Add API scope "loved" that can only be requested by a designated client

ppy · Dec 3, 2022 · c81c7d9 · c81c7d9
1 parent 29ff9ab
commit c81c7d9
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/app/Models/OAuth/Token.php b/app/Models/OAuth/Token.php
@@ -23,7 +23,7 @@ class Token extends PassportToken
     public function can($scope)
     {
         static $scopesRequiredExplicitly;
-        $scopesRequiredExplicitly ??= new Set(['delegate']);
+        $scopesRequiredExplicitly ??= new Set(['delegate', 'loved']);
 
         // Skip checking "*" for scopes that require an explicit request
         if ($scopesRequiredExplicitly->contains($scope)) {
@@ -135,6 +135,10 @@ public function validate()
                     throw new InvalidScopeException('delegation is not supported for this combination of scopes.');
                 }
             }
+
+            if ($scopes->contains('loved') && $this->client_id !== config('osu.loved.oauth_client_id')) {
+                throw new InvalidScopeException('The "loved" scope is available only to the Loved client.');
+            }
         } else {
             // delegation is only available for client_credentials.
             if ($scopes->contains('delegate')) {
@@ -146,6 +150,10 @@ public function validate()
             if ($scopes->contains('chat.write') && !($this->isOwnToken() || $this->client->user->isBot())) {
                 throw new InvalidScopeException('This scope is only available for chat bots or your own clients.');
             }
+
+            if ($scopes->contains('loved')) {
+                throw new InvalidScopeException('The "loved" scope is available only to tokens using client credentials.');
+            }
         }
 
         return true;

diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -61,6 +61,7 @@ public function boot()
             'chat.write' => osu_trans('api.scopes.chat.write'),
             'friends.read' => osu_trans('api.scopes.friends.read'),
             'identify' => osu_trans('api.scopes.identify'),
+            'loved' => '',
             'public' => osu_trans('api.scopes.public'),
         ]);
     }

diff --git a/config/osu.php b/config/osu.php
@@ -131,6 +131,9 @@
         'bancho_bot_user_id' => get_int(env('BANCHO_BOT_USER_ID')) ?? 3,
         'shared_interop_secret' => env('SHARED_INTEROP_SECRET', ''),
     ],
+    'loved' => [
+        'oauth_client_id' => get_int(env('LOVED_OAUTH_CLIENT_ID')),
+    ],
     'multiplayer' => [
         'max_attempts_limit' => get_int(env('MULTIPLAYER_MAX_ATTEMPTS_LIMIT')) ?? 128,
     ],

diff --git a/resources/views/vendor/scribe/authentication.blade.php b/resources/views/vendor/scribe/authentication.blade.php
@@ -371,6 +371,7 @@
     'forum.write' => "Allows creating and editing forum posts on a user's behalf.",
     'friends.read' => 'Allows reading of the user\'s friend list.',
     'identify' => 'Allows reading of the public profile of the user (`/me`).',
+    'loved' => 'Allows managing Project Loved polls.',
     'public' => 'Allows reading of publicly available data on behalf of the user.',
 ];
 @endphp