summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api/StreamingApiServerService.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api/StreamingApiServerService.ts')
-rw-r--r--packages/backend/src/server/api/StreamingApiServerService.ts4
1 files changed, 4 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/StreamingApiServerService.ts b/packages/backend/src/server/api/StreamingApiServerService.ts
index dc3a00617c..3b387d92ca 100644
--- a/packages/backend/src/server/api/StreamingApiServerService.ts
+++ b/packages/backend/src/server/api/StreamingApiServerService.ts
@@ -71,6 +71,10 @@ export class StreamingApiServerService {
try {
[user, app] = await this.authenticateService.authenticate(token);
+
+ if (app !== null && !app.permission.some(p => p === 'read:account')) {
+ throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.');
+ }
} catch (e) {
if (e instanceof AuthenticationError) {
socket.write([
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 14:54:35 +0000