Browse Source

Update ApiV1Controller, normalize profile id comparison

Daniel Supernault 2 years ago
parent
commit
374bfdae15
1 changed files with 37 additions and 23 deletions
  1. 37 23
      app/Http/Controllers/Api/ApiV1Controller.php

+ 37 - 23
app/Http/Controllers/Api/ApiV1Controller.php

@@ -458,7 +458,7 @@ class ApiV1Controller extends Controller
 		abort_if(!$account, 404);
 		abort_if(!$account, 404);
 		$pid = $request->user()->profile_id;
 		$pid = $request->user()->profile_id;
 
 
-		if($pid != $account['id']) {
+		if(intval($pid) !== intval($account['id'])) {
 			if($account['locked']) {
 			if($account['locked']) {
 				if(!FollowerService::follows($pid, $account['id'])) {
 				if(!FollowerService::follows($pid, $account['id'])) {
 					return [];
 					return [];
@@ -505,7 +505,7 @@ class ApiV1Controller extends Controller
 		abort_if(!$account, 404);
 		abort_if(!$account, 404);
 		$pid = $request->user()->profile_id;
 		$pid = $request->user()->profile_id;
 
 
-		if($pid != $account['id']) {
+		if(intval($pid) !== intval($account['id'])) {
 			if($account['locked']) {
 			if($account['locked']) {
 				if(!FollowerService::follows($pid, $account['id'])) {
 				if(!FollowerService::follows($pid, $account['id'])) {
 					return [];
 					return [];
@@ -564,7 +564,7 @@ class ApiV1Controller extends Controller
 		$profile = $napi ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
 		$profile = $napi ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
 
 
         if(!$profile || !isset($profile['id']) || !$user) {
         if(!$profile || !isset($profile['id']) || !$user) {
-        	return response('', 404);
+        	return $this->json(['error' => 'Account not found'], 404);
         }
         }
 
 
 		$limit = $request->limit ?? 20;
 		$limit = $request->limit ?? 20;
@@ -587,7 +587,7 @@ class ApiV1Controller extends Controller
 			}
 			}
 		}
 		}
 
 
-		if($pid == $profile['id']) {
+		if(intval($pid) === intval($profile['id'])) {
 			$visibility = ['public', 'unlisted', 'private'];
 			$visibility = ['public', 'unlisted', 'private'];
 		} else if($profile['locked']) {
 		} else if($profile['locked']) {
 			$following = FollowerService::follows($pid, $profile['id']);
 			$following = FollowerService::follows($pid, $profile['id']);
@@ -817,7 +817,7 @@ class ApiV1Controller extends Controller
 		$pid = $request->user()->profile_id ?? $request->user()->profile->id;
 		$pid = $request->user()->profile_id ?? $request->user()->profile->id;
 		$res = collect($request->input('id'))
 		$res = collect($request->input('id'))
 			->filter(function($id) use($pid) {
 			->filter(function($id) use($pid) {
-				return $id != $pid;
+				return intval($id) !== intval($pid);
 			})
 			})
 			->map(function($id) use($pid) {
 			->map(function($id) use($pid) {
 				return RelationshipService::get($pid, $id);
 				return RelationshipService::get($pid, $id);
@@ -848,15 +848,21 @@ class ApiV1Controller extends Controller
 		$resolve = (bool) $request->input('resolve', false);
 		$resolve = (bool) $request->input('resolve', false);
 		$q = '%' . $query . '%';
 		$q = '%' . $query . '%';
 
 
-		$profiles = Profile::whereNull('status')
-			->where('username', 'like', $q)
-			->orWhere('name', 'like', $q)
-			->limit($limit)
-			->get();
+		$profiles = Cache::remember('api:v1:accounts:search:' . sha1($query) . ':limit:' . $limit, 86400, function() use($q, $limit) {
+            return Profile::whereNull('status')
+    			->where('username', 'like', $q)
+    			->orWhere('name', 'like', $q)
+    			->limit($limit)
+    			->pluck('id')
+                ->map(function($id) {
+                    return AccountService::getMastodon($id);
+                })
+                ->filter(function($account) {
+                    return $account && isset($account['id']);
+                });
+        });
 
 
-		$resource = new Fractal\Resource\Collection($profiles, new AccountTransformer());
-		$res = $this->fractal->createData($resource)->toArray();
-		return $this->json($res);
+		return $this->json($profiles);
 	}
 	}
 
 
 	/**
 	/**
@@ -908,7 +914,7 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$pid = $user->profile_id ?? $user->profile->id;
 		$pid = $user->profile_id ?? $user->profile->id;
 
 
-		if($id == $pid) {
+		if(intval($id) === intval($pid)) {
 			abort(400, 'You cannot block yourself');
 			abort(400, 'You cannot block yourself');
 		}
 		}
 
 
@@ -953,7 +959,7 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$pid = $user->profile_id ?? $user->profile->id;
 		$pid = $user->profile_id ?? $user->profile->id;
 
 
-		if($id == $pid) {
+		if(intval($id) === intval($pid)) {
 			abort(400, 'You cannot unblock yourself');
 			abort(400, 'You cannot unblock yourself');
 		}
 		}
 
