From 4662641feb66197737e7ff63dcb168c739b97054 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Acid=20Chicken=20=28=E7=A1=AB=E9=85=B8=E9=B6=8F=29?=
 <root@acid-chicken.com>
Date: Wed, 26 Dec 2018 18:32:16 +0900
Subject: [PATCH] Fix #3745 (#3746)

---
 src/server/web/index.ts | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/server/web/index.ts b/src/server/web/index.ts
index f2a40c01f7..c5c6f21c92 100644
--- a/src/server/web/index.ts
+++ b/src/server/web/index.ts
@@ -8,6 +8,7 @@ import * as Router from 'koa-router';
 import * as send from 'koa-send';
 import * as favicon from 'koa-favicon';
 import * as views from 'koa-views';
+import { ObjectID } from 'mongodb';
 
 import docs from './docs';
 import packFeed from './feed';
@@ -149,18 +150,22 @@ router.get('/@:user', async (ctx, next) => {
 
 // Note
 router.get('/notes/:note', async ctx => {
-	const note = await Note.findOne({ _id: ctx.params.note });
+	if (ObjectID.isValid(ctx.params.note)) {
+		const note = await Note.findOne({ _id: ctx.params.note });
 
-	if (note != null) {
-		const _note = await packNote(note);
-		await ctx.render('note', {
-			note: _note,
-			summary: getNoteSummary(_note)
-		});
-		ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
-	} else {
-		ctx.status = 404;
+		if (note) {
+			const _note = await packNote(note);
+			await ctx.render('note', {
+				note: _note,
+				summary: getNoteSummary(_note)
+			});
+			ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
+			
+			return;
+		}
 	}
+
+	ctx.status = 404;
 });
 //#endregion