From 9cd6b496ba6d98a30488497a2140e3ebeb054a9f Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Tue, 12 Mar 2024 10:41:10 -0400
Subject: [PATCH] fix: AP S2S handling for /user/:userslug route

---
 src/middleware/assert.js  | 7 +++++--
 src/routes/activitypub.js | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/middleware/assert.js b/src/middleware/assert.js
index ccbc007275..67a63b0344 100644
--- a/src/middleware/assert.js
+++ b/src/middleware/assert.js
@@ -17,6 +17,7 @@ const posts = require('../posts');
 const messaging = require('../messaging');
 const flags = require('../flags');
 const slugify = require('../slugify');
+const utils = require('../utils');
 const activitypub = require('../activitypub');
 
 const helpers = require('./helpers');
@@ -25,9 +26,11 @@ const controllerHelpers = require('../controllers/helpers');
 const Assert = module.exports;
 
 Assert.user = helpers.try(async (req, res, next) => {
+	const uid = req.params.uid || res.locals.uid;
+
 	if (
-		(isFinite(req.params.uid) && await user.exists(req.params.uid)) ||
-		(req.params.uid.indexOf('@') !== -1 && await activitypub.helpers.query(req.params.uid))
+		(utils.isNumber(uid) && await user.exists(uid)) ||
+		(uid.indexOf('@') !== -1 && await activitypub.helpers.query(uid))
 	) {
 		return next();
 	}
diff --git a/src/routes/activitypub.js b/src/routes/activitypub.js
index f53d75b112..1431c37349 100644
--- a/src/routes/activitypub.js
+++ b/src/routes/activitypub.js
@@ -21,7 +21,7 @@ module.exports = function (app, middleware, controllers) {
 	app.post('/inbox', [...middlewares, middleware.activitypub.validate], controllers.activitypub.postInbox);
 
 	app.get('/uid/:uid', [...middlewares, middleware.assert.user], controllers.activitypub.actors.user);
-	app.get('/user/:userslug', [...middlewares, middleware.assert.user, middleware.exposeUid], controllers.activitypub.actors.userBySlug);
+	app.get('/user/:userslug', [...middlewares, middleware.exposeUid, middleware.assert.user], controllers.activitypub.actors.userBySlug);
 	app.get('/uid/:uid/inbox', [...middlewares, middleware.assert.user], controllers.activitypub.getInbox);
 	app.post('/uid/:uid/inbox', [...middlewares, middleware.assert.user, middleware.activitypub.validate], controllers.activitypub.postInbox);
 	app.get('/uid/:uid/outbox', [...middlewares, middleware.assert.user], controllers.activitypub.getOutbox);