Update ApiV1Controller, normalize profile id comparison

This commit is contained in:
Daniel Supernault 2022-09-15 20:49:37 -06:00
parent 796ad37419
commit 374bfdae15
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7

View file

@ -458,7 +458,7 @@ class ApiV1Controller extends Controller
abort_if(!$account, 404);
$pid = $request->user()->profile_id;
if($pid != $account['id']) {
if(intval($pid) !== intval($account['id'])) {
if($account['locked']) {
if(!FollowerService::follows($pid, $account['id'])) {
return [];
@ -505,7 +505,7 @@ class ApiV1Controller extends Controller
abort_if(!$account, 404);
$pid = $request->user()->profile_id;
if($pid != $account['id']) {
if(intval($pid) !== intval($account['id'])) {
if($account['locked']) {
if(!FollowerService::follows($pid, $account['id'])) {
return [];
@ -564,7 +564,7 @@ class ApiV1Controller extends Controller
$profile = $napi ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
if(!$profile || !isset($profile['id']) || !$user) {
return response('', 404);
return $this->json(['error' => 'Account not found'], 404);
}
$limit = $request->limit ?? 20;
@ -587,7 +587,7 @@ class ApiV1Controller extends Controller
}
}
if($pid == $profile['id']) {
if(intval($pid) === intval($profile['id'])) {
$visibility = ['public', 'unlisted', 'private'];
} else if($profile['locked']) {
$following = FollowerService::follows($pid, $profile['id']);
@ -817,7 +817,7 @@ class ApiV1Controller extends Controller
$pid = $request->user()->profile_id ?? $request->user()->profile->id;
$res = collect($request->input('id'))
->filter(function($id) use($pid) {
return $id != $pid;
return intval($id) !== intval($pid);
})
->map(function($id) use($pid) {
return RelationshipService::get($pid, $id);
@ -848,15 +848,21 @@ class ApiV1Controller extends Controller
$resolve = (bool) $request->input('resolve', false);
$q = '%' . $query . '%';
$profiles = Profile::whereNull('status')
->where('username', 'like', $q)
->orWhere('name', 'like', $q)
->limit($limit)
->get();
$profiles = Cache::remember('api:v1:accounts:search:' . sha1($query) . ':limit:' . $limit, 86400, function() use($q, $limit) {
return Profile::whereNull('status')
->where('username', 'like', $q)
->orWhere('name', 'like', $q)
->limit($limit)
->pluck('id')
->map(function($id) {
return AccountService::getMastodon($id);
})
->filter(function($account) {
return $account && isset($account['id']);
});
});
$resource = new Fractal\Resource\Collection($profiles, new AccountTransformer());
$res = $this->fractal->createData($resource)->toArray();
return $this->json($res);
return $this->json($profiles);
}
/**
@ -908,7 +914,7 @@ class ApiV1Controller extends Controller
$user = $request->user();
$pid = $user->profile_id ?? $user->profile->id;
if($id == $pid) {
if(intval($id) === intval($pid)) {
abort(400, 'You cannot block yourself');
}
@ -953,7 +959,7 @@ class ApiV1Controller extends Controller
$user = $request->user();
$pid = $user->profile_id ?? $user->profile->id;
if($id == $pid) {
if(intval($id) === intval($pid)) {
abort(400, 'You cannot unblock yourself');
}
@ -1088,7 +1094,7 @@ class ApiV1Controller extends Controller
$spid = $status['account']['id'];
if($spid !== $user->profile_id) {
if(intval($spid) !== intval($user->profile_id)) {
if($status['visibility'] == 'private') {
abort_if(!FollowerService::follows($user->profile_id, $spid), 403);
} else {
@ -1143,7 +1149,7 @@ class ApiV1Controller extends Controller
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if(intval($status->profile_id) !== intval($user->profile_id)) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
@ -1770,6 +1776,10 @@ class ApiV1Controller extends Controller
$user = $request->user();
$pid = $user->profile_id;
if(intval($pid) === intval($id)) {
return $this->json(['error' => 'You cannot mute yourself'], 500);
}
$account = Profile::findOrFail($id);
$filter = UserFilter::firstOrCreate([
@ -1803,6 +1813,10 @@ class ApiV1Controller extends Controller
$user = $request->user();
$pid = $user->profile_id;
if(intval($pid) === intval($id)) {
return $this->json(['error' => 'You cannot unmute yourself'], 500);
}
$account = Profile::findOrFail($id);
$filter = UserFilter::whereUserId($pid)
@ -2228,7 +2242,7 @@ class ApiV1Controller extends Controller
$scope = $res['visibility'];
if(!in_array($scope, ['public', 'unlisted'])) {
if($scope === 'private') {
if($res['account']['id'] != $user->profile_id) {
if(intval($res['account']['id']) !== intval($user->profile_id)) {
abort_unless(FollowerService::follows($user->profile_id, $res['account']['id']), 403);
}
} else {
@ -2261,7 +2275,7 @@ class ApiV1Controller extends Controller
return response('', 404);
}
if($status['account']['id'] != $user->profile_id) {
if(intval($status['account']['id']) !== intval($user->profile_id)) {
if($status['visibility'] == 'private') {
if(!FollowerService::follows($user->profile_id, $status['account']['id'])) {
return response('', 404);
@ -2341,7 +2355,7 @@ class ApiV1Controller extends Controller
$user = $request->user();
$status = Status::findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if(intval($status->profile_id) !== intval($user->profile_id)) {
if($status->scope == 'private') {
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
} else {
@ -2407,7 +2421,7 @@ class ApiV1Controller extends Controller
}
}
if($status->profile_id !== $user->profile_id) {
if(intval($status->profile_id) !== intval($user->profile_id)) {
if($status->scope == 'private') {
abort_if(!$status->profile->followedBy($user->profile), 403);
} else {
@ -2644,7 +2658,7 @@ class ApiV1Controller extends Controller
$user = $request->user();
$status = Status::whereScope('public')->findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if(intval($status->profile_id) !== intval($user->profile_id)) {
if($status->scope == 'private') {
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
} else {
@ -2692,7 +2706,7 @@ class ApiV1Controller extends Controller
$user = $request->user();
$status = Status::whereScope('public')->findOrFail($id);
if($status->profile_id !== $user->profile_id) {
if(intval($status->profile_id) !== intval($user->profile_id)) {
if($status->scope == 'private') {
abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
} else {