Replace Option<bool> with bool for PostQuery and CommentQuery (#3819) (#3857)

[lemmy.git] / crates / apub / src / api / resolve_object.rs

diff --git a/crates/apub/src/api/resolve_object.rs b/crates/apub/src/api/resolve_object.rs
index d86c28d60b05038c129c6d8d1f029262225791db..f5a703c9927999a76a1718428bcc82a17f0ab8a2 100644 (file)
--- a/crates/apub/src/api/resolve_object.rs
+++ b/crates/apub/src/api/resolve_object.rs
@@ -1,11 +1,15 @@
-use crate::fetcher::search::{search_query_to_object_id, SearchableObjects};
+use crate::fetcher::search::{
+  search_query_to_object_id,
+  search_query_to_object_id_local,
+  SearchableObjects,
+};
 use activitypub_federation::config::Data;
 use actix_web::web::{Json, Query};
 use diesel::NotFound;
 use lemmy_api_common::{
   context::LemmyContext,
   site::{ResolveObject, ResolveObjectResponse},
-  utils::{check_private_instance, local_user_view_from_jwt},
+  utils::{check_private_instance, local_user_view_from_jwt_opt},
 };
 use lemmy_db_schema::{newtypes::PersonId, source::local_site::LocalSite, utils::DbPool};
 use lemmy_db_views::structs::{CommentView, PostView};
@@ -17,14 +21,23 @@ pub async fn resolve_object(
   data: Query<ResolveObject>,
   context: Data<LemmyContext>,
 ) -> Result<Json<ResolveObjectResponse>, LemmyError> {
-  let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
+  let local_user_view = local_user_view_from_jwt_opt(data.auth.as_ref(), &context).await;
   let local_site = LocalSite::read(&mut context.pool()).await?;
-  let person_id = local_user_view.person.id;
-  check_private_instance(&Some(local_user_view), &local_site)?;
+  check_private_instance(&local_user_view, &local_site)?;
+  let person_id = local_user_view.map(|v| v.person.id);
+  // If we get a valid personId back we can safely assume that the user is authenticated,
+  // if there's no personId then the JWT was missing or invalid.
+  let is_authenticated = person_id.is_some();
+
+  let res = if is_authenticated {
+    // user is fully authenticated; allow remote lookups as well.
+    search_query_to_object_id(&data.q, &context).await
+  } else {
+    // user isn't authenticated only allow a local search.
+    search_query_to_object_id_local(&data.q, &context).await
+  }
+  .with_lemmy_type(LemmyErrorType::CouldntFindObject)?;
 
-  let res = search_query_to_object_id(&data.q, &context)
-    .await
-    .with_lemmy_type(LemmyErrorType::CouldntFindObject)?;
   convert_response(res, person_id, &mut context.pool())
     .await
     .with_lemmy_type(LemmyErrorType::CouldntFindObject)
@@ -32,7 +45,7 @@ pub async fn resolve_object(
 
 async fn convert_response(
   object: SearchableObjects,
-  user_id: PersonId,
+  user_id: Option<PersonId>,
   pool: &mut DbPool<'_>,
 ) -> Result<Json<ResolveObjectResponse>, LemmyError> {
   use SearchableObjects::*;
@@ -45,15 +58,15 @@ async fn convert_response(
     }
     Community(c) => {
       removed_or_deleted = c.deleted || c.removed;
-      res.community = Some(CommunityView::read(pool, c.id, Some(user_id), None).await?)
+      res.community = Some(CommunityView::read(pool, c.id, user_id, false).await?)
     }
     Post(p) => {
       removed_or_deleted = p.deleted || p.removed;
-      res.post = Some(PostView::read(pool, p.id, Some(user_id), None).await?)
+      res.post = Some(PostView::read(pool, p.id, user_id, false).await?)
     }
     Comment(c) => {
       removed_or_deleted = c.deleted || c.removed;
-      res.comment = Some(CommentView::read(pool, c.id, Some(user_id)).await?)
+      res.comment = Some(CommentView::read(pool, c.id, user_id).await?)
     }
   };
   // if the object was deleted from database, dont return it