Add authorization check for downloading attachments in handleRequest method

2025-06-06 13:05:29 -04:00 · 2025-06-06 13:05:29 -04:00 · 3217100cff
commit 3217100cff
parent cb5862fe94
1 changed files with 6 additions and 6 deletions
--- a/src/FederationServer/Methods/Attachments/DownloadAttachment.php
+++ b/src/FederationServer/Methods/Attachments/DownloadAttachment.php
@ -18,6 +18,12 @@
         */
        public static function handleRequest(): void
        {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
+            if(!Configuration::getServerConfiguration()->isEvidencePublic() && $authenticatedOperator === null)
+            {
+                throw new RequestException('Unauthorized: You must be authenticated to download attachments', 401);
+            }
+
            if(!preg_match('#^/attachments/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
            {
                throw new RequestException('Attachment UUID required', 405);
@ -29,12 +35,6 @@
                throw new RequestException('Invalid attachment UUID', 400);
            }

-            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
-            if(!Configuration::getServerConfiguration()->isEvidencePublic() && $authenticatedOperator === null)
-            {
-                throw new RequestException('Unauthorized: You must be authenticated to download attachments', 401);
-            }
-
            try
            {
                $attachment = FileAttachmentManager::getRecord($attachmentUuid);