Fix auth check bug (#24382)

Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324 `getAuthenticatedMeta` has checked them, these code are duplicated one. And the first invokation has a wrong permission check. `DownloadHandle` should require read permission but not write.
2025-11-04 08:30:25 +08:00 · 2023-04-28 04:43:27 +08:00
parent 5141bbd9ba
commit ecf1f2d3f6
2 changed files with 41 additions and 10 deletions
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -86,11 +86,6 @@ func DownloadHandler(ctx *context.Context) {
 		return
 	}

-	repository := getAuthenticatedRepository(ctx, rc, true)
-	if repository == nil {
-		return
-	}
-
 	// Support resume download using Range header
 	var fromByte, toByte int64
 	toByte = meta.Size - 1
@@ -365,11 +360,6 @@ func VerifyHandler(ctx *context.Context) {
 		return
 	}

-	repository := getAuthenticatedRepository(ctx, rc, true)
-	if repository == nil {
-		return
-	}
-
 	contentStore := lfs_module.NewContentStore()
 	ok, err := contentStore.Verify(meta.Pointer)