From b415337d40bcb10a28adc780e6d864684fc38ebb Mon Sep 17 00:00:00 2001
From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Date: Sun, 21 Jul 2024 13:04:19 +0100
Subject: [bugfix] update common get target account / status doing refresh
 async (#3124)

---
 internal/processing/common/account.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'internal/processing/common/account.go')

diff --git a/internal/processing/common/account.go b/internal/processing/common/account.go
index 9a39ea26d..c0daf647d 100644
--- a/internal/processing/common/account.go
+++ b/internal/processing/common/account.go
@@ -61,13 +61,22 @@ func (p *Processor) GetTargetAccountBy(
 	}
 
 	if requester != nil && visible {
-		// Ensure the account is up-to-date.
-		p.federator.RefreshAccountAsync(ctx,
+		// Only refresh account if visible to requester,
+		// and there is *authorized* requester to prevent
+		// a possible DOS vector for unauthorized clients.
+		latest, _, err := p.federator.RefreshAccount(ctx,
 			requester.Username,
 			target,
 			nil,
 			nil,
 		)
+		if err != nil {
+			log.Errorf(ctx, "error refreshing target %s: %v", target.URI, err)
+			return target, visible, nil
+		}
+
+		// Set latest.
+		target = latest
 	}
 
 	return target, visible, nil
-- 
cgit v1.2.3