From 3217100cffbead7876ef82bcaa1954cccf6e0a04 Mon Sep 17 00:00:00 2001
From: netkas <netkas.nosial@gmail.com>
Date: Fri, 6 Jun 2025 13:05:29 -0400
Subject: [PATCH] Add authorization check for downloading attachments in
 handleRequest method

---
 .../Methods/Attachments/DownloadAttachment.php       | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/FederationServer/Methods/Attachments/DownloadAttachment.php b/src/FederationServer/Methods/Attachments/DownloadAttachment.php
index 447057b..15c4bff 100644
--- a/src/FederationServer/Methods/Attachments/DownloadAttachment.php
+++ b/src/FederationServer/Methods/Attachments/DownloadAttachment.php
@@ -18,6 +18,12 @@
          */
         public static function handleRequest(): void
         {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
+            if(!Configuration::getServerConfiguration()->isEvidencePublic() && $authenticatedOperator === null)
+            {
+                throw new RequestException('Unauthorized: You must be authenticated to download attachments', 401);
+            }
+
             if(!preg_match('#^/attachments/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
             {
                 throw new RequestException('Attachment UUID required', 405);
@@ -29,12 +35,6 @@
                 throw new RequestException('Invalid attachment UUID', 400);
             }
 
-            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
-            if(!Configuration::getServerConfiguration()->isEvidencePublic() && $authenticatedOperator === null)
-            {
-                throw new RequestException('Unauthorized: You must be authenticated to download attachments', 401);
-            }
-
             try
             {
                 $attachment = FileAttachmentManager::getRecord($attachmentUuid);