[bugfix] Deref stats async, serve stub collections if handshaking (#2990)v0.16.0-rc2

* [bugfix] Deref stats async, allow peek if handshaking * don't return totalItems when handshaking or hiding collections * use GetLimit() * use StubAccountStats
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2024-06-11 11:54:59 +0200
committer: GitHub <noreply@github.com> 2024-06-11 11:54:59 +0200
commit: 611f9de39b7a29e89616c9ffe76d2aca1194877b (patch)
tree: c5792f5c4c21070b608e0bb3b743edffbd190074 /internal/processing
parent: [bugfix] boost and account recursion (#2982) (diff)
download: gotosocial-611f9de39b7a29e89616c9ffe76d2aca1194877b.tar.xz
3 files changed, 226 insertions, 114 deletions
diff --git a/internal/processing/fedi/collections.go b/internal/processing/fedi/collections.go
index 7a6c99adb..a1fc5e1f4 100644
--- a/internal/processing/fedi/collections.go
+++ b/internal/processing/fedi/collections.go
@@ -29,6 +29,8 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
+	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 // InboxPost handles POST requests to a user's inbox for new activitypub messages.
@@ -45,91 +47,162 @@ func (p *Processor) InboxPost(ctx context.Context, w http.ResponseWriter, r *htt
 	return p.federator.FederatingActor().PostInbox(ctx, w, r)
 }
 
-// OutboxGet returns the activitypub representation of a local user's outbox.
-// This contains links to PUBLIC posts made by this user.
+// OutboxGet returns the serialized ActivityPub
+// collection of a local account's outbox, which
+// contains links to PUBLIC posts by this account.
 func (p *Processor) OutboxGet(
 	ctx context.Context,
 	requestedUser string,
-	page bool,
-	maxID string,
-	minID string,
+	page *paging.Page,
 ) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	_, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
+	receivingAcct := auth.receivingAcct
 
-	var data map[string]interface{}
-	// There are two scenarios:
-	// 1. we're asked for the whole collection and not a page -- we can just return the collection, with no items, but a link to 'first' page.
-	// 2. we're asked for a specific page; this can be either the first page or any other page
-
-	if !page {
-		/*
-			scenario 1: return the collection with no items
-			we want something that looks like this:
-			{
-				"@context": "https://www.w3.org/ns/activitystreams",
-				"id": "https://example.org/users/whatever/outbox",
-				"type": "OrderedCollection",
-				"first": "https://example.org/users/whatever/outbox?page=true",
-				"last": "https://example.org/users/whatever/outbox?min_id=0&page=true"
-			}
-		*/
-		collection, err := p.converter.OutboxToASCollection(ctx, receiver.OutboxURI)
-		if err != nil {
+	// Parse the collection ID object from account's followers URI.
+	collectionID, err := url.Parse(receivingAcct.OutboxURI)
+	if err != nil {
+		err := gtserror.Newf("error parsing account outbox uri %s: %w", receivingAcct.OutboxURI, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	// Ensure we have stats for this account.
+	if receivingAcct.Stats == nil {
+		if err := p.state.DB.PopulateAccountStats(ctx, receivingAcct); err != nil {
+			err := gtserror.Newf("error getting stats for account %s: %w", receivingAcct.ID, err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
+	}
 
-		data, err = ap.Serialize(collection)
-		if err != nil {
+	var obj vocab.Type
+
+	// Start the AS collection params.
+	var params ap.CollectionParams
+	params.ID = collectionID
+
+	switch {
+
+	case *receivingAcct.Settings.HideCollections ||
+		receivingAcct.IsInstance():
+		// If account that hides collections, or instance
+		// account (ie., can't post / have relationships),
+		// just return barest stub of collection.
+		obj = ap.NewASOrderedCollection(params)
+
+	case page == nil || auth.handshakingURI != nil:
+		// If paging disabled, or we're currently handshaking
+		// the requester, just return collection that links
+		// to first page (i.e. path below), with no items.
+		params.Total = util.Ptr(*receivingAcct.Stats.StatusesCount)
+		params.First = new(paging.Page)
+		params.Query = make(url.Values, 1)
+		params.Query.Set("limit", "40") // enables paging
+		obj = ap.NewASOrderedCollection(params)
+
+	default:
+		// Paging enabled.
+		// Get page of full public statuses.
+		statuses, err := p.state.DB.GetAccountStatuses(
+			ctx,
+			receivingAcct.ID,
+			page.GetLimit(), // limit
+			true,            // excludeReplies
+			true,            // excludeReblogs
+			page.GetMax(),   // maxID
+			page.GetMin(),   // minID
+			false,           // mediaOnly
+			true,            // publicOnly
+		)
+		if err != nil && !errors.Is(err, db.ErrNoEntries) {
+			err := gtserror.Newf("error getting statuses: %w", err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
 
