From e9f50676535216b74a467fab4623daf6d0c39fce Mon Sep 17 00:00:00 2001
From: JakobDev <jakobdev@gmx.de>
Date: Tue, 5 Sep 2023 16:43:34 +0200
Subject: Add missing `reqToken()` to notifications endpoints (#26914)

They currently throw a Internal Server Error when you use them without a
token. Now they correctly return a `token is required` error.

This is no security issue. If you use this endpoints with a token that
don't have the correct permission, you get the correct error. This is
not affected by this PR.
---
 routers/api/v1/api.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'routers/api')

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 22899c0d31..74e68e9ee2 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -776,11 +776,11 @@ func Routes() *web.Route {
 		// Notifications (requires 'notifications' scope)
 		m.Group("/notifications", func() {
 			m.Combo("").
-				Get(notify.ListNotifications).
+				Get(reqToken(), notify.ListNotifications).
 				Put(reqToken(), notify.ReadNotifications)
-			m.Get("/new", notify.NewAvailable)
+			m.Get("/new", reqToken(), notify.NewAvailable)
 			m.Combo("/threads/{id}").
-				Get(notify.GetThread).
+				Get(reqToken(), notify.GetThread).
 				Patch(reqToken(), notify.ReadThread)
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryNotification))
 
-- 
cgit v1.2.3