forked from forgejo/forgejo
Backport #27486 by @lunny Fix #27204 This PR allows `/<username>/<reponame>/attachments/<uuid>` access with personal access token and also changed attachments API download url to it so it can be download correctly. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Giteabot
GitHub
parent
478e7042f5
commit
9da92835d1
6 changed files with 21 additions and 21 deletions
|
|
@ -127,7 +127,7 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
|
|||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
||||
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
|
||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
|
||||
!gitRawReleasePathRe.MatchString(req.URL.Path) {
|
||||
!isGitRawOrAttachPath(req) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue