Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-23 19:44:09 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

C2S: Add authentication to new endpoints

Browse source
This commit is contained in:
Travis Ralston 2024-06-10 15:52:38 -06:00
parent ce861df511
commit e7442b6bad
1 changed files with 29 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
data/api/client-server/authed-content-repo.yaml
View file

@ -21,7 +21,16 @@ paths:
get: get:
x-addedInMatrixVersion: "1.11" x-addedInMatrixVersion: "1.11"
summary: Download content from the content repository. summary: Download content from the content repository.
description: |-
{{% boxes/note %}}
Clients SHOULD NOT generate or use URLs which supply the access token in
the query string. These URLs may be copied by users verbatim and provided
in a chat message to another user, disclosing the sender's access token.
{{% /boxes/note %}}
operationId: getContentAuthed operationId: getContentAuthed
security:
- accessTokenQuery: []
- accessTokenBearer: []
parameters: parameters:
- $ref: '#/components/parameters/serverName' - $ref: '#/components/parameters/serverName'
- $ref: '#/components/parameters/mediaId' - $ref: '#/components/parameters/mediaId'
@ -58,12 +67,21 @@ paths:
"/media/download/{serverName}/{mediaId}/{fileName}": "/media/download/{serverName}/{mediaId}/{fileName}":
get: get:
x-addedInMatrixVersion: "1.11" x-addedInMatrixVersion: "1.11"
summary: Download content from the content repository overriding the file name summary: Download content from the content repository overriding the file name.
description: |- description: |-
This will download content from the content repository (same as This will download content from the content repository (same as
the previous endpoint) but replace the target file name with the one the previous endpoint) but replaces the target file name with the one
provided by the caller. provided by the caller.
{{% boxes/note %}}
Clients SHOULD NOT generate or use URLs which supply the access token in
the query string. These URLs may be copied by users verbatim and provided
in a chat message to another user, disclosing the sender's access token.
{{% /boxes/note %}}
operationId: getContentOverrideNameAuthed operationId: getContentOverrideNameAuthed
security:
- accessTokenQuery: []
- accessTokenBearer: []
parameters: parameters:
- $ref: '#/components/parameters/serverName' - $ref: '#/components/parameters/serverName'
- $ref: '#/components/parameters/mediaId' - $ref: '#/components/parameters/mediaId'
@ -113,7 +131,16 @@ paths:
description: |- description: |-
Download a thumbnail of content from the content repository. Download a thumbnail of content from the content repository.
See the [Thumbnails](/client-server-api/#thumbnails) section for more information. See the [Thumbnails](/client-server-api/#thumbnails) section for more information.
{{% boxes/note %}}
Clients SHOULD NOT generate or use URLs which supply the access token in
the query string. These URLs may be copied by users verbatim and provided
in a chat message to another user, disclosing the sender's access token.
{{% /boxes/note %}}
operationId: getContentThumbnailAuthed operationId: getContentThumbnailAuthed
security:
- accessTokenQuery: []
- accessTokenBearer: []
parameters: parameters:
- $ref: '#/components/parameters/serverName' - $ref: '#/components/parameters/serverName'
- $ref: '#/components/parameters/mediaId' - $ref: '#/components/parameters/mediaId'