diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index 2e250060a..75fa2a777 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -4331,7 +4331,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:accounts
+ - read:statuses
summary: See statuses posted by the requested account.
tags:
- accounts
@@ -5004,7 +5004,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:accounts
summary: View + page through known accounts according to given filters.
tags:
- admin
@@ -5038,7 +5038,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:accounts
summary: View one account.
tags:
- admin
@@ -5083,7 +5083,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:accounts
summary: Perform an admin action on an account.
tags:
- admin
@@ -5117,7 +5117,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:accounts
summary: Approve pending account.
tags:
- admin
@@ -5163,7 +5163,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:accounts
summary: Reject pending account.
tags:
- admin
@@ -5241,6 +5241,9 @@ paths:
description: not acceptable
"500":
description: internal server error
+ security:
+ - OAuth2 Bearer:
+ - admin:read
summary: View local and remote emojis available to / known by this instance.
tags:
- admin
@@ -5287,7 +5290,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Upload and create a new instance emoji.
tags:
- admin
@@ -5327,7 +5330,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Delete a **local** emoji with the given ID from the instance.
tags:
- admin
@@ -5358,6 +5361,9 @@ paths:
description: not acceptable
"500":
description: internal server error
+ security:
+ - OAuth2 Bearer:
+ - admin:read
summary: Get the admin view of a single emoji.
tags:
- admin
@@ -5429,7 +5435,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Perform admin action on a local or remote emoji known to this instance.
tags:
- admin
@@ -5457,6 +5463,9 @@ paths:
description: not acceptable
"500":
description: internal server error
+ security:
+ - OAuth2 Bearer:
+ - admin:read
summary: Get a list of existing emoji categories.
tags:
- admin
@@ -5489,7 +5498,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Perform a GET to the specified ActivityPub URL and return detailed debugging information.
tags:
- debug
@@ -5514,7 +5523,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Sweep/clear all in-memory caches.
tags:
- debug
@@ -5549,7 +5558,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:domain_allows
summary: View all domain allows currently in place.
tags:
- admin
@@ -5612,7 +5621,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:domain_allows
summary: Create one or more domain allows, from a string or a file.
tags:
- admin
@@ -5648,7 +5657,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:domain_allows
summary: Delete domain allow with the given ID.
tags:
- admin
@@ -5681,7 +5690,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:domain_allows
summary: View domain allow with the given ID.
tags:
- admin
@@ -5716,7 +5725,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:domain_blocks
summary: View all domain blocks currently in place.
tags:
- admin
@@ -5779,7 +5788,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:domain_blocks
summary: Create one or more domain blocks, from a string or a file.
tags:
- admin
@@ -5815,7 +5824,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:domain_blocks
summary: Delete domain block with the given ID.
tags:
- admin
@@ -5848,7 +5857,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:domain_blocks
summary: View domain block with the given ID.
tags:
- admin
@@ -5900,7 +5909,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Force expiry of cached public keys for all accounts on the given domain stored in your database.
tags:
- admin
@@ -5976,7 +5985,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View domain permission drafts.
tags:
- admin
@@ -6027,7 +6036,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create a domain permission draft with the given parameters.
tags:
- admin
@@ -6059,7 +6068,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: Get domain permission draft with the given ID.
tags:
- admin
@@ -6101,7 +6110,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Accept a domain permission draft, turning it into an enforced domain permission.
tags:
- admin
@@ -6143,7 +6152,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Remove a domain permission draft, optionally ignoring all future drafts targeting the given domain.
tags:
- admin
@@ -6211,7 +6220,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View domain permission excludes.
tags:
- admin
@@ -6254,7 +6263,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create a domain permission exclude with the given parameters.
tags:
- admin
@@ -6288,7 +6297,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Remove a domain permission exclude.
tags:
- admin
@@ -6319,7 +6328,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: Get domain permission exclude with the given ID.
tags:
- admin
@@ -6387,7 +6396,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View domain permission subscriptions.
tags:
- admin
@@ -6462,7 +6471,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create a domain permission subscription with the given parameters.
tags:
- admin
@@ -6535,7 +6544,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Update a domain permission subscription with the given parameters.
tags:
- admin
@@ -6567,7 +6576,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: Get domain permission subscription with the given ID.
tags:
- admin
@@ -6611,7 +6620,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Remove a domain permission subscription.
tags:
- admin
@@ -6651,7 +6660,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Test one domain permission subscription by making your instance fetch and parse it *without creating permissions*.
tags:
- admin
@@ -6688,7 +6697,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View all domain permission subscriptions of the given permission type, in priority order (highest to lowest).
tags:
- admin
@@ -6733,7 +6742,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Send a generic test email to a specified email address.
tags:
- admin
@@ -6802,7 +6811,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create new "allow" HTTP request header filter.
tags:
- admin
@@ -6830,7 +6839,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Delete the "allow" header filter with the given ID.
tags:
- admin
@@ -6859,7 +6868,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: Get "allow" header filter with the given ID.
tags:
- admin
@@ -6928,7 +6937,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create new "block" HTTP request header filter.
tags:
- admin
@@ -6956,7 +6965,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Delete the "block" header filter with the given ID.
tags:
- admin
@@ -6985,7 +6994,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: Get "block" header filter with the given ID.
tags:
- admin
@@ -7014,7 +7023,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View instance rules, with IDs.
tags:
- admin
@@ -7050,7 +7059,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Create a new instance rule.
tags:
- admin
@@ -7086,7 +7095,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Delete an existing instance rule.
tags:
- admin
@@ -7117,7 +7126,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read
summary: View instance rule with the given id.
tags:
- admin
@@ -7159,7 +7168,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Update an existing instance rule.
tags:
- admin
@@ -7199,7 +7208,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Clean up remote media older than the specified number of days.
tags:
- admin
@@ -7233,7 +7242,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Refetch media specified in the database but missing from storage.
tags:
- admin
@@ -7307,7 +7316,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:reports
summary: View user moderation reports.
tags:
- admin
@@ -7339,7 +7348,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:reports
summary: View user moderation report with the given id.
tags:
- admin
@@ -7381,7 +7390,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write:reports
summary: Mark a report as resolved.
tags:
- admin
@@ -7408,8 +7417,7 @@ paths:
"500":
description: internal server error
security:
- - OAuth2 Bearer:
- - read:announcements
+ - OAuth2 Bearer: []
summary: Get an array of currently active announcements.
tags:
- announcements
@@ -7723,8 +7731,7 @@ paths:
"500":
description: internal server error
security:
- - OAuth2 Bearer:
- - read:custom_emojis
+ - OAuth2 Bearer: []
summary: Get an array of custom emojis available on the instance.
tags:
- custom_emojis
@@ -7764,7 +7771,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:follows
+ - read:accounts
summary: Export a CSV file of accounts that follow you.
tags:
- import-export
@@ -7846,7 +7853,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:account
+ - read:accounts
summary: Returns informational stats on the number of items that can be exported for requesting account.
tags:
- import-export
@@ -8423,7 +8430,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - write:accounts
+ - write
summary: Upload some CSV-formatted data to your account.
tags:
- import-export
@@ -8517,7 +8524,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:write
summary: Update your instance information and/or upload a new avatar/header for the instance.
tags:
- instance
@@ -8569,6 +8576,8 @@ paths:
description: not acceptable
"500":
description: internal server error
+ security:
+ - OAuth2 Bearer: []
tags:
- instance
/api/v1/instance/rules:
@@ -9643,7 +9652,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:notifications
+ - write:notifications
summary: Clear/delete all notifications for currently authorized user.
tags:
- notifications
@@ -10158,7 +10167,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:reports
+ - read:accounts
summary: See reports created by the requesting account.
tags:
- reports
@@ -10270,7 +10279,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - read:reports
+ - read:accounts
summary: Get one report with the given id.
tags:
- reports
@@ -10677,7 +10686,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - write:statuses
+ - write:bookmarks
summary: Bookmark status with the given ID.
tags:
- statuses
@@ -11035,7 +11044,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - write:statuses
+ - write:bookmarks
summary: Unbookmark status with the given ID.
tags:
- statuses
@@ -11069,7 +11078,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - write:statuses
+ - write:favourites
summary: Unstar/unlike/unfavourite the given status.
tags:
- statuses
@@ -11313,8 +11322,7 @@ paths:
"500":
description: internal server error
security:
- - OAuth2 Bearer:
- - read:follows
+ - OAuth2 Bearer: []
summary: Get details for a hashtag, including whether you currently follow it.
tags:
- tags
@@ -11642,7 +11650,7 @@ paths:
description: internal error
security:
- OAuth2 Bearer:
- - read:user
+ - read:accounts
summary: Get your own user model.
tags:
- user
@@ -11687,7 +11695,7 @@ paths:
description: internal error
security:
- OAuth2 Bearer:
- - write:user
+ - write:accounts
summary: Request changing the email address of authenticated user.
tags:
- user
@@ -11736,7 +11744,7 @@ paths:
description: internal error
security:
- OAuth2 Bearer:
- - write:user
+ - write:accounts
summary: Change the password of authenticated user.
tags:
- user
@@ -11837,7 +11845,7 @@ paths:
description: internal server error
security:
- OAuth2 Bearer:
- - admin
+ - admin:read:accounts
summary: View + page through known accounts according to given filters.
tags:
- admin
@@ -12724,32 +12732,44 @@ securityDefinitions:
flow: accessCode
scopes:
admin: grants admin access to everything
- admin:accounts: grants admin access to accounts
+ admin:read: grants admin read access to everything
+ admin:read:accounts: grants admin read access to accounts
+ admin:read:domain_allows: grants admin read access to domain_allows
+ admin:read:domain_blocks: grants admin read access to domain_blocks
+ admin:read:reports: grants admin read access to reports
+ admin:write: grants admin write access to everything
+ admin:write:accounts: grants write read access to accounts
+ admin:write:domain_allows: grants admin write access to domain_allows
+ admin:write:domain_blocks: grants write read access to domain_blocks
+ admin:write:reports: grants admin write access to reports
+ profile: grants read access to verify_credentials
+ push: grants read/write access to push
read: grants read access to everything
read:accounts: grants read access to accounts
- read:blocks: grant read access to blocks
- read:custom_emojis: grant read access to custom_emojis
- read:favourites: grant read access to favourites
- read:filters: grant read access to filters
- read:follows: grant read access to follows
- read:lists: grant read access to lists
- read:media: grant read access to media
- read:mutes: grant read access to mutes
+ read:blocks: grants read access to blocks
+ read:bookmarks: grants read access to bookmarks
+ read:favourites: grants read access to accounts
+ read:filters: grants read access to filters
+ read:follows: grants read access to follows
+ read:lists: grants read access to lists
+ read:mutes: grants read access to mutes
read:notifications: grants read access to notifications
- read:search: grant read access to searches
+ read:search: grants read access to search
read:statuses: grants read access to statuses
- read:streaming: grants read access to streaming api
- read:user: grants read access to user-level info
write: grants write access to everything
write:accounts: grants write access to accounts
write:blocks: grants write access to blocks
+ write:bookmarks: grants write access to bookmarks
+ write:conversations: grants write access to conversations
+ write:favourites: grants write access to favourites
write:filters: grants write access to filters
write:follows: grants write access to follows
write:lists: grants write access to lists
write:media: grants write access to media
write:mutes: grants write access to mutes
+ write:notifications: grants write access to notifications
+ write:reports: grants write access to reports
write:statuses: grants write access to statuses
- write:user: grants write access to user-level info
tokenUrl: https://example.org/oauth/token
type: oauth2
swagger: "2.0"
diff --git a/docs/swagger.go b/docs/swagger.go
index 73c9a3d9a..ecd03e6b9 100644
--- a/docs/swagger.go
+++ b/docs/swagger.go
@@ -32,32 +32,44 @@
// tokenUrl: https://example.org/oauth/token
// scopes:
// read: grants read access to everything
-// read:accounts: grants read access to accounts
-// read:blocks: grant read access to blocks
-// read:custom_emojis: grant read access to custom_emojis
-// read:favourites: grant read access to favourites
-// read:filters: grant read access to filters
-// read:follows: grant read access to follows
-// read:lists: grant read access to lists
-// read:media: grant read access to media
-// read:mutes: grant read access to mutes
-// read:search: grant read access to searches
-// read:statuses: grants read access to statuses
-// read:streaming: grants read access to streaming api
-// read:user: grants read access to user-level info
-// read:notifications: grants read access to notifications
// write: grants write access to everything
+// push: grants read/write access to push
+// profile: grants read access to verify_credentials
+// read:accounts: grants read access to accounts
// write:accounts: grants write access to accounts
+// read:blocks: grants read access to blocks
// write:blocks: grants write access to blocks
+// read:bookmarks: grants read access to bookmarks
+// write:bookmarks: grants write access to bookmarks
+// write:conversations: grants write access to conversations
+// read:favourites: grants read access to accounts
+// write:favourites: grants write access to favourites
+// read:filters: grants read access to filters
// write:filters: grants write access to filters
+// read:follows: grants read access to follows
// write:follows: grants write access to follows
+// read:lists: grants read access to lists
// write:lists: grants write access to lists
// write:media: grants write access to media
+// read:mutes: grants read access to mutes
// write:mutes: grants write access to mutes
+// read:notifications: grants read access to notifications
+// write:notifications: grants write access to notifications
+// write:reports: grants write access to reports
+// read:search: grants read access to search
+// read:statuses: grants read access to statuses
// write:statuses: grants write access to statuses
-// write:user: grants write access to user-level info
// admin: grants admin access to everything
-// admin:accounts: grants admin access to accounts
+// admin:read: grants admin read access to everything
+// admin:write: grants admin write access to everything
+// admin:read:accounts: grants admin read access to accounts
+// admin:write:accounts: grants write read access to accounts
+// admin:read:reports: grants admin read access to reports
+// admin:write:reports: grants admin write access to reports
+// admin:read:domain_allows: grants admin read access to domain_allows
+// admin:write:domain_allows: grants admin write access to domain_allows
+// admin:read:domain_blocks: grants admin read access to domain_blocks
+// admin:write:domain_blocks: grants write read access to domain_blocks
// OAuth2 Application:
// type: oauth2
// flow: application
diff --git a/internal/api/client/accounts/accountalias.go b/internal/api/client/accounts/accountalias.go
index 3f869c0d6..e0b67694f 100644
--- a/internal/api/client/accounts/accountalias.go
+++ b/internal/api/client/accounts/accountalias.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountAliasPOSTHandler swagger:operation POST /api/v1/accounts/alias accountAlias
@@ -77,9 +76,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountAliasPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountcreate.go b/internal/api/client/accounts/accountcreate.go
index 33d743791..71f343522 100644
--- a/internal/api/client/accounts/accountcreate.go
+++ b/internal/api/client/accounts/accountcreate.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -74,9 +73,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountCreatePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, false, false)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, false,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountdelete.go b/internal/api/client/accounts/accountdelete.go
index 9a1ef7931..6438462c6 100644
--- a/internal/api/client/accounts/accountdelete.go
+++ b/internal/api/client/accounts/accountdelete.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"golang.org/x/crypto/bcrypt"
)
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -80,7 +82,7 @@ func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
// Self account delete requires password to ensure it's for real.
