commit: 57e58d26029388a5831cd2ac3fbc419c27c4d7c6
parent: 26e76138241e560551f2d0c3de055dd8830d8b4a
Author: kaniini <nenolod@gmail.com>
Date: Wed, 29 May 2019 11:33:37 +0000
Merge branch 'feature/search-authenticated-only' into 'develop'
router: require oauth_read for searching
Closes #935
See merge request pleroma/pleroma!1209
Diffstat:
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -414,7 +414,12 @@ defmodule Pleroma.Web.Router do
get("/trends", MastodonAPIController, :empty_array)
- get("/accounts/search", MastodonAPIController, :account_search)
+ scope [] do
+ pipe_through(:oauth_read)
+
+ get("/search", MastodonAPIController, :search)
+ get("/accounts/search", MastodonAPIController, :account_search)
+ end
scope [] do
pipe_through(:oauth_read_or_public)
@@ -431,14 +436,12 @@ defmodule Pleroma.Web.Router do
get("/accounts/:id/following", MastodonAPIController, :following)
get("/accounts/:id", MastodonAPIController, :user)
- get("/search", MastodonAPIController, :search)
-
get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
end
end
scope "/api/v2", Pleroma.Web.MastodonAPI do
- pipe_through([:api, :oauth_read_or_public])
+ pipe_through([:api, :oauth_read])
get("/search", MastodonAPIController, :search2)
end
@@ -480,9 +483,14 @@ defmodule Pleroma.Web.Router do
get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status)
get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
- get("/search", TwitterAPI.Controller, :search)
get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
end
+
+ scope [] do
+ pipe_through(:oauth_read)
+
+ get("/search", TwitterAPI.Controller, :search)
+ end
end
scope "/api", Pleroma.Web do
@@ -500,7 +508,7 @@ defmodule Pleroma.Web.Router do
end
scope "/api", Pleroma.Web, as: :twitter_api_search do
- pipe_through([:api, :oauth_read_or_public])
+ pipe_through([:api, :oauth_read])
get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
end