adolforeyna/EMI-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden feed/profile routes against invalid IDs and null profiles

Browse Source
This commit is contained in:
Adolfo Reyna
2026-02-20 19:09:15 -05:00
parent 0b36db9b33
commit c136d25974
4 changed files with 74 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dbTools/profile.js
View File

@@ -96,16 +96,18 @@ userDB = (DB) => {
DB.getFriendsFriends = async (profileId, limit = 10) => {
const profile = await DB.getProfile(profileId);
if (!profile) return [];
let ids = profile.following.map((id) => DB.ObjectID(id));
const following = Array.isArray(profile.following) ? profile.following : [];
let ids = following.filter((id) => DB.ObjectID.isValid(id)).map((id) => DB.ObjectID(id));
let alreadyFollowingMap = {};
alreadyFollowingMap[profileId] = 1; //skip that profile
profile.following.forEach(id => {
following.forEach(id => {
if (!alreadyFollowingMap[id]) alreadyFollowingMap[id] = 1;
})
return DB.profileCols.find({ _id: { $in: ids } }).project({ following: 1 }).limit(limit).toArray().then(profiles => {
let friendsOfFriendsMap = {};
profiles.forEach(p => {
p.following.forEach(followingId => {
const related = Array.isArray(p.following) ? p.following : [];
related.forEach(followingId => {
if (alreadyFollowingMap[followingId]) return 0;
if (!friendsOfFriendsMap[followingId]) friendsOfFriendsMap[followingId] = 0;
friendsOfFriendsMap[followingId] = friendsOfFriendsMap[followingId] + 1;
@@ -312,9 +314,10 @@ userDB = (DB) => {
DB.getFollowingGroups = async (profileid) => {
const profile = await DB.getProfile(profileid);
let ids = [];
for (id in profile.following) {
const following = Array.isArray(profile?.following) ? profile.following : [];
for (id in following) {
try {
let oId = DB.ObjectID(profile.following[id]);
let oId = DB.ObjectID(following[id]);
let checkProfile = await DB.getProfileCache(oId)
if (checkProfile && checkProfile.isGroup && !checkProfile.isChat) {
ids.push(oId)
@@ -482,4 +485,4 @@ userDB = (DB) => {
}
module.exports = userDB;
module.exports = userDB;