[feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error
2025-06-05 21:59:39 +02:00 · 2025-02-26 13:04:55 +01:00
parent f734a94c1c
commit eb720241da
213 changed files with 1762 additions and 1082 deletions
--- a/internal/processing/account/move.go
+++ b/internal/processing/account/move.go
@@ -27,6 +27,7 @@ import (

 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
 	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
@@ -34,14 +35,13 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
 	"github.com/superseriousbusiness/gotosocial/internal/messages"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/uris"
 	"golang.org/x/crypto/bcrypt"
 )

 func (p *Processor) MoveSelf(
 	ctx context.Context,
-	authed *oauth.Auth,
+	authed *apiutil.Auth,
 	form *apimodel.AccountMoveRequest,
 ) gtserror.WithCode {
 	// Ensure valid MovedToURI.