[feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil

* enforce scopes

* docs

* update test models, remove deprecated "follow"

* file header

* tests

* tweak scope matcher

* simplify...

* fix tests

* log user out of settings panel in case of oauth error

internal/api/client/push/pushsubscriptiondelete.go

@@ -22,8 +22,6 @@ import (
 
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionDELETEHandler swagger:operation DELETE /api/v1/push/subscription pushSubscriptionDelete
@@ -49,9 +47,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopePush,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 

internal/api/client/push/pushsubscriptiondelete_test.go

@@ -76,7 +76,7 @@ func (suite *PushTestSuite) TestDeleteSubscription() {
 func (suite *PushTestSuite) TestDeleteMissingSubscription() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	err := suite.deleteSubscription(accountFixtureName, tokenFixtureName, 200)
 	suite.NoError(err)

internal/api/client/push/pushsubscriptionget.go

@@ -22,8 +22,6 @@ import (
 
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionGETHandler swagger:operation GET /api/v1/push/subscription pushSubscriptionGet
@@ -55,9 +53,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopePush,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 

internal/api/client/push/pushsubscriptionget_test.go

@@ -95,7 +95,7 @@ func (suite *PushTestSuite) TestGetSubscription() {
 func (suite *PushTestSuite) TestGetMissingSubscription() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	_, err := suite.getSubscription(accountFixtureName, tokenFixtureName, 404)
 	suite.NoError(err)

internal/api/client/push/pushsubscriptionpost.go

@@ -29,7 +29,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionPOSTHandler swagger:operation POST /api/v1/push/subscription pushSubscriptionPost
@@ -181,9 +180,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopePush,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 

internal/api/client/push/pushsubscriptionpost_test.go

@@ -116,7 +116,7 @@ func (suite *PushTestSuite) postSubscription(
 func (suite *PushTestSuite) TestPostSubscription() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	endpoint := "https://example.test/push"
 	auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -152,7 +152,7 @@ func (suite *PushTestSuite) TestPostSubscription() {
 func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	endpoint := "https://example.test/push"
 	auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -186,7 +186,7 @@ func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
 func (suite *PushTestSuite) TestPostInvalidSubscription() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	// No endpoint.
 	auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -212,7 +212,7 @@ func (suite *PushTestSuite) TestPostInvalidSubscription() {
 func (suite *PushTestSuite) TestPostSubscriptionJSON() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	requestJson := `{
 		"subscription": {
@@ -258,7 +258,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSON() {
 func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	requestJson := `{
 		"subscription": {
@@ -298,7 +298,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
 func (suite *PushTestSuite) TestPostInvalidSubscriptionJSON() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	// No endpoint.
 	requestJson := `{

internal/api/client/push/pushsubscriptionput.go

@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -157,9 +156,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopePush,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 

internal/api/client/push/pushsubscriptionput_test.go

@@ -170,7 +170,7 @@ func (suite *PushTestSuite) TestPutSubscriptionJSON() {
 func (suite *PushTestSuite) TestPutMissingSubscription() {
 	accountFixtureName := "local_account_1"
 	// This token should not have a subscription.
-	tokenFixtureName := "local_account_1_user_authorization_token"
+	tokenFixtureName := "local_account_1_push_only"
 
 	alertsMention := true
 	alertsStatus := false