notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/masto-client] Fix poll endpoint authentication (ISH-377)

Browse source
This commit is contained in:
Laura Hausmann 2024-06-20 19:38:16 +02:00
parent b4b180f877
commit 36296cd28c
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Iceshrimp.Backend/Controllers/Mastodon/PollController.cs
View file

@ -3,6 +3,7 @@ using Iceshrimp.Backend.Controllers.Mastodon.Attributes;
using Iceshrimp.Backend.Controllers.Mastodon.Renderers;
using Iceshrimp.Backend.Controllers.Mastodon.Schemas;
using Iceshrimp.Backend.Controllers.Mastodon.Schemas.Entities;
using Iceshrimp.Backend.Core.Configuration;
using Iceshrimp.Backend.Core.Database;
using Iceshrimp.Backend.Core.Database.Tables;
using Iceshrimp.Backend.Core.Extensions;
@ -13,24 +14,32 @@ using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.RateLimiting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
namespace Iceshrimp.Backend.Controllers.Mastodon;
[MastodonApiController]
[Route("/api/v1/polls/{id}")]
[Authenticate]
[Authenticate("read:statuses")]
[EnableCors("mastodon")]
[EnableRateLimiting("sliding")]
[Produces(MediaTypeNames.Application.Json)]
public class PollController(DatabaseContext db, PollRenderer pollRenderer, PollService pollSvc) : ControllerBase
public class PollController(
DatabaseContext db,
PollRenderer pollRenderer,
PollService pollSvc,
IOptionsSnapshot<Config.SecuritySection> security
) : ControllerBase
{
[HttpGet("")]
[Authenticate("read:statuses")]
[HttpGet]
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))]
[ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))]
public async Task<IActionResult> GetPoll(string id)
{
var user = HttpContext.GetUserOrFail();
var user = HttpContext.GetUser();
if (security.Value.PublicPreview == Enums.PublicPreview.Lockdown && user == null)
throw GracefulException.Forbidden("Public preview is disabled on this instance");
var note = await db.Notes.Where(p => p.Id == id).EnsureVisibleFor(user).FirstOrDefaultAsync() ??
throw GracefulException.RecordNotFound();
var poll = await db.Polls.Where(p => p.Note == note).FirstOrDefaultAsync() ??
@ -40,7 +49,7 @@ public class PollController(DatabaseContext db, PollRenderer pollRenderer, PollS
}
[HttpPost("votes")]
[Authenticate("read:statuses")]
[Authorize("read:statuses")]
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PollEntity))]
[ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(MastodonErrorResponse))]
[ProducesResponseType(StatusCodes.Status404NotFound, Type = typeof(MastodonErrorResponse))]

2
Iceshrimp.Backend/Controllers/Mastodon/StatusController.cs
View file

@ -35,7 +35,7 @@ public class StatusController(
NoteService noteSvc,
CacheService cache,
IOptions<Config.InstanceSection> config,
IOptions<Config.SecuritySection> security,
IOptionsSnapshot<Config.SecuritySection> security,
UserRenderer userRenderer
) : ControllerBase
{