From 8b07c4be98bca0fbc4cd0100e7910dd75457d47b Mon Sep 17 00:00:00 2001 From: Umberto Sgueglia Date: Mon, 15 Jun 2026 10:12:52 +0200 Subject: [PATCH 1/2] fix: restore scopes Signed-off-by: Umberto Sgueglia --- backend/src/api/public/v1/index.ts | 8 +++----- backend/src/api/public/v1/packages/index.ts | 14 +++++--------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/backend/src/api/public/v1/index.ts b/backend/src/api/public/v1/index.ts index 8876f0a079..60c7092212 100644 --- a/backend/src/api/public/v1/index.ts +++ b/backend/src/api/public/v1/index.ts @@ -5,11 +5,10 @@ import { NotFoundError } from '@crowd/common' import { createRateLimiter } from '@/api/apiRateLimiter' import { safeWrap } from '@/middlewares/errorMiddleware' -// TODO: restore once read:stewardships is added to Auth0 staging tenant -// import { SCOPES } from '@/security/scopes' +import { SCOPES } from '@/security/scopes' import { AUTH0_CONFIG } from '../../../conf' import { oauth2Middleware } from '../middlewares/oauth2Middleware' -// import { requireScopes } from '../middlewares/requireScopes' +import { requireScopes } from '../middlewares/requireScopes' import { staticApiKeyMiddleware } from '../middlewares/staticApiKeyMiddleware' import { memberOrganizationAffiliationsRouter } from './affiliations' @@ -31,8 +30,7 @@ export function v1Router(): Router { /^\/packages:batch-stewardship\/?$/, oauth2Middleware(AUTH0_CONFIG), packagesRateLimiter, - // TODO: restore once read:stewardships is added to Auth0 staging tenant - // requireScopes([SCOPES.READ_STEWARDSHIPS]), + requireScopes([SCOPES.READ_STEWARDSHIPS]), safeWrap(batchGetStewardship), ) router.use('/packages', oauth2Middleware(AUTH0_CONFIG), packagesRouter()) diff --git a/backend/src/api/public/v1/packages/index.ts b/backend/src/api/public/v1/packages/index.ts index c082fcf498..5e3c744881 100644 --- a/backend/src/api/public/v1/packages/index.ts +++ b/backend/src/api/public/v1/packages/index.ts @@ -1,11 +1,10 @@ import { Router } from 'express' import { createRateLimiter } from '@/api/apiRateLimiter' -// TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant -// import { requireScopes } from '@/api/public/middlewares/requireScopes' +import { requireScopes } from '@/api/public/middlewares/requireScopes' import { safeWrap } from '@/middlewares/errorMiddleware' -// import { SCOPES } from '@/security/scopes' +import { SCOPES } from '@/security/scopes' import { getPackage } from './getPackage' import { getPackagesMetrics } from './getPackagesMetrics' import { listPackages } from './listPackages' @@ -19,22 +18,19 @@ export function packagesRouter(): Router { router.get( '/', - // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant - // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), + requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), safeWrap(listPackages), ) router.get( '/metrics', - // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant - // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), + requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), safeWrap(getPackagesMetrics), ) router.get( '/detail', - // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant - // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), + requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), safeWrap(getPackage), ) From 0a97231efaddf7f7cc0ea12ddcea9f3d6d91d438 Mon Sep 17 00:00:00 2001 From: Umberto Sgueglia Date: Mon, 15 Jun 2026 11:39:03 +0200 Subject: [PATCH 2/2] fix: restore scopes Signed-off-by: Umberto Sgueglia --- backend/src/api/public/v1/index.ts | 4 ++-- backend/src/api/public/v1/packages/index.ts | 23 +++++---------------- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/backend/src/api/public/v1/index.ts b/backend/src/api/public/v1/index.ts index 60c7092212..6fa5b59cf4 100644 --- a/backend/src/api/public/v1/index.ts +++ b/backend/src/api/public/v1/index.ts @@ -4,8 +4,8 @@ import { NotFoundError } from '@crowd/common' import { createRateLimiter } from '@/api/apiRateLimiter' import { safeWrap } from '@/middlewares/errorMiddleware' - import { SCOPES } from '@/security/scopes' + import { AUTH0_CONFIG } from '../../../conf' import { oauth2Middleware } from '../middlewares/oauth2Middleware' import { requireScopes } from '../middlewares/requireScopes' @@ -30,7 +30,7 @@ export function v1Router(): Router { /^\/packages:batch-stewardship\/?$/, oauth2Middleware(AUTH0_CONFIG), packagesRateLimiter, - requireScopes([SCOPES.READ_STEWARDSHIPS]), + requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'all'), safeWrap(batchGetStewardship), ) router.use('/packages', oauth2Middleware(AUTH0_CONFIG), packagesRouter()) diff --git a/backend/src/api/public/v1/packages/index.ts b/backend/src/api/public/v1/packages/index.ts index 5e3c744881..f2a1730548 100644 --- a/backend/src/api/public/v1/packages/index.ts +++ b/backend/src/api/public/v1/packages/index.ts @@ -3,8 +3,8 @@ import { Router } from 'express' import { createRateLimiter } from '@/api/apiRateLimiter' import { requireScopes } from '@/api/public/middlewares/requireScopes' import { safeWrap } from '@/middlewares/errorMiddleware' - import { SCOPES } from '@/security/scopes' + import { getPackage } from './getPackage' import { getPackagesMetrics } from './getPackagesMetrics' import { listPackages } from './listPackages' @@ -15,24 +15,11 @@ export function packagesRouter(): Router { const router = Router() router.use(rateLimiter) + router.use(requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'all')) - router.get( - '/', - requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), - safeWrap(listPackages), - ) - - router.get( - '/metrics', - requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), - safeWrap(getPackagesMetrics), - ) - - router.get( - '/detail', - requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'), - safeWrap(getPackage), - ) + router.get('/', safeWrap(listPackages)) + router.get('/metrics', safeWrap(getPackagesMetrics)) + router.get('/detail', safeWrap(getPackage)) return router }