-		return data, nil
-	}
+		// page ID values.
+		var lo, hi string
 
-	// scenario 2 -- get the requested page
-	// limit pages to 30 entries per page
-	publicStatuses, err := p.state.DB.GetAccountStatuses(ctx, receiver.ID, 30, true, true, maxID, minID, false, true)
-	if err != nil && !errors.Is(err, db.ErrNoEntries) {
-		return nil, gtserror.NewErrorInternalError(err)
-	}
+		if len(statuses) > 0 {
+			// Get the lowest and highest
+			// ID values, used for paging.
+			lo = statuses[len(statuses)-1].ID
+			hi = statuses[0].ID
+		}
 
-	outboxPage, err := p.converter.StatusesToASOutboxPage(ctx, receiver.OutboxURI, maxID, minID, publicStatuses)
-	if err != nil {
-		return nil, gtserror.NewErrorInternalError(err)
+		// Start building AS collection page params.
+		params.Total = util.Ptr(*receivingAcct.Stats.StatusesCount)
+		var pageParams ap.CollectionPageParams
+		pageParams.CollectionParams = params
+
+		// Current page details.
+		pageParams.Current = page
+		pageParams.Count = len(statuses)
+
+		// Set linked next/prev parameters.
+		pageParams.Next = page.Next(lo, hi)
+		pageParams.Prev = page.Prev(lo, hi)
+
+		// Set the collection item property builder function.
+		pageParams.Append = func(i int, itemsProp ap.ItemsPropertyBuilder) {
+			// Get status at index.
+			status := statuses[i]
+
+			// Derive statusable from status.
+			statusable, err := p.converter.StatusToAS(ctx, status)
+			if err != nil {
+				log.Errorf(ctx, "error converting %s to statusable: %v", status.URI, err)
+				return
+			}
+
+			// Derive create from statusable, using the IRI only.
+			create := typeutils.WrapStatusableInCreate(statusable, true)
+
+			// Add to item property.
+			itemsProp.AppendActivityStreamsCreate(create)
+		}
+
+		// Build AS collection page object from params.
+		obj = ap.NewASOrderedCollectionPage(pageParams)
 	}
 
-	data, err = ap.Serialize(outboxPage)
+	// Serialize the prepared object.
+	data, err := ap.Serialize(obj)
 	if err != nil {
+		err := gtserror.Newf("error serializing: %w", err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
 	return data, nil
 }
 
-// FollowersGet handles the getting of a fedi/activitypub representation of a user/account's followers, performing appropriate
-// authentication before returning a JSON serializable interface to the caller.
-func (p *Processor) FollowersGet(ctx context.Context, requestedUser string, page *paging.Page) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	_, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+// FollowersGet returns the serialized ActivityPub
+// collection of a local account's followers collection,
+// which contains links to accounts following this account.
+func (p *Processor) FollowersGet(
+	ctx context.Context,
+	requestedUser string,
+	page *paging.Page,
+) (interface{}, gtserror.WithCode) {
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
+	receivingAcct := auth.receivingAcct
 
