mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-26 01:36:14 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

enforce scopes

Browse source
This commit is contained in:
tobi 2025-02-25 14:21:44 +01:00
commit 21d9edac54
191 changed files with 1473 additions and 648 deletions
Download patch file Download diff file Expand all files Collapse all files

15
internal/api/client/reports/reportcreate.go
View file

@ -65,9 +65,12 @@ import (
// '500':
// description: internal server error
func (m *Module) ReportPOSTHandler(c *gin.Context) {
authed, err := apiutil.TokenAuth(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
authed, errWithCode := apiutil.TokenAuth(c,
true, true, true, true,
apiutil.ScopeWriteReports,
)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
@ -88,19 +91,19 @@ func (m *Module) ReportPOSTHandler(c *gin.Context) {
}
if form.AccountID == "" {
err = errors.New("account_id must be set")
err := errors.New("account_id must be set")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
if !regexes.ULID.MatchString(form.AccountID) {
err = errors.New("account_id was not valid")
err := errors.New("account_id was not valid")
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}
if length := len([]rune(form.Comment)); length > 1000 {
err = fmt.Errorf("comment length must be no more than 1000 chars, provided comment was %d chars", length)
err := fmt.Errorf("comment length must be no more than 1000 chars, provided comment was %d chars", length)
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
return
}