Conditional search - Githubissues

easyops-cn / docusaurus-search-local

Offline/local search for Docusaurus v2/v3

https://easyops-cn.github.io/docusaurus-search-local/

MIT License

712 stars 90 forks source link

Conditional search #416

Open marcselman opened 5 months ago

marcselman commented 5 months ago

We have implemented custom authentication for the Docusaurus site. We don't want the search to work as long as someone is not yet logged in. What would be the best way to implement this?

I'm thinking of various options:

Hiding the search bar through CSS (not very safe)
Somehow returning an empty search index
Conditionally render the search bar somehow
Sending a command to the search component somehow

weareoutman commented 5 months ago

Related issue #210

weareoutman commented 5 months ago

If you're using client-side auth, try this workaround
If you're using server-side auth, try to store the search-index.json on your server, and serve it with auth guarded instead of a static file.

marcselman commented 4 months ago

Hi @weareoutman, Thanks for your reply. That's a different issue which we have already solved. Search indexing correctly bypasses our authentication.

The issue we're having is that the search box in the header is also shown to people who are not logged in. By using the search they can then get pieces of data that they are not allowed to see. So we want to hide or disable the search bar in the header conditionally.

weareoutman commented 4 months ago

If you only want to hide the search bar when users are not logged in, you can do it by adding a global css which hides the search bar, in your client auth guard component, or somewhere else appears in all your pages.

Even though users can get the index file by accessing the URL directly if they know it.

Or you have to add a server-side auth guard and serve the index file on your server, just as I mentioned above.