From 64fdf91b6b02c291edd29f2a7de0dbe85591fd79 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 9 May 2025 10:16:33 -0400
Subject: [PATCH] fix: wrap generateCollection calls in try..catch to send 404
 if thrown

---
 src/controllers/activitypub/actors.js | 45 +++++++++++++++++----------
 1 file changed, 28 insertions(+), 17 deletions(-)

diff --git a/src/controllers/activitypub/actors.js b/src/controllers/activitypub/actors.js
index f9212ba09d..85e2fda01c 100644
--- a/src/controllers/activitypub/actors.js
+++ b/src/controllers/activitypub/actors.js
@@ -84,7 +84,7 @@ Actors.note = async function (req, res, next) {
 	res.status(200).json(payload);
 };
 
-Actors.replies = async function (req, res) {
+Actors.replies = async function (req, res, next) {
 	const allowed = utils.isNumber(req.params.pid) && await privileges.posts.can('topics:read', req.params.pid, activitypub._constants.uid);
 	const exists = await posts.exists(req.params.pid);
 	if (!allowed || !exists) {
@@ -92,12 +92,17 @@ Actors.replies = async function (req, res) {
 	}
 
 	const page = parseInt(req.query.page, 10);
-	const replies = await activitypub.helpers.generateCollection({
-		set: `pid:${req.params.pid}:replies`,
-		page,
-		perPage: meta.config.postsPerPage,
-		url: `${nconf.get('url')}/post/${req.params.pid}/replies`,
-	});
+	let replies;
+	try {
+		replies = await activitypub.helpers.generateCollection({
+			set: `pid:${req.params.pid}:replies`,
+			page,
+			perPage: meta.config.postsPerPage,
+			url: `${nconf.get('url')}/post/${req.params.pid}/replies`,
+		});
+	} catch (e) {
+		return next(); // invalid page; 404
+	}
 
 	// Convert pids to urls
 	replies.orderedItems = replies.orderedItems.map(pid => (utils.isNumber(pid) ? `${nconf.get('url')}/post/${pid}` : pid));
@@ -126,16 +131,22 @@ Actors.topic = async function (req, res, next) {
 			return next();
 		}
 
-		let [collection, pids] = await Promise.all([
-			activitypub.helpers.generateCollection({
-				set: `tid:${req.params.tid}:posts`,
-				method: posts.getPidsFromSet,
-				page,
-				perPage,
-				url: `${nconf.get('url')}/topic/${req.params.tid}/posts`,
-			}),
-			db.getSortedSetMembers(`tid:${req.params.tid}:posts`),
-		]);
+		let collection;
+		let pids;
+		try {
+			([collection, pids] = await Promise.all([
+				activitypub.helpers.generateCollection({
+					set: `tid:${req.params.tid}:posts`,
+					method: posts.getPidsFromSet,
+					page,
+					perPage,
+					url: `${nconf.get('url')}/topic/${req.params.tid}/posts`,
+				}),
+				db.getSortedSetMembers(`tid:${req.params.tid}:posts`),
+			]));
+		} catch (e) {
+			return next(); // invalid page; 404
+		}
 		pids.push(mainPid);
 		pids = pids.map(pid => (utils.isNumber(pid) ? `${nconf.get('url')}/post/${pid}` : pid));
 		collection.totalItems += 1; // account for mainPid