From c29645c18ec1dfa328e12804eb4f9f95e070dd41 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Mar 2026 02:29:27 +0000 Subject: [PATCH 1/2] Initial plan From da12f6dc322f2fdd81fc74d7c28f2ce5573d4eb0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 11 Mar 2026 02:33:56 +0000 Subject: [PATCH 2/2] Apply requireAuthMiddleware and requireWriteScope to all Developer Apps write endpoints Co-authored-by: rickyrombo <3690498+rickyrombo@users.noreply.github.com> --- api/server.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/api/server.go b/api/server.go index 716467e6..e29a0dc2 100644 --- a/api/server.go +++ b/api/server.go @@ -535,18 +535,18 @@ func NewApiServer(config config.Config) *ApiServer { // Developer Apps g.Get("/developer_apps/:address", app.v1DeveloperApps) g.Get("/developer-apps/:address", app.v1DeveloperApps) - g.Post("/developer_apps", app.postV1UsersDeveloperApp) - g.Post("/developer-apps", app.postV1UsersDeveloperApp) - g.Put("/developer_apps/:address", app.putV1UsersDeveloperApp) - g.Put("/developer-apps/:address", app.putV1UsersDeveloperApp) - g.Delete("/developer_apps/:address", app.deleteV1UsersDeveloperApp) - g.Delete("/developer-apps/:address", app.deleteV1UsersDeveloperApp) - g.Post("/developer_apps/:address/access-keys/deactivate", app.postV1UsersDeveloperAppAccessKeyDeactivate) - g.Post("/developer-apps/:address/access-keys/deactivate", app.postV1UsersDeveloperAppAccessKeyDeactivate) + g.Post("/developer_apps", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperApp) + g.Post("/developer-apps", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperApp) + g.Put("/developer_apps/:address", app.requireAuthMiddleware, app.requireWriteScope, app.putV1UsersDeveloperApp) + g.Put("/developer-apps/:address", app.requireAuthMiddleware, app.requireWriteScope, app.putV1UsersDeveloperApp) + g.Delete("/developer_apps/:address", app.requireAuthMiddleware, app.requireWriteScope, app.deleteV1UsersDeveloperApp) + g.Delete("/developer-apps/:address", app.requireAuthMiddleware, app.requireWriteScope, app.deleteV1UsersDeveloperApp) + g.Post("/developer_apps/:address/access-keys/deactivate", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppAccessKeyDeactivate) + g.Post("/developer-apps/:address/access-keys/deactivate", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppAccessKeyDeactivate) g.Post("/developer_apps/:address/register-api-key", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppRegisterApiKey) g.Post("/developer-apps/:address/register-api-key", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppRegisterApiKey) - g.Post("/developer_apps/:address/access-keys", app.postV1UsersDeveloperAppAccessKey) - g.Post("/developer-apps/:address/access-keys", app.postV1UsersDeveloperAppAccessKey) + g.Post("/developer_apps/:address/access-keys", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppAccessKey) + g.Post("/developer-apps/:address/access-keys", app.requireAuthMiddleware, app.requireWriteScope, app.postV1UsersDeveloperAppAccessKey) // OAuth2 PKCE g.Get("/oauth/authorize", app.v1OAuthAuthorizeRedirect)