Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Change unauthenticated search to not support pagination in REST API (#19326)

Browse source 
- Only exact search matches for queries with < 5 characters
- Do not support queries with `offset` (pagination)
- Return HTTP 401 on truthy `resolve` instead of overriding to false
This commit is contained in:
Eugen Rochko 2022-10-26 12:10:02 +02:00 committed by GitHub
parent 8f07381856
commit 1ae508bf2f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

13
app/controllers/api/v2/search_controller.rb
View file

@ -6,6 +6,7 @@ class Api::V2::SearchController < Api::BaseController
RESULTS_LIMIT = 20
before_action -> { authorize_if_got_token! :read, :'read:search' }
before_action :validate_search_params!
def index
@search = Search.new(search_results)
@ -18,12 +19,22 @@ class Api::V2::SearchController < Api::BaseController
private
def validate_search_params!
params.require(:q)
return if user_signed_in?
return render json: { error: 'Search queries pagination is not supported without authentication' }, status: 401 if params[:offset].present?
render json: { error: 'Search queries that resolve remote resources are not supported without authentication' }, status: 401 if truthy_param?(:resolve)
end
def search_results
SearchService.new.call(
params[:q],
current_account,
limit_param(RESULTS_LIMIT),
search_params.merge(resolve: user_signed_in? ? truthy_param?(:resolve) : false, exclude_unreviewed: truthy_param?(:exclude_unreviewed))
search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed))
)
end