<?php namespace App\Http\Controllers\Admin; use App\AccountInterstitial; use App\Http\Resources\Admin\AdminModeratedProfileResource; use App\Http\Resources\AdminRemoteReport; use App\Http\Resources\AdminReport; use App\Http\Resources\AdminSpamReport; use App\Jobs\DeletePipeline\DeleteAccountPipeline; use App\Jobs\DeletePipeline\DeleteRemoteProfilePipeline; use App\Jobs\StatusPipeline\RemoteStatusDelete; use App\Jobs\StatusPipeline\StatusDelete; use App\Jobs\StoryPipeline\StoryDelete; use App\Models\ModeratedProfile; use App\Models\RemoteReport; use App\Notification; use App\Profile; use App\Report; use App\Services\AccountService; use App\Services\ModLogService; use App\Services\NetworkTimelineService; use App\Services\NotificationService; use App\Services\PublicTimelineService; use App\Services\StatusService; use App\Status; use App\Story; use App\User; use App\Util\ActivityPub\Helpers; use Cache; use Carbon\Carbon; use Illuminate\Http\Request; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Redis; use Storage; trait AdminReportController { public function reports(Request $request) { $filter = $request->input('filter') == 'closed' ? 'closed' : 'open'; $page = $request->input('page') ?? 1; $ai = Cache::remember('admin-dash:reports:ai-count', 3600, function () { return AccountInterstitial::whereNotNull('appeal_requested_at')->whereNull('appeal_handled_at')->count(); }); $spam = Cache::remember('admin-dash:reports:spam-count', 3600, function () { return AccountInterstitial::whereType('post.autospam')->whereNull('appeal_handled_at')->count(); }); $mailVerifications = Redis::scard('email:manual'); if ($filter == 'open' && $page == 1) { $reports = Cache::remember('admin-dash:reports:list-cache', 300, function () use ($filter) { return Report::whereHas('status') ->whereHas('reportedUser') ->whereHas('reporter') ->orderBy('created_at', 'desc') ->when($filter, function ($q, $filter) { return $filter == 'open' ? $q->whereNull('admin_seen') : $q->whereNotNull('admin_seen'); }) ->paginate(6); }); } else { $reports = Report::whereHas('status') ->whereHas('reportedUser') ->whereHas('reporter') ->orderBy('created_at', 'desc') ->when($filter, function ($q, $filter) { return $filter == 'open' ? $q->whereNull('admin_seen') : $q->whereNotNull('admin_seen'); }) ->paginate(6); } return view('admin.reports.home', compact('reports', 'ai', 'spam', 'mailVerifications')); } public function showReport(Request $request, $id) { $report = Report::with('status')->findOrFail($id); if ($request->has('ref') && $request->input('ref') == 'email') { return redirect('/i/admin/reports?tab=report&id='.$report->id); } return view('admin.reports.show', compact('report')); } public function appeals(Request $request) { $appeals = AccountInterstitial::whereNotNull('appeal_requested_at') ->whereNull('appeal_handled_at') ->latest() ->paginate(6); return view('admin.reports.appeals', compact('appeals')); } public function showAppeal(Request $request, $id) { $appeal = AccountInterstitial::whereNotNull('appeal_requested_at') ->whereNull('appeal_handled_at') ->findOrFail($id); $meta = json_decode($appeal->meta); return view('admin.reports.show_appeal', compact('appeal', 'meta')); } public function spam(Request $request) { $this->validate($request, [ 'tab' => 'sometimes|in:home,not-spam,spam,settings,custom,exemptions', ]); $tab = $request->input('tab', 'home'); $openCount = Cache::remember('admin-dash:reports:spam-count', 3600, function () { return AccountInterstitial::whereType('post.autospam') ->whereNull('appeal_handled_at') ->count(); }); $monthlyCount = Cache::remember('admin-dash:reports:spam-count:30d', 43200, function () { return AccountInterstitial::whereType('post.autospam') ->where('created_at', '>', now()->subMonth()) ->count(); }); $totalCount = Cache::remember('admin-dash:reports:spam-count:total', 43200, function () { return AccountInterstitial::whereType('post.autospam')->count(); }); $uncategorized = Cache::remember('admin-dash:reports:spam-sync', 3600, function () { return AccountInterstitial::whereType('post.autospam') ->whereIsSpam(null) ->whereNotNull('appeal_handled_at') ->exists(); }); $avg = Cache::remember('admin-dash:reports:spam-count:avg', 43200, function () { if (config('database.default') != 'mysql') { return 0; } return AccountInterstitial::selectRaw('*, count(id) as counter') ->whereType('post.autospam') ->groupBy('user_id') ->get() ->avg('counter'); }); $avgOpen = Cache::remember('admin-dash:reports:spam-count:avgopen', 43200, function () { if (config('database.default') != 'mysql') { return '0'; } $seconds = AccountInterstitial::selectRaw('DATE(created_at) AS start_date, AVG(TIME_TO_SEC(TIMEDIFF(appeal_handled_at, created_at))) AS timediff')->whereType('post.autospam')->whereNotNull('appeal_handled_at')->where('created_at', '>', now()->subMonth())->get(); if (! $seconds) { return '0'; } $mins = floor($seconds->avg('timediff') / 60); if ($mins < 60) { return $mins.' min(s)'; } if ($mins < 2880) { return floor($mins / 60).' hour(s)'; } return floor($mins / 60 / 24).' day(s)'; }); $avgCount = $totalCount && $avg ? floor($totalCount / $avg) : '0'; if (in_array($tab, ['home', 'spam', 'not-spam'])) { $appeals = AccountInterstitial::whereType('post.autospam') ->when($tab, function ($q, $tab) { switch ($tab) { case 'home': return $q->whereNull('appeal_handled_at'); break; case 'spam': return $q->whereIsSpam(true); break; case 'not-spam': return $q->whereIsSpam(false); break; } }) ->latest() ->paginate(6); if ($tab !== 'home') { $appeals = $appeals->appends(['tab' => $tab]); } } else { $appeals = new class { public function count() { return 0; } public function render() {} }; } return view('admin.reports.spam', compact('tab', 'appeals', 'openCount', 'monthlyCount', 'totalCount', 'avgCount', 'avgOpen', 'uncategorized')); } public function showSpam(Request $request, $id) { $appeal = AccountInterstitial::whereType('post.autospam') ->findOrFail($id); if ($request->has('ref') && $request->input('ref') == 'email') { return redirect('/i/admin/reports?tab=autospam&id='.$appeal->id); } $meta = json_decode($appeal->meta); return view('admin.reports.show_spam', compact('appeal', 'meta')); } public function fixUncategorizedSpam(Request $request) { if (Cache::get('admin-dash:reports:spam-sync-active')) { return redirect('/i/admin/reports/autospam'); } Cache::put('admin-dash:reports:spam-sync-active', 1, 900); AccountInterstitial::chunk(500, function ($reports) { foreach ($reports as $report) { if ($report->item_type != 'App\Status') { continue; } if ($report->type != 'post.autospam') { continue; } if ($report->is_spam != null) { continue; } $status = StatusService::get($report->item_id, false); if (! $status) { return; } $scope = $status['visibility']; $report->is_spam = $scope == 'unlisted'; $report->in_violation = $report->is_spam; $report->severity_index = 1; $report->save(); } }); Cache::forget('admin-dash:reports:spam-sync'); return redirect('/i/admin/reports/autospam'); } public function updateSpam(Request $request, $id) { $this->validate($request, [ 'action' => 'required|in:dismiss,approve,dismiss-all,approve-all,delete-account,mark-spammer', ]); $action = $request->input('action'); $appeal = AccountInterstitial::whereType('post.autospam') ->whereNull('appeal_handled_at') ->findOrFail($id); $meta = json_decode($appeal->meta); $res = ['status' => 'success']; $now = now(); Cache::forget('admin-dash:reports:spam-count:total'); Cache::forget('admin-dash:reports:spam-count:30d'); if ($action == 'delete-account') { if (config('pixelfed.account_deletion') == false) { abort(404); } $user = User::findOrFail($appeal->user_id); $profile = $user->profile; if ($user->is_admin == true) { $mid = $request->user()->id; abort_if($user->id < $mid, 403); } $ts = now()->addMonth(); $user->status = 'delete'; $profile->status = 'delete'; $user->delete_after = $ts; $profile->delete_after = $ts; $user->save(); $profile->save(); ModLogService::boot() ->objectUid($user->id) ->objectId($user->id) ->objectType('App\User::class') ->user($request->user()) ->action('admin.user.delete') ->accessLevel('admin') ->save(); Cache::forget('profiles:private'); DeleteAccountPipeline::dispatch($user); return; } if ($action == 'dismiss') { $appeal->is_spam = true; $appeal->appeal_handled_at = $now; $appeal->save(); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$appeal->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$appeal->user->profile_id); Cache::forget('admin-dash:reports:spam-count'); return $res; } if ($action == 'dismiss-all') { AccountInterstitial::whereType('post.autospam') ->whereItemType('App\Status') ->whereNull('appeal_handled_at') ->whereUserId($appeal->user_id) ->update(['appeal_handled_at' => $now, 'is_spam' => true]); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$appeal->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$appeal->user->profile_id); Cache::forget('admin-dash:reports:spam-count'); return $res; } if ($action == 'approve-all') { AccountInterstitial::whereType('post.autospam') ->whereItemType('App\Status') ->whereNull('appeal_handled_at') ->whereUserId($appeal->user_id) ->get() ->each(function ($report) use ($meta) { $report->is_spam = false; $report->appeal_handled_at = now(); $report->save(); $status = Status::find($report->item_id); if ($status) { $status->is_nsfw = $meta->is_nsfw; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); StatusService::del($status->id, true); } }); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$appeal->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$appeal->user->profile_id); Cache::forget('admin-dash:reports:spam-count'); return $res; } if ($action == 'mark-spammer') { AccountInterstitial::whereType('post.autospam') ->whereItemType('App\Status') ->whereNull('appeal_handled_at') ->whereUserId($appeal->user_id) ->update(['appeal_handled_at' => $now, 'is_spam' => true]); $pro = Profile::whereUserId($appeal->user_id)->firstOrFail(); $pro->update([ 'unlisted' => true, 'cw' => true, 'no_autolink' => true, ]); Status::whereProfileId($pro->id) ->get() ->each(function ($report) { $status->is_nsfw = $meta->is_nsfw; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); StatusService::del($status->id, true); }); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$appeal->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$appeal->user->profile_id); Cache::forget('admin-dash:reports:spam-count'); return $res; } $status = $appeal->status; $status->is_nsfw = $meta->is_nsfw; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); $appeal->is_spam = false; $appeal->appeal_handled_at = now(); $appeal->save(); StatusService::del($status->id); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$appeal->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$appeal->user->profile_id); Cache::forget('admin-dash:reports:spam-count'); return $res; } public function updateAppeal(Request $request, $id) { $this->validate($request, [ 'action' => 'required|in:dismiss,approve', ]); $action = $request->input('action'); $appeal = AccountInterstitial::whereNotNull('appeal_requested_at') ->whereNull('appeal_handled_at') ->findOrFail($id); if ($action == 'dismiss') { $appeal->appeal_handled_at = now(); $appeal->save(); Cache::forget('admin-dash:reports:ai-count'); return redirect('/i/admin/reports/appeals'); } switch ($appeal->type) { case 'post.cw': $status = $appeal->status; $status->is_nsfw = false; $status->save(); break; case 'post.unlist': $status = $appeal->status; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); break; default: // code... break; } $appeal->appeal_handled_at = now(); $appeal->save(); StatusService::del($status->id, true); Cache::forget('admin-dash:reports:ai-count'); return redirect('/i/admin/reports/appeals'); } public function updateReport(Request $request, $id) { $this->validate($request, [ 'action' => 'required|string', ]); $action = $request->input('action'); $actions = [ 'ignore', 'cw', 'unlist', 'delete', 'shadowban', 'ban', ]; if (! in_array($action, $actions)) { return abort(403); } $report = Report::findOrFail($id); $this->handleReportAction($report, $action); Cache::forget('admin-dash:reports:list-cache'); return response()->json(['msg' => 'Success']); } public function handleReportAction(Report $report, $action) { $item = $report->reported(); $report->admin_seen = Carbon::now(); switch ($action) { case 'ignore': $report->not_interested = true; break; case 'cw': Cache::forget('status:thumb:'.$item->id); $item->is_nsfw = true; $item->save(); $report->nsfw = true; StatusService::del($item->id, true); break; case 'unlist': $item->visibility = 'unlisted'; $item->save(); Cache::forget('profiles:private'); StatusService::del($item->id, true); break; case 'delete': // Todo: fire delete job $report->admin_seen = null; StatusService::del($item->id, true); break; case 'shadowban': // Todo: fire delete job $report->admin_seen = null; break; case 'ban': // Todo: fire delete job $report->admin_seen = null; break; default: $report->admin_seen = null; break; } $report->save(); return $this; } protected function actionMap() { return [ '1' => 'ignore', '2' => 'cw', '3' => 'unlist', '4' => 'delete', '5' => 'shadowban', '6' => 'ban', ]; } public function bulkUpdateReport(Request $request) { $this->validate($request, [ 'action' => 'required|integer|min:1|max:10', 'ids' => 'required|array', ]); $action = $this->actionMap()[$request->input('action')]; $ids = $request->input('ids'); $reports = Report::whereIn('id', $ids)->whereNull('admin_seen')->get(); foreach ($reports as $report) { $this->handleReportAction($report, $action); } $res = [ 'message' => 'Success', 'code' => 200, ]; return response()->json($res); } public function reportMailVerifications(Request $request) { $ids = Redis::smembers('email:manual'); $ignored = Redis::smembers('email:manual-ignored'); $reports = []; if ($ids) { $reports = collect($ids) ->filter(function ($id) use ($ignored) { return ! in_array($id, $ignored); }) ->map(function ($id) { $user = User::whereProfileId($id)->first(); if (! $user || $user->email_verified_at) { return []; } $account = AccountService::get($id, true); if (! $account) { return []; } $account['email'] = $user->email; return $account; }) ->filter(function ($res) { return $res && isset($res['id']); }) ->values(); } return view('admin.reports.mail_verification', compact('reports', 'ignored')); } public function reportMailVerifyIgnore(Request $request) { $id = $request->input('id'); Redis::sadd('email:manual-ignored', $id); return redirect('/i/admin/reports'); } public function reportMailVerifyApprove(Request $request) { $id = $request->input('id'); $user = User::whereProfileId($id)->firstOrFail(); Redis::srem('email:manual', $id); Redis::srem('email:manual-ignored', $id); $user->email_verified_at = now(); $user->save(); return redirect('/i/admin/reports'); } public function reportMailVerifyClearIgnored(Request $request) { Redis::del('email:manual-ignored'); return [200]; } public function reportsStats(Request $request) { $stats = [ 'total' => Report::count(), 'open' => Report::whereNull('admin_seen')->count(), 'closed' => Report::whereNotNull('admin_seen')->count(), 'autospam' => AccountInterstitial::whereType('post.autospam')->count(), 'autospam_open' => AccountInterstitial::whereType('post.autospam')->whereNull(['appeal_handled_at'])->count(), 'appeals' => AccountInterstitial::whereNotNull('appeal_requested_at')->whereNull('appeal_handled_at')->count(), 'remote_open' => RemoteReport::whereNull('action_taken_at')->count(), 'email_verification_requests' => Redis::scard('email:manual'), ]; return $stats; } public function reportsApiAll(Request $request) { $filter = $request->input('filter') == 'closed' ? 