From c81c7d981f0a65f4bbf3fa95c80905b0b7f2cd34 Mon Sep 17 00:00:00 2001 From: clayton Date: Fri, 2 Dec 2022 21:04:15 -0800 Subject: [PATCH] Add API scope "loved" that can only be requested by a designated client --- app/Models/OAuth/Token.php | 10 +++++++++- app/Providers/AuthServiceProvider.php | 1 + config/osu.php | 3 +++ resources/views/vendor/scribe/authentication.blade.php | 1 + 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/app/Models/OAuth/Token.php b/app/Models/OAuth/Token.php index ffb521bd6ca..83469488f58 100644 --- a/app/Models/OAuth/Token.php +++ b/app/Models/OAuth/Token.php @@ -23,7 +23,7 @@ class Token extends PassportToken public function can($scope) { static $scopesRequiredExplicitly; - $scopesRequiredExplicitly ??= new Set(['delegate']); + $scopesRequiredExplicitly ??= new Set(['delegate', 'loved']); // Skip checking "*" for scopes that require an explicit request if ($scopesRequiredExplicitly->contains($scope)) { @@ -135,6 +135,10 @@ public function validate() throw new InvalidScopeException('delegation is not supported for this combination of scopes.'); } } + + if ($scopes->contains('loved') && $this->client_id !== config('osu.loved.oauth_client_id')) { + throw new InvalidScopeException('The "loved" scope is available only to the Loved client.'); + } } else { // delegation is only available for client_credentials. if ($scopes->contains('delegate')) { @@ -146,6 +150,10 @@ public function validate() if ($scopes->contains('chat.write') && !($this->isOwnToken() || $this->client->user->isBot())) { throw new InvalidScopeException('This scope is only available for chat bots or your own clients.'); } + + if ($scopes->contains('loved')) { + throw new InvalidScopeException('The "loved" scope is available only to tokens using client credentials.'); + } } return true; diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index e1964990bf4..888a7c0ec93 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -61,6 +61,7 @@ public function boot() 'chat.write' => osu_trans('api.scopes.chat.write'), 'friends.read' => osu_trans('api.scopes.friends.read'), 'identify' => osu_trans('api.scopes.identify'), + 'loved' => '', 'public' => osu_trans('api.scopes.public'), ]); } diff --git a/config/osu.php b/config/osu.php index 98d5d071c75..dc9b79e6cf4 100644 --- a/config/osu.php +++ b/config/osu.php @@ -131,6 +131,9 @@ 'bancho_bot_user_id' => get_int(env('BANCHO_BOT_USER_ID')) ?? 3, 'shared_interop_secret' => env('SHARED_INTEROP_SECRET', ''), ], + 'loved' => [ + 'oauth_client_id' => get_int(env('LOVED_OAUTH_CLIENT_ID')), + ], 'multiplayer' => [ 'max_attempts_limit' => get_int(env('MULTIPLAYER_MAX_ATTEMPTS_LIMIT')) ?? 128, ], diff --git a/resources/views/vendor/scribe/authentication.blade.php b/resources/views/vendor/scribe/authentication.blade.php index 268291d41ed..4473cb6fbac 100644 --- a/resources/views/vendor/scribe/authentication.blade.php +++ b/resources/views/vendor/scribe/authentication.blade.php @@ -371,6 +371,7 @@ 'forum.write' => "Allows creating and editing forum posts on a user's behalf.", 'friends.read' => 'Allows reading of the user\'s friend list.', 'identify' => 'Allows reading of the public profile of the user (`/me`).', + 'loved' => 'Allows managing Project Loved polls.', 'public' => 'Allows reading of publicly available data on behalf of the user.', ]; @endphp