10 kuukautta sitten · e13d4802a4
--- a/apps/app/src/features/openai/server/routes/ai-assistant.ts
+++ b/apps/app/src/features/openai/server/routes/ai-assistant.ts
@@ -29,7 +29,8 @@ export const createAiAssistantFactory: CreateAssistantFactory = (crowi) => {
 
				   const loginRequiredStrictly = require('~/server/middlewares/login-required')(crowi);
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, upsertAiAssistantValidator, apiV3FormValidator,
			
 
				+    // eslint-disable-next-line max-len
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, upsertAiAssistantValidator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const openaiService = getOpenaiService();
			
 
				       if (openaiService == null) {
			
--- a/apps/app/src/features/openai/server/routes/ai-assistants.ts
+++ b/apps/app/src/features/openai/server/routes/ai-assistants.ts
@@ -26,7 +26,7 @@ export const getAiAssistantsFactory: GetAiAssistantsFactory = (crowi) => {
 
				   const loginRequiredStrictly = require('~/server/middlewares/login-required')(crowi);
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const openaiService = getOpenaiService();
			
 
				       if (openaiService == null) {
			
--- a/apps/app/src/features/openai/server/routes/delete-ai-assistant.ts
+++ b/apps/app/src/features/openai/server/routes/delete-ai-assistant.ts
@@ -37,7 +37,7 @@ export const deleteAiAssistantsFactory: DeleteAiAssistantsFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { id } = req.params;
			
 
				       const { user } = req;
			
--- a/apps/app/src/features/openai/server/routes/delete-thread.ts
+++ b/apps/app/src/features/openai/server/routes/delete-thread.ts
@@ -36,7 +36,7 @@ export const deleteThreadFactory: DeleteThreadFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { aiAssistantId, threadRelationId } = req.params;
			
 
				       const { user } = req;
			
--- a/apps/app/src/features/openai/server/routes/edit/index.ts
+++ b/apps/app/src/features/openai/server/routes/edit/index.ts
@@ -8,6 +8,7 @@ import { zodResponseFormat } from 'openai/helpers/zod';
 
				 import type { MessageDelta } from 'openai/resources/beta/threads/messages.mjs';
			
 
				 import { z } from 'zod';
			
 
				 
			
 
				+import { SCOPE } from '~/interfaces/scope';
			
 
				 // Necessary imports
			
 
				 import type Crowi from '~/server/crowi';
			
 
				 import { accessTokenParser } from '~/server/middlewares/access-token-parser';
			
@@ -116,7 +117,7 @@ export const postMessageToEditHandlersFactory: PostMessageHandlersFactory = (cro
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser, loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const {
			
 
				         userMessage, markdown, threadId,
			
--- a/apps/app/src/features/openai/server/routes/get-threads.ts
+++ b/apps/app/src/features/openai/server/routes/get-threads.ts
@@ -34,7 +34,7 @@ export const getThreadsFactory: GetThreadsFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const openaiService = getOpenaiService();
			
 
				       if (openaiService == null) {
			
--- a/apps/app/src/features/openai/server/routes/message/get-messages.ts
+++ b/apps/app/src/features/openai/server/routes/message/get-messages.ts
@@ -41,7 +41,7 @@ export const getMessagesFactory: GetMessagesFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const openaiService = getOpenaiService();
			
 
				       if (openaiService == null) {
			
--- a/apps/app/src/features/openai/server/routes/message/post-message.ts
+++ b/apps/app/src/features/openai/server/routes/message/post-message.ts
@@ -54,7 +54,7 @@ export const postMessageHandlersFactory: PostMessageHandlersFactory = (crowi) =>
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { aiAssistantId, threadId } = req.body;
			
 
				 
			
--- a/apps/app/src/features/openai/server/routes/set-default-ai-assistant.ts
+++ b/apps/app/src/features/openai/server/routes/set-default-ai-assistant.ts
@@ -39,7 +39,8 @@ export const setDefaultAiAssistantFactory: setDefaultAiAssistantFactory = (crowi
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, adminRequired, certifyAiService, validator, apiV3FormValidator,
			
 
				+    // eslint-disable-next-line max-len
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const openaiService = getOpenaiService();
			
 
				       if (openaiService == null) {
			
--- a/apps/app/src/features/openai/server/routes/thread.ts
+++ b/apps/app/src/features/openai/server/routes/thread.ts
@@ -38,7 +38,7 @@ export const createThreadHandlersFactory: CreateThreadFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: CreateThreadReq, res: ApiV3Response) => {
			
 
				 
			
 
				       const openaiService = getOpenaiService();
			
--- a/apps/app/src/features/openai/server/routes/update-ai-assistant.ts
+++ b/apps/app/src/features/openai/server/routes/update-ai-assistant.ts
@@ -40,7 +40,7 @@ export const updateAiAssistantsFactory: UpdateAiAssistantsFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT]), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.AI_ASSISTANT], { acceptLegacy: true }), loginRequiredStrictly, certifyAiService, validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { id } = req.params;
			
 
				       const { user } = req;
			
--- a/apps/app/src/features/page-bulk-export/server/routes/apiv3/page-bulk-export.ts
+++ b/apps/app/src/features/page-bulk-export/server/routes/apiv3/page-bulk-export.ts
@@ -28,6 +28,7 @@ module.exports = (crowi: Crowi): Router => {
 
				     ],
			
 
				   };
			
 
				 
			
 
				+  // TODO: https://redmine.weseek.co.jp/issues/166911
			
 
				   router.post('/', loginRequiredStrictly, validators.pageBulkExport, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const errors = validationResult(req);
			
 
				     if (!errors.isEmpty()) {
			
--- a/apps/app/src/features/questionnaire/server/routes/apiv3/questionnaire.ts
+++ b/apps/app/src/features/questionnaire/server/routes/apiv3/questionnaire.ts
@@ -86,7 +86,8 @@ module.exports = (crowi: Crowi): Router => {
 
				    *                   items:
			
 
				    *                     type: object
			
 
				    */
			
 
				-  router.get('/orders', accessTokenParser([SCOPE.READ.FEATURES.QUESTIONNAIRE]), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/orders', accessTokenParser([SCOPE.READ.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const growiInfo = await growiInfoService.getGrowiInfo(true);
			
 
				     const userInfo = crowi.questionnaireService.getUserInfo(req.user ?? null, getSiteUrlHashed(growiInfo.appSiteUrl));
			
 
				 
			
@@ -123,7 +124,8 @@ module.exports = (crowi: Crowi): Router => {
 
				    *                 isEnabled:
			
 
				    *                   type: boolean
			
 
				    */
			
 
				-  router.get('/is-enabled', accessTokenParser([SCOPE.READ.FEATURES.QUESTIONNAIRE]), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/is-enabled', accessTokenParser([SCOPE.READ.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const isEnabled = configManager.getConfig('questionnaire:isQuestionnaireEnabled');
			
 
				     return res.apiv3({ isEnabled });
			
 
				   });
			
@@ -154,7 +156,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *             schema:
			
 
				    *               type: object
			
 
				    */
			
 
				-  router.post('/proactive/answer', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE]), loginRequired,
			
