diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt index a5762bb1..3dd57dd5 100644 --- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt @@ -182,7 +182,7 @@ class SecurityConfig { ).anonymous() it.requestMatchers(builder.pattern("/change-password")).authenticated() it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials")) - .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") + .hasAnyAuthority("SCOPE_read:accounts") it.anyRequest().permitAll() } http.oauth2ResourceServer { diff --git a/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt b/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt index 6d7d463e..58423b68 100644 --- a/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt +++ b/src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt @@ -28,6 +28,7 @@ class AppApiServiceImpl( private val passwordEncoder: PasswordEncoder, private val transaction: Transaction ) : AppApiService { + override suspend fun createApp(appsRequest: AppsRequest): Application { return transaction.transaction { val id = UUID.randomUUID().toString() @@ -65,5 +66,84 @@ class AppApiServiceImpl( } } - private fun parseScope(string: String): Set = string.split(" ").toSet() + private fun parseScope(string: String): Set { + return string.split(" ") + .flatMap { + when (it) { + "read" -> READ_SCOPES + "write" -> WRITE_SCOPES + "follow" -> FOLLOW_SCOPES + "admin" -> ADMIN_SCOPES + "admin:write" -> ADMIN_WRITE_SCOPES + "admin:read" -> ADMIN_READ_SCOPES + else -> listOfNotNull(it.takeIf { ALL_SCOPES.contains(it) }) + } + } + .toSet() + } + + companion object { + private val READ_SCOPES = listOf( + "read:accounts", + "read:blocks", + "read:bookmarks", + "read:favourites", + "read:filters", + "read:follows", + "read:lists", + "read:mutes", + "read:notifications", + "read:search", + "read:statuses" + ) + + private val WRITE_SCOPES = listOf( + "write:accounts", + "write:blocks", + "write:bookmarks", + "write:conversations", + "write:favourites", + "write:filters", + "write:follows", + "write:lists", + "write:media", + "write:mutes", + "write:notifications", + "write:reports", + "write:statuses" + ) + + private val FOLLOW_SCOPES = listOf( + "read:blocks", + "write:blocks", + "read:follows", + "write:follows", + "read:mutes", + "write:mutes" + ) + + private val ADMIN_READ_SCOPES = listOf( + "admin:read:accounts", + "admin:read:reports", + "admin:read:domain_allows", + "admin:read:domain_blocks", + "admin:read:ip_blocks", + "admin:read:email_domain_blocks", + "admin:read:canonical_email_blocks" + ) + + private val ADMIN_WRITE_SCOPES = listOf( + "admin:write:accounts", + "admin:write:reports", + "admin:write:domain_allows", + "admin:write:domain_blocks", + "admin:write:ip_blocks", + "admin:write:email_domain_blocks", + "admin:write:canonical_email_blocks" + ) + + private val ADMIN_SCOPES = ADMIN_READ_SCOPES + ADMIN_WRITE_SCOPES + + private val ALL_SCOPES = READ_SCOPES + WRITE_SCOPES + FOLLOW_SCOPES + ADMIN_SCOPES + } }