summaryrefslogtreecommitdiff
path: root/internal/api/client/push
diff options
context:
space:
mode:
authorLibravatar tobi <31960611+tsmethurst@users.noreply.github.com>2025-02-26 13:04:55 +0100
committerLibravatar GitHub <noreply@github.com>2025-02-26 13:04:55 +0100
commiteb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree36e0e08699e55a56d247353d082cc0a2b8144999 /internal/api/client/push
parent[chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
downloadgotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz
[feature] Enforce OAuth token scopes (#3835)
* move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error
Diffstat (limited to 'internal/api/client/push')
-rw-r--r--internal/api/client/push/pushsubscriptiondelete.go11
-rw-r--r--internal/api/client/push/pushsubscriptiondelete_test.go2
-rw-r--r--internal/api/client/push/pushsubscriptionget.go11
-rw-r--r--internal/api/client/push/pushsubscriptionget_test.go2
-rw-r--r--internal/api/client/push/pushsubscriptionpost.go10
-rw-r--r--internal/api/client/push/pushsubscriptionpost_test.go12
-rw-r--r--internal/api/client/push/pushsubscriptionput.go10
-rw-r--r--internal/api/client/push/pushsubscriptionput_test.go2
8 files changed, 33 insertions, 27 deletions
diff --git a/internal/api/client/push/pushsubscriptiondelete.go b/internal/api/client/push/pushsubscriptiondelete.go
index 2a5fd8e69..c82222248 100644
--- a/internal/api/client/push/pushsubscriptiondelete.go
+++ b/internal/api/client/push/pushsubscriptiondelete.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionDELETEHandler swagger:operation DELETE /api/v1/push/subscription pushSubscriptionDelete
@@ -49,9 +47,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionDELETEHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptiondelete_test.go b/internal/api/client/push/pushsubscriptiondelete_test.go
index 3e81ce2a1..2548f2fb7 100644
--- a/internal/api/client/push/pushsubscriptiondelete_test.go
+++ b/internal/api/client/push/pushsubscriptiondelete_test.go
@@ -76,7 +76,7 @@ func (suite *PushTestSuite) TestDeleteSubscription() {
func (suite *PushTestSuite) TestDeleteMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
err := suite.deleteSubscription(accountFixtureName, tokenFixtureName, 200)
suite.NoError(err)
diff --git a/internal/api/client/push/pushsubscriptionget.go b/internal/api/client/push/pushsubscriptionget.go
index 10774b862..d48e43108 100644
--- a/internal/api/client/push/pushsubscriptionget.go
+++ b/internal/api/client/push/pushsubscriptionget.go
@@ -22,8 +22,6 @@ import (
"github.com/gin-gonic/gin"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
- "github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionGETHandler swagger:operation GET /api/v1/push/subscription pushSubscriptionGet
@@ -55,9 +53,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionGETHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionget_test.go b/internal/api/client/push/pushsubscriptionget_test.go
index 23fb9e7f2..80f387195 100644
--- a/internal/api/client/push/pushsubscriptionget_test.go
+++ b/internal/api/client/push/pushsubscriptionget_test.go
@@ -95,7 +95,7 @@ func (suite *PushTestSuite) TestGetSubscription() {
func (suite *PushTestSuite) TestGetMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
_, err := suite.getSubscription(accountFixtureName, tokenFixtureName, 404)
suite.NoError(err)
diff --git a/internal/api/client/push/pushsubscriptionpost.go b/internal/api/client/push/pushsubscriptionpost.go
index cc1be185f..9893d7fe1 100644
--- a/internal/api/client/push/pushsubscriptionpost.go
+++ b/internal/api/client/push/pushsubscriptionpost.go
@@ -29,7 +29,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// PushSubscriptionPOSTHandler swagger:operation POST /api/v1/push/subscription pushSubscriptionPost
@@ -181,9 +180,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionPOSTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionpost_test.go b/internal/api/client/push/pushsubscriptionpost_test.go
index e7e8582df..251dde1f9 100644
--- a/internal/api/client/push/pushsubscriptionpost_test.go
+++ b/internal/api/client/push/pushsubscriptionpost_test.go
@@ -116,7 +116,7 @@ func (suite *PushTestSuite) postSubscription(
func (suite *PushTestSuite) TestPostSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
endpoint := "https://example.test/push"
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -152,7 +152,7 @@ func (suite *PushTestSuite) TestPostSubscription() {
func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
endpoint := "https://example.test/push"
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -186,7 +186,7 @@ func (suite *PushTestSuite) TestPostSubscriptionMinimal() {
func (suite *PushTestSuite) TestPostInvalidSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
// No endpoint.
auth := "cgna/fzrYLDQyPf5hD7IsA=="
@@ -212,7 +212,7 @@ func (suite *PushTestSuite) TestPostInvalidSubscription() {
func (suite *PushTestSuite) TestPostSubscriptionJSON() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
requestJson := `{
"subscription": {
@@ -258,7 +258,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSON() {
func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
requestJson := `{
"subscription": {
@@ -298,7 +298,7 @@ func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() {
func (suite *PushTestSuite) TestPostInvalidSubscriptionJSON() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
// No endpoint.
requestJson := `{
diff --git a/internal/api/client/push/pushsubscriptionput.go b/internal/api/client/push/pushsubscriptionput.go
index 4d1c5765e..53e6a72e9 100644
--- a/internal/api/client/push/pushsubscriptionput.go
+++ b/internal/api/client/push/pushsubscriptionput.go
@@ -24,7 +24,6 @@ import (
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
- "github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
@@ -157,9 +156,12 @@ import (
// '500':
// description: internal server error
func (m *Module) PushSubscriptionPUTHandler(c *gin.Context) {
- authed, err := oauth.Authed(c, true, true, true, true)
- if err != nil {
- apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ authed, errWithCode := apiutil.TokenAuth(c,
+ true, true, true, true,
+ apiutil.ScopePush,
+ )
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
diff --git a/internal/api/client/push/pushsubscriptionput_test.go b/internal/api/client/push/pushsubscriptionput_test.go
index d9f0e395e..8b86add9e 100644
--- a/internal/api/client/push/pushsubscriptionput_test.go
+++ b/internal/api/client/push/pushsubscriptionput_test.go
@@ -170,7 +170,7 @@ func (suite *PushTestSuite) TestPutSubscriptionJSON() {
func (suite *PushTestSuite) TestPutMissingSubscription() {
accountFixtureName := "local_account_1"
// This token should not have a subscription.
- tokenFixtureName := "local_account_1_user_authorization_token"
+ tokenFixtureName := "local_account_1_push_only"
alertsMention := true
alertsStatus := false
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-02 08:08:39 +0000