Merge pull request #11615 from minisbett/patch-1

Allow Lazer replay download via client credential grant
ppy · Nov 15, 2024 · b8f1ee6 · b8f1ee6
2 parents 9d8e380 + f62b0be
commit b8f1ee6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/app/Http/Controllers/ScoresController.php b/app/Http/Controllers/ScoresController.php
@@ -11,6 +11,7 @@
 use App\Models\Solo\Score as SoloScore;
 use App\Transformers\ScoreTransformer;
 use App\Transformers\UserCompactTransformer;
+use Illuminate\Auth\AuthenticationException;
 
 class ScoresController extends Controller
 {
@@ -22,6 +23,7 @@ public function __construct()
 
         $this->middleware('auth', ['except' => [
             'show',
+            'download',
         ]]);
 
         $this->middleware('require-scopes:public');
@@ -42,6 +44,11 @@ private static function parseIdOrFail(string $id): int
 
     public function download($rulesetOrSoloId, $id = null)
     {
+        $currentUser = \Auth::user();
+        if (!is_api_request() && $currentUser === null) {
+            throw new AuthenticationException('User is not logged in.');
+        }
+
         $shouldRedirect = !is_api_request() && !from_app_url();
         if ($id === null) {
             if ($shouldRedirect) {
@@ -68,9 +75,9 @@ public function download($rulesetOrSoloId, $id = null)
             abort(404);
         }
 
-        $currentUser = \Auth::user();
         if (
-            !$currentUser->isRestricted()
+            $currentUser !== null
+            && !$currentUser->isRestricted()
             && $currentUser->getKey() !== $score->user_id
             && ($currentUser->token()?->client->password_client ?? false)
         ) {

diff --git a/tests/api_routes.json b/tests/api_routes.json
@@ -986,7 +986,6 @@
             "App\\Http\\Middleware\\ThrottleRequests:1200,1,api:",
             "App\\Http\\Middleware\\RequireScopes",
             "App\\Http\\Middleware\\ThrottleRequests:10,1,api-scores-download:",
-            "Illuminate\\Auth\\Middleware\\Authenticate",
             "App\\Http\\Middleware\\RequireScopes:public"
         ],
         "scopes": [
@@ -1004,7 +1003,6 @@
             "App\\Http\\Middleware\\ThrottleRequests:1200,1,api:",
             "App\\Http\\Middleware\\RequireScopes",
             "App\\Http\\Middleware\\ThrottleRequests:10,1,api-scores-download:",
-            "Illuminate\\Auth\\Middleware\\Authenticate",
             "App\\Http\\Middleware\\RequireScopes:public"
         ],
         "scopes": [