From 8bd118ea670e4f331cd3223b4ef08a6b6c820509 Mon Sep 17 00:00:00 2001
From: sam <sam@sleepycat.moe>
Date: Wed, 22 May 2024 17:19:45 +0200
Subject: [PATCH] refactor(identity): change receiver of
 OauthUtils.ExpandScopes()

---
 .../Controllers/Oauth/PasswordAuthController.cs     |  4 ++--
 .../Controllers/Oauth/TokenController.cs            |  6 +++---
 .../Middleware/ClientAuthorizationMiddleware.cs     |  4 ++--
 Foxchat.Identity/Utils/OauthUtils.cs                | 13 ++++++-------
 4 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs b/Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs
index a4f5080..06a6a6e 100644
--- a/Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs
+++ b/Foxchat.Identity/Controllers/Oauth/PasswordAuthController.cs
@@ -25,7 +25,7 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
         var appToken =
             HttpContext.GetToken() ??
             throw new UnreachableException(); // GetApplicationOrThrow already gets the token and throws if it's null
-        var appScopes = appToken.ExpandScopes();
+        var appScopes = appToken.Scopes.ExpandScopes();
 
         if (req.Scopes.Except(appScopes).Any())
             throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",
@@ -54,7 +54,7 @@ public class PasswordAuthController(ILogger logger, IdentityContext db, IClock c
     {
         var app = HttpContext.GetApplicationOrThrow();
         var appToken = HttpContext.GetToken() ?? throw new UnreachableException();
-        var appScopes = appToken.ExpandScopes();
+        var appScopes = appToken.Scopes.ExpandScopes();
 
         if (req.Scopes.Except(appScopes).Any())
             throw new ApiError.Forbidden("Cannot request token scopes that are not allowed for this token",
diff --git a/Foxchat.Identity/Controllers/Oauth/TokenController.cs b/Foxchat.Identity/Controllers/Oauth/TokenController.cs
index ed7dfc8..20c5924 100644
--- a/Foxchat.Identity/Controllers/Oauth/TokenController.cs
+++ b/Foxchat.Identity/Controllers/Oauth/TokenController.cs
@@ -15,7 +15,7 @@ public class TokenController(ILogger logger, IdentityContext db, IClock clock) :
     public async Task<IActionResult> PostToken([FromBody] PostTokenRequest req)
     {
         var app = await db.GetApplicationAsync(req.ClientId, req.ClientSecret);
-        var appScopes = app.ExpandScopes();
+        var appScopes = app.Scopes.ExpandScopes();
 
         var scopes = req.Scope.Split(' ');
         if (scopes.Except(appScopes).Any())
@@ -25,9 +25,9 @@ public class TokenController(ILogger logger, IdentityContext db, IClock clock) :
 
         switch (req.GrantType)
         {
-            case "client_credentials":
+            case OauthUtils.ClientCredentials:
                 return await HandleClientCredentialsAsync(app, scopes);
-            case "authorization_code":
+            case OauthUtils.AuthorizationCode:
                 // TODO
                 break;
             default:
diff --git a/Foxchat.Identity/Middleware/ClientAuthorizationMiddleware.cs b/Foxchat.Identity/Middleware/ClientAuthorizationMiddleware.cs
index 701fb05..2e6499d 100644
--- a/Foxchat.Identity/Middleware/ClientAuthorizationMiddleware.cs
+++ b/Foxchat.Identity/Middleware/ClientAuthorizationMiddleware.cs
@@ -24,8 +24,8 @@ public class ClientAuthorizationMiddleware(
         var token = ctx.GetToken();
         if (token == null || token.Expires < clock.GetCurrentInstant())
             throw new ApiError.Unauthorized("This endpoint requires an authenticated user.");
-        if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.ExpandScopes()).Any())
-            throw new ApiError.Forbidden("This endpoint requires ungranted scopes.", attribute.Scopes.Except(token.ExpandScopes()));
+        if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.Scopes.ExpandScopes()).Any())
+            throw new ApiError.Forbidden("This endpoint requires ungranted scopes.", attribute.Scopes.Except(token.Scopes.ExpandScopes()));
 
         await next(ctx);
     }
diff --git a/Foxchat.Identity/Utils/OauthUtils.cs b/Foxchat.Identity/Utils/OauthUtils.cs
index bf698a2..d6d5b2c 100644
--- a/Foxchat.Identity/Utils/OauthUtils.cs
+++ b/Foxchat.Identity/Utils/OauthUtils.cs
@@ -6,7 +6,10 @@ namespace Foxchat.Identity.Utils;
 
 public static class OauthUtils
 {
-    public static readonly string[] Scopes = ["identify", "chat_client"];
+    public const string ClientCredentials = "client_credentials";
+    public const string AuthorizationCode = "authorization_code";
+
+    public static readonly string[] Scopes = ["identify", "email", "guilds", "chat_client"];
 
     private static readonly string[] ForbiddenSchemes = ["javascript", "file", "data", "mailto", "tel"];
     private const string OobUri = "urn:ietf:wg:oauth:2.0:oob";
@@ -25,11 +28,7 @@ public static class OauthUtils
         }
     }
 
-    public static string[] ExpandScopes(this Token token) => token.Scopes.Contains("chat_client")
+    public static string[] ExpandScopes(this string[] scopes) => scopes.Contains("chat_client")
         ? Scopes
-        : token.Scopes;
-
-    public static string[] ExpandScopes(this Application app) => app.Scopes.Contains("chat_client")
-        ? Scopes
-        : app.Scopes;
+        : scopes;
 }
\ No newline at end of file