 
				+  router.post('/proactive/answer', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired,
			
 
				     validators.proactiveAnswer, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				       const sendQuestionnaireAnswer = async() => {
			
 
				         const questionnaireServerOrigin = configManager.getConfig('app:questionnaireServerOrigin');
			
@@ -238,7 +240,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *       404:
			
 
				    *         description: Not Found
			
 
				    */
			
 
				-  router.put('/answer', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE]), loginRequired,
			
 
				+  router.put('/answer', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired,
			
 
				     validators.answer, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				       const sendQuestionnaireAnswer = async(user: IUserHasId, answers: IAnswer[]) => {
			
 
				         const questionnaireServerOrigin = crowi.configManager.getConfig('app:questionnaireServerOrigin');
			
@@ -320,7 +322,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *       404:
			
 
				    *         description: Not Found
			
 
				    */
			
 
				-  router.put('/skip', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE]), loginRequired,
			
 
				+  router.put('/skip', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired,
			
 
				     validators.skipDeny, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				       const errors = validationResult(req);
			
 
				       if (!errors.isEmpty()) {
			
@@ -370,7 +372,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *       404:
			
 
				    *         description: Not Found
			
 
				    */
			
 
				-  router.put('/deny', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE]), loginRequired,
			
 
				+  router.put('/deny', accessTokenParser([SCOPE.WRITE.FEATURES.QUESTIONNAIRE], { acceptLegacy: true }), loginRequired,
			
 
				     validators.skipDeny, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				       const errors = validationResult(req);
			
 
				       if (!errors.isEmpty()) {
			
--- a/apps/app/src/server/routes/apiv3/activity.ts
+++ b/apps/app/src/server/routes/apiv3/activity.ts
@@ -213,7 +213,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *               $ref: '#/components/schemas/ActivityResponse'
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.AUDIT_LOG]), loginRequiredStrictly, adminRequired, validator.list, apiV3FormValidator, async(req: Request, res: ApiV3Response) => {
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.AUDIT_LOG], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, validator.list, apiV3FormValidator, async(req: Request, res: ApiV3Response) => {
			
 
				     const auditLogEnabled = configManager.getConfig('app:auditLogEnabled');
			
 
				     if (!auditLogEnabled) {
			
 
				       const msg = 'AuditLog is not enabled';
			
--- a/apps/app/src/server/routes/apiv3/app-settings.js
+++ b/apps/app/src/server/routes/apiv3/app-settings.js
@@ -436,7 +436,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      $ref: '#/components/schemas/AppSettingParams'
			
 
				    */
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.APP]), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.APP], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				     const appSettingsParams = {
			
 
				       title: configManager.getConfig('app:title'),
			
 
				       confidential: configManager.getConfig('app:confidential'),
			
@@ -1039,7 +1039,8 @@ module.exports = (crowi) => {
 
				 
			
 
				   });
			
 
				 
			
 
				-  router.put('/page-bulk-export-settings', loginRequiredStrictly, adminRequired, addActivity, validator.pageBulkExportSettings, apiV3FormValidator,
			
 
				+  router.put('/page-bulk-export-settings',
			
 
				+    accessTokenParser([SCOPE.WRITE.ADMIN.APP]), loginRequiredStrictly, adminRequired, addActivity, validator.pageBulkExportSettings, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const requestParams = {
			
 
				         'app:isBulkExportPagesEnabled': req.body.isBulkExportPagesEnabled,
			
@@ -1091,7 +1092,8 @@ module.exports = (crowi) => {
 
				    *                      description: is V5 compatible, or not
			
 
				    *                      example: true
			
 
				    */
			
 
				-  router.post('/v5-schema-migration', accessTokenParser([SCOPE.WRITE.ADMIN.APP]), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.post('/v5-schema-migration', accessTokenParser([SCOPE.WRITE.ADMIN.APP], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				     const isMaintenanceMode = crowi.appService.isMaintenanceMode();
			
 
				     if (!isMaintenanceMode) {
			
 
				       return res.apiv3Err(new ErrorV3('GROWI is not maintenance mode. To import data, please activate the maintenance mode first.', 'not_maintenance_mode'));
			
@@ -1147,7 +1149,7 @@ module.exports = (crowi) => {
 
				    *                      example: true
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.post('/maintenance-mode', accessTokenParser([SCOPE.WRITE.ADMIN.APP]), loginRequiredStrictly, adminRequired, addActivity, validator.maintenanceMode, apiV3FormValidator, async(req, res) => {
			
 
				+  router.post('/maintenance-mode', accessTokenParser([SCOPE.WRITE.ADMIN.APP], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, addActivity, validator.maintenanceMode, apiV3FormValidator, async(req, res) => {
			
 
				     const { flag } = req.body;
			
 
				     const parameters = {};
			
 
				     try {
			
--- a/apps/app/src/server/routes/apiv3/attachment.js
+++ b/apps/app/src/server/routes/apiv3/attachment.js
@@ -199,7 +199,8 @@ module.exports = (crowi) => {
 
				    *                  type: object
			
 
				    *                  $ref: '#/components/schemas/AttachmentPaginateResult'
			
 
				    */
			
 
				-  router.get('/list', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT]), loginRequired, validator.retrieveAttachments, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/list', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT], { acceptLegacy: true }), loginRequired, validator.retrieveAttachments, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				 
			
 
				       const limit = req.query.limit || await crowi.configManager.getConfig('customize:showPageLimitationS') || 10;
			
@@ -274,7 +275,8 @@ module.exports = (crowi) => {
 
				    *          500:
			
 
				    *            $ref: '#/components/responses/500'
			
 
				    */
			
 
				-  router.get('/limit', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT]), loginRequiredStrictly, validator.retrieveFileLimit, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/limit', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT], { acceptLegacy: true }), loginRequiredStrictly, validator.retrieveFileLimit, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const { fileUploadService } = crowi;
			
 
				       const fileSize = Number(req.query.fileSize);
			
@@ -342,8 +344,8 @@ module.exports = (crowi) => {
 
				    *          500:
			
 
				    *            $ref: '#/components/responses/500'
			
 
				    */
			
 
				-  router.post('/', uploads.single('file'), accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT]), loginRequiredStrictly, excludeReadOnlyUser,
			
 
				-    validator.retrieveAddAttachment, apiV3FormValidator, addActivity,
			
 
				+  router.post('/', uploads.single('file'), accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT], { acceptLegacy: true }),
			
 
				+    loginRequiredStrictly, excludeReadOnlyUser, validator.retrieveAddAttachment, apiV3FormValidator, addActivity,
			
 
				     // Removed autoReap middleware to use file data in asynchronous processes. Instead, implemented file deletion after asynchronous processes complete
			
 
				     async(req, res) => {
			
 
				 
			
@@ -407,7 +409,7 @@ module.exports = (crowi) => {
 
				    *            schema:
			
 
				    *              type: string
			
 
				    */
			
 
				-  router.get('/:id', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT]), certifySharedPageAttachmentMiddleware, loginRequired,
			
