Refactors, bugfixing

utils/api.ts

@@ -9,7 +9,6 @@ export const applyConfig = (routeMeta: APIRouteMeta) => {
     newMeta.ratelimits.duration *= config.ratelimits.duration_coeff;
     newMeta.ratelimits.max *= config.ratelimits.max_coeff;
 
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
     if (config.custom_ratelimits[routeMeta.route]) {
         newMeta.ratelimits = config.custom_ratelimits[routeMeta.route];
     }

utils/constants.ts

@@ -1,4 +1,4 @@
 import { config } from "config-manager";
 
 export const oauthRedirectUri = (issuer: string) =>
-    `${config.http.base_url}/oauth/callback/${issuer}`;
+    new URL(`/oauth/callback/${issuer}`, config.http.base_url).toString();

utils/response.ts

@@ -1,12 +1,12 @@
 import type { APActivity, APObject } from "activitypub-types";
 import type { NodeObject } from "jsonld";
 
-export const jsonResponse = (
-    data: object,
+export const response = (
+    data: BodyInit | null = null,
     status = 200,
     headers: Record<string, string> = {},
 ) => {
-    return new Response(JSON.stringify(data), {
+    return new Response(data, {
         headers: {
             "Content-Type": "application/json",
             "X-Frame-Options": "DENY",
@@ -27,12 +27,32 @@ export const jsonResponse = (
     });
 };
 
+export const clientResponse = (
+    data: BodyInit | null = null,
+    status = 200,
+    headers: Record<string, string> = {},
+) => {
+    return response(data, status, {
+        ...headers,
+        "Content-Security-Policy":
+            "default-src 'none'; frame-ancestors 'none'; form-action 'none'; connect-src 'self' blob: https: wss:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; object-src 'none'; media-src 'self'; frame-src 'none'; worker-src 'self'; manifest-src 'self'; prefetch-src 'self'; base-uri 'none';",
+    });
+};
+
+export const jsonResponse = (
+    data: object,
+    status = 200,
+    headers: Record<string, string> = {},
+) => {
+    return response(JSON.stringify(data), status, {
+        "Content-Type": "application/json",
+        ...headers,
+    });
+};
+
 export const xmlResponse = (data: string, status = 200) => {
-    return new Response(data, {
-        headers: {
-            "Content-Type": "application/xml",
-        },
-        status,
+    return response(data, status, {
+        "Content-Type": "application/xml",
     });
 };
 
@@ -40,11 +60,8 @@ export const jsonLdResponse = (
     data: NodeObject | APActivity | APObject,
     status = 200,
 ) => {
-    return new Response(JSON.stringify(data), {
-        headers: {
-            "Content-Type": "application/activity+json",
-        },
-        status,
+    return response(JSON.stringify(data), status, {
+        "Content-Type": "application/activity+json",
     });
 };
 
@@ -56,3 +73,9 @@ export const errorResponse = (error: string, status = 500) => {
         status,
     );
 };
+
+export const redirect = (url: string | URL, status = 302) => {
+    return response(null, status, {
+        Location: url.toString(),
+    });
+};

utils/timelines.ts

@@ -1,8 +1,14 @@
-import type { Status, User, Prisma } from "@prisma/client";
+import type { Status, User, Prisma, Notification } from "@prisma/client";
 
-export async function fetchTimeline<T extends User | Status>(
-    model: Prisma.StatusDelegate | Prisma.UserDelegate,
-    args: Prisma.StatusFindManyArgs | Prisma.UserFindManyArgs,
+export async function fetchTimeline<T extends User | Status | Notification>(
+    model:
+        | Prisma.StatusDelegate
+        | Prisma.UserDelegate
+        | Prisma.NotificationDelegate,
+    args:
+        | Prisma.StatusFindManyArgs
+        | Prisma.UserFindManyArgs
+        | Prisma.NotificationFindManyArgs,
     req: Request,
 ) {
     // BEFORE: Before in a top-to-bottom order, so the most recent posts