if form.Password == "" {
- err = errors.New("no password provided in account delete request")
+ err := errors.New("no password provided in account delete request")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountget.go b/internal/api/client/accounts/accountget.go
index 4c1b66a20..cc6de3337 100644
--- a/internal/api/client/accounts/accountget.go
+++ b/internal/api/client/accounts/accountget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountGETHandler swagger:operation GET /api/v1/accounts/{id} accountGet
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountmove.go b/internal/api/client/accounts/accountmove.go
index 3698c06a3..601dd7d54 100644
--- a/internal/api/client/accounts/accountmove.go
+++ b/internal/api/client/accounts/accountmove.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountMovePOSTHandler swagger:operation POST /api/v1/accounts/move accountMove
@@ -74,9 +73,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountMovePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountupdate.go b/internal/api/client/accounts/accountupdate.go
index 5d3a3da5f..617031d79 100644
--- a/internal/api/client/accounts/accountupdate.go
+++ b/internal/api/client/accounts/accountupdate.go
@@ -30,7 +30,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountUpdateCredentialsPATCHHandler swagger:operation PATCH /api/v1/accounts/update_credentials accountUpdate
@@ -236,9 +235,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountUpdateCredentialsPATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/accountverify.go b/internal/api/client/accounts/accountverify.go
index 1799089ab..f9dd5ae9c 100644
--- a/internal/api/client/accounts/accountverify.go
+++ b/internal/api/client/accounts/accountverify.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountVerifyGETHandler swagger:operation GET /api/v1/accounts/verify_credentials accountVerify
@@ -56,9 +55,13 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountVerifyGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeProfile,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/block.go b/internal/api/client/accounts/block.go
index 24ff099a7..09bf23a85 100644
--- a/internal/api/client/accounts/block.go
+++ b/internal/api/client/accounts/block.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountBlockPOSTHandler swagger:operation POST /api/v1/accounts/{id}/block accountBlock
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountBlockPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteBlocks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/featuredtags.go b/internal/api/client/accounts/featuredtags.go
index 312a92bcc..0cb3c7b98 100644
--- a/internal/api/client/accounts/featuredtags.go
+++ b/internal/api/client/accounts/featuredtags.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountFeaturedTagsGETHandler swagger:operation GET /api/v1/accounts/{id}/featured_tags accountsFeaturedTags
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountFeaturedTagsGETHandler(c *gin.Context) {
- _, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ _, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/follow.go b/internal/api/client/accounts/follow.go
index 8a6e99744..d72032066 100644
--- a/internal/api/client/accounts/follow.go
+++ b/internal/api/client/accounts/follow.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountFollowPOSTHandler swagger:operation POST /api/v1/accounts/{id}/follow accountFollow
@@ -91,9 +90,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountFollowPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/followers.go b/internal/api/client/accounts/followers.go
index 332788c3a..d1fca7918 100644
--- a/internal/api/client/accounts/followers.go
+++ b/internal/api/client/accounts/followers.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -119,9 +118,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountFollowersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/following.go b/internal/api/client/accounts/following.go
index bdd9ff3de..b0d47667f 100644
--- a/internal/api/client/accounts/following.go
+++ b/internal/api/client/accounts/following.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -119,9 +118,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountFollowingGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/lists.go b/internal/api/client/accounts/lists.go
index 7bd1227a8..f054b73bb 100644
--- a/internal/api/client/accounts/lists.go
+++ b/internal/api/client/accounts/lists.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountListsGETHandler swagger:operation GET /api/v1/accounts/{id}/lists accountLists
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountListsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/lookup.go b/internal/api/client/accounts/lookup.go
index d2a8e76be..88cf7fbe9 100644
--- a/internal/api/client/accounts/lookup.go
+++ b/internal/api/client/accounts/lookup.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountLookupGETHandler swagger:operation GET /api/v1/accounts/lookup accountLookupGet
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountLookupGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/mute.go b/internal/api/client/accounts/mute.go
index c9a57a348..c5e5cc24b 100644
--- a/internal/api/client/accounts/mute.go
+++ b/internal/api/client/accounts/mute.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -86,9 +85,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountMutePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/note.go b/internal/api/client/accounts/note.go
index bcfd232ae..bee99cf1e 100644
--- a/internal/api/client/accounts/note.go
+++ b/internal/api/client/accounts/note.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountNotePOSTHandler swagger:operation POST /api/v1/accounts/{id}/note accountNote
@@ -75,9 +74,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountNotePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/profile.go b/internal/api/client/accounts/profile.go
index 8ff59a23b..16c312685 100644
--- a/internal/api/client/accounts/profile.go
+++ b/internal/api/client/accounts/profile.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountAvatarDELETEHandler swagger:operation DELETE /api/v1/profile/avatar accountAvatarDelete
@@ -102,9 +101,12 @@ func (m *Module) AccountHeaderDELETEHandler(c *gin.Context) {
// accountDeleteProfileAttachment checks that an authenticated account is present and allowed to alter itself,
// runs an attachment deletion processor method, and returns the updated account.
func (m *Module) accountDeleteProfileAttachment(c *gin.Context, processDelete func(context.Context, *gtsmodel.Account) (*apimodel.Account, gtserror.WithCode)) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/relationships.go b/internal/api/client/accounts/relationships.go
index 30d7dd666..7a5589832 100644
--- a/internal/api/client/accounts/relationships.go
+++ b/internal/api/client/accounts/relationships.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountRelationshipsGETHandler swagger:operation GET /api/v1/accounts/relationships accountRelationships
@@ -73,9 +72,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountRelationshipsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -89,7 +91,7 @@ func (m *Module) AccountRelationshipsGETHandler(c *gin.Context) {
// check fallback -- let's be generous and see if maybe it's just set as 'id'?
id := c.Query("id")
if id == "" {
- err = errors.New("no account id(s) specified in query")
+ err := errors.New("no account id(s) specified in query")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/search.go b/internal/api/client/accounts/search.go
index 13c135601..671afece2 100644
--- a/internal/api/client/accounts/search.go
+++ b/internal/api/client/accounts/search.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountSearchGETHandler swagger:operation GET /api/v1/accounts/search accountSearchGet
@@ -107,9 +106,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountSearchGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/statuses.go b/internal/api/client/accounts/statuses.go
index a72a464ed..c9f7977d8 100644
--- a/internal/api/client/accounts/statuses.go
+++ b/internal/api/client/accounts/statuses.go
@@ -26,7 +26,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountStatusesGETHandler swagger:operation GET /api/v1/accounts/{id}/statuses accountStatuses
@@ -109,7 +108,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:accounts
+// - read:statuses
//
// responses:
// '200':
@@ -134,9 +133,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountStatusesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/themesget.go b/internal/api/client/accounts/themesget.go
index 5a0cb6d94..6055a619f 100644
--- a/internal/api/client/accounts/themesget.go
+++ b/internal/api/client/accounts/themesget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountThemesGETHandler swagger:operation GET /api/v1/accounts/themes accountThemes
@@ -60,9 +59,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountThemesGETHandler(c *gin.Context) {
- _, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ _, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/unblock.go b/internal/api/client/accounts/unblock.go
index e8144711e..615d62e60 100644
--- a/internal/api/client/accounts/unblock.go
+++ b/internal/api/client/accounts/unblock.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountUnblockPOSTHandler swagger:operation POST /api/v1/accounts/{id}/unblock accountUnblock
@@ -67,9 +66,9 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountUnblockPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c, true, true, true, true)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/unfollow.go b/internal/api/client/accounts/unfollow.go
index 9eb66aed3..1372a4ffc 100644
--- a/internal/api/client/accounts/unfollow.go
+++ b/internal/api/client/accounts/unfollow.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountUnfollowPOSTHandler swagger:operation POST /api/v1/accounts/{id}/unfollow accountUnfollow
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountUnfollowPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/accounts/unmute.go b/internal/api/client/accounts/unmute.go
index 665c3908e..0336e920f 100644
--- a/internal/api/client/accounts/unmute.go
+++ b/internal/api/client/accounts/unmute.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountUnmutePOSTHandler swagger:operation POST /api/v1/accounts/{id}/unmute accountUnmute
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountUnmutePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountaction.go b/internal/api/client/admin/accountaction.go
index 64e6c39ca..74ff0851c 100644
--- a/internal/api/client/admin/accountaction.go
+++ b/internal/api/client/admin/accountaction.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountActionPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/action adminAccountAction
@@ -64,7 +63,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:accounts
//
// responses:
// '200':
@@ -87,9 +86,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountActionPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountapprove.go b/internal/api/client/admin/accountapprove.go
index 7aaa48509..96a495924 100644
--- a/internal/api/client/admin/accountapprove.go
+++ b/internal/api/client/admin/accountapprove.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountApprovePOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/approve adminAccountApprove
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:accounts
//
// responses:
// '200':
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountApprovePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountget.go b/internal/api/client/admin/accountget.go
index 3a656fecc..b73f58adb 100644
--- a/internal/api/client/admin/accountget.go
+++ b/internal/api/client/admin/accountget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountGETHandler swagger:operation GET /api/v1/admin/accounts/{id} adminAccountGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:accounts
//
// responses:
// '200':
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountreject.go b/internal/api/client/admin/accountreject.go
index a4653985d..fffdc5811 100644
--- a/internal/api/client/admin/accountreject.go
+++ b/internal/api/client/admin/accountreject.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountRejectPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/reject adminAccountReject
@@ -70,7 +69,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:accounts
//
// responses:
// '200':
@@ -90,9 +89,12 @@ import (
// '500':
// description: internal server error
func (m *Module) AccountRejectPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountsgetv1.go b/internal/api/client/admin/accountsgetv1.go
index f333492de..7d542b97c 100644
--- a/internal/api/client/admin/accountsgetv1.go
+++ b/internal/api/client/admin/accountsgetv1.go
@@ -148,7 +148,7 @@
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:accounts
//
// responses:
// '200':
@@ -182,14 +182,16 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
func (m *Module) AccountsGETV1Handler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/accountsgetv2.go b/internal/api/client/admin/accountsgetv2.go
index 27024e7a2..8b6d4391d 100644
--- a/internal/api/client/admin/accountsgetv2.go
+++ b/internal/api/client/admin/accountsgetv2.go
@@ -121,7 +121,7 @@
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:accounts
//
// responses:
// '200':
@@ -155,14 +155,16 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
func (m *Module) AccountsGETV2Handler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/debug_off.go b/internal/api/client/admin/debug_off.go
index a43326f02..667cf1be9 100644
--- a/internal/api/client/admin/debug_off.go
+++ b/internal/api/client/admin/debug_off.go
@@ -55,7 +55,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -89,7 +89,7 @@ func (m *Module) DebugAPUrlHandler(c *gin.Context) {}
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
diff --git a/internal/api/client/admin/debug_on.go b/internal/api/client/admin/debug_on.go
index ea42206f8..eb38e95e5 100644
--- a/internal/api/client/admin/debug_on.go
+++ b/internal/api/client/admin/debug_on.go
@@ -27,13 +27,15 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
func (m *Module) DebugAPUrlHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -58,9 +60,12 @@ func (m *Module) DebugAPUrlHandler(c *gin.Context) {
}
func (m *Module) DebugClearCachesHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainallowcreate.go b/internal/api/client/admin/domainallowcreate.go
index e8700f673..3e2baa053 100644
--- a/internal/api/client/admin/domainallowcreate.go
+++ b/internal/api/client/admin/domainallowcreate.go
@@ -93,7 +93,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:domain_allows
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainallowdelete.go b/internal/api/client/admin/domainallowdelete.go
index 6237e403f..20f97fe6d 100644
--- a/internal/api/client/admin/domainallowdelete.go
+++ b/internal/api/client/admin/domainallowdelete.go
@@ -43,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:domain_allows
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainallowget.go b/internal/api/client/admin/domainallowget.go
index aa21743fa..6ed845235 100644
--- a/internal/api/client/admin/domainallowget.go
+++ b/internal/api/client/admin/domainallowget.go
@@ -43,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:domain_allows
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainallowsget.go b/internal/api/client/admin/domainallowsget.go
index 6391c7138..4790f1a2b 100644
--- a/internal/api/client/admin/domainallowsget.go
+++ b/internal/api/client/admin/domainallowsget.go
@@ -47,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:domain_allows
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainblockcreate.go b/internal/api/client/admin/domainblockcreate.go
index 5234561cf..1e98c6f6f 100644
--- a/internal/api/client/admin/domainblockcreate.go
+++ b/internal/api/client/admin/domainblockcreate.go
@@ -93,7 +93,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:domain_blocks
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainblockdelete.go b/internal/api/client/admin/domainblockdelete.go
index a6f6619cd..e9b207505 100644
--- a/internal/api/client/admin/domainblockdelete.go
+++ b/internal/api/client/admin/domainblockdelete.go
@@ -43,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:domain_blocks
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainblockget.go b/internal/api/client/admin/domainblockget.go
index 9e8d29905..1d73962fa 100644
--- a/internal/api/client/admin/domainblockget.go
+++ b/internal/api/client/admin/domainblockget.go
@@ -43,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:domain_blocks
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainblocksget.go b/internal/api/client/admin/domainblocksget.go
index bdcc03469..383acbea5 100644
--- a/internal/api/client/admin/domainblocksget.go
+++ b/internal/api/client/admin/domainblocksget.go
@@ -47,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:domain_blocks
//
// responses:
// '200':
diff --git a/internal/api/client/admin/domainkeysexpire.go b/internal/api/client/admin/domainkeysexpire.go
index 0926519f5..262d196b4 100644
--- a/internal/api/client/admin/domainkeysexpire.go
+++ b/internal/api/client/admin/domainkeysexpire.go
@@ -28,7 +28,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainKeysExpirePOSTHandler swagger:operation POST /api/v1/admin/domain_keys_expire domainKeysExpire
@@ -68,7 +67,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '202':
@@ -95,9 +94,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainKeysExpirePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermission.go b/internal/api/client/admin/domainpermission.go
index 5138be898..c64c90eb2 100644
--- a/internal/api/client/admin/domainpermission.go
+++ b/internal/api/client/admin/domainpermission.go
@@ -29,7 +29,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
type singleDomainPermCreate func(
@@ -63,9 +62,20 @@ func (m *Module) createDomainPermissions(
single singleDomainPermCreate,
multi multiDomainPermCreate,
) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ // Scope differs based on permType.
+ var requireScope apiutil.Scope
+ if permType == gtsmodel.DomainPermissionBlock {
+ requireScope = apiutil.ScopeAdminWriteDomainBlocks
+ } else {
+ requireScope = apiutil.ScopeAdminWriteDomainAllows
+ }
+
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ requireScope,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -98,6 +108,7 @@ func (m *Module) createDomainPermissions(
return
}
+ var err error
if importing && form.Domains.Size == 0 {
err = errors.New("import was specified but list of domains is empty")
} else if !importing && form.Domain == "" {
@@ -171,9 +182,20 @@ func (m *Module) deleteDomainPermission(
c *gin.Context,
permType gtsmodel.DomainPermissionType, // block/allow
) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ // Scope differs based on permType.
+ var requireScope apiutil.Scope
+ if permType == gtsmodel.DomainPermissionBlock {
+ requireScope = apiutil.ScopeAdminWriteDomainBlocks
+ } else {
+ requireScope = apiutil.ScopeAdminWriteDomainAllows
+ }
+
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ requireScope,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -218,9 +240,20 @@ func (m *Module) getDomainPermission(
c *gin.Context,
permType gtsmodel.DomainPermissionType,
) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ // Scope differs based on permType.
+ var requireScope apiutil.Scope
+ if permType == gtsmodel.DomainPermissionBlock {
+ requireScope = apiutil.ScopeAdminReadDomainBlocks
+ } else {
+ requireScope = apiutil.ScopeAdminReadDomainAllows
+ }
+
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ requireScope,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -266,9 +299,20 @@ func (m *Module) getDomainPermissions(
c *gin.Context,
permType gtsmodel.DomainPermissionType,
) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ // Scope differs based on permType.