 	// Parse the collection ID object from account's followers URI.
-	collectionID, err := url.Parse(receiver.FollowersURI)
+	collectionID, err := url.Parse(receivingAcct.FollowersURI)
 	if err != nil {
-		err := gtserror.Newf("error parsing account followers uri %s: %w", receiver.FollowersURI, err)
+		err := gtserror.Newf("error parsing account followers uri %s: %w", receivingAcct.FollowersURI, err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
 	// Ensure we have stats for this account.
-	if receiver.Stats == nil {
-		if err := p.state.DB.PopulateAccountStats(ctx, receiver); err != nil {
-			err := gtserror.Newf("error getting stats for account %s: %w", receiver.ID, err)
+	if receivingAcct.Stats == nil {
+		if err := p.state.DB.PopulateAccountStats(ctx, receivingAcct); err != nil {
+			err := gtserror.Newf("error getting stats for account %s: %w", receivingAcct.ID, err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
 	}
@@ -139,29 +212,30 @@ func (p *Processor) FollowersGet(ctx context.Context, requestedUser string, page
 	// Start the AS collection params.
 	var params ap.CollectionParams
 	params.ID = collectionID
-	params.Total = *receiver.Stats.FollowersCount
 
 	switch {
 
-	case receiver.IsInstance() ||
-		*receiver.Settings.HideCollections:
-		// Instance account (can't follow/be followed),
-		// or an account that hides followers/following.
-		// Respect this by just returning totalItems.
+	case receivingAcct.IsInstance() ||
+		*receivingAcct.Settings.HideCollections:
+		// If account that hides collections, or instance
+		// account (ie., can't post / have relationships),
+		// just return barest stub of collection.
 		obj = ap.NewASOrderedCollection(params)
 
-	case page == nil:
-		// i.e. paging disabled, return collection
-		// that links to first page (i.e. path below).
+	case page == nil || auth.handshakingURI != nil:
+		// If paging disabled, or we're currently handshaking
+		// the requester, just return collection that links
+		// to first page (i.e. path below), with no items.
+		params.Total = util.Ptr(*receivingAcct.Stats.FollowersCount)
 		params.First = new(paging.Page)
 		params.Query = make(url.Values, 1)
 		params.Query.Set("limit", "40") // enables paging
 		obj = ap.NewASOrderedCollection(params)
 
 	default:
-		// i.e. paging enabled
-		// Get the request page of full follower objects with attached accounts.
-		followers, err := p.state.DB.GetAccountFollowers(ctx, receiver.ID, page)
+		// Paging enabled.
+		// Get page of full follower objects with attached accounts.
+		followers, err := p.state.DB.GetAccountFollowers(ctx, receivingAcct.ID, page)
 		if err != nil {
 			err := gtserror.Newf("error getting followers: %w", err)
 			return nil, gtserror.NewErrorInternalError(err)
@@ -178,6 +252,7 @@ func (p *Processor) FollowersGet(ctx context.Context, requestedUser string, page
 		}
 
 		// Start building AS collection page params.
+		params.Total = util.Ptr(*receivingAcct.Stats.FollowersCount)
 		var pageParams ap.CollectionPageParams
 		pageParams.CollectionParams = params
 
@@ -210,7 +285,7 @@ func (p *Processor) FollowersGet(ctx context.Context, requestedUser string, page
 		obj = ap.NewASOrderedCollectionPage(pageParams)
 	}
 
-	// Serialized the prepared object.
+	// Serialize the prepared object.
 	data, err := ap.Serialize(obj)
 	if err != nil {
 		err := gtserror.Newf("error serializing: %w", err)
@@ -220,26 +295,28 @@ func (p *Processor) FollowersGet(ctx context.Context, requestedUser string, page
 	return data, nil
 }
 
-// FollowingGet handles the getting of a fedi/activitypub representation of a user/account's following, performing appropriate
-// authentication before returning a JSON serializable interface to the caller.
+// FollowingGet returns the serialized ActivityPub
+// collection of a local account's following collection,
+// which contains links to accounts followed by this account.
 func (p *Processor) FollowingGet(ctx context.Context, requestedUser string, page *paging.Page) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	_, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
+	receivingAcct := auth.receivingAcct
 
