From 46b7185f7b5a1d5b4f73a7d28c903ba081dde81f Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Fri, 5 Jan 2024 16:05:18 -0600
Subject: [PATCH] adminAccountsController: bail if querying by unsupported
 params

---
 src/controllers/api/admin.ts | 39 +++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/src/controllers/api/admin.ts b/src/controllers/api/admin.ts
index 46f7b29..4baaa42 100644
--- a/src/controllers/api/admin.ts
+++ b/src/controllers/api/admin.ts
@@ -1,10 +1,47 @@
 import { type AppController } from '@/app.ts';
 import { Conf } from '@/config.ts';
+import { z } from '@/deps.ts';
+import { booleanParamSchema } from '@/schema.ts';
 import { eventsDB } from '@/storages.ts';
 import { renderAdminAccount } from '@/views/mastodon/admin-accounts.ts';
 
+const adminAccountQuerySchema = z.object({
+  local: booleanParamSchema.optional(),
+  remote: booleanParamSchema.optional(),
+  active: booleanParamSchema.optional(),
+  pending: booleanParamSchema.optional(),
+  disabled: booleanParamSchema.optional(),
+  silenced: booleanParamSchema.optional(),
+  suspended: booleanParamSchema.optional(),
+  sensitized: booleanParamSchema.optional(),
+  username: z.string().optional(),
+  display_name: z.string().optional(),
+  by_domain: z.string().optional(),
+  email: z.string().optional(),
+  ip: z.string().optional(),
+  staff: booleanParamSchema.optional(),
+  max_id: z.string().optional(),
+  since_id: z.string().optional(),
+  min_id: z.string().optional(),
+  limit: z.number().min(1).max(80).optional(),
+});
+
 const adminAccountsController: AppController = async (c) => {
-  const events = await eventsDB.getEvents([{ kinds: [30361], authors: [Conf.pubkey], limit: 20 }]);
+  const {
+    pending,
+    disabled,
+    silenced,
+    suspended,
+    sensitized,
+    limit,
+  } = adminAccountQuerySchema.parse(c.req.query());
+
+  // Not supported.
+  if (pending || disabled || silenced || suspended || sensitized) {
+    return c.json([]);
+  }
+
+  const events = await eventsDB.getEvents([{ kinds: [30361], authors: [Conf.pubkey], limit }]);
   const pubkeys = events.map((event) => event.tags.find(([name]) => name === 'd')?.[1]!);
   const authors = await eventsDB.getEvents([{ kinds: [0], ids: pubkeys, limit: pubkeys.length }]);