Update all packages, fix critical bugs

server/api/api/v1/accounts/[id]/index.ts

@@ -29,6 +29,10 @@ export default async (
 	matchedRoute: MatchedRoute
 ): Promise<Response> => {
 	const id = matchedRoute.params.id;
+	// Check if ID is valid UUID
+	if (!id.match(/^[0-9a-fA-F]{24}$/)) {
+		return errorResponse("Invalid ID", 404);
+	}
 
 	const { user } = await getFromRequest(req);
 

server/api/api/v1/accounts/update_credentials/index.ts

@@ -2,9 +2,9 @@ import { getConfig } from "~classes/configmanager";
 import { parseRequest } from "@request";
 import { errorResponse, jsonResponse } from "@response";
 import {
-	getFromRequest,
 	userRelations,
 	userToAPI,
+	type AuthData,
 } from "~database/entities/User";
 import { applyConfig } from "@api";
 import { sanitize } from "isomorphic-dompurify";
@@ -15,6 +15,7 @@ import { parseEmojis } from "~database/entities/Emoji";
 import { client } from "~database/datasource";
 import type { APISource } from "~types/entities/source";
 import { convertTextToHtml } from "@formatting";
+import type { MatchedRoute } from "bun";
 
 export const meta = applyConfig({
 	allowedMethods: ["PATCH"],
@@ -31,8 +32,12 @@ export const meta = applyConfig({
 /**
  * Patches a user
  */
-export default async (req: Request): Promise<Response> => {
-	const { user } = await getFromRequest(req);
+export default async (
+	req: Request,
+	matchedRoute: MatchedRoute,
+	auth: AuthData
+): Promise<Response> => {
+	const { user } = auth;
 
 	if (!user) return errorResponse("Unauthorized", 401);
 
@@ -64,7 +69,7 @@ export default async (req: Request): Promise<Response> => {
 
 	const sanitizedNote = await sanitizeHtml(note ?? "");
 
-	const sanitizedDisplayName = sanitize(display_name, {
+	const sanitizedDisplayName = sanitize(display_name ?? "", {
 		ALLOWED_TAGS: [],
 		ALLOWED_ATTR: [],
 	});

server/api/api/v1/statuses/[id]/reblog.ts

@@ -87,16 +87,11 @@ export default async (
 	});
 
 	// Create notification for reblog if reblogged user is on the same instance
-	if (
-		// @ts-expect-error Prisma relations not showing in types
-		(status.reblog?.author as UserWithRelations).instanceId ===
-		user.instanceId
-	) {
+	if ((status.author as UserWithRelations).instanceId === user.instanceId) {
 		await client.notification.create({
 			data: {
 				accountId: user.id,
-				// @ts-expect-error Prisma relations not showing in types
-				notifiedId: status.reblog.authorId,
+				notifiedId: status.authorId,
 				type: "reblog",
 				statusId: status.reblogId,
 			},

server/api/api/v1/statuses/index.ts

@@ -153,11 +153,11 @@ export default async (
 	let sanitizedStatus: string;
 
 	if (content_type === "text/markdown") {
-		sanitizedStatus = await sanitizeHtml(parse(status ?? ""));
+		sanitizedStatus = await sanitizeHtml(parse(status ?? "") as any);
 	} else if (content_type === "text/x.misskeymarkdown") {
 		// Parse as MFM
 		// TODO: Parse as MFM
-		sanitizedStatus = await sanitizeHtml(parse(status ?? ""));
+		sanitizedStatus = await sanitizeHtml(parse(status ?? "") as any);
 	} else {
 		sanitizedStatus = await sanitizeHtml(status ?? "");
 	}