From fb40a55c7c2ad3ca73a47f8b78d9155aafb1a1eb Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sun, 24 Feb 2019 21:30:02 -0700
Subject: [PATCH] Add new api routes

---
 app/Http/Controllers/PublicApiController.php | 17 +++++++++++++----
 routes/web.php                               |  2 ++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/PublicApiController.php b/app/Http/Controllers/PublicApiController.php
index 3a2685021..510b15717 100644
--- a/app/Http/Controllers/PublicApiController.php
+++ b/app/Http/Controllers/PublicApiController.php
@@ -395,8 +395,12 @@ class PublicApiController extends Controller
 
     public function accountFollowers(Request $request, $id)
     {
-        $profile = Profile::findOrFail($id);
-        $followers = $profile->followers;
+        abort_unless(Auth::check(), 403);
+        $profile = Profile::with('user')->whereNull('status')->whereNull('domain')->findOrFail($id);
+        if($profile->is_private || !$profile->user->settings->show_profile_followers) {
+            return [];
+        }
+        $followers = $profile->followers()->orderByDesc('followers.created_at')->paginate(10);
         $resource = new Fractal\Resource\Collection($followers, new AccountTransformer());
         $res = $this->fractal->createData($resource)->toArray();
 
@@ -405,8 +409,12 @@ class PublicApiController extends Controller
 
     public function accountFollowing(Request $request, $id)
     {
-        $profile = Profile::findOrFail($id);
-        $following = $profile->following;
+        abort_unless(Auth::check(), 403);
+        $profile = Profile::with('user')->whereNull('status')->whereNull('domain')->findOrFail($id);
+        if($profile->is_private || !$profile->user->settings->show_profile_following) {
+            return [];
+        }
+        $following = $profile->following()->orderByDesc('followers.created_at')->paginate(10);
         $resource = new Fractal\Resource\Collection($following, new AccountTransformer());
         $res = $this->fractal->createData($resource)->toArray();
 
@@ -468,4 +476,5 @@ class PublicApiController extends Controller
 
         return response()->json($res);
     }
+
 }
diff --git a/routes/web.php b/routes/web.php
index 13245e394..89434be7b 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -70,6 +70,8 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
             Route::get('accounts/verify_credentials', 'ApiController@verifyCredentials');
             Route::get('accounts/relationships', 'PublicApiController@relationships');
             Route::get('accounts/{id}/statuses', 'PublicApiController@accountStatuses');
+            Route::get('accounts/{id}/following', 'PublicApiController@accountFollowing');
+            Route::get('accounts/{id}/followers', 'PublicApiController@accountFollowers');
             Route::get('accounts/{id}', 'PublicApiController@account');
             Route::post('avatar/update', 'ApiController@avatarUpdate');
             Route::get('likes', 'ApiController@hydrateLikes');