From 15137fc5c73598456af8737d37c3f222c55a9865 Mon Sep 17 00:00:00 2001
From: poesty <poesty7450@gmail.com>
Date: Sun, 11 Jun 2023 03:04:08 +0800
Subject: [PATCH] Only allow logged-in user to use search API

---
 mastoapi.c | 58 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 31 insertions(+), 27 deletions(-)

diff --git a/mastoapi.c b/mastoapi.c
index 8e4f27e..c158748 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -1627,43 +1627,47 @@ int mastoapi_get_handler(const xs_dict *req, const char *q_path,
     }
     else
     if (strcmp(cmd, "/v2/search") == 0) { /** **/
-        const char *q      = xs_dict_get(args, "q");
-        const char *type   = xs_dict_get(args, "type");
-        const char *offset = xs_dict_get(args, "offset");
+        if (logged_in) {
+            const char *q      = xs_dict_get(args, "q");
+            const char *type   = xs_dict_get(args, "type");
+            const char *offset = xs_dict_get(args, "offset");
 
-        xs *acl = xs_list_new();
-        xs *stl = xs_list_new();
-        xs *htl = xs_list_new();
-        xs *res = xs_dict_new();
+            xs *acl = xs_list_new();
+            xs *stl = xs_list_new();
+            xs *htl = xs_list_new();
+            xs *res = xs_dict_new();
 
-        if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
-            /* reply something only for offset 0; otherwise,
-               apps like Tusky keep asking again and again */
+            if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
+                /* reply something only for offset 0; otherwise,
+                   apps like Tusky keep asking again and again */
 
-            if (!xs_is_null(q) && !xs_is_null(type) && strcmp(type, "accounts") == 0) {
-                /* do a webfinger query */
-                char *actor = NULL;
-                char *user  = NULL;
+                if (!xs_is_null(q) && !xs_is_null(type) && strcmp(type, "accounts") == 0) {
+                    /* do a webfinger query */
+                    char *actor = NULL;
+                    char *user  = NULL;
 
-                if (valid_status(webfinger_request(q, &actor, &user))) {
-                    xs *actor_o = NULL;
+                    if (valid_status(webfinger_request(q, &actor, &user))) {
+                        xs *actor_o = NULL;
 
-                    if (valid_status(actor_request(&snac1, actor, &actor_o))) {
-                        xs *acct = mastoapi_account(actor_o);
+                        if (valid_status(actor_request(&snac1, actor, &actor_o))) {
+                            xs *acct = mastoapi_account(actor_o);
 
-                        acl = xs_list_append(acl, acct);
+                            acl = xs_list_append(acl, acct);
+                        }
                     }
                 }
             }
+
+            res = xs_dict_append(res, "accounts", acl);
+            res = xs_dict_append(res, "statuses", stl);
+            res = xs_dict_append(res, "hashtags", htl);
+
+            *body  = xs_json_dumps_pp(res, 4);
+            *ctype = "application/json";
+            status = 200;
         }
-
-        res = xs_dict_append(res, "accounts", acl);
-        res = xs_dict_append(res, "statuses", stl);
-        res = xs_dict_append(res, "hashtags", htl);
-
-        *body  = xs_json_dumps_pp(res, 4);
-        *ctype = "application/json";
-        status = 200;
+        else
+            status = 401;
     }
 
     /* user cleanup */