Handle unauthorized user events gracefully (#15071)

diff --git a/routers/events/events.go b/routers/events/events.go
index 27dbb08fc8ea75263ee613277a98826b3fc3514d..aa8e2c8c74df88a5962097d98f20029324e9ff4a 100644 (file)
--- a/routers/events/events.go
+++ b/routers/events/events.go
@@ -30,6 +30,17 @@ func Events(ctx *context.Context) {
        ctx.Resp.Header().Set("X-Accel-Buffering", "no")
        ctx.Resp.WriteHeader(http.StatusOK)
 
+       if !ctx.IsSigned {
+               // Return unauthorized status event
+               event := (&eventsource.Event{
+                       Name: "unauthorized",
+                       Data: "sorry",
+               })
+               _, _ = event.WriteTo(ctx)
+               ctx.Resp.Flush()
+               return
+       }
+
        // Listen to connection close and un-register messageChan
        notify := ctx.Req.Context().Done()
        ctx.Resp.Flush()

diff --git a/routers/routes/web.go b/routers/routes/web.go
index 166b4286a87bcacc76f336ddaf246acb647bbf1e..e59609d83117f45a88a1c7604934f370ba03823e 100644 (file)
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -400,7 +400,7 @@ func RegisterRoutes(m *web.Route) {
                })
        }, reqSignOut)
 
-       m.Any("/user/events", reqSignIn, events.Events)
+       m.Any("/user/events", events.Events)
 
        m.Group("/login/oauth", func() {
                m.Get("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)