forgejo/modules
Gergely Nagy e1fe3bbdc0
feat(quota): Humble beginnings of a quota engine
This is an implementation of a quota engine, and the API routes to
manage its settings. This does *not* contain any enforcement code: this
is just the bedrock, the engine itself.

The goal of the engine is to be flexible and future proof: to be nimble
enough to build on it further, without having to rewrite large parts of
it.

It might feel a little more complicated than necessary, because the goal
was to be able to support scenarios only very few Forgejo instances
need, scenarios the vast majority of mostly smaller instances simply do
not care about. The goal is to support both big and small, and for that,
we need a solid, flexible foundation.

There are thee big parts to the engine: counting quota use, setting
limits, and evaluating whether the usage is within the limits. Sounds
simple on paper, less so in practice!

Quota counting
==============

Quota is counted based on repo ownership, whenever possible, because
repo owners are in ultimate control over the resources they use: they
can delete repos, attachments, everything, even if they don't *own*
those themselves. They can clean up, and will always have the permission
and access required to do so. Would we count quota based on the owning
user, that could lead to situations where a user is unable to free up
space, because they uploaded a big attachment to a repo that has been
taken private since. It's both more fair, and much safer to count quota
against repo owners.

This means that if user A uploads an attachment to an issue opened
against organization O, that will count towards the quota of
organization O, rather than user A.

One's quota usage stats can be queried using the `/user/quota` API
endpoint. To figure out what's eating into it, the
`/user/repos?order_by=size`, `/user/quota/attachments`,
`/user/quota/artifacts`, and `/user/quota/packages` endpoints should be
consulted. There's also `/user/quota/check?subject=<...>` to check
whether the signed-in user is within a particular quota limit.

Quotas are counted based on sizes stored in the database.

Setting quota limits
====================

There are different "subjects" one can limit usage for. At this time,
only size-based limits are implemented, which are:

- `size:all`: As the name would imply, the total size of everything
  Forgejo tracks.
- `size:repos:all`: The total size of all repositories (not including
  LFS).
- `size:repos:public`: The total size of all public repositories (not
  including LFS).
- `size:repos:private`: The total size of all private repositories (not
  including LFS).
- `size:git:all`: The total size of all git data (including all
  repositories, and LFS).
- `size:git:lfs`: The size of all git LFS data (either in private or
  public repos).
- `size:assets:all`: The size of all assets tracked by Forgejo.
- `size:assets:attachments:all`: The size of all kinds of attachments
  tracked by Forgejo.
- `size:assets:attachments:issues`: Size of all attachments attached to
  issues, including issue comments.
- `size:assets:attachments:releases`: Size of all attachments attached
  to releases. This does *not* include automatically generated archives.
- `size:assets:artifacts`: Size of all Action artifacts.
- `size:assets:packages:all`: Size of all Packages.
- `size:wiki`: Wiki size

Wiki size is currently not tracked, and the engine will always deem it
within quota.

These subjects are built into Rules, which set a limit on *all* subjects
within a rule. Thus, we can create a rule that says: "1Gb limit on all
release assets, all packages, and git LFS, combined". For a rule to
stand, the total sum of all subjects must be below the rule's limit.

Rules are in turn collected into groups. A group is just a name, and a
list of rules. For a group to stand, all of its rules must stand. Thus,
if we have a group with two rules, one that sets a combined 1Gb limit on
release assets, all packages, and git LFS, and another rule that sets a
256Mb limit on packages, if the user has 512Mb of packages, the group
will not stand, because the second rule deems it over quota. Similarly,
if the user has only 128Mb of packages, but 900Mb of release assets, the
group will not stand, because the combined size of packages and release
assets is over the 1Gb limit of the first rule.

Groups themselves are collected into Group Lists. A group list stands
when *any* of the groups within stand. This allows an administrator to
set conservative defaults, but then place select users into additional
groups that increase some aspect of their limits.

To top it off, it is possible to set the default quota groups a user
belongs to in `app.ini`. If there's no explicit assignment, the engine
will use the default groups. This makes it possible to avoid having to
assign each and every user a list of quota groups, and only those need
to be explicitly assigned who need a different set of groups than the
defaults.

If a user has any quota groups assigned to them, the default list will
not be considered for them.

The management APIs
===================

This commit contains the engine itself, its unit tests, and the quota
management APIs. It does not contain any enforcement.

The APIs are documented in-code, and in the swagger docs, and the
integration tests can serve as an example on how to use them.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
..
actions Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
activitypub Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
analyze
assetfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
avatar Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
base Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
cache Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
charset Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
container Add container.FilterSlice function (gitea#30339) 2024-04-16 11:49:44 +02:00
csv Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
emoji
eventsource
forgefed fix review 2024-05-29 18:31:06 +02:00
generate Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
git Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
gitgraph Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
gitrepo Move get/set default branch from git package to gitrepo package to hide repopath (#29126) 2024-03-11 23:36:59 +07:00
graceful Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hcaptcha
highlight Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
hostmatcher
html
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
indexer Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
issue/template Issue Templates: add option to have dropdown printed list (#31577) 2024-07-22 15:44:13 +02:00
json
label
lfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
log Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
markup feat: allow color and background-color style properties for table cells (#4766) 2024-07-31 18:48:46 +00:00
mcaptcha
metrics Rename project board -> column to make the UI less confusing (#30170) 2024-06-02 09:42:39 +02:00
migration Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
nosql s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
optional Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
options
packages Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
paginator
pprof
private fix(hook): ignore unknown push options instead of failing 2024-07-02 21:39:01 +02:00
process Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
proxy
proxyprotocol
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
recaptcha
references Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
regexplru Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repository Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
secret Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
session Avoid importing modules/web/middleware in modules/session (#30584) 2024-04-21 16:28:16 +02:00
setting feat(quota): Humble beginnings of a quota engine 2024-08-02 11:10:34 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
structs feat(quota): Humble beginnings of a quota engine 2024-08-02 11:10:34 +02:00
svg
sync
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
templates Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
test test(util): MockProtect when mocking multiple times 2024-06-02 15:24:06 +02:00
testlogger Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
timeutil Remove the time-since class (#29826) 2024-03-20 08:46:30 +01:00
translation Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
turnstile
typesniffer Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
updatechecker Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user test: enforce tenv usage in tests 2024-07-17 23:07:41 +02:00
util Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
validation added validation fixes 2024-05-14 08:31:34 +02:00
web Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook Add support for workflow_dispatch (#3334) 2024-06-28 05:17:11 +00:00