Add ui.explore settings to control view of explore pages

Add `[ui.explore]` settings to allow restricting the
explore pages to logged in users only and to restrict
the showing of users to only those with publically available
repositories.

The two proposed settings are:

- `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the
user is signed in. Also restricts `/api/v1/user/search`.
- `ONLY_SHOW_USERS_WITH_PUBLIC_REPOS`: Only shows users with public
repos on the explore page. `/api/v1/user/search` will only show users
with public repos unless the user the is signed in.

Fix go-gitea#2908

Signed-off-by: Andrew Thornton <art27@cantab.net>

Author: zeripath

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -180,6 +180,11 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `NOTICE_PAGING_NUM`: **25**: Number of notices that are shown in one page.
 - `ORG_PAGING_NUM`: **50**: Number of organizations that are shown in one page.
 
+### UI - Expore (`ui.explore`)
+
+- `REQUIRE_SIGNIN_VIEW`: **false**: Only allow signed in users to view the explore pages.
+- `ONLY_SHOW_USERS_WITH_PUBLIC_REPOS`: **false**: Only show users with public repos on the explore users page.
+
 ### UI - Metadata (`ui.meta`)
 
 - `AUTHOR`: **Gitea - Git with a cup of tea**: Author meta tag of the homepage.

models/consistency.go

@@ -71,6 +71,7 @@ func assertCount(t *testing.T, bean interface{}, expected int) {
 
 func (user *User) checkForConsistency(t *testing.T) {
 	assertCount(t, &Repository{OwnerID: user.ID}, user.NumRepos)
+	assertCount(t, &Repository{OwnerID: user.ID, IsPrivate: false}, user.NumPublicRepos)
 	assertCount(t, &Star{UID: user.ID}, user.NumStars)
 	assertCount(t, &OrgUser{OrgID: user.ID}, user.NumMembers)
 	assertCount(t, &Team{OrgID: user.ID}, user.NumTeams)

models/migrations/migrations.go

@@ -254,6 +254,8 @@ var migrations = []Migration{
 	NewMigration("code comment replies should have the commitID of the review they are replying to", updateCodeCommentReplies),
 	// v159 -> v160
 	NewMigration("update reactions constraint", updateReactionConstraint),
+	// v160 -> v161
+	NewMigration("add num public repos", updateNumPublicRepos),
 }
 
 // GetCurrentDBVersion returns the current db version

models/migrations/v160.go

@@ -0,0 +1,63 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func updateNumPublicRepos(x *xorm.Engine) error {
+	// User represents a user
+	type User struct {
+		ID             int64
+		NumPublicRepos int `xorm:"INDEX NOT NULL DEFAULT 0"`
+	}
+
+	// Repository represents a Repo
+	type Repository struct {
+		ID        int64
+		OwnerID   int64
+		IsPrivate bool
+	}
+
+	if err := x.Sync2(&User{}, &Repository{}); err != nil {
+		return err
+	}
+	var batchSize = 100
+
+	users := make([]*User, 0, batchSize)
+
+	sess := x.NewSession()
+	defer sess.Close()
+
+	sess.SetExpr("num_public_repos", 0).Update(&User{})
+
+	for start := 0; ; start += batchSize {
+		users = users[:0]
+
+		if err := sess.Begin(); err != nil {
+			return err
+		}
+
+		if err := sess.Select("owner_id as id, count(id) AS num_public_repos").Table("repository").Where("repository.is_private", false).GroupBy("owner_id").Limit(batchSize, start).Asc("id").Find(&users); err != nil {
+			return err
+		}
+
+		if len(users) == 0 {
+			break
+		}
+
+		for _, user := range users {
+			if _, err := sess.ID(user.ID).Cols("num_public_repos").Update(user); err != nil {
+				return err
+			}
+		}
+
+		if err := sess.Commit(); err != nil {
+			return err
+		}
+	}
+	return nil
+}

models/repo.go

@@ -1212,6 +1212,12 @@ func CreateRepository(ctx DBContext, doer, u *User, repo *Repository, overwriteO
 		return fmt.Errorf("increment user total_repos: %v", err)
 	}
 	u.NumRepos++
+	if !repo.IsPrivate {
+		if _, err = ctx.e.Incr("num_public_repos").ID(u.ID).Update(new(User)); err != nil {
+			return fmt.Errorf("increment user total_public_repos: %v", err)
+		}
+		u.NumPublicRepos++
+	}
 
