Closed jessepav closed 9 months ago
Hi @jessepav!
Thanks for opening this issue! I tried replicating it but failed.
To be clear, do you mean that you have a post in your blog which has a slug test-1
and a command like the one below fails?
curl -X GET -H 'Authorization: Bearer xxx-token' https://mataroa.blog/api/posts/test-1/
(where xxx-token
is one's token)
Hi, thanks for checking in on this.
I've determined that to replicate, the post is required to have a non-blank published_at
. These two curl invocations will trigger it with my account:
$ curl -X POST \
-H 'Authorization: Bearer XXXXXX' \
-d '{"title": "Test 1", "body": "## Why?\n\nEveryone needs a blog, right?", "published_at": "2021-12-12"}' \
https://mataroa.blog/api/posts/
{"ok": true, "slug": "test-1", "url": "https://oo.mataroa.blog/blog/test-1/"}
$ curl -X GET \
-H 'Authorization: Bearer XXXXXX' \
https://mataroa.blog/api/posts/test-1/
{"ok": false, "error": "Not allowed."}
whereas this works fine (the change being that the title changed to "Test 3"):
$ curl -X POST \
-H 'Authorization: Bearer XXXXXX' \
-d '{"title": "Test 3", "body": "## Why?\n\nEveryone needs a blog, right?", "published_at": "2021-12-12"}' \
https://mataroa.blog/api/posts/
{"ok": true, "slug": "test-3", "url": "https://oo.mataroa.blog/blog/test-3/"}
$ curl -X GET \
-H 'Authorization: Bearer XXXXXX' \
https://mataroa.blog/api/posts/test-3/
{"ok": true, "url": "https://oo.mataroa.blog/blog/test-3/", "slug": "test-3", "title": "Test 3", "body": "## Why?\n\nEveryone needs a blog, right?", "published_at": "2021-12-12"}
Another slug that it doesn't like is spam
Woah, I see! This was a bad one, thanks for finding and reporting it! Fixed in latest commit https://github.com/mataroa-blog/mataroa/commit/1abd88e40db4c6b9047afbca990b414410a7baff
Can you also verify it works now?
Yes, it's working now! Thanks for the quick fix.
If you have a post whose slug is
test-1
(ortest-2
), then aGET
tohttps://mataroa.blog/api/posts/test-1/
will return a 403.Note that
test-3
works, as doesfoo-1
.