Stop accepting nicknames or ids in /api/v1/accounts/:id
Although this is less of a problem on instances with flake ids, older instances have cases where there is both a user with nickname being equal to the requested string and an id being equal to the requested string, resulting in a wrong account being displayed at the url (For example you would expect https://kawen.space/314 to display @314@kawen.space
, but it displays @TheKinrar@mastodon.xyz
instead). I propose fixing this by stopping to accept nicknames in /api/v1/accounts/:id
and making a separate endpoint for requesting a user by their nickname /api/v1/accounts_by_nickname/:nickname
.
Things needed:
-
Implement /api/v1/accounts_by_nickname/:nickname
-
Advertise https://instance.social/:nickname
in theurl
property of actors, this will make the external links lead to it. -
Make the FE use only /api/v1/accounts_by_nickname/:nickname
when resolving a user at/:nickname
-
Make the FE use a different route for remote users that are addressed by id (i.e /accounts/
) . The problem with changing/users/
to be id-only is that our AP ids are/users/:nickname
, so visiting an AP id in-browser will not work, which is undesirable because some implementations don't honorurl
. -
Remove nickname support from /api/v1/accounts/:id