server/api/likes/:uuid/index.ts

import { apiRoute } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { Status as StatusSchema } from "@versia/client/schemas";
import { LikeExtension as LikeSchema } from "@versia/federation/schemas";
import { Like, User } from "@versia/kit/db";
import { Likes } from "@versia/kit/tables";
import { and, eq, sql } from "drizzle-orm";
import { ApiError } from "~/classes/errors/api-error";
import { config } from "~/config.ts";

const route = createRoute({
    method: "get",
    path: "/likes/{id}",
    summary: "Retrieve the Versia representation of a like.",
    request: {
        params: z.object({
            id: StatusSchema.shape.id,
        }),
    },
    tags: ["Federation"],
    responses: {
        200: {
            description: "Like",
            content: {
                "application/json": {
                    schema: LikeSchema,
                },
            },
        },
        404: {
            description:
                "Entity not found, is remote, or the requester is not allowed to view it.",
            content: {
                "application/json": {
                    schema: ApiError.zodSchema,
                },
            },
        },
    },
});

export default apiRoute((app) =>
    app.openapi(route, async (context) => {
        const { id } = context.req.valid("param");

        // Don't fetch a like of a note that is not public or unlisted
        // prevents leaking the existence of a private note
        const like = await Like.fromSql(
            and(
                eq(Likes.id, id),
                sql`EXISTS (SELECT 1 FROM "Notes" WHERE "Notes"."id" = ${Likes.likedId} AND "Notes"."visibility" IN ('public', 'unlisted'))`,
            ),
        );

        if (!like) {
            throw ApiError.likeNotFound();
        }

        const liker = await User.fromId(like.data.likerId);

        if (!liker || liker.isRemote()) {
            throw ApiError.accountNotFound();
        }

        // If base_url uses https and request uses http, rewrite request to use https
        // This fixes reverse proxy errors
        const reqUrl = new URL(context.req.url);
        if (
            config.http.base_url.protocol === "https:" &&
            reqUrl.protocol === "http:"
        ) {
            reqUrl.protocol = "https:";
        }

        const { headers } = await liker.sign(like.toVersia(), reqUrl, "GET");

        return context.json(like.toVersia(), 200, headers.toJSON());
    }),
);