mirror of
https://gitcode.com/gitea/gitea.git
synced 2025-05-28 13:20:20 +08:00
Allow get release download files and lfs files with oauth2 token format (#26430)
Fix #26165 Fix #25257
This commit is contained in:
@ -125,7 +125,9 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
|
||||
// If verification is successful returns an existing user object.
|
||||
// Returns nil if verification fails.
|
||||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
|
||||
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
|
||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
|
||||
!gitRawReleasePathRe.MatchString(req.URL.Path) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user