From b24d0150ed41e45676ded597340094a50aef573e Mon Sep 17 00:00:00 2001
From: Casper Sparre <reptail@gmail.com>
Date: Mon, 6 Oct 2025 20:10:23 +0200
Subject: [PATCH] Added safe-guard against paid content returned for other
 models

---
 OF DL/Helpers/APIHelper.cs             | 15 ++++++++++++---
 OF DL/Helpers/Interfaces/IAPIHelper.cs |  4 ++--
 OF DL/Program.cs                       | 22 +++++++++++-----------
 3 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/OF DL/Helpers/APIHelper.cs b/OF DL/Helpers/APIHelper.cs
index 353cd6d..e8bd7e5 100644
--- a/OF DL/Helpers/APIHelper.cs	
+++ b/OF DL/Helpers/APIHelper.cs	
@@ -897,7 +897,7 @@ public class APIHelper : IAPIHelper
     }
 
 
-    public async Task<PaidPostCollection> GetPaidPosts(string endpoint, string folder, string username, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx)
+    public async Task<PaidPostCollection> GetPaidPosts(string endpoint, string folder, string username, int userId, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx)
     {
         Log.Debug($"Calling GetPaidPosts - {username}");
 
@@ -948,6 +948,9 @@ public class APIHelper : IAPIHelper
             {
                 if (purchase.responseType == "post" && purchase.media != null && purchase.media.Count > 0)
                 {
+                    if (purchase.fromUser.id != userId)
+                        continue; // Ensures only posts from current model are included
+
                     List<long> previewids = new();
                     if (purchase.previews != null)
                     {
@@ -2001,7 +2004,7 @@ public class APIHelper : IAPIHelper
     }
 
 
-    public async Task<PaidMessageCollection> GetPaidMessages(string endpoint, string folder, string username, IDownloadConfig config, StatusContext ctx)
+    public async Task<PaidMessageCollection> GetPaidMessages(string endpoint, string folder, string username, int userId, IDownloadConfig config, StatusContext ctx)
     {
         Log.Debug($"Calling GetPaidMessages - {username}");
 
@@ -2064,10 +2067,16 @@ public class APIHelper : IAPIHelper
 
             if (paidMessages.list != null && paidMessages.list.Count > 0)
             {
+                int ownUserId = Convert.ToInt32(auth.USER_ID);
+                int[] validUserIds = [ownUserId, userId];
+
                 foreach (Purchased.List purchase in paidMessages.list.Where(p => p.responseType == "message").OrderByDescending(p => p.postedAt ?? p.createdAt))
                 {
-                    if (!config.IgnoreOwnMessages || purchase.fromUser.id != Convert.ToInt32(auth.USER_ID))
+                    if (!config.IgnoreOwnMessages || purchase.fromUser.id != ownUserId)
                     {
+                        if (!validUserIds.Contains(purchase.fromUser.id))
+                            continue; // Ensures only messages from current model (or self) are included
+
                         if (purchase.postedAt != null)
                         {
                             await m_DBHelper.AddMessage(folder, purchase.id, purchase.text != null ? purchase.text : string.Empty, purchase.price != null ? purchase.price : "0", true, false, purchase.postedAt.Value, purchase.fromUser.id);
diff --git a/OF DL/Helpers/Interfaces/IAPIHelper.cs b/OF DL/Helpers/Interfaces/IAPIHelper.cs
index 471e6db..ca0156c 100644
--- a/OF DL/Helpers/Interfaces/IAPIHelper.cs	
+++ b/OF DL/Helpers/Interfaces/IAPIHelper.cs	
@@ -20,13 +20,13 @@ namespace OF_DL.Helpers
         Task<List<string>> GetListUsers(string endpoint, IDownloadConfig config);
         Task<Dictionary<string, int>?> GetUsersFromList(string endpoint, bool includeRestricted, IDownloadConfig config);
         Task<Dictionary<long, string>> GetMedia(MediaType mediatype, string endpoint, string? username, string folder, IDownloadConfig config, List<long> paid_post_ids);
-        Task<PaidPostCollection> GetPaidPosts(string endpoint, string folder, string username, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx);
+        Task<PaidPostCollection> GetPaidPosts(string endpoint, string folder, string username, int userId, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx);
         Task<PostCollection> GetPosts(string endpoint, string folder, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx);
         Task<SinglePostCollection> GetPost(string endpoint, string folder, IDownloadConfig config);
         Task<StreamsCollection> GetStreams(string endpoint, string folder, IDownloadConfig config, List<long> paid_post_ids, StatusContext ctx);
         Task<ArchivedCollection> GetArchived(string endpoint, string folder, IDownloadConfig config, StatusContext ctx);
         Task<MessageCollection> GetMessages(string endpoint, string folder, IDownloadConfig config, StatusContext ctx);
-        Task<PaidMessageCollection> GetPaidMessages(string endpoint, string folder, string username, IDownloadConfig config, StatusContext ctx);
+        Task<PaidMessageCollection> GetPaidMessages(string endpoint, string folder, string username, long userId, IDownloadConfig config, StatusContext ctx);
         Task<Dictionary<string, long>> GetPurchasedTabUsers(string endpoint, IDownloadConfig config, Dictionary<string, long> users);
         Task<List<PurchasedTabCollection>> GetPurchasedTab(string endpoint, string folder, IDownloadConfig config, Dictionary<string, long> users);
         Task<User> GetUserInfo(string endpoint);
diff --git a/OF DL/Program.cs b/OF DL/Program.cs
index 4a9a191..ce60aa2 100644
--- a/OF DL/Program.cs	
+++ b/OF DL/Program.cs	
@@ -1441,15 +1441,15 @@ public class Program
 
