Add a setting to allow anonymous access to individual gists while still RequireLogin everywhere else (#229)

* Add a setting to allow accessing individual gists without auth This is a middle ground between the existing setting "Require Login", which requires login to do anything at all, and having it off, which shows a public list of gists and more generally allows discovering info about the users/gists of the instance without login. The idea of this setting is that it is "require login" for everything except individual gists. Fixes #228. Co-authored-by: Thomas Miceli <tho.miceli@gmail.com>
2024-05-12 14:40:11 -07:00
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -0,0 +1,18 @@
+package auth
+
+type AuthInfoProvider interface {
+	RequireLogin() (bool, error)
+	AllowGistsWithoutLogin() (bool, error)
+}
+
+func ShouldAllowUnauthenticatedGistAccess(prov AuthInfoProvider, isSingleGistAccess bool) (bool, error) {
+	require, err := prov.RequireLogin()
+	if err != nil {
+		return false, err
+	}
+	allow, err := prov.AllowGistsWithoutLogin()
+	if err != nil {
+		return false, err
+	}
+	return !require || (isSingleGistAccess && allow), nil
+}