1
0
Fork 0
forked from mirror/pixelfed

Add oauth protection to admin domain blocks API

This commit is contained in:
Emelia Smith 2024-03-30 00:16:06 +01:00
parent feed580f51
commit 4afe72e62f
No known key found for this signature in database
4 changed files with 37 additions and 0 deletions

View file

@ -10,6 +10,12 @@ use App\Services\InstanceService;
use App\Http\Resources\MastoApi\Admin\DomainBlockResource;
class DomainBlocksController extends ApiController {
public function __construct() {
$this->middleware(['auth:api', 'api.admin', 'scope:admin:read,admin:read:domain_blocks'])->only(['index', 'show']);
$this->middleware(['auth:api', 'api.admin', 'scope:admin:write,admin:write:domain_blocks'])->only(['create', 'update', 'delete']);
}
public function index(Request $request) {
$this->validate($request, [
'limit' => 'sometimes|integer|max:100|min:1',

View file

@ -54,6 +54,7 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
'api.admin' => \App\Http\Middleware\Api\Admin::class,
'admin' => \App\Http\Middleware\Admin::class,
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
@ -68,6 +69,8 @@ class Kernel extends HttpKernel
'twofactor' => \App\Http\Middleware\TwoFactorAuth::class,
'validemail' => \App\Http\Middleware\EmailVerificationCheck::class,
'interstitial' => \App\Http\Middleware\AccountInterstitial::class,
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
// 'restricted' => \App\Http\Middleware\RestrictedAccess::class,
];
}

View file

@ -0,0 +1,26 @@
<?php
namespace App\Http\Middleware\Api;
use Auth;
use Closure;
class Admin
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if (Auth::check() == false || Auth::user()->is_admin == false) {
return abort(403, "You must be an administrator to do that");
}
return $next($request);
}
}

View file

@ -37,7 +37,9 @@ class AuthServiceProvider extends ServiceProvider
'write' => 'Full write access to your account',
'follow' => 'Ability to follow other profiles',
'admin:read' => 'Read all data on the server',
'admin:read:domain_blocks' => 'Read sensitive information of all domain blocks',
'admin:write' => 'Modify all data on the server',
'admin:write:domain_blocks' => 'Perform moderation actions on domain blocks',
'push' => 'Receive your push notifications'
]);