MokoConsulting/MokoGitea-Fork
1
0
Fork 0
Code Issues 123 Pull Requests Releases 96 Wiki Activity

feat: add licensing API token scope #698

Merged
jmiller merged 1 commits from feature/api-token-scopes into main 2026-06-25 14:37:50 +00:00
Conversation 0 Commits 1 Files Changed 4
+24 -6
jmiller commented 2026-06-25 14:23:25 +00:00
Owner
Copy Link
Copy Source

Summary

  • Add read:licensing / write:licensing API token scope category
  • Licensing endpoints now require the licensing scope when accessed via token
  • Public-only tokens are rejected for all licensing endpoints
  • Existing tokens with all scope continue to work (backward compatible)

Closes #697

Changes

  • models/auth/access_token_scope.go: New AccessTokenScopeCategoryLicensing enum, bit constants, string constants, and all scope maps
  • models/auth/access_token_scope_test.go: Updated test expectations for new scope
  • routers/api/v1/api.go: Wrapped /licensing group with tokenRequiresScopes(), added public-only rejection

Test plan

  • Token creation UI shows "licensing" scope with read/write options
  • Token with read:licensing can GET licensing endpoints
  • Token with write:licensing can POST/PATCH/DELETE licensing endpoints
  • Token without licensing scope gets 403 on licensing endpoints
  • Token with all scope can access licensing endpoints
  • Public-only token gets 403 on licensing endpoints
  • Existing tokens with broad access are unaffected
## Summary - Add `read:licensing` / `write:licensing` API token scope category - Licensing endpoints now require the licensing scope when accessed via token - Public-only tokens are rejected for all licensing endpoints - Existing tokens with `all` scope continue to work (backward compatible) Closes #697 ## Changes - `models/auth/access_token_scope.go`: New `AccessTokenScopeCategoryLicensing` enum, bit constants, string constants, and all scope maps - `models/auth/access_token_scope_test.go`: Updated test expectations for new scope - `routers/api/v1/api.go`: Wrapped `/licensing` group with `tokenRequiresScopes()`, added public-only rejection ## Test plan - [ ] Token creation UI shows "licensing" scope with read/write options - [ ] Token with `read:licensing` can GET licensing endpoints - [ ] Token with `write:licensing` can POST/PATCH/DELETE licensing endpoints - [ ] Token without licensing scope gets 403 on licensing endpoints - [ ] Token with `all` scope can access licensing endpoints - [ ] Public-only token gets 403 on licensing endpoints - [ ] Existing tokens with broad access are unaffected
jmiller changed target branch from dev to main 2026-06-25 14:27:51 +00:00
jmiller added 1 commit 2026-06-25 14:27:51 +00:00
feat: add licensing API token scope (#697)
Universal: Auto Version Bump / Version Bump (push) Successful in 17s
Details
PR RC Release / Build RC Release (pull_request) Successful in 3s
Details
Universal: PR Check / Branch Policy (pull_request) Failing after 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 43s
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 3s
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 1m13s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 4m6s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
49f6380fa4 
Add read:licensing / write:licensing token scope category so licensing
endpoints are guarded by the same permission system as all other API
endpoints. Public-only tokens are rejected for licensing endpoints.
jmiller merged commit 3eb0dfd011 into main 2026-06-25 14:37:50 +00:00
jmiller deleted branch feature/api-token-scopes 2026-06-25 14:37:53 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 feature: wiki
Wiki system enhancements
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#698
Delete Branch "feature/api-token-scopes"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?