Add oauth protection to admin domain blocks API

app/Http/Controllers/Api/V1/Admin/DomainBlocksController.php

@@ -10,6 +10,12 @@ use App\Services\InstanceService;
 use App\Http\Resources\MastoApi\Admin\DomainBlockResource;
 
 class DomainBlocksController extends ApiController {
+
+  public function __construct() {
+    $this->middleware(['auth:api', 'api.admin', 'scope:admin:read,admin:read:domain_blocks'])->only(['index', 'show']);
+    $this->middleware(['auth:api', 'api.admin', 'scope:admin:write,admin:write:domain_blocks'])->only(['create', 'update', 'delete']);
+  }
+
   public function index(Request $request) {
     $this->validate($request, [
       'limit' => 'sometimes|integer|max:100|min:1',

app/Http/Kernel.php

@@ -54,6 +54,7 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
+        'api.admin'     => \App\Http\Middleware\Api\Admin::class,
         'admin'         => \App\Http\Middleware\Admin::class,
         'auth'          => \Illuminate\Auth\Middleware\Authenticate::class,
         'auth.basic'    => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
@@ -68,6 +69,8 @@ class Kernel extends HttpKernel
         'twofactor'     => \App\Http\Middleware\TwoFactorAuth::class,
         'validemail'    => \App\Http\Middleware\EmailVerificationCheck::class,
         'interstitial'  => \App\Http\Middleware\AccountInterstitial::class,
+        'scopes'        => \Laravel\Passport\Http\Middleware\CheckScopes::class,
+        'scope'         => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
         // 'restricted'    => \App\Http\Middleware\RestrictedAccess::class,
     ];
 }

app/Http/Middleware/Api/Admin.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware\Api;
+
+use Auth;
+use Closure;
+
+class Admin
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if (Auth::check() == false || Auth::user()->is_admin == false) {
+          return abort(403, "You must be an administrator to do that");
+        }
+
+        return $next($request);
+    }
+}

app/Providers/AuthServiceProvider.php

@@ -37,7 +37,9 @@ class AuthServiceProvider extends ServiceProvider
                 'write' => 'Full write access to your account',
                 'follow' => 'Ability to follow other profiles',
                 'admin:read' => 'Read all data on the server',
+                'admin:read:domain_blocks' => 'Read sensitive information of all domain blocks',
                 'admin:write' => 'Modify all data on the server',
+                'admin:write:domain_blocks' => 'Perform moderation actions on domain blocks',
                 'push'  => 'Receive your push notifications'
             ]);