'closed' : 'open'; $reports = AdminReport::collection( Report::orderBy('id', 'desc') ->when($filter, function ($q, $filter) { return $filter == 'open' ? $q->whereNull('admin_seen') : $q->whereNotNull('admin_seen'); }) ->groupBy(['id', 'object_id', 'object_type', 'profile_id']) ->cursorPaginate(6) ->withQueryString() ); return $reports; } public function reportsApiRemote(Request $request) { $filter = $request->input('filter') == 'closed' ? 'closed' : 'open'; $reports = AdminRemoteReport::collection( RemoteReport::orderBy('id', 'desc') ->when($filter, function ($q, $filter) { return $filter == 'open' ? $q->whereNull('action_taken_at') : $q->whereNotNull('action_taken_at'); }) ->cursorPaginate(6) ->withQueryString() ); return $reports; } public function reportsApiGet(Request $request, $id) { $report = Report::findOrFail($id); return new AdminReport($report); } public function reportsApiHandle(Request $request) { $this->validate($request, [ 'object_id' => 'required', 'object_type' => 'required', 'id' => 'required', 'action' => 'required|in:ignore,nsfw,unlist,private,delete,delete-all', 'action_type' => 'required|in:post,profile,story', ]); $report = Report::whereObjectId($request->input('object_id'))->findOrFail($request->input('id')); if ($request->input('action_type') === 'profile') { return $this->reportsHandleProfileAction($report, $request->input('action')); } elseif ($request->input('action_type') === 'post') { return $this->reportsHandleStatusAction($report, $request->input('action')); } elseif ($request->input('action_type') === 'story') { return $this->reportsHandleStoryAction($report, $request->input('action')); } return $report; } protected function reportsHandleStoryAction($report, $action) { switch ($action) { case 'ignore': Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'delete': $profile = Profile::find($report->reported_profile_id); $story = Story::whereProfileId($profile->id)->find($report->object_id); abort_if(! $story, 400, 'Invalid or missing story'); $story->active = false; $story->save(); ModLogService::boot() ->objectUid($profile->id) ->objectId($report->object_id) ->objectType('App\Story::class') ->user(request()->user()) ->action('admin.user.moderate') ->metadata([ 'action' => 'delete', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); StoryDelete::dispatch($story)->onQueue('story'); return [200]; break; case 'delete-all': $profile = Profile::find($report->reported_profile_id); $stories = Story::whereProfileId($profile->id)->whereActive(true)->get(); abort_if(! $stories || ! $stories->count(), 400, 'Invalid or missing stories'); ModLogService::boot() ->objectUid($profile->id) ->objectId($report->object_id) ->objectType('App\Story::class') ->user(request()->user()) ->action('admin.user.moderate') ->metadata([ 'action' => 'delete-all', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::where('reported_profile_id', $profile->id) ->whereObjectType('App\Story') ->whereNull('admin_seen') ->update([ 'admin_seen' => now(), ]); $stories->each(function ($story) { StoryDelete::dispatch($story)->onQueue('story'); }); return [200]; break; } } protected function reportsHandleProfileAction($report, $action) { switch ($action) { case 'ignore': Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'nsfw': if ($report->object_type === 'App\Profile') { $profile = Profile::find($report->object_id); } elseif ($report->object_type === 'App\Status') { $status = Status::find($report->object_id); if (! $status) { return [200]; } $profile = Profile::find($status->profile_id); } if (! $profile) { return; } abort_if($profile->user && $profile->user->is_admin, 400, 'Cannot moderate an admin account.'); $profile->cw = true; $profile->save(); if ($profile->remote_url) { ModeratedProfile::updateOrCreate([ 'profile_url' => $profile->remote_url, 'profile_id' => $profile->id, ], [ 'is_nsfw' => true, 'domain' => $profile->domain, ]); } foreach (Status::whereProfileId($profile->id)->cursor() as $status) { $status->is_nsfw = true; $status->save(); StatusService::del($status->id); PublicTimelineService::rem($status->id); } ModLogService::boot() ->objectUid($profile->id) ->objectId($profile->id) ->objectType('App\Profile::class') ->user(request()->user()) ->action('admin.user.moderate') ->metadata([ 'action' => 'cw', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'nsfw' => true, 'admin_seen' => now(), ]); return [200]; break; case 'unlist': if ($report->object_type === 'App\Profile') { $profile = Profile::find($report->object_id); } elseif ($report->object_type === 'App\Status') { $status = Status::find($report->object_id); if (! $status) { return [200]; } $profile = Profile::find($status->profile_id); } if (! $profile) { return; } abort_if($profile->user && $profile->user->is_admin, 400, 'Cannot moderate an admin account.'); $profile->unlisted = true; $profile->save(); if ($profile->remote_url) { ModeratedProfile::updateOrCreate([ 'profile_url' => $profile->remote_url, 'profile_id' => $profile->id, ], [ 'is_unlisted' => true, 'domain' => $profile->domain, ]); } foreach (Status::whereProfileId($profile->id)->whereScope('public')->cursor() as $status) { $status->scope = 'unlisted'; $status->visibility = 'unlisted'; $status->save(); StatusService::del($status->id); PublicTimelineService::rem($status->id); } ModLogService::boot() ->objectUid($profile->id) ->objectId($profile->id) ->objectType('App\Profile::class') ->user(request()->user()) ->action('admin.user.moderate') ->metadata([ 'action' => 'unlisted', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'private': if ($report->object_type === 'App\Profile') { $profile = Profile::find($report->object_id); } elseif ($report->object_type === 'App\Status') { $status = Status::find($report->object_id); if (! $status) { return [200]; } $profile = Profile::find($status->profile_id); } if (! $profile) { return; } abort_if($profile->user && $profile->user->is_admin, 400, 'Cannot moderate an admin account.'); $profile->unlisted = true; $profile->save(); if ($profile->remote_url) { ModeratedProfile::updateOrCreate([ 'profile_url' => $profile->remote_url, 'profile_id' => $profile->id, ], [ 'is_unlisted' => true, 'domain' => $profile->domain, ]); } foreach (Status::whereProfileId($profile->id)->cursor() as $status) { $status->scope = 'private'; $status->visibility = 'private'; $status->save(); StatusService::del($status->id); PublicTimelineService::rem($status->id); } ModLogService::boot() ->objectUid($profile->id) ->objectId($profile->id) ->objectType('App\Profile::class') ->user(request()->user()) ->action('admin.user.moderate') ->metadata([ 'action' => 'private', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'delete': if (config('pixelfed.account_deletion') == false) { abort(404); } if ($report->object_type === 'App\Profile') { $profile = Profile::find($report->object_id); } elseif ($report->object_type === 'App\Status') { $status = Status::find($report->object_id); if (! $status) { return [200]; } $profile = Profile::find($status->profile_id); } if (! $profile) { return; } abort_if($profile->user && $profile->user->is_admin, 400, 'Cannot delete an admin account.'); $ts = now()->addMonth(); if ($profile->remote_url) { ModeratedProfile::updateOrCreate([ 'profile_url' => $profile->remote_url, 'profile_id' => $profile->id, ], [ 'is_banned' => true, 'domain' => $profile->domain, ]); } if ($profile->user_id) { $user = $profile->user; abort_if($user->is_admin, 403, 'You cannot delete admin accounts.'); $user->status = 'delete'; $user->delete_after = $ts; $user->save(); } $profile->status = 'delete'; $profile->delete_after = $ts; $profile->save(); ModLogService::boot() ->objectUid($profile->id) ->objectId($profile->id) ->objectType('App\Profile::class') ->user(request()->user()) ->action('admin.user.delete') ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); if ($profile->user_id) { DB::table('oauth_access_tokens')->whereUserId($user->id)->delete(); DB::table('oauth_auth_codes')->whereUserId($user->id)->delete(); $user->email = $user->id; $user->password = ''; $user->status = 'delete'; $user->save(); $profile->status = 'delete'; $profile->delete_after = now()->addMonth(); $profile->save(); AccountService::del($profile->id); DeleteAccountPipeline::dispatch($user)->onQueue('high'); } else { $profile->status = 'delete'; $profile->delete_after = now()->addMonth(); $profile->save(); AccountService::del($profile->id); DeleteRemoteProfilePipeline::dispatch($profile)->onQueue('high'); } return [200]; break; } } protected function reportsHandleStatusAction($report, $action) { switch ($action) { case 'ignore': Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'nsfw': $status = Status::find($report->object_id); if (! $status) { return [200]; } abort_if($status->profile->user && $status->profile->user->is_admin, 400, 'Cannot moderate an admin account post.'); $status->is_nsfw = true; $status->save(); StatusService::del($status->id); ModLogService::boot() ->objectUid($status->profile_id) ->objectId($status->profile_id) ->objectType('App\Status::class') ->user(request()->user()) ->action('admin.status.moderate') ->metadata([ 'action' => 'cw', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'nsfw' => true, 'admin_seen' => now(), ]); return [200]; break; case 'private': $status = Status::find($report->object_id); if (! $status) { return [200]; } abort_if($status->profile->user && $status->profile->user->is_admin, 400, 'Cannot moderate an admin account post.'); $status->scope = 'private'; $status->visibility = 