Handle unauthorized user events gracefully (#15071)

author: Lauris BH <lauris@nix.lv> 2021-03-20 22:39:43 +0200
committer: GitHub <noreply@github.com> 2021-03-20 21:39:43 +0100
commit: 2f0eb9fd5d95fbb023676f0644b2174f0feff3ad (patch)
tree: 5ac7e1be61006a46963062347f691f3e170c58fc /routers
parent: 78e8f627066d4559038710b417dddaaff5707e24 (diff)
download: gitea-2f0eb9fd5d95fbb023676f0644b2174f0feff3ad.tar.gz
gitea-2f0eb9fd5d95fbb023676f0644b2174f0feff3ad.zip
2 files changed, 12 insertions, 1 deletions
diff --git a/routers/events/events.go b/routers/events/events.go
index 27dbb08fc8..aa8e2c8c74 100644
--- a/routers/events/events.go
+++ b/routers/events/events.go
@@ -30,6 +30,17 @@ func Events(ctx *context.Context) {
 	ctx.Resp.Header().Set("X-Accel-Buffering", "no")
 	ctx.Resp.WriteHeader(http.StatusOK)
 
+	if !ctx.IsSigned {
+		// Return unauthorized status event
+		event := (&eventsource.Event{
+			Name: "unauthorized",
+			Data: "sorry",
+		})
+		_, _ = event.WriteTo(ctx)
+		ctx.Resp.Flush()
+		return
+	}
+
 	// Listen to connection close and un-register messageChan
 	notify := ctx.Req.Context().Done()
 	ctx.Resp.Flush()
diff --git a/routers/routes/web.go b/routers/routes/web.go
index 166b4286a8..e59609d831 100644
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -400,7 +400,7 @@ func RegisterRoutes(m *web.Route) {
 		})
 	}, reqSignOut)
 
-	m.Any("/user/events", reqSignIn, events.Events)
+	m.Any("/user/events", events.Events)
 
 	m.Group("/login/oauth", func() {
 		m.Get("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)
author	Lauris BH <lauris@nix.lv>	2021-03-20 22:39:43 +0200
committer	GitHub <noreply@github.com>	2021-03-20 21:39:43 +0100
commit	2f0eb9fd5d95fbb023676f0644b2174f0feff3ad (patch)
tree	5ac7e1be61006a46963062347f691f3e170c58fc /routers
parent	78e8f627066d4559038710b417dddaaff5707e24 (diff)
download	gitea-2f0eb9fd5d95fbb023676f0644b2174f0feff3ad.tar.gz gitea-2f0eb9fd5d95fbb023676f0644b2174f0feff3ad.zip