diff options
Diffstat (limited to 'app/controllers/api/v2')
| -rw-r--r-- | app/controllers/api/v2/search_controller.rb | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/app/controllers/api/v2/search_controller.rb b/app/controllers/api/v2/search_controller.rb index 77eeab5b0..b084eae42 100644 --- a/app/controllers/api/v2/search_controller.rb +++ b/app/controllers/api/v2/search_controller.rb @@ -5,8 +5,8 @@ class Api::V2::SearchController < Api::BaseController RESULTS_LIMIT = (ENV['MAX_SEARCH_RESULTS'] || 20).to_i - before_action -> { doorkeeper_authorize! :read, :'read:search' } - before_action :require_user! + before_action -> { authorize_if_got_token! :read, :'read:search' } + before_action :validate_search_params! def index @search = Search.new(search_results) @@ -19,6 +19,16 @@ class Api::V2::SearchController < Api::BaseController private + def validate_search_params! + params.require(:q) + + return if user_signed_in? + + return render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401 if params[:offset].present? + + render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401 if truthy_param?(:resolve) + end + def search_results SearchService.new.call( params[:q], |