@@ -242,7 +242,7 @@ func runWeb(ctx *cli.Context) { | |||
ctx.HandleAPI(404, "Page not found") | |||
}) | |||
}) | |||
}) | |||
}, ignSignIn) | |||
// User. | |||
m.Group("/user", func() { |
@@ -8,6 +8,7 @@ Huimin Wang <wanghm2009@hotmail.co.jp> | |||
Thomas Fanninger <gogs.thomas@fanninger.at> | |||
Łukasz Jan Niemier <lukasz@niemier.pl> | |||
Lafriks <lafriks@gmail.com> | |||
Luc Stepniewski <luc@stepniewski.fr> | |||
Miguel de la Cruz <miguel@mcrx.me> | |||
Natan Albuquerque <natanalbuquerque5@gmail.com> | |||
Marc Schiller <marc@schiller.im> |
@@ -17,7 +17,7 @@ import ( | |||
"github.com/gogits/gogs/modules/setting" | |||
) | |||
const APP_VER = "0.6.1.0714 Beta" | |||
const APP_VER = "0.6.1.0715 Beta" | |||
func init() { | |||
runtime.GOMAXPROCS(runtime.NumCPU()) |
@@ -21,6 +21,10 @@ import ( | |||
"github.com/gogits/gogs/modules/uuid" | |||
) | |||
func IsAPIPath(url string) bool { | |||
return strings.HasPrefix(url, "/api/") | |||
} | |||
// SignedInId returns the id of signed in user. | |||
func SignedInId(req *http.Request, sess session.Store) int64 { | |||
if !models.HasEngine { | |||
@@ -28,7 +32,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 { | |||
} | |||
// API calls need to check access token. | |||
if strings.HasPrefix(req.URL.Path, "/api/") { | |||
if IsAPIPath(req.URL.Path) { | |||
auHead := req.Header.Get("Authorization") | |||
if len(auHead) > 0 { | |||
auths := strings.Fields(auHead) |
@@ -10,6 +10,7 @@ import ( | |||
"github.com/Unknwon/macaron" | |||
"github.com/macaron-contrib/csrf" | |||
"github.com/gogits/gogs/modules/auth" | |||
"github.com/gogits/gogs/modules/setting" | |||
) | |||
@@ -49,6 +50,12 @@ func Toggle(options *ToggleOptions) macaron.Handler { | |||
if options.SignInRequire { | |||
if !ctx.IsSigned { | |||
// Restrict API calls with error message. | |||
if auth.IsAPIPath(ctx.Req.URL.Path) { | |||
ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.") | |||
return | |||
} | |||
ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) | |||
ctx.Redirect(setting.AppSubUrl + "/user/login") | |||
return |
@@ -1 +1 @@ | |||
0.6.1.0714 Beta | |||
0.6.1.0715 Beta |