diff --git a/src/app.ts b/src/app.ts index b3e251e..fbc1ef2 100644 --- a/src/app.ts +++ b/src/app.ts @@ -211,8 +211,9 @@ app.get('/api/v1/mutes', requireSigner, mutesController); app.get('/api/v1/markers', requireProof(), markersController); app.post('/api/v1/markers', requireProof(), updateMarkersController); -app.put('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions/:emoji', requireSigner, reactionController); app.get('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions', reactionsController); +app.get('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions/:emoji', reactionsController); +app.put('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions/:emoji', requireSigner, reactionController); app.delete('/api/v1/pleroma/statuses/:id{[0-9a-f]{64}}/reactions/:emoji', requireSigner, deleteReactionController); app.get('/api/v1/admin/accounts', requireRole('admin'), adminAccountsController); diff --git a/src/controllers/api/reactions.ts b/src/controllers/api/reactions.ts index 52f5319..b889b95 100644 --- a/src/controllers/api/reactions.ts +++ b/src/controllers/api/reactions.ts @@ -89,9 +89,15 @@ const reactionsController: AppController = async (c) => { const id = c.req.param('id'); const store = await Storages.db(); const pubkey = await c.get('signer')?.getPublicKey(); + const emoji = c.req.param('emoji') as string | undefined; + + if (typeof emoji === 'string' && !/^\p{RGI_Emoji}$/v.test(emoji)) { + return c.json({ error: 'Invalid emoji' }, 400); + } const events = await store.query([{ kinds: [7], '#e': [id], limit: 100 }]) - .then((events) => hydrateEvents({ events, store })); + .then((events) => hydrateEvents({ events, store })) + .then((events) => events.filter((event) => !emoji || event.content === emoji)); /** Events grouped by emoji. */ const byEmoji = events.reduce((acc, event) => {