From 6033d837263aab51204df11da2523a5184a44b60 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sat, 13 Aug 2022 22:51:02 -0600
Subject: [PATCH] Fix unlisted post web redirect and api response

---
 app/Http/Controllers/PublicApiController.php | 4 +++-
 app/Http/Controllers/SpaController.php       | 6 +++++-
 app/Util/Sentiment/Bouncer.php               | 3 +++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php
index 8f9507feb..2eb7a9b49 100644
--- a/app/Http/Controllers/PublicApiController.php
+++ b/app/Http/Controllers/PublicApiController.php
@@ -118,7 +118,9 @@ class PublicApiController extends Controller
         $status = Status::whereProfileId($profile->id)->findOrFail($postid);
         $this->scopeCheck($profile, $status);
         if(!$request->user()) {
-            $res = ['status' => StatusService::get($status->id)];
+            $cached = StatusService::get($status->id, false);
+            abort_if(!in_array($cached['visibility'], ['public', 'unlisted']), 403);
+            $res = ['status' => $cached];
         } else {
             $item = new Fractal\Resource\Item($status, new StatusStatelessTransformer());
             $res = [
diff --git a/app/Http/Controllers/SpaController.php b/app/Http/Controllers/SpaController.php
index cf0e81352..b05314f06 100644
--- a/app/Http/Controllers/SpaController.php
+++ b/app/Http/Controllers/SpaController.php
@@ -27,7 +27,11 @@ class SpaController extends Controller
 			return view('layouts.spa');
 		}
 
-		$post = StatusService::get($id);
+		$post = StatusService::get($id, false);
+
+		if($post && !in_array($post['visibility'], ['public', 'unlisted'])) {
+			return redirect('/login');
+		}
 
 		if(
 			$post &&
diff --git a/app/Util/Sentiment/Bouncer.php b/app/Util/Sentiment/Bouncer.php
index 45e002952..948cef412 100644
--- a/app/Util/Sentiment/Bouncer.php
+++ b/app/Util/Sentiment/Bouncer.php
@@ -6,6 +6,7 @@ use App\AccountInterstitial;
 use App\Status;
 use Cache;
 use Illuminate\Support\Str;
+use App\Services\StatusService;
 
 class Bouncer {
 
@@ -134,6 +135,8 @@ class Bouncer {
 		// $status->is_nsfw = true;
 		$status->save();
 
+		StatusService::del($status->id);
+
 		Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $status->profile_id);
 		Cache::forget('pf:bouncer_v0:recent_by_pid:' . $status->profile_id);
 	}
-- 
GitLab