SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[feature] Enforce OAuth token scopes (#3835)

Browse Source 
* move tokenauth to apiutil

* enforce scopes

* docs

* update test models, remove deprecated "follow"

* file header

* tests

* tweak scope matcher

* simplify...

* fix tests

* log user out of settings panel in case of oauth error
This commit is contained in:
tobi
2025-02-26 13:04:55 +01:00
committed by GitHub
parent f734a94c1c
commit eb720241da
213 changed files with 1762 additions and 1082 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/api/client/admin/debug_on.go
View File

@ -27,13 +27,15 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/oauth"
)
func (m *Module) DebugAPUrlHandler(c *gin.Context) {
authed, err := oauth.Authed(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeAdminWrite,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@ -58,9 +60,12 @@ func (m *Module) DebugAPUrlHandler(c *gin.Context) {
}
func (m *Module) DebugClearCachesHandler(c *gin.Context) {
authed, err := oauth.Authed(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeAdminWrite,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}