Merge 693db80296 into 68d5c18953

2024-05-17 11:13:15 +02:00 · 2024-05-17 11:13:15 +02:00 · 04fc578ebd
parent 68d5c18953 693db80296
commit 04fc578ebd
2 changed files with 18 additions and 3 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -945,7 +945,6 @@ func Routes() *web.Route {
 		// Users (requires user scope)
 		m.Group("/users", func() {
 			m.Group("/{username}", func() {
-				m.Get("/keys", user.ListPublicKeys)
 				m.Get("/gpg_keys", user.ListGPGKeys)

 				m.Get("/followers", user.ListFollowers)
@ -960,6 +959,13 @@ func Routes() *web.Route {
 			}, context.UserAssignmentAPI())
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken())

+		// Users SSH keys (publicly readable)
+		m.Group("/users", func() {
+			m.Group("/{username}", func() {
+				m.Get("/keys", user.ListPublicKeys)
+			}, context.UserAssignmentAPI())
+		})
+
 		// Users (requires user scope)
 		m.Group("/user", func() {
 			m.Get("", user.GetAuthenticatedUser)
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@ -7,6 +7,7 @@ import (
 	std_ctx "context"
 	"fmt"
 	"net/http"
+	"strings"

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
@ -89,8 +90,16 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 	apiKeys := make([]*api.PublicKey, len(keys))
 	for i := range keys {
 		apiKeys[i] = convert.ToPublicKey(apiLink, keys[i])
-		if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID {
-			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user)
+		if ctx.Doer != nil {
+			if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID {
+				apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user)
+			}
+		} else {
+			// unauthenticated requests will not receive the title property
+			// to preserve privacy
+			apiKeys[i].Title = ""
+			// the key comment is truncated to preserve privacy
+			apiKeys[i].Key = strings.Join(strings.Split(apiKeys[i].Key, " ")[:2], " ")
 		}
 	}