 	// Give access to all members in teams with access to all repositories.
 	if u.IsOrganization() {
@@ -1524,6 +1530,14 @@ func updateRepository(e Engine, repo *Repository, visibilityChanged bool) (err e
 			if err != nil {
 				return err
 			}
+			repo.Owner.NumPublicRepos--
+		} else {
+			repo.Owner.NumPublicRepos++
+		}
+
+		_, err = e.ID(repo.OwnerID).Cols("num_public_repos").Update(repo.Owner)
+		if err != nil {
+			return err
 		}
 
 		// Create/Remove git-daemon-export-ok for git-daemon...
@@ -2074,6 +2088,12 @@ func CheckRepoStats(ctx context.Context) error {
 			"UPDATE `user` SET num_repos=(SELECT COUNT(*) FROM `repository` WHERE owner_id=?) WHERE id=?",
 			"user count 'num_repos'",
 		},
+		// User.NumPublicRepos
+		{
+			"SELECT `user`.id FROM `user` WHERE `user`.num_public_repos!=(SELECT COUNT(*) FROM `repository` WHERE owner_id=`user`.id AND is_private=0)",
+			"UPDATE `user` SET num_public_repos=(SELECT COUNT(*) FROM `repository` WHERE owner_id=? AND is_private=0) WHERE id=?",
+			"user count 'num_public_repos'",
+		},
 		// Issue.NumComments
 		{
 			"SELECT `issue`.id FROM `issue` WHERE `issue`.num_comments!=(SELECT COUNT(*) FROM `comment` WHERE issue_id=`issue`.id AND type=0)",

models/user.go

@@ -145,10 +145,11 @@ type User struct {
 	UseCustomAvatar bool
 
 	// Counters
-	NumFollowers int
-	NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
-	NumStars     int
-	NumRepos     int
+	NumFollowers   int
+	NumFollowing   int `xorm:"NOT NULL DEFAULT 0"`
+	NumStars       int
+	NumRepos       int
+	NumPublicRepos int `xorm:"INDEX NOT NULL DEFAULT 0"`
 
 	// For organization
 	NumTeams                  int
@@ -1428,14 +1429,15 @@ func GetUser(user *User) (bool, error) {
 // SearchUserOptions contains the options for searching
 type SearchUserOptions struct {
 	ListOptions
-	Keyword       string
-	Type          UserType
-	UID           int64
-	OrderBy       SearchOrderBy
-	Visible       []structs.VisibleType
-	Actor         *User // The user doing the search
-	IsActive      util.OptionalBool
-	SearchByEmail bool // Search by email as well as username/full name
+	Keyword                  string
+	Type                     UserType
+	UID                      int64
+	OrderBy                  SearchOrderBy
+	Visible                  []structs.VisibleType
+	Actor                    *User // The user doing the search
+	IsActive                 util.OptionalBool
+	SearchByEmail            bool // Search by email as well as username/full name
+	OnlyUsersWithPublicRepos bool
 }
 
 func (opts *SearchUserOptions) toConds() builder.Cond {
@@ -1489,6 +1491,10 @@ func (opts *SearchUserOptions) toConds() builder.Cond {
 		cond = cond.And(builder.Eq{"is_active": opts.IsActive.IsTrue()})
 	}
 
