From 570fa7c3598118ded6df7ced0a5326f54e7a43e2 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sat, 20 Aug 2022 22:47:19 +0200
Subject: [bugfix] Fix potential dereference of accounts on own instance (#757)

* add GetAccountByUsernameDomain

* simplify search

* add escape to not deref accounts on own domain

* check if local + we have account by ap uri
---
 internal/db/bundb/account.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'internal/db/bundb/account.go')

diff --git a/internal/db/bundb/account.go b/internal/db/bundb/account.go
index 201de6f02..95c3d80d8 100644
--- a/internal/db/bundb/account.go
+++ b/internal/db/bundb/account.go
@@ -84,6 +84,26 @@ func (a *accountDB) GetAccountByURL(ctx context.Context, url string) (*gtsmodel.
 	)
 }
 
+func (a *accountDB) GetAccountByUsernameDomain(ctx context.Context, username string, domain string) (*gtsmodel.Account, db.Error) {
+	return a.getAccount(
+		ctx,
+		func() (*gtsmodel.Account, bool) {
+			return a.cache.GetByUsernameDomain(username, domain)
+		},
+		func(account *gtsmodel.Account) error {
+			q := a.newAccountQ(account).Where("account.username = ?", username)
+
+			if domain != "" {
+				q = q.Where("account.domain = ?", domain)
+			} else {
+				q = q.Where("account.domain IS NULL")
+			}
+
+			return q.Scan(ctx)
+		},
+	)
+}
+
 func (a *accountDB) getAccount(ctx context.Context, cacheGet func() (*gtsmodel.Account, bool), dbQuery func(*gtsmodel.Account) error) (*gtsmodel.Account, db.Error) {
 	// Attempt to fetch cached account
 	account, cached := cacheGet()
-- 
cgit v1.2.3