From eb720241da3d786c6ec79f2325277fa4af23846f Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Wed, 26 Feb 2025 13:04:55 +0100 Subject: [feature] Enforce OAuth token scopes (#3835) * move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error --- internal/api/client/statuses/statusbookmark.go | 12 +++++++----- internal/api/client/statuses/statusboost.go | 10 ++++++---- internal/api/client/statuses/statusboostedby.go | 10 ++++++---- internal/api/client/statuses/statuscontext.go | 10 ++++++---- internal/api/client/statuses/statuscreate.go | 10 ++++++---- internal/api/client/statuses/statusdelete.go | 10 ++++++---- internal/api/client/statuses/statusedit.go | 10 ++++++---- internal/api/client/statuses/statusfave.go | 10 ++++++---- internal/api/client/statuses/statusfavedby.go | 10 ++++++---- internal/api/client/statuses/statusget.go | 10 ++++++---- internal/api/client/statuses/statushistory.go | 10 ++++++---- internal/api/client/statuses/statusmute.go | 10 ++++++---- internal/api/client/statuses/statuspin.go | 10 ++++++---- internal/api/client/statuses/statussource.go | 10 ++++++---- internal/api/client/statuses/statusunbookmark.go | 12 +++++++----- internal/api/client/statuses/statusunboost.go | 10 ++++++---- internal/api/client/statuses/statusunfave.go | 12 +++++++----- internal/api/client/statuses/statusunmute.go | 10 ++++++---- internal/api/client/statuses/statusunpin.go | 10 ++++++---- 19 files changed, 117 insertions(+), 79 deletions(-) (limited to 'internal/api/client/statuses') diff --git a/internal/api/client/statuses/statusbookmark.go b/internal/api/client/statuses/statusbookmark.go index 9dbc0f56e..059ed7e57 100644 --- a/internal/api/client/statuses/statusbookmark.go +++ b/internal/api/client/statuses/statusbookmark.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusBookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/bookmark statusBookmark @@ -48,7 +47,7 @@ import ( // // security: // - OAuth2 Bearer: -// - write:statuses +// - write:bookmarks // // responses: // '200': @@ -69,9 +68,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusBookmarkPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteBookmarks, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusboost.go b/internal/api/client/statuses/statusboost.go index 035ee8747..fb4c5e5ee 100644 --- a/internal/api/client/statuses/statusboost.go +++ b/internal/api/client/statuses/statusboost.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusBoostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/reblog statusReblog @@ -72,9 +71,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusBoostPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusboostedby.go b/internal/api/client/statuses/statusboostedby.go index 15e0e26a0..9ee82c709 100644 --- a/internal/api/client/statuses/statusboostedby.go +++ b/internal/api/client/statuses/statusboostedby.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusBoostedByGETHandler swagger:operation GET /api/v1/statuses/{id}/reblogged_by statusBoostedBy @@ -65,9 +64,12 @@ import ( // '404': // description: not found func (m *Module) StatusBoostedByGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadAccounts, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statuscontext.go b/internal/api/client/statuses/statuscontext.go index 0eea50819..cae48e938 100644 --- a/internal/api/client/statuses/statuscontext.go +++ b/internal/api/client/statuses/statuscontext.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusContextGETHandler swagger:operation GET /api/v1/statuses/{id}/context threadContext @@ -71,9 +70,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusContextGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statuscreate.go b/internal/api/client/statuses/statuscreate.go index bfb1c486d..686e29ec4 100644 --- a/internal/api/client/statuses/statuscreate.go +++ b/internal/api/client/statuses/statuscreate.go @@ -28,7 +28,6 @@ import ( apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" "github.com/superseriousbusiness/gotosocial/internal/util" ) @@ -262,9 +261,12 @@ import ( // '501': // description: scheduled_at was set, but this feature is not yet implemented func (m *Module) StatusCreatePOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusdelete.go b/internal/api/client/statuses/statusdelete.go index fa62d6893..c5ff046f7 100644 --- a/internal/api/client/statuses/statusdelete.go +++ b/internal/api/client/statuses/statusdelete.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusDELETEHandler swagger:operation DELETE /api/v1/statuses/{id} statusDelete @@ -71,9 +70,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusDELETEHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusedit.go b/internal/api/client/statuses/statusedit.go index dfd7d651e..dbd2224f7 100644 --- a/internal/api/client/statuses/statusedit.go +++ b/internal/api/client/statuses/statusedit.go @@ -27,7 +27,6 @@ import ( apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" "github.com/superseriousbusiness/gotosocial/internal/util" ) @@ -156,9 +155,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusEditPUTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusfave.go b/internal/api/client/statuses/statusfave.go index 41d45c6b8..23ff2d7a1 100644 --- a/internal/api/client/statuses/statusfave.go +++ b/internal/api/client/statuses/statusfave.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusFavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/favourite statusFave @@ -68,9 +67,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusFavePOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusfavedby.go b/internal/api/client/statuses/statusfavedby.go index 7dca760cc..a4a0611ce 100644 --- a/internal/api/client/statuses/statusfavedby.go +++ b/internal/api/client/statuses/statusfavedby.