aboutsummaryrefslogtreecommitdiff
path: root/modules/middleware/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/middleware/auth.go')
-rw-r--r--modules/middleware/auth.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index b2aaae10..2a02d276 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -10,6 +10,7 @@ import (
"github.com/Unknwon/macaron"
"github.com/macaron-contrib/csrf"
+ "github.com/gogits/gogs/modules/auth"
"github.com/gogits/gogs/modules/setting"
)
@@ -49,6 +50,12 @@ func Toggle(options *ToggleOptions) macaron.Handler {
if options.SignInRequire {
if !ctx.IsSigned {
+ // Restrict API calls with error message.
+ if auth.IsAPIPath(ctx.Req.URL.Path) {
+ ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.")
+ return
+ }
+
ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login")
return
@@ -69,6 +76,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
}
}
+// Contexter middleware already checks token for user sign in process.
func ApiReqToken() macaron.Handler {
return func(ctx *Context) {
if !ctx.IsSigned {
Powered by cgit, Themed by Ted Yin.