t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

add: grant scopes for all community endpoints

Browse source
This commit is contained in:
trisua 2025-06-13 12:49:09 -04:00
parent ca8f510a3a
commit c3139ef1d2
10 changed files with 342 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

34
crates/app/src/routes/api/v1/auth/profile.rs
View file

@ -22,6 +22,7 @@ use tetratto_core::{
cache::Cache,
model::{
auth::{Token, UserSettings},
oauth,
permissions::FinePermission,
socket::{PacketType, SocketMessage, SocketMethod},
},
@ -72,7 +73,7 @@ pub async fn redirect_from_ip(
pub async fn me_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadProfile) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -92,7 +93,7 @@ pub async fn update_user_settings_request(
Json(mut req): Json<UserSettings>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageProfile) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -145,7 +146,7 @@ pub async fn append_associations_request(
Json(req): Json<AppendAssociations>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let mut user = match get_user_from_token!(jar, data) {
let mut user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageProfile) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -188,6 +189,8 @@ pub async fn append_associations_request(
}
/// Update the password of the given user.
///
/// Does not support third-party grants.
pub async fn update_user_password_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -218,6 +221,9 @@ pub async fn update_user_password_request(
}
}
/// Update a user's username.
///
/// Does not support third-party grants.
pub async fn update_user_username_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -249,6 +255,8 @@ pub async fn update_user_username_request(
}
/// Update the tokens of the given user.
///
/// Does not support third-party grants.
pub async fn update_user_tokens_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -276,6 +284,8 @@ pub async fn update_user_tokens_request(
}
/// Update the verification status of the given user.
///
/// Does not support third-party grants.
pub async fn update_user_is_verified_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -302,6 +312,8 @@ pub async fn update_user_is_verified_request(
}
/// Update the role of the given user.
///
/// Does not support third-party grants.
pub async fn update_user_role_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -327,7 +339,7 @@ pub async fn update_user_role_request(
/// Update the current user's last seen value.
pub async fn seen_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageProfile) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -343,6 +355,8 @@ pub async fn seen_request(jar: CookieJar, Extension(data): Extension<State>) ->
}
/// Delete the given user.
///
/// Does not support third-party grants.
pub async fn delete_user_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -373,6 +387,8 @@ pub async fn delete_user_request(
}
/// Enable TOTP for a user.
///
/// Does not support third-party grants.
pub async fn enable_totp_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -395,6 +411,8 @@ pub async fn enable_totp_request(
}
/// Disable TOTP for a user.
///
/// Does not support third-party grants.
pub async fn disable_totp_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -433,6 +451,8 @@ pub async fn disable_totp_request(
}
/// Refresh TOTP recovery codes for a user.
///
/// Does not support third-party grants.
pub async fn refresh_totp_codes_request(
jar: CookieJar,
Path(id): Path<usize>,
@ -498,7 +518,7 @@ pub async fn subscription_handler(
Path((user_id, id)): Path<(String, String)>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadSockets) {
Some(ua) => ua,
None => return Err("Socket refused"),
};
@ -624,7 +644,7 @@ pub async fn post_to_socket_request(
Json(msg): Json<SocketMessage>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadSockets) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};
@ -654,7 +674,7 @@ pub async fn get_user_gpa_request(
Extension(data): Extension<State>,
) -> impl IntoResponse {
let data = &(data.read().await).0;
let user = match get_user_from_token!(jar, data) {
let user = match get_user_from_token!(jar, data, oauth::AppScope::UserReadProfile) {
Some(ua) => ua,
None => return Json(Error::NotAllowed.into()),
};