[feature] Add config option to expose custom emojis without auth (#4233)

# Description

> If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.
>
> If this is a documentation change, please briefly describe what you've changed and why.

Does as it says on the tin! Should make things a bit easier for clients that don't provide an access token to the custom emojis endpoint.

Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/2430

## Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [x] I/we have made any necessary changes to documentation.
- [ ] I/we have added tests that cover new code.
- [x] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4233
Reviewed-by: Daenney <daenney@noreply.codeberg.org>
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>

1 files changed, 15 insertions, 7 deletions

diff --git a/internal/api/client/customemojis/customemojisget.go b/internal/api/client/customemojis/customemojisget.go
index c63445aef..9aa878274 100644
--- a/internal/api/client/customemojis/customemojisget.go
+++ b/internal/api/client/customemojis/customemojisget.go
@@ -21,6 +21,7 @@ import (
 	"net/http"
 
 	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
 	"github.com/gin-gonic/gin"
 )
@@ -29,6 +30,8 @@ import (
 //
 // Get an array of custom emojis available on the instance.
 //
+// If the instance config setting `instance-expose-custom-emojis` is `true` then authentication is not required.
+//
 //	---
 //	tags:
 //	- custom_emojis
@@ -37,7 +40,8 @@ import (
 //	- application/json
 //
 //	security:
-//	- OAuth2 Bearer: []
+//	- OAuth2 Bearer:
+//		- read:custom_emojis
 //
 //	responses:
 //		'200':
@@ -53,12 +57,16 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) CustomEmojisGETHandler(c *gin.Context) {
-	_, errWithCode := apiutil.TokenAuth(c,
-		true, true, true, true,
-	)
-	if errWithCode != nil {
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
+	// If custom emojis are not exposed to unauthed
+	// callers, fail if a token was not provided.
+	if !config.GetInstanceExposeCustomEmojis() {
+		if _, errWithCode := apiutil.TokenAuth(c,
+			true, true, true, true,
+			apiutil.ScopeReadCustomEmojis,
+		); errWithCode != nil {
+			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+			return
+		}
 	}
 
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {