From f183783baa67e7da0b0ae0909d3d6cb3045c0501 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 9 Sep 2024 17:05:16 -0400 Subject: Save initial signup information for users to aid in spam prevention (#31852) This will allow instance admins to view signup pattern patterns for public instances. It is modelled after discourse, mastodon, and MediaWiki's approaches. Note: This has privacy implications, but as the above-stated open-source projects take this approach, especially MediaWiki, which I have no doubt looked into this thoroughly, it is likely okay for us, too. However, I would be appreciative of any feedback on how this could be improved. --------- Co-authored-by: Giteabot --- modules/setting/security.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/setting/security.go b/modules/setting/security.go index 3d7b1f9ce7..3d12fcf8d9 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -37,6 +37,7 @@ var ( DisableQueryAuthToken bool CSRFCookieName = "_csrf" CSRFCookieHTTPOnly = true + RecordUserSignupMetadata = false ) // loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set @@ -164,6 +165,8 @@ func loadSecurityFrom(rootCfg ConfigProvider) { // TODO: default value should be true in future releases DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false) + RecordUserSignupMetadata = sec.Key("RECORD_USER_SIGNUP_METADATA").MustBool(false) + // warn if the setting is set to false explicitly if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken { log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.") -- cgit v1.2.3