diff --git a/api/api/v1/accounts/:id/block.ts b/api/api/v1/accounts/:id/block.ts index 6675db68..8170bf5f 100644 --- a/api/api/v1/accounts/:id/block.ts +++ b/api/api/v1/accounts/:id/block.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/block", summary: "Block user", description: "Block a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:blocks"], + permissions: [ + RolePermissions.ManageOwnBlocks, + RolePermissions.ViewAccounts, + ], + }), + ] as const, responses: { 200: { description: "Updated relationship", diff --git a/api/api/v1/accounts/:id/follow.ts b/api/api/v1/accounts/:id/follow.ts index 5dfae186..aefca0c8 100644 --- a/api/api/v1/accounts/:id/follow.ts +++ b/api/api/v1/accounts/:id/follow.ts @@ -46,7 +46,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/follow", summary: "Follow user", description: "Follow a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:follows"], + permissions: [ + RolePermissions.ManageOwnFollows, + RolePermissions.ViewAccounts, + ], + }), + ] as const, responses: { 200: { description: "Updated relationship", diff --git a/api/api/v1/accounts/:id/followers.ts b/api/api/v1/accounts/:id/followers.ts index a663647e..2e0ba0c1 100644 --- a/api/api/v1/accounts/:id/followers.ts +++ b/api/api/v1/accounts/:id/followers.ts @@ -43,7 +43,16 @@ const route = createRoute({ summary: "Get account followers", description: "Gets an paginated list of accounts that follow the specified account", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + scopes: ["read:accounts"], + permissions: [ + RolePermissions.ViewAccountFollows, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, query: schemas.query, diff --git a/api/api/v1/accounts/:id/following.ts b/api/api/v1/accounts/:id/following.ts index e0160e33..6a2d36ba 100644 --- a/api/api/v1/accounts/:id/following.ts +++ b/api/api/v1/accounts/:id/following.ts @@ -43,7 +43,16 @@ const route = createRoute({ summary: "Get account following", description: "Gets an paginated list of accounts that the specified account follows", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + scopes: ["read:accounts"], + permissions: [ + RolePermissions.ViewAccountFollows, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, query: schemas.query, diff --git a/api/api/v1/accounts/:id/index.ts b/api/api/v1/accounts/:id/index.ts index ccbc1f4d..60b5400f 100644 --- a/api/api/v1/accounts/:id/index.ts +++ b/api/api/v1/accounts/:id/index.ts @@ -32,7 +32,12 @@ const route = createRoute({ path: "/api/v1/accounts/{id}", summary: "Get account data", description: "Gets the specified account data", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.ViewAccounts], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/mute.ts b/api/api/v1/accounts/:id/mute.ts index d944a375..8551bd07 100644 --- a/api/api/v1/accounts/:id/mute.ts +++ b/api/api/v1/accounts/:id/mute.ts @@ -44,7 +44,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/mute", summary: "Mute user", description: "Mute a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:mutes"], + permissions: [ + RolePermissions.ManageOwnMutes, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, body: { @@ -90,10 +99,6 @@ export default apiRoute((app) => // TODO: Add duration support const { notifications } = context.req.valid("json"); - if (!user) { - throw new ApiError(401, "Unauthorized"); - } - const otherUser = await User.fromId(id); if (!otherUser) { diff --git a/api/api/v1/accounts/:id/note.ts b/api/api/v1/accounts/:id/note.ts index e365ece5..93a164d9 100644 --- a/api/api/v1/accounts/:id/note.ts +++ b/api/api/v1/accounts/:id/note.ts @@ -38,7 +38,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/note", summary: "Set note", description: "Set a note on a user's profile, visible only to you", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:accounts"], + permissions: [ + RolePermissions.ManageOwnAccount, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, body: { diff --git a/api/api/v1/accounts/:id/pin.ts b/api/api/v1/accounts/:id/pin.ts index 2a5b09e4..672d558f 100644 --- a/api/api/v1/accounts/:id/pin.ts +++ b/api/api/v1/accounts/:id/pin.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/pin", summary: "Pin user", description: "Pin a user to your profile", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:accounts"], + permissions: [ + RolePermissions.ManageOwnAccount, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/refetch.ts b/api/api/v1/accounts/:id/refetch.ts index d99675fa..aea5b7f0 100644 --- a/api/api/v1/accounts/:id/refetch.ts +++ b/api/api/v1/accounts/:id/refetch.ts @@ -32,7 +32,13 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/refetch", summary: "Refetch user", description: "Refetch a user's profile from the remote server", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:accounts"], + permissions: [RolePermissions.ViewAccounts], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/remove_from_followers.ts b/api/api/v1/accounts/:id/remove_from_followers.ts index 5c00297b..2fb4feb4 100644 --- a/api/api/v1/accounts/:id/remove_from_followers.ts +++ b/api/api/v1/accounts/:id/remove_from_followers.