'private'; $status->save(); StatusService::del($status->id); PublicTimelineService::rem($status->id); ModLogService::boot() ->objectUid($status->profile_id) ->objectId($status->profile_id) ->objectType('App\Status::class') ->user(request()->user()) ->action('admin.status.moderate') ->metadata([ 'action' => 'private', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'unlist': $status = Status::find($report->object_id); if (! $status) { return [200]; } abort_if($status->profile->user && $status->profile->user->is_admin, 400, 'Cannot moderate an admin account post.'); if ($status->scope === 'public') { $status->scope = 'unlisted'; $status->visibility = 'unlisted'; $status->save(); StatusService::del($status->id); PublicTimelineService::rem($status->id); } ModLogService::boot() ->objectUid($status->profile_id) ->objectId($status->profile_id) ->objectType('App\Status::class') ->user(request()->user()) ->action('admin.status.moderate') ->metadata([ 'action' => 'unlist', 'message' => 'Success!', ]) ->accessLevel('admin') ->save(); Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; case 'delete': $status = Status::find($report->object_id); if (! $status) { return [200]; } $profile = $status->profile; abort_if($profile->user && $profile->user->is_admin, 400, 'Cannot delete an admin account post.'); StatusService::del($status->id); if ($profile->user_id != null && $profile->domain == null) { PublicTimelineService::del($status->id); StatusDelete::dispatch($status)->onQueue('high'); } else { NetworkTimelineService::del($status->id); RemoteStatusDelete::dispatch($status)->onQueue('high'); } Report::whereObjectId($report->object_id) ->whereObjectType($report->object_type) ->update([ 'admin_seen' => now(), ]); return [200]; break; } } public function reportsApiSpamAll(Request $request) { $tab = $request->input('tab', 'home'); $appeals = AdminSpamReport::collection( AccountInterstitial::orderBy('id', 'desc') ->whereType('post.autospam') ->whereNull('appeal_handled_at') ->cursorPaginate(6) ->withQueryString() ); return $appeals; } public function reportsApiSpamHandle(Request $request) { $this->validate($request, [ 'id' => 'required', 'action' => 'required|in:mark-read,mark-not-spam,mark-all-read,mark-all-not-spam,delete-profile', ]); $action = $request->input('action'); abort_if( $action === 'delete-profile' && ! config('pixelfed.account_deletion'), 404, "Cannot delete profile, account_deletion is disabled.\n\n Set `ACCOUNT_DELETION=true` in .env and re-cache config." ); $report = AccountInterstitial::with('user') ->whereType('post.autospam') ->whereNull('appeal_handled_at') ->findOrFail($request->input('id')); $this->reportsHandleSpamAction($report, $action); Cache::forget('admin-dash:reports:spam-count'); Cache::forget('pf:bouncer_v0:exemption_by_pid:'.$report->user->profile_id); Cache::forget('pf:bouncer_v0:recent_by_pid:'.$report->user->profile_id); return [$action, $report]; } public function reportsHandleSpamAction($appeal, $action) { $meta = json_decode($appeal->meta); if ($action == 'mark-read') { $appeal->is_spam = true; $appeal->appeal_handled_at = now(); $appeal->save(); PublicTimelineService::del($appeal->item_id); } if ($action == 'mark-not-spam') { $status = $appeal->status; $status->is_nsfw = $meta->is_nsfw; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); $appeal->is_spam = false; $appeal->appeal_handled_at = now(); $appeal->save(); Notification::whereAction('autospam.warning') ->whereProfileId($appeal->user->profile_id) ->get() ->each(function ($n) use ($appeal) { NotificationService::del($appeal->user->profile_id, $n->id); $n->forceDelete(); }); StatusService::del($status->id); StatusService::get($status->id); if ($status->in_reply_to_id == null && $status->reblog_of_id == null) { PublicTimelineService::add($status->id); } } if ($action == 'mark-all-read') { AccountInterstitial::whereType('post.autospam') ->whereItemType('App\Status') ->whereNull('appeal_handled_at') ->whereUserId($appeal->user_id) ->update([ 'appeal_handled_at' => now(), 'is_spam' => true, ]); } if ($action == 'mark-all-not-spam') { AccountInterstitial::whereType('post.autospam') ->whereItemType('App\Status') ->whereUserId($appeal->user_id) ->get() ->each(function ($report) use ($meta) { $report->is_spam = false; $report->appeal_handled_at = now(); $report->save(); $status = Status::find($report->item_id); if ($status) { $status->is_nsfw = $meta->is_nsfw; $status->scope = 'public'; $status->visibility = 'public'; $status->save(); StatusService::del($status->id); } Notification::whereAction('autospam.warning') ->whereProfileId($report->user->profile_id) ->get() ->each(function ($n) use ($report) { NotificationService::del($report->user->profile_id, $n->id); $n->forceDelete(); }); }); } if ($action == 'delete-profile') { $user = User::findOrFail($appeal->user_id); $profile = $user->profile; if ($user->is_admin == true) { $mid = request()->user()->id; abort_if($user->id < $mid, 403, 'You cannot delete an admin account.'); } $ts = now()->addMonth(); $user->status = 'delete'; $profile->status = 'delete'; $user->delete_after = $ts; $profile->delete_after = $ts; $user->save(); $profile->save(); $appeal->appeal_handled_at = now(); $appeal->save(); ModLogService::boot() ->objectUid($user->id) ->objectId($user->id) ->objectType('App\User::class') ->user(request()->user()) ->action('admin.user.delete') ->accessLevel('admin') ->save(); Cache::forget('profiles:private'); DeleteAccountPipeline::dispatch($user); } } public function reportsApiSpamGet(Request $request, $id) { $report = AccountInterstitial::findOrFail($id); return new AdminSpamReport($report); } public function reportsApiRemoteHandle(Request $request) { $this->validate($request, [ 'id' => 'required|exists:remote_reports,id', 'action' => 'required|in:mark-read,cw-posts,unlist-posts,delete-posts,private-posts,mark-all-read-by-domain,mark-all-read-by-username,cw-all-posts,private-all-posts,unlist-all-posts', ]); $report = RemoteReport::findOrFail($request->input('id')); $user = User::whereProfileId($report->account_id)->first(); $ogPublicStatuses = []; $ogUnlistedStatuses = []; $ogNonCwStatuses = []; switch ($request->input('action')) { case 'mark-read': $report->action_taken_at = now(); $report->save(); break; case 'mark-all-read-by-domain': RemoteReport::whereInstanceId($report->instance_id)->update(['action_taken_at' => now()]); break; case 'cw-posts': $statuses = Status::find($report->status_ids); foreach ($statuses as $status) { if ($report->account_id != $status->profile_id) { continue; } if (! $status->is_nsfw) { $ogNonCwStatuses[] = $status->id; } $status->is_nsfw = true; $status->saveQuietly(); StatusService::del($status->id); } $report->action_taken_at = now(); $report->save(); break; case 'cw-all-posts': foreach (Status::whereProfileId($report->account_id)->lazyById(50, 'id') as $status) { if ($status->is_nsfw || $status->reblog_of_id) { continue; } if (! $status->is_nsfw) { $ogNonCwStatuses[] = $status->id; } $status->is_nsfw = true; $status->saveQuietly(); StatusService::del($status->id); } break; case 'unlist-posts': $statuses = Status::find($report->status_ids); foreach ($statuses as $status) { if ($report->account_id != $status->profile_id) { continue; } if ($status->scope === 'public') { $ogPublicStatuses[] = $status->id; $status->scope = 'unlisted'; $status->visibility = 'unlisted'; $status->saveQuietly(); StatusService::del($status->id); } } $report->action_taken_at = now(); $report->save(); break; case 'unlist-all-posts': foreach (Status::whereProfileId($report->account_id)->lazyById(50, 'id') as $status) { if ($status->visibility !== 'public' || $status->reblog_of_id) { continue; } $ogPublicStatuses[] = $status->id; $status->visibility = 'unlisted'; $status->scope = 'unlisted'; $status->saveQuietly(); StatusService::del($status->id); } break; case 'private-posts': $statuses = Status::find($report->status_ids); foreach ($statuses as $status) { if ($report->account_id != $status->profile_id) { continue; } if (in_array($status->scope, ['public', 'unlisted', 'private'])) { if ($status->scope === 'public') { $ogPublicStatuses[] = $status->id; } $status->scope = 'private'; $status->visibility = 'private'; $status->saveQuietly(); StatusService::del($status->id); } } $report->action_taken_at = now(); $report->save(); break; case 'private-all-posts': foreach (Status::whereProfileId($report->account_id)->lazyById(50, 'id') as $status) { if (! in_array($status->visibility, ['public', 'unlisted']) || $status->reblog_of_id) { continue; } if ($status->visibility === 'public') { $ogPublicStatuses[] = $status->id; } elseif ($status->visibility === 'unlisted') { $ogUnlistedStatuses[] = $status->id; } $status->visibility = 'private'; $status->scope = 'private'; $status->saveQuietly(); StatusService::del($status->id); } break; case 'delete-posts': $statuses = Status::find($report->status_ids); foreach ($statuses as $status) { if ($report->account_id != $status->profile_id) { continue; } StatusDelete::dispatch($status); } $report->action_taken_at = now(); $report->save(); break; case 'mark-all-read-by-username': RemoteReport::whereNull('action_taken_at')->whereAccountId($report->account_id)->update(['action_taken_at' => now()]); break; default: abort(404); break; } if ($ogPublicStatuses && count($ogPublicStatuses)) { Storage::disk('local')->put('mod-log-cache/'.$report->account_id.'/'.now()->format('Y-m-d').'-og-public-statuses.json', json_encode($ogPublicStatuses, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)); } if ($ogNonCwStatuses && count($ogNonCwStatuses)) { Storage::disk('local')->put('mod-log-cache/'.$report->account_id.'/'.now()->format('Y-m-d').'-og-noncw-statuses.json', json_encode($ogNonCwStatuses, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)); } if ($ogUnlistedStatuses && count($ogUnlistedStatuses)) { Storage::disk('local')->put('mod-log-cache/'.$report->account_id.'/'.now()->format('Y-m-d').'