diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index 71473f713..5a1f26e21 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -540,8 +540,11 @@ class ApiV1Controller extends Controller 'limit' => 'nullable|integer|min:1|max:100' ]); - $profile = AccountService::getMastodon($id); - abort_if(!$profile, 404); + $profile = AccountService::getMastodon($id, true); + + if(!$profile || !isset($profile['id']) || !$user) { + return response('', 404); + } $limit = $request->limit ?? 20; $max_id = $request->max_id; @@ -567,7 +570,9 @@ class ApiV1Controller extends Controller $visibility = ['public', 'unlisted', 'private']; } else if($profile['locked']) { $following = FollowerService::follows($pid, $profile['id']); - abort_unless($following, 403); + if(!$following) { + return response('', 403); + } $visibility = ['public', 'unlisted', 'private']; } else { $following = FollowerService::follows($pid, $profile['id']); @@ -586,11 +591,8 @@ class ApiV1Controller extends Controller ->orderByDesc('id') ->get() ->map(function($s) use($user) { - try { - $status = StatusService::getMastodon($s->id, false); - } catch (\Exception $e) { - $status = false; - } + $status = StatusService::getMastodon($s->id, false); + if($user && $status) { $status['favourited'] = (bool) LikeService::liked($user->profile_id, $s->id); } diff --git a/routes/api.php b/routes/api.php index 93d41caf4..015f7ab00 100644 --- a/routes/api.php +++ b/routes/api.php @@ -42,7 +42,7 @@ Route::group(['prefix' => 'api'], function() use($middleware) { Route::post('accounts/{id}/unmute', 'Api\ApiV1Controller@accountUnmuteById')->middleware($middleware); Route::get('accounts/{id}/lists', 'Api\ApiV1Controller@accountListsById')->middleware($middleware); Route::get('lists/{id}/accounts', 'Api\ApiV1Controller@accountListsById')->middleware($middleware); - Route::get('accounts/{id}', 'Api\ApiV1Controller@accountById'); + Route::get('accounts/{id}', 'Api\ApiV1Controller@accountById')->middleware($middleware); Route::post('avatar/update', 'ApiController@avatarUpdate')->middleware($middleware); Route::get('blocks', 'Api\ApiV1Controller@accountBlocks')->middleware($middleware);