🔒 Make /profile API authenticated.

Danieloni1 · Danieloni1 · commit f942bcb0764b · 2024-05-22T14:41:40.000+03:00
diff --git a/clientapi/clientapi_test.go b/clientapi/clientapi_test.go
@@ -447,6 +447,7 @@ func TestSetDisplayname(t *testing.T) {
 				// check profile after initial account creation
 				rec := httptest.NewRecorder()
 				req := httptest.NewRequest(http.MethodGet, "/_matrix/client/v3/profile/"+tc.user.ID, strings.NewReader(""))
+				req.Header.Set("Authorization", "Bearer "+accessTokens[tc.user].accessToken)
 				t.Logf("%s", req.URL.String())
 				routers.Client.ServeHTTP(rec, req)
 
@@ -559,6 +560,7 @@ func TestSetAvatarURL(t *testing.T) {
 				// check profile after initial account creation
 				rec := httptest.NewRecorder()
 				req := httptest.NewRequest(http.MethodGet, "/_matrix/client/v3/profile/"+tc.user.ID, strings.NewReader(""))
+				req.Header.Set("Authorization", "Bearer "+accessTokens[tc.user].accessToken)
 				t.Logf("%s", req.URL.String())
 				routers.Client.ServeHTTP(rec, req)
 
diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
@@ -888,9 +888,9 @@ func Setup(
 	).Methods(http.MethodPut)
 
 	// Element user settings
-
+	// GK-CUSTOMIZATION: Make /profile endpoints authenticated
 	v3mux.Handle("/profile/{userID}",
-		httputil.MakeExternalAPI("profile", func(req *http.Request) util.JSONResponse {
+		httputil.MakeAuthAPI("profile", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
 			vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
 			if err != nil {
 				return util.ErrorResponse(err)
