diff options
| author | kaniini <nenolod@gmail.com> | 2019-05-29 11:33:37 +0000 |
|---|---|---|
| committer | kaniini <nenolod@gmail.com> | 2019-05-29 11:33:37 +0000 |
| commit | 57e58d26029388a5831cd2ac3fbc419c27c4d7c6 (patch) | |
| tree | 9ebfcc6dfeb7a6ca41d60ae9a4958652c2944389 | |
| parent | 26e76138241e560551f2d0c3de055dd8830d8b4a (diff) | |
| parent | 0159a6dbe97330150d2913c7d7a060151f83f7eb (diff) | |
| download | pleroma-57e58d26029388a5831cd2ac3fbc419c27c4d7c6.tar.gz | |
Merge branch 'feature/search-authenticated-only' into 'develop'
router: require oauth_read for searching
Closes #935
See merge request pleroma/pleroma!1209
| -rw-r--r-- | lib/pleroma/web/router.ex | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 352268b96..08c74a742 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -414,7 +414,12 @@ defmodule Pleroma.Web.Router do get("/trends", MastodonAPIController, :empty_array) - get("/accounts/search", MastodonAPIController, :account_search) + scope [] do + pipe_through(:oauth_read) + + get("/search", MastodonAPIController, :search) + get("/accounts/search", MastodonAPIController, :account_search) + end scope [] do pipe_through(:oauth_read_or_public) @@ -431,14 +436,12 @@ defmodule Pleroma.Web.Router do get("/accounts/:id/following", MastodonAPIController, :following) get("/accounts/:id", MastodonAPIController, :user) - get("/search", MastodonAPIController, :search) - get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites) end end scope "/api/v2", Pleroma.Web.MastodonAPI do - pipe_through([:api, :oauth_read_or_public]) + pipe_through([:api, :oauth_read]) get("/search", MastodonAPIController, :search2) end @@ -480,9 +483,14 @@ defmodule Pleroma.Web.Router do get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status) get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) - get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) end + + scope [] do + pipe_through(:oauth_read) + + get("/search", TwitterAPI.Controller, :search) + end end scope "/api", Pleroma.Web do @@ -500,7 +508,7 @@ defmodule Pleroma.Web.Router do end scope "/api", Pleroma.Web, as: :twitter_api_search do - pipe_through([:api, :oauth_read_or_public]) + pipe_through([:api, :oauth_read]) get("/pleroma/search_user", TwitterAPI.Controller, :search_user) end |