56 lines
1.2 KiB
PL/PgSQL
56 lines
1.2 KiB
PL/PgSQL
-- Follow guardrails: prevent self-follow and block-based follows
|
|
|
|
create or replace function request_follow(target_id uuid)
|
|
returns text
|
|
language plpgsql
|
|
security definer
|
|
as $$
|
|
declare
|
|
existing_status text;
|
|
target_private boolean;
|
|
target_official boolean;
|
|
new_status text;
|
|
begin
|
|
if auth.uid() is null then
|
|
raise exception 'Not authenticated';
|
|
end if;
|
|
|
|
if target_id is null then
|
|
raise exception 'Target profile not found';
|
|
end if;
|
|
|
|
if auth.uid() = target_id then
|
|
raise exception 'Cannot follow yourself';
|
|
end if;
|
|
|
|
select status into existing_status
|
|
from follows
|
|
where follower_id = auth.uid()
|
|
and following_id = target_id;
|
|
|
|
if existing_status is not null then
|
|
return existing_status;
|
|
end if;
|
|
|
|
select is_private, is_official
|
|
into target_private, target_official
|
|
from profiles
|
|
where id = target_id;
|
|
|
|
if target_private is null then
|
|
raise exception 'Target profile not found';
|
|
end if;
|
|
|
|
if target_official or target_private = false then
|
|
new_status := 'accepted';
|
|
else
|
|
new_status := 'pending';
|
|
end if;
|
|
|
|
insert into follows (follower_id, following_id, status)
|
|
values (auth.uid(), target_id, new_status);
|
|
|
|
return new_status;
|
|
end;
|
|
$$;
|