Handle unauthorized user events gracefully (#15071)

4 years ago · 2f0eb9fd5d
parent 78e8f62706
commit 2f0eb9fd5d
2 changed files with 12 additions and 1 deletions
--- a/routers/events/events.go
+++ b/routers/events/events.go
@ -30,6 +30,17 @@ func Events(ctx *context.Context) {
 	ctx.Resp.Header().Set("X-Accel-Buffering", "no")
 	ctx.Resp.WriteHeader(http.StatusOK)
 	if !ctx.IsSigned {
 		// Return unauthorized status event
 		event := (&eventsource.Event{
 			Name: "unauthorized",
 			Data: "sorry",
 		})
 		_, _ = event.WriteTo(ctx)
 		ctx.Resp.Flush()
 		return
 	}
 	// Listen to connection close and un-register messageChan
 	notify := ctx.Req.Context().Done()
 	ctx.Resp.Flush()
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@ -400,7 +400,7 @@ func RegisterRoutes(m *web.Route) {
 		})
 	}, reqSignOut)
-	m.Any("/user/events", reqSignIn, events.Events)
+	m.Any("/user/events", events.Events)
 	m.Group("/login/oauth", func() {
 		m.Get("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)