Add ui.explore settings to control view of explore pages (2)

[zeripath]

This is an alternative PR to #13687.

Add [ui.explore] settings to allow restricting the
explore pages to logged in users only and to disable the users explore page.

The two proposed settings are:

• REQUIRE_SIGNIN_VIEW: Only allows access to the explore pages if the
  user is signed in. Also restricts
  • /api/v1/user/search
  • /api/v1/users/{username}
  • /api/v1/users/{username}/repos
  • but does not restrict /api/v1/users/{username}/heatmap
• DISABLE_USERS_PAGE: Disables the /explore/users page

Fix #2908

Close #13687

Signed-off-by: Andrew Thornton [email protected]

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@34df4e5). Click here to learn what that means.
The diff coverage is 50.00%.

@@            Coverage Diff            @@
##             master   #14094   +/-   ##
=========================================
  Coverage          ?   42.33%           
=========================================
  Files             ?      726           
  Lines             ?    77756           
  Branches          ?        0           
=========================================
  Hits              ?    32918           
  Misses            ?    39431           
  Partials          ?     5407           

Impacted Files	Coverage Δ
modules/setting/setting.go	45.47% <ø> (ø)
routers/home.go	47.19% <33.33%> (ø)
routers/api/v1/api.go	79.33% <60.00%> (ø)
routers/routes/macaron.go	92.54% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 34df4e5...d35b5fe. Read the comment docs.

[lafriks]

Is there a use case where REQUIRE_SIGNIN_VIEW is needed? Imho that should be always true and we should not return list of users to unauthorized users

[techknowlogick]

@lafriks REQUIRE_SIGNIN_VIEW is for more than just users, but all explore pages (such as repos & orgs too).

[lafriks]

imho we should remove users page completely, I don't see much use for it to be honest

[lunny]

imho we should remove users page completely, I don't see much use for it to be honest

Maybe for a public big site, users want to find some people they want to contact.

[lunny]

Please resolve the conflicts

[zeripath]

Conflicts fixed.

[lunny]

I think maybe move this to service is better? We need a feature to disable all the user explore include APIs. A standalone setting for UI search seems not enough.

[zeripath]

I really think we have way too much stuff in [service] already - so if it's going in there it should go in [service.explore] I think.

[noerw]

+1 on [service.explore]

[art-ist]

You are checking for the ui.explore setting when http://gitea/api/v1/users/search is called. But

curl -X GET "http://gitea/api/v1/users/joe" -H  "accept: application/json"

was our next first guess. So checking on

m.Group("/{username}", func() {

is required as well.

Originally posted by @art-ist in #2908 (comment)

[zeripath]

@art-ist I wrote this PR 3 months ago in response so I cannot fully remember all of the details but...

I am absolutely certain that you cannot just block /api/v1/users/{name} and in any case it is pointless as you can just go to /{name}

---

OK I think I'm wrong here and the UI doesn't rely on this path at all. I guess therefore it's fine to be blocked too.

[noerw]

Oher than the config location this LGBTTOPRTM (looks good and better than the other PR to me).

I think this more general config will serve more users concerned about privacy, a more finegrained control like ONLY_SHOW_USERS_WITH_PUBLIC_REPOS could be added later as needed

I thought more about this, see #2908 (comment) . In short:
We should probably allow for more flexibility and don't add a bool flag DISABLE_USERS_PAGE, but USERS_PAGE with 3 states OPT_OUT, OPT_IN, DISABLED, (where the first is the current behaviour, and the second can be implemented later)

[noerw]

+1 on [service.explore]

[6543]

🚀

[noerw]

Thinking about it again again, the opt-in feature can also be realised via a separate flag, so please ignore my above comment