diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-10-28 11:36:25 +0200 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2022-10-28 19:23:58 +0200 |
| commit | cb19be67d1b47dd04cb5bb88e09f0101a614bd1c (patch) | |
| tree | 6c85ccc6ac0279ae7b1ed4dff56c8e83f71a0c95 /app/controllers/api/v2 | |
| parent | 371563b0e249b6369e04709fb974a8e57413529f (diff) | |
| parent | 8dfe5179ee7186e549dbe1186a151ffa848fe8ab (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Diffstat (limited to 'app/controllers/api/v2')
| -rw-r--r-- | app/controllers/api/v2/search_controller.rb | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/app/controllers/api/v2/search_controller.rb b/app/controllers/api/v2/search_controller.rb index 77eeab5b0..b084eae42 100644 --- a/app/controllers/api/v2/search_controller.rb +++ b/app/controllers/api/v2/search_controller.rb @@ -5,8 +5,8 @@ class Api::V2::SearchController < Api::BaseController RESULTS_LIMIT = (ENV['MAX_SEARCH_RESULTS'] || 20).to_i - before_action -> { doorkeeper_authorize! :read, :'read:search' } - before_action :require_user! + before_action -> { authorize_if_got_token! :read, :'read:search' } + before_action :validate_search_params! def index @search = Search.new(search_results) @@ -19,6 +19,16 @@ class Api::V2::SearchController < Api::BaseController private + def validate_search_params! + params.require(:q) + + return if user_signed_in? + + return render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401 if params[:offset].present? + + render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401 if truthy_param?(:resolve) + end + def search_results SearchService.new.call( params[:q], |