public/owltide
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Ignore deleted users when looking up a user

Browse source 
After the change to converting users to tombstones instead of removing
them from the database several places would accidentally use deleted
user accounts instead of ignoring them.
This commit is contained in:
Hornwitser 2025-07-08 16:23:31 +02:00
parent f4e4dc9f11
commit 352362b9c3
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/streams.ts
View file

@ -151,7 +151,7 @@ export async function broadcastEvent(event: ApiEvent) {
} else {
let userType: ApiAccount["type"] | undefined;
if (streamData.accountId !== undefined) {
userType = users.find(a => a.id === streamData.accountId)?.type
userType = users.find(a => !a.deleted && a.id === streamData.accountId)?.type
}
const data = encodeEvent(event, userType)
sendMessage(stream, `id: ${id}\nevent: update\ndata: ${data}\n\n`);

6
server/utils/session.ts
View file

@ -74,7 +74,7 @@ export async function setServerSession(event: H3Event, account: ServerUser) {
async function rotateSession(event: H3Event, sessions: ServerSession[], session: ServerSession) {
const runtimeConfig = useRuntimeConfig(event);
const users = await readUsers();
const account = users.find(user => user.id === session.accountId);
const account = users.find(user => !user.deleted && user.id === session.accountId);
const now = Date.now();
const newSession: ServerSession = {
accountId: account?.id,
@ -137,7 +137,7 @@ export async function requireServerSessionWithUser(event: H3Event) {
const session = await requireServerSession(event, message);
const users = await readUsers();
const account = users.find(user => user.id === session.accountId);
if (session.accountId === undefined || !account)
if (session.accountId === undefined || !account || account.deleted)
throw createError({
statusCode: 401,
statusMessage: "Uauthorized",
@ -164,7 +164,7 @@ export async function requireServerSessionWithAdmin(event: H3Event) {
export async function serverSessionToApi(event: H3Event, session: ServerSession): Promise<ApiSession> {
const users = await readUsers();
const account = users.find(user => user.id === session.accountId);
const account = users.find(user => !user.deleted && user.id === session.accountId);
const subscriptions = await readSubscriptions();
const push = Boolean(
subscriptions.find(sub => sub.type === "push" && sub.sessionId === session.id)