Merge b44df28beb9abb5290140597b92e482b78592cbf into 30c07c20e94551141cc1873ab14bdd4c104bba94

2026-04-04 01:24:56 +02:00 · 2026-04-03 08:58:35 +02:00 · 2026-04-03 08:58:35 +02:00 · 1468c8f67e
commit 1468c8f67e
parent 30c07c20e9 b44df28beb
2 changed files with 18 additions and 3 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -993,7 +993,6 @@ func Routes() *web.Router {
 		// Users (requires user scope)
 		m.Group("/users", func() {
 			m.Group("/{username}", func() {
-				m.Get("/keys", user.ListPublicKeys)
 				m.Get("/gpg_keys", user.ListGPGKeys)

 				m.Get("/followers", user.ListFollowers)
@ -1008,6 +1007,13 @@ func Routes() *web.Router {
 			}, context.UserAssignmentAPI(), checkTokenPublicOnly())
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken())

+		// Users SSH keys (publicly readable)
+		m.Group("/users", func() {
+			m.Group("/{username}", func() {
+				m.Get("/keys", user.ListPublicKeys)
+			}, context.UserAssignmentAPI())
+		})
+
 		// Users (requires user scope)
 		m.Group("/user", func() {
 			m.Get("", user.GetAuthenticatedUser)
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@ -8,6 +8,7 @@ import (
 	std_ctx "context"
 	"errors"
 	"net/http"
+	"strings"

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
@ -89,8 +90,16 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 	apiKeys := make([]*api.PublicKey, len(keys))
 	for i := range keys {
 		apiKeys[i] = convert.ToPublicKey(apiLink, keys[i])
-		if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID {
-			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user)
+		if ctx.Doer != nil {
+			if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID {
+				apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user)
+			}
+		} else {
+			// unauthenticated requests will not receive the title property
+			// to preserve privacy
+			apiKeys[i].Title = ""
+			// the key comment is truncated to preserve privacy
+			apiKeys[i].Key = strings.Join(strings.Split(apiKeys[i].Key, " ")[:2], " ")
 		}
 	}