diff --git a/services/swarm-api/src/middleware/auth.ts b/services/swarm-api/src/middleware/auth.ts index 68a8c6b97..8a7cb3859 100644 --- a/services/swarm-api/src/middleware/auth.ts +++ b/services/swarm-api/src/middleware/auth.ts @@ -69,7 +69,7 @@ export const requirePermission = app .use(authPlugin) .onBeforeHandle( - { as: "global" }, + { as: "scoped" }, ({ permissionCache, userKey, status }) => { for (const path of namespacePaths) { const hasPermission = permissionCache.hasPermission(userKey, path); diff --git a/services/swarm-api/src/routes/claims.ts b/services/swarm-api/src/routes/claims.ts index 67bcd5212..c29b21d4f 100644 --- a/services/swarm-api/src/routes/claims.ts +++ b/services/swarm-api/src/routes/claims.ts @@ -29,8 +29,9 @@ import type { import { HttpError } from "../utils/errors"; export const claimsRouter = (app: ContextApp) => - app.use(requirePermission(["prediction.verify"])).group("/v1", (app) => + app.group("/v1", (app) => app + .use(requirePermission(["prediction.verify"])) .get( "/predictions/claimable", async ({ query, db, userKey }) => { diff --git a/services/swarm-api/src/routes/predictions.ts b/services/swarm-api/src/routes/predictions.ts index 32cdd9db6..4ffd01b02 100644 --- a/services/swarm-api/src/routes/predictions.ts +++ b/services/swarm-api/src/routes/predictions.ts @@ -8,7 +8,7 @@ import { scrapedTweetSchema, } from "@torus-ts/db/schema"; import canonicalize from "canonicalize"; -import { authPlugin } from "../middleware/auth"; +import { requirePermission } from "../middleware/auth"; import type { ContextApp } from "../middleware/context"; import { storePredictionsInputSchema } from "../schemas/predictions"; import { findCanonicalPrediction } from "../utils/dedup"; @@ -16,8 +16,8 @@ import type { ParsedPredictionForDedup } from "../utils/dedup"; import { HttpError } from "../utils/errors"; export const predictionsRouter = (app: ContextApp) => - app.use(authPlugin).group("/v1", (app) => - app.post( + app.group("/v1", (app) => + app.use(requirePermission(["prediction.filter"])).post( "/storePredictions", async ({ body, db, serverSignHash, userKey }) => { const agentAddress = userKey; diff --git a/services/swarm-api/src/routes/tweets.ts b/services/swarm-api/src/routes/tweets.ts index 1ff2c8556..c21e2e199 100644 --- a/services/swarm-api/src/routes/tweets.ts +++ b/services/swarm-api/src/routes/tweets.ts @@ -5,14 +5,14 @@ import { twitterScrapingJobsSchema, twitterUsersSchema, } from "@torus-ts/db/schema"; -import { authPlugin } from "../middleware/auth"; +import { requirePermission } from "../middleware/auth"; import type { ContextApp } from "../middleware/context"; import { getTweetsNextQuerySchema } from "../schemas/tweets"; import { cursorSchema, encodeCursor } from "../utils/cursor"; export const tweetsRouter = (app: ContextApp) => - app.use(authPlugin).group("/v1", (app) => - app.get( + app.group("/v1", (app) => + app.use(requirePermission(["prediction.filter"])).get( "/getTweetsNext", async ({ query, db, userKey }) => { const fromData = cursorSchema.parse(query.from); diff --git a/services/swarm-api/src/server.ts b/services/swarm-api/src/server.ts index eee76b63d..64f44e41d 100644 --- a/services/swarm-api/src/server.ts +++ b/services/swarm-api/src/server.ts @@ -9,7 +9,6 @@ import { Marked } from "marked"; import { zodToJsonSchema } from "zod-to-json-schema"; import { createAppContext } from "./context"; import { getEnv } from "./env"; -import { requirePermission } from "./middleware/auth"; import { contextPlugin } from "./middleware/context"; import { claimsRouter } from "./routes/claims"; import { creditsRouter } from "./routes/credits"; @@ -199,7 +198,6 @@ export async function createServer() { .use(permissionRouter) .use(creditsRouter) .use(claimsRouter) - .use(requirePermission(["prediction.filter"])) .use(tweetsRouter) .use(predictionsRouter); }