diff --git a/packages/database-interface/note.ts b/packages/database-interface/note.ts index 247e53d5..02642eff 100644 --- a/packages/database-interface/note.ts +++ b/packages/database-interface/note.ts @@ -864,14 +864,14 @@ export class Note extends BaseInterface { } getUri(): string { - return localObjectUri(this.data.id); + return this.data.uri || localObjectUri(this.id); } - static getUri(id?: string | null): string | null { + static getUri(id: string | null, uri?: string | null): string | null { if (!id) { return null; } - return localObjectUri(id); + return uri || localObjectUri(id); } /** @@ -912,8 +912,10 @@ export class Note extends BaseInterface { mentions: status.mentions.map((mention) => User.getUri(mention.id, mention.uri, config.http.base_url), ), - quotes: Note.getUri(status.quotingId) ?? undefined, - replies_to: Note.getUri(status.replyId) ?? undefined, + quotes: + Note.getUri(status.quotingId, status.quote?.uri) ?? undefined, + replies_to: + Note.getUri(status.replyId, status.quote?.uri) ?? undefined, subject: status.spoilerText, visibility: status.visibility as | "public" diff --git a/server/api/objects/:id/index.ts b/server/api/objects/:id/index.ts index 38b167d1..8095f54c 100644 --- a/server/api/objects/:id/index.ts +++ b/server/api/objects/:id/index.ts @@ -59,7 +59,11 @@ export default (app: Hono) => apiObject = foundObject ? foundObject.toLysand() : null; foundAuthor = foundObject ? foundObject.author : null; - if (!foundObject) { + if (foundObject) { + if (!foundObject.isViewableByUser(null)) { + return errorResponse("Object not found", 404); + } + } else { foundObject = (await db.query.Likes.findFirst({ where: (like, { eq, and }) => @@ -78,6 +82,13 @@ export default (app: Hono) => return errorResponse("Object not found", 404); } + if (foundAuthor?.isRemote()) { + return errorResponse( + "Cannot view objects from remote instances", + 403, + ); + } + if (debug) { return response(JSON.stringify(apiObject, null, 4), 200, { "Content-Type": "application/json",