Make get_user_from_headers and check_is_moderator_from_headers take in a bitflag of Scopes rather than a slice of Scopes (#3765)

2025-06-09 14:29:32 -05:00
parent 06f1df1995
commit 3afb682fc6
28 changed files with 161 additions and 157 deletions
--- a/apps/labrinth/src/auth/oauth/mod.rs
+++ b/apps/labrinth/src/auth/oauth/mod.rs
@@ -68,7 +68,7 @@ pub async fn init_oauth(
        &**pool,
        &redis,
        &session_queue,
-        Some(&[Scopes::USER_AUTH_WRITE]),
+        Scopes::USER_AUTH_WRITE,
    )
    .await?
    .1;
@@ -323,7 +323,7 @@ pub async fn accept_or_reject_client_scopes(
        &**pool,
        &redis,
        &session_queue,
-        Some(&[Scopes::SESSION_ACCESS]),
+        Scopes::SESSION_ACCESS,
    )
    .await?
    .1;
--- a/apps/labrinth/src/auth/validate.rs
+++ b/apps/labrinth/src/auth/validate.rs
@@ -15,7 +15,7 @@ pub async fn get_user_from_headers<'a, E>(
    executor: E,
    redis: &RedisPool,
    session_queue: &AuthQueue,
-    required_scopes: Option<&[Scopes]>,
+    required_scopes: Scopes,
 ) -> Result<(Scopes, User), AuthenticationError>
 where
    E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,
@@ -33,12 +33,8 @@ where

    let user = User::from_full(db_user);

-    if let Some(required_scopes) = required_scopes {
-        for scope in required_scopes {
-            if !scopes.contains(*scope) {
-                return Err(AuthenticationError::InvalidCredentials);
-            }
-        }
+    if !scopes.contains(required_scopes) {
+        return Err(AuthenticationError::InvalidCredentials);
    }

    Ok((scopes, user))
@@ -175,7 +171,7 @@ pub async fn check_is_moderator_from_headers<'a, 'b, E>(
    executor: E,
    redis: &RedisPool,
    session_queue: &AuthQueue,
-    required_scopes: Option<&[Scopes]>,
+    required_scopes: Scopes,
 ) -> Result<User, AuthenticationError>
 where
    E: sqlx::Executor<'a, Database = sqlx::Postgres> + Copy,