auth: Extract reject_legacy_tokens() fn (#12432)

Author: Turbo87

src/auth.rs

@@ -219,6 +219,21 @@ impl Authentication {
             Authentication::Token(token) => &token.user,
         }
     }
+
+    /// Returns an error if the request was authenticated with a legacy API token.
+    ///
+    /// Legacy tokens are tokens without any endpoint scopes. They were created
+    /// before the scoped token feature was introduced.
+    pub fn reject_legacy_tokens(&self) -> AppResult<()> {
+        if let Some(token) = self.api_token()
+            && token.endpoint_scopes.is_none()
+        {
+            return Err(forbidden(
+                "This endpoint cannot be used with legacy API tokens. Use a scoped API token instead.",
+            ));
+        }
+        Ok(())
+    }
 }
 
 #[instrument(skip_all)]

src/controllers/krate/update.rs

@@ -6,7 +6,7 @@ use crate::middleware::real_ip::RealIp;
 use crate::models::token::EndpointScope;
 use crate::models::{Crate, User};
 use crate::schema::*;
-use crate::util::errors::{AppResult, crate_not_found, custom, forbidden};
+use crate::util::errors::{AppResult, crate_not_found, custom};
 use crate::views::EncodableCrate;
 use anyhow::Context;
 use axum::{Extension, Json};
@@ -70,14 +70,7 @@ pub async fn update_crate(
         .check(&req, &mut conn)
         .await?;
 
-    if auth
-        .api_token()
-        .is_some_and(|token| token.endpoint_scopes.is_none())
-    {
-        return Err(forbidden(
-            "This endpoint cannot be used with legacy API tokens. Use a scoped API token instead.",
-        ));
-    }
+    auth.reject_legacy_tokens()?;
 
     // Update crate settings in a transaction
     conn.transaction(|conn| {