Small thirdparty auth fixes

hikka-io · Aug 11, 2024 · e84a350 · e84a350
1 parent 4520539
commit e84a350
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 17 deletions.
diff --git a/app/auth/dependencies.py b/app/auth/dependencies.py
@@ -215,7 +215,7 @@ async def validate_client(
 
 def validate_scope(request: TokenRequestArgs) -> list[str]:
     for scope in request.scope:
-        if scope not in constants.ALL_SCOPES:
+        if scope not in constants.ALL_SCOPES + list(constants.SCOPE_GROUPS):
             raise Abort("auth", "invalid-scope")
 
     if len(request.scope) == 0:

diff --git a/app/client/dependencies.py b/app/client/dependencies.py
@@ -23,7 +23,7 @@ async def validate_client_create(
         await service.count_user_clients(
             session, user, 0, constants.MAX_USER_CLIENTS
         )
-    ) == constants.MAX_USER_CLIENTS:
+    ) >= constants.MAX_USER_CLIENTS:
         raise Abort("client", "max-clients")
 
     return create

diff --git a/app/constants.py b/app/constants.py
@@ -99,7 +99,7 @@
 
 SEARCH_RESULT_SIZE = 15
 
-MAX_USER_CLIENTS = 15
+MAX_USER_CLIENTS = 10
 
 # Meilisearch index names
 SEARCH_INDEX_CHARACTERS = "content_characters"
@@ -303,10 +303,7 @@
         SCOPE_FOLLOW,
         SCOPE_UNFOLLOW,
     ],
-    SCOPE_NOTIFICATION: [
-        SCOPE_READ_NOTIFICATION,
-        SCOPE_SEEN_NOTIFICATION
-    ],
+    SCOPE_NOTIFICATION: [SCOPE_READ_NOTIFICATION, SCOPE_SEEN_NOTIFICATION],
     SCOPE_VOTE: [
         SCOPE_READ_VOTE,
         SCOPE_SET_VOTE,

diff --git a/app/dependencies.py b/app/dependencies.py
@@ -149,7 +149,7 @@ async def auth(
             raise Abort("permission", "denied")
 
         if not utils.check_token_scope(token, scope):
-            raise Abort("scope", "denied")
+            raise Abort("permission", "denied")
 
         if token.user.role == constants.ROLE_DELETED:
             raise Abort("user", "deleted")

diff --git a/app/errors.py b/app/errors.py
@@ -37,7 +37,7 @@ class ErrorResponse(CustomModel):
         "user-not-found": ["User not found", 404],
         "invalid-scope": ["Invalid scope", 400],
         "email-set": ["Email already set", 400],
-        "not-available": ["Signup not available ", 400],
+        "not-available": ["Signup not available", 400],
         "invalid-username": ["Invalid username", 400],
         "scope-empty": ["Scope empty", 400],
     },
@@ -82,7 +82,7 @@ class ErrorResponse(CustomModel):
         "empty-edit": ["Empty edit", 400],
     },
     "comment": {
-        "rate-limit": ["You have reached comment rate limit, try later", 400],
+        "rate-limit": ["You have reached comment rate limit, try later", 429],
         "not-editable": ["This comment can't be edited anymore", 400],
         "parent-not-found": ["Parent comment not found", 404],
         "already-hidden": ["Comment is already hidden", 400],
@@ -142,7 +142,7 @@ class ErrorResponse(CustomModel):
         "not-found": ["Person not found", 404],
     },
     "upload": {
-        "rate-limit": ["You have reached upload rate limit, try later", 400],
+        "rate-limit": ["You have reached upload rate limit, try later", 429],
         "not-square": ["Image should be square", 400],
         "bad-resolution": ["Bad resolution", 400],
         "bad-mime": ["Don't be bad mime", 400],
@@ -195,7 +195,7 @@ class ErrorResponse(CustomModel):
         "not-owner": ["User not owner of the client", 400],
         "max-clients": ["Maximum clients reached", 400],
         "not-found": ["Client not found", 404],
-    }
+    },
 }
 
 

diff --git a/app/utils.py b/app/utils.py
@@ -63,12 +63,13 @@ def check_user_permissions(user: User, permissions: list):
 
     return has_permission
 
+
 def check_token_scope(token: AuthToken, scope: list[str]) -> bool:
     token_scope = set(resolve_scope_groups(token.scope))
 
     scope = set(scope)
 
-    if not token.scope:
+    if not token.scope and not token.client:
         return True
 
     return token_scope.issuperset(scope)
@@ -85,9 +86,7 @@ def resolve_scope_groups(scopes: list[str]) -> list[str]:
             # we need resolve them too
             group = resolve_scope_groups(group)
 
-            plain_scopes.extend(
-                group
-            )
+            plain_scopes.extend(group)
         else:
             plain_scopes.append(scope)
 

diff --git a/sync.py b/sync.py
@@ -22,7 +22,7 @@ def init_scheduler():
     settings = get_settings()
     sessionmanager.init(settings.database.endpoint)
 
-    scheduler.add_job(delete_expired_token_requests, "interval", seconds=5)
+    scheduler.add_job(delete_expired_token_requests, "interval", seconds=30)
     scheduler.add_job(update_notifications, "interval", seconds=10)
     scheduler.add_job(update_ranking_all, "interval", hours=1)
     scheduler.add_job(update_activity, "interval", seconds=10)