use getNote instead of Notes.find

If a note is not visible to the requesting user, an error will be raised.
2022-03-08 21:17:58 +01:00 · 2022-03-08 21:17:58 +01:00 · 3c6d9cc8ab
commit 3c6d9cc8ab
parent 97edaca351
3 changed files with 18 additions and 10 deletions
--- a/packages/backend/src/server/api/endpoints/notes/conversation.ts
+++ b/packages/backend/src/server/api/endpoints/notes/conversation.ts
@ -50,7 +50,11 @@ export default define(meta, paramDef, async (ps, user) => {

 	async function get(id: any) {
 		i++;
-		const p = await Notes.findOneBy({ id });
+		const p = await getNote(id, user).catch(e => {
+			if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') return null;
+			throw e;
+		});
+
 		if (p == null) return;

 		if (i > ps.offset!) {
--- a/packages/backend/src/server/api/endpoints/notes/create.ts
+++ b/packages/backend/src/server/api/endpoints/notes/create.ts
@ -10,6 +10,7 @@ import { noteVisibilities } from '../../../../types.js';
 import { ApiError } from '../../error.js';
 import define from '../../define.js';
 import { HOUR } from '@/const.js';
+import { getNote } from '../../common/getters.js';

 export const meta = {
 	tags: ['notes'],
@ -185,11 +186,12 @@ export default define(meta, paramDef, async (ps, user) => {
 	let renote: Note | null = null;
 	if (ps.renoteId != null) {
 		// Fetch renote to note
-		renote = await Notes.findOneBy({ id: ps.renoteId });
+		renote = await getNote(ps.renoteId, user).catch(e => {
+			if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchRenoteTarget);
+			throw e;
+		});

-		if (renote == null) {
-			throw new ApiError(meta.errors.noSuchRenoteTarget);
-		} else if (renote.renoteId && !renote.text && !renote.fileIds && !renote.hasPoll) {
+		if (renote.renoteId && !renote.text && !renote.fileIds && !renote.hasPoll) {
 			throw new ApiError(meta.errors.cannotReRenote);
 		}

@ -208,11 +210,12 @@ export default define(meta, paramDef, async (ps, user) => {
 	let reply: Note | null = null;
 	if (ps.replyId != null) {
 		// Fetch reply
-		reply = await Notes.findOneBy({ id: ps.replyId });
+		reply = await getNote(ps.replyId, user).catch(e => {
+			if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchReplyTarget);
+			throw e;
+		});

-		if (reply == null) {
-			throw new ApiError(meta.errors.noSuchReplyTarget);
-		} else if (reply.renoteId && !reply.text && !reply.fileIds && !reply.hasPoll) {
+		if (reply.renoteId && !reply.text && !reply.fileIds && !reply.hasPoll) {
 			throw new ApiError(meta.errors.cannotReplyToPureRenote);
 		}

--- a/packages/backend/src/server/api/endpoints/notes/state.ts
+++ b/packages/backend/src/server/api/endpoints/notes/state.ts
@ -1,4 +1,5 @@
 import { NoteFavorites, Notes, NoteThreadMutings, NoteWatchings } from '@/models/index.js';
+import { getNote } from '../../common/getters.js';
 import define from '../../define.js';

 export const meta = {
@ -36,7 +37,7 @@ export const paramDef = {

 // eslint-disable-next-line import/no-default-export
 export default define(meta, paramDef, async (ps, user) => {
-	const note = await Notes.findOneByOrFail({ id: ps.noteId });
+	const note = await getNote(ps.noteId, user);

 	const [favorite, watching, threadMuting] = await Promise.all([
 		NoteFavorites.count({