From ad6bed4333856752af19906dd645bcca05f51d06 Mon Sep 17 00:00:00 2001
From: MingxuanGame <MingxuanGame@outlook.com>
Date: Sun, 14 Sep 2025 05:01:05 +0000
Subject: [PATCH] fix(relationship): add check for non-existent target user

---
 app/router/v2/relationship.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/router/v2/relationship.py b/app/router/v2/relationship.py
index 8d0905a..69a9ea9 100644
--- a/app/router/v2/relationship.py
+++ b/app/router/v2/relationship.py
@@ -8,7 +8,7 @@ from .router import router
 
 from fastapi import HTTPException, Path, Query, Request, Security
 from pydantic import BaseModel
-from sqlmodel import select
+from sqlmodel import exists, select
 
 
 @router.get(
@@ -67,6 +67,9 @@ async def add_relationship(
     target: int = Query(description="目标用户 ID"),
     current_user: User = Security(get_client_user),
 ):
+    if not (await db.exec(select(exists()).where(User.id == target))).first():
+        raise HTTPException(404, "Target user not found")
+
     relationship_type = RelationshipType.FOLLOW if request.url.path.endswith("/friends") else RelationshipType.BLOCK
     if target == current_user.id:
         raise HTTPException(422, "Cannot add relationship to yourself")
@@ -133,6 +136,9 @@ async def delete_relationship(
     target: int = Path(..., description="目标用户 ID"),
     current_user: User = Security(get_client_user),
 ):
+    if not (await db.exec(select(exists()).where(User.id == target))).first():
+        raise HTTPException(404, "Target user not found")
+
     relationship_type = RelationshipType.BLOCK if "/blocks/" in request.url.path else RelationshipType.FOLLOW
     relationship = (
         await db.exec(