sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

fix: return correct error in GET /users/@me

Browse source
This commit is contained in:
sam 2024-09-05 21:10:45 +02:00
parent 6c9d1c328b
commit 22d09ad7a6
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
5 changed files with 37 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Foxnouns.Backend/Middleware/AuthorizationMiddleware.cs
View file

@ -18,10 +18,10 @@ public class AuthorizationMiddleware : IMiddleware
var token = ctx.GetToken();
if (token == null)
throw new ApiError.Unauthorized("This endpoint requires an authenticated user.");
throw new ApiError.Unauthorized("This endpoint requires an authenticated user.", ErrorCode.AuthenticationRequired);
if (attribute.Scopes.Length > 0 && attribute.Scopes.Except(token.Scopes.ExpandScopes()).Any())
throw new ApiError.Forbidden("This endpoint requires ungranted scopes.",
attribute.Scopes.Except(token.Scopes.ExpandScopes()));
attribute.Scopes.Except(token.Scopes.ExpandScopes()), ErrorCode.MissingScopes);
if (attribute.RequireAdmin && token.User.Role != UserRole.Admin)
throw new ApiError.Forbidden("This endpoint can only be used by admins.");
if (attribute.RequireModerator && token.User.Role != UserRole.Admin && token.User.Role != UserRole.Moderator)