 
				+  router.get('/:id', accessTokenParser([SCOPE.READ.FEATURES.ATTACHMENT], { acceptLegacy: true }), certifySharedPageAttachmentMiddleware, loginRequired,
			
 
				     validator.retrieveAttachment, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       try {
			
--- a/apps/app/src/server/routes/apiv3/bookmark-folder.ts
+++ b/apps/app/src/server/routes/apiv3/bookmark-folder.ts
@@ -1,3 +1,4 @@
 
				+/* eslint-disable max-len */
			
 
				 import { ErrorV3 } from '@growi/core/dist/models';
			
 
				 import { body } from 'express-validator';
			
 
				 import type { Types } from 'mongoose';
			
@@ -158,7 +159,8 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      $ref: '#/components/schemas/BookmarkFolder'
			
 
				    */
			
 
				-  router.post('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, validator.bookmarkFolder, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.post('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, validator.bookmarkFolder, apiV3FormValidator, async(req, res) => {
			
 
				     const owner = req.user?._id;
			
 
				     const { name, parent } = req.body;
			
 
				     const params = {
			
@@ -211,7 +213,7 @@ module.exports = (crowi) => {
 
				    *                        type: object
			
 
				    *                        $ref: '#/components/schemas/BookmarkFolder'
			
 
				    */
			
 
				-  router.get('/list/:userId', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK]), loginRequiredStrictly, async(req, res) => {
			
 
				+  router.get('/list/:userId', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, async(req, res) => {
			
 
				     const { userId } = req.params;
			
 
				 
			
 
				     const getBookmarkFolders = async(
			
@@ -300,7 +302,7 @@ module.exports = (crowi) => {
 
				    *                      description: Number of deleted folders
			
 
				    *                      example: 1
			
 
				    */
			
 
				-  router.delete('/:id', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, async(req, res) => {
			
 
				+  router.delete('/:id', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, async(req, res) => {
			
 
				     const { id } = req.params;
			
 
				     try {
			
 
				       const result = await BookmarkFolder.deleteFolderAndChildren(id);
			
@@ -357,7 +359,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      $ref: '#/components/schemas/BookmarkFolder'
			
 
				    */
			
 
				-  router.put('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, validator.bookmarkFolder, async(req, res) => {
			
 
				+  router.put('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, validator.bookmarkFolder, async(req, res) => {
			
 
				     const {
			
 
				       bookmarkFolderId, name, parent, childFolder,
			
 
				     } = req.body;
			
@@ -407,7 +409,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      $ref: '#/components/schemas/BookmarkFolder'
			
 
				    */
			
 
				-  router.post('/add-bookmark-to-folder', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, validator.bookmarkPage, apiV3FormValidator,
			
 
				+  router.post('/add-bookmark-to-folder', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, validator.bookmarkPage, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const userId = req.user?._id;
			
 
				       const { pageId, folderId } = req.body;
			
@@ -458,7 +460,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      $ref: '#/components/schemas/BookmarkFolder'
			
 
				    */
			
 
				-  router.put('/update-bookmark', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, validator.bookmark, async(req, res) => {
			
 
				+  router.put('/update-bookmark', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, validator.bookmark, async(req, res) => {
			
 
				     const { pageId, status } = req.body;
			
 
				     const userId = req.user?._id;
			
 
				     try {
			
--- a/apps/app/src/server/routes/apiv3/bookmarks.js
+++ b/apps/app/src/server/routes/apiv3/bookmarks.js
@@ -126,7 +126,8 @@ module.exports = (crowi) => {
 
				    *                schema:
			
 
				    *                  $ref: '#/components/schemas/BookmarkInfo'
			
 
				    */
			
 
				-  router.get('/info', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK]), loginRequired, validator.bookmarkInfo, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/info', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequired, validator.bookmarkInfo, apiV3FormValidator, async(req, res) => {
			
 
				     const { user } = req;
			
 
				     const { pageId } = req.query;
			
 
				 
			
@@ -193,7 +194,8 @@ module.exports = (crowi) => {
 
				     param('userId').isMongoId().withMessage('userId is required'),
			
 
				   ];
			
 
				 
			
 
				-  router.get('/:userId', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK]), loginRequired, validator.userBookmarkList, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/:userId', accessTokenParser([SCOPE.READ.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequired, validator.userBookmarkList, apiV3FormValidator, async(req, res) => {
			
 
				     const { userId } = req.params;
			
 
				 
			
 
				     if (userId == null) {
			
@@ -250,7 +252,8 @@ module.exports = (crowi) => {
 
				    *                    bookmark:
			
 
				    *                      $ref: '#/components/schemas/Bookmark'
			
 
				    */
			
 
				-  router.put('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK]), loginRequiredStrictly, addActivity, validator.bookmarks, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.put('/', accessTokenParser([SCOPE.WRITE.FEATURES.BOOKMARK], { acceptLegacy: true }), loginRequiredStrictly, addActivity, validator.bookmarks, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const { pageId, bool } = req.body;
			
 
				       const userId = req.user?._id;
			
--- a/apps/app/src/server/routes/apiv3/export.js
+++ b/apps/app/src/server/routes/apiv3/export.js
@@ -173,7 +173,7 @@ module.exports = (crowi) => {
 
				    *                  status:
			
 
				    *                    $ref: '#/components/schemas/ExportStatus'
			
 
				    */
			
 
				-  router.get('/status', accessTokenParser([SCOPE.READ.ADMIN.EXPORET_DATA]), loginRequired, adminRequired, async(req, res) => {
			
 
				+  router.get('/status', accessTokenParser([SCOPE.READ.ADMIN.EXPORET_DATA], { acceptLegacy: true }), loginRequired, adminRequired, async(req, res) => {
			
 
				     const status = await exportService.getStatus();
			
 
				 
			
 
				     // TODO: use res.apiv3
			
@@ -214,7 +214,7 @@ module.exports = (crowi) => {
 
				    *                    type: boolean
			
 
				    *                    description: whether the request is succeeded
			
 
				    */
			
 
				-  router.post('/', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA]), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				+  router.post('/', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA], { acceptLegacy: true }), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				     // TODO: add express validator
			
 
				     try {
			
 
				       const { collections } = req.body;
			
@@ -264,7 +264,7 @@ module.exports = (crowi) => {
 
				    *                    type: boolean
			
 
				    *                    description: whether the request is succeeded
			
 
				    */
			
 
				-  router.delete('/:fileName', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA]), loginRequired, adminRequired,
			
 
				+  router.delete('/:fileName', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA], { acceptLegacy: true }), loginRequired, adminRequired,
			
 
				     validator.deleteFile, apiV3FormValidator, addActivity,
			
 
				     async(req, res) => {
			
 
				     // TODO: add express validator
			
--- a/apps/app/src/server/routes/apiv3/g2g-transfer.ts
+++ b/apps/app/src/server/routes/apiv3/g2g-transfer.ts
@@ -467,7 +467,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *                    description: The transfer key
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  receiveRouter.post('/generate-key', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA]), adminRequiredIfInstalled, appSiteUrlRequiredIfNotInstalled, async(req: Request, res: ApiV3Response) => {
			
