From eb720241da3d786c6ec79f2325277fa4af23846f Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Wed, 26 Feb 2025 13:04:55 +0100
Subject: [feature] Enforce OAuth token scopes (#3835)

* move tokenauth to apiutil

* enforce scopes

* docs

* update test models, remove deprecated "follow"

* file header

* tests

* tweak scope matcher

* simplify...

* fix tests

* log user out of settings panel in case of oauth error
---
 internal/api/client/admin/emojisget.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'internal/api/client/admin/emojisget.go')

diff --git a/internal/api/client/admin/emojisget.go b/internal/api/client/admin/emojisget.go
index d50b553ac..c1d05af07 100644
--- a/internal/api/client/admin/emojisget.go
+++ b/internal/api/client/admin/emojisget.go
@@ -27,7 +27,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmojisGETHandler swagger:operation GET /api/v1/admin/custom_emojis emojisGet
@@ -99,6 +98,10 @@ import (
 //			Emoji with the given `[shortcode]@[domain]` will not be included in the result set.
 //		in: query
 //
+//	security:
+//	- OAuth2 Bearer:
+//		- admin:read
+//
 //	responses:
 //		'200':
 //			headers:
@@ -123,9 +126,12 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojisGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	authed, errWithCode := apiutil.TokenAuth(c,
+		true, true, true, true,
+		apiutil.ScopeAdminRead,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
 
-- 
cgit v1.2.3