[feature] add instance-expose-public-timeline flag (#1039)

* Add instance-expose-public-timeline flag Adds a config flag that allows unauthenticated access to /api/v1/timelines/public. Defaults to false to replicate existing behaviour. * Update structure following review * Add comment * Fix linting
2025-10-29 20:02:26 -05:00 · 2022-11-14 09:30:01 +00:00 · 2022-11-14 09:30:01 +00:00 · d120743e8b
commit d120743e8b
parent 8f2d3ca664
11 changed files with 71 additions and 22 deletions
--- a/internal/api/client/timeline/public.go
+++ b/internal/api/client/timeline/public.go
@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/api"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
@ -110,7 +111,17 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) PublicTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	var authed *oauth.Auth
+	var err error
+
+	if config.GetInstanceExposePublicTimeline() {
+		// If the public timeline is allowed to be exposed, still check if we
+		// can extract various authentication properties, but don't require them.
+		authed, err = oauth.Authed(c, false, false, false, false)
+	} else {
+		authed, err = oauth.Authed(c, true, true, true, true)
+	}
+
 	if err != nil {
 		api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
 		return