From 2b1e67e0851ccaf040baf5331f5b66150a550afb Mon Sep 17 00:00:00 2001 From: Unknwon Date: Tue, 14 Jul 2015 23:21:34 +0800 Subject: [PATCH] #1127: hide user e-mail when API caller isn't signed in --- modules/middleware/auth.go | 1 + routers/api/v1/user.go | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go index b2aaae101d70..8f86b79177c2 100644 --- a/modules/middleware/auth.go +++ b/modules/middleware/auth.go @@ -69,6 +69,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { } } +// Contexter middleware already checks token for user sign in process. func ApiReqToken() macaron.Handler { return func(ctx *Context) { if !ctx.IsSigned { diff --git a/routers/api/v1/user.go b/routers/api/v1/user.go index e9ba615fcb91..a4648297b9bb 100644 --- a/routers/api/v1/user.go +++ b/routers/api/v1/user.go @@ -68,5 +68,10 @@ func GetUserInfo(ctx *middleware.Context) { } return } + + // Hide user e-mail when API caller isn't signed in. + if !ctx.IsSigned { + u.Email = "" + } ctx.JSON(200, &api.User{u.Id, u.Name, u.FullName, u.Email, u.AvatarLink()}) }