 
				+  receiveRouter.post('/generate-key', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA], { acceptLegacy: true }), adminRequiredIfInstalled, appSiteUrlRequiredIfNotInstalled, async(req: Request, res: ApiV3Response) => {
			
 
				     const appSiteUrl = req.body.appSiteUrl ?? configManager.getConfig('app:siteUrl');
			
 
				 
			
 
				     let appSiteUrlOrigin: string;
			
@@ -533,7 +533,7 @@ module.exports = (crowi: Crowi): Router => {
 
				    *                    description: The message of the result
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  pushRouter.post('/transfer', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA]), loginRequiredStrictly, adminRequired, validator.transfer, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  pushRouter.post('/transfer', accessTokenParser([SCOPE.WRITE.ADMIN.EXPORET_DATA], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, validator.transfer, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const { transferKey, collections, optionsMap } = req.body;
			
 
				 
			
 
				     // Parse transfer key
			
--- a/apps/app/src/server/routes/apiv3/import.js
+++ b/apps/app/src/server/routes/apiv3/import.js
@@ -199,7 +199,7 @@ export default function route(crowi) {
 
				    *                        type: string
			
 
				    *                        description: the access token of qiita.com
			
 
				    */
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.IMPORT_DATA]), loginRequired, adminRequired, async(req, res) => {
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.IMPORT_DATA], { acceptLegacy: true }), loginRequired, adminRequired, async(req, res) => {
			
 
				     try {
			
 
				       const importSettingsParams = {
			
 
				         esaTeamName: await crowi.configManager.getConfig('importer:esa:team_name'),
			
@@ -238,7 +238,7 @@ export default function route(crowi) {
 
				    *                  status:
			
 
				    *                    $ref: '#/components/schemas/ImportStatus'
			
 
				    */
			
 
				-  router.get('/status', accessTokenParser([SCOPE.READ.ADMIN.IMPORT_DATA]), loginRequired, adminRequired, async(req, res) => {
			
 
				+  router.get('/status', accessTokenParser([SCOPE.READ.ADMIN.IMPORT_DATA], { acceptLegacy: true }), loginRequired, adminRequired, async(req, res) => {
			
 
				     try {
			
 
				       const status = await importService.getStatus();
			
 
				       return res.apiv3(status);
			
@@ -286,7 +286,7 @@ export default function route(crowi) {
 
				    *        200:
			
 
				    *          description: Import process has requested
			
 
				    */
			
 
				-  router.post('/', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA]), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				+  router.post('/', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA], { acceptLegacy: true }), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				     // TODO: add express validator
			
 
				     const { fileName, collections, options } = req.body;
			
 
				 
			
@@ -409,7 +409,8 @@ export default function route(crowi) {
 
				    *              schema:
			
 
				    *                $ref: '#/components/schemas/FileImportResponse'
			
 
				    */
			
 
				-  router.post('/upload', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA]), loginRequired, adminRequired, uploads.single('file'), addActivity,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.post('/upload', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA], { acceptLegacy: true }), loginRequired, adminRequired, uploads.single('file'), addActivity,
			
 
				     async(req, res) => {
			
 
				       const { file } = req;
			
 
				       const zipFile = importService.getFile(file.filename);
			
@@ -455,7 +456,7 @@ export default function route(crowi) {
 
				    *        200:
			
 
				    *          description: all files are deleted
			
 
				    */
			
 
				-  router.delete('/all', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA]), loginRequired, adminRequired, async(req, res) => {
			
 
				+  router.delete('/all', accessTokenParser([SCOPE.WRITE.ADMIN.IMPORT_DATA], { acceptLegacy: true }), loginRequired, adminRequired, async(req, res) => {
			
 
				     try {
			
 
				       importService.deleteAllZipFiles();
			
 
				 
			
--- a/apps/app/src/server/routes/apiv3/in-app-notification.ts
+++ b/apps/app/src/server/routes/apiv3/in-app-notification.ts
@@ -134,7 +134,7 @@ module.exports = (crowi) => {
 
				    *              schema:
			
 
				    *                $ref: '#/components/schemas/InAppNotificationListResponse'
			
 
				    */
			
 
				-  router.get('/list', accessTokenParser([SCOPE.READ.USER_SETTINGS.IN_APP_NOTIFICATION]), loginRequiredStrictly,
			
 
				+  router.get('/list', accessTokenParser([SCOPE.READ.USER_SETTINGS.IN_APP_NOTIFICATION], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     async(req: CrowiRequest, res: ApiV3Response) => {
			
 
				     // user must be set by loginRequiredStrictly
			
 
				     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
			
@@ -214,7 +214,7 @@ module.exports = (crowi) => {
 
				    *                    type: integer
			
 
				    *                    description: Count of unread notifications
			
 
				    */
			
 
				-  router.get('/status', accessTokenParser([SCOPE.READ.USER_SETTINGS.IN_APP_NOTIFICATION]), loginRequiredStrictly,
			
 
				+  router.get('/status', accessTokenParser([SCOPE.READ.USER_SETTINGS.IN_APP_NOTIFICATION], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     async(req: CrowiRequest, res: ApiV3Response) => {
			
 
				     // user must be set by loginRequiredStrictly
			
 
				     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
			
@@ -259,7 +259,7 @@ module.exports = (crowi) => {
 
				    *              schema:
			
 
				    *                type: object
			
 
				    */
			
 
				-  router.post('/open', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.IN_APP_NOTIFICATION]), loginRequiredStrictly,
			
 
				+  router.post('/open', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.IN_APP_NOTIFICATION], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     async(req: CrowiRequest, res: ApiV3Response) => {
			
 
				     // user must be set by loginRequiredStrictly
			
 
				     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
			
@@ -293,7 +293,8 @@ module.exports = (crowi) => {
 
				    *        200:
			
 
				    *          description: All notifications opened successfully
			
 
				    */
			
 
				-  router.put('/all-statuses-open', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.IN_APP_NOTIFICATION]), loginRequiredStrictly, addActivity,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.put('/all-statuses-open', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.IN_APP_NOTIFICATION], { acceptLegacy: true }), loginRequiredStrictly, addActivity,
			
 
				     async(req: CrowiRequest, res: ApiV3Response) => {
			
 
				     // user must be set by loginRequiredStrictly
			
 
				     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
			
--- a/apps/app/src/server/routes/apiv3/page-listing.ts
+++ b/apps/app/src/server/routes/apiv3/page-listing.ts
@@ -89,7 +89,8 @@ const routerFactory = (crowi: Crowi): Router => {
 
				    *                 rootPage:
			
 
				    *                   $ref: '#/components/schemas/Page'
			
 
				    */
			
 
				-  router.get('/root', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/root', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const Page = mongoose.model<IPage, PageModel>('Page');
			
 
				 
			
 
				     let rootPage;
			
@@ -154,7 +155,7 @@ const routerFactory = (crowi: Crowi): Router => {
 
				    *                         description: Revision ID (nullable)
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.get('/ancestors-children', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, ...validator.pagePathRequired, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response): Promise<any> => {
			
 
				+  router.get('/ancestors-children', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, ...validator.pagePathRequired, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response): Promise<any> => {
			
 
				     const { path } = req.query;
			
