Require token for GET subscription endpoint (#28765)

Fixes  #28756

## Changes
- Require and check API token for `GET
/repos/{owner}/{repo}/subscription` in order to populate `ctx.Doer`.

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 4fe4e20e79485ad649c9352f1855083e1ded302e..8d7669762b722ae7d789d267dce5eff32e59d83f 100644 (file)
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1156,9 +1156,9 @@ func Routes() *web.Route {
                                m.Get("/subscribers", repo.ListSubscribers)
                                m.Group("/subscription", func() {
                                        m.Get("", user.IsWatching)
-                                       m.Put("", reqToken(), user.Watch)
-                                       m.Delete("", reqToken(), user.Unwatch)
-                               })
+                                       m.Put("", user.Watch)
+                                       m.Delete("", user.Unwatch)
+                               }, reqToken())
                                m.Group("/releases", func() {
                                        m.Combo("").Get(repo.ListReleases).
                                                Post(reqToken(), reqRepoWriter(unit.TypeReleases), context.ReferencesGitRepo(), bind(api.CreateReleaseOption{}), repo.CreateRelease)