+ var requireScope apiutil.Scope
+ if permType == gtsmodel.DomainPermissionBlock {
+ requireScope = apiutil.ScopeAdminReadDomainBlocks
+ } else {
+ requireScope = apiutil.ScopeAdminReadDomainAllows
+ }
+
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ requireScope,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissiondraftaccept.go b/internal/api/client/admin/domainpermissiondraftaccept.go
index 5e484cbf3..345b4d1c3 100644
--- a/internal/api/client/admin/domainpermissiondraftaccept.go
+++ b/internal/api/client/admin/domainpermissiondraftaccept.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionDraftAcceptPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts/{id}/accept domainPermissionDraftAccept
@@ -61,7 +60,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -81,9 +80,9 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionDraftAcceptPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c, true, true, true, true)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissiondraftcreate.go b/internal/api/client/admin/domainpermissiondraftcreate.go
index ec94f947b..b8d3085e9 100644
--- a/internal/api/client/admin/domainpermissiondraftcreate.go
+++ b/internal/api/client/admin/domainpermissiondraftcreate.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionDraftsPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts domainPermissionDraftCreate
@@ -79,7 +78,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -99,9 +98,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionDraftsPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissiondraftget.go b/internal/api/client/admin/domainpermissiondraftget.go
index aef3b094b..bff6254f7 100644
--- a/internal/api/client/admin/domainpermissiondraftget.go
+++ b/internal/api/client/admin/domainpermissiondraftget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionDraftGETHandler swagger:operation GET /api/v1/admin/domain_permission_drafts/{id} domainPermissionDraftGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionDraftGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissiondraftremove.go b/internal/api/client/admin/domainpermissiondraftremove.go
index 78169508c..6346331d1 100644
--- a/internal/api/client/admin/domainpermissiondraftremove.go
+++ b/internal/api/client/admin/domainpermissiondraftremove.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionDraftRemovePOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts/{id}/remove domainPermissionDraftRemove
@@ -61,7 +60,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -81,9 +80,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionDraftRemovePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissiondraftsget.go b/internal/api/client/admin/domainpermissiondraftsget.go
index 21ce5dc43..fa5e1ce6a 100644
--- a/internal/api/client/admin/domainpermissiondraftsget.go
+++ b/internal/api/client/admin/domainpermissiondraftsget.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -99,7 +98,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -125,9 +124,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionDraftsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionexcludecreate.go b/internal/api/client/admin/domainpermissionexcludecreate.go
index dd0b3b493..9559ab5b2 100644
--- a/internal/api/client/admin/domainpermissionexcludecreate.go
+++ b/internal/api/client/admin/domainpermissionexcludecreate.go
@@ -25,7 +25,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionExcludesPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_excludes domainPermissionExcludeCreate
@@ -62,7 +61,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -82,9 +81,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionExcludesPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionexcludeget.go b/internal/api/client/admin/domainpermissionexcludeget.go
index ca110abd5..200f20021 100644
--- a/internal/api/client/admin/domainpermissionexcludeget.go
+++ b/internal/api/client/admin/domainpermissionexcludeget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionExcludeGETHandler swagger:operation GET /api/v1/admin/domain_permission_excludes/{id} domainPermissionExcludeGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionExcludeGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionexcluderemove.go b/internal/api/client/admin/domainpermissionexcluderemove.go
index a167ae5a5..35a4bdd27 100644
--- a/internal/api/client/admin/domainpermissionexcluderemove.go
+++ b/internal/api/client/admin/domainpermissionexcluderemove.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionExcludeDELETEHandler swagger:operation DELETE /api/v1/admin/domain_permission_excludes/{id} domainPermissionExcludeDelete
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionExcludeDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionexcludesget.go b/internal/api/client/admin/domainpermissionexcludesget.go
index 71eedec52..59384079c 100644
--- a/internal/api/client/admin/domainpermissionexcludesget.go
+++ b/internal/api/client/admin/domainpermissionexcludesget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -87,7 +86,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -113,9 +112,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionExcludesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptioncreate.go b/internal/api/client/admin/domainpermissionsubscriptioncreate.go
index dd0b43aca..b45ac8d72 100644
--- a/internal/api/client/admin/domainpermissionsubscriptioncreate.go
+++ b/internal/api/client/admin/domainpermissionsubscriptioncreate.go
@@ -27,7 +27,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -125,7 +124,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -145,9 +144,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptionget.go b/internal/api/client/admin/domainpermissionsubscriptionget.go
index 841e37f24..59498beea 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionSubscriptionGETHandler swagger:operation GET /api/v1/admin/domain_permission_subscriptions/{id} domainPermissionSubscriptionGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptionremove.go b/internal/api/client/admin/domainpermissionsubscriptionremove.go
index 97f226a31..c659a7559 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionremove.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionremove.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -68,7 +67,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -88,9 +87,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionRemovePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptionsget.go b/internal/api/client/admin/domainpermissionsubscriptionsget.go
index 477013ec9..b3509a139 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionsget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionsget.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -89,7 +88,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -115,9 +114,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go b/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
index dc46c159b..d942e9612 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionSubscriptionsPreviewGETHandler swagger:operation GET /api/v1/admin/domain_permission_subscriptions/preview domainPermissionSubscriptionsPreviewGet
@@ -52,7 +51,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -74,9 +73,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionsPreviewGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptiontest.go b/internal/api/client/admin/domainpermissionsubscriptiontest.go
index 395a1a69c..573f1ca01 100644
--- a/internal/api/client/admin/domainpermissionsubscriptiontest.go
+++ b/internal/api/client/admin/domainpermissionsubscriptiontest.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// DomainPermissionSubscriptionTestPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_subscriptions/{id}/test domainPermissionSubscriptionTest
@@ -52,7 +51,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -76,9 +75,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionTestPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/domainpermissionsubscriptionupdate.go b/internal/api/client/admin/domainpermissionsubscriptionupdate.go
index de73c4d3e..0f6309c19 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionupdate.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionupdate.go
@@ -28,7 +28,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -121,7 +120,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -141,9 +140,12 @@ import (
// '500':
// description: internal server error
func (m *Module) DomainPermissionSubscriptionPATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emailtest.go b/internal/api/client/admin/emailtest.go
index 9b214a926..37a5e31d3 100644
--- a/internal/api/client/admin/emailtest.go
+++ b/internal/api/client/admin/emailtest.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmailTestPostHandler swagger:operation POST /api/v1/admin/email/test testEmailSend
@@ -63,7 +62,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '202':
@@ -87,9 +86,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmailTestPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -121,7 +123,7 @@ func (m *Module) EmailTestPOSTHandler(c *gin.Context) {
return
}
- errWithCode := m.processor.Admin().EmailTest(
+ errWithCode = m.processor.Admin().EmailTest(
c.Request.Context(),
authed.Account,
email.Address,
diff --git a/internal/api/client/admin/emojicategoriesget.go b/internal/api/client/admin/emojicategoriesget.go
index 51eb8fee4..e678cea86 100644
--- a/internal/api/client/admin/emojicategoriesget.go
+++ b/internal/api/client/admin/emojicategoriesget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmojiCategoriesGETHandler swagger:operation GET /api/v1/admin/custom_emojis/categories emojiCategoriesGet
@@ -38,6 +37,10 @@ import (
// produces:
// - application/json
//
+// security:
+// - OAuth2 Bearer:
+// - admin:read
+//
// responses:
// '200':
// description: Array of existing emoji categories.
@@ -58,9 +61,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojiCategoriesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emojicreate.go b/internal/api/client/admin/emojicreate.go
index 07fa4d4a8..445c56605 100644
--- a/internal/api/client/admin/emojicreate.go
+++ b/internal/api/client/admin/emojicreate.go
@@ -27,7 +27,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -76,7 +75,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -98,9 +97,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojiCreatePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emojidelete.go b/internal/api/client/admin/emojidelete.go
index 9f9f9d286..05d94f25d 100644
--- a/internal/api/client/admin/emojidelete.go
+++ b/internal/api/client/admin/emojidelete.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmojiDELETEHandler swagger:operation DELETE /api/v1/admin/custom_emojis/{id} emojiDelete
@@ -54,7 +53,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -74,9 +73,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojiDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emojiget.go b/internal/api/client/admin/emojiget.go
index 7ecbcfa19..41bea00f8 100644
--- a/internal/api/client/admin/emojiget.go
+++ b/internal/api/client/admin/emojiget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmojiGETHandler swagger:operation GET /api/v1/admin/custom_emojis/{id} emojiGet
@@ -46,6 +45,10 @@ import (
// in: path
// required: true
//
+// security:
+// - OAuth2 Bearer:
+// - admin:read
+//
// responses:
// '200':
// description: A single emoji.
@@ -64,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojiGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emojisget.go b/internal/api/client/admin/emojisget.go
index d50b553ac..c1d05af07 100644
--- a/internal/api/client/admin/emojisget.go
+++ b/internal/api/client/admin/emojisget.go
@@ -27,7 +27,6 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmojisGETHandler swagger:operation GET /api/v1/admin/custom_emojis emojisGet
@@ -99,6 +98,10 @@ import (
// Emoji with the given `[shortcode]@[domain]` will not be included in the result set.
// in: query
//
+// security:
+// - OAuth2 Bearer:
+// - admin:read
+//
// responses:
// '200':
// headers:
@@ -123,9 +126,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojisGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/emojiupdate.go b/internal/api/client/admin/emojiupdate.go
index b8ac101c0..07337eaa9 100644
--- a/internal/api/client/admin/emojiupdate.go
+++ b/internal/api/client/admin/emojiupdate.go
@@ -28,7 +28,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -105,7 +104,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -125,9 +124,12 @@ import (
// '500':
// description: internal server error
func (m *Module) EmojiPATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/headerfilter.go b/internal/api/client/admin/headerfilter.go
index d3dad5917..b101e98f6 100644
--- a/internal/api/client/admin/headerfilter.go
+++ b/internal/api/client/admin/headerfilter.go
@@ -27,14 +27,15 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// getHeaderFilter is a gin handler function that returns details of an HTTP header filter with provided ID, using given get function.
func (m *Module) getHeaderFilter(c *gin.Context, get func(context.Context, string) (*apimodel.HeaderFilter, gtserror.WithCode)) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -69,9 +70,11 @@ func (m *Module) getHeaderFilter(c *gin.Context, get func(context.Context, strin
// getHeaderFilters is a gin handler function that returns details of all HTTP header filters using given get function.
func (m *Module) getHeaderFilters(c *gin.Context, get func(context.Context) ([]*apimodel.HeaderFilter, gtserror.WithCode)) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -100,9 +103,11 @@ func (m *Module) getHeaderFilters(c *gin.Context, get func(context.Context) ([]*
// createHeaderFilter is a gin handler function that creates a HTTP header filter entry using provided form data, passing to given create function.
func (m *Module) createHeaderFilter(c *gin.Context, create func(context.Context, *gtsmodel.Account, *apimodel.HeaderFilterRequest) (*apimodel.HeaderFilter, gtserror.WithCode)) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -148,9 +153,11 @@ func (m *Module) createHeaderFilter(c *gin.Context, create func(context.Context,
// deleteHeaderFilter is a gin handler function that deletes an HTTP header filter with provided ID, using given delete function.
func (m *Module) deleteHeaderFilter(c *gin.Context, delete func(context.Context, string) gtserror.WithCode) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/headerfilter_create.go b/internal/api/client/admin/headerfilter_create.go
index d74dc5e15..a5b5e5309 100644
--- a/internal/api/client/admin/headerfilter_create.go
+++ b/internal/api/client/admin/headerfilter_create.go
@@ -42,7 +42,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -82,7 +82,7 @@ func (m *Module) HeaderFilterAllowPOST(c *gin.Context) {
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
diff --git a/internal/api/client/admin/headerfilter_delete.go b/internal/api/client/admin/headerfilter_delete.go
index 58b1c585e..400c5c4e3 100644
--- a/internal/api/client/admin/headerfilter_delete.go
+++ b/internal/api/client/admin/headerfilter_delete.go
@@ -39,7 +39,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '202':
@@ -76,7 +76,7 @@ func (m *Module) HeaderFilterAllowDELETE(c *gin.Context) {
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '202':
diff --git a/internal/api/client/admin/headerfilter_get.go b/internal/api/client/admin/headerfilter_get.go
index 5bca6d18d..cd00fe24c 100644
--- a/internal/api/client/admin/headerfilter_get.go
+++ b/internal/api/client/admin/headerfilter_get.go
@@ -37,7 +37,7 @@ import "github.com/gin-gonic/gin"
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -76,7 +76,7 @@ func (m *Module) HeaderFilterAllowGET(c *gin.Context) {
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
diff --git a/internal/api/client/admin/mediacleanup.go b/internal/api/client/admin/mediacleanup.go
index 661a8ff15..2554f8508 100644
--- a/internal/api/client/admin/mediacleanup.go
+++ b/internal/api/client/admin/mediacleanup.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MediaCleanupPOSTHandler swagger:operation POST /api/v1/admin/media_cleanup mediaCleanup
@@ -49,7 +48,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) MediaCleanupPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/mediarefetch.go b/internal/api/client/admin/mediarefetch.go
index b2b0516ba..47301460f 100644
--- a/internal/api/client/admin/mediarefetch.go
+++ b/internal/api/client/admin/mediarefetch.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MediaRefetchPOSTHandler swagger:operation POST /api/v1/admin/media_refetch mediaRefetch
@@ -42,7 +41,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// parameters:
// -
@@ -71,9 +70,12 @@ import (
// '500':
// description: internal server error
func (m *Module) MediaRefetchPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/reportget.go b/internal/api/client/admin/reportget.go
index f2acd214c..163043627 100644
--- a/internal/api/client/admin/reportget.go
+++ b/internal/api/client/admin/reportget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ReportGETHandler swagger:operation GET /api/v1/admin/reports/{id} adminReportGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:reports
//
// responses:
// '200':
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminReadReports,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/reportresolve.go b/internal/api/client/admin/reportresolve.go
index f17ae24be..2b9be3721 100644
--- a/internal/api/client/admin/reportresolve.go
+++ b/internal/api/client/admin/reportresolve.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ReportResolvePOSTHandler swagger:operation POST /api/v1/admin/reports/{id}/resolve adminReportResolve
@@ -65,7 +64,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write:reports
//
// responses:
// '200':
@@ -84,9 +83,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportResolvePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWriteReports,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/reportsget.go b/internal/api/client/admin/reportsget.go
index 893960e2a..64a144767 100644
--- a/internal/api/client/admin/reportsget.go
+++ b/internal/api/client/admin/reportsget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -100,7 +99,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read:reports
//
// responses:
// '200':
@@ -125,9 +124,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminReadReports,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/reportsget_test.go b/internal/api/client/admin/reportsget_test.go
index 3af187ad2..8639e0c6e 100644
--- a/internal/api/client/admin/reportsget_test.go
+++ b/internal/api/client/admin/reportsget_test.go
@@ -1149,7 +1149,7 @@ func (suite *ReportsGetTestSuite) TestReportsGetNotAdmin() {
testToken := suite.testTokens["local_account_1"]
testUser := suite.testUsers["local_account_1"]
- reports, _, err := suite.getReports(testAccount, testToken, testUser, http.StatusForbidden, `{"error":"Forbidden: user 01F8MGVGPHQ2D3P3X0454H54Z5 not an admin"}`, nil, "", "", "", "", "", 20)
+ reports, _, err := suite.getReports(testAccount, testToken, testUser, http.StatusForbidden, `{"error":"Forbidden: token has insufficient scope permission"}`, nil, "", "", "", "", "", 20)
suite.NoError(err)
suite.Empty(reports)
}
diff --git a/internal/api/client/admin/rulecreate.go b/internal/api/client/admin/rulecreate.go
index 8728940c5..9e4be1da3 100644
--- a/internal/api/client/admin/rulecreate.go
+++ b/internal/api/client/admin/rulecreate.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// RulePOSTHandler swagger:operation POST /api/v1/admin/instance/rules ruleCreate
@@ -45,7 +44,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -65,9 +64,12 @@ import (
// '500':
// description: internal server error
func (m *Module) RulePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/ruledelete.go b/internal/api/client/admin/ruledelete.go
index 7e8fc0037..c2797aa8d 100644
--- a/internal/api/client/admin/ruledelete.go
+++ b/internal/api/client/admin/ruledelete.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// RuleDELETEHandler swagger:operation DELETE /api/v1/admin/instance/rules/{id} ruleDelete
@@ -52,7 +51,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -72,9 +71,12 @@ import (
// '500':
// description: internal server error
func (m *Module) RuleDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/ruleget.go b/internal/api/client/admin/ruleget.go
index da76232eb..ce627a0d7 100644
--- a/internal/api/client/admin/ruleget.go
+++ b/internal/api/client/admin/ruleget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// RuleGETHandler swagger:operation GET /api/v1/admin/instance/rules/{id} adminRuleGet
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) RuleGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/rulesget.go b/internal/api/client/admin/rulesget.go
index b22ab1a8a..bc4961c6a 100644
--- a/internal/api/client/admin/rulesget.go
+++ b/internal/api/client/admin/rulesget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// RulesGETHandler swagger:operation GET /api/v1/admin/instance/rules adminsRuleGet
@@ -44,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:read
//
// responses:
// '200':
@@ -64,9 +63,12 @@ import (
// '500':
// description: internal server error
func (m *Module) RulesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminRead,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/admin/ruleupdate.go b/internal/api/client/admin/ruleupdate.go
index d58c30d94..db8b610e0 100644
--- a/internal/api/client/admin/ruleupdate.go
+++ b/internal/api/client/admin/ruleupdate.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// RulePATCHHandler swagger:operation PATCH /api/v1/admin/instance/rules/{id} ruleUpdate
@@ -44,7 +43,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -64,9 +63,12 @@ import (
// '500':
// description: internal server error
func (m *Module) RulePATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/announcements/announcementsget.go b/internal/api/client/announcements/announcementsget.go
index 04bd5f285..92353a4e7 100644
--- a/internal/api/client/announcements/announcementsget.go
+++ b/internal/api/client/announcements/announcementsget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AnnouncementsGETHandler swagger:operation GET /api/v1/announcements announcementsGet
@@ -40,8 +39,7 @@ import (
// - application/json
//
// security:
-// - OAuth2 Bearer:
-// - read:announcements
+// - OAuth2 Bearer: []
//
// responses:
// '200':
@@ -59,9 +57,11 @@ import (
// '500':
// description: internal server error
func (m *Module) AnnouncementsGETHandler(c *gin.Context) {
- _, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ _, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/apps/appcreate.go b/internal/api/client/apps/appcreate.go
index 8aa87c3b3..6a8208a20 100644
--- a/internal/api/client/apps/appcreate.go
+++ b/internal/api/client/apps/appcreate.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// these consts are used to ensure users can't spam huge entries into our database
@@ -74,9 +73,11 @@ const (
// '500':
// description: internal server error
func (m *Module) AppsPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, false, false, false, false)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ false, false, false, false,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/blocks/blocksget.go b/internal/api/client/blocks/blocksget.go
index fe5104c61..0d9a2234e 100644
--- a/internal/api/client/blocks/blocksget.go
+++ b/internal/api/client/blocks/blocksget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -107,9 +106,12 @@ import (
// '500':
// description: internal server error
func (m *Module) BlocksGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadBlocks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/bookmarks/bookmarksget.go b/internal/api/client/bookmarks/bookmarksget.go
index e6489c405..6fa87c688 100644
--- a/internal/api/client/bookmarks/bookmarksget.go
+++ b/internal/api/client/bookmarks/bookmarksget.go
@@ -25,7 +25,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
const (
@@ -93,9 +92,12 @@ const (
// '500':
// description: internal server error
func (m *Module) BookmarksGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadBookmarks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/conversations/conversationdelete.go b/internal/api/client/conversations/conversationdelete.go
index 6f8f43a94..dabb2bfc8 100644
--- a/internal/api/client/conversations/conversationdelete.go
+++ b/internal/api/client/conversations/conversationdelete.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ConversationDELETEHandler swagger:operation DELETE /api/v1/conversations/{id} conversationDelete
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ConversationDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteConversations,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/conversations/conversationread.go b/internal/api/client/conversations/conversationread.go
index 7f68a2a33..e168cca2e 100644
--- a/internal/api/client/conversations/conversationread.go
+++ b/internal/api/client/conversations/conversationread.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ConversationReadPOSTHandler swagger:operation POST /api/v1/conversation/{id}/read conversationRead
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ConversationReadPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteConversations,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/conversations/conversationsget.go b/internal/api/client/conversations/conversationsget.go
index 663b9a707..8cd70cd00 100644
--- a/internal/api/client/conversations/conversationsget.go
+++ b/internal/api/client/conversations/conversationsget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -107,9 +106,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ConversationsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/customemojis/customemojisget.go b/internal/api/client/customemojis/customemojisget.go
index be595afd7..7c9b88b4c 100644
--- a/internal/api/client/customemojis/customemojisget.go
+++ b/internal/api/client/customemojis/customemojisget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// CustomEmojisGETHandler swagger:operation GET /api/v1/custom_emojis customEmojisGet
@@ -38,8 +37,7 @@ import (
// - application/json
//
// security:
-// - OAuth2 Bearer:
-// - read:custom_emojis
+// - OAuth2 Bearer: []
//
// responses:
// '200':
@@ -55,8 +53,11 @@ import (
// '500':
// description: internal server error
func (m *Module) CustomEmojisGETHandler(c *gin.Context) {
- if _, err := oauth.Authed(c, true, true, true, true); err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ _, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/blocks.go b/internal/api/client/exports/blocks.go
index c31e2b0b4..bc8c2a6b3 100644
--- a/internal/api/client/exports/blocks.go
+++ b/internal/api/client/exports/blocks.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportBlocksGETHandler swagger:operation GET /api/v1/exports/blocks.csv exportBlocks
@@ -52,9 +51,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportBlocksGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadBlocks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/followers.go b/internal/api/client/exports/followers.go
index ceef94659..ad6306de0 100644
--- a/internal/api/client/exports/followers.go
+++ b/internal/api/client/exports/followers.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportFollowersGETHandler swagger:operation GET /api/v1/exports/followers.csv exportFollowers
@@ -39,7 +38,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:follows
+// - read:accounts
//
// responses:
// '200':
@@ -52,9 +51,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportFollowersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/following.go b/internal/api/client/exports/following.go
index e61cafc2a..b95492dfa 100644
--- a/internal/api/client/exports/following.go
+++ b/internal/api/client/exports/following.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportFollowingGETHandler swagger:operation GET /api/v1/exports/following.csv exportFollowing
@@ -52,9 +51,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportFollowingGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/lists.go b/internal/api/client/exports/lists.go
index 2debcc701..385df5501 100644
--- a/internal/api/client/exports/lists.go
+++ b/internal/api/client/exports/lists.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportListsGETHandler swagger:operation GET /api/v1/exports/lists.csv exportLists
@@ -52,9 +51,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportListsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/mutes.go b/internal/api/client/exports/mutes.go
index ab49b7719..6b9d699c9 100644
--- a/internal/api/client/exports/mutes.go
+++ b/internal/api/client/exports/mutes.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportMutesGETHandler swagger:operation GET /api/v1/exports/mutes.csv exportMutes
@@ -52,9 +51,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportMutesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/exports/stats.go b/internal/api/client/exports/stats.go
index 9e3f1b600..783826bb3 100644
--- a/internal/api/client/exports/stats.go
+++ b/internal/api/client/exports/stats.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ExportStatsGETHandler swagger:operation GET /api/v1/exports/stats exportStats
@@ -39,7 +38,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:account
+// - read:accounts
//
// responses:
// '200':
@@ -53,9 +52,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ExportStatsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/favourites/favouritesget.go b/internal/api/client/favourites/favouritesget.go
index 3ba2f9fcf..5396bc155 100644
--- a/internal/api/client/favourites/favouritesget.go
+++ b/internal/api/client/favourites/favouritesget.go
@@ -25,7 +25,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FavouritesGETHandler swagger:operation GET /api/v1/favourites favouritesGet
@@ -93,9 +92,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FavouritesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFavourites,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/featuredtags/get.go b/internal/api/client/featuredtags/get.go
index de47f7ee2..cab6b19a3 100644
--- a/internal/api/client/featuredtags/get.go
+++ b/internal/api/client/featuredtags/get.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FeaturedTagsGETHandler swagger:operation GET /api/v1/featured_tags getFeaturedTags
@@ -60,9 +59,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FeaturedTagsGETHandler(c *gin.Context) {
- _, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ _, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v1/filterdelete.go b/internal/api/client/filters/v1/filterdelete.go
index 267dd16d0..e28221ca6 100644
--- a/internal/api/client/filters/v1/filterdelete.go
+++ b/internal/api/client/filters/v1/filterdelete.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterDELETEHandler swagger:operation DELETE /api/v1/filters/{id} filterV1Delete
@@ -63,9 +62,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v1/filterget.go b/internal/api/client/filters/v1/filterget.go
index 35c44b60c..4af3dab16 100644
--- a/internal/api/client/filters/v1/filterget.go
+++ b/internal/api/client/filters/v1/filterget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterGETHandler swagger:operation GET /api/v1/filters/{id} filterV1Get
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v1/filterpost.go b/internal/api/client/filters/v1/filterpost.go
index a58f2273d..fb53b8e9b 100644
--- a/internal/api/client/filters/v1/filterpost.go
+++ b/internal/api/client/filters/v1/filterpost.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterPOSTHandler swagger:operation POST /api/v1/filters filterV1Post
@@ -130,9 +129,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v1/filterput.go b/internal/api/client/filters/v1/filterput.go
index edaf8104d..051fa1f63 100644
--- a/internal/api/client/filters/v1/filterput.go
+++ b/internal/api/client/filters/v1/filterput.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterPUTHandler swagger:operation PUT /api/v1/filters/{id} filterV1Put
@@ -136,9 +135,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v1/filtersget.go b/internal/api/client/filters/v1/filtersget.go
index f1e07a2da..d65776331 100644
--- a/internal/api/client/filters/v1/filtersget.go
+++ b/internal/api/client/filters/v1/filtersget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FiltersGETHandler swagger:operation GET /api/v1/filters filtersV1Get
@@ -60,9 +59,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FiltersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterdelete.go b/internal/api/client/filters/v2/filterdelete.go
index 7292fd631..2fd411e98 100644
--- a/internal/api/client/filters/v2/filterdelete.go
+++ b/internal/api/client/filters/v2/filterdelete.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterDELETEHandler swagger:operation DELETE /api/v2/filters/{id} filterV2Delete
@@ -63,9 +62,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterget.go b/internal/api/client/filters/v2/filterget.go
index a3481e0e0..eed65f39a 100644
--- a/internal/api/client/filters/v2/filterget.go
+++ b/internal/api/client/filters/v2/filterget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterGETHandler swagger:operation GET /api/v2/filters/{id} filterV2Get
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterkeyworddelete.go b/internal/api/client/filters/v2/filterkeyworddelete.go
index e9ba2b4c5..4dc8b5973 100644
--- a/internal/api/client/filters/v2/filterkeyworddelete.go
+++ b/internal/api/client/filters/v2/filterkeyworddelete.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterKeywordDELETEHandler swagger:operation DELETE /api/v2/filters/keywords/{id} filterKeywordDelete
@@ -63,9 +62,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterKeywordDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterkeywordget.go b/internal/api/client/filters/v2/filterkeywordget.go
index 2df6fd10a..f298d1af0 100644
--- a/internal/api/client/filters/v2/filterkeywordget.go
+++ b/internal/api/client/filters/v2/filterkeywordget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterKeywordGETHandler swagger:operation GET /api/v2/filters/keywords/{id} filterKeywordGet
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterKeywordGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterkeywordpost.go b/internal/api/client/filters/v2/filterkeywordpost.go
index ba8f80135..f7ccc1a80 100644
--- a/internal/api/client/filters/v2/filterkeywordpost.go
+++ b/internal/api/client/filters/v2/filterkeywordpost.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -100,9 +99,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterKeywordPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterkeywordput.go b/internal/api/client/filters/v2/filterkeywordput.go
index 44667660f..5f9fa3c9e 100644
--- a/internal/api/client/filters/v2/filterkeywordput.go
+++ b/internal/api/client/filters/v2/filterkeywordput.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterKeywordPUTHandler swagger:operation PUT /api/v2/filters/keywords{id} filterKeywordPut
@@ -97,9 +96,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterKeywordPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterkeywordsget.go b/internal/api/client/filters/v2/filterkeywordsget.go
index 3414c5d8c..2fa3140a9 100644
--- a/internal/api/client/filters/v2/filterkeywordsget.go
+++ b/internal/api/client/filters/v2/filterkeywordsget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterKeywordsGETHandler swagger:operation GET /api/v2/filters/{id}/keywords filterKeywordsGet
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterKeywordsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterpost.go b/internal/api/client/filters/v2/filterpost.go
index 5e87df617..b35938692 100644
--- a/internal/api/client/filters/v2/filterpost.go
+++ b/internal/api/client/filters/v2/filterpost.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -150,9 +149,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterput.go b/internal/api/client/filters/v2/filterput.go
index 58d3f4a22..b4b14e6c3 100644
--- a/internal/api/client/filters/v2/filterput.go
+++ b/internal/api/client/filters/v2/filterput.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -158,9 +157,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filtersget.go b/internal/api/client/filters/v2/filtersget.go
index 511a62d36..f304ffea5 100644
--- a/internal/api/client/filters/v2/filtersget.go
+++ b/internal/api/client/filters/v2/filtersget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FiltersGETHandler swagger:operation GET /api/v2/filters filtersV2Get
@@ -60,9 +59,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FiltersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterstatusdelete.go b/internal/api/client/filters/v2/filterstatusdelete.go
index 5a03b9a7c..2adc48190 100644
--- a/internal/api/client/filters/v2/filterstatusdelete.go
+++ b/internal/api/client/filters/v2/filterstatusdelete.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterStatusDELETEHandler swagger:operation DELETE /api/v2/filters/statuses/{id} filterStatusDelete
@@ -63,9 +62,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterStatusDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterstatusesget.go b/internal/api/client/filters/v2/filterstatusesget.go
index 3b05ca73d..ae76e814f 100644
--- a/internal/api/client/filters/v2/filterstatusesget.go
+++ b/internal/api/client/filters/v2/filterstatusesget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterStatusesGETHandler swagger:operation GET /api/v2/filters/{id}/statuses filterStatusesGet
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterStatusesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterstatusget.go b/internal/api/client/filters/v2/filterstatusget.go
index 9e62e4466..efe20f0c2 100644
--- a/internal/api/client/filters/v2/filterstatusget.go
+++ b/internal/api/client/filters/v2/filterstatusget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FilterStatusGETHandler swagger:operation GET /api/v2/filters/statuses/{id} filterStatusGet
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterStatusGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/filters/v2/filterstatuspost.go b/internal/api/client/filters/v2/filterstatuspost.go
index deef54a9c..c6921e584 100644
--- a/internal/api/client/filters/v2/filterstatuspost.go
+++ b/internal/api/client/filters/v2/filterstatuspost.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -88,9 +87,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FilterStatusPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFilters,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/followedtags/get.go b/internal/api/client/followedtags/get.go
index 68e4ffb5f..f1fa45b07 100644
--- a/internal/api/client/followedtags/get.go
+++ b/internal/api/client/followedtags/get.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -100,9 +99,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FollowedTagsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/followrequests/authorize.go b/internal/api/client/followrequests/authorize.go
index 6a6f0dc81..cc7b5598c 100644
--- a/internal/api/client/followrequests/authorize.go
+++ b/internal/api/client/followrequests/authorize.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FollowRequestAuthorizePOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/authorize authorizeFollowRequest
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FollowRequestAuthorizePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/followrequests/get.go b/internal/api/client/followrequests/get.go
index 40cdceaea..4b7760a6d 100644
--- a/internal/api/client/followrequests/get.go
+++ b/internal/api/client/followrequests/get.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -108,9 +107,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FollowRequestGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/followrequests/reject.go b/internal/api/client/followrequests/reject.go
index a8189b78a..4207925db 100644
--- a/internal/api/client/followrequests/reject.go
+++ b/internal/api/client/followrequests/reject.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FollowRequestRejectPOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/reject rejectFollowRequest
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FollowRequestRejectPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/import/import.go b/internal/api/client/import/import.go
index 6d85a6b23..c3908625b 100644
--- a/internal/api/client/import/import.go
+++ b/internal/api/client/import/import.go
@@ -28,7 +28,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/processing"
)
@@ -109,7 +108,7 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
//
// security:
// - OAuth2 Bearer:
-// - write:accounts
+// - write
//
// responses:
// '202':
@@ -123,9 +122,12 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
// '500':
// description: internal server error
func (m *Module) ImportPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -179,7 +181,7 @@ func (m *Module) ImportPOSTHandler(c *gin.Context) {
overwrite := form.Mode == "overwrite"
// Trigger the import.
