From 20055e5d2bf87e55c5f4df51ecb5afbb16a56039 Mon Sep 17 00:00:00 2001 From: Christomatt Date: Mon, 26 Jan 2026 19:27:42 +0100 Subject: [PATCH] feat(api): Filter out remote placeholder users from local queries - Add SQL filter to exclude users with '@' in handle from admin users endpoint - Update search endpoint to filter remote placeholder users from results - Modify users listing endpoint to exclude federated user handles - Prevent remote placeholder accounts from appearing in local user lists and search results --- src/app/api/admin/users/route.ts | 3 ++- src/app/api/search/route.ts | 5 ++++- src/app/api/users/route.ts | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/app/api/admin/users/route.ts b/src/app/api/admin/users/route.ts index 61cc791..7d1e735 100644 --- a/src/app/api/admin/users/route.ts +++ b/src/app/api/admin/users/route.ts @@ -1,7 +1,7 @@ import { NextResponse } from 'next/server'; import { db, users } from '@/db'; import { requireAdmin } from '@/lib/auth/admin'; -import { desc } from 'drizzle-orm'; +import { desc, sql } from 'drizzle-orm'; export async function GET(request: Request) { try { @@ -27,6 +27,7 @@ export async function GET(request: Request) { isBot: users.isBot, }) .from(users) + .where(sql`${users.handle} NOT LIKE '%@%'`) .orderBy(desc(users.createdAt)) .limit(limit); diff --git a/src/app/api/search/route.ts b/src/app/api/search/route.ts index b4bb511..5c430c7 100644 --- a/src/app/api/search/route.ts +++ b/src/app/api/search/route.ts @@ -106,7 +106,7 @@ export async function GET(request: Request) { eq(users.isSuspended, false), eq(users.isSilenced, false) ); - searchUsers = await db.select({ + const localUsers = await db.select({ id: users.id, handle: users.handle, displayName: users.displayName, @@ -117,6 +117,9 @@ export async function GET(request: Request) { .from(users) .where(userConditions) .limit(limit); + + // Filter out remote placeholder users (those with @ in handle) + searchUsers = localUsers.filter(u => !u.handle.includes('@')); } // Federated user lookup (exact handle@domain queries) diff --git a/src/app/api/users/route.ts b/src/app/api/users/route.ts index 4a92b52..7f48d88 100644 --- a/src/app/api/users/route.ts +++ b/src/app/api/users/route.ts @@ -23,7 +23,7 @@ export async function GET(request: NextRequest) { isBot: users.isBot, }) .from(users) - .where(sql`${users.isSuspended} IS FALSE`) + .where(sql`${users.isSuspended} IS FALSE AND ${users.handle} NOT LIKE '%@%'`) .orderBy(desc(users.createdAt)) .limit(limit);