From a673ae1443f445a23f98088ac078727bec5084ca Mon Sep 17 00:00:00 2001
From: usbharu <64310155+usbharu@users.noreply.github.com>
Date: Wed, 29 Nov 2023 16:24:54 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20=E6=8A=95=E7=A8=BF=E3=81=AE=E3=82=B9?=
 =?UTF-8?q?=E3=82=B3=E3=83=BC=E3=83=97=E3=81=AE=E8=A8=AD=E5=AE=9A=E3=82=92?=
 =?UTF-8?q?=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../usbharu/hideout/application/config/SecurityConfig.kt   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
index 7d4b2d8e..b29a8e94 100644
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@@ -182,7 +182,8 @@ class SecurityConfig {
                 builder.pattern("/api/v1/instance/**"),
                 builder.pattern("/.well-known/**"),
                 builder.pattern("/error"),
-                builder.pattern("/nodeinfo/2.0")
+                builder.pattern("/nodeinfo/2.0"),
+                builder.pattern("/api/v1/accounts")
             ).permitAll()
             it.requestMatchers(
                 builder.pattern("/auth/**")
@@ -192,7 +193,9 @@ class SecurityConfig {
                 .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
             it.requestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/media"))
                 .hasAnyAuthority("SCOPE_write", "SCOPE_write:media")
-            it.anyRequest().permitAll()
+            it.requestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/statuses"))
+                .hasAnyAuthority("SCOPE_write", "SCOPE_write:statuses")
+            it.anyRequest().authenticated()
         }
         http.oauth2ResourceServer {
             it.jwt(Customizer.withDefaults())