From fe93cc6f5831e78518067d146ef724ed3b4b5941 Mon Sep 17 00:00:00 2001
From: John71 <john71@noreply.git.john71.fr>
Date: Wed, 18 Mar 2026 15:03:42 +0100
Subject: [PATCH] fix(Gitea): Request to fetch user details/avatar URL from
 Gitea API with proper authorization This allows for users that have chosen to
 hide their profile to Guests to fetch their information from the Gitea API

---
 internal/auth/oauth/gitea.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/internal/auth/oauth/gitea.go b/internal/auth/oauth/gitea.go
index 88db9bd..253cb9f 100644
--- a/internal/auth/oauth/gitea.go
+++ b/internal/auth/oauth/gitea.go
@@ -81,7 +81,14 @@ func (p *GiteaCallbackProvider) GetProviderUserSSHKeys() ([]string, error) {
 func (p *GiteaCallbackProvider) UpdateUserDB(user *db.User) {
 	user.GiteaID = p.User.UserID
 
-	resp, err := http.Get(urlJoin(config.C.GiteaUrl, "/api/v1/users/", p.User.UserID))
+	req, err := http.NewRequest("GET", urlJoin(config.C.GiteaUrl, "/api/v1/user"), http.NoBody)
+	if err != nil {
+		log.Error().Err(err).Msg("Cannot create Gitea API request")
+		return
+	}
+	req.Header.Set("Authorization", "token "+p.User.AccessToken)
+
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		log.Error().Err(err).Msg("Cannot get user from Gitea")
 		return