notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/middleware] Require administrator role for masto admin scope endpoints

Browse source 
This isn't currently used anywhere, but may become relevant in the future.
This commit is contained in:
Laura Hausmann 2025-02-17 23:28:51 +01:00
parent 3a51684e07
commit 8b514986a4
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Iceshrimp.Backend/Core/Middleware/AuthenticationMiddleware.cs
View file

@ -62,8 +62,8 @@ public class AuthenticationMiddleware(
}
if ((attribute.AdminRole && !oauthToken.User.IsAdmin) ||
(attribute.ModeratorRole &&
oauthToken.User is { IsAdmin: false, IsModerator: false }))
(attribute.ModeratorRole && oauthToken.User is { IsAdmin: false, IsModerator: false }) ||
(attribute.Scopes.Any(p => p is "admin" || p.StartsWith("admin:")) && !oauthToken.User.IsAdmin))
{
await next(ctx);
return;

2
Iceshrimp.Backend/Core/Middleware/AuthorizationMiddleware.cs
View file

@ -26,6 +26,8 @@ public class AuthorizationMiddleware(RequestDelegate next) : ConditionalMiddlewa
throw GracefulException.Forbidden("This action is outside the authorized scopes");
if (attribute.ModeratorRole && token.User is { IsAdmin: false, IsModerator: false })
throw GracefulException.Forbidden("This action is outside the authorized scopes");
if (attribute.Scopes.Any(p => p is "admin" || p.StartsWith("admin:") && !token.User.IsAdmin))
throw GracefulException.Forbidden("This action is outside the authorized scopes");
}
else
{