 
@@ -1088,7 +1094,7 @@ class ApiV1Controller extends Controller
 
 
 		$spid = $status['account']['id'];
 		$spid = $status['account']['id'];
 
 
-		if($spid !== $user->profile_id) {
+		if(intval($spid) !== intval($user->profile_id)) {
 			if($status['visibility'] == 'private') {
 			if($status['visibility'] == 'private') {
 				abort_if(!FollowerService::follows($user->profile_id, $spid), 403);
 				abort_if(!FollowerService::follows($user->profile_id, $spid), 403);
 			} else {
 			} else {
@@ -1143,7 +1149,7 @@ class ApiV1Controller extends Controller
 
 
 		$status = Status::findOrFail($id);
 		$status = Status::findOrFail($id);
 
 
-		if($status->profile_id !== $user->profile_id) {
+		if(intval($status->profile_id) !== intval($user->profile_id)) {
 			if($status->scope == 'private') {
 			if($status->scope == 'private') {
 				abort_if(!$status->profile->followedBy($user->profile), 403);
 				abort_if(!$status->profile->followedBy($user->profile), 403);
 			} else {
 			} else {
@@ -1770,6 +1776,10 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$pid = $user->profile_id;
 		$pid = $user->profile_id;
 
 
+        if(intval($pid) === intval($id)) {
+            return $this->json(['error' => 'You cannot mute yourself'], 500);
+        }
+
 		$account = Profile::findOrFail($id);
 		$account = Profile::findOrFail($id);
 
 
 		$filter = UserFilter::firstOrCreate([
 		$filter = UserFilter::firstOrCreate([
@@ -1803,6 +1813,10 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$pid = $user->profile_id;
 		$pid = $user->profile_id;
 
 
+        if(intval($pid) === intval($id)) {
+            return $this->json(['error' => 'You cannot unmute yourself'], 500);
+        }
+
 		$account = Profile::findOrFail($id);
 		$account = Profile::findOrFail($id);
 
 
 		$filter = UserFilter::whereUserId($pid)
 		$filter = UserFilter::whereUserId($pid)
@@ -2228,7 +2242,7 @@ class ApiV1Controller extends Controller
 		$scope = $res['visibility'];
 		$scope = $res['visibility'];
 		if(!in_array($scope, ['public', 'unlisted'])) {
 		if(!in_array($scope, ['public', 'unlisted'])) {
 			if($scope === 'private') {
 			if($scope === 'private') {
-				if($res['account']['id'] != $user->profile_id) {
+				if(intval($res['account']['id']) !== intval($user->profile_id)) {
 					abort_unless(FollowerService::follows($user->profile_id, $res['account']['id']), 403);
 					abort_unless(FollowerService::follows($user->profile_id, $res['account']['id']), 403);
 				}
 				}
 			} else {
 			} else {
@@ -2261,7 +2275,7 @@ class ApiV1Controller extends Controller
 			return response('', 404);
 			return response('', 404);
 		}
 		}
 
 
-		if($status['account']['id'] != $user->profile_id) {
+		if(intval($status['account']['id']) !== intval($user->profile_id)) {
 			if($status['visibility'] == 'private') {
 			if($status['visibility'] == 'private') {
 				if(!FollowerService::follows($user->profile_id, $status['account']['id'])) {
 				if(!FollowerService::follows($user->profile_id, $status['account']['id'])) {
 					return response('', 404);
 					return response('', 404);
@@ -2341,7 +2355,7 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$status = Status::findOrFail($id);
 		$status = Status::findOrFail($id);
 
 
-		if($status->profile_id !== $user->profile_id) {
+		if(intval($status->profile_id) !== intval($user->profile_id)) {
 			if($status->scope == 'private') {
 			if($status->scope == 'private') {
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 			} else {
 			} else {
@@ -2407,7 +2421,7 @@ class ApiV1Controller extends Controller
 			}
 			}
 		}
 		}
 
 
-		if($status->profile_id !== $user->profile_id) {
+		if(intval($status->profile_id) !== intval($user->profile_id)) {
 			if($status->scope == 'private') {
 			if($status->scope == 'private') {
 				abort_if(!$status->profile->followedBy($user->profile), 403);
 				abort_if(!$status->profile->followedBy($user->profile), 403);
 			} else {
 			} else {
@@ -2644,7 +2658,7 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$status = Status::whereScope('public')->findOrFail($id);
 		$status = Status::whereScope('public')->findOrFail($id);
 
 
-		if($status->profile_id !== $user->profile_id) {
+		if(intval($status->profile_id) !== intval($user->profile_id)) {
 			if($status->scope == 'private') {
 			if($status->scope == 'private') {
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 			} else {
 			} else {
@@ -2692,7 +2706,7 @@ class ApiV1Controller extends Controller
 		$user = $request->user();
 		$user = $request->user();
 		$status = Status::whereScope('public')->findOrFail($id);
 		$status = Status::whereScope('public')->findOrFail($id);
 
 
-		if($status->profile_id !== $user->profile_id) {
+		if(intval($status->profile_id) !== intval($user->profile_id)) {
 			if($status->scope == 'private') {
 			if($status->scope == 'private') {
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 				abort_if(!FollowerService::follows($user->profile_id, $status->profile_id), 403);
 			} else {
 			} else {