0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-09 03:21:45 +01:00
gitea/web_src/css/helpers.css
Jack Hay 18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00

280 lines
12 KiB
CSS

/*
Gitea's tailwind-style CSS helper classes have `gt-` prefix.
Gitea's private styles use `g-` prefix.
*/
.gt-db { display: block !important; }
.gt-df { display: flex !important; }
.gt-di { display: inline !important; }
.gt-dif { display: inline-flex !important; }
.gt-dib { display: inline-block !important; }
.gt-ac { align-items: center !important; }
.gt-ab { align-items: baseline !important; }
.gt-tc { text-align: center !important; }
.gt-tl { text-align: left !important; }
.gt-tdn { text-decoration: none !important; }
.gt-jc { justify-content: center !important; }
.gt-js { justify-content: flex-start !important; }
.gt-je { justify-content: flex-end !important; }
.gt-sb { justify-content: space-between !important; }
.gt-fc { flex-direction: column !important; }
.gt-f1 { flex: 1 !important; }
.gt-fw { flex-wrap: wrap !important; }
.gt-vm { vertical-align: middle !important; }
.gt-w-100 { width: 100% !important; }
.gt-h-100 { height: 100% !important; }
.gt-br-0 { border-radius: 0 !important; }
.gt-mono {
font-family: var(--fonts-monospace) !important;
font-size: .95em !important; /* compensate for monospace fonts being usually slightly larger */
}
.gt-word-break {
word-wrap: break-word !important;
word-break: break-word; /* compat: Safari */
overflow-wrap: anywhere;
}
.gt-ellipsis {
overflow: hidden !important;
white-space: nowrap !important;
text-overflow: ellipsis !important;
}
.g-table-auto-ellipsis td.auto-ellipsis {
position: relative;
}
.g-table-auto-ellipsis td.auto-ellipsis span {
position: absolute;
left: 0;
right: 0;
top: 0;
bottom: 0;
padding: inherit;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
.gt-max-width-24rem { max-width: 24rem !important; }
/* below class names match Tailwind CSS */
.gt-break-all { word-break: break-all !important; }
.gt-content-center { align-content: center !important; }
.gt-cursor-default { cursor: default !important; }
.gt-cursor-pointer { cursor: pointer !important; }
.gt-invisible { visibility: hidden !important; }
.gt-items-start { align-items: flex-start !important; }
.gt-pointer-events-none { pointer-events: none !important; }
.gt-relative { position: relative !important; }
.gt-whitespace-nowrap { white-space: nowrap !important; }
.gt-whitespace-pre { white-space: pre !important; }
.gt-whitespace-pre-wrap { white-space: pre-wrap !important; }
.gt-object-contain { object-fit: contain !important; }
.gt-self-center { align-self: center !important; }
.gt-self-start { align-self: flex-start !important; }
.gt-self-end { align-self: flex-end !important; }
.gt-overflow-x-auto { overflow-x: auto !important; }
.gt-overflow-x-scroll { overflow-x: scroll !important; }
.gt-overflow-y-hidden { overflow-y: hidden !important; }
.gt-w-screen { width: 100vw !important; }
.gt-h-screen { height: 100vh !important; }
.gt-float-left { float: left !important; }
.gt-float-right { float: right !important; }
.gt-font-light { font-weight: var(--font-weight-light) !important; }
.gt-font-normal { font-weight: var(--font-weight-normal) !important; }
.gt-font-medium { font-weight: var(--font-weight-medium) !important; }
.gt-font-semibold { font-weight: var(--font-weight-semibold) !important; }
.gt-font-bold { font-weight: var(--font-weight-bold) !important; }
.gt-rounded { border-radius: var(--border-radius) !important; }
.gt-rounded-top { border-radius: var(--border-radius) var(--border-radius) 0 0 !important; }
.gt-rounded-bottom { border-radius: 0 0 var(--border-radius) var(--border-radius) !important; }
.gt-rounded-left { border-radius: var(--border-radius) 0 0 var(--border-radius) !important; }
.gt-rounded-right { border-radius: 0 var(--border-radius) var(--border-radius) 0 !important; }
.gt-border-secondary { border: 1px solid var(--color-secondary) !important; }
.gt-border-secondary-top { border-top: 1px solid var(--color-secondary) !important; }
.gt-border-secondary-bottom { border-bottom: 1px solid var(--color-secondary) !important; }
.gt-border-secondary-left { border-left: 1px solid var(--color-secondary) !important; }
.gt-border-secondary-right { border-right: 1px solid var(--color-secondary) !important; }
.gt-no-transition { transition: none !important; }
.gt-bg-red { background: var(--color-red) !important; }
.gt-bg-orange { background: var(--color-orange) !important; }
.gt-bg-yellow { background: var(--color-yellow) !important; }
.gt-bg-olive { background: var(--color-olive) !important; }
.gt-bg-green { background: var(--color-green) !important; }
.gt-bg-teal { background: var(--color-teal) !important; }
.gt-bg-blue { background: var(--color-blue) !important; }
.gt-bg-violet { background: var(--color-violet) !important; }
.gt-bg-purple { background: var(--color-purple) !important; }
.gt-bg-pink { background: var(--color-pink) !important; }
.gt-bg-brown { background: var(--color-brown) !important; }
.gt-bg-grey { background: var(--color-grey) !important; }
.gt-bg-gold { background: var(--color-gold) !important; }
.gt-bg-transparent { background: transparent !important; }
.gt-text-white { color: var(--color-white) !important; }
.gt-m-0 { margin: 0 !important; }
.gt-m-1 { margin: .125rem !important; }
.gt-m-2 { margin: .25rem !important; }
.gt-m-3 { margin: .5rem !important; }
.gt-m-4 { margin: 1rem !important; }
.gt-m-5 { margin: 2rem !important; }
.gt-ml-0 { margin-left: 0 !important; }
.gt-ml-1 { margin-left: .125rem !important; }
.gt-ml-2 { margin-left: .25rem !important; }
.gt-ml-3 { margin-left: .5rem !important; }
.gt-ml-4 { margin-left: 1rem !important; }
.gt-ml-5 { margin-left: 2rem !important; }
.gt-mr-0 { margin-right: 0 !important; }
.gt-mr-1 { margin-right: .125rem !important; }
.gt-mr-2 { margin-right: .25rem !important; }
.gt-mr-3 { margin-right: .5rem !important; }
.gt-mr-4 { margin-right: 1rem !important; }
.gt-mr-5 { margin-right: 2rem !important; }
.gt-mt-0 { margin-top: 0 !important; }
.gt-mt-1 { margin-top: .125rem !important; }
.gt-mt-2 { margin-top: .25rem !important; }
.gt-mt-3 { margin-top: .5rem !important; }
.gt-mt-4 { margin-top: 1rem !important; }
.gt-mt-5 { margin-top: 2rem !important; }
.gt-mb-0 { margin-bottom: 0 !important; }
.gt-mb-1 { margin-bottom: .125rem !important; }
.gt-mb-2 { margin-bottom: .25rem !important; }
.gt-mb-3 { margin-bottom: .5rem !important; }
.gt-mb-4 { margin-bottom: 1rem !important; }
.gt-mb-5 { margin-bottom: 2rem !important; }
.gt-mx-0 { margin-left: 0 !important; margin-right: 0 !important; }
.gt-mx-1 { margin-left: .125rem !important; margin-right: .125rem !important; }
.gt-mx-2 { margin-left: .25rem !important; margin-right: .25rem !important; }
.gt-mx-3 { margin-left: .5rem !important; margin-right: .5rem !important; }
.gt-mx-4 { margin-left: 1rem !important; margin-right: 1rem !important; }
.gt-mx-5 { margin-left: 2rem !important; margin-right: 2rem !important; }
.gt-my-0 { margin-top: 0 !important; margin-bottom: 0 !important; }
.gt-my-1 { margin-top: .125rem !important; margin-bottom: .125rem !important; }
.gt-my-2 { margin-top: .25rem !important; margin-bottom: .25rem !important; }
.gt-my-3 { margin-top: .5rem !important; margin-bottom: .5rem !important; }
.gt-my-4 { margin-top: 1rem !important; margin-bottom: 1rem !important; }
.gt-my-5 { margin-top: 2rem !important; margin-bottom: 2rem !important; }
.gt-m-auto { margin: auto !important; }
.gt-mx-auto { margin-left: auto !important; margin-right: auto !important; }
.gt-my-auto { margin-top: auto !important; margin-bottom: auto !important; }
.gt-mt-auto { margin-top: auto !important; }
.gt-mr-auto { margin-right: auto !important; }
.gt-mb-auto { margin-bottom: auto !important; }
.gt-ml-auto { margin-left: auto !important; }
.gt-p-0 { padding: 0 !important; }
.gt-p-1 { padding: .125rem !important; }