 
				 
			
 
				     const pageService = crowi.pageService;
			
@@ -206,7 +207,7 @@ const routerFactory = (crowi: Crowi): Router => {
 
				    * In most cases, using id should be prioritized
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.get('/children', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, validator.pageIdOrPathRequired, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  router.get('/children', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.pageIdOrPathRequired, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const { id, path } = req.query;
			
 
				 
			
 
				     const pageService = crowi.pageService;
			
@@ -301,7 +302,7 @@ const routerFactory = (crowi: Crowi): Router => {
 
				    *                         type: integer
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.get('/info', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, validator.pageIdsOrPathRequired, validator.infoParams, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				+  router.get('/info', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.pageIdsOrPathRequired, validator.infoParams, apiV3FormValidator, async(req: AuthorizedRequest, res: ApiV3Response) => {
			
 
				     const {
			
 
				       pageIds, path, attachBookmarkCount: attachBookmarkCountParam, attachShortBody: attachShortBodyParam,
			
 
				     } = req.query;
			
--- a/apps/app/src/server/routes/apiv3/page/check-page-existence.ts
+++ b/apps/app/src/server/routes/apiv3/page/check-page-existence.ts
@@ -40,7 +40,7 @@ export const checkPageExistenceHandlersFactory: CreatePageHandlersFactory = (cro
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequired,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequired,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { path } = req.query;
			
--- a/apps/app/src/server/routes/apiv3/page/create-page.ts
+++ b/apps/app/src/server/routes/apiv3/page/create-page.ts
@@ -218,7 +218,7 @@ export const createPageHandlersFactory: CreatePageHandlersFactory = (crowi) => {
 
				   const addActivity = generateAddActivityMiddleware();
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, excludeReadOnlyUser, addActivity,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, excludeReadOnlyUser, addActivity,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: CreatePageRequest, res: ApiV3Response) => {
			
 
				       const {
			
--- a/apps/app/src/server/routes/apiv3/page/get-page-paths-with-descendant-count.ts
+++ b/apps/app/src/server/routes/apiv3/page/get-page-paths-with-descendant-count.ts
@@ -57,7 +57,7 @@ export const getPagePathsWithDescendantCountFactory: GetPagePathsWithDescendantC
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const {
			
--- a/apps/app/src/server/routes/apiv3/page/get-yjs-data.ts
+++ b/apps/app/src/server/routes/apiv3/page/get-yjs-data.ts
@@ -35,7 +35,7 @@ export const getYjsDataHandlerFactory: GetYjsDataHandlerFactory = (crowi) => {
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { pageId } = req.params;
			
--- a/apps/app/src/server/routes/apiv3/page/index.ts
+++ b/apps/app/src/server/routes/apiv3/page/index.ts
@@ -213,7 +213,8 @@ module.exports = (crowi) => {
 
				    *                schema:
			
 
				    *                  $ref: '#/components/schemas/Page'
			
 
				    */
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), certifySharedPage, loginRequired, validator.getPage, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), certifySharedPage, loginRequired, validator.getPage, apiV3FormValidator, async(req, res) => {
			
 
				     const { user, isSharedPage } = req;
			
 
				     const {
			
 
				       pageId, path, findAll, revisionId, shareLinkId, includeEmpty,
			
@@ -441,7 +442,7 @@ module.exports = (crowi) => {
 
				    *                schema:
			
 
				    *                  $ref: '#/components/schemas/Page'
			
 
				    */
			
 
				-  router.put('/likes', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, addActivity,
			
 
				+  router.put('/likes', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, addActivity,
			
 
				     validator.likes, apiV3FormValidator, async(req, res) => {
			
 
				       const { pageId, bool: isLiked } = req.body;
			
 
				 
			
@@ -1037,7 +1038,7 @@ module.exports = (crowi) => {
 
				    *          500:
			
 
				    *            description: Internal server error.
			
 
				    */
			
 
				-  router.put('/subscribe', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, addActivity,
			
 
				+  router.put('/subscribe', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, addActivity,
			
 
				     validator.subscribe, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const { pageId, status } = req.body;
			
@@ -1099,7 +1100,7 @@ module.exports = (crowi) => {
 
				    *                   page:
			
 
				    *                     $ref: '#/components/schemas/Page'
			
 
				    */
			
 
				-  router.put('/:pageId/content-width', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, excludeReadOnlyUser,
			
 
				+  router.put('/:pageId/content-width', accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, excludeReadOnlyUser,
			
 
				     validator.contentWidth, apiV3FormValidator, async(req, res) => {
			
 
				       const { pageId } = req.params;
			
 
				       const { expandContentWidth } = req.body;
			
--- a/apps/app/src/server/routes/apiv3/page/publish-page.ts
+++ b/apps/app/src/server/routes/apiv3/page/publish-page.ts
@@ -39,7 +39,7 @@ export const publishPageHandlersFactory: PublishPageHandlersFactory = (crowi) =>
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { pageId } = req.params;
			
--- a/apps/app/src/server/routes/apiv3/page/sync-latest-revision-body-to-yjs-draft.ts
+++ b/apps/app/src/server/routes/apiv3/page/sync-latest-revision-body-to-yjs-draft.ts
@@ -40,7 +40,7 @@ export const syncLatestRevisionBodyToYjsDraftHandlerFactory: SyncLatestRevisionB
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { pageId } = req.params;
			
--- a/apps/app/src/server/routes/apiv3/page/unpublish-page.ts
+++ b/apps/app/src/server/routes/apiv3/page/unpublish-page.ts
@@ -39,7 +39,7 @@ export const unpublishPageHandlersFactory: UnpublishPageHandlersFactory = (crowi
 
				   ];
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       const { pageId } = req.params;
			
--- a/apps/app/src/server/routes/apiv3/page/update-page.ts
+++ b/apps/app/src/server/routes/apiv3/page/update-page.ts
@@ -134,7 +134,7 @@ export const updatePageHandlersFactory: UpdatePageHandlersFactory = (crowi) => {
 
				   const addActivity = generateAddActivityMiddleware();
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, excludeReadOnlyUser, addActivity,
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, excludeReadOnlyUser, addActivity,
			
 
				     validator, apiV3FormValidator,
			
 
				     async(req: UpdatePageRequest, res: ApiV3Response) => {
			
 
				       const {
			
--- a/apps/app/src/server/routes/apiv3/pages/index.js
+++ b/apps/app/src/server/routes/apiv3/pages/index.js
@@ -157,7 +157,8 @@ module.exports = (crowi) => {
 
				    *          200:
			
 
				    *            description: Return pages recently updated
			
 
				    */
			
 
				-  router.get('/recent', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, validator.recent, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/recent', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.recent, apiV3FormValidator, async(req, res) => {
			
 
				     const limit = parseInt(req.query.limit) || 20;
			
 
				     const offset = parseInt(req.query.offset) || 0;
			
 
				     const includeWipPage = req.query.includeWipPage === 'true'; // Need validation using express-validator
			
