[feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2025-02-26 13:04:55 +0100
committer: GitHub <noreply@github.com> 2025-02-26 13:04:55 +0100
commit: eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree: 36e0e08699e55a56d247353d082cc0a2b8144999 /internal/api/client/exports
parent: [chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download: gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz
6 files changed, 38 insertions, 26 deletions
diff --git a/internal/api/client/exports/blocks.go b/internal/api/client/exports/blocks.go
index c31e2b0b4..bc8c2a6b3 100644
--- a/internal/api/client/exports/blocks.go
+++ b/internal/api/client/exports/blocks.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportBlocksGETHandler swagger:operation GET /api/v1/exports/blocks.csv exportBlocks
@@ -52,9 +51,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportBlocksGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadBlocks,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/exports/followers.go b/internal/api/client/exports/followers.go
index ceef94659..ad6306de0 100644
--- a/internal/api/client/exports/followers.go
+++ b/internal/api/client/exports/followers.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportFollowersGETHandler swagger:operation GET /api/v1/exports/followers.csv exportFollowers
@@ -39,7 +38,7 @@ import (
 //
 //	security:
 //	- OAuth2 Bearer:
-//		- read:follows
+//		- read:accounts
 //
 //	responses:
 //		'200':
@@ -52,9 +51,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportFollowersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadAccounts,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/exports/following.go b/internal/api/client/exports/following.go
index e61cafc2a..b95492dfa 100644
--- a/internal/api/client/exports/following.go
+++ b/internal/api/client/exports/following.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportFollowingGETHandler swagger:operation GET /api/v1/exports/following.csv exportFollowing
@@ -52,9 +51,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportFollowingGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadFollows,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/exports/lists.go b/internal/api/client/exports/lists.go
index 2debcc701..385df5501 100644
--- a/internal/api/client/exports/lists.go
+++ b/internal/api/client/exports/lists.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportListsGETHandler swagger:operation GET /api/v1/exports/lists.csv exportLists
@@ -52,9 +51,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportListsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadLists,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/exports/mutes.go b/internal/api/client/exports/mutes.go
index ab49b7719..6b9d699c9 100644
--- a/internal/api/client/exports/mutes.go
+++ b/internal/api/client/exports/mutes.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportMutesGETHandler swagger:operation GET /api/v1/exports/mutes.csv exportMutes
@@ -52,9 +51,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportMutesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadMutes,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/exports/stats.go b/internal/api/client/exports/stats.go
index 9e3f1b600..783826bb3 100644
--- a/internal/api/client/exports/stats.go
+++ b/internal/api/client/exports/stats.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportStatsGETHandler swagger:operation GET /api/v1/exports/stats exportStats
@@ -39,7 +38,7 @@ import (
 //
 //	security:
 //	- OAuth2 Bearer:
-//		- read:account
+//		- read:accounts
 //
 //	responses:
 //		'200':
@@ -53,9 +52,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportStatsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadAccounts,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2025-02-26 13:04:55 +0100
committer	GitHub <noreply@github.com>	2025-02-26 13:04:55 +0100
commit	eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree	36e0e08699e55a56d247353d082cc0a2b8144999 /internal/api/client/exports
parent	[chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download	gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz