kunthawat/moreminimore-redesign
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Activity

fix: allow public access to search API for frontend LiveSearch (#107)

Browse Source 
* fix: allow public access to search and suggest API endpoints

The search and suggest endpoints required search:read permission,
blocking unauthenticated visitors from using the LiveSearch component.
This is safe because the search query layer defaults to status=published,
so public users only see published content.

Fixes #104

* fix: add changeset for public search API access

Patch bump for emdash - allows public access to search API endpoints.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Co-authored-by: Matt Kane <mkane@cloudflare.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Van Horn
2026-04-06 13:01:28 -07:00
committed by GitHub
parent 71744fb8b2
commit b297fdd88d
3 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/public-search-api.md Normal file
View File

@@ -0,0 +1,5 @@
---
"emdash": patch
---
Allows public access to search API for frontend LiveSearch

6
packages/core/src/astro/routes/api/search/index.ts
View File

@@ -6,7 +6,6 @@
import type { APIRoute } from "astro"; import type { APIRoute } from "astro";
import { requirePerm } from "#api/authorize.js";
import { apiError, apiSuccess, handleError } from "#api/error.js"; import { apiError, apiSuccess, handleError } from "#api/error.js";
import { isParseError, parseQuery } from "#api/parse.js"; import { isParseError, parseQuery } from "#api/parse.js";
import { searchQuery } from "#api/schemas.js"; import { searchQuery } from "#api/schemas.js";
@@ -24,10 +23,7 @@ export const prerender = false;
* - limit: Maximum results (optional, defaults to 20) * - limit: Maximum results (optional, defaults to 20)
*/ */
export const GET: APIRoute = async ({ url, locals }) => { export const GET: APIRoute = async ({ url, locals }) => {
const { emdash, user } = locals; const { emdash } = locals;
const denied = requirePerm(user, "search:read");
if (denied) return denied;
if (!emdash?.db) { if (!emdash?.db) {
return apiError("NOT_CONFIGURED", "EmDash not configured", 500); return apiError("NOT_CONFIGURED", "EmDash not configured", 500);

6
packages/core/src/astro/routes/api/search/suggest.ts
View File

@@ -6,7 +6,6 @@
import type { APIRoute } from "astro"; import type { APIRoute } from "astro";
import { requirePerm } from "#api/authorize.js";
import { apiError, apiSuccess, handleError } from "#api/error.js"; import { apiError, apiSuccess, handleError } from "#api/error.js";
import { isParseError, parseQuery } from "#api/parse.js"; import { isParseError, parseQuery } from "#api/parse.js";
import { searchSuggestQuery } from "#api/schemas.js"; import { searchSuggestQuery } from "#api/schemas.js";
@@ -23,10 +22,7 @@ export const prerender = false;
* - limit: Maximum suggestions (optional, defaults to 5) * - limit: Maximum suggestions (optional, defaults to 5)
*/ */
export const GET: APIRoute = async ({ url, locals }) => { export const GET: APIRoute = async ({ url, locals }) => {
const { emdash, user } = locals; const { emdash } = locals;
const denied = requirePerm(user, "search:read");
if (denied) return denied;
if (!emdash?.db) { if (!emdash?.db) {
return apiError("NOT_CONFIGURED", "EmDash not configured", 500); return apiError("NOT_CONFIGURED", "EmDash not configured", 500);