fix(Gitea): Request to fetch user details/avatar URL from Gitea API with proper authorization

This allows for users that have chosen to hide their profile to Guests to fetch their information from the Gitea API
2026-03-18 15:03:42 +01:00
parent 4d29a50e64
commit fe93cc6f58
1 changed files with 8 additions and 1 deletions
--- a/internal/auth/oauth/gitea.go
+++ b/internal/auth/oauth/gitea.go
@@ -81,7 +81,14 @@ func (p *GiteaCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
 func (p *GiteaCallbackProvider) UpdateUserDB(user *db.User) {
 	user.GiteaID = p.User.UserID

-	resp, err := http.Get(urlJoin(config.C.GiteaUrl, "/api/v1/users/", p.User.UserID))
+	req, err := http.NewRequest("GET", urlJoin(config.C.GiteaUrl, "/api/v1/user"), http.NoBody)
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot create Gitea API request")
+		return
+	}
+	req.Header.Set("Authorization", "token "+p.User.AccessToken)
+
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		log.Error().Err(err).Msg("Cannot get user from Gitea")
 		return