code.gitea.io/gitea@v1.19.3/modules/setting/service.go (about)

     1  // Copyright 2019 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package setting
     5  
     6  import (
     7  	"regexp"
     8  	"strings"
     9  	"time"
    10  
    11  	"code.gitea.io/gitea/modules/log"
    12  	"code.gitea.io/gitea/modules/structs"
    13  )
    14  
    15  // enumerates all the types of captchas
    16  const (
    17  	ImageCaptcha = "image"
    18  	ReCaptcha    = "recaptcha"
    19  	HCaptcha     = "hcaptcha"
    20  	MCaptcha     = "mcaptcha"
    21  	CfTurnstile  = "cfturnstile"
    22  )
    23  
    24  // Service settings
    25  var Service = struct {
    26  	DefaultUserVisibility                   string
    27  	DefaultUserVisibilityMode               structs.VisibleType
    28  	AllowedUserVisibilityModes              []string
    29  	AllowedUserVisibilityModesSlice         AllowedVisibility `ini:"-"`
    30  	DefaultOrgVisibility                    string
    31  	DefaultOrgVisibilityMode                structs.VisibleType
    32  	ActiveCodeLives                         int
    33  	ResetPwdCodeLives                       int
    34  	RegisterEmailConfirm                    bool
    35  	RegisterManualConfirm                   bool
    36  	EmailDomainWhitelist                    []string
    37  	EmailDomainBlocklist                    []string
    38  	DisableRegistration                     bool
    39  	AllowOnlyInternalRegistration           bool
    40  	AllowOnlyExternalRegistration           bool
    41  	ShowRegistrationButton                  bool
    42  	ShowMilestonesDashboardPage             bool
    43  	RequireSignInView                       bool
    44  	EnableNotifyMail                        bool
    45  	EnableBasicAuth                         bool
    46  	EnableReverseProxyAuth                  bool
    47  	EnableReverseProxyAutoRegister          bool
    48  	EnableReverseProxyEmail                 bool
    49  	EnableReverseProxyFullName              bool
    50  	EnableCaptcha                           bool
    51  	RequireCaptchaForLogin                  bool
    52  	RequireExternalRegistrationCaptcha      bool
    53  	RequireExternalRegistrationPassword     bool
    54  	CaptchaType                             string
    55  	RecaptchaSecret                         string
    56  	RecaptchaSitekey                        string
    57  	RecaptchaURL                            string
    58  	CfTurnstileSecret                       string
    59  	CfTurnstileSitekey                      string
    60  	HcaptchaSecret                          string
    61  	HcaptchaSitekey                         string
    62  	McaptchaSecret                          string
    63  	McaptchaSitekey                         string
    64  	McaptchaURL                             string
    65  	DefaultKeepEmailPrivate                 bool
    66  	DefaultAllowCreateOrganization          bool
    67  	DefaultUserIsRestricted                 bool
    68  	EnableTimetracking                      bool
    69  	DefaultEnableTimetracking               bool
    70  	DefaultEnableDependencies               bool
    71  	AllowCrossRepositoryDependencies        bool
    72  	DefaultAllowOnlyContributorsToTrackTime bool
    73  	NoReplyAddress                          string
    74  	EnableUserHeatmap                       bool
    75  	AutoWatchNewRepos                       bool
    76  	AutoWatchOnChanges                      bool
    77  	DefaultOrgMemberVisible                 bool
    78  	UserDeleteWithCommentsMaxTime           time.Duration
    79  	ValidSiteURLSchemes                     []string
    80  
    81  	// OpenID settings
    82  	EnableOpenIDSignIn bool
    83  	EnableOpenIDSignUp bool
    84  	OpenIDWhitelist    []*regexp.Regexp
    85  	OpenIDBlacklist    []*regexp.Regexp
    86  
    87  	// Explore page settings
    88  	Explore struct {
    89  		RequireSigninView bool `ini:"REQUIRE_SIGNIN_VIEW"`
    90  		DisableUsersPage  bool `ini:"DISABLE_USERS_PAGE"`
    91  	} `ini:"service.explore"`
    92  }{
    93  	AllowedUserVisibilityModesSlice: []bool{true, true, true},
    94  }
    95  
    96  // AllowedVisibility store in a 3 item bool array what is allowed
    97  type AllowedVisibility []bool
    98  
    99  // IsAllowedVisibility check if a AllowedVisibility allow a specific VisibleType
   100  func (a AllowedVisibility) IsAllowedVisibility(t structs.VisibleType) bool {
   101  	if int(t) >= len(a) {
   102  		return false
   103  	}
   104  	return a[t]
   105  }
   106  
   107  // ToVisibleTypeSlice convert a AllowedVisibility into a VisibleType slice
   108  func (a AllowedVisibility) ToVisibleTypeSlice() (result []structs.VisibleType) {
   109  	for i, v := range a {
   110  		if v {
   111  			result = append(result, structs.VisibleType(i))
   112  		}
   113  	}
   114  	return result
   115  }
   116  
   117  func loadServiceFrom(rootCfg ConfigProvider) {
   118  	sec := rootCfg.Section("service")
   119  	Service.ActiveCodeLives = sec.Key("ACTIVE_CODE_LIVE_MINUTES").MustInt(180)
   120  	Service.ResetPwdCodeLives = sec.Key("RESET_PASSWD_CODE_LIVE_MINUTES").MustInt(180)
   121  	Service.DisableRegistration = sec.Key("DISABLE_REGISTRATION").MustBool()
   122  	Service.AllowOnlyInternalRegistration = sec.Key("ALLOW_ONLY_INTERNAL_REGISTRATION").MustBool()
   123  	Service.AllowOnlyExternalRegistration = sec.Key("ALLOW_ONLY_EXTERNAL_REGISTRATION").MustBool()
   124  	if Service.AllowOnlyExternalRegistration && Service.AllowOnlyInternalRegistration {
   125  		log.Warn("ALLOW_ONLY_INTERNAL_REGISTRATION and ALLOW_ONLY_EXTERNAL_REGISTRATION are true - disabling registration")
   126  		Service.DisableRegistration = true
   127  	}
   128  	if !sec.Key("REGISTER_EMAIL_CONFIRM").MustBool() {
   129  		Service.RegisterManualConfirm = sec.Key("REGISTER_MANUAL_CONFIRM").MustBool(false)
   130  	} else {
   131  		Service.RegisterManualConfirm = false
   132  	}
   133  	Service.EmailDomainWhitelist = sec.Key("EMAIL_DOMAIN_WHITELIST").Strings(",")
   134  	Service.EmailDomainBlocklist = sec.Key("EMAIL_DOMAIN_BLOCKLIST").Strings(",")
   135  	Service.ShowRegistrationButton = sec.Key("SHOW_REGISTRATION_BUTTON").MustBool(!(Service.DisableRegistration || Service.AllowOnlyExternalRegistration))
   136  	Service.ShowMilestonesDashboardPage = sec.Key("SHOW_MILESTONES_DASHBOARD_PAGE").MustBool(true)
   137  	Service.RequireSignInView = sec.Key("REQUIRE_SIGNIN_VIEW").MustBool()
   138  	Service.EnableBasicAuth = sec.Key("ENABLE_BASIC_AUTHENTICATION").MustBool(true)
   139  	Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
   140  	Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
   141  	Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool()
   142  	Service.EnableReverseProxyFullName = sec.Key("ENABLE_REVERSE_PROXY_FULL_NAME").MustBool()
   143  	Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false)
   144  	Service.RequireCaptchaForLogin = sec.Key("REQUIRE_CAPTCHA_FOR_LOGIN").MustBool(false)
   145  	Service.RequireExternalRegistrationCaptcha = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA").MustBool(Service.EnableCaptcha)
   146  	Service.RequireExternalRegistrationPassword = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_PASSWORD").MustBool()
   147  	Service.CaptchaType = sec.Key("CAPTCHA_TYPE").MustString(ImageCaptcha)
   148  	Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("")
   149  	Service.RecaptchaSitekey = sec.Key("RECAPTCHA_SITEKEY").MustString("")
   150  	Service.RecaptchaURL = sec.Key("RECAPTCHA_URL").MustString("https://www.google.com/recaptcha/")
   151  	Service.CfTurnstileSecret = sec.Key("CF_TURNSTILE_SECRET").MustString("")
   152  	Service.CfTurnstileSitekey = sec.Key("CF_TURNSTILE_SITEKEY").MustString("")
   153  	Service.HcaptchaSecret = sec.Key("HCAPTCHA_SECRET").MustString("")
   154  	Service.HcaptchaSitekey = sec.Key("HCAPTCHA_SITEKEY").MustString("")
   155  	Service.McaptchaURL = sec.Key("MCAPTCHA_URL").MustString("https://demo.mcaptcha.org/")
   156  	Service.McaptchaSecret = sec.Key("MCAPTCHA_SECRET").MustString("")
   157  	Service.McaptchaSitekey = sec.Key("MCAPTCHA_SITEKEY").MustString("")
   158  	Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
   159  	Service.DefaultAllowCreateOrganization = sec.Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").MustBool(true)
   160  	Service.DefaultUserIsRestricted = sec.Key("DEFAULT_USER_IS_RESTRICTED").MustBool(false)
   161  	Service.EnableTimetracking = sec.Key("ENABLE_TIMETRACKING").MustBool(true)
   162  	if Service.EnableTimetracking {
   163  		Service.DefaultEnableTimetracking = sec.Key("DEFAULT_ENABLE_TIMETRACKING").MustBool(true)
   164  	}
   165  	Service.DefaultEnableDependencies = sec.Key("DEFAULT_ENABLE_DEPENDENCIES").MustBool(true)
   166  	Service.AllowCrossRepositoryDependencies = sec.Key("ALLOW_CROSS_REPOSITORY_DEPENDENCIES").MustBool(true)
   167  	Service.DefaultAllowOnlyContributorsToTrackTime = sec.Key("DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME").MustBool(true)
   168  	Service.NoReplyAddress = sec.Key("NO_REPLY_ADDRESS").MustString("noreply." + Domain)
   169  	Service.EnableUserHeatmap = sec.Key("ENABLE_USER_HEATMAP").MustBool(true)
   170  	Service.AutoWatchNewRepos = sec.Key("AUTO_WATCH_NEW_REPOS").MustBool(true)
   171  	Service.AutoWatchOnChanges = sec.Key("AUTO_WATCH_ON_CHANGES").MustBool(false)
   172  	Service.DefaultUserVisibility = sec.Key("DEFAULT_USER_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
   173  	Service.DefaultUserVisibilityMode = structs.VisibilityModes[Service.DefaultUserVisibility]
   174  	Service.AllowedUserVisibilityModes = sec.Key("ALLOWED_USER_VISIBILITY_MODES").Strings(",")
   175  	if len(Service.AllowedUserVisibilityModes) != 0 {
   176  		Service.AllowedUserVisibilityModesSlice = []bool{false, false, false}
   177  		for _, sMode := range Service.AllowedUserVisibilityModes {
   178  			Service.AllowedUserVisibilityModesSlice[structs.VisibilityModes[sMode]] = true
   179  		}
   180  	}
   181  	Service.DefaultOrgVisibility = sec.Key("DEFAULT_ORG_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes))
   182  	Service.DefaultOrgVisibilityMode = structs.VisibilityModes[Service.DefaultOrgVisibility]
   183  	Service.DefaultOrgMemberVisible = sec.Key("DEFAULT_ORG_MEMBER_VISIBLE").MustBool()
   184  	Service.UserDeleteWithCommentsMaxTime = sec.Key("USER_DELETE_WITH_COMMENTS_MAX_TIME").MustDuration(0)
   185  	sec.Key("VALID_SITE_URL_SCHEMES").MustString("http,https")
   186  	Service.ValidSiteURLSchemes = sec.Key("VALID_SITE_URL_SCHEMES").Strings(",")
   187  	schemes := make([]string, len(Service.ValidSiteURLSchemes))
   188  	for _, scheme := range Service.ValidSiteURLSchemes {
   189  		scheme = strings.ToLower(strings.TrimSpace(scheme))
   190  		if scheme != "" {
   191  			schemes = append(schemes, scheme)
   192  		}
   193  	}
   194  	Service.ValidSiteURLSchemes = schemes
   195  
   196  	mustMapSetting(rootCfg, "service.explore", &Service.Explore)
   197  
   198  	loadOpenIDSetting(rootCfg)
   199  }
   200  
   201  func loadOpenIDSetting(rootCfg ConfigProvider) {
   202  	sec := rootCfg.Section("openid")
   203  	Service.EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(!InstallLock)
   204  	Service.EnableOpenIDSignUp = sec.Key("ENABLE_OPENID_SIGNUP").MustBool(!Service.DisableRegistration && Service.EnableOpenIDSignIn)
   205  	pats := sec.Key("WHITELISTED_URIS").Strings(" ")
   206  	if len(pats) != 0 {
   207  		Service.OpenIDWhitelist = make([]*regexp.Regexp, len(pats))
   208  		for i, p := range pats {
   209  			Service.OpenIDWhitelist[i] = regexp.MustCompilePOSIX(p)
   210  		}
   211  	}
   212  	pats = sec.Key("BLACKLISTED_URIS").Strings(" ")
   213  	if len(pats) != 0 {
   214  		Service.OpenIDBlacklist = make([]*regexp.Regexp, len(pats))
   215  		for i, p := range pats {
   216  			Service.OpenIDBlacklist[i] = regexp.MustCompilePOSIX(p)
   217  		}
   218  	}
   219  }