From ca3af6c5b00be851e2ced9112429cfc1baa79529 Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Sun, 10 May 2020 03:02:22 -0500
Subject: Port monsterfork@58c707c474

make data miners' lives harder by also requiring authentication on
account api endpoints
---
 app/controllers/api/v1/accounts/statuses_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controllers/api/v1/accounts/statuses_controller.rb')

diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 114ee0a82..fe932f93c 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -26,6 +26,8 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
   end
 
   def account_statuses
+    return Status.none unless user_signed_in?
+
     statuses = truthy_param?(:pinned) ? pinned_scope : permitted_account_statuses
 
     statuses.merge!(only_media_scope) if truthy_param?(:only_media)
-- 
cgit