[#468] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions.

2019-02-09 17:09:08 +03:00 · 2019-02-09 17:09:08 +03:00 · 4ad843fb9d
commit 4ad843fb9d
parent 99fd199bda
9 changed files with 159 additions and 49 deletions
--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@ -0,0 +1,29 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.OAuthScopesPlug do
+  import Plug.Conn
+  alias Pleroma.Web.OAuth
+
+  @behaviour Plug
+
+  def init(%{required_scopes: _} = options), do: options
+
+  def call(%Plug.Conn{assigns: assigns} = conn, %{required_scopes: required_scopes}) do
+    token = assigns[:token]
+    granted_scopes = token && OAuth.parse_scopes(token.scope)
+
+    if is_nil(token) || required_scopes -- granted_scopes == [] do
+      conn
+    else
+      missing_scopes = required_scopes -- granted_scopes
+      error_message = "Insufficient permissions: #{Enum.join(missing_scopes, ", ")}."
+
+      conn
+      |> put_resp_content_type("application/json")
+      |> send_resp(403, Jason.encode!(%{error: error_message}))
+      |> halt()
+    end
+  end
+end