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusFavedByGETHandler swagger:operation GET /api/v1/statuses/{id}/favourited_by statusFavedBy @@ -69,9 +68,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusFavedByGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadAccounts, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusget.go b/internal/api/client/statuses/statusget.go index 8c3edac81..f8fb2cb50 100644 --- a/internal/api/client/statuses/statusget.go +++ b/internal/api/client/statuses/statusget.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusGETHandler swagger:operation GET /api/v1/statuses/{id} statusGet @@ -68,9 +67,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statushistory.go b/internal/api/client/statuses/statushistory.go index ba1af58cf..dc5932ff7 100644 --- a/internal/api/client/statuses/statushistory.go +++ b/internal/api/client/statuses/statushistory.go @@ -23,7 +23,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusHistoryGETHandler swagger:operation GET /api/v1/statuses/{id}/history statusHistoryGet @@ -70,9 +69,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusHistoryGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusmute.go b/internal/api/client/statuses/statusmute.go index 58d14a8bf..42df112a3 100644 --- a/internal/api/client/statuses/statusmute.go +++ b/internal/api/client/statuses/statusmute.go @@ -23,7 +23,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusMutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/mute statusMute @@ -72,9 +71,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusMutePOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteMutes, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statuspin.go b/internal/api/client/statuses/statuspin.go index e5879f715..0c4c681a6 100644 --- a/internal/api/client/statuses/statuspin.go +++ b/internal/api/client/statuses/statuspin.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusPinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/pin statusPin @@ -74,9 +73,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusPinPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteAccounts, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statussource.go b/internal/api/client/statuses/statussource.go index c74d99bfc..fd15e8719 100644 --- a/internal/api/client/statuses/statussource.go +++ b/internal/api/client/statuses/statussource.go @@ -23,7 +23,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusSourceGETHandler swagger:operation GET /api/v1/statuses/{id}/source statusSourceGet @@ -68,9 +67,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusSourceGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeReadStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusunbookmark.go b/internal/api/client/statuses/statusunbookmark.go index 7dbed9658..ca4e669a7 100644 --- a/internal/api/client/statuses/statusunbookmark.go +++ b/internal/api/client/statuses/statusunbookmark.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusUnbookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unbookmark statusUnbookmark @@ -48,7 +47,7 @@ import ( // // security: // - OAuth2 Bearer: -// - write:statuses +// - write:bookmarks // // responses: // '200': @@ -69,9 +68,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusUnbookmarkPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteBookmarks, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusunboost.go b/internal/api/client/statuses/statusunboost.go index ae5c2f600..c7fd00ab7 100644 --- a/internal/api/client/statuses/statusunboost.go +++ b/internal/api/client/statuses/statusunboost.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusUnboostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unreblog statusUnreblog @@ -69,9 +68,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusUnboostPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteStatuses, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusunfave.go b/internal/api/client/statuses/statusunfave.go index 6fb445143..d7dbe10ce 100644 --- a/internal/api/client/statuses/statusunfave.go +++ b/internal/api/client/statuses/statusunfave.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusUnfavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unfavourite statusUnfave @@ -48,7 +47,7 @@ import ( // // security: // - OAuth2 Bearer: -// - write:statuses +// - write:favourites // // responses: // '200': @@ -68,9 +67,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusUnfavePOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteFavourites, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusunmute.go b/internal/api/client/statuses/statusunmute.go index e657992ca..76018fd27 100644 --- a/internal/api/client/statuses/statusunmute.go +++ b/internal/api/client/statuses/statusunmute.go @@ -23,7 +23,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusUnmutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unmute statusUnmute @@ -72,9 +71,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusUnmutePOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteMutes, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/api/client/statuses/statusunpin.go b/internal/api/client/statuses/statusunpin.go index fbe85755f..32cb913e0 100644 --- a/internal/api/client/statuses/statusunpin.go +++ b/internal/api/client/statuses/statusunpin.go @@ -24,7 +24,6 @@ import ( "github.com/gin-gonic/gin" apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" "github.com/superseriousbusiness/gotosocial/internal/gtserror" - "github.com/superseriousbusiness/gotosocial/internal/oauth" ) // StatusUnpinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unpin statusUnpin @@ -69,9 +68,12 @@ import ( // '500': // description: internal server error func (m *Module) StatusUnpinPOSTHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) - if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + authed, errWithCode := apiutil.TokenAuth(c, + true, true, true, true, + apiutil.ScopeWriteAccounts, + ) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } -- cgit v1.2.3