Only allow logged-in user to use search API

2024-09-19 18:00:23 +03:00 · 2023-06-11 03:04:08 +08:00 · 2023-06-11 03:04:08 +08:00 · 15137fc5c7
commit 15137fc5c7
parent 2b64892e83
1 changed files with 31 additions and 27 deletions
--- a/mastoapi.c
+++ b/mastoapi.c
@ -1627,43 +1627,47 @@ int mastoapi_get_handler(const xs_dict *req, const char *q_path,
    }
    else
    if (strcmp(cmd, "/v2/search") == 0) { /** **/
-        const char *q      = xs_dict_get(args, "q");
-        const char *type   = xs_dict_get(args, "type");
-        const char *offset = xs_dict_get(args, "offset");
+        if (logged_in) {
+            const char *q      = xs_dict_get(args, "q");
+            const char *type   = xs_dict_get(args, "type");
+            const char *offset = xs_dict_get(args, "offset");

-        xs *acl = xs_list_new();
-        xs *stl = xs_list_new();
-        xs *htl = xs_list_new();
-        xs *res = xs_dict_new();
+            xs *acl = xs_list_new();
+            xs *stl = xs_list_new();
+            xs *htl = xs_list_new();
+            xs *res = xs_dict_new();

-        if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
-            /* reply something only for offset 0; otherwise,
-               apps like Tusky keep asking again and again */
+            if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
+                /* reply something only for offset 0; otherwise,
+                   apps like Tusky keep asking again and again */

-            if (!xs_is_null(q) && !xs_is_null(type) && strcmp(type, "accounts") == 0) {
-                /* do a webfinger query */
-                char *actor = NULL;
-                char *user  = NULL;
+                if (!xs_is_null(q) && !xs_is_null(type) && strcmp(type, "accounts") == 0) {
+                    /* do a webfinger query */
+                    char *actor = NULL;
+                    char *user  = NULL;

-                if (valid_status(webfinger_request(q, &actor, &user))) {
-                    xs *actor_o = NULL;
+                    if (valid_status(webfinger_request(q, &actor, &user))) {
+                        xs *actor_o = NULL;

-                    if (valid_status(actor_request(&snac1, actor, &actor_o))) {
-                        xs *acct = mastoapi_account(actor_o);
+                        if (valid_status(actor_request(&snac1, actor, &actor_o))) {
+                            xs *acct = mastoapi_account(actor_o);

-                        acl = xs_list_append(acl, acct);
+                            acl = xs_list_append(acl, acct);
+                        }
                    }
                }
            }
+
+            res = xs_dict_append(res, "accounts", acl);
+            res = xs_dict_append(res, "statuses", stl);
+            res = xs_dict_append(res, "hashtags", htl);
+
+            *body  = xs_json_dumps_pp(res, 4);
+            *ctype = "application/json";
+            status = 200;
        }
-
-        res = xs_dict_append(res, "accounts", acl);
-        res = xs_dict_append(res, "statuses", stl);
-        res = xs_dict_append(res, "hashtags", htl);
-
-        *body  = xs_json_dumps_pp(res, 4);
-        *ctype = "application/json";
-        status = 200;
+        else
+            status = 401;
    }

    /* user cleanup */