diff --git a/app/main.py b/app/main.py index 583de5b..9020d95 100644 --- a/app/main.py +++ b/app/main.py @@ -647,13 +647,24 @@ def maybe_start_suspicious_watch(account_id: str, acct: str) -> None: def fetch_account_counts(account_id: str) -> tuple[int, int]: - """Return (statuses_count, following_count) for an account via the public + """Return (statuses_count, following_count) for an account via the admin account API. Split out from maybe_start_suspicious_watch as a single seam - to stub in tests.""" - resp = httpx.get(f"{MASTODON_BASE_URL}/api/v1/accounts/{account_id}", timeout=15.0) + to stub in tests. + + Uses the *admin* endpoint (like suspicious_sweep._fetch_admin_account), + not the public one — the public accounts API 404s for any account that + hasn't confirmed its email yet, which most flagged signups haven't at the + moment account.created/approved fires, silently dropping them from the + watch list before the grace-period clock ever starts. + """ + resp = httpx.get( + f"{MASTODON_BASE_URL}/api/v1/admin/accounts/{account_id}", + headers=_admin_headers(), timeout=15.0, + ) resp.raise_for_status() data = resp.json() - return data.get("statuses_count", 0), data.get("following_count", 0) + account = data.get("account") or {} + return account.get("statuses_count", 0), account.get("following_count", 0) # --- Mastodon API (abuse) --------------------------------------------------