Search query in URL has no effect

[tagawa]

Steps to reproduce:

1. Go to https://webcompat.com/issues?page=1&per_page=50&state=open&stage=all&sort=created&direction=desc&q=vivaldi

What should happen:
Only issues containing the term "vivaldi" should be displayed.

What actually happens:
All open issues are displayed.

[miketaylr]

Thanks for reporting--this shouldn't be too difficult to fix.

[miketaylr]

@tagawa so this is a little tricky. In order to get search results, we need to use the Search API. We don't offer a proxied search, so the user has to be logged in.

Do you think we should do some kind of flash message prompting to log-in if there's a q=search-item in the URL? Or would that be annoying?

[karlcow]

What @miketaylr forgot to mention is that it's not the non-logged user doing the request but webcompat.com doing the request to github and returns it to the user.

So what is happening is

1. https://webcompat.com/issues?page=1&per_page=50&state=open&stage=all&sort=created&direction=desc&q=vivaldi
2. https://github.com/webcompat/web-bugs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+vivaldi
3. displays the results to the user.

So the real user is webcompat.com wrt github. There's a rate-limit on the search API. So if webcompat.com was taking care of all the requests, there will be time where it fails.

X-RateLimit-Limit: 10
X-RateLimit-Remaining: 9
X-RateLimit-Reset: 1434756308

The Search API has a custom rate limit. For requests using Basic Authentication, OAuth, or client ID and secret, you can make up to 30 requests per minute. For unauthenticated requests, the rate limit allows you to make up to 10 requests per minute.

That said there might be a solution which would require if the user is logged or not.

1. If the user is logged it will be his own credentials (as now)
2. If the user is unlogged, the JS client is doing the request to the API (instead of the python code), so it means that each individual users are tapping into the rate limit of 10 requests per minute, and not webcompat.

It's a bit more complex, but it could work.

[miketaylr]

For unauthenticated requests, the rate limit allows you to make up to 10 requests per minute.

Innnnteresting. That is news to me.

[tagawa]

Thanks for the explanations. I hadn't realised it was so tricky. I raised the issue because it was also affecting the back button, i.e. clicking Back after a search takes you back to the full issue list rather than what you searched for.

The only other option I can think of is to store search results as an object in local storage for the Back button use case and just not worry about the URL direct entry use case. Maybe even that's too much complexity for a minor issue and it's OK as is.

[miketaylr]

Thanks for the explanations. I hadn't realised it was so tricky.

Nah, it's not much more work. I think we should do it. We can ship the "authed" version now, and then add the unauthed stuff later--hopefully before this week is over. ^_^