Require follow and read OAuth scopes for GET /api/v1/apps

This commit is contained in:
Sean King 2021-08-28 11:13:25 -06:00
parent baa8196fc9
commit eab6291094
No known key found for this signature in database
GPG key ID: 510C52BACD6E7257
2 changed files with 3 additions and 25 deletions
lib/pleroma/web
api_spec/operations
mastodon_api/controllers

View file

@ -36,7 +36,7 @@ def create_operation do
operationId: "AppController.create",
requestBody: Helpers.request_body("Parameters", create_request(), required: true),
responses: %{
200 => Operation.response("App", "application/json", create_response()),
200 => create_response(),
422 =>
Operation.response(
"Unprocessable Entity",
@ -135,29 +135,7 @@ defp create_request do
end
defp create_response do
%Schema{
title: "AppCreateResponse",
description: "Response schema for an app",
type: :object,
properties: %{
id: %Schema{type: :string},
name: %Schema{type: :string},
client_id: %Schema{type: :string},
client_secret: %Schema{type: :string},
redirect_uri: %Schema{type: :string},
vapid_key: %Schema{type: :string},
website: %Schema{type: :string, nullable: true}
},
example: %{
"id" => "123",
"name" => "My App",
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
"vapid_key" =>
"BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=",
"website" => "https://myapp.com/"
}
}
Operation.response("App", "application/json", App)
end
defp array_of_apps do

View file

@ -20,7 +20,7 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
plug(:skip_auth when action in [:create, :verify_credentials])
plug(:skip_plug, OAuthScopesPlug when action in [:index])
plug(OAuthScopesPlug, %{scopes: ["follow", "read"]} when action in [:index])
plug(Pleroma.Web.ApiSpec.CastAndValidate)