Add missing reqToken() to notifications endpoints (#26914)
They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
This commit is contained in:
JakobDev
GitHub
parent
f79f6a26ae
commit
e9f5067653
2 changed files with 9 additions and 3 deletions
|
|
@ -776,11 +776,11 @@ func Routes() *web.Route {
|
|||
// Notifications (requires 'notifications' scope)
|
||||
m.Group("/notifications", func() {
|
||||
m.Combo("").
|
||||
Get(notify.ListNotifications).
|
||||
Get(reqToken(), notify.ListNotifications).
|
||||
Put(reqToken(), notify.ReadNotifications)
|
||||
m.Get("/new", notify.NewAvailable)
|
||||
m.Get("/new", reqToken(), notify.NewAvailable)
|
||||
m.Combo("/threads/{id}").
|
||||
Get(notify.GetThread).
|
||||
Get(reqToken(), notify.GetThread).
|
||||
Patch(reqToken(), notify.ReadThread)
|
||||
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryNotification))
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue