fix: check visibility when serving Like activity

This commit is contained in:
Johann150 2022-09-02 14:34:32 +02:00
parent 375323bc25
commit 2ed46aaebb
Signed by untrusted user: Johann150
GPG key ID: 9EE6577A2A06F8F1

View file

@ -206,16 +206,19 @@ router.get('/emojis/:emoji', async ctx => {
// like // like
router.get('/likes/:like', async ctx => { router.get('/likes/:like', async ctx => {
const reaction = await NoteReactions.findOneBy({ id: ctx.params.like }); const note = await Notes.findOneBy({
id: reaction.noteId,
visibility: In(['public' as const, 'home' as const]),
});
if (reaction == null) { if (note == null) {
ctx.status = 404; ctx.status = 404;
return; return;
} }
const note = await Notes.findOneBy({ id: reaction.noteId }); const reaction = await NoteReactions.findOneBy({ id: ctx.params.like });
if (note == null) { if (reaction == null) {
ctx.status = 404; ctx.status = 404;
return; return;
} }