MokoConsulting/MokoGitea
1
0
Fork 0
Code Issues 142 Pull Requests Releases 90 Wiki Activity

fix(licenses): restrict downloadsPublic to release paths only #438

Merged
jmiller merged 1 commits from dev into main 2026-06-02 20:31:33 +00:00
Conversation 0 Commits 1 Files Changed 1
+10 -5
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/context/repo.go
+10 -5
View File
@@ -448,12 +448,17 @@ func repoAssignmentLegacy(ctx *Context, data *repoAssignmentPrepareDataStruct) {
hasKey := ctx.FormString("dlid") != "" || ctx.FormString("key") != "" || ctx.FormString("download_key") != ""
// Check if downloads are set to public (download_gating=none means no key needed).
// Only apply to release/download paths, not the main repo page.
downloadsPublic := false
if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") {
downloadsPublic = true
}
if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") {
downloadsPublic = true
reqPath := ctx.Req.URL.Path
isDownloadPath := strings.Contains(reqPath, "/releases/") || strings.Contains(reqPath, "/archive/")
if isDownloadPath {
if orgCfg != nil && (orgCfg.DownloadGating == "" || orgCfg.DownloadGating == "none") {
downloadsPublic = true
}
if repoCfg != nil && (repoCfg.DownloadGating == "" || repoCfg.DownloadGating == "none") {
downloadsPublic = true
}
}
if ctx.IsSigned || hasKey || downloadsPublic {