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/remove_from_followers", summary: "Remove user from followers", description: "Remove a user from your followers", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:follows"], + permissions: [ + RolePermissions.ManageOwnFollows, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/roles/:role_id/index.ts b/api/api/v1/accounts/:id/roles/:role_id/index.ts index 47287923..d55fdb06 100644 --- a/api/api/v1/accounts/:id/roles/:role_id/index.ts +++ b/api/api/v1/accounts/:id/roles/:role_id/index.ts @@ -35,7 +35,12 @@ const routePost = createRoute({ method: "post", path: "/api/v1/accounts/{id}/roles/{role_id}", summary: "Assign role to user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageRoles], + }), + ] as const, request: { params: schemas.param, }, @@ -74,7 +79,12 @@ const routeDelete = createRoute({ method: "delete", path: "/api/v1/accounts/{id}/roles/{role_id}", summary: "Remove role from user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageRoles], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/roles/index.ts b/api/api/v1/accounts/:id/roles/index.ts index 5bb84757..f9b497e8 100644 --- a/api/api/v1/accounts/:id/roles/index.ts +++ b/api/api/v1/accounts/:id/roles/index.ts @@ -29,7 +29,11 @@ const route = createRoute({ method: "get", path: "/api/v1/accounts/{id}/roles", summary: "List user roles", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/statuses.ts b/api/api/v1/accounts/:id/statuses.ts index dba9d0cb..8952df69 100644 --- a/api/api/v1/accounts/:id/statuses.ts +++ b/api/api/v1/accounts/:id/statuses.ts @@ -59,7 +59,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/statuses", summary: "Get account statuses", description: "Gets an paginated list of statuses by the specified account", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [ + RolePermissions.ViewNotes, + RolePermissions.ViewAccounts, + ], + scopes: ["read:statuses"], + }), + ] as const, request: { params: schemas.param, query: schemas.query, diff --git a/api/api/v1/accounts/:id/unblock.ts b/api/api/v1/accounts/:id/unblock.ts index ca66872b..be21360b 100644 --- a/api/api/v1/accounts/:id/unblock.ts +++ b/api/api/v1/accounts/:id/unblock.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/unblock", summary: "Unblock user", description: "Unblock a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:blocks"], + permissions: [ + RolePermissions.ManageOwnBlocks, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/unfollow.ts b/api/api/v1/accounts/:id/unfollow.ts index 67ad6c8d..0348cac0 100644 --- a/api/api/v1/accounts/:id/unfollow.ts +++ b/api/api/v1/accounts/:id/unfollow.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/unfollow", summary: "Unfollow user", description: "Unfollow a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:follows"], + permissions: [ + RolePermissions.ManageOwnFollows, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/unmute.ts b/api/api/v1/accounts/:id/unmute.ts index 3790fc3e..95a0ff4a 100644 --- a/api/api/v1/accounts/:id/unmute.ts +++ b/api/api/v1/accounts/:id/unmute.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/unmute", summary: "Unmute user", description: "Unmute a user", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:mutes"], + permissions: [ + RolePermissions.ManageOwnMutes, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/:id/unpin.ts b/api/api/v1/accounts/:id/unpin.ts index 5ca4585f..5965d843 100644 --- a/api/api/v1/accounts/:id/unpin.ts +++ b/api/api/v1/accounts/:id/unpin.ts @@ -35,7 +35,16 @@ const route = createRoute({ path: "/api/v1/accounts/{id}/unpin", summary: "Unpin user", description: "Unpin a user from your profile", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:accounts"], + permissions: [ + RolePermissions.ManageOwnAccount, + RolePermissions.ViewAccounts, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/accounts/familiar_followers/index.ts b/api/api/v1/accounts/familiar_followers/index.ts index f162340c..4add269d 100644 --- a/api/api/v1/accounts/familiar_followers/index.ts +++ b/api/api/v1/accounts/familiar_followers/index.ts @@ -39,7 +39,14 @@ const route = createRoute({ summary: "Get familiar followers", description: "Obtain a list of all accounts that follow a given account, filtered for accounts you follow.", - middleware: [auth(meta.auth, meta.permissions), qsQuery()] as const, + middleware: [ + auth({ + auth: true, + scopes: ["read:follows"], + permissions: [RolePermissions.ManageOwnFollows], + }), + qsQuery(), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/accounts/id/index.ts b/api/api/v1/accounts/id/index.ts index cf6ec99f..cb9bedf5 100644 --- a/api/api/v1/accounts/id/index.ts +++ b/api/api/v1/accounts/id/index.ts @@ -33,7 +33,12 @@ const route = createRoute({ path: "/api/v1/accounts/id", summary: "Get account by username", description: "Get an account by username", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.Search], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/accounts/index.ts b/api/api/v1/accounts/index.ts index 108c0442..c8084db9 100644 --- a/api/api/v1/accounts/index.ts +++ b/api/api/v1/accounts/index.ts @@ -44,7 +44,11 @@ const route = createRoute({ summary: "Create account", description: "Register a new account", middleware: [ - auth(meta.auth, meta.permissions, meta.challenge), + auth({ + auth: false, + scopes: ["write:accounts"], + challenge: true, + }), jsonOrForm(), ], request: { diff --git a/api/api/v1/accounts/lookup/index.ts b/api/api/v1/accounts/lookup/index.ts index b3e3d98e..389e5fac 100644 --- a/api/api/v1/accounts/lookup/index.ts +++ b/api/api/v1/accounts/lookup/index.ts @@ -34,7 +34,12 @@ const route = createRoute({ path: "/api/v1/accounts/lookup", summary: "Lookup account", description: "Lookup an account by acct", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.Search], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/accounts/relationships/index.ts b/api/api/v1/accounts/relationships/index.ts index 31a657fd..cad6c8e4 100644 --- a/api/api/v1/accounts/relationships/index.ts +++ b/api/api/v1/accounts/relationships/index.ts @@ -32,7 +32,14 @@ const route = createRoute({ path: "/api/v1/accounts/relationships", summary: "Get relationships", description: "Get relationships by account ID", - middleware: [auth(meta.auth, meta.permissions), qsQuery()] as const, + middleware: [ + auth({ + auth: true, + scopes: ["read:follows"], + permissions: [RolePermissions.ManageOwnFollows], + }), + qsQuery(), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/accounts/search/index.ts b/api/api/v1/accounts/search/index.ts index ea69afdd..c9d0d881 100644 --- a/api/api/v1/accounts/search/index.ts +++ b/api/api/v1/accounts/search/index.ts @@ -50,7 +50,13 @@ export const route = createRoute({ path: "/api/v1/accounts/search", summary: "Search accounts", description: "Search for accounts", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.Search, RolePermissions.ViewAccounts], + scopes: ["read:accounts"], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/accounts/update_credentials/index.ts b/api/api/v1/accounts/update_credentials/index.ts index ede5a5e5..ddfaca36 100644 --- a/api/api/v1/accounts/update_credentials/index.ts +++ b/api/api/v1/accounts/update_credentials/index.ts @@ -151,7 +151,14 @@ const route = createRoute({ path: "/api/v1/accounts/update_credentials", summary: "Update credentials", description: "Update user credentials", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnAccount], + scopes: ["write:accounts"], + }), + jsonOrForm(), + ] as const, request: { body: { content: { diff --git a/api/api/v1/accounts/verify_credentials/index.ts b/api/api/v1/accounts/verify_credentials/index.ts index 1baa2660..725366ca 100644 --- a/api/api/v1/accounts/verify_credentials/index.ts +++ b/api/api/v1/accounts/verify_credentials/index.ts @@ -21,7 +21,12 @@ const route = createRoute({ path: "/api/v1/accounts/verify_credentials", summary: "Verify credentials", description: "Get your own account information", - middleware: [auth(meta.auth)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["read:accounts"], + }), + ] as const, responses: { 200: { description: "Account", diff --git a/api/api/v1/apps/verify_credentials/index.ts b/api/api/v1/apps/verify_credentials/index.ts index 08fd3203..51d8b559 100644 --- a/api/api/v1/apps/verify_credentials/index.ts +++ b/api/api/v1/apps/verify_credentials/index.ts @@ -24,7 +24,12 @@ const route = createRoute({ path: "/api/v1/apps/verify_credentials", summary: "Verify credentials", description: "Get your own application information", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnApps], + }), + ] as const, responses: { 200: { description: "Application", diff --git a/api/api/v1/blocks/index.ts b/api/api/v1/blocks/index.ts index 19bf0d34..127f0bcb 100644 --- a/api/api/v1/blocks/index.ts +++ b/api/api/v1/blocks/index.ts @@ -36,7 +36,13 @@ const route = createRoute({ path: "/api/v1/blocks", summary: "Get blocks", description: "Get users you have blocked", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["read:blocks"], + permissions: [RolePermissions.ManageOwnBlocks], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/challenges/index.ts b/api/api/v1/challenges/index.ts index 338232d4..6e7b2e25 100644 --- a/api/api/v1/challenges/index.ts +++ b/api/api/v1/challenges/index.ts @@ -24,7 +24,11 @@ const route = createRoute({ path: "/api/v1/challenges", summary: "Generate a challenge", description: "Generate a challenge to solve", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + }), + ] as const, responses: { 200: { description: "Challenge", diff --git a/api/api/v1/custom_emojis/index.ts b/api/api/v1/custom_emojis/index.ts index f382657c..42b8fcc1 100644 --- a/api/api/v1/custom_emojis/index.ts +++ b/api/api/v1/custom_emojis/index.ts @@ -23,7 +23,12 @@ const route = createRoute({ path: "/api/v1/custom_emojis", summary: "Get custom emojis", description: "Get custom emojis", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.ViewEmojis], + }), + ] as const, responses: { 200: { description: "Emojis", diff --git a/api/api/v1/emojis/:id/index.ts b/api/api/v1/emojis/:id/index.ts index 542a1a3c..80e445de 100644 --- a/api/api/v1/emojis/:id/index.ts +++ b/api/api/v1/emojis/:id/index.ts @@ -71,7 +71,12 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/emojis/{id}", summary: "Get emoji data", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ViewEmojis], + }), + ] as const, request: { params: schemas.param, }, @@ -92,14 +97,6 @@ const routeGet = createRoute({ }, }, }, - 403: { - description: "Insufficient credentials", - content: { - "application/json": { - schema: ErrorSchema, - }, - }, - }, 404: { description: "Emoji not found", content: { @@ -115,7 +112,16 @@ const routePatch = createRoute({ method: "patch", path: "/api/v1/emojis/{id}", summary: "Modify emoji", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnEmojis, + RolePermissions.ViewEmojis, + ], + }), + jsonOrForm(), + ] as const, request: { params: schemas.param, body: { @@ -180,7 +186,15 @@ const routeDelete = createRoute({ method: "delete", path: "/api/v1/emojis/{id}", summary: "Delete emoji", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnEmojis, + RolePermissions.ViewEmojis, + ], + }), + ] as const, request: { params: schemas.param, }, @@ -222,16 +236,12 @@ export default apiRoute((app) => { throw new ApiError(404, "Emoji not found"); } - // Check if user is admin + // Don't leak non-global emojis to non-admins if ( !user.hasPermission(RolePermissions.ManageEmojis) && emoji.data.ownerId !