[WIP] feat: scoped api keys

2026-02-05 13:27:54 +00:00 · 2025-08-17 02:47:01 -07:00 · 2025-08-17 02:47:01 -07:00 · 06cb160f95
commit 06cb160f95
parent e7ee593a85
45 changed files with 1264 additions and 154 deletions
--- a/PluralKit.API/Controllers/v2/GroupControllerV2.cs
+++ b/PluralKit.API/Controllers/v2/GroupControllerV2.cs
@ -21,7 +21,7 @@ public class GroupControllerV2: PKControllerBase

        var ctx = ContextFor(system);

-        if (!system.GroupListPrivacy.CanAccess(ContextFor(system)))
+        if (!IsAuthenticatedAs(system.Id) && !system.GroupListPrivacy.CanAccess(ContextFor(system)))
            throw Errors.UnauthorizedGroupList;

        var groups = _repo.GetSystemGroups(system.Id);
--- a/PluralKit.API/Controllers/v2/GroupMemberControllerV2.cs
+++ b/PluralKit.API/Controllers/v2/GroupMemberControllerV2.cs
@ -19,10 +19,9 @@ public class GroupMemberControllerV2: PKControllerBase
        if (group == null)
            throw Errors.GroupNotFound;

-
        var ctx = ContextFor(group);

-        if (!group.ListPrivacy.CanAccess(ctx))
+        if (!IsAuthenticatedAs(group.System) && !group.ListPrivacy.CanAccess(ctx))
            throw Errors.UnauthorizedGroupMemberList;

        var system = await _repo.GetSystem(group.System);
@ -154,7 +153,7 @@ public class GroupMemberControllerV2: PKControllerBase
        var ctx = ContextFor(member);

        var system = await _repo.GetSystem(member.System);
-        if (!system.GroupListPrivacy.CanAccess(ctx))
+        if (!IsAuthenticatedAs(member.System) && !system.GroupListPrivacy.CanAccess(ctx))
            throw Errors.UnauthorizedGroupList;

        var groups = _repo.GetMemberGroups(member.Id).Where(g => g.Visibility.CanAccess(ctx));
--- a/PluralKit.API/Controllers/v2/MemberControllerV2.cs
+++ b/PluralKit.API/Controllers/v2/MemberControllerV2.cs
@ -26,7 +26,7 @@ public class MemberControllerV2: PKControllerBase

        var ctx = ContextFor(system);

-        if (!system.MemberListPrivacy.CanAccess(ContextFor(system)))
+        if (!IsAuthenticatedAs(system.Id) && !system.MemberListPrivacy.CanAccess(ContextFor(system)))
            throw Errors.UnauthorizedMemberList;

        var members = _repo.GetSystemMembers(system.Id);
--- a/PluralKit.API/Controllers/v2/SwitchControllerV2.cs
+++ b/PluralKit.API/Controllers/v2/SwitchControllerV2.cs
@ -28,7 +28,7 @@ public class SwitchControllerV2: PKControllerBase

        var ctx = ContextFor(system);

-        if (!system.FrontHistoryPrivacy.CanAccess(ctx))
+        if (!IsAuthenticatedAs(system.Id) && !system.FrontHistoryPrivacy.CanAccess(ctx))
            throw Errors.UnauthorizedFrontHistory;

        if (before == null)
@ -59,7 +59,7 @@ public class SwitchControllerV2: PKControllerBase

        var ctx = ContextFor(system);

-        if (!system.FrontPrivacy.CanAccess(ctx))
+        if (!IsAuthenticatedAs(system.Id) && !system.FrontPrivacy.CanAccess(ctx))
            throw Errors.UnauthorizedCurrentFronters;

        var sw = await _repo.GetLatestSwitch(system.Id);
@ -145,7 +145,7 @@ public class SwitchControllerV2: PKControllerBase

        var ctx = ContextFor(system);

-        if (!system.FrontHistoryPrivacy.CanAccess(ctx))
+        if (!IsAuthenticatedAs(system.Id) && !system.FrontHistoryPrivacy.CanAccess(ctx))
            throw Errors.SwitchNotFoundPublic;

        var members = _db.Execute(conn => _repo.GetSwitchMembers(conn, sw.Id));