Add ui.explore settings to control view of explore pages (2) (#14094)

This is an alternative PR to #13687. Add `[ui.explore]` settings to allow restricting the explore pages to logged in users only and to disable the users explore page. The two proposed settings are: - `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the user is signed in. Also restricts - `/api/v1/user/search` - `/api/v1/users/{username}` - `/api/v1/users/{username}/repos` - but does not restrict `/api/v1/users/{username}/heatmap` - `DISABLE_USERS_PAGE`: Disables the /explore/users page Fix #2908 Close #13687 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
author: zeripath <art27@cantab.net> 2021-03-11 13:40:54 +0000
committer: GitHub <noreply@github.com> 2021-03-11 13:40:54 +0000
commit: c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77 (patch)
tree: 538c00f48c8d03979b0323b057cb7bd3ed19b969 /routers
parent: bc423a1e8445c01b5f590b86657c9a49b0bfdd8c (diff)
download: gitea-c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77.tar.gz
gitea-c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77.zip
3 files changed, 20 insertions, 4 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index a8499e0ee8..57bcdf49f6 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -204,6 +204,14 @@ func reqToken() func(ctx *context.APIContext) {
 	}
 }
 
+func reqExploreSignIn() func(ctx *context.APIContext) {
+	return func(ctx *context.APIContext) {
+		if setting.Service.Explore.RequireSigninView && !ctx.IsSigned {
+			ctx.Error(http.StatusUnauthorized, "reqExploreSignIn", "you must be signed in to search for users")
+		}
+	}
+}
+
 func reqBasicAuth() func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
 		if !ctx.Context.IsBasicAuth {
@@ -603,16 +611,16 @@ func Routes() *web.Route {
 
 		// Users
 		m.Group("/users", func() {
-			m.Get("/search", user.Search)
+			m.Get("/search", reqExploreSignIn(), user.Search)
 
 			m.Group("/{username}", func() {
-				m.Get("", user.GetInfo)
+				m.Get("", reqExploreSignIn(), user.GetInfo)
 
 				if setting.Service.EnableUserHeatmap {
 					m.Get("/heatmap", user.GetUserHeatmapData)
 				}
 
-				m.Get("/repos", user.ListUserRepos)
+				m.Get("/repos", reqExploreSignIn(), user.ListUserRepos)
 				m.Group("/tokens", func() {
 					m.Combo("").Get(user.ListAccessTokens).
 						Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
diff --git a/routers/home.go b/routers/home.go
index 6505a4180d..9f54c7aa64 100644
--- a/routers/home.go
+++ b/routers/home.go
@@ -171,6 +171,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 
 // ExploreRepos render explore repositories page
 func ExploreRepos(ctx *context.Context) {
+	ctx.Data["UsersIsDisabled"] = setting.Service.Explore.DisableUsersPage
 	ctx.Data["Title"] = ctx.Tr("explore")
 	ctx.Data["PageIsExplore"] = true
 	ctx.Data["PageIsExploreRepositories"] = true
@@ -247,6 +248,10 @@ func RenderUserSearch(ctx *context.Context, opts *models.SearchUserOptions, tplN
 
 // ExploreUsers render explore users page
 func ExploreUsers(ctx *context.Context) {
+	if setting.Service.Explore.DisableUsersPage {
+		ctx.Redirect(setting.AppSubURL + "/explore/repos")
+		return
+	}
 	ctx.Data["Title"] = ctx.Tr("explore")
 	ctx.Data["PageIsExplore"] = true
 	ctx.Data["PageIsExploreUsers"] = true
@@ -263,6 +268,7 @@ func ExploreUsers(ctx *context.Context) {
 
 // ExploreOrganizations render explore organizations page
 func ExploreOrganizations(ctx *context.Context) {
+	ctx.Data["UsersIsDisabled"] = setting.Service.Explore.DisableUsersPage
 	ctx.Data["Title"] = ctx.Tr("explore")
 	ctx.Data["PageIsExplore"] = true
 	ctx.Data["PageIsExploreOrganizations"] = true
@@ -288,6 +294,7 @@ func ExploreCode(ctx *context.Context) {
 		return
 	}
 
+	ctx.Data["UsersIsDisabled"] = setting.Service.Explore.DisableUsersPage
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
 	ctx.Data["Title"] = ctx.Tr("explore")
 	ctx.Data["PageIsExplore"] = true
diff --git a/routers/routes/web.go b/routers/routes/web.go
index 22774b2cdc..08faa274a5 100644
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -286,6 +286,7 @@ func goGet(ctx *context.Context) {
 func RegisterRoutes(m *web.Route) {
 	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
 	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
+	ignExploreSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView})
 	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
 	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
 
@@ -335,7 +336,7 @@ func RegisterRoutes(m *web.Route) {
 		m.Get("/users", routers.ExploreUsers)
 		m.Get("/organizations", routers.ExploreOrganizations)
 		m.Get("/code", routers.ExploreCode)
-	}, ignSignIn)
+	}, ignExploreSignIn)
 	m.Get("/issues", reqSignIn, user.Issues)
 	m.Get("/pulls", reqSignIn, user.Pulls)
 	m.Get("/milestones", reqSignIn, reqMilestonesDashboardPageEnabled, user.Milestones)
author	zeripath <art27@cantab.net>	2021-03-11 13:40:54 +0000
committer	GitHub <noreply@github.com>	2021-03-11 13:40:54 +0000
commit	c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77 (patch)
tree	538c00f48c8d03979b0323b057cb7bd3ed19b969 /routers
parent	bc423a1e8445c01b5f590b86657c9a49b0bfdd8c (diff)
download	gitea-c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77.tar.gz gitea-c8e5c79cfda7e4c36b1a98c1abd3cdb50bde9d77.zip