From ac2ae66ae75650cc6a425d9067fdb66955272414 Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Sun, 21 Mar 2021 12:21:28 +0200 Subject: [PATCH] Handle unauthorized user events gracefully (#15071) (#15074) --- routers/events/events.go | 11 +++++++++++ routers/routes/web.go | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/routers/events/events.go b/routers/events/events.go index 27dbb08fc8..aa8e2c8c74 100644 --- a/routers/events/events.go +++ b/routers/events/events.go @@ -30,6 +30,17 @@ func Events(ctx *context.Context) { ctx.Resp.Header().Set("X-Accel-Buffering", "no") ctx.Resp.WriteHeader(http.StatusOK) + if !ctx.IsSigned { + // Return unauthorized status event + event := (&eventsource.Event{ + Name: "unauthorized", + Data: "sorry", + }) + _, _ = event.WriteTo(ctx) + ctx.Resp.Flush() + return + } + // Listen to connection close and un-register messageChan notify := ctx.Req.Context().Done() ctx.Resp.Flush() diff --git a/routers/routes/web.go b/routers/routes/web.go index 166b4286a8..e59609d831 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -400,7 +400,7 @@ func RegisterRoutes(m *web.Route) { }) }, reqSignOut) - m.Any("/user/events", reqSignIn, events.Events) + m.Any("/user/events", events.Events) m.Group("/login/oauth", func() { m.Get("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)