From 527c1a4fda7aeb81b6cbed50be7ed0bee7fcce19 Mon Sep 17 00:00:00 2001
From: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Date: Tue, 13 Jan 2026 23:41:35 +0100
Subject: [PATCH] [v14.0/forgejo] fix: make lastcommit available for
 non-signed-in users (#10817)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/10815

- Regression of forgejo/forgejo!9830
- `reqSignIn` means it requires sign-in, but it does not require sign-in (can be hit by visiting large repository) so `ignSignIn` is the better option.
- Resulted in behavior of being redirected to `/user/login` when visiting a repository such as comaps or forgejo when not being logged in.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10817
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
---
 routers/web/web.go                    |  2 +-
 tests/integration/repo_commit_test.go | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 4e10dcc67b..f213d9cbb3 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1654,7 +1654,7 @@ func registerRoutes(m *web.Route) {
 		m.Post("/sync_fork", context.RepoMustNotBeArchived(), repo.MustBeNotEmpty, reqRepoCodeWriter, repo.SyncFork)
 	}, ignSignIn, context.RepoAssignment, context.UnitTypes())
 
-	m.Post("/{username}/{reponame}/lastcommit/*", reqSignIn, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
+	m.Post("/{username}/{reponame}/lastcommit/*", ignSignIn, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
 
 	m.Group("/{username}/{reponame}", func() {
 		if !setting.Repository.DisableStars {
diff --git a/tests/integration/repo_commit_test.go b/tests/integration/repo_commit_test.go
index 1e22192cd9..0975e48c0c 100644
--- a/tests/integration/repo_commit_test.go
+++ b/tests/integration/repo_commit_test.go
@@ -82,3 +82,19 @@ func TestRepoCommitHeader(t *testing.T) {
 		assert.Equal(t, commit.ID.String()[:10], sha.Find(".shortsha").Text())
 	})
 }
+
+func TestLastCommit(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Anonymous", func(t *testing.T) {
+		req := NewRequest(t, "POST", "/user2/repo1/lastcommit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
+		MakeRequest(t, req, http.StatusOK)
+	})
+
+	t.Run("Signed in", func(t *testing.T) {
+		session := loginUser(t, "user2")
+
+		req := NewRequest(t, "POST", "/user2/repo1/lastcommit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
+		session.MakeRequest(t, req, http.StatusOK)
+	})
+}