@@ -275,7 +276,7 @@ module.exports = (crowi) => {
 
				    */
			
 
				   router.put(
			
 
				     '/rename',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequiredStrictly,
			
 
				     excludeReadOnlyUser,
			
 
				     validator.renamePage,
			
@@ -384,7 +385,7 @@ module.exports = (crowi) => {
 
				     */
			
 
				   router.post(
			
 
				     '/resume-rename',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequiredStrictly,
			
 
				     validator.resumeRenamePage,
			
 
				     apiV3FormValidator,
			
@@ -440,7 +441,7 @@ module.exports = (crowi) => {
 
				    */
			
 
				   router.delete(
			
 
				     '/empty-trash',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequired,
			
 
				     excludeReadOnlyUser,
			
 
				     addActivity,
			
@@ -552,7 +553,8 @@ module.exports = (crowi) => {
 
				     *                              lastUpdateUser:
			
 
				     *                                $ref: '#/components/schemas/User'
			
 
				     */
			
 
				-  router.get('/list', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, validator.list, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/list', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.list, apiV3FormValidator, async(req, res) => {
			
 
				 
			
 
				     const path = normalizePath(req.query.path ?? '/');
			
 
				     const limit = parseInt(req.query.limit ?? configManager.getConfig('customize:showPageLimitationS'));
			
@@ -630,7 +632,7 @@ module.exports = (crowi) => {
 
				    */
			
 
				   router.post(
			
 
				     '/duplicate',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequiredStrictly,
			
 
				     excludeReadOnlyUser,
			
 
				     addActivity,
			
@@ -735,7 +737,7 @@ module.exports = (crowi) => {
 
				    */
			
 
				   router.get(
			
 
				     '/subordinated-list',
			
 
				-    accessTokenParser([SCOPE.READ.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequired,
			
 
				     async(req, res) => {
			
 
				       const { path } = req.query;
			
@@ -799,7 +801,7 @@ module.exports = (crowi) => {
 
				     */
			
 
				   router.post(
			
 
				     '/delete',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequiredStrictly,
			
 
				     excludeReadOnlyUser,
			
 
				     validator.deletePages,
			
@@ -888,7 +890,7 @@ module.exports = (crowi) => {
 
				   // eslint-disable-next-line max-len
			
 
				   router.post(
			
 
				     '/convert-pages-by-path',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequiredStrictly,
			
 
				     excludeReadOnlyUser,
			
 
				     adminRequired,
			
@@ -949,7 +951,7 @@ module.exports = (crowi) => {
 
				   // eslint-disable-next-line max-len
			
 
				   router.post(
			
 
				     '/legacy-pages-migration',
			
 
				-    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]),
			
 
				+    accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }),
			
 
				     loginRequired,
			
 
				     excludeReadOnlyUser,
			
 
				     validator.legacyPagesMigration,
			
@@ -1004,7 +1006,7 @@ module.exports = (crowi) => {
 
				    *                      type: number
			
 
				    *                      description: Number of pages that can be migrated
			
 
				    */
			
 
				-  router.get('/v5-migration-status', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, async(req, res) => {
			
 
				+  router.get('/v5-migration-status', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, async(req, res) => {
			
 
				     try {
			
 
				       const isV5Compatible = configManager.getConfig('app:isV5Compatible');
			
 
				       const migratablePagesCount = req.user != null ? await crowi.pageService.countPagesCanNormalizeParentByUser(req.user) : null; // null check since not using loginRequiredStrictly
			
--- a/apps/app/src/server/routes/apiv3/personal-setting/index.js
+++ b/apps/app/src/server/routes/apiv3/personal-setting/index.js
@@ -154,7 +154,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: personal params
			
 
				    */
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO]), loginRequiredStrictly, async(req, res) => {
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequiredStrictly, async(req, res) => {
			
 
				     const { username } = req.user;
			
 
				     try {
			
 
				       const user = await User.findUserByUsername(username);
			
@@ -196,7 +196,7 @@ module.exports = (crowi) => {
 
				    *                      type: number
			
 
				    *                      description: Minimum password length
			
 
				    */
			
 
				-  router.get('/is-password-set', accessTokenParser([SCOPE.READ.USER_SETTINGS.PASSWORD]), loginRequiredStrictly, async(req, res) => {
			
 
				+  router.get('/is-password-set', accessTokenParser([SCOPE.READ.USER_SETTINGS.PASSWORD], { acceptLegacy: true }), loginRequiredStrictly, async(req, res) => {
			
 
				     const { username } = req.user;
			
 
				 
			
 
				     try {
			
@@ -238,7 +238,8 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: personal params
			
 
				    */
			
 
				-  router.put('/', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.INFO]), loginRequiredStrictly, addActivity, validator.personal, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.put('/', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequiredStrictly, addActivity, validator.personal, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				 
			
 
				       try {
			
@@ -299,7 +300,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: user data
			
 
				    */
			
 
				-  router.put('/image-type', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.INFO]), loginRequiredStrictly, addActivity,
			
 
				+  router.put('/image-type', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequiredStrictly, addActivity,
			
 
				     validator.imageType, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const { isGravatarEnabled } = req.body;
			
@@ -338,7 +339,8 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: array of external accounts
			
 
				    */
			
 
				-  router.get('/external-accounts', accessTokenParser([SCOPE.READ.USER_SETTINGS.EXTERNAL_ACCOUNT]), loginRequiredStrictly, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/external-accounts', accessTokenParser([SCOPE.READ.USER_SETTINGS.EXTERNAL_ACCOUNT], { acceptLegacy: true }), loginRequiredStrictly, async(req, res) => {
			
 
				     const userData = req.user;
			
 
				 
			
 
				     try {
			
@@ -383,7 +385,8 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: user data updated
			
 
				    */
			
 
				-  router.put('/password', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.PASSWORD]), loginRequiredStrictly, addActivity, validator.password, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.put('/password', accessTokenParser([SCOPE.WRITE.USER_SETTINGS.PASSWORD], { acceptLegacy: true }), loginRequiredStrictly, addActivity, validator.password, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const { body, user } = req;
			
 
				       const { oldPassword, newPassword } = body;
			
--- a/apps/app/src/server/routes/apiv3/revisions.js
+++ b/apps/app/src/server/routes/apiv3/revisions.js
@@ -135,7 +135,8 @@ module.exports = (crowi) => {
 
				    *                    type: number
			
 
				    *                    description: offset of the revisions
			
 
				    */
			
 
				-  router.get('/list', certifySharedPage, accessTokenParser(SCOPE.READ.FEATURES.PAGE), loginRequired, validator.retrieveRevisions, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/list', certifySharedPage, accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.retrieveRevisions, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const pageId = req.query.pageId;
			
 
				       const limit = req.query.limit || await crowi.configManager.getConfig('customize:showPageLimitationS') || 10;
			
@@ -235,7 +236,8 @@ module.exports = (crowi) => {
 
				    *                    revision:
			
 
				    *                      $ref: '#/components/schemas/Revision'
			