- errWithCode := m.processor.Account().ImportData(
+ errWithCode = m.processor.Account().ImportData(
c.Request.Context(),
authed.Account,
form.Data,
diff --git a/internal/api/client/instance/instancepatch.go b/internal/api/client/instance/instancepatch.go
index 5085399eb..67856100d 100644
--- a/internal/api/client/instance/instancepatch.go
+++ b/internal/api/client/instance/instancepatch.go
@@ -27,7 +27,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// InstanceUpdatePATCHHandler swagger:operation PATCH /api/v1/instance instanceUpdate
@@ -107,7 +106,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - admin
+// - admin:write
//
// responses:
// '200':
@@ -127,9 +126,12 @@ import (
// '500':
// description: internal server error
func (m *Module) InstanceUpdatePATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeAdminWrite,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/instance/instancepatch_test.go b/internal/api/client/instance/instancepatch_test.go
index 53df20b6b..a63ca9e11 100644
--- a/internal/api/client/instance/instancepatch_test.go
+++ b/internal/api/client/instance/instancepatch_test.go
@@ -544,7 +544,7 @@ func (suite *InstancePatchTestSuite) TestInstancePatch5() {
b, err := io.ReadAll(result.Body)
suite.NoError(err)
- suite.Equal(`{"error":"Forbidden: user is not an admin so cannot update instance settings"}`, string(b))
+ suite.Equal(`{"error":"Forbidden: token has insufficient scope permission"}`, string(b))
}
func (suite *InstancePatchTestSuite) TestInstancePatch6() {
diff --git a/internal/api/client/instance/instancepeersget.go b/internal/api/client/instance/instancepeersget.go
index c278c0674..0b32a87e9 100644
--- a/internal/api/client/instance/instancepeersget.go
+++ b/internal/api/client/instance/instancepeersget.go
@@ -25,7 +25,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/gin-gonic/gin"
)
@@ -59,6 +58,9 @@ import (
// required: false
// default: "open"
//
+// security:
+// - OAuth2 Bearer: []
+//
// responses:
// '200':
// description: >-
@@ -99,9 +101,11 @@ import (
// '500':
// description: internal server error
func (m *Module) InstancePeersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, false, false, false, false)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ false, false, false, false,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionpolicies/getdefaults.go b/internal/api/client/interactionpolicies/getdefaults.go
index 4ad0071f4..870425e8d 100644
--- a/internal/api/client/interactionpolicies/getdefaults.go
+++ b/internal/api/client/interactionpolicies/getdefaults.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PoliciesDefaultsGETHandler swagger:operation GET /api/v1/interaction_policies/defaults policiesDefaultsGet
@@ -53,9 +52,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PoliciesDefaultsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionpolicies/updatedefaults.go b/internal/api/client/interactionpolicies/updatedefaults.go
index 39e95784f..8496b00aa 100644
--- a/internal/api/client/interactionpolicies/updatedefaults.go
+++ b/internal/api/client/interactionpolicies/updatedefaults.go
@@ -27,7 +27,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PoliciesDefaultsPATCHHandler swagger:operation PATCH /api/v1/interaction_policies/defaults policiesDefaultsUpdate
@@ -211,9 +210,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PoliciesDefaultsPATCHHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionrequests/authorize.go b/internal/api/client/interactionrequests/authorize.go
index 1e5589f7e..8191923ba 100644
--- a/internal/api/client/interactionrequests/authorize.go
+++ b/internal/api/client/interactionrequests/authorize.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// InteractionRequestAuthorizePOSTHandler swagger:operation POST /api/v1/interaction_requests/{id}/authorize authorizeInteractionRequest
@@ -66,9 +65,11 @@ import (
// '500':
// description: internal server error
func (m *Module) InteractionRequestAuthorizePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionrequests/get.go b/internal/api/client/interactionrequests/get.go
index a354a8623..d1d5f5eb4 100644
--- a/internal/api/client/interactionrequests/get.go
+++ b/internal/api/client/interactionrequests/get.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// InteractionRequestGETHandler swagger:operation GET /api/v1/interaction_requests/{id} getInteractionRequest
@@ -65,9 +64,12 @@ import (
// '500':
// description: internal server error
func (m *Module) InteractionRequestGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadNotifications,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionrequests/getpage.go b/internal/api/client/interactionrequests/getpage.go
index 1978a055c..f3f1251cc 100644
--- a/internal/api/client/interactionrequests/getpage.go
+++ b/internal/api/client/interactionrequests/getpage.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -137,9 +136,12 @@ import (
// '500':
// description: internal server error
func (m *Module) InteractionRequestsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadNotifications,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/interactionrequests/reject.go b/internal/api/client/interactionrequests/reject.go
index 33c426462..0102d872a 100644
--- a/internal/api/client/interactionrequests/reject.go
+++ b/internal/api/client/interactionrequests/reject.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// InteractionRequestRejectPOSTHandler swagger:operation POST /api/v1/interaction_requests/{id}/reject rejectInteractionRequest
@@ -66,9 +65,11 @@ import (
// '500':
// description: internal server error
func (m *Module) InteractionRequestRejectPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listaccounts.go b/internal/api/client/lists/listaccounts.go
index d609251f7..4c6c00292 100644
--- a/internal/api/client/lists/listaccounts.go
+++ b/internal/api/client/lists/listaccounts.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -117,9 +116,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListAccountsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listaccountsadd.go b/internal/api/client/lists/listaccountsadd.go
index 168c5e3fe..b27cd1e92 100644
--- a/internal/api/client/lists/listaccountsadd.go
+++ b/internal/api/client/lists/listaccountsadd.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListAccountsPOSTHandler swagger:operation POST /api/v1/lists/{id}/accounts addListAccounts
@@ -82,9 +81,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListAccountsPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listaccountsremove.go b/internal/api/client/lists/listaccountsremove.go
index 96f8b809d..160552d62 100644
--- a/internal/api/client/lists/listaccountsremove.go
+++ b/internal/api/client/lists/listaccountsremove.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListAccountsDELETEHandler swagger:operation DELETE /api/v1/lists/{id}/accounts removeListAccounts
@@ -82,9 +81,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListAccountsDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -108,7 +110,7 @@ func (m *Module) ListAccountsDELETEHandler(c *gin.Context) {
// parsing in order to be compatible with Mastodon's client API conventions.
oldMethod := c.Request.Method
c.Request.Method = "POST"
- err = c.ShouldBind(form)
+ err := c.ShouldBind(form)
c.Request.Method = oldMethod
if err != nil {
diff --git a/internal/api/client/lists/listcreate.go b/internal/api/client/lists/listcreate.go
index c8f547ccc..5d3daf2ed 100644
--- a/internal/api/client/lists/listcreate.go
+++ b/internal/api/client/lists/listcreate.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -97,9 +96,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListCreatePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listdelete.go b/internal/api/client/lists/listdelete.go
index b03f21e5a..33c0add70 100644
--- a/internal/api/client/lists/listdelete.go
+++ b/internal/api/client/lists/listdelete.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListDELETEHandler swagger:operation DELETE /api/v1/lists/{id} listDelete
@@ -64,9 +63,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listget.go b/internal/api/client/lists/listget.go
index 34b21d28b..008d516ba 100644
--- a/internal/api/client/lists/listget.go
+++ b/internal/api/client/lists/listget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListGETHandler swagger:operation GET /api/v1/lists/{id} list
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listsget.go b/internal/api/client/lists/listsget.go
index 6bfc3c883..9a40702b8 100644
--- a/internal/api/client/lists/listsget.go
+++ b/internal/api/client/lists/listsget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListsGETHandler swagger:operation GET /api/v1/lists lists
@@ -60,9 +59,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/lists/listupdate.go b/internal/api/client/lists/listupdate.go
index 38caa9621..388d878a9 100644
--- a/internal/api/client/lists/listupdate.go
+++ b/internal/api/client/lists/listupdate.go
@@ -27,7 +27,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -103,9 +102,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ListUpdatePUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -152,7 +154,7 @@ func (m *Module) ListUpdatePUTHandler(c *gin.Context) {
}
if form.Title == nil && repliesPolicy == nil && form.Exclusive == nil {
- err = errors.New("neither title nor replies_policy nor exclusive was set; nothing to update")
+ err := errors.New("neither title nor replies_policy nor exclusive was set; nothing to update")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/markers/markersget.go b/internal/api/client/markers/markersget.go
index 9f4fc4270..f5b70ca68 100644
--- a/internal/api/client/markers/markersget.go
+++ b/internal/api/client/markers/markersget.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/validate"
)
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) MarkersGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/markers/markerspost.go b/internal/api/client/markers/markerspost.go
index 8fe40c798..e2fffa265 100644
--- a/internal/api/client/markers/markerspost.go
+++ b/internal/api/client/markers/markerspost.go
@@ -25,7 +25,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MarkersPOSTHandler swagger:operation POST /api/v1/markers markersPost
@@ -72,9 +71,12 @@ import (
// '500':
// description: internal server error
func (m *Module) MarkersPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/media/mediacreate.go b/internal/api/client/media/mediacreate.go
index efe567f13..0f9de7b56 100644
--- a/internal/api/client/media/mediacreate.go
+++ b/internal/api/client/media/mediacreate.go
@@ -27,7 +27,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MediaCreatePOSTHandler swagger:operation POST /api/{api_version}/media mediaCreate
@@ -102,9 +101,12 @@ func (m *Module) MediaCreatePOSTHandler(c *gin.Context) {
return
}
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMedia,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/media/mediaget.go b/internal/api/client/media/mediaget.go
index 8456f85d8..8428e202f 100644
--- a/internal/api/client/media/mediaget.go
+++ b/internal/api/client/media/mediaget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MediaGETHandler swagger:operation GET /api/v1/media/{id} mediaGet
@@ -74,9 +73,14 @@ func (m *Module) MediaGETHandler(c *gin.Context) {
return
}
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ // This takes write even
+ // though it's a read.
+ apiutil.ScopeWriteMedia,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/media/mediaupdate.go b/internal/api/client/media/mediaupdate.go
index 0a9ce4eb8..b71b0c5f1 100644
--- a/internal/api/client/media/mediaupdate.go
+++ b/internal/api/client/media/mediaupdate.go
@@ -27,7 +27,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// MediaPUTHandler swagger:operation PUT /api/v1/media/{id} mediaUpdate
@@ -106,9 +105,12 @@ func (m *Module) MediaPUTHandler(c *gin.Context) {
return
}
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMedia,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/mutes/mutesget.go b/internal/api/client/mutes/mutesget.go
index 7fcbc2b44..76c31ebc6 100644
--- a/internal/api/client/mutes/mutesget.go
+++ b/internal/api/client/mutes/mutesget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -108,9 +107,12 @@ import (
// '500':
// description: internal server error
func (m *Module) MutesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/notifications/notificationget.go b/internal/api/client/notifications/notificationget.go
index 66bdefb28..0c15cf937 100644
--- a/internal/api/client/notifications/notificationget.go
+++ b/internal/api/client/notifications/notificationget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// NotificationGETHandler swagger:operation GET /api/v1/notification/{id} notification
@@ -67,9 +66,12 @@ import (
// '500':
// description: internal server error
func (m *Module) NotificationGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadNotifications,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/notifications/notificationsclear.go b/internal/api/client/notifications/notificationsclear.go
index 2d7da3c6b..3742f7eba 100644
--- a/internal/api/client/notifications/notificationsclear.go
+++ b/internal/api/client/notifications/notificationsclear.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// NotificationsClearPOSTHandler swagger:operation POST /api/v1/notifications/clear clearNotifications
@@ -41,7 +40,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:notifications
+// - write:notifications
//
// responses:
// '200':
@@ -58,9 +57,12 @@ import (
// '500':
// description: internal server error
func (m *Module) NotificationsClearPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteNotifications,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -69,7 +71,7 @@ func (m *Module) NotificationsClearPOSTHandler(c *gin.Context) {
return
}
- errWithCode := m.processor.Timeline().NotificationsClear(c.Request.Context(), authed)
+ errWithCode = m.processor.Timeline().NotificationsClear(c.Request.Context(), authed)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
diff --git a/internal/api/client/notifications/notificationsget.go b/internal/api/client/notifications/notificationsget.go
index b530c515d..e02ca23d8 100644
--- a/internal/api/client/notifications/notificationsget.go
+++ b/internal/api/client/notifications/notificationsget.go
@@ -26,7 +26,6 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -143,9 +142,12 @@ import (
// '500':
// description: internal server error
func (m *Module) NotificationsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadNotifications,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/polls/polls_get.go b/internal/api/client/polls/polls_get.go
index fc89255e9..e432b1f8e 100644
--- a/internal/api/client/polls/polls_get.go
+++ b/internal/api/client/polls/polls_get.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PollGETHandler swagger:operation GET /api/v1/polls/{id} poll
@@ -67,9 +66,11 @@ import (
// '500':
// description: internal server error
func (m *Module) PollGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/polls/polls_vote.go b/internal/api/client/polls/polls_vote.go
index 192ecbc0f..0c857e2d8 100644
--- a/internal/api/client/polls/polls_vote.go
+++ b/internal/api/client/polls/polls_vote.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PollVotePOSTHandler swagger:operation POST /api/v1/polls/{id}/votes pollVote
@@ -80,9 +79,11 @@ import (
// '500':
// description: internal server error
func (m *Module) PollVotePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/preferences/preferencesget.go b/internal/api/client/preferences/preferencesget.go
index 4a6cb4b55..20cfc7d36 100644
--- a/internal/api/client/preferences/preferencesget.go
+++ b/internal/api/client/preferences/preferencesget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PreferencesGETHandler swagger:operation GET /api/v1/preferences preferencesGet
@@ -71,9 +70,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PreferencesGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, false, false, false, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptiondelete.go b/internal/api/client/push/pushsubscriptiondelete.go
index 2a5fd8e69..c82222248 100644
--- a/internal/api/client/push/pushsubscriptiondelete.go
+++ b/internal/api/client/push/pushsubscriptiondelete.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionDELETEHandler swagger:operation DELETE /api/v1/push/subscription pushSubscriptionDelete
@@ -49,9 +47,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptiondelete_test.go b/internal/api/client/push/pushsubscriptiondelete_test.go
index 3e81ce2a1..2548f2fb7 100644
--- a/internal/api/client/push/pushsubscriptiondelete_test.go
+++ b/internal/api/client/push/pushsubscriptiondelete_test.go
@@ -76,7 +76,7 @@ func (suite *PushTestSuite) TestDeleteSubscription() {
func (suite *PushTestSuite) TestDeleteMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
err := suite.deleteSubscription(accountFixtureName, tokenFixtureName, 200)
suite.NoError(err)
diff --git a/internal/api/client/push/pushsubscriptionget.go b/internal/api/client/push/pushsubscriptionget.go
index 10774b862..d48e43108 100644
--- a/internal/api/client/push/pushsubscriptionget.go
+++ b/internal/api/client/push/pushsubscriptionget.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionGETHandler swagger:operation GET /api/v1/push/subscription pushSubscriptionGet
@@ -55,9 +53,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionget_test.go b/internal/api/client/push/pushsubscriptionget_test.go
index 23fb9e7f2..80f387195 100644
--- a/internal/api/client/push/pushsubscriptionget_test.go
+++ b/internal/api/client/push/pushsubscriptionget_test.go
@@ -95,7 +95,7 @@ func (suite *PushTestSuite) TestGetSubscription() {
func (suite *PushTestSuite) TestGetMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
_, err := suite.getSubscription(accountFixtureName, tokenFixtureName, 404)
suite.NoError(err)
diff --git a/internal/api/client/push/pushsubscriptionpost.go b/internal/api/client/push/pushsubscriptionpost.go
index cc1be185f..9893d7fe1 100644
--- a/internal/api/client/push/pushsubscriptionpost.go
+++ b/internal/api/client/push/pushsubscriptionpost.go
@@ -29,7 +29,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionPOSTHandler swagger:operation POST /api/v1/push/subscription pushSubscriptionPost
@@ -181,9 +180,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionpost_test.go b/internal/api/client/push/pushsubscriptionpost_test.go
index e7e8582df..251dde1f9 100644
--- a/internal/api/client/push/pushsubscriptionpost_test.go
+++ b/internal/api/client/push/pushsubscriptionpost_test.go
@@ -116,7 +116,7 @@ func (suite *PushTestSuite) postSubscription(
func (suite *PushTestSuite) TestPostSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
endpoint := "https://example.test/push"
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -152,7 +152,7 @@ func (suite *PushTestSuite) TestPostSubscription() {
func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
endpoint := "https://example.test/push"
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -186,7 +186,7 @@ func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
func (suite *PushTestSuite) TestPostInvalidSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
// No endpoint.
