From 308653cf1e96573c04cb3475d0dff9f39ccdcf8f Mon Sep 17 00:00:00 2001
From: Thibault Duplessis <thibault.duplessis@gmail.com>
Date: Sat, 7 Jun 2014 12:09:12 +0200
Subject: [PATCH] limit API usage unless security token specified

---
 modules/api/src/main/GameApi.scala | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/api/src/main/GameApi.scala b/modules/api/src/main/GameApi.scala
index 294e8a9176..e6c517abe2 100644
--- a/modules/api/src/main/GameApi.scala
+++ b/modules/api/src/main/GameApi.scala
@@ -18,7 +18,8 @@ private[api] final class GameApi(
     apiToken: String,
     pgnDump: PgnDump) {
 
-  private def makeNb(nb: Option[Int]) = math.min(100, nb | 10)
+  private def makeNb(token: Option[String], nb: Option[Int]) =
+    math.min(validToken(token) ? 200 | 10, nb | 10)
 
   def list(
     username: Option[String],
@@ -31,7 +32,7 @@ private[api] final class GameApi(
     G.playerUids -> username,
     G.rated -> rated.map(_.fold(JsBoolean(true), $exists(false))),
     G.analysed -> analysed.map(_.fold(JsBoolean(true), $exists(false)))
-  ).noNull) sort lila.game.Query.sortCreated, makeNb(nb)) flatMap
+  ).noNull) sort lila.game.Query.sortCreated, makeNb(token, nb)) flatMap
     gamesJson(withAnalysis, token) map { games =>
       Json.obj("list" -> games)
     }