t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

add: grant scopes for all community endpoints

Browse source
This commit is contained in:
trisua 2025-06-13 12:49:09 -04:00
parent ca8f510a3a
commit c3139ef1d2
10 changed files with 342 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

115
crates/core/src/model/oauth.rs
View file

@ -46,20 +46,68 @@ pub enum AppScope {
UserReadPosts,
/// Read messages as the user.
UserReadMessages,
/// Read drafts as the user.
UserReadDrafts,
/// Read the user's communities.
UserReadCommunities,
/// Connect to sockets on the user's behalf.
UserReadSockets,
/// Create posts as the user.
UserCreatePosts,
/// Create messages as the user.
UserCreateMessages,
/// Ask questions as the user.
UserCreateQuestions,
/// Create IP blocks as the user.
UserCreateIpBlock,
/// Create drafts on behalf of the user.
UserCreateDrafts,
/// Create communities on behalf of the user.
UserCreateCommunities,
/// Delete posts owned by the user.
UserDeletePosts,
/// Delete messages owned by the user.
UserDeleteMessages,
/// Delete questions as the user.
UserDeleteQuestions,
/// Delete drafts as the user.
UserDeleteDrafts,
/// Edit the user's settings and upload avatars/banners on behalf of the user.
UserManageProfile,
/// Manage stacks owned by the user.
UserManageStacks,
/// Manage the user's following/unfollowing.
UserManageRelationships,
/// Manage the user's settings.
UserManageSettings,
/// Manage the user's community memberships.
///
/// Also includes managing the membership of users in the user's communities.
UserManageMemberships,
/// Edit posts created by the user.
UserEditPosts,
/// Edit drafts created by the user.
UserEditDrafts,
/// Vote in polls as the user.
UserVote,
/// Join communities on behalf of the user.
UserJoinCommunities,
/// Permanently delete posts.
ModPurgePosts,
/// Restore deleted posts.
ModDeletePosts,
/// Get a list of all emojis available to the user.
UserReadEmojis,
/// Create emojis on behalf of the user.
CommunityCreateEmojis,
/// Manage emojis on behalf of the user.
CommunityManageEmojis,
/// Delete communities on behalf of the user.
CommunityDelete,
/// Manage communities on behalf of the user.
CommunityManage,
/// Transfer ownership of communities on behalf of the user.
CommunityTransferOwnership,
/// Read the membership of users in communities owned by the current user.
CommunityReadMemberships,
}
impl AppScope {
@ -73,13 +121,36 @@ impl AppScope {
"user-read-sessions" => Self::UserReadSessions,
"user-read-posts" => Self::UserReadPosts,
"user-read-messages" => Self::UserReadMessages,
"user-read-drafts" => Self::UserReadDrafts,
"user-read-communities" => Self::UserReadCommunities,
"user-read-sockets" => Self::UserReadSockets,
"user-create-posts" => Self::UserCreatePosts,
"user-create-messages" => Self::UserCreateMessages,
"user-create-questions" => Self::UserCreateQuestions,
"user-create-ip-blocks" => Self::UserCreateIpBlock,
"user-create-drafts" => Self::UserCreateDrafts,
"user-create-communities" => Self::UserCreateCommunities,
"user-delete-posts" => Self::UserDeletePosts,
"user-delete-messages" => Self::UserDeleteMessages,
"user-delete-questions" => Self::UserDeleteQuestions,
"user-delete-drafts" => Self::UserDeleteDrafts,
"user-manage-profile" => Self::UserManageProfile,
"user-manage-stacks" => Self::UserManageStacks,
"user-manage-relationships" => Self::UserManageRelationships,
"user-manage-settings" => Self::UserManageSettings,
"user-manage-memberships" => Self::UserManageMemberships,
"user-edit-posts" => Self::UserEditPosts,
"user-edit-drafts" => Self::UserEditDrafts,
"user-vote" => Self::UserVote,
"user-join-communities" => Self::UserJoinCommunities,
"mod-purge-posts" => Self::ModPurgePosts,
"mod-delete-posts" => Self::ModDeletePosts,
"user-read-emojis" => Self::UserReadEmojis,
"community-create-emojis" => Self::CommunityCreateEmojis,
"community-manage-emojis" => Self::CommunityManageEmojis,
"community-delete" => Self::CommunityDelete,
"community-manage" => Self::CommunityManage,
"community-transfer-ownership" => Self::CommunityTransferOwnership,
"community-read-memberships" => Self::CommunityReadMemberships,
_ => continue,
})
}
@ -87,23 +158,25 @@ impl AppScope {
}
}
/// Check a verifier against the stored challenge (using the given [`PkceChallengeMethod`]).
pub fn check_verifier(verifier: &str, challenge: &str, method: PkceChallengeMethod) -> Result<()> {
if method != PkceChallengeMethod::S256 {
return Err(Error::MiscError("only S256 is supported".to_string()));
impl AuthGrant {
/// Check a verifier against the stored challenge (using the given [`PkceChallengeMethod`]).
pub fn check_verifier(&self, verifier: &str) -> Result<()> {
if self.method != PkceChallengeMethod::S256 {
return Err(Error::MiscError("only S256 is supported".to_string()));
}
let decoded = match base64url.decode(self.challenge.as_bytes()) {
Ok(hash) => hash,
Err(e) => return Err(Error::MiscError(e.to_string())),
};
let hash = hash(verifier.to_string());
if hash.as_bytes() != decoded {
// the verifier we received does not match the verifier from the stored challenge
return Err(Error::NotAllowed);
}
Ok(())
}
let decoded = match base64url.decode(challenge.as_bytes()) {
Ok(hash) => hash,
Err(e) => return Err(Error::MiscError(e.to_string())),
};
let hash = hash(verifier.to_string());
if hash.as_bytes() != decoded {
// the verifier we received does not match the verifier from the stored challenge
return Err(Error::NotAllowed);
}
Ok(())
}