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -212,7 +212,7 @@ func (suite *PushTestSuite) TestPostInvalidSubscription() {
func (suite *PushTestSuite) TestPostSubscriptionJSON() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
requestJson := `{
"subscription": {
@@ -258,7 +258,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSON() {
func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
requestJson := `{
"subscription": {
@@ -298,7 +298,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
func (suite *PushTestSuite) TestPostInvalidSubscriptionJSON() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
// No endpoint.
requestJson := `{
diff --git a/internal/api/client/push/pushsubscriptionput.go b/internal/api/client/push/pushsubscriptionput.go
index 4d1c5765e..53e6a72e9 100644
--- a/internal/api/client/push/pushsubscriptionput.go
+++ b/internal/api/client/push/pushsubscriptionput.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -157,9 +156,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionput_test.go b/internal/api/client/push/pushsubscriptionput_test.go
index d9f0e395e..8b86add9e 100644
--- a/internal/api/client/push/pushsubscriptionput_test.go
+++ b/internal/api/client/push/pushsubscriptionput_test.go
@@ -170,7 +170,7 @@ func (suite *PushTestSuite) TestPutSubscriptionJSON() {
func (suite *PushTestSuite) TestPutMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
alertsMention := true
alertsStatus := false
diff --git a/internal/api/client/reports/reportcreate.go b/internal/api/client/reports/reportcreate.go
index a303cf20a..b9a4666ee 100644
--- a/internal/api/client/reports/reportcreate.go
+++ b/internal/api/client/reports/reportcreate.go
@@ -26,7 +26,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/regexes"
)
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteReports,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@@ -89,19 +91,19 @@ func (m *Module) ReportPOSTHandler(c *gin.Context) {
}
if form.AccountID == "" {
- err = errors.New("account_id must be set")
+ err := errors.New("account_id must be set")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
if !regexes.ULID.MatchString(form.AccountID) {
- err = errors.New("account_id was not valid")
+ err := errors.New("account_id was not valid")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
if length := len([]rune(form.Comment)); length > 1000 {
- err = fmt.Errorf("comment length must be no more than 1000 chars, provided comment was %d chars", length)
+ err := fmt.Errorf("comment length must be no more than 1000 chars, provided comment was %d chars", length)
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/reports/reportget.go b/internal/api/client/reports/reportget.go
index c9ca0054f..1219e4a12 100644
--- a/internal/api/client/reports/reportget.go
+++ b/internal/api/client/reports/reportget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ReportGETHandler swagger:operation GET /api/v1/reports/{id} reportGet
@@ -47,7 +46,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:reports
+// - read:accounts
//
// responses:
// '200':
@@ -65,9 +64,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/reports/reportsget.go b/internal/api/client/reports/reportsget.go
index 4c3d4e33a..65adf664f 100644
--- a/internal/api/client/reports/reportsget.go
+++ b/internal/api/client/reports/reportsget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
)
@@ -94,7 +93,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:reports
+// - read:accounts
//
// responses:
// '200':
@@ -119,9 +118,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportsGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/search/searchget.go b/internal/api/client/search/searchget.go
index 0f9595efc..05a64f244 100644
--- a/internal/api/client/search/searchget.go
+++ b/internal/api/client/search/searchget.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// SearchGETHandler swagger:operation GET /api/{api_version}/search searchGet
@@ -178,9 +177,12 @@ func (m *Module) SearchGETHandler(c *gin.Context) {
return
}
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadSearch,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusbookmark.go b/internal/api/client/statuses/statusbookmark.go
index 9dbc0f56e..059ed7e57 100644
--- a/internal/api/client/statuses/statusbookmark.go
+++ b/internal/api/client/statuses/statusbookmark.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusBookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/bookmark statusBookmark
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - write:statuses
+// - write:bookmarks
//
// responses:
// '200':
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusBookmarkPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteBookmarks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusboost.go b/internal/api/client/statuses/statusboost.go
index 035ee8747..fb4c5e5ee 100644
--- a/internal/api/client/statuses/statusboost.go
+++ b/internal/api/client/statuses/statusboost.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusBoostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/reblog statusReblog
@@ -72,9 +71,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusBoostPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusboostedby.go b/internal/api/client/statuses/statusboostedby.go
index 15e0e26a0..9ee82c709 100644
--- a/internal/api/client/statuses/statusboostedby.go
+++ b/internal/api/client/statuses/statusboostedby.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusBoostedByGETHandler swagger:operation GET /api/v1/statuses/{id}/reblogged_by statusBoostedBy
@@ -65,9 +64,12 @@ import (
// '404':
// description: not found
func (m *Module) StatusBoostedByGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statuscontext.go b/internal/api/client/statuses/statuscontext.go
index 0eea50819..cae48e938 100644
--- a/internal/api/client/statuses/statuscontext.go
+++ b/internal/api/client/statuses/statuscontext.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusContextGETHandler swagger:operation GET /api/v1/statuses/{id}/context threadContext
@@ -71,9 +70,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusContextGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statuscreate.go b/internal/api/client/statuses/statuscreate.go
index bfb1c486d..686e29ec4 100644
--- a/internal/api/client/statuses/statuscreate.go
+++ b/internal/api/client/statuses/statuscreate.go
@@ -28,7 +28,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -262,9 +261,12 @@ import (
// '501':
// description: scheduled_at was set, but this feature is not yet implemented
func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusdelete.go b/internal/api/client/statuses/statusdelete.go
index fa62d6893..c5ff046f7 100644
--- a/internal/api/client/statuses/statusdelete.go
+++ b/internal/api/client/statuses/statusdelete.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusDELETEHandler swagger:operation DELETE /api/v1/statuses/{id} statusDelete
@@ -71,9 +70,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusedit.go b/internal/api/client/statuses/statusedit.go
index dfd7d651e..dbd2224f7 100644
--- a/internal/api/client/statuses/statusedit.go
+++ b/internal/api/client/statuses/statusedit.go
@@ -27,7 +27,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -156,9 +155,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusEditPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusfave.go b/internal/api/client/statuses/statusfave.go
index 41d45c6b8..23ff2d7a1 100644
--- a/internal/api/client/statuses/statusfave.go
+++ b/internal/api/client/statuses/statusfave.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusFavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/favourite statusFave
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusFavePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusfavedby.go b/internal/api/client/statuses/statusfavedby.go
index 7dca760cc..a4a0611ce 100644
--- a/internal/api/client/statuses/statusfavedby.go
+++ b/internal/api/client/statuses/statusfavedby.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusFavedByGETHandler swagger:operation GET /api/v1/statuses/{id}/favourited_by statusFavedBy
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusFavedByGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusget.go b/internal/api/client/statuses/statusget.go
index 8c3edac81..f8fb2cb50 100644
--- a/internal/api/client/statuses/statusget.go
+++ b/internal/api/client/statuses/statusget.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusGETHandler swagger:operation GET /api/v1/statuses/{id} statusGet
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statushistory.go b/internal/api/client/statuses/statushistory.go
index ba1af58cf..dc5932ff7 100644
--- a/internal/api/client/statuses/statushistory.go
+++ b/internal/api/client/statuses/statushistory.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusHistoryGETHandler swagger:operation GET /api/v1/statuses/{id}/history statusHistoryGet
@@ -70,9 +69,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusHistoryGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusmute.go b/internal/api/client/statuses/statusmute.go
index 58d14a8bf..42df112a3 100644
--- a/internal/api/client/statuses/statusmute.go
+++ b/internal/api/client/statuses/statusmute.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusMutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/mute statusMute
@@ -72,9 +71,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusMutePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statuspin.go b/internal/api/client/statuses/statuspin.go
index e5879f715..0c4c681a6 100644
--- a/internal/api/client/statuses/statuspin.go
+++ b/internal/api/client/statuses/statuspin.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusPinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/pin statusPin
@@ -74,9 +73,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusPinPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statussource.go b/internal/api/client/statuses/statussource.go
index c74d99bfc..fd15e8719 100644
--- a/internal/api/client/statuses/statussource.go
+++ b/internal/api/client/statuses/statussource.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusSourceGETHandler swagger:operation GET /api/v1/statuses/{id}/source statusSourceGet
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusSourceGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusunbookmark.go b/internal/api/client/statuses/statusunbookmark.go
index 7dbed9658..ca4e669a7 100644
--- a/internal/api/client/statuses/statusunbookmark.go
+++ b/internal/api/client/statuses/statusunbookmark.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusUnbookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unbookmark statusUnbookmark
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - write:statuses
+// - write:bookmarks
//
// responses:
// '200':
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusUnbookmarkPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteBookmarks,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusunboost.go b/internal/api/client/statuses/statusunboost.go
index ae5c2f600..c7fd00ab7 100644
--- a/internal/api/client/statuses/statusunboost.go
+++ b/internal/api/client/statuses/statusunboost.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusUnboostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unreblog statusUnreblog
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusUnboostPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusunfave.go b/internal/api/client/statuses/statusunfave.go
index 6fb445143..d7dbe10ce 100644
--- a/internal/api/client/statuses/statusunfave.go
+++ b/internal/api/client/statuses/statusunfave.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusUnfavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unfavourite statusUnfave
@@ -48,7 +47,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - write:statuses
+// - write:favourites
//
// responses:
// '200':
@@ -68,9 +67,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusUnfavePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFavourites,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusunmute.go b/internal/api/client/statuses/statusunmute.go
index e657992ca..76018fd27 100644
--- a/internal/api/client/statuses/statusunmute.go
+++ b/internal/api/client/statuses/statusunmute.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusUnmutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unmute statusUnmute
@@ -72,9 +71,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusUnmutePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteMutes,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/statuses/statusunpin.go b/internal/api/client/statuses/statusunpin.go
index fbe85755f..32cb913e0 100644
--- a/internal/api/client/statuses/statusunpin.go
+++ b/internal/api/client/statuses/statusunpin.go
@@ -24,7 +24,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// StatusUnpinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unpin statusUnpin
@@ -69,9 +68,12 @@ import (
// '500':
// description: internal server error
func (m *Module) StatusUnpinPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/streaming/stream.go b/internal/api/client/streaming/stream.go
index 6c57cea03..e6d1b80f7 100644
--- a/internal/api/client/streaming/stream.go
+++ b/internal/api/client/streaming/stream.go
@@ -28,7 +28,6 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/id"
"github.com/superseriousbusiness/gotosocial/internal/log"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
streampkg "github.com/superseriousbusiness/gotosocial/internal/stream"
"github.com/gin-gonic/gin"
@@ -187,9 +186,8 @@ func (m *Module) StreamGETHandler(c *gin.Context) {
// No explicit token was provided:
// try regular oauth as a last resort.
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
+ authed, errWithCode := apiutil.TokenAuth(c, true, true, true, true)
+ if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/tags/follow.go b/internal/api/client/tags/follow.go
index 2952996b1..07804013a 100644
--- a/internal/api/client/tags/follow.go
+++ b/internal/api/client/tags/follow.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// FollowTagPOSTHandler swagger:operation POST /api/v1/tags/{tag_name}/follow followTag
@@ -65,9 +63,12 @@ import (
// '500':
// description: internal server error
func (m *Module) FollowTagPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/tags/get.go b/internal/api/client/tags/get.go
index b61b7cc65..a6a433d7d 100644
--- a/internal/api/client/tags/get.go
+++ b/internal/api/client/tags/get.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// TagGETHandler swagger:operation GET /api/v1/tags/{tag_name} getTag
@@ -40,8 +38,7 @@ import (
// - application/json
//
// security:
-// - OAuth2 Bearer:
-// - read:follows
+// - OAuth2 Bearer: []
//
// parameters:
// -
@@ -67,9 +64,11 @@ import (
// '500':
// description: internal server error
func (m *Module) TagGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/tags/unfollow.go b/internal/api/client/tags/unfollow.go
index 3166e08ed..49ebd463e 100644
--- a/internal/api/client/tags/unfollow.go
+++ b/internal/api/client/tags/unfollow.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// UnfollowTagPOSTHandler swagger:operation POST /api/v1/tags/{tag_name}/unfollow unfollowTag
@@ -67,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) UnfollowTagPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteFollows,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/timelines/home.go b/internal/api/client/timelines/home.go
index 55928dd3a..8e957d498 100644
--- a/internal/api/client/timelines/home.go
+++ b/internal/api/client/timelines/home.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// HomeTimelineGETHandler swagger:operation GET /api/v1/timelines/home homeTimeline
@@ -107,9 +106,12 @@ import (
// '400':
// description: bad request
func (m *Module) HomeTimelineGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/timelines/list.go b/internal/api/client/timelines/list.go
index 25695bf0e..b02489d6c 100644
--- a/internal/api/client/timelines/list.go
+++ b/internal/api/client/timelines/list.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ListTimelineGETHandler swagger:operation GET /api/v1/timelines/list/{id} listTimeline
@@ -106,9 +105,12 @@ import (
// '400':
// description: bad request
func (m *Module) ListTimelineGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadLists,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/timelines/public.go b/internal/api/client/timelines/public.go
index 49530216f..d6df36f09 100644
--- a/internal/api/client/timelines/public.go
+++ b/internal/api/client/timelines/public.go
@@ -24,7 +24,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PublicTimelineGETHandler swagger:operation GET /api/v1/timelines/public publicTimeline
@@ -108,19 +107,25 @@ import (
// '400':
// description: bad request
func (m *Module) PublicTimelineGETHandler(c *gin.Context) {
- var authed *oauth.Auth
- var err error
-
+ var (
+ authed *apiutil.Auth
+ errWithCode gtserror.WithCode
+ )
if config.GetInstanceExposePublicTimeline() {
// If the public timeline is allowed to be exposed, still check if we
// can extract various authentication properties, but don't require them.
