mirror of https://github.com/usbharu/Hideout.git
Merge pull request #153 from usbharu/feature/oauth-scopes
feat: OAuth2のスコープの処理方法を変更
This commit is contained in:
commit
57059f7e02
|
@ -182,7 +182,7 @@ class SecurityConfig {
|
||||||
).anonymous()
|
).anonymous()
|
||||||
it.requestMatchers(builder.pattern("/change-password")).authenticated()
|
it.requestMatchers(builder.pattern("/change-password")).authenticated()
|
||||||
it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
|
it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
|
||||||
.hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
|
.hasAnyAuthority("SCOPE_read:accounts")
|
||||||
it.anyRequest().permitAll()
|
it.anyRequest().permitAll()
|
||||||
}
|
}
|
||||||
http.oauth2ResourceServer {
|
http.oauth2ResourceServer {
|
||||||
|
|
|
@ -28,6 +28,7 @@ class AppApiServiceImpl(
|
||||||
private val passwordEncoder: PasswordEncoder,
|
private val passwordEncoder: PasswordEncoder,
|
||||||
private val transaction: Transaction
|
private val transaction: Transaction
|
||||||
) : AppApiService {
|
) : AppApiService {
|
||||||
|
|
||||||
override suspend fun createApp(appsRequest: AppsRequest): Application {
|
override suspend fun createApp(appsRequest: AppsRequest): Application {
|
||||||
return transaction.transaction {
|
return transaction.transaction {
|
||||||
val id = UUID.randomUUID().toString()
|
val id = UUID.randomUUID().toString()
|
||||||
|
@ -65,5 +66,84 @@ class AppApiServiceImpl(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun parseScope(string: String): Set<String> = string.split(" ").toSet()
|
private fun parseScope(string: String): Set<String> {
|
||||||
|
return string.split(" ")
|
||||||
|
.flatMap {
|
||||||
|
when (it) {
|
||||||
|
"read" -> READ_SCOPES
|
||||||
|
"write" -> WRITE_SCOPES
|
||||||
|
"follow" -> FOLLOW_SCOPES
|
||||||
|
"admin" -> ADMIN_SCOPES
|
||||||
|
"admin:write" -> ADMIN_WRITE_SCOPES
|
||||||
|
"admin:read" -> ADMIN_READ_SCOPES
|
||||||
|
else -> listOfNotNull(it.takeIf { ALL_SCOPES.contains(it) })
|
||||||
|
}
|
||||||
|
}
|
||||||
|
.toSet()
|
||||||
|
}
|
||||||
|
|
||||||
|
companion object {
|
||||||
|
private val READ_SCOPES = listOf(
|
||||||
|
"read:accounts",
|
||||||
|
"read:blocks",
|
||||||
|
"read:bookmarks",
|
||||||
|
"read:favourites",
|
||||||
|
"read:filters",
|
||||||
|
"read:follows",
|
||||||
|
"read:lists",
|
||||||
|
"read:mutes",
|
||||||
|
"read:notifications",
|
||||||
|
"read:search",
|
||||||
|
"read:statuses"
|
||||||
|
)
|
||||||
|
|
||||||
|
private val WRITE_SCOPES = listOf(
|
||||||
|
"write:accounts",
|
||||||
|
"write:blocks",
|
||||||
|
"write:bookmarks",
|
||||||
|
"write:conversations",
|
||||||
|
"write:favourites",
|
||||||
|
"write:filters",
|
||||||
|
"write:follows",
|
||||||
|
"write:lists",
|
||||||
|
"write:media",
|
||||||
|
"write:mutes",
|
||||||
|
"write:notifications",
|
||||||
|
"write:reports",
|
||||||
|
"write:statuses"
|
||||||
|
)
|
||||||
|
|
||||||
|
private val FOLLOW_SCOPES = listOf(
|
||||||
|
"read:blocks",
|
||||||
|
"write:blocks",
|
||||||
|
"read:follows",
|
||||||
|
"write:follows",
|
||||||
|
"read:mutes",
|
||||||
|
"write:mutes"
|
||||||
|
)
|
||||||
|
|
||||||
|
private val ADMIN_READ_SCOPES = listOf(
|
||||||
|
"admin:read:accounts",
|
||||||
|
"admin:read:reports",
|
||||||
|
"admin:read:domain_allows",
|
||||||
|
"admin:read:domain_blocks",
|
||||||
|
"admin:read:ip_blocks",
|
||||||
|
"admin:read:email_domain_blocks",
|
||||||
|
"admin:read:canonical_email_blocks"
|
||||||
|
)
|
||||||
|
|
||||||
|
private val ADMIN_WRITE_SCOPES = listOf(
|
||||||
|
"admin:write:accounts",
|
||||||
|
"admin:write:reports",
|
||||||
|
"admin:write:domain_allows",
|
||||||
|
"admin:write:domain_blocks",
|
||||||
|
"admin:write:ip_blocks",
|
||||||
|
"admin:write:email_domain_blocks",
|
||||||
|
"admin:write:canonical_email_blocks"
|
||||||
|
)
|
||||||
|
|
||||||
|
private val ADMIN_SCOPES = ADMIN_READ_SCOPES + ADMIN_WRITE_SCOPES
|
||||||
|
|
||||||
|
private val ALL_SCOPES = READ_SCOPES + WRITE_SCOPES + FOLLOW_SCOPES + ADMIN_SCOPES
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue