Add missing `reqToken()` to notifications endpoints (#26914)

They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
author: JakobDev <jakobdev@gmx.de> 2023-09-05 16:43:34 +0200
committer: GitHub <noreply@github.com> 2023-09-05 14:43:34 +0000
commit: e9f50676535216b74a467fab4623daf6d0c39fce (patch)
tree: 35c52c4b10a5216b7ab6a5b6f8b1915a43cb4c99 /routers/api
parent: f79f6a26aec9ff0fcc25899ecdc9d1546d640116 (diff)
download: gitea-e9f50676535216b74a467fab4623daf6d0c39fce.tar.gz
gitea-e9f50676535216b74a467fab4623daf6d0c39fce.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 22899c0d31..74e68e9ee2 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -776,11 +776,11 @@ func Routes() *web.Route {
 		// Notifications (requires 'notifications' scope)
 		m.Group("/notifications", func() {
 			m.Combo("").
-				Get(notify.ListNotifications).
+				Get(reqToken(), notify.ListNotifications).
 				Put(reqToken(), notify.ReadNotifications)
-			m.Get("/new", notify.NewAvailable)
+			m.Get("/new", reqToken(), notify.NewAvailable)
 			m.Combo("/threads/{id}").
-				Get(notify.GetThread).
+				Get(reqToken(), notify.GetThread).
 				Patch(reqToken(), notify.ReadThread)
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryNotification))
author	JakobDev <jakobdev@gmx.de>	2023-09-05 16:43:34 +0200
committer	GitHub <noreply@github.com>	2023-09-05 14:43:34 +0000
commit	e9f50676535216b74a467fab4623daf6d0c39fce (patch)
tree	35c52c4b10a5216b7ab6a5b6f8b1915a43cb4c99 /routers/api
parent	f79f6a26aec9ff0fcc25899ecdc9d1546d640116 (diff)
download	gitea-e9f50676535216b74a467fab4623daf6d0c39fce.tar.gz gitea-e9f50676535216b74a467fab4623daf6d0c39fce.zip