docusaurus-search-local icon indicating copy to clipboard operation
docusaurus-search-local copied to clipboard

Published 20 hours ago verified publisher icon easyops-cn

Conditional search

Open marcselman opened this issue 1 year ago • 4 comments

We have implemented custom authentication for the Docusaurus site. We don't want the search to work as long as someone is not yet logged in. What would be the best way to implement this?

I'm thinking of various options:

  • Hiding the search bar through CSS (not very safe)
  • Somehow returning an empty search index
  • Conditionally render the search bar somehow
  • Sending a command to the search component somehow

marcselman avatar Jun 05 '24 08:06 marcselman

Related issue #210

weareoutman avatar Jun 05 '24 08:06 weareoutman

  • If you're using client-side auth, try this workaround
  • If you're using server-side auth, try to store the search-index.json on your server, and serve it with auth guarded instead of a static file.

weareoutman avatar Jun 05 '24 09:06 weareoutman

Hi @weareoutman, Thanks for your reply. That's a different issue which we have already solved. Search indexing correctly bypasses our authentication.

The issue we're having is that the search box in the header is also shown to people who are not logged in. By using the search they can then get pieces of data that they are not allowed to see. So we want to hide or disable the search bar in the header conditionally.

marcselman avatar Jul 05 '24 08:07 marcselman

If you only want to hide the search bar when users are not logged in, you can do it by adding a global css which hides the search bar, in your client auth guard component, or somewhere else appears in all your pages.

Even though users can get the index file by accessing the URL directly if they know it.

Or you have to add a server-side auth guard and serve the index file on your server, just as I mentioned above.

weareoutman avatar Jul 05 '24 08:07 weareoutman