From 5730ae00720fc2f70fdd28771a5fbb22aa953298 Mon Sep 17 00:00:00 2001
From: silverpill <silverpill@firemail.cc>
Date: Sun, 23 Jan 2022 23:12:58 +0000
Subject: [PATCH] Return status 403 in response to signature request if post is
 not saved to IPFS

---
 docs/openapi.yaml                  | 4 +---
 src/mastodon_api/statuses/views.rs | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/docs/openapi.yaml b/docs/openapi.yaml
index 4c25d60..0ebe9f0 100644
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@@ -398,13 +398,11 @@ paths:
                     type: string
                     example: '6a5cb313907cd3...'
         403:
-          description: Post does not belong to user or is not public or user's wallet address is not known
+          description: Post does not belong to user, is not public or not saved to IPFS, or user's wallet address is not known
         404:
           description: Post not found
         418:
           description: Ethereum integration is not enabled
-        422:
-          description: Post is not saved to IPFS
   /api/v1/statuses/{status_id}/token_minted:
     post:
       summary: Register transaction that mints a token
diff --git a/src/mastodon_api/statuses/views.rs b/src/mastodon_api/statuses/views.rs
index 82b8694..eb62aaf 100644
--- a/src/mastodon_api/statuses/views.rs
+++ b/src/mastodon_api/statuses/views.rs
@@ -443,7 +443,7 @@ async fn get_signature(
     };
     let ipfs_cid = post.ipfs_cid
         // Post metadata is not immutable
-        .ok_or(HttpError::OperationError("post is not immutable"))?;
+        .ok_or(HttpError::PermissionError)?;
     let token_uri = get_ipfs_url(&ipfs_cid);
     let signature = create_mint_signature(
         contract_config,