Require confirmed email when checking oauth token (#332)

* move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token
2025-06-05 21:59:39 +02:00 · 2021-11-27 14:53:34 +01:00
parent 5ed03480e7
commit ce22e03f9d
8 changed files with 57 additions and 30 deletions
--- a/internal/api/security/security.go
+++ b/internal/api/security/security.go
@ -24,6 +24,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/router"
 )

@ -33,13 +34,15 @@ const robotsPath = "/robots.txt"
 type Module struct {
 	config *config.Config
 	db     db.DB
+	server oauth.Server
 }

 // New returns a new security module
-func New(config *config.Config, db db.DB) api.ClientModule {
+func New(config *config.Config, db db.DB, server oauth.Server) api.ClientModule {
 	return &Module{
 		config: config,
 		db:     db,
+		server: server,
 	}
 }

@ -49,6 +52,7 @@ func (m *Module) Route(s router.Router) error {
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)
 	s.AttachMiddleware(m.UserAgentBlock)
+	s.AttachMiddleware(m.TokenCheck)
 	s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)
 	return nil
 }