YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: skip auth on /api/v1/status to avoid sign up while token invalid (#1895)

Browse Source 
Skip auth on /api/v1/status to avoid sign up while token invalid
This commit is contained in:
Athurg Gooth
2023-07-05 13:55:04 +08:00
committed by GitHub
parent 1c07ae2650
commit 2033b0c8fa
2 changed files with 2 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/v1/jwt.go
View File

@ -82,7 +82,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
}
// Skip validation for server status endpoints.
if common.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/user/:id") && method == http.MethodGet {
if common.HasPrefixes(path, "/api/v1/ping", "/api/v1/idp", "/api/v1/status", "/api/user/:id") && method == http.MethodGet {
return next(c)
}
@ -93,7 +93,7 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
return next(c)
}
// When the request is not authenticated, we allow the user to access the memo endpoints for those public memos.
if common.HasPrefixes(path, "/api/v1/status", "/api/memo") && method == http.MethodGet {
if common.HasPrefixes(path, "/api/memo") && method == http.MethodGet {
return next(c)
}
return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")