feat(api tokens): check for scopes

2023-08-31 21:59:20 +02:00
parent 677bd5cfc9
commit 5c6c6cd9f0
2 changed files with 79 additions and 14 deletions
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -312,7 +312,11 @@ func registerAPIRoutes(a *echo.Group) {
 				return echo.NewHTTPError(http.StatusInternalServerError).SetInternal(err)
 			}

-			if token.ExpiresAt.After(time.Now()) {
+			if time.Now().After(token.ExpiresAt) {
+				return echo.NewHTTPError(http.StatusUnauthorized)
+			}
+
+			if !CanDoAPIRoute(c, token) {
 				return echo.NewHTTPError(http.StatusUnauthorized)
 			}