.gt-p-2 { padding: .25rem !important; }
.gt-p-3 { padding: .5rem !important; }
.gt-p-4 { padding: 1rem !important; }
.gt-p-5 { padding: 2rem !important; }
.gt-pl-0 { padding-left: 0 !important; }
.gt-pl-1 { padding-left: .125rem !important; }
.gt-pl-2 { padding-left: .25rem !important; }
.gt-pl-3 { padding-left: .5rem !important; }
.gt-pl-4 { padding-left: 1rem !important; }
.gt-pl-5 { padding-left: 2rem !important; }
.gt-pr-0 { padding-right: 0 !important; }
.gt-pr-1 { padding-right: .125rem !important; }
.gt-pr-2 { padding-right: .25rem !important; }
.gt-pr-3 { padding-right: .5rem !important; }
.gt-pr-4 { padding-right: 1rem !important; }
.gt-pr-5 { padding-right: 2rem !important; }
.gt-pt-0 { padding-top: 0 !important; }
.gt-pt-1 { padding-top: .125rem !important; }
.gt-pt-2 { padding-top: .25rem !important; }
.gt-pt-3 { padding-top: .5rem !important; }
.gt-pt-4 { padding-top: 1rem !important; }
.gt-pt-5 { padding-top: 2rem !important; }
.gt-pb-0 { padding-bottom: 0 !important; }
.gt-pb-1 { padding-bottom: .125rem !important; }
.gt-pb-2 { padding-bottom: .25rem !important; }
.gt-pb-3 { padding-bottom: .5rem !important; }
.gt-pb-4 { padding-bottom: 1rem !important; }
.gt-pb-5 { padding-bottom: 2rem !important; }
.gt-px-0 { padding-left: 0 !important; padding-right: 0 !important; }
.gt-px-1 { padding-left: .125rem !important; padding-right: .125rem !important; }
.gt-px-2 { padding-left: .25rem !important; padding-right: .25rem !important; }
.gt-px-3 { padding-left: .5rem !important; padding-right: .5rem !important; }
.gt-px-4 { padding-left: 1rem !important; padding-right: 1rem !important; }
.gt-px-5 { padding-left: 2rem !important; padding-right: 2rem !important; }
.gt-py-0 { padding-top: 0 !important; padding-bottom: 0 !important; }
.gt-py-1 { padding-top: .125rem !important; padding-bottom: .125rem !important; }
.gt-py-2 { padding-top: .25rem !important; padding-bottom: .25rem !important; }
.gt-py-3 { padding-top: .5rem !important; padding-bottom: .5rem !important; }
.gt-py-4 { padding-top: 1rem !important; padding-bottom: 1rem !important; }
.gt-py-5 { padding-top: 2rem !important; padding-bottom: 2rem !important; }
.gt-gap-0 { gap: 0 !important; }
.gt-gap-1 { gap: .125rem !important; }
.gt-gap-2 { gap: .25rem !important; }
.gt-gap-3 { gap: .5rem !important; }
.gt-gap-4 { gap: 1rem !important; }
.gt-gap-5 { gap: 2rem !important; }
.gt-gap-x-0 { column-gap: 0 !important; }
.gt-gap-x-1 { column-gap: .125rem !important; }
.gt-gap-x-2 { column-gap: .25rem !important; }
.gt-gap-x-3 { column-gap: .5rem !important; }
.gt-gap-x-4 { column-gap: 1rem !important; }
.gt-gap-x-5 { column-gap: 2rem !important; }
.gt-gap-y-0 { row-gap: 0 !important; }
.gt-gap-y-1 { row-gap: .125rem !important; }
.gt-gap-y-2 { row-gap: .25rem !important; }
.gt-gap-y-3 { row-gap: .5rem !important; }
.gt-gap-y-4 { row-gap: 1rem !important; }
.gt-gap-y-5 { row-gap: 2rem !important; }
.gt-shrink-0 { flex-shrink: 0 !important; }
.gt-font-13 { font-size: 13px !important }
.gt-font-14 { font-size: 14px !important }
.gt-font-15 { font-size: 15px !important }
.gt-font-16 { font-size: 16px !important }
.gt-font-17 { font-size: 17px !important }
.gt-font-18 { font-size: 18px !important }
@media (max-width: 767px) {
.gt-db-small { display: block !important; }
.gt-w-100-small { width: 100% !important; }
.gt-js-small { justify-content: flex-start !important; }
}
/*
gt-hidden must be placed after all other "display: xxx !important" classes to win the chance
do not use:
* "[hidden]" attribute: it's too weak, can not be applied to an element with "display: flex"
* ".hidden" class: it has been polluted by Fomantic UI in many cases
* inline style="display: none": it's difficult to tweak
* jQuery's show/hide/toggle: it can not show/hide elements with "display: xxx !important"
only use:
* this ".gt-hidden" class
* showElem/hideElem/toggleElem functions in "utils/dom.js"
*/
.gt-hidden { display: none !important; }