403 all guests on /search & /search/term regardless of mobile/desktop - closes #612

src/routes/api.js

@@ -215,14 +215,18 @@ var path = require('path'),
 			});
 
 			app.get('/search', function (req, res) {
-				return res.json({
+				if (req.user && req.user.uid) {
-					show_no_topics: 'hide',
+					return res.json({
-					show_no_posts: 'hide',
+						show_no_topics: 'hide',
-					show_results: 'hide',
+						show_no_posts: 'hide',
-					search_query: '',
+						show_results: 'hide',
-					posts: [],
+						search_query: '',
-					topics: []
+						posts: [],
-				});
+						topics: []
+					});
+				} else {
+					res.send(403);
+				}
 			});
 
 			app.get('/search/:term', function (req, res, next) {
@@ -254,20 +258,24 @@ var path = require('path'),
 					});
 				}
 
-				async.parallel([searchPosts, searchTopics], function (err, results) {
+				if (req.user && req.user.uid) {
-					if (err) {
+					async.parallel([searchPosts, searchTopics], function (err, results) {
-						return next();
+						if (err) {
-					}
+							return next();
+						}
 
-					return res.json({
+						return res.json({
-						show_no_topics: results[1].length ? 'hide' : '',
+							show_no_topics: results[1].length ? 'hide' : '',
-						show_no_posts: results[0].length ? 'hide' : '',
+							show_no_posts: results[0].length ? 'hide' : '',
-						show_results: '',
+							show_results: '',
-						search_query: req.params.term,
+							search_query: req.params.term,
-						posts: results[0],
+							posts: results[0],
-						topics: results[1]
+							topics: results[1]
+						});
 					});
-				});
+				} else {
+					res.send(403);
+				}
 			});
 
 			app.get('/reset', function (req, res) {