 
				    */
			
 
				-  router.get('/:id', certifySharedPage, accessTokenParser(SCOPE.READ.FEATURES.PAGE), loginRequired, validator.retrieveRevisionById, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/:id', certifySharedPage, accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, validator.retrieveRevisionById, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const revisionId = req.params.id;
			
 
				       const pageId = req.query.pageId;
			
--- a/apps/app/src/server/routes/apiv3/search.js
+++ b/apps/app/src/server/routes/apiv3/search.js
@@ -126,7 +126,8 @@ module.exports = (crowi) => {
 
				    *                    description: Status of indices
			
 
				    *                    $ref: '#/components/schemas/Indices'
			
 
				    */
			
 
				-  router.get('/indices', noCache(), accessTokenParser([SCOPE.READ.ADMIN.FULL_TEXT_SEARCH]), loginRequired, adminRequired, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/indices', noCache(), accessTokenParser([SCOPE.READ.ADMIN.FULL_TEXT_SEARCH], { acceptLegacy: true }), loginRequired, adminRequired, async(req, res) => {
			
 
				     const { searchService } = crowi;
			
 
				 
			
 
				     if (!searchService.isConfigured) {
			
@@ -154,7 +155,8 @@ module.exports = (crowi) => {
 
				    *        200:
			
 
				    *          description: Successfully connected
			
 
				    */
			
 
				-  router.post('/connection', accessTokenParser([SCOPE.WRITE.ADMIN.FULL_TEXT_SEARCH]), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.post('/connection', accessTokenParser([SCOPE.WRITE.ADMIN.FULL_TEXT_SEARCH], { acceptLegacy: true }), loginRequired, adminRequired, addActivity, async(req, res) => {
			
 
				     const { searchService } = crowi;
			
 
				 
			
 
				     if (!searchService.isConfigured) {
			
@@ -208,7 +210,7 @@ module.exports = (crowi) => {
 
				    *                    type: string
			
 
				    *                    description: Operation is successfully processed, or requested
			
 
				    */
			
 
				-  router.put('/indices', accessTokenParser([SCOPE.WRITE.ADMIN.FULL_TEXT_SEARCH]), loginRequired, adminRequired, addActivity,
			
 
				+  router.put('/indices', accessTokenParser([SCOPE.WRITE.ADMIN.FULL_TEXT_SEARCH], { acceptLegacy: true }), loginRequired, adminRequired, addActivity,
			
 
				     validatorForPutIndices, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       const operation = req.body.operation;
			
--- a/apps/app/src/server/routes/apiv3/slack-integration-settings.js
+++ b/apps/app/src/server/routes/apiv3/slack-integration-settings.js
@@ -199,7 +199,7 @@ module.exports = (crowi) => {
 
				    *                    errorCode:
			
 
				    *                      type: string
			
 
				    */
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.SLACK_INTEGRATION]), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.ADMIN.SLACK_INTEGRATION], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, async(req, res) => {
			
 
				 
			
 
				     const { configManager, slackIntegrationService } = crowi;
			
 
				     const currentBotType = configManager.getConfig('slackbot:currentBotType');
			
@@ -335,7 +335,7 @@ module.exports = (crowi) => {
 
				    *             description: Succeeded to put botType setting.
			
 
				    */
			
 
				   // eslint-disable-next-line max-len
			
 
				-  router.put('/bot-type', accessTokenParser([SCOPE.WRITE.ADMIN.SLACK_INTEGRATION]), loginRequiredStrictly, adminRequired, addActivity, validator.botType, apiV3FormValidator, async(req, res) => {
			
 
				+  router.put('/bot-type', accessTokenParser([SCOPE.WRITE.ADMIN.SLACK_INTEGRATION], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, addActivity, validator.botType, apiV3FormValidator, async(req, res) => {
			
 
				     const { currentBotType } = req.body;
			
 
				 
			
 
				     if (currentBotType == null) {
			
@@ -372,7 +372,8 @@ module.exports = (crowi) => {
 
				    *           200:
			
 
				    *             description: Succeeded to delete botType setting.
			
 
				    */
			
 
				-  router.delete('/bot-type', accessTokenParser([SCOPE.WRITE.ADMIN.SLACK_INTEGRATION]), loginRequiredStrictly, adminRequired, addActivity, apiV3FormValidator,
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.delete('/bot-type', accessTokenParser([SCOPE.WRITE.ADMIN.SLACK_INTEGRATION], { acceptLegacy: true }), loginRequiredStrictly, adminRequired, addActivity, apiV3FormValidator,
			
 
				     async(req, res) => {
			
 
				       try {
			
 
				         await handleBotTypeChanging(req, res, null);
			
--- a/apps/app/src/server/routes/apiv3/user/get-related-groups.ts
+++ b/apps/app/src/server/routes/apiv3/user/get-related-groups.ts
@@ -21,7 +21,7 @@ export const getRelatedGroupsHandlerFactory: GetRelatedGroupsHandlerFactory = (c
 
				   const loginRequiredStrictly = require('~/server/middlewares/login-required')(crowi);
			
 
				 
			
 
				   return [
			
 
				-    accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO]), loginRequiredStrictly,
			
 
				+    accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequiredStrictly,
			
 
				     async(req: Req, res: ApiV3Response) => {
			
 
				       try {
			
 
				         const relatedGroups = await crowi.pageGrantService?.getUserRelatedGroups(req.user);
			
--- a/apps/app/src/server/routes/apiv3/users.js
+++ b/apps/app/src/server/routes/apiv3/users.js
@@ -287,7 +287,8 @@ module.exports = (crowi) => {
 
				    *                      $ref: '#/components/schemas/PaginateResult'
			
 
				    */
			
 
				 
			
 
				-  router.get('/', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO]), loginRequired, validator.statusList, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequired, validator.statusList, apiV3FormValidator, async(req, res) => {
			
 
				 
			
 
				     const page = parseInt(req.query.page) || 1;
			
 
				 
			
@@ -397,7 +398,7 @@ module.exports = (crowi) => {
 
				    *                    paginateResult:
			
 
				    *                      $ref: '#/components/schemas/PaginateResult'
			
 
				    */
			
 
				-  router.get('/:id/recent', accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired,
			
 
				+  router.get('/:id/recent', accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired,
			
 
				     validator.recentCreatedByUser, apiV3FormValidator, async(req, res) => {
			
 
				       const { id } = req.params;
			
 
				 
			
@@ -1249,7 +1250,7 @@ module.exports = (crowi) => {
 
				    *            500:
			
 
				    *              $ref: '#/components/responses/500'
			
 
				    */
			
 
				-  router.get('/list', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO]), loginRequired, async(req, res) => {
			
 
				+  router.get('/list', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequired, async(req, res) => {
			
 
				     const userIds = req.query.userIds ?? null;
			
 
				 
			
 
				     let userFetcher;
			
@@ -1353,7 +1354,8 @@ module.exports = (crowi) => {
 
				     *                        items:
			
 
				     *                          type: string
			
 
				     */
			
 
				-  router.get('/usernames', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO]), loginRequired, validator.usernames, apiV3FormValidator, async(req, res) => {
			
