9 lat temu · 47ac579f09
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -206,7 +206,7 @@ func runWeb(ctx *cli.Context) {
 
				 		m.Get("/issues", user.Issues)
			
 
				 	}, reqSignIn)
			
 
				 
			
 
				-	// API.
			
 
				+	// ***** START: API *****
			
 
				 	// FIXME: custom form error response.
			
 
				 	m.Group("/api", func() {
			
 
				 		m.Group("/v1", func() {
			
@@ -248,6 +248,7 @@ func runWeb(ctx *cli.Context) {
 
				 			})
			
 
				 		})
			
 
				 	}, ignSignIn)
			
 
				+	// ***** END: API *****
			
 
				 
			
 
				 	// ***** START: User *****
			
 
				 	m.Group("/user", func() {
			
--- a/models/user.go
+++ b/models/user.go
@@ -373,17 +373,9 @@ func CreateUser(u *User) (err error) {
 
				 	} else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil {
			
 
				 		sess.Rollback()
			
 
				 		return err
			
 
				-	} else if err = sess.Commit(); err != nil {
			
 
				-		return err
			
 
				 	}
			
 
				 
			
 
				-	// Auto-set admin for the first user.
			
 
				-	if CountUsers() == 1 {
			
 
				-		u.IsAdmin = true
			
 
				-		u.IsActive = true
			
 
				-		_, err = x.Id(u.Id).AllCols().Update(u)
			
 
				-	}
			
 
				-	return err
			
 
				+	return sess.Commit()
			
 
				 }
			
 
				 
			
 
				 func countUsers(e Engine) int64 {
			
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -80,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 
				 			return
			
 
				 		}
			
 
				 
			
 
				-		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {
			
 
				+		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
			
 
				 			csrf.Validate(ctx.Context, ctx.csrf)
			
 
				 			if ctx.Written() {
			
 
				 				return
			
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -220,7 +220,6 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
 
				 		Passwd:   form.Password,
			
 
				 		IsActive: !setting.Service.RegisterEmailConfirm || isOauth,
			
 
				 	}
			
 
				-
			
 
				 	if err := models.CreateUser(u); err != nil {
			
 
				 		switch {
			
 
				 		case models.IsErrUserAlreadyExist(err):
			
@@ -242,6 +241,16 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
 
				 	}
			
 
				 	log.Trace("Account created: %s", u.Name)
			
 
				 
			
 
				+	// Auto-set admin for the only user.
			
 
				+	if models.CountUsers() == 1 {
			
 
				+		u.IsAdmin = true
			
 
				+		u.IsActive = true
			
 
				+		if err := models.UpdateUser(u); err != nil {
			
 
				+			ctx.Handle(500, "UpdateUser", err)
			
 
				+			return
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				 	// Bind social account.
			
 
				 	if isOauth {
			
 
				 		if err := models.BindUserOauth2(u.Id, sid); err != nil {