diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 73071aa8df7ee..a3a482c6e592b 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -945,7 +945,6 @@ func Routes() *web.Route { // Users (requires user scope) m.Group("/users", func() { m.Group("/{username}", func() { - m.Get("/keys", user.ListPublicKeys) m.Get("/gpg_keys", user.ListGPGKeys) m.Get("/followers", user.ListFollowers) @@ -960,6 +959,13 @@ func Routes() *web.Route { }, context.UserAssignmentAPI()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken()) + // Users SSH keys (publicly readable) + m.Group("/users", func() { + m.Group("/{username}", func() { + m.Get("/keys", user.ListPublicKeys) + }, context.UserAssignmentAPI()) + }) + // Users (requires user scope) m.Group("/user", func() { m.Get("", user.GetAuthenticatedUser) diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index d9456e7ec6087..b70fbf6d66cc2 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -7,6 +7,7 @@ import ( std_ctx "context" "fmt" "net/http" + "strings" asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" @@ -89,8 +90,16 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) { apiKeys := make([]*api.PublicKey, len(keys)) for i := range keys { apiKeys[i] = convert.ToPublicKey(apiLink, keys[i]) - if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID { - apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user) + if ctx.Doer != nil { + if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID { + apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user) + } + } else { + // unauthenticated requests will not receive the title property + // to preserve privacy + apiKeys[i].Title = "" + // the key comment is truncated to preserve privacy + apiKeys[i].Key = strings.Join(strings.Split(apiKeys[i].Key, " ")[:2], " ") } }