fix(ui): enforce Explore button visibility via route guard
All checks were successful
Build and Release / Lint (push) Successful in 5m5s
Build and Release / Create Release (push) Successful in 0s
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Successful in 3m4s
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 3m43s
Build and Release / Unit Tests (push) Successful in 4m13s
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Successful in 9h4m57s
Build and Release / Build Binaries (amd64, darwin, macos) (push) Successful in 8m14s
Build and Release / Build Binaries (arm64, darwin, macos) (push) Successful in 8m20s
Build and Release / Build Binary (linux/arm64) (push) Successful in 8m56s
All checks were successful
Build and Release / Lint (push) Successful in 5m5s
Build and Release / Create Release (push) Successful in 0s
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Successful in 3m4s
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 3m43s
Build and Release / Unit Tests (push) Successful in 4m13s
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Successful in 9h4m57s
Build and Release / Build Binaries (amd64, darwin, macos) (push) Successful in 8m14s
Build and Release / Build Binaries (arm64, darwin, macos) (push) Successful in 8m20s
Build and Release / Build Binary (linux/arm64) (push) Successful in 8m56s
- Add exploreAnonymousGuard middleware to redirect anonymous users when Explore is hidden - Move enforcement from template to route level for better security - Prevent direct URL access to /explore routes when feature is disabled - Keep Explore button visible in navbar but make routes inaccessible This prevents users from bypassing the UI restriction by directly accessing /explore URLs.
This commit is contained in:
@@ -549,6 +549,13 @@ func registerWebRoutes(m *web.Router) {
|
||||
m.Get("/-/web-theme/list", misc.WebThemeList)
|
||||
m.Post("/-/web-theme/apply", optSignIn, misc.WebThemeApply)
|
||||
|
||||
exploreAnonymousGuard := func(ctx *context.Context) {
|
||||
if ctx.Doer == nil && setting.Config().Theme.HideExploreButton.Value(ctx) {
|
||||
ctx.Redirect(setting.AppSubURL + "/")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
m.Group("/explore", func() {
|
||||
m.Get("", func(ctx *context.Context) {
|
||||
ctx.Redirect(setting.AppSubURL + "/explore/repos")
|
||||
@@ -566,7 +573,7 @@ func registerWebRoutes(m *web.Router) {
|
||||
}
|
||||
}, explore.Code)
|
||||
m.Get("/topics/search", explore.TopicSearch)
|
||||
}, optExploreSignIn)
|
||||
}, optExploreSignIn, exploreAnonymousGuard)
|
||||
|
||||
m.Group("/issues", func() {
|
||||
m.Get("", user.Issues)
|
||||
|
||||
@@ -30,9 +30,7 @@
|
||||
<a class="item{{if .PageIsMilestonesDashboard}} active{{end}}" href="{{AppSubUrl}}/milestones">{{ctx.Locale.Tr "milestones"}}</a>
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{if not (.SystemConfig.Theme.HideExploreButton.Value ctx)}}
|
||||
<a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore_title"}}</a>
|
||||
{{end}}
|
||||
{{if .SystemConfig.Theme.APIHeaderURL.Value ctx}}
|
||||
<a class="item" href="{{.SystemConfig.Theme.APIHeaderURL.Value ctx}}">{{ctx.Locale.Tr "api"}}</a>
|
||||
{{end}}
|
||||
|
||||
Reference in New Issue
Block a user