notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/masto-client] Fix poll endpoint authentication (ISH-377)

Browse source
This commit is contained in:
Laura Hausmann 2024-06-20 19:38:16 +02:00
parent b4b180f877
commit 36296cd28c
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Iceshrimp.Backend/Controllers/Mastodon/PollController.cs
View file

@ -3,6 +3,7 @@ using Iceshrimp.Backend.Controllers.Mastodon.Attributes;
using Iceshrimp.Backend.Controllers.Mastodon.Renderers; using Iceshrimp.Backend.Controllers.Mastodon.Renderers;
using Iceshrimp.Backend.Controllers.Mastodon.Schemas; using Iceshrimp.Backend.Controllers.Mastodon.Schemas;
using Iceshrimp.Backend.Controllers.Mastodon.Schemas.Entities; using Iceshrimp.Backend.Controllers.Mastodon.Schemas.Entities;
using Iceshrimp.Backend.Core.Configuration;
using Iceshrimp.Backend.Core.Database; using Iceshrimp.Backend.Core.Database;
using Iceshrimp.Backend.Core.Database.Tables; using Iceshrimp.Backend.Core.Database.Tables;
using Iceshrimp.Backend.Core.Extensions; using Iceshrimp.Backend.Core.Extensions;
@ -13,24 +14,32 @@ using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.RateLimiting; using Microsoft.AspNetCore.RateLimiting;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
namespace Iceshrimp.Backend.Controllers.Mastodon; namespace Iceshrimp.Backend.Controllers.Mastodon;
[MastodonApiController] [MastodonApiController]
[Route("/api/v1/polls/{id}")] [Route("/api/v1/polls/{id}")]
[Authenticate] [Authenticate("read:statuses")]
[EnableCors("mastodon")] [EnableCors("mastodon")]
[EnableRateLimiting("sliding")] [EnableRateLimiting("sliding")]
[Produces(MediaTypeNames.Application.Json)] [Produces(MediaTypeNames.Application.Json)]
public class PollController(DatabaseContext db, PollRenderer pollRenderer, PollService pollSvc) : ControllerBase public class PollController(
DatabaseContext db,
PollRenderer pollRenderer,
PollService pollSvc,
IOptionsSnapshot<Config.SecuritySection> security
) : ControllerBase
{ {
[HttpGet("")] [HttpGet]
[Authenticate("read:statuses")]
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))] [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))]
[ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))] [ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))]
public async Task<IActionResult> GetPoll(string id) public async Task<IActionResult> GetPoll(string id)
{ {
var user = HttpContext.GetUserOrFail(); var user = HttpContext.GetUser();
if (security.Value.PublicPreview == Enums.PublicPreview.Lockdown && user == null)
throw GracefulException.Forbidden("Public preview is disabled on this instance");
var note = await db.Notes.Where(p => p.Id == id).EnsureVisibleFor(user).FirstOrDefaultAsync() ?? var note = await db.Notes.Where(p => p.Id == id).EnsureVisibleFor(user).FirstOrDefaultAsync() ??
throw GracefulException.RecordNotFound(); throw GracefulException.RecordNotFound();
var poll = await db.Polls.Where(p => p.Note == note).FirstOrDefaultAsync() ?? var poll = await db.Polls.Where(p => p.Note == note).FirstOrDefaultAsync() ??
@ -40,7 +49,7 @@ public class PollController(DatabaseContext db, PollRenderer pollRenderer, PollS
} }
[HttpPost("votes")] [HttpPost("votes")]
[Authenticate("read:statuses")] [Authorize("read:statuses")]
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))] [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))]
[ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(MastodonErrorResponse))] [ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(MastodonErrorResponse))]
[ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))] [ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))]

2
Iceshrimp.Backend/Controllers/Mastodon/StatusController.cs
View file

@ -35,7 +35,7 @@ public class StatusController(
NoteService noteSvc, NoteService noteSvc,
CacheService cache, CacheService cache,
IOptions<Config.InstanceSection> config, IOptions<Config.InstanceSection> config,
IOptions<Config.SecuritySection> security, IOptionsSnapshot<Config.SecuritySection> security,
UserRenderer userRenderer UserRenderer userRenderer
) : ControllerBase ) : ControllerBase
{ {