diff --git a/api/api/v1/statuses/:id/favourite.ts b/api/api/v1/statuses/:id/favourite.ts index 06fb02a9..7809b3b9 100644 --- a/api/api/v1/statuses/:id/favourite.ts +++ b/api/api/v1/statuses/:id/favourite.ts @@ -73,7 +73,7 @@ export default apiRoute((app) => const note = await Note.fromId(id, user?.id); - if (!note?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } diff --git a/api/api/v1/statuses/:id/favourited_by.ts b/api/api/v1/statuses/:id/favourited_by.ts index ff300473..7d5b239d 100644 --- a/api/api/v1/statuses/:id/favourited_by.ts +++ b/api/api/v1/statuses/:id/favourited_by.ts @@ -80,9 +80,9 @@ export default apiRoute((app) => return context.json({ error: "Unauthorized" }, 401); } - const status = await Note.fromId(id, user?.id); + const note = await Note.fromId(id, user?.id); - if (!status?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } @@ -91,7 +91,7 @@ export default apiRoute((app) => max_id ? lt(Users.id, max_id) : undefined, since_id ? gte(Users.id, since_id) : undefined, min_id ? gt(Users.id, min_id) : undefined, - sql`EXISTS (SELECT 1 FROM "Likes" WHERE "Likes"."likedId" = ${status.id} AND "Likes"."likerId" = ${Users.id})`, + sql`EXISTS (SELECT 1 FROM "Likes" WHERE "Likes"."likedId" = ${note.id} AND "Likes"."likerId" = ${Users.id})`, ), limit, context.req.url, diff --git a/api/api/v1/statuses/:id/index.ts b/api/api/v1/statuses/:id/index.ts index b6f2b73f..d5b1dd2a 100644 --- a/api/api/v1/statuses/:id/index.ts +++ b/api/api/v1/statuses/:id/index.ts @@ -215,7 +215,7 @@ export default apiRoute((app) => { const note = await Note.fromId(id, user?.id); - if (!note?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } @@ -228,7 +228,7 @@ export default apiRoute((app) => { const note = await Note.fromId(id, user?.id); - if (!note?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } @@ -254,7 +254,7 @@ export default apiRoute((app) => { const note = await Note.fromId(id, user?.id); - if (!note?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } diff --git a/api/api/v1/statuses/:id/reblog.ts b/api/api/v1/statuses/:id/reblog.ts index 1643c26d..8a09feea 100644 --- a/api/api/v1/statuses/:id/reblog.ts +++ b/api/api/v1/statuses/:id/reblog.ts @@ -104,17 +104,14 @@ export default apiRoute((app) => return context.json({ error: "Unauthorized" }, 401); } - const foundStatus = await Note.fromId(id, user.id); + const note = await Note.fromId(id, user.id); - if (!foundStatus?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } const existingReblog = await Note.fromSql( - and( - eq(Notes.authorId, user.id), - eq(Notes.reblogId, foundStatus.data.id), - ), + and(eq(Notes.authorId, user.id), eq(Notes.reblogId, note.data.id)), ); if (existingReblog) { @@ -123,7 +120,7 @@ export default apiRoute((app) => const newReblog = await Note.insert({ authorId: user.id, - reblogId: foundStatus.data.id, + reblogId: note.data.id, visibility, sensitive: false, updatedAt: new Date().toISOString(), @@ -140,10 +137,10 @@ export default apiRoute((app) => return context.json({ error: "Failed to reblog" }, 500); } - if (foundStatus.author.isLocal() && user.isLocal()) { + if (note.author.isLocal() && user.isLocal()) { await Notification.insert({ accountId: user.id, - notifiedId: foundStatus.author.id, + notifiedId: note.author.id, type: "reblog", noteId: newReblog.data.reblogId, }); diff --git a/api/api/v1/statuses/:id/reblogged_by.ts b/api/api/v1/statuses/:id/reblogged_by.ts index e6fc9d87..b571f64e 100644 --- a/api/api/v1/statuses/:id/reblogged_by.ts +++ b/api/api/v1/statuses/:id/reblogged_by.ts @@ -79,9 +79,9 @@ export default apiRoute((app) => return context.json({ error: "Unauthorized" }, 401); } - const status = await Note.fromId(id, user.id); + const note = await Note.fromId(id, user.id); - if (!status?