mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-12-24 13:46:20 -06:00
enforce scopes
This commit is contained in:
tobi
parent
e3857b90bb
commit
21d9edac54
191 changed files with 1473 additions and 648 deletions
|
|
@ -1,98 +0,0 @@
|
|||
package util
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||
"github.com/superseriousbusiness/oauth2/v4"
|
||||
)
|
||||
|
||||
// Auth wraps an authorized token, application, user, and account.
|
||||
// It is used in the functions GetAuthed and MustAuth.
|
||||
// Because the user might *not* be authed, any of the fields in this struct
|
||||
// might be nil, so make sure to check that when you're using this struct anywhere.
|
||||
type Auth struct {
|
||||
Token oauth2.TokenInfo
|
||||
Application *gtsmodel.Application
|
||||
User *gtsmodel.User
|
||||
Account *gtsmodel.Account
|
||||
}
|
||||
|
||||
// TokenAuth is a convenience function for returning an TokenAuth struct from a gin context.
|
||||
// In essence, it tries to extract a token, application, user, and account from the context,
|
||||
// and then sets them on a struct for convenience.
|
||||
//
|
||||
// If any are not present in the context, they will be set to nil on the returned TokenAuth struct.
|
||||
//
|
||||
// If *ALL* are not present, then nil and an error will be returned.
|
||||
//
|
||||
// If something goes wrong during parsing, then nil and an error will be returned (consider this not authed).
|
||||
// TokenAuth is like GetAuthed, but will fail if one of the requirements is not met.
|
||||
func TokenAuth(
|
||||
c *gin.Context,
|
||||
requireToken bool,
|
||||
requireApp bool,
|
||||
requireUser bool,
|
||||
requireAccount bool,
|
||||
) (*Auth, error) {
|
||||
ctx := c.Copy()
|
||||
a := &Auth{}
|
||||
var i interface{}
|
||||
var ok bool
|
||||
|
||||
i, ok = ctx.Get(oauth.SessionAuthorizedToken)
|
||||
if ok {
|
||||
parsed, ok := i.(oauth2.TokenInfo)
|
||||
if !ok {
|
||||
return nil, errors.New("could not parse token from session context")
|
||||
}
|
||||
a.Token = parsed
|
||||
}
|
||||
|
||||
i, ok = ctx.Get(oauth.SessionAuthorizedApplication)
|
||||
if ok {
|
||||
parsed, ok := i.(*gtsmodel.Application)
|
||||
if !ok {
|
||||
return nil, errors.New("could not parse application from session context")
|
||||
}
|
||||
a.Application = parsed
|
||||
}
|
||||
|
||||
i, ok = ctx.Get(oauth.SessionAuthorizedUser)
|
||||
if ok {
|
||||
parsed, ok := i.(*gtsmodel.User)
|
||||
if !ok {
|
||||
return nil, errors.New("could not parse user from session context")
|
||||
}
|
||||
a.User = parsed
|
||||
}
|
||||
|
||||
i, ok = ctx.Get(oauth.SessionAuthorizedAccount)
|
||||
if ok {
|
||||
parsed, ok := i.(*gtsmodel.Account)
|
||||
if !ok {
|
||||
return nil, errors.New("could not parse account from session context")
|
||||
}
|
||||
a.Account = parsed
|
||||
}
|
||||
|
||||
if requireToken && a.Token == nil {
|
||||
return nil, errors.New("token not supplied")
|
||||
}
|
||||
|
||||
if requireApp && a.Application == nil {
|
||||
return nil, errors.New("application not supplied")
|
||||
}
|
||||
|
||||
if requireUser && a.User == nil {
|
||||
return nil, errors.New("user not supplied or not authorized")
|
||||
}
|
||||
|
||||
if requireAccount && a.Account == nil {
|
||||
return nil, errors.New("account not supplied or not authorized")
|
||||
}
|
||||
|
||||
return a, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue