Files
gitea/models/system/appstate.go
Lunny Xiao cbe1b703dc refactor: Use db.Get[] instead of db.GetEngine(ctx).Get(bean) to avoid zero value fetching wrong database record (#37977)
This PR replaces a set of struct-based `Get` lookups with explicit
`db.Get` / `db.Exist` conditions in places where zero-value fields can
lead to ambiguous matches or incorrect records being returned.

The main goal is to make read paths deterministic and avoid accidentally
matching the wrong row when only part of a struct is populated.

### What changed

- replace many `db.GetEngine(ctx).Get(bean)` calls with explicit
`builder.Eq` conditions across models such as actions, admin tasks,
issues, pull requests, repositories, users, packages, redirects,
watches, stars, and follows
- use quoted column names where needed for reserved fields like `index`,
`type`, and `name`
- add dedicated user lookup helpers for:
  - primary email
  - OAuth login source / login name
- update sign-in and OAuth-related flows to use explicit individual-user
lookups instead of partially populated `User` structs
- tighten package property and Terraform lock lookups to avoid ambiguous
reads and updates
- keep existing fallback behavior where needed, while removing reliance
on zero-value struct matching

### User-facing impact

These changes primarily affect authentication and account lookup paths:

- email/username sign-in now re-fetches users through explicit keys
- OAuth2 auto-linking now resolves users by name or primary email
explicitly
- OAuth2 login/sync now looks up users by login source, login type, and
login name explicitly
- non-individual accounts are no longer implicitly matched through
partial user lookups in these flows

This should reduce the risk of incorrect account matches and make query
behavior more predictable across the codebase.

---------

Co-authored-by: bircni <bircni@icloud.com>
2026-06-27 10:24:02 -07:00

57 lines
1.4 KiB
Go

// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package system
import (
"context"
"gitea.dev/models/db"
"xorm.io/builder"
)
// AppState represents a state record in database
// if one day we would make Gitea run as a cluster,
// we can introduce a new field `Scope` here to store different states for different nodes
type AppState struct {
ID string `xorm:"pk varchar(200)"`
Revision int64
Content string `xorm:"LONGTEXT"`
}
func init() {
db.RegisterModel(new(AppState))
}
// SaveAppStateContent saves the app state item to database
func SaveAppStateContent(ctx context.Context, key, content string) error {
return db.WithTx(ctx, func(ctx context.Context) error {
eng := db.GetEngine(ctx)
// try to update existing row
res, err := eng.Exec("UPDATE app_state SET revision=revision+1, content=? WHERE id=?", content, key)
if err != nil {
return err
}
rows, _ := res.RowsAffected()
if rows != 0 {
// the existing row is updated, so we can return
return nil
}
// if no existing row, insert a new row
_, err = eng.Insert(&AppState{ID: key, Content: content})
return err
})
}
// GetAppStateContent gets an app state from database
func GetAppStateContent(ctx context.Context, key string) (content string, err error) {
appState, has, err := db.Get[AppState](ctx, builder.Eq{"id": key})
if err != nil {
return "", err
} else if !has {
return "", nil
}
return appState.Content, nil
}