
+			const { userId: moderatorId } = this;
+
+			if (userId) {
+				await ModerationReports.hideReportsByUserId(userId, moderatorId, sanitizedReason, action);
+			} else {
+				await ModerationReports.hideReportsByMessageId(msgId as string, moderatorId, sanitizedReason, action);
+			}
+
+			return API.v1.success();
+		},
+	},
+);
+
+API.v1.addRoute(
+	'moderation.reports',
+	{
+		authRequired: true,
+		validateParams: isReportsByMsgIdParams,
+		permissionsRequired: ['view-moderation-console'],
+	},
+	{
+		async get() {
+			const { msgId } = this.queryParams;
+
+			const { count = 50, offset = 0 } = await getPaginationItems(this.queryParams);
+			const { sort } = await this.parseJsonQuery();
+			const { selector = '' } = this.queryParams;
+
+			const { cursor, totalCount } = ModerationReports.findReportsByMessageId(msgId, selector, { count, sort, offset });
+
+			const [reports, total] = await Promise.all([cursor.toArray(), totalCount]);
+
+			return API.v1.success({
+				reports,
+				count: reports.length,
+				offset,
+				total,
+			});
+		},
+	},
+);
+
+API.v1.addRoute(
+	'moderation.reportInfo',
+	{
+		authRequired: true,
+		permissionsRequired: ['view-moderation-console'],
+		validateParams: isReportInfoParams,
+	},
+	{
+		async get() {
+			const { reportId } = this.queryParams;
+
+			const report = await ModerationReports.findOneById(reportId);
+
+			if (!report) {
+				return API.v1.failure('error-report-not-found');
+			}
+
+			return API.v1.success({ report });
+		},
+	},
+);

apps/meteor/app/api/server/v1/users.ts

@@ -337,7 +337,10 @@ API.v1.addRoute(
 	{ authRequired: true, validateParams: isUserSetActiveStatusParamsPOST },
 	{
 		async post() {
-			if (!(await hasPermissionAsync(this.userId, 'edit-other-user-active-status'))) {
+			if (
+				!(await hasPermissionAsync(this.userId, 'edit-other-user-active-status')) &&
+				!(await hasPermissionAsync(this.userId, 'manage-moderation-actions'))
+			) {
 				return API.v1.unauthorized();
 			}
 
@@ -585,7 +588,10 @@ API.v1.addRoute(
 
 			if (settings.get('Accounts_AllowUserAvatarChange') && user._id === this.userId) {
 				await Meteor.callAsync('resetAvatar');
-			} else if (await hasPermissionAsync(this.userId, 'edit-other-user-avatar')) {
+			} else if (
+				(await hasPermissionAsync(this.userId, 'edit-other-user-avatar')) ||
+				(await hasPermissionAsync(this.userId, 'manage-moderation-actions'))
+			) {
 				await Meteor.callAsync('resetAvatar', user._id);
 			} else {
 				throw new Meteor.Error('error-not-allowed', 'Reset avatar is not allowed', {

apps/meteor/app/apps/server/bridges/bridges.js

@@ -21,6 +21,7 @@ import { AppSchedulerBridge } from './scheduler';
 import { AppVideoConferenceBridge } from './videoConferences';
 import { AppOAuthAppsBridge } from './oauthApps';
 import { AppInternalFederationBridge } from './internalFederation';
+import { AppModerationBridge } from './moderation';
 
 export class RealAppBridges extends AppBridges {
 	constructor(orch) {
@@ -47,6 +48,7 @@ export class RealAppBridges extends AppBridges {
 		this._videoConfBridge = new AppVideoConferenceBridge(orch);
 		this._oAuthBridge = new AppOAuthAppsBridge(orch);
 		this._internalFedBridge = new AppInternalFederationBridge(orch);
+		this._moderationBridge = new AppModerationBridge(orch);
 	}
 
 	getCommandBridge() {
@@ -132,4 +134,8 @@ export class RealAppBridges extends AppBridges {
 	getInternalFederationBridge() {
 		return this._internalFedBridge;
 	}
+
+	getModerationBridge() {
+		return this._moderationBridge;
+	}
 }

apps/meteor/app/apps/server/bridges/messages.ts

@@ -10,6 +10,7 @@ import { updateMessage } from '../../../lib/server/functions/updateMessage';
 import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
 import notifications from '../../../notifications/server/lib/Notifications';
 import type { AppServerOrchestrator } from '../../../../ee/server/apps/orchestrator';
+import { deleteMessage } from '../../../lib/server';
 
 export class AppMessageBridge extends MessageBridge {
 	// eslint-disable-next-line no-empty-function
@@ -54,6 +55,19 @@ export class AppMessageBridge extends MessageBridge {
 		await updateMessage(msg, editor);
 	}
 
+	protected async delete(message: IMessage, user: IUser, appId: string): Promise<void> {
+		this.orch.debugLog(`The App ${appId} is deleting a message.`);
+
+		if (!message.id) {
+			throw new Error('Invalid message id');
+		}
+
+		const convertedMsg = await this.orch.getConverters()?.get('messages').convertAppMessage(message);
+		const convertedUser = await this.orch.getConverters()?.get('users').convertById(user.id);
+
+		await deleteMessage(convertedMsg, convertedUser);
+	}
+
 	protected async notifyUser(user: IUser, message: IMessage, appId: string): Promise<void> {
 		this.orch.debugLog(`The App ${appId} is notifying a user.`);