Update ApiV1Controller and BookmarkController, fix api differences and allow unbookmarking regardless of relationship

app/Http/Controllers/Api/ApiV1Controller.php

@@ -3018,8 +3018,15 @@ class ApiV1Controller extends Controller
             ->orderByDesc('id')
             ->cursorPaginate($limit);
 
-        $bookmarks = $bookmarkQuery->map(function($bookmark) {
-				return \App\Services\StatusService::getMastodon($bookmark->status_id);
+        $bookmarks = $bookmarkQuery->map(function($bookmark) use($pid) {
+				$status = StatusService::getMastodon($bookmark->status_id, false);
+
+				if($status) {
+					$status['bookmarked'] = true;
+					$status['favourited'] = LikeService::liked($pid, $status['id']);
+					$status['reblogged'] = ReblogService::get($pid, $status['id']);
+				}
+				return $status;
 			})
 			->filter()
 			->values()
@@ -3057,17 +3064,29 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
-		$status = Status::whereNull('uri')
-			->whereScope('public')
-			->findOrFail($id);
+		$status = Status::findOrFail($id);
+		$pid = $request->user()->profile_id;
+
+		abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
+		abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
+		abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
+
+		if($status->scope == 'private') {
+			abort_if(
+				$pid !== $status->profile_id && !FollowerService::follows($pid, $status->profile_id),
+				404,
+				'Error: You cannot bookmark private posts from accounts you do not follow.'
+			);
+		}
 
 		Bookmark::firstOrCreate([
 			'status_id' => $status->id,
-			'profile_id' => $request->user()->profile_id
+			'profile_id' => $pid
 		]);
 
-		BookmarkService::add($request->user()->profile_id, $status->id);
-		$res = StatusService::getMastodon($status->id);
+		BookmarkService::add($pid, $status->id);
+
+		$res = StatusService::getMastodon($status->id, false);
 		$res['bookmarked'] = true;
 
 		return $this->json($res);
@@ -3084,19 +3103,22 @@ class ApiV1Controller extends Controller
 	{
 		abort_if(!$request->user(), 403);
 
-		$status = Status::whereNull('uri')
-			->whereScope('public')
-			->findOrFail($id);
+		$status = Status::findOrFail($id);
+		$pid = $request->user()->profile_id;
+
+		abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
+		abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
+		abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
 
 		$bookmark = Bookmark::whereStatusId($status->id)
-			->whereProfileId($request->user()->profile_id)
+			->whereProfileId($pid)
 			->first();
 
 		if($bookmark) {
-			BookmarkService::del($request->user()->profile_id, $status->id);
+			BookmarkService::del($pid, $status->id);
 			$bookmark->delete();
 		}
-		$res = StatusService::getMastodon($status->id);
+		$res = StatusService::getMastodon($status->id, false);
 		$res['bookmarked'] = false;
 
 		return $this->json($res);

app/Http/Controllers/BookmarkController.php

@@ -11,47 +11,57 @@ use App\Services\FollowerService;
 
 class BookmarkController extends Controller
 {
-    public function __construct()
-    {
-        $this->middleware('auth');
-    }
-
-    public function store(Request $request)
-    {
-        $this->validate($request, [
-            'item' => 'required|integer|min:1',
-        ]);
-
-        $profile = Auth::user()->profile;
-        $status = Status::findOrFail($request->input('item'));
-
-        abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
-
-        if($status->scope == 'private') {
-            abort_if(
-                $profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id),
-                404,
-                'Error: You cannot bookmark private posts from accounts you do not follow.'
-            );
-        }
-
-        $bookmark = Bookmark::firstOrCreate(
-            ['status_id' => $status->id], ['profile_id' => $profile->id]
-        );
-
-        if (!$bookmark->wasRecentlyCreated) {
-        	BookmarkService::del($profile->id, $status->id);
-            $bookmark->delete();
-        } else {
-        	BookmarkService::add($profile->id, $status->id);
-        }
-
-        if ($request->ajax()) {
-            $response = ['code' => 200, 'msg' => 'Bookmark saved!'];
-        } else {
-            $response = redirect()->back();
-        }
-
-        return $response;
-    }
+	public function __construct()
+	{
+		$this->middleware('auth');
+	}
+
+	public function store(Request $request)
+	{
+		$this->validate($request, [
+			'item' => 'required|integer|min:1',
+		]);
+
+		$profile = Auth::user()->profile;
+		$status = Status::findOrFail($request->input('item'));
+
+		abort_if($status->in_reply_to_id || $status->reblog_of_id, 404);
+		abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
+		abort_if(!in_array($status->type, ['photo','photo:album', 'video', 'video:album', 'photo:video:album']), 404);
+
+		if($status->scope == 'private') {
+			if($profile->id !== $status->profile_id && !FollowerService::follows($profile->id, $status->profile_id)) {
+				if($exists = Bookmark::whereStatusId($status->id)->whereProfileId($profile->id)->first()) {
+					BookmarkService::del($profile->id, $status->id);
+					$exists->delete();
+
+					if ($request->ajax()) {
+						return ['code' => 200, 'msg' => 'Bookmark removed!'];
+					} else {
+						return redirect()->back();
+					}
+				}
+				abort(404, 'Error: You cannot bookmark private posts from accounts you do not follow.');
+			}
+		}
+
+		$bookmark = Bookmark::firstOrCreate(
+			['status_id' => $status->id], ['profile_id' => $profile->id]
+		);
+
+		if (!$bookmark->wasRecentlyCreated) {
+			BookmarkService::del($profile->id, $status->id);
+			$bookmark->delete();
+		} else {
+			BookmarkService::add($profile->id, $status->id);
+		}
+
+		if ($request->ajax()) {
+			$response = ['code' => 200, 'msg' => 'Bookmark saved!'];
+		} else {
+			$response = redirect()->back();
+		}
+
+		return $response;
+	}
 }