router: require oauth_read for searching

Search calls are generally expensive and allow unauthenticated users to
crawl the instance for user profiles or posts which contain specified
keywords.  An adversary can build a distributed search engine which not
only will consume significant instance resources, but also can be used
for undesirable purposes such as datamining.

Accordingly, require authenticated access to use the search API endpoints.
This acts as a nice balance as it allows guest users to make use of most
functionality available in Pleroma FE while ensuring that Pleroma
instances are reasonably protected from resource exhaustion.  It also
removes Pleroma as a potential vector in distributed search engines.

diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 352268b967b9938b198ca6afce767d346c07a00a..08c74a742ce180797e3fa29be24fa44bad8b92f2 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -414,7 +414,12 @@ defmodule Pleroma.Web.Router do
 
     get("/trends", MastodonAPIController, :empty_array)
 
-    get("/accounts/search", MastodonAPIController, :account_search)
+    scope [] do
+      pipe_through(:oauth_read)
+
+      get("/search", MastodonAPIController, :search)
+      get("/accounts/search", MastodonAPIController, :account_search)
+    end
 
     scope [] do
       pipe_through(:oauth_read_or_public)
@@ -431,14 +436,12 @@ defmodule Pleroma.Web.Router do
       get("/accounts/:id/following", MastodonAPIController, :following)
       get("/accounts/:id", MastodonAPIController, :user)
 
-      get("/search", MastodonAPIController, :search)
-
       get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
     end
   end
 
   scope "/api/v2", Pleroma.Web.MastodonAPI do
-    pipe_through([:api, :oauth_read_or_public])
+    pipe_through([:api, :oauth_read])
     get("/search", MastodonAPIController, :search2)
   end
 
@@ -480,9 +483,14 @@ defmodule Pleroma.Web.Router do
       get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status)
       get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
 
-      get("/search", TwitterAPI.Controller, :search)
       get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
     end
+
+    scope [] do
+      pipe_through(:oauth_read)
+
+      get("/search", TwitterAPI.Controller, :search)
+    end
   end
 
   scope "/api", Pleroma.Web do
@@ -500,7 +508,7 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/api", Pleroma.Web, as: :twitter_api_search do
-    pipe_through([:api, :oauth_read_or_public])
+    pipe_through([:api, :oauth_read])
     get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
   end