- authed, err = oauth.Authed(c, false, false, false, false)
+ authed, errWithCode = apiutil.TokenAuth(c,
+ false, false, false, false,
+ )
} else {
- authed, err = oauth.Authed(c, true, true, true, true)
+ authed, errWithCode = apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
}
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/timelines/tag.go b/internal/api/client/timelines/tag.go
index 258184355..8c3a86f81 100644
--- a/internal/api/client/timelines/tag.go
+++ b/internal/api/client/timelines/tag.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// TagTimelineGETHandler swagger:operation GET /api/v1/timelines/tag/{tag_name} tagTimeline
@@ -108,9 +107,12 @@ import (
// '400':
// description: bad request
func (m *Module) TagTimelineGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadStatuses,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/user/emailchange.go b/internal/api/client/user/emailchange.go
index b2e25343f..09d5e8fde 100644
--- a/internal/api/client/user/emailchange.go
+++ b/internal/api/client/user/emailchange.go
@@ -25,7 +25,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// EmailChangePOSTHandler swagger:operation POST /api/v1/user/email_change userEmailChange
@@ -46,7 +45,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - write:user
+// - write:accounts
//
// responses:
// '202':
@@ -66,9 +65,12 @@ import (
// '500':
// description: internal error
func (m *Module) EmailChangePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go
index df9f5b0c8..8b1c7e29a 100644
--- a/internal/api/client/user/passwordchange.go
+++ b/internal/api/client/user/passwordchange.go
@@ -26,7 +26,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
const OIDCPasswordHelp = "password change request cannot be processed by GoToSocial as this instance is running with OIDC enabled; you must change password using your OIDC provider"
@@ -52,7 +51,7 @@ const OIDCPasswordHelp = "password change request cannot be processed by GoToSoc
//
// security:
// - OAuth2 Bearer:
-// - write:user
+// - write:accounts
//
// responses:
// '200':
@@ -70,9 +69,12 @@ const OIDCPasswordHelp = "password change request cannot be processed by GoToSoc
// '500':
// description: internal error
func (m *Module) PasswordChangePOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeWriteAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/user/userget.go b/internal/api/client/user/userget.go
index 147c1dbd5..c82a6d644 100644
--- a/internal/api/client/user/userget.go
+++ b/internal/api/client/user/userget.go
@@ -23,7 +23,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// UserGETHandler swagger:operation GET /api/v1/user getUser
@@ -39,7 +38,7 @@ import (
//
// security:
// - OAuth2 Bearer:
-// - read:user
+// - read:accounts
//
// responses:
// '200':
@@ -57,9 +56,12 @@ import (
// '500':
// description: internal error
func (m *Module) UserGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopeReadAccounts,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/fileserver/servefile.go b/internal/api/fileserver/servefile.go
index fc6ef0e7e..56285ea48 100644
--- a/internal/api/fileserver/servefile.go
+++ b/internal/api/fileserver/servefile.go
@@ -31,7 +31,6 @@ import (
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/log"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// ServeFile is for serving attachments, headers, and avatars to the requester from instance storage.
@@ -39,9 +38,9 @@ import (
// Note: to mitigate scraping attempts, no information should be given out on a bad request except "404 page not found".
// Don't give away account ids or media ids or anything like that; callers shouldn't be able to infer anything.
func (m *Module) ServeFile(c *gin.Context) {
- authed, err := oauth.Authed(c, false, false, false, false)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c, false, false, false, false)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/util/auth.go b/internal/api/util/auth.go
new file mode 100644
index 000000000..5c6afb306
--- /dev/null
+++ b/internal/api/util/auth.go
@@ -0,0 +1,152 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package util
+
+import (
+ "errors"
+ "slices"
+ "strings"
+
+ "github.com/gin-gonic/gin"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/oauth"
+ "github.com/superseriousbusiness/oauth2/v4"
+)
+
+// Auth wraps an authorized token, application, user, and account.
+// It is used in the functions GetAuthed and MustAuth.
+// Because the user might *not* be authed, any of the fields in this struct
+// might be nil, so make sure to check that when you're using this struct anywhere.
+type Auth struct {
+ Token oauth2.TokenInfo
+ Application *gtsmodel.Application
+ User *gtsmodel.User
+ Account *gtsmodel.Account
+}
+
+// TokenAuth is a convenience function for returning an TokenAuth struct from a gin context.
+// In essence, it tries to extract a token, application, user, and account from the context,
+// and then sets them on a struct for convenience.
+//
+// If any are not present in the context, they will be set to nil on the returned TokenAuth struct.
+//
+// If *ALL* are not present, then nil and an error will be returned.
+//
+// If something goes wrong during parsing, then nil and an error will be returned (consider this not authed).
+// TokenAuth is like GetAuthed, but will fail if one of the requirements is not met.
+func TokenAuth(
+ c *gin.Context,
+ requireToken bool,
+ requireApp bool,
+ requireUser bool,
+ requireAccount bool,
+ requireScope ...Scope,
+) (*Auth, gtserror.WithCode) {
+ var (
+ ctx = c.Copy()
+ a = &Auth{}
+ i interface{}
+ ok bool
+ )
+
+ i, ok = ctx.Get(oauth.SessionAuthorizedToken)
+ if ok {
+ parsed, ok := i.(oauth2.TokenInfo)
+ if !ok {
+ const errText = "could not parse token from session context"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+ a.Token = parsed
+ }
+
+ i, ok = ctx.Get(oauth.SessionAuthorizedApplication)
+ if ok {
+ parsed, ok := i.(*gtsmodel.Application)
+ if !ok {
+ const errText = "could not parse application from session context"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+ a.Application = parsed
+ }
+
+ i, ok = ctx.Get(oauth.SessionAuthorizedUser)
+ if ok {
+ parsed, ok := i.(*gtsmodel.User)
+ if !ok {
+ const errText = "could not parse user from session context"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+ a.User = parsed
+ }
+
+ i, ok = ctx.Get(oauth.SessionAuthorizedAccount)
+ if ok {
+ parsed, ok := i.(*gtsmodel.Account)
+ if !ok {
+ const errText = "could not parse account from session context"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+ a.Account = parsed
+ }
+
+ if requireToken && a.Token == nil {
+ const errText = "token not supplied"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+
+ if requireApp && a.Application == nil {
+ const errText = "application not supplied"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+
+ if requireUser && a.User == nil {
+ const errText = "user not supplied or not authorized"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+
+ if requireAccount && a.Account == nil {
+ const errText = "account not supplied or not authorized"
+ return nil, gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+ }
+
+ if len(requireScope) != 0 {
+ // We need to match one of the
+ // required scopes, check if we can.
+ hasScopes := strings.Split(a.Token.GetScope(), " ")
+ scopeOK := slices.ContainsFunc(
+ hasScopes,
+ func(hasScope string) bool {
+ for _, requiredScope := range requireScope {
+ if Scope(hasScope).Permits(requiredScope) {
+ // Got it.
+ return true
+ }
+ }
+ return false
+ },
+ )
+
+ if !scopeOK {
+ const errText = "token has insufficient scope permission"
+ return nil, gtserror.NewErrorForbidden(errors.New(errText), errText)
+ }
+ }
+
+ return a, nil
+}
diff --git a/internal/api/util/scopes.go b/internal/api/util/scopes.go
new file mode 100644
index 000000000..d02d3cc0d
--- /dev/null
+++ b/internal/api/util/scopes.go
@@ -0,0 +1,103 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package util
+
+import (
+ "strings"
+)
+
+type Scope string
+
+const (
+ /* Sub-scopes / scope components */
+
+ scopeAccounts = "accounts"
+ scopeBlocks = "blocks"
+ scopeBookmarks = "bookmarks"
+ scopeConversations = "conversations"
+ scopeDomainAllows = "domain_allows"
+ scopeDomainBlocks = "domain_blocks"
+ scopeFavourites = "favourites"
+ scopeFilters = "filters"
+ scopeFollows = "follows"
+ scopeLists = "lists"
+ scopeMedia = "media"
+ scopeMutes = "mutes"
+ scopeNotifications = "notifications"
+ scopeReports = "reports"
+ scopeSearch = "search"
+ scopeStatuses = "statuses"
+
+ /* Top-level scopes */
+
+ ScopeProfile Scope = "profile"
+ ScopePush Scope = "push"
+ ScopeRead Scope = "read"
+ ScopeWrite Scope = "write"
+ ScopeAdmin Scope = "admin"
+ ScopeAdminRead Scope = ScopeAdmin + ":" + ScopeRead
+ ScopeAdminWrite Scope = ScopeAdmin + ":" + ScopeWrite
+
+ /* Granular scopes */
+
+ ScopeReadAccounts Scope = ScopeRead + ":" + scopeAccounts
+ ScopeWriteAccounts Scope = ScopeWrite + ":" + scopeAccounts
+ ScopeReadBlocks Scope = ScopeRead + ":" + scopeBlocks
+ ScopeWriteBlocks Scope = ScopeWrite + ":" + scopeBlocks
+ ScopeReadBookmarks Scope = ScopeRead + ":" + scopeBookmarks
+ ScopeWriteBookmarks Scope = ScopeWrite + ":" + scopeBookmarks
+ ScopeWriteConversations Scope = ScopeWrite + ":" + scopeConversations
+ ScopeReadFavourites Scope = ScopeRead + ":" + scopeFavourites
+ ScopeWriteFavourites Scope = ScopeWrite + ":" + scopeFavourites
+ ScopeReadFilters Scope = ScopeRead + ":" + scopeFilters
+ ScopeWriteFilters Scope = ScopeWrite + ":" + scopeFilters
+ ScopeReadFollows Scope = ScopeRead + ":" + scopeFollows
+ ScopeWriteFollows Scope = ScopeWrite + ":" + scopeFollows
+ ScopeReadLists Scope = ScopeRead + ":" + scopeLists
+ ScopeWriteLists Scope = ScopeWrite + ":" + scopeLists
+ ScopeWriteMedia Scope = ScopeWrite + ":" + scopeMedia
+ ScopeReadMutes Scope = ScopeRead + ":" + scopeMutes
+ ScopeWriteMutes Scope = ScopeWrite + ":" + scopeMutes
+ ScopeReadNotifications Scope = ScopeRead + ":" + scopeNotifications
+ ScopeWriteNotifications Scope = ScopeWrite + ":" + scopeNotifications
+ ScopeWriteReports Scope = ScopeWrite + ":" + scopeReports
+ ScopeReadSearch Scope = ScopeRead + ":" + scopeSearch
+ ScopeReadStatuses Scope = ScopeRead + ":" + scopeStatuses
+ ScopeWriteStatuses Scope = ScopeWrite + ":" + scopeStatuses
+ ScopeAdminReadAccounts Scope = ScopeAdminRead + ":" + scopeAccounts
+ ScopeAdminWriteAccounts Scope = ScopeAdminWrite + ":" + scopeAccounts
+ ScopeAdminReadReports Scope = ScopeAdminRead + ":" + scopeReports
+ ScopeAdminWriteReports Scope = ScopeAdminWrite + ":" + scopeReports
+ ScopeAdminReadDomainAllows Scope = ScopeAdminRead + ":" + scopeDomainAllows
+ ScopeAdminWriteDomainAllows Scope = ScopeAdminWrite + ":" + scopeDomainAllows
+ ScopeAdminReadDomainBlocks Scope = ScopeAdminRead + ":" + scopeDomainBlocks
+ ScopeAdminWriteDomainBlocks Scope = ScopeAdminWrite + ":" + scopeDomainBlocks
+)
+
+// Permits returns true if the
+// scope permits the wanted scope.
+func (has Scope) Permits(wanted Scope) bool {
+ if has == wanted {
+ // Exact match.
+ return true
+ }
+
+ // Check if we have a parent scope of what's wanted,
+ // eg., we have scope "admin", we want "admin:read".
+ return strings.HasPrefix(string(wanted), string(has))
+}
diff --git a/internal/api/util/scopes_test.go b/internal/api/util/scopes_test.go
new file mode 100644
index 000000000..bd533585b
--- /dev/null
+++ b/internal/api/util/scopes_test.go
@@ -0,0 +1,101 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package util_test
+
+import (
+ "testing"
+
+ "github.com/superseriousbusiness/gotosocial/internal/api/util"
+)
+
+func TestScopes(t *testing.T) {
+ for _, test := range []struct {
+ HasScope util.Scope
+ WantsScope util.Scope
+ Expect bool
+ }{
+ {
+ HasScope: util.ScopeRead,
+ WantsScope: util.ScopeRead,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeRead,
+ WantsScope: util.ScopeWrite,
+ Expect: false,
+ },
+ {
+ HasScope: util.ScopeWrite,
+ WantsScope: util.ScopeWrite,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeWrite,
+ WantsScope: util.ScopeRead,
+ Expect: false,
+ },
+ {
+ HasScope: util.ScopePush,
+ WantsScope: util.ScopePush,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeAdmin,
+ WantsScope: util.ScopeAdmin,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeProfile,
+ WantsScope: util.ScopeProfile,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeReadAccounts,
+ WantsScope: util.ScopeWriteAccounts,
+ Expect: false,
+ },
+ {
+ HasScope: util.ScopeWriteAccounts,
+ WantsScope: util.ScopeWriteAccounts,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeWrite,
+ WantsScope: util.ScopeWriteAccounts,
+ Expect: true,
+ },
+ {
+ HasScope: util.ScopeRead,
+ WantsScope: util.ScopeWriteAccounts,
+ Expect: false,
+ },
+ {
+ HasScope: util.ScopeWriteAccounts,
+ WantsScope: util.ScopeWrite,
+ Expect: false,
+ },
+ } {
+ res := test.HasScope.Permits(test.WantsScope)
+ if res != test.Expect {
+ t.Errorf(
+ "did not get expected result %v for input: has %s, wants %s",
+ test.Expect, test.HasScope, test.WantsScope,
+ )
+ }
+ }
+}
diff --git a/internal/oauth/tokenstore_test.go b/internal/oauth/tokenstore_test.go
deleted file mode 100644
index 2b76024f7..000000000
--- a/internal/oauth/tokenstore_test.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-package oauth_test
-
-// TODO: write tests
diff --git a/internal/oauth/util.go b/internal/oauth/util.go
deleted file mode 100644
index e7b2d1292..000000000
--- a/internal/oauth/util.go
+++ /dev/null
@@ -1,107 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see .
-
-package oauth
-
-import (
- "github.com/gin-gonic/gin"
- "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/oauth2/v4"
- "github.com/superseriousbusiness/oauth2/v4/errors"
-)
-
-// Auth wraps an authorized token, application, user, and account.
-// It is used in the functions GetAuthed and MustAuth.
-// Because the user might *not* be authed, any of the fields in this struct
-// might be nil, so make sure to check that when you're using this struct anywhere.
-type Auth struct {
- Token oauth2.TokenInfo
- Application *gtsmodel.Application
- User *gtsmodel.User
- Account *gtsmodel.Account
-}
-
-// Authed is a convenience function for returning an Authed struct from a gin context.
-// In essence, it tries to extract a token, application, user, and account from the context,
-// and then sets them on a struct for convenience.
-//
-// If any are not present in the context, they will be set to nil on the returned Authed struct.
-//
-// If *ALL* are not present, then nil and an error will be returned.
-//
-// If something goes wrong during parsing, then nil and an error will be returned (consider this not authed).
-// Authed is like GetAuthed, but will fail if one of the requirements is not met.