+	if opts.OnlyUsersWithPublicRepos {
+		cond = cond.And(builder.Gt{"num_public_repos": 0})
+	}
+
 	return cond
 }
 

modules/setting/setting.go

@@ -201,6 +201,11 @@ var (
 			Description string
 			Keywords    string
 		} `ini:"ui.meta"`
+		// Explore page settings
+		Explore struct {
+			RequireSigninView            bool `ini:"REQUIRE_SIGNIN_VIEW"`
+			OnlyShowUsersWithPublicRepos bool `ini:"ONLY_SHOW_USERS_WITH_PUBLIC_REPOS"`
+		} `ini:"ui.explore"`
 	}{
 		ExplorePagingNum:    20,
 		IssuePagingNum:      10,
@@ -252,6 +257,10 @@ var (
 			Description: "Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go",
 			Keywords:    "go,git,self-hosted,gitea",
 		},
+		Explore: struct {
+			RequireSigninView            bool `ini:"REQUIRE_SIGNIN_VIEW"`
+			OnlyShowUsersWithPublicRepos bool `ini:"ONLY_SHOW_USERS_WITH_PUBLIC_REPOS"`
+		}{},
 	}
 
 	// Markdown settings

routers/api/v1/api.go

@@ -195,6 +195,14 @@ func reqToken() macaron.Handler {
 	}
 }
 
+func reqExploreSignIn() macaron.Handler {
+	return func(ctx *context.APIContext) {
+		if setting.UI.Explore.RequireSigninView && !ctx.IsSigned {
+			ctx.Error(http.StatusUnauthorized, "reqExploreSignIn", "you must be signed in to search for users")
+		}
+	}
+}
+
 func reqBasicAuth() macaron.Handler {
 	return func(ctx *context.APIContext) {
 		if !ctx.Context.IsBasicAuth {
@@ -538,7 +546,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 
 		// Users
 		m.Group("/users", func() {
-			m.Get("/search", user.Search)
+			m.Get("/search", reqExploreSignIn, user.Search)
 
 			m.Group("/:username", func() {
 				m.Get("", user.GetInfo)

routers/api/v1/user/user.go

@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
+	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/routers/api/v1/utils"
 
@@ -60,10 +61,11 @@ func Search(ctx *context.APIContext) {
 	listOptions := utils.GetListOptions(ctx)
 
 	opts := &models.SearchUserOptions{
-		Keyword:     strings.Trim(ctx.Query("q"), " "),
-		UID:         com.StrTo(ctx.Query("uid")).MustInt64(),
-		Type:        models.UserTypeIndividual,
-		ListOptions: listOptions,
+		Keyword:                  strings.Trim(ctx.Query("q"), " "),
+		UID:                      com.StrTo(ctx.Query("uid")).MustInt64(),
+		Type:                     models.UserTypeIndividual,
+		ListOptions:              listOptions,
+		OnlyUsersWithPublicRepos: setting.UI.Explore.OnlyShowUsersWithPublicRepos && !ctx.IsSigned,
 	}
 
 	users, maxResults, err := models.SearchUsers(opts)

routers/home.go

@@ -252,11 +252,12 @@ func ExploreUsers(ctx *context.Context) {
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
 
 	RenderUserSearch(ctx, &models.SearchUserOptions{
-		Actor:       ctx.User,
-		Type:        models.UserTypeIndividual,
-		ListOptions: models.ListOptions{PageSize: setting.UI.ExplorePagingNum},
-		IsActive:    util.OptionalBoolTrue,
-		Visible:     []structs.VisibleType{structs.VisibleTypePublic, structs.VisibleTypeLimited, structs.VisibleTypePrivate},
+		Actor:                    ctx.User,
+		Type:                     models.UserTypeIndividual,
+		ListOptions:              models.ListOptions{PageSize: setting.UI.ExplorePagingNum},
+		IsActive:                 util.OptionalBoolTrue,
+		Visible:                  []structs.VisibleType{structs.VisibleTypePublic, structs.VisibleTypeLimited, structs.VisibleTypePrivate},
+		OnlyUsersWithPublicRepos: setting.UI.Explore.OnlyShowUsersWithPublicRepos,
 	}, tplExploreUsers)
 }