-og-unlisted-statuses.json', json_encode($ogUnlistedStatuses, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)); } ModLogService::boot() ->user(request()->user()) ->objectUid($user ? $user->id : null) ->objectId($report->id) ->objectType('App\Report::class') ->action('admin.report.moderate') ->metadata([ 'action' => $request->input('action'), 'duration_active' => now()->parse($report->created_at)->diffForHumans(), ]) ->accessLevel('admin') ->save(); if ($report->status_ids) { foreach ($report->status_ids as $sid) { RemoteReport::whereNull('action_taken_at') ->whereJsonContains('status_ids', [$sid]) ->update(['action_taken_at' => now()]); } } return [200]; } public function getModeratedProfiles(Request $request) { $this->validate($request, [ 'search' => 'sometimes|string|min:3|max:120', ]); if ($request->filled('search')) { $query = '%'.$request->input('search').'%'; $profiles = DB::table('moderated_profiles') ->join('profiles', 'moderated_profiles.profile_id', '=', 'profiles.id') ->where('profiles.username', 'LIKE', $query) ->select('moderated_profiles.*', 'profiles.username') ->orderByDesc('moderated_profiles.id') ->cursorPaginate(10); return AdminModeratedProfileResource::collection($profiles); } $profiles = ModeratedProfile::orderByDesc('id')->cursorPaginate(10); return AdminModeratedProfileResource::collection($profiles); } public function getModeratedProfile(Request $request) { $this->validate($request, [ 'id' => 'required', ]); $profile = ModeratedProfile::findOrFail($request->input('id')); return new AdminModeratedProfileResource($profile); } public function exportModeratedProfiles(Request $request) { return response()->streamDownload(function () { $profiles = ModeratedProfile::get(); $res = AdminModeratedProfileResource::collection($profiles); echo json_encode([ '_pixelfed_export' => true, 'meta' => [ 'ns' => 'https://pixelfed.org', 'origin' => config('pixelfed.domain.app'), 'date' => now()->format('c'), 'type' => 'moderated-profiles', 'version' => "1.0" ], 'data' => $res ], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES); }, 'data-export.json'); } public function deleteModeratedProfile(Request $request) { $this->validate($request, [ 'id' => 'required', ]); $profile = ModeratedProfile::findOrFail($request->input('id')); ModLogService::boot() ->objectUid($profile->profile_id) ->objectId($profile->id) ->objectType('App\Models\ModeratedProfile::class') ->user(request()->user()) ->action('admin.moderated-profiles.delete') ->metadata([ 'profile_url' => $profile->profile_url, 'profile_id' => $profile->profile_id, 'domain' => $profile->domain, 'note' => $profile->note, 'is_banned' => $profile->is_banned, 'is_nsfw' => $profile->is_nsfw, 'is_unlisted' => $profile->is_unlisted, 'is_noautolink' => $profile->is_noautolink, 'is_nodms' => $profile->is_nodms, 'is_notrending' => $profile->is_notrending, ]) ->accessLevel('admin') ->save(); $profile->delete(); return ['status' => 200, 'message' => 'Successfully deleted moderated profile!']; } public function updateModeratedProfile(Request $request) { $this->validate($request, [ 'id' => 'required|exists:moderated_profiles', 'note' => 'sometimes|nullable|string|max:500', 'is_banned' => 'required|boolean', 'is_noautolink' => 'required|boolean', 'is_nodms' => 'required|boolean', 'is_notrending' => 'required|boolean', 'is_nsfw' => 'required|boolean', 'is_unlisted' => 'required|boolean', ]); $fields = [ 'note', 'is_banned', 'is_noautolink', 'is_nodms', 'is_notrending', 'is_nsfw', 'is_unlisted', ]; $profile = ModeratedProfile::findOrFail($request->input('id')); $profile->update($request->only($fields)); ModLogService::boot() ->objectUid($profile->profile_id) ->objectId($profile->id) ->objectType('App\Models\ModeratedProfile::class') ->user(request()->user()) ->action('admin.moderated-profiles.update') ->metadata($request->only($fields)) ->accessLevel('admin') ->save(); return [200]; } public function createModeratedProfile(Request $request) { $this->validate($request, [ 'url' => 'required|url|starts_with:https://', ]); $url = $request->input('url'); $host = parse_url($url, PHP_URL_HOST); abort_if($host === config('pixelfed.domain.app'), 400, 'You cannot add local users!'); $exists = ModeratedProfile::whereProfileUrl($url)->exists(); abort_if($exists, 400, 'Moderated profile already exists!'); $profile = Profile::whereRemoteUrl($url)->first(); if ($profile) { $rec = ModeratedProfile::updateOrCreate([ 'profile_id' => $profile->id, ], [ 'profile_url' => $profile->remote_url, 'domain' => $profile->domain, ]); ModLogService::boot() ->objectUid($rec->profile_id) ->objectId($rec->id) ->objectType('App\Models\ModeratedProfile::class') ->user(request()->user()) ->action('admin.moderated-profiles.create') ->metadata([ 'profile_existed' => true, ]) ->accessLevel('admin') ->save(); return $rec; } $remoteSearch = Helpers::profileFetch($url); if ($remoteSearch) { $rec = ModeratedProfile::updateOrCreate([ 'profile_id' => $remoteSearch->id, ], [ 'profile_url' => $remoteSearch->remote_url, 'domain' => $remoteSearch->domain, ]); ModLogService::boot() ->objectUid($rec->profile_id) ->objectId($rec->id) ->objectType('App\Models\ModeratedProfile::class') ->user(request()->user()) ->action('admin.moderated-profiles.create') ->metadata([ 'profile_existed' => false, ]) ->accessLevel('admin') ->save(); return $rec; } abort(400, 'Invalid account'); } }