 					AnsiConsole.Markup("\n");
 					AnsiConsole.Write(new BreakdownChart()
-					.FullSize()
-					.AddItem("Paid Posts", paidPostCount, Color.Red)
-					.AddItem("Posts", postCount, Color.Blue)
-					.AddItem("Archived", archivedCount, Color.Green)
-					.AddItem("Streams", streamsCount, Color.Purple)
-					.AddItem("Stories", storiesCount, Color.Yellow)
-					.AddItem("Highlights", highlightsCount, Color.Orange1)
-					.AddItem("Messages", messagesCount, Color.LightGreen)
-					.AddItem("Paid Messages", paidMessagesCount, Color.Aqua));
+					    .FullSize()
+					    .AddItem("Paid Posts", paidPostCount, Color.Red)
+					    .AddItem("Posts", postCount, Color.Blue)
+					    .AddItem("Archived", archivedCount, Color.Green)
+					    .AddItem("Streams", streamsCount, Color.Purple)
+					    .AddItem("Stories", storiesCount, Color.Yellow)
+					    .AddItem("Highlights", highlightsCount, Color.Orange1)
+					    .AddItem("Messages", messagesCount, Color.LightGreen)
+					    .AddItem("Paid Messages", paidMessagesCount, Color.Aqua));
 					AnsiConsole.Markup("\n");
 				}
 				DateTime endTime = DateTime.Now;
@@ -1513,7 +1513,7 @@ public class Program
         await AnsiConsole.Status()
         .StartAsync("[red]Getting Paid Messages[/]", async ctx =>
         {
-            paidMessageCollection = await downloadContext.ApiHelper.GetPaidMessages("/posts/paid/chat", path, user.Key, downloadContext.DownloadConfig!, ctx);
+            paidMessageCollection = await downloadContext.ApiHelper.GetPaidMessages("/posts/paid/chat", path, user.Key, user.Value, downloadContext.DownloadConfig!, ctx);
         });
 		int oldPaidMessagesCount = 0;
 		int newPaidMessagesCount = 0;
@@ -2176,7 +2176,7 @@ public class Program
         await AnsiConsole.Status()
         .StartAsync("[red]Getting Paid Posts[/]", async ctx =>
         {
-            purchasedPosts = await downloadContext.ApiHelper.GetPaidPosts("/posts/paid/post", path, user.Key, downloadContext.DownloadConfig!, paid_post_ids, ctx);
+            purchasedPosts = await downloadContext.ApiHelper.GetPaidPosts("/posts/paid/post", path, user.Key, user.Value, downloadContext.DownloadConfig!, paid_post_ids, ctx);
         });
 
 		int oldPaidPostCount = 0;