From 013ed7380f82b3305d68785383b1a8ceb56fda1f Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Tue, 21 Jan 2025 21:31:38 +0100
Subject: [PATCH] [backend/masto-client] Don't require authentication for
 /accounts/{id}/statuses (ISH-688)

---
 .../Controllers/Mastodon/AccountController.cs             | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Iceshrimp.Backend/Controllers/Mastodon/AccountController.cs b/Iceshrimp.Backend/Controllers/Mastodon/AccountController.cs
index 5e5b3dda..d67a85f5 100644
--- a/Iceshrimp.Backend/Controllers/Mastodon/AccountController.cs
+++ b/Iceshrimp.Backend/Controllers/Mastodon/AccountController.cs
@@ -173,7 +173,8 @@ public class AccountController(
 	[ProducesResults(HttpStatusCode.OK)]
 	[ProducesErrors(HttpStatusCode.Forbidden)]
 	public async Task<IEnumerable<AccountEntity>> GetManyUsers(
-		[FromQuery(Name = "id")] [MaxLength(40)] HashSet<string> ids
+		[FromQuery(Name = "id")] [MaxLength(40)]
+		HashSet<string> ids
 	)
 	{
 		var localUser = HttpContext.GetUser();
@@ -392,7 +393,10 @@ public class AccountController(
 		string id, AccountSchemas.AccountStatusesRequest request, MastodonPaginationQuery query
 	)
 	{
-		var user    = HttpContext.GetUserOrFail();
+		var user = HttpContext.GetUser();
+		if (config.Value.PublicPreview == Enums.PublicPreview.Lockdown && user == null)
+			throw GracefulException.Forbidden("Public preview is disabled on this instance");
+
 		var account = await db.Users.FirstOrDefaultAsync(p => p.Id == id) ?? throw GracefulException.RecordNotFound();
 
 		return await db.Notes