api: fix critical CSRF vulnerabilities on API routes (#5355)

By explicitly requires token authentication.
author: Unknwon <u@gogs.io> 2018-11-28 21:05:58 -0500
committer: Unknwon <u@gogs.io> 2018-11-28 21:05:58 -0500
commit: 3db9b06a6ed0a217e72ea361867604477dcd25be (patch)
tree: cc164a0ff390d0919ccc76a75f055ee24b5a9e7f /routes/api/v1/api.go
parent: e9be8016e6b87efbc3bc62b373bed9143c2bac74 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/routes/api/v1/api.go b/routes/api/v1/api.go
index ca29ee86..f236d9aa 100644
--- a/routes/api/v1/api.go
+++ b/routes/api/v1/api.go
@@ -86,7 +86,7 @@ func repoAssignment() macaron.Handler {
 // Contexter middleware already checks token for user sign in process.
 func reqToken() macaron.Handler {
 	return func(c *context.Context) {
-		if !c.IsLogged {
+		if !c.IsTokenAuth {
 			c.Error(401)
 			return
 		}
author	Unknwon <u@gogs.io>	2018-11-28 21:05:58 -0500
committer	Unknwon <u@gogs.io>	2018-11-28 21:05:58 -0500
commit	3db9b06a6ed0a217e72ea361867604477dcd25be (patch)
tree	cc164a0ff390d0919ccc76a75f055ee24b5a9e7f /routes/api/v1/api.go
parent	e9be8016e6b87efbc3bc62b373bed9143c2bac74 (diff)