 
				+  // eslint-disable-next-line max-len
			
 
				+  router.get('/usernames', accessTokenParser([SCOPE.READ.USER_SETTINGS.INFO], { acceptLegacy: true }), loginRequired, validator.usernames, apiV3FormValidator, async(req, res) => {
			
 
				     const q = req.query.q;
			
 
				     const offset = +req.query.offset || 0;
			
 
				     const limit = +req.query.limit || 10;
			
--- a/apps/app/src/server/routes/index.js
+++ b/apps/app/src/server/routes/index.js
@@ -123,26 +123,26 @@ module.exports = function(crowi, app) {
 
				 
			
 
				   const apiV1Router = express.Router();
			
 
				 
			
 
				-  apiV1Router.get('/search'                        , accessTokenParser([SCOPE.READ.FEATURES.PAGE]) , loginRequired , search.api.search);
			
 
				+  apiV1Router.get('/search'              , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }) , loginRequired , search.api.search);
			
 
				 
			
 
				   // HTTP RPC Styled API (に徐々に移行していいこうと思う)
			
 
				-  apiV1Router.get('/pages.updatePost'    , accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, page.api.getUpdatePost);
			
 
				-  apiV1Router.get('/pages.getPageTag'    , accessTokenParser([SCOPE.READ.FEATURES.PAGE]) , loginRequired , page.api.getPageTag);
			
 
				+  apiV1Router.get('/pages.updatePost'    , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, page.api.getUpdatePost);
			
 
				+  apiV1Router.get('/pages.getPageTag'    , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }) , loginRequired , page.api.getPageTag);
			
 
				   // allow posting to guests because the client doesn't know whether the user logged in
			
 
				   apiV1Router.post('/pages.remove'       , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly , excludeReadOnlyUser, page.validator.remove, apiV1FormValidator, page.api.remove); // (Avoid from API Token)
			
 
				   apiV1Router.post('/pages.revertRemove' , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly , excludeReadOnlyUser, page.validator.revertRemove, apiV1FormValidator, page.api.revertRemove); // (Avoid from API Token)
			
 
				   apiV1Router.post('/pages.unlink'       , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly , excludeReadOnlyUser, page.api.unlink); // (Avoid from API Token)
			
 
				-  apiV1Router.get('/tags.list'           , accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, tag.api.list);
			
 
				-  apiV1Router.get('/tags.search'         , accessTokenParser([SCOPE.READ.FEATURES.PAGE]), loginRequired, tag.api.search);
			
 
				-  apiV1Router.post('/tags.update'        , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly, excludeReadOnlyUser, addActivity, tag.api.update);
			
 
				-  apiV1Router.get('/comments.get'        , accessTokenParser([SCOPE.READ.FEATURES.PAGE]) , loginRequired , comment.api.get);
			
 
				-  apiV1Router.post('/comments.add'       , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), comment.api.validators.add(), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.add);
			
 
				-  apiV1Router.post('/comments.update'    , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), comment.api.validators.add(), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.update);
			
 
				-  apiV1Router.post('/comments.remove'    , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE]), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.remove);
			
 
				-
			
 
				-  apiV1Router.post('/attachments.uploadProfileImage'   , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT]), uploads.single('file'), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUser, uploads.single('file'), autoReap, attachmentApi.uploadProfileImage);
			
 
				-  apiV1Router.post('/attachments.remove'               , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT]), loginRequiredStrictly , excludeReadOnlyUser, addActivity ,attachmentApi.remove);
			
 
				-  apiV1Router.post('/attachments.removeProfileImage'   , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT]), loginRequiredStrictly , excludeReadOnlyUser, attachmentApi.removeProfileImage);
			
 
				+  apiV1Router.get('/tags.list'           , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, tag.api.list);
			
 
				+  apiV1Router.get('/tags.search'         , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }), loginRequired, tag.api.search);
			
 
				+  apiV1Router.post('/tags.update'        , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly, excludeReadOnlyUser, addActivity, tag.api.update);
			
 
				+  apiV1Router.get('/comments.get'        , accessTokenParser([SCOPE.READ.FEATURES.PAGE], { acceptLegacy: true }) , loginRequired , comment.api.get);
			
 
				+  apiV1Router.post('/comments.add'       , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), comment.api.validators.add(), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.add);
			
 
				+  apiV1Router.post('/comments.update'    , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), comment.api.validators.add(), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.update);
			
 
				+  apiV1Router.post('/comments.remove'    , accessTokenParser([SCOPE.WRITE.FEATURES.PAGE], { acceptLegacy: true }), loginRequiredStrictly , excludeReadOnlyUserIfCommentNotAllowed, addActivity, comment.api.remove);
			
 
				+
			
 
				+  apiV1Router.post('/attachments.uploadProfileImage'   , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT], { acceptLegacy: true }), uploads.single('file'), accessTokenParser , loginRequiredStrictly , excludeReadOnlyUser, uploads.single('file'), autoReap, attachmentApi.uploadProfileImage);
			
 
				+  apiV1Router.post('/attachments.remove'               , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT], { acceptLegacy: true }), loginRequiredStrictly , excludeReadOnlyUser, addActivity ,attachmentApi.remove);
			
 
				+  apiV1Router.post('/attachments.removeProfileImage'   , accessTokenParser([SCOPE.WRITE.FEATURES.ATTACHMENT], { acceptLegacy: true }), loginRequiredStrictly , excludeReadOnlyUser, attachmentApi.removeProfileImage);
			
 
				 
			
 
				   // API v1
			
 
				   app.use('/_api', unavailableWhenMaintenanceModeForApi, apiV1Router);
			
--- a/packages/remark-attachment-refs/src/server/routes/refs.ts
+++ b/packages/remark-attachment-refs/src/server/routes/refs.ts
@@ -83,6 +83,7 @@ export const routesFactory = (crowi): any => {
 
				   /**
			
 
				    * return an Attachment model
			
 
				    */
			
 
				+  // TODO: https://redmine.weseek.co.jp/issues/166911
			
 
				   router.get('/ref', accessTokenParser(), loginRequired, async(req: RequestWithUser, res) => {
			
 
				     const user = req.user;
			
 
				     const { pagePath, fileNameOrId } = req.query;
			
@@ -138,6 +139,7 @@ export const routesFactory = (crowi): any => {
 
				   /**
			
 
				    * return a list of Attachment
			
 
				    */
			
 
				+  // TODO: https://redmine.weseek.co.jp/issues/166911
			
 
				   router.get('/refs', accessTokenParser(), loginRequired, async(req: RequestWithUser, res) => {
			
 
				     const user = req.user;
			
 
				     const { prefix, pagePath } = req.query;
			
--- a/packages/remark-lsx/src/server/index.ts
+++ b/packages/remark-lsx/src/server/index.ts
@@ -59,7 +59,7 @@ const middleware = (crowi: any, app: any): void => {
 
				 
			
 
				   app.get(
			
 
				     '/_api/lsx',
			
 
				-    accessTokenParser(),
			
 
				+    accessTokenParser(), // TODO: https://redmine.weseek.co.jp/issues/166911
			
 
				     loginRequired,
			
 
				     lsxValidator,
			
 
				     paramValidator,