From 0a16029f3874add89a7da2e8866caddfbf280ba8 Mon Sep 17 00:00:00 2001
From: Sven Sauleau <sven@cloudflare.com>
Date: Mon, 6 Feb 2023 19:50:44 +0000
Subject: [PATCH] various changes to status deletion

---
 backend/src/utils/cors.ts              |  2 +-
 backend/test/mastodon/statuses.spec.ts |  2 ++
 functions/api/v1/statuses/[id].ts      | 14 +++++++++++---
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/backend/src/utils/cors.ts b/backend/src/utils/cors.ts
index d418c5a..ccf1943 100644
--- a/backend/src/utils/cors.ts
+++ b/backend/src/utils/cors.ts
@@ -2,6 +2,6 @@ export function cors(): object {
 	return {
 		'Access-Control-Allow-Origin': '*',
 		'Access-Control-Allow-Headers': 'content-type, authorization, idempotency-key',
-		'Access-Control-Allow-Methods': 'GET, PUT, POST',
+		'Access-Control-Allow-Methods': 'GET, PUT, POST, DELETE',
 	}
 }
diff --git a/backend/test/mastodon/statuses.spec.ts b/backend/test/mastodon/statuses.spec.ts
index 235aea6..d0710a4 100644
--- a/backend/test/mastodon/statuses.spec.ts
+++ b/backend/test/mastodon/statuses.spec.ts
@@ -17,6 +17,7 @@ import { addFollowing, acceptFollowing } from 'wildebeest/backend/src/mastodon/f
 import { MessageType } from 'wildebeest/backend/src/types/queue'
 import { MastodonStatus } from 'wildebeest/backend/src/types'
 import { mastodonIdSymbol, getObjectByMastodonId } from 'wildebeest/backend/src/activitypub/objects'
+import { addObjectInOutbox } from 'wildebeest/backend/src/activitypub/actors/outbox'
 
 const userKEK = 'test_kek4'
 const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms))
@@ -832,6 +833,7 @@ describe('Mastodon APIs', () => {
 			const db = await makeDB()
 			const actor = await createPerson(domain, db, userKEK, 'sven@cloudflare.com')
 			const note = await createPublicNote(domain, db, 'note from actor', actor)
+			await addObjectInOutbox(db, actor, note)
 
 			const res = await statuses_id.handleRequestDelete(db, note[mastodonIdSymbol]!, actor, domain)
 			assert.equal(res.status, 200)
diff --git a/functions/api/v1/statuses/[id].ts b/functions/api/v1/statuses/[id].ts
index d18a2e8..bc9bb4a 100644
--- a/functions/api/v1/statuses/[id].ts
+++ b/functions/api/v1/statuses/[id].ts
@@ -38,10 +38,18 @@ export async function handleRequestGet(db: D1Database, id: UUID, domain: string)
 // schema directly into D1, which D1 disallows at the moment.
 // Some context at: https://stackoverflow.com/questions/13150075/add-on-delete-cascade-behavior-to-an-sqlite3-table-after-it-has-been-created
 async function deleteNote(db: D1Database, note: Note) {
-	const deleteOutboxObject = db.prepare('DELETE FROM outbox_objects WHERE id=?').bind(note.id.toString())
-	const deleteObject = db.prepare('DELETE FROM objects WHERE id=?').bind(note.id.toString())
+	const nodeId = note.id.toString()
+	const batch = [
+		db.prepare('DELETE FROM outbox_objects WHERE object_id=?').bind(nodeId),
+		db.prepare('DELETE FROM inbox_objects WHERE object_id=?').bind(nodeId),
+		db.prepare('DELETE FROM actor_notifications WHERE object_id=?').bind(nodeId),
+		db.prepare('DELETE FROM actor_favourites WHERE object_id=?').bind(nodeId),
+		db.prepare('DELETE FROM actor_reblogs WHERE object_id=?').bind(nodeId),
+		db.prepare('DELETE FROM actor_replies WHERE object_id=?1 OR in_reply_to_object_id=?1').bind(nodeId),
+		db.prepare('DELETE FROM objects WHERE id=?').bind(nodeId),
+	]
 
-	const res = await db.batch([deleteOutboxObject, deleteObject])
+	const res = await db.batch(batch)
 
 	for (let i = 0, len = res.length; i < len; i++) {
 		if (!res[i].success) {