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } @@ -90,7 +90,7 @@ export default apiRoute((app) => max_id ? lt(Users.id, max_id) : undefined, since_id ? gte(Users.id, since_id) : undefined, min_id ? gt(Users.id, min_id) : undefined, - sql`EXISTS (SELECT 1 FROM "Notes" WHERE "Notes"."reblogId" = ${status.id} AND "Notes"."authorId" = ${Users.id})`, + sql`EXISTS (SELECT 1 FROM "Notes" WHERE "Notes"."reblogId" = ${note.id} AND "Notes"."authorId" = ${Users.id})`, ), limit, context.req.url, diff --git a/api/api/v1/statuses/:id/source.ts b/api/api/v1/statuses/:id/source.ts index 709a1d67..9fa37d2d 100644 --- a/api/api/v1/statuses/:id/source.ts +++ b/api/api/v1/statuses/:id/source.ts @@ -75,18 +75,18 @@ export default apiRoute((app) => return context.json({ error: "Unauthorized" }, 401); } - const status = await Note.fromId(id, user.id); + const note = await Note.fromId(id, user.id); - if (!status?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } return context.json( { - id: status.id, + id: note.id, // TODO: Give real source for spoilerText - spoiler_text: status.data.spoilerText, - text: status.data.contentSource, + spoiler_text: note.data.spoilerText, + text: note.data.contentSource, } satisfies ApiStatusSource, 200, ); diff --git a/api/api/v1/statuses/:id/unfavourite.ts b/api/api/v1/statuses/:id/unfavourite.ts index fe06058a..52bcd6d6 100644 --- a/api/api/v1/statuses/:id/unfavourite.ts +++ b/api/api/v1/statuses/:id/unfavourite.ts @@ -72,7 +72,7 @@ export default apiRoute((app) => const note = await Note.fromId(id, user.id); - if (!note?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } diff --git a/api/api/v1/statuses/:id/unreblog.ts b/api/api/v1/statuses/:id/unreblog.ts index 4a359b71..f51709cb 100644 --- a/api/api/v1/statuses/:id/unreblog.ts +++ b/api/api/v1/statuses/:id/unreblog.ts @@ -79,18 +79,15 @@ export default apiRoute((app) => return context.json({ error: "Unauthorized" }, 401); } - const foundStatus = await Note.fromId(id, user.id); + const note = await Note.fromId(id, user.id); // Check if user is authorized to view this status (if it's private) - if (!foundStatus?.isViewableByUser(user)) { + if (!(note && (await note?.isViewableByUser(user)))) { return context.json({ error: "Record not found" }, 404); } const existingReblog = await Note.fromSql( - and( - eq(Notes.authorId, user.id), - eq(Notes.reblogId, foundStatus.data.id), - ), + and(eq(Notes.authorId, user.id), eq(Notes.reblogId, note.data.id)), undefined, user?.id, ); diff --git a/api/objects/:id/index.ts b/api/objects/:id/index.ts index e454069c..e1e196d1 100644 --- a/api/objects/:id/index.ts +++ b/api/objects/:id/index.ts @@ -81,7 +81,7 @@ export default apiRoute((app) => foundAuthor = foundObject ? foundObject.author : null; if (foundObject) { - if (!foundObject.isViewableByUser(null)) { + if (!(await foundObject.isViewableByUser(null))) { return context.json({ error: "Object not found" }, 404); } } else { diff --git a/classes/database/note.ts b/classes/database/note.ts index 0cc6e3cd..b8162cf6 100644 --- a/classes/database/note.ts +++ b/classes/database/note.ts @@ -1099,8 +1099,13 @@ export class Note extends BaseInterface { } // Filter for posts that are viewable by the user - const viewableAncestors = ancestors.filter((ancestor) => - ancestor.isViewableByUser(fetcher), + const viewableAncestors = await Promise.all( + ancestors.map(async (ancestor) => { + const isViewable = await ancestor.isViewableByUser(fetcher); + return isViewable ? ancestor : null; + }), + ).then((filteredAncestors) => + filteredAncestors.filter((n) => n !== null), ); // Reverse the order so that the oldest posts are first @@ -1133,8 +1138,13 @@ export class Note extends BaseInterface { // Filter for posts that are viewable by the user - const viewableDescendants = descendants.filter((descendant) => - descendant.isViewableByUser(fetcher), + const viewableDescendants = await Promise.all( + descendants.map(async (descendant) => { + const isViewable = await descendant.isViewableByUser(fetcher); + return isViewable ? descendant : null; + }), + ).then((filteredDescendants) => + filteredDescendants.filter((n) => n !== null), ); return viewableDescendants;