Skip to content

Commit 03fab6a

Browse files
wxiaoguangGiteaBot
wxiaoguang
and
GiteaBot
authored
Fix some mistakes when using ignSignIn (#24415)
Some old code doesn't respect the definition of `RequireSignInView` (the `ignSignIn` is forgotten). After #24413, this PR will do more fixes, ~~and rename the strange `ignSignIn` to `optSignIn`.~~ This PR is ready for review, I think we can postpone the "ignSignIn" renaming to another, to make this PR simple and clear. --------- Co-authored-by: Giteabot <teabot@gitea.io>
1 parent 55a5717 commit 03fab6a

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

routers/web/web.go

+7-7
Original file line numberDiff line numberDiff line change
@@ -176,10 +176,11 @@ func Routes(ctx gocontext.Context) *web.Route {
176176
// registerRoutes register routes
177177
func registerRoutes(m *web.Route) {
178178
reqSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: true})
179+
reqSignOut := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignOutRequired: true})
180+
// TODO: rename them to "optSignIn", which means that the "sign-in" could be optional, depends on the VerifyOptions (RequireSignInView)
179181
ignSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: setting.Service.RequireSignInView})
180182
ignExploreSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView})
181183
ignSignInAndCsrf := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{DisableCSRF: true})
182-
reqSignOut := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignOutRequired: true})
183184
validation.AddBindingRules()
184185

185186
linkAccountEnabled := func(ctx *context.Context) {
@@ -489,7 +490,6 @@ func registerRoutes(m *web.Route) {
489490
}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "AllThemes", setting.UI.Themes, "EnablePackages", setting.Packages.Enabled))
490491

491492
m.Group("/user", func() {
492-
// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
493493
m.Get("/activate", auth.Activate)
494494
m.Post("/activate", auth.ActivatePost)
495495
m.Any("/activate_email", auth.ActivateEmail)
@@ -809,7 +809,7 @@ func registerRoutes(m *web.Route) {
809809
}, reqPackageAccess(perm.AccessModeWrite))
810810
})
811811
})
812-
}, ignSignIn, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
812+
}, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
813813
}
814814

815815
m.Group("/projects", func() {
@@ -848,7 +848,7 @@ func registerRoutes(m *web.Route) {
848848
m.Group("", func() {
849849
m.Get("/code", user.CodeSearch)
850850
}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead))
851-
}, context_service.UserAssignmentWeb(), context.OrgAssignment())
851+
}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)
852852

853853
// ***** Release Attachment Download without Signin
854854
m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)
@@ -940,7 +940,7 @@ func registerRoutes(m *web.Route) {
940940

941941
m.Post("/{username}/{reponame}/action/{action}", reqSignIn, context.RepoAssignment, context.UnitTypes(), repo.Action)
942942

943-
// Grouping for those endpoints not requiring authentication
943+
// Grouping for those endpoints not requiring authentication (but should respect ignSignIn)
944944
m.Group("/{username}/{reponame}", func() {
945945
m.Group("/milestone", func() {
946946
m.Get("/{id}", repo.MilestoneIssuesAndPulls)
@@ -953,14 +953,14 @@ func registerRoutes(m *web.Route) {
953953
})
954954
m.Get("/compare", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists, ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff)
955955
m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
956-
Get(ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
956+
Get(repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
957957
Post(reqSignIn, context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, web.Bind(forms.CreateIssueForm{}), repo.SetWhitespaceBehavior, repo.CompareAndPullRequestPost)
958958
m.Group("/{type:issues|pulls}", func() {
959959
m.Group("/{index}", func() {
960960
m.Get("/info", repo.GetIssueInfo)
961961
})
962962
})
963-
}, context.RepoAssignment, context.UnitTypes())
963+
}, ignSignIn, context.RepoAssignment, context.UnitTypes()) // for "/{username}/{reponame}" which doesn't require authentication
964964

965965
// Grouping for those endpoints that do require authentication
966966
m.Group("/{username}/{reponame}", func() {

0 commit comments

Comments
 (0)