route: no session for routes without UI (#6066)

Not all routes need session, register session and CSRF middleware as global is a waste of resource, and creating a lot one-time off yet never used session records.
2025-12-21 07:39:59 +01:00 · 2020-04-05 06:36:08 +08:00
parent bae1d6ccd8
commit 07818d5fa5
10 changed files with 529 additions and 532 deletions
--- a/internal/context/auth.go
+++ b/internal/context/auth.go
@@ -7,14 +7,12 @@ package context
 import (
 	"net/http"
 	"net/url"
-	"strings"

 	"github.com/go-macaron/csrf"
 	"gopkg.in/macaron.v1"

 	"gogs.io/gogs/internal/auth"
 	"gogs.io/gogs/internal/conf"
-	"gogs.io/gogs/internal/tool"
 )

 type ToggleOptions struct {
@@ -95,18 +93,3 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		}
 	}
 }
-
-// RequireBasicAuth verifies HTTP Basic Authentication header with given credentials.
-func (c *Context) RequireBasicAuth(username, password string) {
-	fields := strings.Fields(c.Req.Header.Get("Authorization"))
-	if len(fields) != 2 || fields[0] != "Basic" {
-		c.Status(http.StatusUnauthorized)
-		return
-	}
-
-	uname, passwd, _ := tool.BasicAuthDecode(fields[1])
-	if uname != username || passwd != password {
-		c.Status(http.StatusForbidden)
-		return
-	}
-}