From 52f7033f7ac82155fc927f4b0a3f4f9e8ae11114 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?marcin=20miko=C5=82ajczak?= <git@mkljczk.pl>
Date: Sun, 4 Aug 2024 16:02:44 +0200
Subject: [PATCH 1/4] StreamerView: Do not leak follows count if hidden
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
---
 .../stream-follow-relationships-count.fix     |  1 +
 lib/pleroma/web/views/streamer_view.ex        | 26 ++++++++++++++-----
 2 files changed, 20 insertions(+), 7 deletions(-)
 create mode 100644 changelog.d/stream-follow-relationships-count.fix

diff --git a/changelog.d/stream-follow-relationships-count.fix b/changelog.d/stream-follow-relationships-count.fix
new file mode 100644
index 000000000..68452a88b
--- /dev/null
+++ b/changelog.d/stream-follow-relationships-count.fix
@@ -0,0 +1 @@
+StreamerView: Do not leak follows count if hidden
\ No newline at end of file
diff --git a/lib/pleroma/web/views/streamer_view.ex b/lib/pleroma/web/views/streamer_view.ex
index f97570b0a..6016d821b 100644
--- a/lib/pleroma/web/views/streamer_view.ex
+++ b/lib/pleroma/web/views/streamer_view.ex
@@ -109,7 +109,11 @@ defmodule Pleroma.Web.StreamerView do
     |> Jason.encode!()
   end
 
-  def render("follow_relationships_update.json", item, topic) do
+  def render(
+        "follow_relationships_update.json",
+        %{follower: follower, following: following} = item,
+        topic
+      ) do
     %{
       stream: render("stream.json", %{topic: topic}),
       event: "pleroma:follow_relationships_update",
@@ -117,14 +121,22 @@ defmodule Pleroma.Web.StreamerView do
         %{
           state: item.state,
           follower: %{
-            id: item.follower.id,
-            follower_count: item.follower.follower_count,
-            following_count: item.follower.following_count
+            id: follower.id,
+            follower_count: follower.follower_count,
+            following_count: follower.following_count
           },
           following: %{
-            id: item.following.id,
-            follower_count: item.following.follower_count,
-            following_count: item.following.following_count
+            id: following.id,
+            follower_count:
+              if(!following.hide_followers_count or !following.hide_followers,
+                do: following.follower_count,
+                else: 0
+              ),
+            following_count:
+              if(!following.hide_follows_count or !following.hide_follows,
+                do: following.following_count,
+                else: 0
+              )
           }
         }
         |> Jason.encode!()

From c284c4e3e697dda5c5965588667317090a51bfca Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Wed, 7 Aug 2024 09:19:33 -0400
Subject: [PATCH 2/4] Extract the logic from the map

---
 lib/pleroma/web/views/streamer_view.ex | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/lib/pleroma/web/views/streamer_view.ex b/lib/pleroma/web/views/streamer_view.ex
index 6016d821b..8e5a9f2a4 100644
--- a/lib/pleroma/web/views/streamer_view.ex
+++ b/lib/pleroma/web/views/streamer_view.ex
@@ -114,6 +114,20 @@ defmodule Pleroma.Web.StreamerView do
         %{follower: follower, following: following} = item,
         topic
       ) do
+    follower_count =
+      if Enum.any?([following.hide_followers_count, following.hide_followers]) do
+        0
+      else
+        following.follower_count
+      end
+
+    following_count =
+      if Enum.any?([following.hide_follows_count, following.hide_follows]) do
+        0
+      else
+        following.following_count
+      end
+
     %{
       stream: render("stream.json", %{topic: topic}),
       event: "pleroma:follow_relationships_update",
@@ -127,16 +141,8 @@ defmodule Pleroma.Web.StreamerView do
           },
           following: %{
             id: following.id,
-            follower_count:
-              if(!following.hide_followers_count or !following.hide_followers,
-                do: following.follower_count,
-                else: 0
-              ),
-            following_count:
-              if(!following.hide_follows_count or !following.hide_follows,
-                do: following.following_count,
-                else: 0
-              )
+            follower_count: follower_count,
+            following_count: following_count
           }
         }
         |> Jason.encode!()

From 7d33b53908242bf420d9f84550cabb5f86bc4738 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Wed, 7 Aug 2024 11:47:43 -0400
Subject: [PATCH 3/4] Improve the variable naming

---
 lib/pleroma/web/views/streamer_view.ex | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/pleroma/web/views/streamer_view.ex b/lib/pleroma/web/views/streamer_view.ex
index 8e5a9f2a4..079a37351 100644
--- a/lib/pleroma/web/views/streamer_view.ex
+++ b/lib/pleroma/web/views/streamer_view.ex
@@ -114,14 +114,14 @@ defmodule Pleroma.Web.StreamerView do
         %{follower: follower, following: following} = item,
         topic
       ) do
-    follower_count =
+    following_follower_count =
       if Enum.any?([following.hide_followers_count, following.hide_followers]) do
         0
       else
         following.follower_count
       end
 
-    following_count =
+    following_following_count =
       if Enum.any?([following.hide_follows_count, following.hide_follows]) do
         0
       else
@@ -141,8 +141,8 @@ defmodule Pleroma.Web.StreamerView do
           },
           following: %{
             id: following.id,
-            follower_count: follower_count,
-            following_count: following_count
+            follower_count: following_follower_count,
+            following_count: following_following_count
           }
         }
         |> Jason.encode!()

From ad7fe4e95de42a91ef46a88a3f2863682c68ec5d Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Wed, 7 Aug 2024 11:47:59 -0400
Subject: [PATCH 4/4] Tests to confirm wanted behavior

---
 test/pleroma/web/views/streamer_view_test.ex | 100 +++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 test/pleroma/web/views/streamer_view_test.ex

diff --git a/test/pleroma/web/views/streamer_view_test.ex b/test/pleroma/web/views/streamer_view_test.ex
new file mode 100644
index 000000000..43a17a43e
--- /dev/null
+++ b/test/pleroma/web/views/streamer_view_test.ex
@@ -0,0 +1,100 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.StreamerViewTest do
+  use Pleroma.Web.ConnCase, async: true
+  # import ExUnit.CaptureLog
+  import Pleroma.Factory
+
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.StreamerView
+
+  describe "follow_relationships_update.json" do
+    test "shows follower/following count normally" do
+      other_user = insert(:user)
+      %{id: following_id} = following = insert(:user)
+      follower = insert(:user)
+
+      {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+      {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+      result =
+        StreamerView.render(
+          "follow_relationships_update.json",
+          %{follower: follower, following: following, state: :test},
+          "user:test"
+        )
+
+      {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+      {:ok, decoded_payload} = Jason.decode(payload)
+
+      # check the payload updating the user that was followed
+      assert match?(
+               %{"follower_count" => 1, "following_count" => 1, "id" => ^following_id},
+               decoded_payload["following"]
+             )
+    end
+
+    test "hides follower count for :hide_followers and :hide_followers_count" do
+      user_attrs = [%{hide_followers: true}, %{hide_followers_count: true}]
+
+      Enum.each(user_attrs, fn attrs ->
+        other_user = insert(:user)
+        %{id: following_id} = following = insert(:user, attrs)
+        follower = insert(:user)
+
+        {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+        {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+        result =
+          StreamerView.render(
+            "follow_relationships_update.json",
+            %{follower: follower, following: following, state: :test},
+            "user:test"
+          )
+
+        {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+        {:ok, decoded_payload} = Jason.decode(payload)
+
+        # check the payload updating the user that was followed
+        assert match?(
+                 %{"follower_count" => 0, "following_count" => 1, "id" => ^following_id},
+                 decoded_payload["following"]
+               )
+      end)
+    end
+
+    test "hides follows count for :hide_follows and :hide_follows_count" do
+      user_attrs = [%{hide_follows: true}, %{hide_follows_count: true}]
+
+      Enum.each(user_attrs, fn attrs ->
+        other_user = insert(:user)
+        %{id: following_id} = following = insert(:user, attrs)
+        follower = insert(:user)
+
+        {:ok, _, _, _} = CommonAPI.follow(other_user, following)
+        {:ok, follower, following, _activity} = CommonAPI.follow(following, follower)
+
+        result =
+          StreamerView.render(
+            "follow_relationships_update.json",
+            %{follower: follower, following: following, state: :test},
+            "user:test"
+          )
+
+        {:ok, %{"payload" => payload}} = Jason.decode(result)
+
+        {:ok, decoded_payload} = Jason.decode(payload)
+
+        # check the payload updating the user that was followed
+        assert match?(
+                 %{"follower_count" => 1, "following_count" => 0, "id" => ^following_id},
+                 decoded_payload["following"]
+               )
+      end)
+    end
+  end
+end