From ff051e2106bb44203736934547a7a2c501b1a784 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 15 Jul 2015 19:17:57 +0800
Subject: #1128: API calls are not hidden behind sign in

---
 modules/auth/auth.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules/auth/auth.go')

diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index edcb1306..42346430 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -21,6 +21,10 @@ import (
 	"github.com/gogits/gogs/modules/uuid"
 )
 
+func IsAPIPath(url string) bool {
+	return strings.HasPrefix(url, "/api/")
+}
+
 // SignedInId returns the id of signed in user.
 func SignedInId(req *http.Request, sess session.Store) int64 {
 	if !models.HasEngine {
@@ -28,7 +32,7 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
 	}
 
 	// API calls need to check access token.
-	if strings.HasPrefix(req.URL.Path, "/api/") {
+	if IsAPIPath(req.URL.Path) {
 		auHead := req.Header.Get("Authorization")
 		if len(auHead) > 0 {
 			auths := strings.Fields(auHead)
-- 
cgit v1.2.3