 	// Parse collection ID from account's following URI.
-	collectionID, err := url.Parse(receiver.FollowingURI)
+	collectionID, err := url.Parse(receivingAcct.FollowingURI)
 	if err != nil {
-		err := gtserror.Newf("error parsing account following uri %s: %w", receiver.FollowingURI, err)
+		err := gtserror.Newf("error parsing account following uri %s: %w", receivingAcct.FollowingURI, err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
 	// Ensure we have stats for this account.
-	if receiver.Stats == nil {
-		if err := p.state.DB.PopulateAccountStats(ctx, receiver); err != nil {
-			err := gtserror.Newf("error getting stats for account %s: %w", receiver.ID, err)
+	if receivingAcct.Stats == nil {
+		if err := p.state.DB.PopulateAccountStats(ctx, receivingAcct); err != nil {
+			err := gtserror.Newf("error getting stats for account %s: %w", receivingAcct.ID, err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
 	}
@@ -249,28 +326,29 @@ func (p *Processor) FollowingGet(ctx context.Context, requestedUser string, page
 	// Start AS collection params.
 	var params ap.CollectionParams
 	params.ID = collectionID
-	params.Total = *receiver.Stats.FollowingCount
 
 	switch {
-	case receiver.IsInstance() ||
-		*receiver.Settings.HideCollections:
-		// Instance account (can't follow/be followed),
-		// or an account that hides followers/following.
-		// Respect this by just returning totalItems.
+	case receivingAcct.IsInstance() ||
+		*receivingAcct.Settings.HideCollections:
+		// If account that hides collections, or instance
+		// account (ie., can't post / have relationships),
+		// just return barest stub of collection.
 		obj = ap.NewASOrderedCollection(params)
 
-	case page == nil:
-		// i.e. paging disabled, return collection
-		// that links to first page (i.e. path below).
+	case page == nil || auth.handshakingURI != nil:
+		// If paging disabled, or we're currently handshaking
+		// the requester, just return collection that links
+		// to first page (i.e. path below), with no items.
+		params.Total = util.Ptr(*receivingAcct.Stats.FollowingCount)
 		params.First = new(paging.Page)
 		params.Query = make(url.Values, 1)
 		params.Query.Set("limit", "40") // enables paging
 		obj = ap.NewASOrderedCollection(params)
 
 	default:
-		// i.e. paging enabled
-		// Get the request page of full follower objects with attached accounts.
-		follows, err := p.state.DB.GetAccountFollows(ctx, receiver.ID, page)
+		// Paging enabled.
+		// Get page of full follower objects with attached accounts.
+		follows, err := p.state.DB.GetAccountFollows(ctx, receivingAcct.ID, page)
 		if err != nil {
 			err := gtserror.Newf("error getting follows: %w", err)
 			return nil, gtserror.NewErrorInternalError(err)
@@ -287,6 +365,7 @@ func (p *Processor) FollowingGet(ctx context.Context, requestedUser string, page
 		}
 
 		// Start AS collection page params.
+		params.Total = util.Ptr(*receivingAcct.Stats.FollowingCount)
 		var pageParams ap.CollectionPageParams
 		pageParams.CollectionParams = params
 
@@ -319,7 +398,7 @@ func (p *Processor) FollowingGet(ctx context.Context, requestedUser string, page
 		obj = ap.NewASOrderedCollectionPage(pageParams)
 	}
 
-	// Serialized the prepared object.
+	// Serialize the prepared object.
 	data, err := ap.Serialize(obj)
 	if err != nil {
 		err := gtserror.Newf("error serializing: %w", err)
@@ -332,20 +411,21 @@ func (p *Processor) FollowingGet(ctx context.Context, requestedUser string, page
 // FeaturedCollectionGet returns an ordered collection of the requested username's Pinned posts.
 // The returned collection have an `items` property which contains an ordered list of status URIs.
 func (p *Processor) FeaturedCollectionGet(ctx context.Context, requestedUser string) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	_, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
+	receivingAcct := auth.receivingAcct
 
