Merge branch 'master' of https://github.com/gogits/gogs

Conflicts: routers/repo/download.go
author: Don Bowman <don.waterloo@gmail.com> 2015-08-12 21:10:00 +0000
committer: Don Bowman <don.waterloo@gmail.com> 2015-08-12 21:10:00 +0000
commit: 1cb46ede1acf4f8527e64fcae7e92672cad764b2 (patch)
tree: fabb54ee5f040be2a4ee5c95f87cb3e9fbf7bdea /modules/middleware/auth.go
parent: 9e6bd31d76aa6d6495a2144466af78773f34d07c (diff)
parent: aede5cdb04fdbf74d9c602062fdece9f408e90f4 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index b2aaae10..2a02d276 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -10,6 +10,7 @@ import (
 	"github.com/Unknwon/macaron"
 	"github.com/macaron-contrib/csrf"
 
+	"github.com/gogits/gogs/modules/auth"
 	"github.com/gogits/gogs/modules/setting"
 )
 
@@ -49,6 +50,12 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 
 		if options.SignInRequire {
 			if !ctx.IsSigned {
+				// Restrict API calls with error message.
+				if auth.IsAPIPath(ctx.Req.URL.Path) {
+					ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.")
+					return
+				}
+
 				ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
 				ctx.Redirect(setting.AppSubUrl + "/user/login")
 				return
@@ -69,6 +76,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 	}
 }
 
+// Contexter middleware already checks token for user sign in process.
 func ApiReqToken() macaron.Handler {
 	return func(ctx *Context) {
 		if !ctx.IsSigned {
author	Don Bowman <don.waterloo@gmail.com>	2015-08-12 21:10:00 +0000
committer	Don Bowman <don.waterloo@gmail.com>	2015-08-12 21:10:00 +0000
commit	1cb46ede1acf4f8527e64fcae7e92672cad764b2 (patch)
tree	fabb54ee5f040be2a4ee5c95f87cb3e9fbf7bdea /modules/middleware/auth.go
parent	9e6bd31d76aa6d6495a2144466af78773f34d07c (diff)
parent	aede5cdb04fdbf74d9c602062fdece9f408e90f4 (diff)