Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conditional search #416

Open
marcselman opened this issue Jun 5, 2024 · 4 comments
Open

Conditional search #416

marcselman opened this issue Jun 5, 2024 · 4 comments

Comments

@marcselman
Copy link

We have implemented custom authentication for the Docusaurus site. We don't want the search to work as long as someone is not yet logged in. What would be the best way to implement this?

I'm thinking of various options:

  • Hiding the search bar through CSS (not very safe)
  • Somehow returning an empty search index
  • Conditionally render the search bar somehow
  • Sending a command to the search component somehow
@weareoutman
Copy link
Member

Related issue #210

@weareoutman
Copy link
Member

  • If you're using client-side auth, try this workaround
  • If you're using server-side auth, try to store the search-index.json on your server, and serve it with auth guarded instead of a static file.

@marcselman
Copy link
Author

Hi @weareoutman,
Thanks for your reply.
That's a different issue which we have already solved.
Search indexing correctly bypasses our authentication.

The issue we're having is that the search box in the header is also shown to people who are not logged in.
By using the search they can then get pieces of data that they are not allowed to see.
So we want to hide or disable the search bar in the header conditionally.

@weareoutman
Copy link
Member

If you only want to hide the search bar when users are not logged in, you can do it by adding a global css which hides the search bar, in your client auth guard component, or somewhere else appears in all your pages.

Even though users can get the index file by accessing the URL directly if they know it.

Or you have to add a server-side auth guard and serve the index file on your server, just as I mentioned above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants