forked from forgejo/forgejo
#1128: API calls are not hidden behind sign in
This commit is contained in:
Unknwon
parent
71b9a87fe1
commit
ff051e2106
6 changed files with 16 additions and 4 deletions
|
|
@ -10,6 +10,7 @@ import (
|
|||
"github.com/Unknwon/macaron"
|
||||
"github.com/macaron-contrib/csrf"
|
||||
|
||||
"github.com/gogits/gogs/modules/auth"
|
||||
"github.com/gogits/gogs/modules/setting"
|
||||
)
|
||||
|
||||
|
|
@ -49,6 +50,12 @@ func Toggle(options *ToggleOptions) macaron.Handler {
|
|||
|
||||
if options.SignInRequire {
|
||||
if !ctx.IsSigned {
|
||||
// Restrict API calls with error message.
|
||||
if auth.IsAPIPath(ctx.Req.URL.Path) {
|
||||
ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.")
|
||||
return
|
||||
}
|
||||
|
||||
ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
|
||||
ctx.Redirect(setting.AppSubUrl + "/user/login")
|
||||
return
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue