Prevent NPE when cache service is disabled #19703
Conversation
The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. There are also several bug fixes in the /nodeinfo API endpoint. Signed-off-by: Andrew Thornton <art27@cantab.net>
GiteaBot
added
the
lgtm/need 1
|
I think we should create some "noop cache" that we would just can use instead if option is filped as fix it's ok |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
I don't feel comfortable approving this PR, this feels too error-prone to have such NPE against because we forgot we need to check if CacheService is enabled. @6543 suggestions seems reasonable. |
|
Maybe you mean #19708 |
|
IIRC this problem has been discussed in discord long time ago. The agreement at that time was: always use a builtin cache if there is no external cache (eg: use the builtin cache called Around 02/14/2022:
|
This comment was marked as outdated.
This comment was marked as outdated.
|
@wxiaoguang we do have memcache enabled by default! https://docs.gitea.io/en-us/config-cheat-sheet/#cache-cache |
Yes, but the panic is caused by some users who disable the cache manually. The related issue has the details:
That's why the agreement on 02/14/2022 came: either always enable the cache (remove the option from app.ini), or make all logic correct without cache (protect users from email spam attacking even if there is no cache) (no blocker from my side, I just try to mention the plan and risk which has been discussed before, while always using a builtin cache as default is the best choice in my mind). |
Hm, the email part should be refactor. |
|
The NPEs have been useful for spotting bugs in the past. For example the problems in nodeinfo |
Extract from go-gitea#19703 Signed-off-by: Andrew Thornton <art27@cantab.net>
Extract from #19703 Signed-off-by: Andrew Thornton <art27@cantab.net>
GiteaBot
added
lgtm/done
* giteaofficial/main: Prevent NPE when cache service is disabled (go-gitea#19703) Detect truncated utf-8 characters at the end of content as still representing utf-8 (go-gitea#19773) Add silentcodeg to MAINTAINERS (go-gitea#19771) Allows repo search to match against "owner/repo" pattern strings (go-gitea#19754) Update JS dependencies (go-gitea#19767) Nuke the incorrect permission report on /api/v1/notifications (go-gitea#19761)
Backport go-gitea#19703 The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. Signed-off-by: Andrew Thornton <art27@cantab.net>
Backport #19703 The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
## [1.16.9](https://github.com/go-gitea/gitea/releases/tag/1.16.9) - 2022-06-20 * BUGFIXES * Fix permission check for delete tag (go-gitea#19985) (go-gitea#20001) * Only log non ErrNotExist errors in git.GetNote (go-gitea#19884) (go-gitea#19905) * Use exact search instead of fuzzy search for branch filter dropdown (go-gitea#19885) (go-gitea#19893) * Set Setpgid on child git processes (go-gitea#19865) (go-gitea#19881) * Import git from alpine 3.16 repository as 2.30.4 is needed for `safe.directory = '*'` to work but alpine 3.13 has 2.30.3 (go-gitea#19876) * Ensure responses are context.ResponseWriters (go-gitea#19843) (go-gitea#19859) * Fix count bug (go-gitea#19850) * Fix raw endpoint PDF file headers (go-gitea#19825) (go-gitea#19826) * Make WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (go-gitea#19780) (go-gitea#19811) * Fix NotificationUnreadCount (go-gitea#19802) * Prevent NPE when cache service is disabled (go-gitea#19703) (go-gitea#19783) * Detect truncated utf-8 characters at the end of content as still representing utf-8 (go-gitea#19773) (go-gitea#19774) * Fix doctor pq: syntax error at or near "." quote user table name (go-gitea#19765) (go-gitea#19770) * Fix bug (go-gitea#19757) Signed-off-by: Andrew Thornton <art27@cantab.net>
…19721) Extract from go-gitea#19703 Signed-off-by: Andrew Thornton <art27@cantab.net>
The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. There are also several bug fixes in the /nodeinfo API endpoint. Signed-off-by: Andrew Thornton <art27@cantab.net>
The cache service can be disabled - at which point ctx.Cache will be nil
and the use of it will cause an NPE.
The main part of this PR is that the cache is used for restricting
resending of activation mails and without this we cache we cannot
restrict this. Whilst this code could be re-considered to use the db and
probably should be, I think we can simply disable this code in the case
that the cache is disabled.
There are also several bug fixes in the /nodeinfo API endpoint.
Fix #18749
Signed-off-by: Andrew Thornton art27@cantab.net