[feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2025-02-26 13:04:55 +0100
committer: GitHub <noreply@github.com> 2025-02-26 13:04:55 +0100
commit: eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree: 36e0e08699e55a56d247353d082cc0a2b8144999 /internal/api/client/timelines
parent: [chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download: gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz
4 files changed, 31 insertions, 20 deletions
diff --git a/internal/api/client/timelines/home.go b/internal/api/client/timelines/home.go
index 55928dd3a..8e957d498 100644
--- a/internal/api/client/timelines/home.go
+++ b/internal/api/client/timelines/home.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // HomeTimelineGETHandler swagger:operation GET /api/v1/timelines/home homeTimeline
@@ -107,9 +106,12 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) HomeTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadStatuses,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/timelines/list.go b/internal/api/client/timelines/list.go
index 25695bf0e..b02489d6c 100644
--- a/internal/api/client/timelines/list.go
+++ b/internal/api/client/timelines/list.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListTimelineGETHandler swagger:operation GET /api/v1/timelines/list/{id} listTimeline
@@ -106,9 +105,12 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) ListTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadLists,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/timelines/public.go b/internal/api/client/timelines/public.go
index 49530216f..d6df36f09 100644
--- a/internal/api/client/timelines/public.go
+++ b/internal/api/client/timelines/public.go
@@ -24,7 +24,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PublicTimelineGETHandler swagger:operation GET /api/v1/timelines/public publicTimeline
@@ -108,19 +107,25 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) PublicTimelineGETHandler(c *gin.Context) {
-	var authed *oauth.Auth
-	var err error
-
+	var (
+		authed      *apiutil.Auth
+		errWithCode gtserror.WithCode
+	)
 	if config.GetInstanceExposePublicTimeline() {
 		// If the public timeline is allowed to be exposed, still check if we
 		// can extract various authentication properties, but don't require them.
-		authed, err = oauth.Authed(c, false, false, false, false)
+		authed, errWithCode = apiutil.TokenAuth(c,
+			false, false, false, false,
+		)
 	} else {
-		authed, err = oauth.Authed(c, true, true, true, true)
+		authed, errWithCode = apiutil.TokenAuth(c,
+			true, true, true, true,
+			apiutil.ScopeReadStatuses,
+		)
 	}
 
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
diff --git a/internal/api/client/timelines/tag.go b/internal/api/client/timelines/tag.go
index 258184355..8c3a86f81 100644
--- a/internal/api/client/timelines/tag.go
+++ b/internal/api/client/timelines/tag.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // TagTimelineGETHandler swagger:operation GET /api/v1/timelines/tag/{tag_name} tagTimeline
@@ -108,9 +107,12 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) TagTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeReadStatuses,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2025-02-26 13:04:55 +0100
committer	GitHub <noreply@github.com>	2025-02-26 13:04:55 +0100
commit	eb720241da3d786c6ec79f2325277fa4af23846f (patch)
tree	36e0e08699e55a56d247353d082cc0a2b8144999 /internal/api/client/timelines
parent	[chore]: Bump golang.org/x/crypto from 0.33.0 to 0.34.0 (#3824) (diff)
download	gotosocial-eb720241da3d786c6ec79f2325277fa4af23846f.tar.xz