-	statuses, err := p.state.DB.GetAccountPinnedStatuses(ctx, receiver.ID)
+	statuses, err := p.state.DB.GetAccountPinnedStatuses(ctx, receivingAcct.ID)
 	if err != nil {
 		if !errors.Is(err, db.ErrNoEntries) {
 			return nil, gtserror.NewErrorInternalError(err)
 		}
 	}
 
-	collection, err := p.converter.StatusesToASFeaturedCollection(ctx, receiver.FeaturedCollectionURI, statuses)
+	collection, err := p.converter.StatusesToASFeaturedCollection(ctx, receivingAcct.FeaturedCollectionURI, statuses)
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
 	}
diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
index a02779e73..1a4d38bc1 100644
--- a/internal/processing/fedi/common.go
+++ b/internal/processing/fedi/common.go
@@ -20,55 +20,64 @@ package fedi
 import (
 	"context"
 	"errors"
+	"net/url"
 
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )
 
-func (p *Processor) authenticate(ctx context.Context, requestedUser string) (
-	*gtsmodel.Account, // requester: i.e. user making the request
-	*gtsmodel.Account, // receiver: i.e. the receiving inbox user
-	gtserror.WithCode,
-) {
+type commonAuth struct {
+	handshakingURI *url.URL          // Set to requestingAcct's URI if we're currently handshaking them.
+	requestingAcct *gtsmodel.Account // Remote account making request to this instance.
+	receivingAcct  *gtsmodel.Account // Local account receiving the request.
+}
+
+func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*commonAuth, gtserror.WithCode) {
 	// First get the requested (receiving) LOCAL account with username from database.
 	receiver, err := p.state.DB.GetAccountByUsernameDomain(ctx, requestedUser, "")
 	if err != nil {
 		if !errors.Is(err, db.ErrNoEntries) {
 			// Real db error.
 			err = gtserror.Newf("db error getting account %s: %w", requestedUser, err)
-			return nil, nil, gtserror.NewErrorInternalError(err)
+			return nil, gtserror.NewErrorInternalError(err)
 		}
 
 		// Account just not found in the db.
-		return nil, nil, gtserror.NewErrorNotFound(err)
+		return nil, gtserror.NewErrorNotFound(err)
 	}
 
 	// Ensure request signed, and use signature URI to
 	// get requesting account, dereferencing if necessary.
 	pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUser)
 	if errWithCode != nil {
-		return nil, nil, errWithCode
+		return nil, errWithCode
 	}
 
 	if pubKeyAuth.Handshaking {
-		// This should happen very rarely, we are in the middle of handshaking.
-		err := gtserror.Newf("network race handshaking %s", pubKeyAuth.OwnerURI)
-		return nil, nil, gtserror.NewErrorInternalError(err)
+		// We're still handshaking so we
+		// don't know the requester yet.
+		return &commonAuth{
+			handshakingURI: pubKeyAuth.OwnerURI,
+			receivingAcct:  receiver,
+		}, nil
 	}
 
 	// Get requester from auth.
 	requester := pubKeyAuth.Owner
 
-	// Check that block does not exist between receiver and requester.
+	// Ensure block does not exist between receiver and requester.
 	blocked, err := p.state.DB.IsEitherBlocked(ctx, receiver.ID, requester.ID)
 	if err != nil {
 		err := gtserror.Newf("error checking block: %w", err)
-		return nil, nil, gtserror.NewErrorInternalError(err)
+		return nil, gtserror.NewErrorInternalError(err)
 	} else if blocked {
 		const text = "block exists between accounts"
-		return nil, nil, gtserror.NewErrorForbidden(errors.New(text))
+		return nil, gtserror.NewErrorForbidden(errors.New(text))
 	}
 
-	return requester, receiver, nil
+	return &commonAuth{
+		requestingAcct: requester,
+		receivingAcct:  receiver,
+	}, nil
 }
diff --git a/internal/processing/fedi/status.go b/internal/processing/fedi/status.go
index c6d611eee..7c4d4beec 100644
--- a/internal/processing/fedi/status.go
+++ b/internal/processing/fedi/status.go
@@ -30,23 +30,35 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 // StatusGet handles the getting of a fedi/activitypub representation of a local status.
 // It performs appropriate authentication before returning a JSON serializable interface.
 func (p *Processor) StatusGet(ctx context.Context, requestedUser string, statusID string) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	requester, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
 
+	if auth.handshakingURI != nil {
+		// We're currently handshaking, which means
+		// we don't know this account yet. This should
+		// be a very rare race condition.
+		err := gtserror.Newf("network race handshaking %s", auth.handshakingURI)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	receivingAcct := auth.receivingAcct
+	requestingAcct := auth.requestingAcct
+
 	status, err := p.state.DB.GetStatusByID(ctx, statusID)
 	if err != nil {
 		return nil, gtserror.NewErrorNotFound(err)
 	}
 
-	if status.AccountID != receiver.ID {
+	if status.AccountID != receivingAcct.ID {
 		const text = "status does not belong to receiving account"
 		return nil, gtserror.NewErrorNotFound(errors.New(text))
 	}
@@ -56,7 +68,7 @@ func (p *Processor) StatusGet(ctx context.Context, requestedUser string, statusI
 		return nil, gtserror.NewErrorNotFound(errors.New(text))
 	}
 
-	visible, err := p.filter.StatusVisible(ctx, requester, status)
+	visible, err := p.filter.StatusVisible(ctx, requestingAcct, status)
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(err)
 	}
@@ -90,15 +102,26 @@ func (p *Processor) StatusRepliesGet(
 	page *paging.Page,
 	onlyOtherAccounts bool,
 ) (interface{}, gtserror.WithCode) {
-	// Authenticate the incoming request, getting related user accounts.
-	requester, receiver, errWithCode := p.authenticate(ctx, requestedUser)
+	// Authenticate incoming request, getting related accounts.
+	auth, errWithCode := p.authenticate(ctx, requestedUser)
 	if errWithCode != nil {
 		return nil, errWithCode
 	}
 
+	if auth.handshakingURI != nil {
+		// We're currently handshaking, which means
+		// we don't know this account yet. This should
+		// be a very rare race condition.
+		err := gtserror.Newf("network race handshaking %s", auth.handshakingURI)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	receivingAcct := auth.receivingAcct
+	requestingAcct := auth.requestingAcct
+
 	// Get target status and ensure visible to requester.
 	status, errWithCode := p.c.GetVisibleTargetStatus(ctx,
-		requester,
+		requestingAcct,
 		statusID,
 		nil, // default freshness
 	)
@@ -107,7 +130,7 @@ func (p *Processor) StatusRepliesGet(
 	}
 
 	// Ensure status is by receiving account.
-	if status.AccountID != receiver.ID {
+	if status.AccountID != receivingAcct.ID {
 		const text = "status does not belong to receiving account"
 		return nil, gtserror.NewErrorNotFound(errors.New(text))
 	}
@@ -140,7 +163,7 @@ func (p *Processor) StatusRepliesGet(
 	}
 
 	// Reslice replies dropping all those invisible to requester.
-	replies, err = p.filter.StatusesVisible(ctx, requester, replies)
+	replies, err = p.filter.StatusesVisible(ctx, requestingAcct, replies)
 	if err != nil {
 		err := gtserror.Newf("error filtering status replies: %w", err)
 		return nil, gtserror.NewErrorInternalError(err)
@@ -151,7 +174,7 @@ func (p *Processor) StatusRepliesGet(
 	// Start AS collection params.
 	var params ap.CollectionParams
 	params.ID = collectionID
-	params.Total = len(replies)
+	params.Total = util.Ptr(len(replies))
 
 	if page == nil {
 		// i.e. paging disabled, return collection
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2024-06-11 11:54:59 +0200
committer	GitHub <noreply@github.com>	2024-06-11 11:54:59 +0200
commit	611f9de39b7a29e89616c9ffe76d2aca1194877b (patch)
tree	c5792f5c4c21070b608e0bb3b743edffbd190074 /internal/processing
parent	[bugfix] boost and account recursion (#2982) (diff)
download	gotosocial-611f9de39b7a29e89616c9ffe76d2aca1194877b.tar.xz