UNPKG

@atproto/ozone

Version:

Backend service for moderating the Bluesky network.

atproto.com

bluesky-social/atproto

96 lines (83 loc) 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import { ForbiddenError } from '@atproto/xrpc-server' import { AppContext } from '../../context' import { Server } from '../../lexicon' import { REASONAPPEAL, ReasonType, } from '../../lexicon/types/com/atproto/moderation/defs' import { ModerationService } from '../../mod-service' import { subjectFromInput } from '../../mod-service/subject' import { TagService } from '../../tag-service' import { getTagForReport } from '../../tag-service/util' import { getReasonType } from '../util' export default function (server: Server, ctx: AppContext) { server.com.atproto.moderation.createReport({ auth: ctx.authVerifier.standard, handler: async ({ input, auth }) => { const requester = 'iss' in auth.credentials ? auth.credentials.iss : ctx.cfg.service.did const { reasonType, reason, modTool } = input.body const subject = subjectFromInput(input.body.subject) // If the report is an appeal, the requester must be the author of the subject if (reasonType === REASONAPPEAL && requester !== subject.did) { throw new ForbiddenError('You cannot appeal this report') } const db = ctx.db await assertValidReporter(ctx.modService(db), reasonType, requester) const report = await db.transaction(async (dbTxn) => { const moderationTxn = ctx.modService(dbTxn) const { event: reportEvent, subjectStatus } = await moderationTxn.report({ reasonType: getReasonType(reasonType), reason, subject, reportedBy: requester || ctx.cfg.service.did, modTool, }) const tagService = new TagService( subject, subjectStatus, ctx.cfg.service.did, moderationTxn, ) await tagService.evaluateForSubject([getTagForReport(reasonType)]) return reportEvent }) const body = ctx.modService(db).views.formatReport(report) return { encoding: 'application/json', body, } }, }) } const assertValidReporter = async ( modService: ModerationService, reasonType: ReasonType, did: string, ) => { const reporterStatus = await modService.getCurrentStatus({ did }) // If we don't have a mod status for the reporter, no need to do further checks if (!reporterStatus.length) { return } // For appeals, we just need to make sure that the account does not have pending appeal if (reasonType === REASONAPPEAL) { if (reporterStatus[0]?.appealed) { throw new ForbiddenError( 'Awaiting decision on previous appeal', 'AlreadyAppealed', ) } return } // For non appeals, we need to make sure the reporter account is not already in takendown status // This is necessary because we allow takendown accounts call createReport but that's only meant for appeals // and we need to make sure takendown accounts don't abuse this endpoint if (reporterStatus[0]?.takendown) { throw new ForbiddenError( 'Report not accepted from takendown account', 'AccountTakedown', ) } }