From 07818d5fa5aef7dd7dca1d556f59c7a146a9b00c Mon Sep 17 00:00:00 2001
From: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Date: Sun, 5 Apr 2020 06:36:08 +0800
Subject: route: no session for routes without UI (#6066)

Not all routes need session, register session and CSRF middleware as global is a waste of resource, and creating a lot one-time off yet never used session records.
---
 internal/context/auth.go | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'internal/context')

diff --git a/internal/context/auth.go b/internal/context/auth.go
index ad583791..424a4f4f 100644
--- a/internal/context/auth.go
+++ b/internal/context/auth.go
@@ -7,14 +7,12 @@ package context
 import (
 	"net/http"
 	"net/url"
-	"strings"
 
 	"github.com/go-macaron/csrf"
 	"gopkg.in/macaron.v1"
 
 	"gogs.io/gogs/internal/auth"
 	"gogs.io/gogs/internal/conf"
-	"gogs.io/gogs/internal/tool"
 )
 
 type ToggleOptions struct {
@@ -95,18 +93,3 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		}
 	}
 }
-
-// RequireBasicAuth verifies HTTP Basic Authentication header with given credentials.
-func (c *Context) RequireBasicAuth(username, password string) {
-	fields := strings.Fields(c.Req.Header.Get("Authorization"))
-	if len(fields) != 2 || fields[0] != "Basic" {
-		c.Status(http.StatusUnauthorized)
-		return
-	}
-
-	uname, passwd, _ := tool.BasicAuthDecode(fields[1])
-	if uname != username || passwd != password {
-		c.Status(http.StatusForbidden)
-		return
-	}
-}
-- 
cgit v1.2.3