From 5a2d1c2010531c0e691482fffe63da9d94087f29 Mon Sep 17 00:00:00 2001
From: naskya <m@naskya.net>
Date: Sat, 22 Jun 2024 23:30:21 +0900
Subject: [PATCH] fix (backend): check URL properly

---
 .../backend/src/server/api/endpoints/users/show.ts     | 10 ++++++++--
 packages/client/src/pages/user/home.vue                |  2 --
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/server/api/endpoints/users/show.ts b/packages/backend/src/server/api/endpoints/users/show.ts
index 61812a0189..199a9b7556 100644
--- a/packages/backend/src/server/api/endpoints/users/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/show.ts
@@ -87,14 +87,20 @@ export const paramDef = {
 export default define(meta, paramDef, async (ps, me) => {
 	let user;
 
-	const isAdminOrModerator = me && (me.isAdmin || me.isModerator);
+	const isAdminOrModerator = me != null && (me.isAdmin || me.isModerator);
 
 	if (ps.userIds) {
 		if (ps.userIds.length === 0) {
 			return [];
 		}
 
-		const isUrl = ps.userIds[0].startsWith("http");
+		let isUrl = false;
+
+		try {
+			const url = new URL(ps.userIds[0]);
+			isUrl = ["http", "https"].includes(url.protocol);
+		} catch (_) {}
+
 		let users: User[];
 		if (isUrl) {
 			users = await Users.findBy(
diff --git a/packages/client/src/pages/user/home.vue b/packages/client/src/pages/user/home.vue
index a92bbb3b70..629ada231e 100644
--- a/packages/client/src/pages/user/home.vue
+++ b/packages/client/src/pages/user/home.vue
@@ -360,10 +360,8 @@ import { getStaticImageUrl } from "@/scripts/get-static-image-url";
 import number from "@/filters/number";
 import { userPage } from "@/filters/user";
 import { defaultStore } from "@/store";
-import * as os from "@/os";
 import { i18n } from "@/i18n";
 import { isModerator, isSignedIn, me } from "@/me";
-import { host } from "@/config";
 import icon from "@/scripts/icon";
 
 const XPhotos = defineAsyncComponent(() => import("./index.photos.vue"));