enforce scopes

2025-12-24 11:36:21 -06:00 · 2025-02-25 14:21:44 +01:00 · 2025-02-25 14:21:44 +01:00 · 21d9edac54
commit 21d9edac54
parent e3857b90bb
191 changed files with 1473 additions and 648 deletions
--- a/internal/api/client/timelines/public.go
+++ b/internal/api/client/timelines/public.go
@ -107,19 +107,25 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) PublicTimelineGETHandler(c *gin.Context) {
-	var authed *apiutil.Auth
-	var err error
-
+	var (
+		authed      *apiutil.Auth
+		errWithCode gtserror.WithCode
+	)
 	if config.GetInstanceExposePublicTimeline() {
 		// If the public timeline is allowed to be exposed, still check if we
 		// can extract various authentication properties, but don't require them.
-		authed, err = apiutil.TokenAuth(c, false, false, false, false)
+		authed, errWithCode = apiutil.TokenAuth(c,
+			false, false, false, false,
+		)
 	} else {
-		authed, err = apiutil.TokenAuth(c, true, true, true, true)
+		authed, errWithCode = apiutil.TokenAuth(c,
+			true, true, true, true,
+			apiutil.ScopeReadStatuses,
+		)
 	}

-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}