diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-05-22 08:05:44 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-22 00:05:44 +0000 |
| commit | 2cb66fff60c95efbd58b797f1197f2421f4687ce (patch) | |
| tree | 31f92c081c0bea16089a834c80c5797d8c78c1ac /modules/setting/service.go | |
| parent | 19993d8814e227ac0a52b73d36fdb03fbb143c3f (diff) | |
| download | gitea-2cb66fff60c95efbd58b797f1197f2421f4687ce.tar.gz gitea-2cb66fff60c95efbd58b797f1197f2421f4687ce.zip | |
Support wildcard in email domain allow/block list (#24831)
Replace #20257 (which is stale and incomplete)
Close #20255
Major changes:
* Deprecate the "WHITELIST", use "ALLOWLIST"
* Add wildcard support for EMAIL_DOMAIN_ALLOWLIST/EMAIL_DOMAIN_BLOCKLIST
* Update example config file and document
* Improve tests
Diffstat (limited to 'modules/setting/service.go')
| -rw-r--r-- | modules/setting/service.go | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/modules/setting/service.go b/modules/setting/service.go index d4a31ba5d4..03225f566b 100644 --- a/modules/setting/service.go +++ b/modules/setting/service.go @@ -10,6 +10,8 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/structs" + + "github.com/gobwas/glob" ) // enumerates all the types of captchas @@ -33,8 +35,8 @@ var Service = struct { ResetPwdCodeLives int RegisterEmailConfirm bool RegisterManualConfirm bool - EmailDomainWhitelist []string - EmailDomainBlocklist []string + EmailDomainAllowList []glob.Glob + EmailDomainBlockList []glob.Glob DisableRegistration bool AllowOnlyInternalRegistration bool AllowOnlyExternalRegistration bool @@ -114,6 +116,20 @@ func (a AllowedVisibility) ToVisibleTypeSlice() (result []structs.VisibleType) { return result } +func CompileEmailGlobList(sec ConfigSection, keys ...string) (globs []glob.Glob) { + for _, key := range keys { + list := sec.Key(key).Strings(",") + for _, s := range list { + if g, err := glob.Compile(s); err == nil { + globs = append(globs, g) + } else { + log.Error("Skip invalid email allow/block list expression %q: %v", s, err) + } + } + } + return globs +} + func loadServiceFrom(rootCfg ConfigProvider) { sec := rootCfg.Section("service") Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180) @@ -130,8 +146,11 @@ func loadServiceFrom(rootCfg ConfigProvider) { } else { Service.RegisterManualConfirm = false } - Service.EmailDomainWhitelist = sec.Key("EMAIL_DOMAIN_WHITELIST").Strings(",") - Service.EmailDomainBlocklist = sec.Key("EMAIL_DOMAIN_BLOCKLIST").Strings(",") + if sec.HasKey("EMAIL_DOMAIN_WHITELIST") { + deprecatedSetting(rootCfg, "service", "EMAIL_DOMAIN_WHITELIST", "service", "EMAIL_DOMAIN_ALLOWLIST", "1.21") + } + Service.EmailDomainAllowList = CompileEmailGlobList(sec, "EMAIL_DOMAIN_WHITELIST", "EMAIL_DOMAIN_ALLOWLIST") + Service.EmailDomainBlockList = CompileEmailGlobList(sec, "EMAIL_DOMAIN_BLOCKLIST") Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!(Service.DisableRegistration || Service.AllowOnlyExternalRegistration)) Service.ShowMilestonesDashboardPage = sec.Key("SHOW_MILESTONES_DASHBOARD_PAGE").MustBool(true) Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool() |