patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/_legacy/supabase/functions/follow/index.ts
Patrick Britton 434937961c security: sanitized baseline for public release
2026-02-15 00:33:24 -06:00

136 lines
4 KiB
TypeScript
Raw Blame History

/**
* POST /follow - Follow a user
* DELETE /follow - Unfollow a user
*
* Design intent:
* - Following is explicit and intentional
* - Mutual follow enables conversation
* - Cannot follow if blocked
*/
import { serve } from 'https://deno.land/std@0.177.0/http/server.ts';
import { createSupabaseClient } from '../_shared/supabase-client.ts';
import { validateUUID, ValidationError } from '../_shared/validation.ts';
interface FollowRequest {
user_id: string; // the user to follow/unfollow
}
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, {
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST, DELETE',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
},
});
}
try {
const authHeader = req.headers.get('Authorization');
if (!authHeader) {
return new Response(JSON.stringify({ error: 'Missing authorization header' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
});
}
const supabase = createSupabaseClient(authHeader);
const {
data: { user },
error: authError,
} = await supabase.auth.getUser();
if (authError || !user) {
return new Response(JSON.stringify({ error: 'Unauthorized' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
});
}
let { user_id: following_id } = (await req.json()) as FollowRequest;
validateUUID(following_id, 'user_id');
following_id = following_id.toLowerCase();
if (following_id === user.id.toLowerCase()) {
return new Response(
JSON.stringify({ error: 'Cannot follow yourself' }),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
);
}
// Handle unfollow
if (req.method === 'DELETE') {
const { error: deleteError } = await supabase
.from('follows')
.delete()
.eq('follower_id', user.id)
.eq('following_id', following_id);
if (deleteError) {
console.error('Error unfollowing:', deleteError);
return new Response(JSON.stringify({ error: 'Failed to unfollow' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
}
return new Response(JSON.stringify({ success: true, message: 'Unfollowed' }), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
}
// Handle follow (POST) via request_follow
const { data: status, error: followError } = await supabase
.rpc('request_follow', { target_id: following_id });
if (followError) {
if (followError.message?.includes('Cannot follow') || followError.code === '23514') {
return new Response(
JSON.stringify({ error: 'Cannot follow this user' }),
{ status: 403, headers: { 'Content-Type': 'application/json' } }
);
}
console.error('Error following:', followError);
return new Response(JSON.stringify({ error: 'Failed to follow' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
}
const followStatus = status as string | null;
const message =
followStatus === 'pending'
? 'Request sent.'
: 'Followed. Mutual follow enables conversation.';
return new Response(
JSON.stringify({
success: true,
status: followStatus,
message,
}),
{
status: 200,
headers: { 'Content-Type': 'application/json' },
}
);
} catch (error) {
if (error instanceof ValidationError) {
return new Response(
JSON.stringify({ error: 'Validation error', message: error.message }),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
);
}
console.error('Unexpected error:', error);
return new Response(JSON.stringify({ error: 'Internal server error' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
});
}
});
Reference in a new issue View git blame Copy permalink