gitea

Commit Graph

Author	SHA1	Message	Date
JakobDev	ea385f5d39	Fix API leaking Usermail if not logged in (#25097 ) The API should only return the real Mail of a User, if the caller is logged in. The check do to this don't work. This PR fixes this. This not really a security issue, but can lead to Spam. --------- Co-authored-by: silverwind <me@silverwind.io>	1 year ago
Lunny Xiao	bd820aa9c5	Add context cache as a request level cache (#22294 ) To avoid duplicated load of the same data in an HTTP request, we can set a context cache to do that. i.e. Some pages may load a user from a database with the same id in different areas on the same page. But the code is hidden in two different deep logic. How should we share the user? As a result of this PR, now if both entry functions accept `context.Context` as the first parameter and we just need to refactor `GetUserByID` to reuse the user from the context cache. Then it will not be loaded twice on an HTTP request. But of course, sometimes we would like to reload an object from the database, that's why `RemoveContextData` is also exposed. The core context cache is here. It defines a new context ```go type cacheContext struct { ctx context.Context data map[any]map[any]any lock sync.RWMutex } var cacheContextKey = struct{}{} func WithCacheContext(ctx context.Context) context.Context { return context.WithValue(ctx, cacheContextKey, &cacheContext{ ctx: ctx, data: make(map[any]map[any]any), }) } ``` Then you can use the below 4 methods to read/write/del the data within the same context. ```go func GetContextData(ctx context.Context, tp, key any) any func SetContextData(ctx context.Context, tp, key, value any) func RemoveContextData(ctx context.Context, tp, key any) func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error) ``` Then let's take a look at how `system.GetString` implement it. ```go func GetSetting(ctx context.Context, key string) (string, error) { return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) { return cache.GetString(genSettingCacheKey(key), func() (string, error) { res, err := GetSettingNoCache(ctx, key) if err != nil { return "", err } return res.SettingValue, nil }) }) } ``` First, it will check if context data include the setting object with the key. If not, it will query from the global cache which may be memory or a Redis cache. If not, it will get the object from the database. In the end, if the object gets from the global cache or database, it will be set into the context cache. An object stored in the context cache will only be destroyed after the context disappeared.	2 years ago
KN4CK3R	a35749893b	Move `convert` package to services (#22264 ) Addition to #22256 The `convert` package relies heavily on different models which is [disallowed by our definition of modules](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#design-guideline). This helps to prevent possible import cycles. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2 years ago
flynnnnnnnnnn	e81ccc406b	Implement FSFE REUSE for golang files (#21840 ) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2 years ago
Baekjun Kim	e35a39e81d	Include login_name in adminCreateUser response (#20283 ) `login_name` (Authentication Sign-in Name) is not included in the response of `adminUserCreate` API. This PR is to return user-specified `login_name` if there is one.	2 years ago
Florin Hillebrand	ad6d08d155	Add API to query collaborators permission for a repository (#18761 ) Targeting #14936, #15332 Adds a collaborator permissions API endpoint according to GitHub API: https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user to retrieve a collaborators permissions for a specific repository. ### Checks the repository permissions of a collaborator. `GET` `/repos/{owner}/{repo}/collaborators/{collaborator}/permission` Possible `permission` values are `admin`, `write`, `read`, `owner`, `none`. ```json { "permission": "admin", "role_name": "admin", "user": {} } ``` Where `permission` and `role_name` hold the same `permission` value and `user` is filled with the user API object. Only admins are allowed to use this API endpoint.	3 years ago
Lunny Xiao	1fee11d69a	Move accessmode into models/perm (#17828 )	3 years ago
Lunny Xiao	a666829a37	Move user related model into models/user (#17781 ) * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge	3 years ago
zeripath	af96286f22	Stop sanitizing full name in API (#17396 ) The API convert.toUser function makes the incorrect assumption that full names could be rendered as is without being escaped. It therefore runs the names through markup.Sanitize which leads to a double escape of user full names. This pr stops this. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	3 years ago
Sergey Dryabzhinsky	22a0636544	Add Visible modes function from Organisation to Users too (#16069 ) You can limit or hide organisations. This pull make it also posible for users - new strings to translte - add checkbox to user profile form - add checkbox to admin user.edit form - filter explore page user search - filter api admin and public user searches - allow admins view "hidden" users - add app option DEFAULT_USER_VISIBILITY - rewrite many files to use Visibility field - check for teams intersection - fix context output - right fake 404 if not visible Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>	3 years ago
6543	58501a2682	[API] GET / SET User Settings (#16169 ) * API: GET/SET User Settings * linter * Apply suggestions from code review * Update modules/structs/user.go * lint * fix swagger * move User2UserSettings to convert * as per @zeripath "preferences" -> "settings" Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	3 years ago
6543	b3fbd37e99	[API] expose repo.GetReviewers() & repo.GetAssignees() (#16168 ) * API: expose repo.GetReviewers() & repo.GetAssignees() * Add tests * fix unrelated swagger query type	3 years ago
6543	c9d053f0ca	[API] User expose counters (#16167 )	3 years ago
KN4CK3R	f8335444de	Add Active and ProhibitLogin to API (#15689 ) * Added active and prohibit_login. * Do not omit fields for normal users.	4 years ago
KN4CK3R	67e10397af	Add Location, Website and Biography to API (#15675 )	4 years ago
6543	290cf75f93	[refactor] Unify the export of user data via API (#15144 ) * [refactor] unify how user data is exported via API * test time via unix timestamp	4 years ago
6543	8d5c795cc4	[API] Add Restricted Field to User (#14630 ) * Expose Restricted field for User * Add Option to Change Restricted on User via adminEditUser API * Add test who change restricted & test if it changed it ... * make generate-swagger Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	4 years ago
6543	d453533beb	[Refactor] Move APIFormat functions into convert package (#12856 ) * USER APIFormat -> ToUser * Migrate more and mark APIFormat deprecated * models.Comment APIFormat() -> convert.ToComment * models.Release APIFormat() -> convert.ToRelease * models.Attachments APIFormat() -> convert.ToReleaseAttachments * models.CommitStatus APIFormat() -> convert.ToCommitStatus * finish migration to convert.ToUser * Move Test * Imprufe Test * fix test Co-authored-by: techknowlogick <techknowlogick@gitea.io>	4 years ago
6543	06480af472	Convert User expose ID each time (#12855 ) * git blame tells me a lot of gitea things happen here around 2018, add header * move user code int its own file * expose user id * adopt things from APIFormat * fix test * CI.restart()	4 years ago

3 Commits (93bd4351bfb4a2f5f37ecb80d50496d044240e00)