Merge pull request #153 from usbharu/feature/oauth-scopes

feat: OAuth2のスコープの処理方法を変更
This commit is contained in:
usbharu 2023-11-18 00:31:59 +09:00 committed by GitHub
commit 57059f7e02
2 changed files with 82 additions and 2 deletions

View File

@ -182,7 +182,7 @@ class SecurityConfig {
).anonymous() ).anonymous()
it.requestMatchers(builder.pattern("/change-password")).authenticated() it.requestMatchers(builder.pattern("/change-password")).authenticated()
it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials")) it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
.hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") .hasAnyAuthority("SCOPE_read:accounts")
it.anyRequest().permitAll() it.anyRequest().permitAll()
} }
http.oauth2ResourceServer { http.oauth2ResourceServer {

View File

@ -28,6 +28,7 @@ class AppApiServiceImpl(
private val passwordEncoder: PasswordEncoder, private val passwordEncoder: PasswordEncoder,
private val transaction: Transaction private val transaction: Transaction
) : AppApiService { ) : AppApiService {
override suspend fun createApp(appsRequest: AppsRequest): Application { override suspend fun createApp(appsRequest: AppsRequest): Application {
return transaction.transaction { return transaction.transaction {
val id = UUID.randomUUID().toString() val id = UUID.randomUUID().toString()
@ -65,5 +66,84 @@ class AppApiServiceImpl(
} }
} }
private fun parseScope(string: String): Set<String> = string.split(" ").toSet() private fun parseScope(string: String): Set<String> {
return string.split(" ")
.flatMap {
when (it) {
"read" -> READ_SCOPES
"write" -> WRITE_SCOPES
"follow" -> FOLLOW_SCOPES
"admin" -> ADMIN_SCOPES
"admin:write" -> ADMIN_WRITE_SCOPES
"admin:read" -> ADMIN_READ_SCOPES
else -> listOfNotNull(it.takeIf { ALL_SCOPES.contains(it) })
}
}
.toSet()
}
companion object {
private val READ_SCOPES = listOf(
"read:accounts",
"read:blocks",
"read:bookmarks",
"read:favourites",
"read:filters",
"read:follows",
"read:lists",
"read:mutes",
"read:notifications",
"read:search",
"read:statuses"
)
private val WRITE_SCOPES = listOf(
"write:accounts",
"write:blocks",
"write:bookmarks",
"write:conversations",
"write:favourites",
"write:filters",
"write:follows",
"write:lists",
"write:media",
"write:mutes",
"write:notifications",
"write:reports",
"write:statuses"
)
private val FOLLOW_SCOPES = listOf(
"read:blocks",
"write:blocks",
"read:follows",
"write:follows",
"read:mutes",
"write:mutes"
)
private val ADMIN_READ_SCOPES = listOf(
"admin:read:accounts",
"admin:read:reports",
"admin:read:domain_allows",
"admin:read:domain_blocks",
"admin:read:ip_blocks",
"admin:read:email_domain_blocks",
"admin:read:canonical_email_blocks"
)
private val ADMIN_WRITE_SCOPES = listOf(
"admin:write:accounts",
"admin:write:reports",
"admin:write:domain_allows",
"admin:write:domain_blocks",
"admin:write:ip_blocks",
"admin:write:email_domain_blocks",
"admin:write:canonical_email_blocks"
)
private val ADMIN_SCOPES = ADMIN_READ_SCOPES + ADMIN_WRITE_SCOPES
private val ALL_SCOPES = READ_SCOPES + WRITE_SCOPES + FOLLOW_SCOPES + ADMIN_SCOPES
}
} }