== user.data.id ) { - throw new ApiError( - 403, - "Cannot modify emoji not owned by you", - `This emoji is either global (and you do not have the '${RolePermissions.ManageEmojis}' permission) or not owned by you`, - ); + throw new ApiError(404, "Emoji not found"); } return context.json(emoji.toApi(), 200); diff --git a/api/api/v1/emojis/index.ts b/api/api/v1/emojis/index.ts index becafafa..07b8e42a 100644 --- a/api/api/v1/emojis/index.ts +++ b/api/api/v1/emojis/index.ts @@ -67,7 +67,16 @@ const route = createRoute({ path: "/api/v1/emojis", summary: "Upload emoji", description: "Upload an emoji", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnEmojis, + RolePermissions.ViewEmojis, + ], + }), + jsonOrForm(), + ] as const, request: { body: { content: { diff --git a/api/api/v1/favourites/index.ts b/api/api/v1/favourites/index.ts index 34656c69..39998890 100644 --- a/api/api/v1/favourites/index.ts +++ b/api/api/v1/favourites/index.ts @@ -34,7 +34,12 @@ const route = createRoute({ method: "get", path: "/api/v1/favourites", summary: "Get favourites", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnLikes], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/follow_requests/:account_id/authorize.ts b/api/api/v1/follow_requests/:account_id/authorize.ts index fb1d0326..758cc55e 100644 --- a/api/api/v1/follow_requests/:account_id/authorize.ts +++ b/api/api/v1/follow_requests/:account_id/authorize.ts @@ -30,7 +30,12 @@ const route = createRoute({ method: "post", path: "/api/v1/follow_requests/{account_id}/authorize", summary: "Authorize follow request", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFollows], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/follow_requests/:account_id/reject.ts b/api/api/v1/follow_requests/:account_id/reject.ts index c27adabf..cbd70a04 100644 --- a/api/api/v1/follow_requests/:account_id/reject.ts +++ b/api/api/v1/follow_requests/:account_id/reject.ts @@ -30,7 +30,12 @@ const route = createRoute({ method: "post", path: "/api/v1/follow_requests/{account_id}/reject", summary: "Reject follow request", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFollows], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/follow_requests/index.ts b/api/api/v1/follow_requests/index.ts index 58c44067..07e3151b 100644 --- a/api/api/v1/follow_requests/index.ts +++ b/api/api/v1/follow_requests/index.ts @@ -34,7 +34,12 @@ const route = createRoute({ method: "get", path: "/api/v1/follow_requests", summary: "Get follow requests", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFollows], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/instance/index.ts b/api/api/v1/instance/index.ts index 2bf8a212..2a60243d 100644 --- a/api/api/v1/instance/index.ts +++ b/api/api/v1/instance/index.ts @@ -22,7 +22,11 @@ const route = createRoute({ method: "get", path: "/api/v1/instance", summary: "Get instance information", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: false, + }), + ], responses: { 200: { description: "Instance information", diff --git a/api/api/v1/instance/privacy_policy.ts b/api/api/v1/instance/privacy_policy.ts index 0acfd017..7df67924 100644 --- a/api/api/v1/instance/privacy_policy.ts +++ b/api/api/v1/instance/privacy_policy.ts @@ -18,7 +18,11 @@ const route = createRoute({ method: "get", path: "/api/v1/instance/privacy_policy", summary: "Get instance privacy policy", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: false, + }), + ], responses: { 200: { description: "Instance privacy policy", diff --git a/api/api/v1/instance/rules.ts b/api/api/v1/instance/rules.ts index 94a7a594..5182a8db 100644 --- a/api/api/v1/instance/rules.ts +++ b/api/api/v1/instance/rules.ts @@ -17,7 +17,11 @@ const route = createRoute({ method: "get", path: "/api/v1/instance/rules", summary: "Get instance rules", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: false, + }), + ], responses: { 200: { description: "Instance rules", diff --git a/api/api/v1/instance/tos.ts b/api/api/v1/instance/tos.ts index 831005b0..1ed31f44 100644 --- a/api/api/v1/instance/tos.ts +++ b/api/api/v1/instance/tos.ts @@ -18,7 +18,11 @@ const route = createRoute({ method: "get", path: "/api/v1/instance/tos", summary: "Get instance terms of service", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: false, + }), + ], responses: { 200: { description: "Instance terms of service", diff --git a/api/api/v1/markers/index.ts b/api/api/v1/markers/index.ts index f8ec84d3..339ecb7d 100644 --- a/api/api/v1/markers/index.ts +++ b/api/api/v1/markers/index.ts @@ -48,7 +48,12 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/markers", summary: "Get markers", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnAccount], + }), + ] as const, request: { query: z.object({ "timeline[]": z @@ -82,7 +87,12 @@ const routePost = createRoute({ method: "post", path: "/api/v1/markers", summary: "Update markers", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnAccount], + }), + ] as const, request: { query: z.object({ "home[last_read_id]": z.string().regex(idValidator).optional(), diff --git a/api/api/v1/media/:id/index.ts b/api/api/v1/media/:id/index.ts index a0a79d1f..5c685413 100644 --- a/api/api/v1/media/:id/index.ts +++ b/api/api/v1/media/:id/index.ts @@ -41,7 +41,13 @@ const routePut = createRoute({ method: "put", path: "/api/v1/media/{id}", summary: "Update media", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:media"], + permissions: [RolePermissions.ManageOwnMedia], + }), + ] as const, request: { params: schemas.param, body: { @@ -84,7 +90,12 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/media/{id}", summary: "Get media", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnMedia], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/media/index.ts b/api/api/v1/media/index.ts index 3124e590..e196625b 100644 --- a/api/api/v1/media/index.ts +++ b/api/api/v1/media/index.ts @@ -40,7 +40,13 @@ const route = createRoute({ method: "post", path: "/api/v1/media", summary: "Upload media", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:media"], + permissions: [RolePermissions.ManageOwnMedia], + }), + ] as const, request: { body: { content: { diff --git a/api/api/v1/mutes/index.ts b/api/api/v1/mutes/index.ts index d97a9e71..d90059e4 100644 --- a/api/api/v1/mutes/index.ts +++ b/api/api/v1/mutes/index.ts @@ -35,7 +35,13 @@ const route = createRoute({ method: "get", path: "/api/v1/mutes", summary: "Get muted users", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["read:mutes"], + permissions: [RolePermissions.ManageOwnMutes], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/notifications/:id/dismiss.ts b/api/api/v1/notifications/:id/dismiss.ts index 9a0a0690..9cf1dfc5 100644 --- a/api/api/v1/notifications/:id/dismiss.ts +++ b/api/api/v1/notifications/:id/dismiss.ts @@ -31,7 +31,13 @@ const route = createRoute({ method: "post", path: "/api/v1/notifications/{id}/dismiss", summary: "Dismiss notification", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:notifications"], + permissions: [RolePermissions.ManageOwnNotifications], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/notifications/:id/index.ts b/api/api/v1/notifications/:id/index.ts index 393f5d36..43c340b1 100644 --- a/api/api/v1/notifications/:id/index.ts +++ b/api/api/v1/notifications/:id/index.ts @@ -31,14 +31,24 @@ const route = createRoute({ method: "get", path: "/api/v1/notifications/{id}", summary: "Get notification", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnNotifications], + scopes: ["read:notifications"], + }), + ] as const, request: { params: schemas.param, }, responses: { 200: { description: "Notification", - schema: Notification.schema, + content: { + "application/json": { + schema: Notification.schema, + }, + }, }, 401: { description: "Unauthorized", diff --git a/api/api/v1/notifications/clear/index.ts b/api/api/v1/notifications/clear/index.ts index 74859814..8be8687c 100644 --- a/api/api/v1/notifications/clear/index.ts +++ b/api/api/v1/notifications/clear/index.ts @@ -23,7 +23,13 @@ const route = createRoute({ method: "post", path: "/api/v1/notifications/clear", summary: "Clear notifications", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnNotifications], + scopes: ["write:notifications"], + }), + ] as const, responses: { 200: { description: "Notifications cleared", diff --git a/api/api/v1/notifications/destroy_multiple/index.ts b/api/api/v1/notifications/destroy_multiple/index.ts index 23511f0f..51489386 100644 --- a/api/api/v1/notifications/destroy_multiple/index.ts +++ b/api/api/v1/notifications/destroy_multiple/index.ts @@ -30,7 +30,13 @@ const route = createRoute({ method: "delete", path: "/api/v1/notifications/destroy_multiple", summary: "Dismiss multiple notifications", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnNotifications], + scopes: ["write:notifications"], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/notifications/index.ts b/api/api/v1/notifications/index.ts index 958e28c2..08a76087 100644 --- a/api/api/v1/notifications/index.ts +++ b/api/api/v1/notifications/index.ts @@ -20,7 +20,7 @@ export const meta = applyConfig({ permissions: { required: [ RolePermissions.ManageOwnNotifications, - RolePermissions.ViewPrimateTimelines, + RolePermissions.ViewPrivateTimelines, ], }, }); @@ -94,7 +94,15 @@ const route = createRoute({ method: "get", path: "/api/v1/notifications", summary: "Get notifications", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotifications, + RolePermissions.ViewPrivateTimelines, + ], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/profile/avatar.ts b/api/api/v1/profile/avatar.ts index 01de9932..66e2a6e3 100644 --- a/api/api/v1/profile/avatar.ts +++ b/api/api/v1/profile/avatar.ts @@ -23,7 +23,13 @@ const route = createRoute({ method: "delete", path: "/api/v1/profile/avatar", summary: "Delete avatar", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnAccount], + scopes: ["write:account"], + }), + ] as const, responses: { 200: { description: "User", diff --git a/api/api/v1/profile/header.ts b/api/api/v1/profile/header.ts index b8c7b805..03a90846 100644 --- a/api/api/v1/profile/header.ts +++ b/api/api/v1/profile/header.ts @@ -23,7 +23,13 @@ const route = createRoute({ method: "delete", path: "/api/v1/profile/header", summary: "Delete header", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnAccount], + scopes: ["write:account"], + }), + ] as const, responses: { 200: { description: "User", diff --git a/api/api/v1/roles/:id/index.ts b/api/api/v1/roles/:id/index.ts index ccf017fb..4c416e5c 100644 --- a/api/api/v1/roles/:id/index.ts +++ b/api/api/v1/roles/:id/index.ts @@ -34,7 +34,11 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/roles/{id}", summary: "Get role data", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: true, + }), + ], request: { params: schemas.param, }, @@ -70,7 +74,12 @@ const routePatch = createRoute({ method: "patch", path: "/api/v1/roles/{id}", summary: "Update role data", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageRoles], + }), + ] as const, request: { params: schemas.param, body: { @@ -116,7 +125,12 @@ const routeDelete = createRoute({ method: "delete", path: "/api/v1/roles/{id}", summary: "Delete role", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageRoles], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/roles/index.ts b/api/api/v1/roles/index.ts index d918d8da..5244bd13 100644 --- a/api/api/v1/roles/index.ts +++ b/api/api/v1/roles/index.ts @@ -29,7 +29,11 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/roles", summary: "Get all roles", - middleware: [auth(meta.auth)], + middleware: [ + auth({ + auth: true, + }), + ] as const, responses: { 200: { description: "List