From eb720241da3d786c6ec79f2325277fa4af23846f Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Wed, 26 Feb 2025 13:04:55 +0100 Subject: [feature] Enforce OAuth token scopes (#3835) * move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error --- internal/api/client/admin/domainpermission.go | 70 ++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 13 deletions(-) (limited to 'internal/api/client/admin/domainpermission.go') diff --git a/internal/api/client/admin/domainpermission.go b/internal/api/client/admin/domainpermission.go index 5138be898..c64c90eb2 100644 --- a/internal/api/client/admin/domainpermission.go +++ b/internal/api/client/admin/domainpermission.go @@ -29,7 +29,6 @@ import ( apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) type singleDomainPermCreate func( @@ -63,9 +62,20 @@ func (m *Module) createDomainPermissions( single singleDomainPermCreate, multi multiDomainPermCreate, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminWriteDomainBlocks + } else { + requireScope = apiutil.ScopeAdminWriteDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -98,6 +108,7 @@ func (m *Module) createDomainPermissions( return } + var err error if importing && form.Domains.Size == 0 { err = errors.New("import was specified but list of domains is empty") } else if !importing && form.Domain == "" { @@ -171,9 +182,20 @@ func (m *Module) deleteDomainPermission( c *gin.Context, permType gtsmodel.DomainPermissionType, // block/allow ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminWriteDomainBlocks + } else { + requireScope = apiutil.ScopeAdminWriteDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -218,9 +240,20 @@ func (m *Module) getDomainPermission( c *gin.Context, permType gtsmodel.DomainPermissionType, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminReadDomainBlocks + } else { + requireScope = apiutil.ScopeAdminReadDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -266,9 +299,20 @@ func (m *Module) getDomainPermissions( c *gin.Context, permType gtsmodel.DomainPermissionType, ) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + // Scope differs based on permType. + var requireScope apiutil.Scope + if permType == gtsmodel.DomainPermissionBlock { + requireScope = apiutil.ScopeAdminReadDomainBlocks + } else { + requireScope = apiutil.ScopeAdminReadDomainAllows + } + + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + requireScope, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } -- cgit v1.2.3