#1128: API calls are not hidden behind sign in

2015-07-15 19:17:57 +08:00 · 2015-07-15 19:17:57 +08:00 · ff051e2106
commit ff051e2106
parent 71b9a87fe1
6 changed files with 16 additions and 4 deletions
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@ -21,6 +21,10 @@ import (
 	"github.com/gogits/gogs/modules/uuid"
 )

+func IsAPIPath(url string) bool {
+	return strings.HasPrefix(url, "/api/")
+}
+
 // SignedInId returns the id of signed in user.
 func SignedInId(req *http.Request, sess session.Store) int64 {
 	if !models.HasEngine {
@ -28,7 +32,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
 	}

 	// API calls need to check access token.
-	if strings.HasPrefix(req.URL.Path, "/api/") {
+	if IsAPIPath(req.URL.Path) {
 		auHead := req.Header.Get("Authorization")
 		if len(auHead) > 0 {
 			auths := strings.Fields(auHead)