-func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool, requireAccount bool) (*Auth, error) {
- ctx := c.Copy()
- a := &Auth{}
- var i interface{}
- var ok bool
-
- i, ok = ctx.Get(SessionAuthorizedToken)
- if ok {
- parsed, ok := i.(oauth2.TokenInfo)
- if !ok {
- return nil, errors.New("could not parse token from session context")
- }
- a.Token = parsed
- }
-
- i, ok = ctx.Get(SessionAuthorizedApplication)
- if ok {
- parsed, ok := i.(*gtsmodel.Application)
- if !ok {
- return nil, errors.New("could not parse application from session context")
- }
- a.Application = parsed
- }
-
- i, ok = ctx.Get(SessionAuthorizedUser)
- if ok {
- parsed, ok := i.(*gtsmodel.User)
- if !ok {
- return nil, errors.New("could not parse user from session context")
- }
- a.User = parsed
- }
-
- i, ok = ctx.Get(SessionAuthorizedAccount)
- if ok {
- parsed, ok := i.(*gtsmodel.Account)
- if !ok {
- return nil, errors.New("could not parse account from session context")
- }
- a.Account = parsed
- }
-
- if requireToken && a.Token == nil {
- return nil, errors.New("token not supplied")
- }
-
- if requireApp && a.Application == nil {
- return nil, errors.New("application not supplied")
- }
-
- if requireUser && a.User == nil {
- return nil, errors.New("user not supplied or not authorized")
- }
-
- if requireAccount && a.Account == nil {
- return nil, errors.New("account not supplied or not authorized")
- }
-
- return a, nil
-}
diff --git a/internal/processing/account/move.go b/internal/processing/account/move.go
index 44f8da268..1c5209e70 100644
--- a/internal/processing/account/move.go
+++ b/internal/processing/account/move.go
@@ -27,6 +27,7 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/ap"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
@@ -34,14 +35,13 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/id"
"github.com/superseriousbusiness/gotosocial/internal/messages"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/uris"
"golang.org/x/crypto/bcrypt"
)
func (p *Processor) MoveSelf(
ctx context.Context,
- authed *oauth.Auth,
+ authed *apiutil.Auth,
form *apimodel.AccountMoveRequest,
) gtserror.WithCode {
// Ensure valid MovedToURI.
diff --git a/internal/processing/account/move_test.go b/internal/processing/account/move_test.go
index 9d06829ca..76cbe1512 100644
--- a/internal/processing/account/move_test.go
+++ b/internal/processing/account/move_test.go
@@ -24,6 +24,7 @@ import (
"github.com/stretchr/testify/suite"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/oauth"
)
@@ -56,7 +57,7 @@ func (suite *MoveTestSuite) TestMoveAccountOK() {
// Trigger move from zork to admin.
if err := suite.accountProcessor.MoveSelf(
ctx,
- &oauth.Auth{
+ &apiutil.Auth{
Token: oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
Application: suite.testApplications["local_account_1"],
User: suite.testUsers["local_account_1"],
@@ -120,7 +121,7 @@ func (suite *MoveTestSuite) TestMoveAccountNotAliased() {
// not aliased back to zork.
err := suite.accountProcessor.MoveSelf(
ctx,
- &oauth.Auth{
+ &apiutil.Auth{
Token: oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
Application: suite.testApplications["local_account_1"],
User: suite.testUsers["local_account_1"],
@@ -150,7 +151,7 @@ func (suite *MoveTestSuite) TestMoveAccountBadPassword() {
// not aliased back to zork.
err := suite.accountProcessor.MoveSelf(
ctx,
- &oauth.Auth{
+ &apiutil.Auth{
Token: oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
Application: suite.testApplications["local_account_1"],
User: suite.testUsers["local_account_1"],
diff --git a/internal/processing/app.go b/internal/processing/app.go
index d492b3bc4..2a43c5212 100644
--- a/internal/processing/app.go
+++ b/internal/processing/app.go
@@ -22,13 +22,13 @@ import (
"github.com/google/uuid"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/id"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
-func (p *Processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
+func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
// set default 'read' for scopes if it's not set
var scopes string
if form.Scopes == "" {
diff --git a/internal/processing/processor_test.go b/internal/processing/processor_test.go
index 84ab9ef48..9cf6cbd60 100644
--- a/internal/processing/processor_test.go
+++ b/internal/processing/processor_test.go
@@ -22,6 +22,7 @@ import (
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/admin"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/cleaner"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/email"
@@ -66,7 +67,7 @@ type ProcessingStandardTestSuite struct {
testStatuses map[string]*gtsmodel.Status
testTags map[string]*gtsmodel.Tag
testMentions map[string]*gtsmodel.Mention
- testAutheds map[string]*oauth.Auth
+ testAutheds map[string]*apiutil.Auth
testBlocks map[string]*gtsmodel.Block
testActivities map[string]testrig.ActivityWithSignature
testLists map[string]*gtsmodel.List
@@ -85,7 +86,7 @@ func (suite *ProcessingStandardTestSuite) SetupSuite() {
suite.testStatuses = testrig.NewTestStatuses()
suite.testTags = testrig.NewTestTags()
suite.testMentions = testrig.NewTestMentions()
- suite.testAutheds = map[string]*oauth.Auth{
+ suite.testAutheds = map[string]*apiutil.Auth{
"local_account_1": {
Application: suite.testApplications["local_account_1"],
User: suite.testUsers["local_account_1"],
diff --git a/internal/processing/stream/authorize.go b/internal/processing/stream/authorize.go
index 0baea29f1..cedd21e0b 100644
--- a/internal/processing/stream/authorize.go
+++ b/internal/processing/stream/authorize.go
@@ -19,8 +19,12 @@ package stream
import (
"context"
+ "errors"
"fmt"
+ "slices"
+ "strings"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@@ -58,5 +62,22 @@ func (p *Processor) Authorize(ctx context.Context, accessToken string) (*gtsmode
return nil, gtserror.NewErrorInternalError(err)
}
+ // Ensure read scope.
+ //
+ // TODO: make this more granular
+ // depending on stream type.
+ hasScopes := strings.Split(ti.GetScope(), " ")
+ scopeOK := slices.ContainsFunc(
+ hasScopes,
+ func(hasScope string) bool {
+ return apiutil.Scope(hasScope).Permits(apiutil.ScopeRead)
+ },
+ )
+
+ if !scopeOK {
+ const errText = "token has insufficient scope permission"
+ return nil, gtserror.NewErrorForbidden(errors.New(errText), errText)
+ }
+
return acct, nil
}
diff --git a/internal/processing/timeline/faved.go b/internal/processing/timeline/faved.go
index bb7f03fff..6e915f4ef 100644
--- a/internal/processing/timeline/faved.go
+++ b/internal/processing/timeline/faved.go
@@ -23,15 +23,15 @@ import (
"fmt"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/log"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
-func (p *Processor) FavedTimelineGet(ctx context.Context, authed *oauth.Auth, maxID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) FavedTimelineGet(ctx context.Context, authed *apiutil.Auth, maxID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
statuses, nextMaxID, prevMinID, err := p.state.DB.GetFavedTimeline(ctx, authed.Account.ID, maxID, minID, limit)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
err = fmt.Errorf("FavedTimelineGet: db error getting statuses: %w", err)
diff --git a/internal/processing/timeline/home.go b/internal/processing/timeline/home.go
index 215000933..38cf38405 100644
--- a/internal/processing/timeline/home.go
+++ b/internal/processing/timeline/home.go
@@ -22,6 +22,7 @@ import (
"errors"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -29,7 +30,6 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/superseriousbusiness/gotosocial/internal/timeline"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -118,7 +118,7 @@ func HomeTimelineStatusPrepare(state *state.State, converter *typeutils.Converte
}
}
-func (p *Processor) HomeTimelineGet(ctx context.Context, authed *oauth.Auth, maxID string, sinceID string, minID string, limit int, local bool) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) HomeTimelineGet(ctx context.Context, authed *apiutil.Auth, maxID string, sinceID string, minID string, limit int, local bool) (*apimodel.PageableResponse, gtserror.WithCode) {
statuses, err := p.state.Timelines.Home.GetTimeline(ctx, authed.Account.ID, maxID, sinceID, minID, limit, local)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
err = gtserror.Newf("error getting statuses: %w", err)
diff --git a/internal/processing/timeline/home_test.go b/internal/processing/timeline/home_test.go
index c73c209a3..ea56418f6 100644
--- a/internal/processing/timeline/home_test.go
+++ b/internal/processing/timeline/home_test.go
@@ -23,10 +23,10 @@ import (
"github.com/stretchr/testify/suite"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/id"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
tlprocessor "github.com/superseriousbusiness/gotosocial/internal/processing/timeline"
"github.com/superseriousbusiness/gotosocial/internal/timeline"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -64,7 +64,7 @@ func (suite *HomeTestSuite) TestHomeTimelineGetHideFiltered() {
var (
ctx = context.Background()
requester = suite.testAccounts["local_account_1"]
- authed = &oauth.Auth{Account: requester}
+ authed = &apiutil.Auth{Account: requester}
maxID = ""
sinceID = ""
minID = "01F8MHAAY43M6RJ473VQFCVH36" // 1 before filteredStatus
diff --git a/internal/processing/timeline/list.go b/internal/processing/timeline/list.go
index a7f5e9d71..147f87ab4 100644
--- a/internal/processing/timeline/list.go
+++ b/internal/processing/timeline/list.go
@@ -22,6 +22,7 @@ import (
"errors"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -29,7 +30,6 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/superseriousbusiness/gotosocial/internal/timeline"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -130,7 +130,7 @@ func ListTimelineStatusPrepare(state *state.State, converter *typeutils.Converte
}
}
-func (p *Processor) ListTimelineGet(ctx context.Context, authed *oauth.Auth, listID string, maxID string, sinceID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) ListTimelineGet(ctx context.Context, authed *apiutil.Auth, listID string, maxID string, sinceID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
// Ensure list exists + is owned by this account.
list, err := p.state.DB.GetListByID(ctx, listID)
if err != nil {
diff --git a/internal/processing/timeline/notification.go b/internal/processing/timeline/notification.go
index 09636e7eb..04a898198 100644
--- a/internal/processing/timeline/notification.go
+++ b/internal/processing/timeline/notification.go
@@ -24,6 +24,7 @@ import (
"net/url"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/filter/status"
"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -31,14 +32,13 @@ import (
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/paging"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
func (p *Processor) NotificationsGet(
ctx context.Context,
- authed *oauth.Auth,
+ authed *apiutil.Auth,
page *paging.Page,
types []gtsmodel.NotificationType,
excludeTypes []gtsmodel.NotificationType,
@@ -164,7 +164,7 @@ func (p *Processor) NotificationGet(ctx context.Context, account *gtsmodel.Accou
return apiNotif, nil
}
-func (p *Processor) NotificationsClear(ctx context.Context, authed *oauth.Auth) gtserror.WithCode {
+func (p *Processor) NotificationsClear(ctx context.Context, authed *apiutil.Auth) gtserror.WithCode {
// Delete all notifications of all types that target the authorized account.
if err := p.state.DB.DeleteNotifications(ctx, nil, authed.Account.ID, ""); err != nil && !errors.Is(err, db.ErrNoEntries) {
return gtserror.NewErrorInternalError(err)
diff --git a/internal/processing/workers/workers_test.go b/internal/processing/workers/workers_test.go
index ffd40d8fb..b7ec54c1e 100644
--- a/internal/processing/workers/workers_test.go
+++ b/internal/processing/workers/workers_test.go
@@ -21,8 +21,8 @@ import (
"context"
"github.com/stretchr/testify/suite"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/processing"
"github.com/superseriousbusiness/gotosocial/internal/stream"
"github.com/superseriousbusiness/gotosocial/testrig"
@@ -48,7 +48,7 @@ type WorkersTestSuite struct {
testStatuses map[string]*gtsmodel.Status
testTags map[string]*gtsmodel.Tag
testMentions map[string]*gtsmodel.Mention
- testAutheds map[string]*oauth.Auth
+ testAutheds map[string]*apiutil.Auth
testBlocks map[string]*gtsmodel.Block
testActivities map[string]testrig.ActivityWithSignature
testLists map[string]*gtsmodel.List
@@ -66,7 +66,7 @@ func (suite *WorkersTestSuite) SetupSuite() {
suite.testStatuses = testrig.NewTestStatuses()
suite.testTags = testrig.NewTestTags()
suite.testMentions = testrig.NewTestMentions()
- suite.testAutheds = map[string]*oauth.Auth{
+ suite.testAutheds = map[string]*apiutil.Auth{
"local_account_1": {
Application: suite.testApplications["local_account_1"],
User: suite.testUsers["local_account_1"],
diff --git a/testrig/testmodels.go b/testrig/testmodels.go
index 806e64891..15b28b8c9 100644
--- a/testrig/testmodels.go
+++ b/testrig/testmodels.go
@@ -51,11 +51,21 @@ func NewTestTokens() map[string]*gtsmodel.Token {
ClientID: "01F8MGV8AC3NGSJW0FE8W1BV70",
UserID: "01F8MGVGPHQ2D3P3X0454H54Z5",
RedirectURI: "http://localhost:8080",
- Scope: "read write follow push",
+ Scope: "read write push",
Access: "NZAZOTC0OWITMDU0NC0ZODG4LWE4NJITMWUXM2M4MTRHZDEX",
AccessCreateAt: TimeMustParse("2022-06-10T15:22:08Z"),
AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
},
+ "local_account_1_push_only": {
+ ID: "01JN0X2D9GJTZQ5KYPYFWN16QW",
+ ClientID: "01F8MGV8AC3NGSJW0FE8W1BV70",
+ UserID: "01F8MGVGPHQ2D3P3X0454H54Z5",
+ RedirectURI: "http://localhost:8080",
+ Scope: "push",
+ Access: "01JN0X49RYKMP6G9X0HJAP317101JN0X49RYKMP6G9X0HJAP",
+ AccessCreateAt: TimeMustParse("2022-06-10T15:22:08Z"),
+ AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
+ },
"local_account_1_client_application_token": {
ID: "01P9SVWS9J3SPHZQ3KCMBEN70N",
ClientID: "01F8MGV8AC3NGSJW0FE8W1BV70",
@@ -78,7 +88,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
ClientID: "01F8MGW47HN8ZXNHNZ7E47CDMQ",
UserID: "01F8MH1VYJAE00TVVGMM5JNJ8X",
RedirectURI: "http://localhost:8080",
- Scope: "read write follow push",
+ Scope: "read write push",
Access: "PIPINALKNNNFNF98717NAMNAMNFKIJKJ881818KJKJAKJJJA",
AccessCreateAt: TimeMustParse("2022-06-10T15:22:08Z"),
AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
@@ -88,7 +98,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
ClientID: "01F8MGWSJCND9BWBD4WGJXBM93",
UserID: "01F8MGWYWKVKS3VS8DV1AMYPGE",
RedirectURI: "http://localhost:8080",
- Scope: "read write follow push admin",
+ Scope: "read write push admin",
Access: "AININALKNENFNF98717NAMG4LWE4NJITMWUXM2M4MTRHZDEX",
AccessCreateAt: TimeMustParse("2022-06-10T15:22:08Z"),
AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
diff --git a/web/source/settings/components/authorization/index.tsx b/web/source/settings/components/authorization/index.tsx
index e8f4d6673..7c6373399 100644
--- a/web/source/settings/components/authorization/index.tsx
+++ b/web/source/settings/components/authorization/index.tsx
@@ -58,13 +58,9 @@ export function Authorization({ App }) {
);
} else if (error !== undefined) {
- if ("status" in error && error.status === 401) {
- // 401 unauthorized was received.
- // That means the token or app we
- // were using is no longer valid,
- // so just log the user out.
- logoutQuery(NoArg);
- }
+ // Something went wrong,
+ // log the user out.
+ logoutQuery(NoArg);
content = (
diff --git a/web/source/settings/components/authorization/login.tsx b/web/source/settings/components/authorization/login.tsx
index 870e9c343..28ed7953c 100644
--- a/web/source/settings/components/authorization/login.tsx
+++ b/web/source/settings/components/authorization/login.tsx
@@ -31,7 +31,7 @@ export default function Login({ }) {
instance: useTextInput("instance", {
defaultValue: window.location.origin
}),
- scopes: useValue("scopes", "user admin"),
+ scopes: useValue("scopes", "read write admin"),
};
const [formSubmit, result] = useFormSubmit(form, useAuthorizeFlowMutation(), {