From cb5862fe9403e6a2698b5e575fd6fb23b3085379 Mon Sep 17 00:00:00 2001
From: netkas <netkas.nosial@gmail.com>
Date: Fri, 6 Jun 2025 13:05:20 -0400
Subject: [PATCH] Add authorization check for audit logs in handleRequest
 method

---
 src/FederationServer/Methods/Audit/ViewAuditEntry.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/FederationServer/Methods/Audit/ViewAuditEntry.php b/src/FederationServer/Methods/Audit/ViewAuditEntry.php
index 6cb7037..5ee0c26 100644
--- a/src/FederationServer/Methods/Audit/ViewAuditEntry.php
+++ b/src/FederationServer/Methods/Audit/ViewAuditEntry.php
@@ -2,6 +2,7 @@
 
     namespace FederationServer\Methods\Audit;
 
+    use FederationServer\Classes\Configuration;
     use FederationServer\Classes\Managers\AuditLogManager;
     use FederationServer\Classes\RequestHandler;
     use FederationServer\Classes\Validate;
@@ -16,6 +17,12 @@
          */
         public static function handleRequest(): void
         {
+            $authenticatedOperator = FederationServer::getAuthenticatedOperator();
+            if(!Configuration::getServerConfiguration()->isAuditLogsPublic() && $authenticatedOperator === null)
+            {
+                throw new RequestException('Unauthorized: Public audit logs are disabled and no operator is authenticated', 403);
+            }
+
             if(!preg_match('#^/audit/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
             {
                 throw new RequestException('Bad Request: Audit UUID is required', 400);