diff options
author | JakobDev <jakobdev@gmx.de> | 2023-09-05 16:43:34 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-05 14:43:34 +0000 |
commit | e9f50676535216b74a467fab4623daf6d0c39fce (patch) | |
tree | 35c52c4b10a5216b7ab6a5b6f8b1915a43cb4c99 /routers | |
parent | f79f6a26aec9ff0fcc25899ecdc9d1546d640116 (diff) | |
download | gitea-e9f50676535216b74a467fab4623daf6d0c39fce.tar.gz gitea-e9f50676535216b74a467fab4623daf6d0c39fce.zip |
Add missing `reqToken()` to notifications endpoints (#26914)
They currently throw a Internal Server Error when you use them without a
token. Now they correctly return a `token is required` error.
This is no security issue. If you use this endpoints with a token that
don't have the correct permission, you get the correct error. This is
not affected by this PR.
Diffstat (limited to 'routers')
-rw-r--r-- | routers/api/v1/api.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 22899c0d31..74e68e9ee2 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -776,11 +776,11 @@ func Routes() *web.Route { // Notifications (requires 'notifications' scope) m.Group("/notifications", func() { m.Combo(""). - Get(notify.ListNotifications). + Get(reqToken(), notify.ListNotifications). Put(reqToken(), notify.ReadNotifications) - m.Get("/new", notify.NewAvailable) + m.Get("/new", reqToken(), notify.NewAvailable) m.Combo("/threads/{id}"). - Get(notify.GetThread). + Get(reqToken(), notify.GetThread). Patch(reqToken(), notify.ReadThread) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryNotification)) |