forked from mirror/pixelfed
Add oauth protection to admin domain blocks API
This commit is contained in:
parent
feed580f51
commit
4afe72e62f
4 changed files with 37 additions and 0 deletions
|
@ -10,6 +10,12 @@ use App\Services\InstanceService;
|
|||
use App\Http\Resources\MastoApi\Admin\DomainBlockResource;
|
||||
|
||||
class DomainBlocksController extends ApiController {
|
||||
|
||||
public function __construct() {
|
||||
$this->middleware(['auth:api', 'api.admin', 'scope:admin:read,admin:read:domain_blocks'])->only(['index', 'show']);
|
||||
$this->middleware(['auth:api', 'api.admin', 'scope:admin:write,admin:write:domain_blocks'])->only(['create', 'update', 'delete']);
|
||||
}
|
||||
|
||||
public function index(Request $request) {
|
||||
$this->validate($request, [
|
||||
'limit' => 'sometimes|integer|max:100|min:1',
|
||||
|
|
|
@ -54,6 +54,7 @@ class Kernel extends HttpKernel
|
|||
* @var array
|
||||
*/
|
||||
protected $routeMiddleware = [
|
||||
'api.admin' => \App\Http\Middleware\Api\Admin::class,
|
||||
'admin' => \App\Http\Middleware\Admin::class,
|
||||
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
|
||||
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
|
||||
|
@ -68,6 +69,8 @@ class Kernel extends HttpKernel
|
|||
'twofactor' => \App\Http\Middleware\TwoFactorAuth::class,
|
||||
'validemail' => \App\Http\Middleware\EmailVerificationCheck::class,
|
||||
'interstitial' => \App\Http\Middleware\AccountInterstitial::class,
|
||||
'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
|
||||
'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
|
||||
// 'restricted' => \App\Http\Middleware\RestrictedAccess::class,
|
||||
];
|
||||
}
|
||||
|
|
26
app/Http/Middleware/Api/Admin.php
Normal file
26
app/Http/Middleware/Api/Admin.php
Normal file
|
@ -0,0 +1,26 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware\Api;
|
||||
|
||||
use Auth;
|
||||
use Closure;
|
||||
|
||||
class Admin
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (Auth::check() == false || Auth::user()->is_admin == false) {
|
||||
return abort(403, "You must be an administrator to do that");
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
|
@ -37,7 +37,9 @@ class AuthServiceProvider extends ServiceProvider
|
|||
'write' => 'Full write access to your account',
|
||||
'follow' => 'Ability to follow other profiles',
|
||||
'admin:read' => 'Read all data on the server',
|
||||
'admin:read:domain_blocks' => 'Read sensitive information of all domain blocks',
|
||||
'admin:write' => 'Modify all data on the server',
|
||||
'admin:write:domain_blocks' => 'Perform moderation actions on domain blocks',
|
||||
'push' => 'Receive your push notifications'
|
||||
]);
|
||||
|
||||
|
|
Loading…
Reference in a new issue