9 files changed, 14 insertions, 10 deletions

diff --git a/app/controllers/api/accounts_controller.rb b/app/controllers/api/accounts_controller.rb
index fc4c9d681..ac16ed7c1 100644
--- a/app/controllers/api/accounts_controller.rb
+++ b/app/controllers/api/accounts_controller.rb
@@ -1,6 +1,6 @@
 class Api::AccountsController < ApiController
   before_action :set_account
-  before_action :authenticate_user!
+  before_action :doorkeeper_authorize!
   respond_to    :json
 
   def show
diff --git a/app/controllers/api/follows_controller.rb b/app/controllers/api/follows_controller.rb
index acf627a07..9ec4f46b8 100644
--- a/app/controllers/api/follows_controller.rb
+++ b/app/controllers/api/follows_controller.rb
@@ -1,5 +1,5 @@
 class Api::FollowsController < ApiController
-  before_action :authenticate_user!
+  before_action :doorkeeper_authorize!
   respond_to    :json
 
   def create
diff --git a/app/controllers/api/statuses_controller.rb b/app/controllers/api/statuses_controller.rb
index 04128537a..951f7113a 100644
--- a/app/controllers/api/statuses_controller.rb
+++ b/app/controllers/api/statuses_controller.rb
@@ -1,5 +1,5 @@
 class Api::StatusesController < ApiController
-  before_action :authenticate_user!
+  before_action :doorkeeper_authorize!
   respond_to    :json
 
   def show
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index d24f63f27..80d084328 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -4,7 +4,7 @@ class ApiController < ApplicationController
   protected
 
   def current_resource_owner
-    User.find(doorkeeper_token.user_id) if doorkeeper_token
+    User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
   end
 
   def current_user
diff --git a/app/helpers/stream_entries_helper.rb b/app/helpers/stream_entries_helper.rb
index 2a59553ab..60955a0a7 100644
--- a/app/helpers/stream_entries_helper.rb
+++ b/app/helpers/stream_entries_helper.rb
@@ -23,8 +23,9 @@ module StreamEntriesHelper
   def linkify(status)
     mention_hash = {}
     status.mentions.each { |m| mention_hash[m.acct] = m }
+    coder = HTMLEntities.new
 
-    auto_link(CGI.escapeHTML(status.text), link: :urls, html: { target: '_blank', rel: 'nofollow' }).gsub(Account::MENTION_RE) do |m|
+    auto_link(coder.encode(status.text), link: :urls, html: { target: '_blank', rel: 'nofollow' }).gsub(Account::MENTION_RE) do |m|
       account = mention_hash[Account::MENTION_RE.match(m)[1]]
       "#{m.split('@').first}<a href=\"#{url_for_target(account)}\" class=\"mention\">@<span>#{account.acct}</span></a>"
     end.html_safe
diff --git a/app/models/feed.rb b/app/models/feed.rb
index a063ad05b..0c0b8ae2c 100644
--- a/app/models/feed.rb
+++ b/app/models/feed.rb
@@ -11,7 +11,7 @@ class Feed
     # If we're after most recent items and none are there, we need to precompute the feed
     return PrecomputeFeedService.new.(@type, @account).take(limit) if unhydrated.empty? && offset == 0
 
-    Status.where(id: unhydrated).each { |status| status_map[status.id.to_s] = status }
+    Status.where(id: unhydrated).with_includes.with_counters.each { |status| status_map[status.id.to_s] = status }
     return unhydrated.map { |id| status_map[id] }
   end
 
diff --git a/app/models/status.rb b/app/models/status.rb
index 7e0c334ec..4fedad107 100644
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -14,6 +14,9 @@ class Status < ActiveRecord::Base
   validates :account, presence: true
   validates :uri, uniqueness: true, unless: 'local?'
 
+  scope :with_counters, -> { select('statuses.*, (select count(r.id) from statuses as r where r.reblog_of_id = statuses.id) as reblogs_count, (select count(f.id) from favourites as f where f.status_id = statuses.id) as favourites_count') }
+  scope :with_includes, -> { includes(:account, reblog: :account, thread: :account) }
+
   def local?
     self.uri.nil?
   end
diff --git a/app/services/precompute_feed_service.rb b/app/services/precompute_feed_service.rb
index 89b034404..bcc757222 100644
--- a/app/services/precompute_feed_service.rb
+++ b/app/services/precompute_feed_service.rb
@@ -18,11 +18,11 @@ class PrecomputeFeedService < BaseService
   end
 
   def home(account)
-    Status.where(account: [account] + account.following)
+    Status.where(account: [account] + account.following).with_includes.with_counts
   end
 
   def mentions(account)
-    Status.where(id: Mention.where(account: account).pluck(:status_id))
+    Status.where(id: Mention.where(account: account).pluck(:status_id)).with_includes.with_counts
   end
 
   def key(type, id)
diff --git a/app/views/stream_entries/_status.html.haml b/app/views/stream_entries/_status.html.haml
index 38986cf1f..6323501cc 100644
--- a/app/views/stream_entries/_status.html.haml
+++ b/app/views/stream_entries/_status.html.haml
@@ -24,10 +24,10 @@
         .header__right
           .counter-btn{ class: reblogged_by_me_class(status) }
             %i.fa.fa-retweet
-            %span.counter-number= status.reblog? ? status.reblog.reblogs.count : status.reblogs.count
+            %span.counter-number= status.reblog? ? status.reblog.reblogs.count : status.reblogs_count
           .counter-btn{ class: favourited_by_me_class(status) }
             %i.fa.fa-star
-            %span.counter-number= status.reblog? ? status.reblog.favourites.count : status.favourites.count
+            %span.counter-number= status.reblog? ? status.reblog.favourites.count : status.favourites_count
       .content
         = status.reblog? ? (status.reblog.local? ? linkify(status.reblog) : status.reblog.content.html_safe) : (status.local? ? linkify(status) : status.content.html_safe)