of all roles", @@ -54,7 +58,12 @@ const routePost = createRoute({ method: "post", path: "/api/v1/roles", summary: "Create a new role", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageRoles], + }), + ] as const, request: { body: { content: { diff --git a/api/api/v1/statuses/:id/context.ts b/api/api/v1/statuses/:id/context.ts index 0cbf9b5f..746ab6ed 100644 --- a/api/api/v1/statuses/:id/context.ts +++ b/api/api/v1/statuses/:id/context.ts @@ -29,7 +29,12 @@ export const schemas = { const route = createRoute({ method: "get", path: "/api/v1/statuses/{id}/context", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.ViewNotes], + }), + ] as const, summary: "Get status context", request: { params: schemas.param, diff --git a/api/api/v1/statuses/:id/favourite.ts b/api/api/v1/statuses/:id/favourite.ts index 0d23d69a..3770605f 100644 --- a/api/api/v1/statuses/:id/favourite.ts +++ b/api/api/v1/statuses/:id/favourite.ts @@ -30,7 +30,15 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/favourite", summary: "Favourite a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnLikes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/:id/favourited_by.ts b/api/api/v1/statuses/:id/favourited_by.ts index df33ce48..d07cff0c 100644 --- a/api/api/v1/statuses/:id/favourited_by.ts +++ b/api/api/v1/statuses/:id/favourited_by.ts @@ -37,7 +37,15 @@ const route = createRoute({ method: "get", path: "/api/v1/statuses/{id}/favourited_by", summary: "Get users who favourited a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ViewNotes, + RolePermissions.ViewNoteLikes, + ], + }), + ] as const, request: { params: schemas.param, query: schemas.query, diff --git a/api/api/v1/statuses/:id/index.ts b/api/api/v1/statuses/:id/index.ts index 6a8d3850..4263a701 100644 --- a/api/api/v1/statuses/:id/index.ts +++ b/api/api/v1/statuses/:id/index.ts @@ -92,7 +92,12 @@ const routeGet = createRoute({ method: "get", path: "/api/v1/statuses/{id}", summary: "Get status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [RolePermissions.ViewNotes], + }), + ] as const, request: { params: schemas.param, }, @@ -120,7 +125,15 @@ const routeDelete = createRoute({ method: "delete", path: "/api/v1/statuses/{id}", summary: "Delete a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, @@ -156,7 +169,16 @@ const routePut = createRoute({ method: "put", path: "/api/v1/statuses/{id}", summary: "Update a status", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + jsonOrForm(), + ] as const, request: { params: schemas.param, body: { diff --git a/api/api/v1/statuses/:id/pin.ts b/api/api/v1/statuses/:id/pin.ts index c0866978..57a765e2 100644 --- a/api/api/v1/statuses/:id/pin.ts +++ b/api/api/v1/statuses/:id/pin.ts @@ -31,7 +31,15 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/pin", summary: "Pin a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/:id/reblog.ts b/api/api/v1/statuses/:id/reblog.ts index 9f0c158d..15dd68ae 100644 --- a/api/api/v1/statuses/:id/reblog.ts +++ b/api/api/v1/statuses/:id/reblog.ts @@ -34,7 +34,16 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/reblog", summary: "Reblog a status", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnBoosts, + RolePermissions.ViewNotes, + ], + }), + jsonOrForm(), + ] as const, request: { params: schemas.param, body: { diff --git a/api/api/v1/statuses/:id/reblogged_by.ts b/api/api/v1/statuses/:id/reblogged_by.ts index a0fe0090..c8301f2c 100644 --- a/api/api/v1/statuses/:id/reblogged_by.ts +++ b/api/api/v1/statuses/:id/reblogged_by.ts @@ -37,7 +37,15 @@ const route = createRoute({ method: "get", path: "/api/v1/statuses/{id}/reblogged_by", summary: "Get users who reblogged a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ViewNotes, + RolePermissions.ViewNoteBoosts, + ], + }), + ] as const, request: { params: schemas.param, query: schemas.query, diff --git a/api/api/v1/statuses/:id/source.ts b/api/api/v1/statuses/:id/source.ts index 1d895e01..b2f73171 100644 --- a/api/api/v1/statuses/:id/source.ts +++ b/api/api/v1/statuses/:id/source.ts @@ -31,7 +31,15 @@ const route = createRoute({ method: "get", path: "/api/v1/statuses/{id}/source", summary: "Get status source", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/:id/unfavourite.ts b/api/api/v1/statuses/:id/unfavourite.ts index a345e1be..201e42d3 100644 --- a/api/api/v1/statuses/:id/unfavourite.ts +++ b/api/api/v1/statuses/:id/unfavourite.ts @@ -30,7 +30,15 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/unfavourite", summary: "Unfavourite a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/:id/unpin.ts b/api/api/v1/statuses/:id/unpin.ts index 351a485a..0dc26ae1 100644 --- a/api/api/v1/statuses/:id/unpin.ts +++ b/api/api/v1/statuses/:id/unpin.ts @@ -30,7 +30,15 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/unpin", summary: "Unpin a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/:id/unreblog.ts b/api/api/v1/statuses/:id/unreblog.ts index 1f9461d9..49298d12 100644 --- a/api/api/v1/statuses/:id/unreblog.ts +++ b/api/api/v1/statuses/:id/unreblog.ts @@ -31,7 +31,15 @@ const route = createRoute({ method: "post", path: "/api/v1/statuses/{id}/unreblog", summary: "Unreblog a status", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v1/statuses/index.ts b/api/api/v1/statuses/index.ts index a73c63da..703089da 100644 --- a/api/api/v1/statuses/index.ts +++ b/api/api/v1/statuses/index.ts @@ -103,7 +103,13 @@ export const schemas = { const route = createRoute({ method: "post", path: "/api/v1/statuses", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnNotes], + }), + jsonOrForm(), + ] as const, summary: "Post a new status", request: { body: { diff --git a/api/api/v1/timelines/home.ts b/api/api/v1/timelines/home.ts index aca5d277..41953228 100644 --- a/api/api/v1/timelines/home.ts +++ b/api/api/v1/timelines/home.ts @@ -21,7 +21,7 @@ export const meta = applyConfig({ RolePermissions.ManageOwnNotes, RolePermissions.ViewNotes, RolePermissions.ViewAccounts, - RolePermissions.ViewPrimateTimelines, + RolePermissions.ViewPrivateTimelines, ], }, }); @@ -39,7 +39,17 @@ const route = createRoute({ method: "get", path: "/api/v1/timelines/home", summary: "Get home timeline", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [ + RolePermissions.ManageOwnNotes, + RolePermissions.ViewNotes, + RolePermissions.ViewAccounts, + RolePermissions.ViewPrivateTimelines, + ], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v1/timelines/public.ts b/api/api/v1/timelines/public.ts index cbaad828..26aa3c3f 100644 --- a/api/api/v1/timelines/public.ts +++ b/api/api/v1/timelines/public.ts @@ -49,7 +49,16 @@ const route = createRoute({ method: "get", path: "/api/v1/timelines/public", summary: "Get public timeline", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + permissions: [ + RolePermissions.ViewNotes, + RolePermissions.ViewAccounts, + RolePermissions.ViewPublicTimelines, + ], + }), + ] as const, request: { query: schemas.query, }, diff --git a/api/api/v2/filters/:id/index.ts b/api/api/v2/filters/:id/index.ts index 88bcbe11..7f8461d7 100644 --- a/api/api/v2/filters/:id/index.ts +++ b/api/api/v2/filters/:id/index.ts @@ -89,7 +89,12 @@ const routeGet = createRoute({ method: "get", path: "/api/v2/filters/{id}", summary: "Get filter", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFilters], + }), + ] as const, request: { params: schemas.param, }, @@ -125,7 +130,13 @@ const routePut = createRoute({ method: "put", path: "/api/v2/filters/{id}", summary: "Update filter", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFilters], + }), + jsonOrForm(), + ] as const, request: { params: schemas.param, body: { @@ -168,7 +179,12 @@ const routeDelete = createRoute({ method: "delete", path: "/api/v2/filters/{id}", summary: "Delete filter", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFilters], + }), + ] as const, request: { params: schemas.param, }, diff --git a/api/api/v2/filters/index.ts b/api/api/v2/filters/index.ts index 6c59536b..26c13911 100644 --- a/api/api/v2/filters/index.ts +++ b/api/api/v2/filters/index.ts @@ -77,7 +77,13 @@ const routeGet = createRoute({ method: "get", path: "/api/v2/filters", summary: "Get filters", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFilters], + }), + jsonOrForm(), + ] as const, responses: { 200: { description: "Filters", @@ -102,7 +108,13 @@ const routePost = createRoute({ method: "post", path: "/api/v2/filters", summary: "Create filter", - middleware: [auth(meta.auth, meta.permissions), jsonOrForm()] as const, + middleware: [ + auth({ + auth: true, + permissions: [RolePermissions.ManageOwnFilters], + }), + jsonOrForm(), + ] as const, request: { body: { content: { diff --git a/api/api/v2/media/index.ts b/api/api/v2/media/index.ts index d7251dc6..97da8b51 100644 --- a/api/api/v2/media/index.ts +++ b/api/api/v2/media/index.ts @@ -40,7 +40,13 @@ const route = createRoute({ method: "post", path: "/api/v2/media", summary: "Upload media", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: true, + scopes: ["write:media"], + permissions: [RolePermissions.ManageOwnMedia], + }), + ] as const, request: { body: { content: { diff --git a/api/api/v2/search/index.ts b/api/api/v2/search/index.ts index d38f1fcf..d9c64206 100644 --- a/api/api/v2/search/index.ts +++ b/api/api/v2/search/index.ts @@ -52,7 +52,17 @@ const route = createRoute({ method: "get", path: "/api/v2/search", summary: "Instance database search", - middleware: [auth(meta.auth, meta.permissions)] as const, + middleware: [ + auth({ + auth: false, + scopes: ["read:search"], + permissions: [ + RolePermissions.Search, + RolePermissions.ViewAccounts, + RolePermissions.ViewNotes, + ], + }), + ] as const, request: { query: schemas.query, }, diff --git a/drizzle/schema.ts b/drizzle/schema.ts index 328514ec..65c102a9 100644 --- a/drizzle/schema.ts +++ b/drizzle/schema.ts @@ -549,7 +549,7 @@ export enum RolePermissions { ManageOwnApps = "owner:app", Search = "search", ViewPublicTimelines = "public_timelines", - ViewPrimateTimelines = "private_timelines", + ViewPrivateTimelines = "private_timelines", IgnoreRateLimits = "ignore_rate_limits", Impersonate = "impersonate", ManageInstance = "instance", @@ -584,7 +584,7 @@ export const DEFAULT_ROLES = [ RolePermissions.ManageOwnApps, RolePermissions.Search, RolePermissions.ViewPublicTimelines, - RolePermissions.ViewPrimateTimelines, + RolePermissions.ViewPrivateTimelines, RolePermissions.OAuth, ]; diff --git a/plugins/openid/routes/authorize.ts b/plugins/openid/routes/authorize.ts index ce3006d3..27dd22e3 100644 --- a/plugins/openid/routes/authorize.ts +++ b/plugins/openid/routes/authorize.ts @@ -71,7 +71,7 @@ export default (plugin: PluginType): void => path: "/oauth/authorize", middleware: [ auth({ - required: false, + auth: false, }), jsonOrForm(), plugin.middleware, diff --git a/plugins/openid/routes/jwks.ts b/plugins/openid/routes/jwks.ts index c136bb68..ec7ddf5f 100644 --- a/plugins/openid/routes/jwks.ts +++ b/plugins/openid/routes/jwks.ts @@ -34,7 +34,7 @@ export default (plugin: PluginType): void => { }, middleware: [ auth({ - required: false, + auth: false, }), plugin.middleware, ] as const, diff --git a/plugins/openid/routes/sso/:id/index.ts b/plugins/openid/routes/sso/:id/index.ts index bdc45f81..4f2c111b 100644 --- a/plugins/openid/routes/sso/:id/index.ts +++ b/plugins/openid/routes/sso/:id/index.ts @@ -16,14 +16,10 @@ export default (plugin: PluginType): void => { path: "/api/v1/sso/{id}", summary: "Get linked account", middleware: [ - auth( - { - required: true, - }, - { - required: [RolePermissions.OAuth], - }, - ), + auth({ + auth: true, + permissions: [RolePermissions.OAuth], + }), plugin.middleware, ] as const, request: { @@ -115,14 +111,10 @@ export default (plugin: PluginType): void => { path: "/api/v1/sso/{id}", summary: "Unlink account", middleware: [ - auth( - { - required: true, - }, - { - required: [RolePermissions.OAuth], - }, - ), + auth({ + auth: true, + permissions: [RolePermissions.OAuth], + }), plugin.middleware, ] as const, request: { diff --git a/plugins/openid/routes/sso/index.ts b/plugins/openid/routes/sso/index.ts index 2206b209..ec78db0a 100644 --- a/plugins/openid/routes/sso/index.ts +++ b/plugins/openid/routes/sso/index.ts @@ -19,14 +19,10 @@ export default (plugin: PluginType): void => { path: "/api/v1/sso", summary: "Get linked accounts", middleware: [ - auth( - { - required: true, - }, - { - required: [RolePermissions.OAuth], - }, - ), + auth({ + auth: true, + permissions: [RolePermissions.OAuth], + }), plugin.middleware, ] as const, responses: { @@ -82,14 +78,10 @@ export default (plugin: PluginType): void => { path: "/api/v1/sso", summary: "Link account", middleware: [ - auth( - { - required: true, - }, - { - required: [RolePermissions.OAuth], - }, - ), + auth({ + auth: true, + permissions: [RolePermissions.OAuth], + }), plugin.middleware, ] as const, request: { diff --git a/utils/api.ts b/utils/api.ts index 18f1a8df..ca278f10 100644 --- a/utils/api.ts +++ b/utils/api.ts @@ -1,7 +1,7 @@ import type { OpenAPIHono } from "@hono/zod-openapi"; import { getLogger } from "@logtape/logtape"; import { Application, Token, db } from "@versia/kit/db"; -import { Challenges } from "@versia/kit/tables"; +import { Challenges, type RolePermissions } from "@versia/kit/tables"; import { extractParams, verifySolution } from "altcha-lib"; import chalk from "chalk"; import { type SQL, eq } from "drizzle-orm"; @@ -27,7 +27,7 @@ import { fromZodError } from "zod-validation-error"; import { ApiError } from "~/classes/errors/api-error"; import type { AuthData } from "~/classes/functions/user"; import { config } from "~/packages/config-manager/index.ts"; -import type { ApiRouteMetadata, HonoEnv, HttpVerb } from "~/types/api"; +import type { ApiRouteMetadata, HonoEnv } from "~/types/api"; export const applyConfig = (routeMeta: ApiRouteMetadata): ApiRouteMetadata => { const newMeta = routeMeta; @@ -161,19 +161,14 @@ export const handleZodError = ( const checkPermissions = ( auth: AuthData | null, - permissionData: ApiRouteMetadata["permissions"], - context: Context, + required: RolePermissions[], ): void => { const userPerms = auth?.user ? auth.user.getAllPermissions() : config.permissions.anonymous; - const requiredPerms = - permissionData?.methodOverrides?.[context.req.method as HttpVerb] ?? - permissionData?.required ?? - []; - if (!requiredPerms.every((perm) => userPerms.includes(perm))) { - const missingPerms = requiredPerms.filter( + if (!required.every((perm) => userPerms.includes(perm))) { + const missingPerms = required.filter( (perm) => !userPerms.includes(perm), ); throw new ApiError( @@ -186,8 +181,7 @@ const checkPermissions = ( const checkRouteNeedsAuth = ( auth: AuthData | null, - authData: ApiRouteMetadata["auth"], - context: Context, + required: boolean, ): AuthData => { if (auth?.user && auth?.token) { return { @@ -196,10 +190,7 @@ const checkRouteNeedsAuth = ( application: auth.application, }; } - if ( - authData.required || - authData.methodOverrides?.[context.req.method as HttpVerb] - ) { + if (required) { throw new ApiError(401, "This route requires authentication"); } @@ -211,10 +202,10 @@ const checkRouteNeedsAuth = ( }; export const checkRouteNeedsChallenge = async ( - challengeData: ApiRouteMetadata["challenge"], + required: boolean, context: Context, ): Promise => { - if (!challengeData) { + if (!required) { return; } @@ -265,12 +256,22 @@ export const checkRouteNeedsChallenge = async ( .where(eq(Challenges.id, challenge_id)); }; -export const auth = ( - authData: ApiRouteMetadata["auth"], - permissionData?: ApiRouteMetadata["permissions"], - challengeData?: ApiRouteMetadata["challenge"], -): MiddlewareHandler => - createMiddleware(async (context, next) => { +type HonoEnvWithAuth = HonoEnv & { + Variables: { + auth: AuthData & { user: NonNullable }; + }; +}; + +export const auth = (options: { + auth: AuthRequired; + permissions?: RolePermissions[]; + challenge?: boolean; + scopes?: string[]; + // If authRequired is true, HonoEnv.Variables.auth.user will never be null +}): MiddlewareHandler< + AuthRequired extends true ? HonoEnvWithAuth : HonoEnv +> => { + return createMiddleware(async (context, next) => { const header = context.req.header("Authorization"); const tokenString = header?.split(" ")[1]; @@ -287,22 +288,23 @@ export const auth = ( }; // Authentication check - const authCheck = checkRouteNeedsAuth(auth, authData, context); + const authCheck = checkRouteNeedsAuth(auth, options.auth); context.set("auth", authCheck); // Permissions check - if (permissionData) { - checkPermissions(auth, permissionData, context); + if (options.permissions) { + checkPermissions(auth, options.permissions); } // Challenge check - if (challengeData && config.validation.challenges.enabled) { - await checkRouteNeedsChallenge(challengeData, context); + if (options.challenge && config.validation.challenges.enabled) { + await checkRouteNeedsChallenge(options.challenge, context); } await next(); }); +}; // Helper function to parse form data async function parseFormData(context: Context): Promise<{