routers/api/v1/user/user.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors.
// SPDX-License-Identifier: MIT

package user

import (
	"net/http"

	activities_model "code.gitea.io/gitea/models/activities"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/routers/api/v1/utils"
	"code.gitea.io/gitea/services/context"
	"code.gitea.io/gitea/services/convert"
	feed_service "code.gitea.io/gitea/services/feed"
)

// Search search users
func Search(ctx *context.APIContext) {
	// swagger:operation GET /users/search user userSearch
	// ---
	// summary: Search for users
	// produces:
	// - application/json
	// parameters:
	// - name: q
	//   in: query
	//   description: keyword
	//   type: string
	// - name: uid
	//   in: query
	//   description: ID of the user to search for
	//   type: integer
	//   format: int64
	// - name: page
	//   in: query
	//   description: page number of results to return (1-based)
	//   type: integer
	// - name: limit
	//   in: query
	//   description: page size of results
	//   type: integer
	// responses:
	//   "200":
	//     description: "SearchResults of a successful search"
	//     schema:
	//       type: object
	//       properties:
	//         ok:
	//           type: boolean
	//         data:
	//           type: array
	//           items:
	//             "$ref": "#/definitions/User"

	listOptions := utils.GetListOptions(ctx)

	uid := ctx.FormInt64("uid")
	var users []*user_model.User
	var maxResults int64
	var err error

	switch uid {
	case user_model.GhostUserID:
		maxResults = 1
		users = []*user_model.User{user_model.NewGhostUser()}
	case user_model.ActionsUserID:
		maxResults = 1
		users = []*user_model.User{user_model.NewActionsUser()}
	default:
		opts := user_model.SearchUserOptions{
			Actor:         ctx.Doer,
			Keyword:       ctx.FormTrim("q"),
			UID:           uid,
			Types:         []user_model.UserType{user_model.UserTypeIndividual},
			SearchByEmail: true,
			ListOptions:   listOptions,
		}
		opts.ApplyPublicOnly(ctx.PublicOnly)
		users, maxResults, err = user_model.SearchUsers(ctx, opts)
		if err != nil {
			ctx.JSON(http.StatusInternalServerError, map[string]any{
				"ok":    false,
				"error": err.Error(),
			})
			return
		}
	}

	ctx.SetLinkHeader(maxResults, listOptions.PageSize)
	ctx.SetTotalCountHeader(maxResults)

	ctx.JSON(http.StatusOK, map[string]any{
		"ok":   true,
		"data": convert.ToUsers(ctx, ctx.Doer, users),
	})
}

// GetInfo get user's information
func GetInfo(ctx *context.APIContext) {
	// swagger:operation GET /users/{username} user userGet
	// ---
	// summary: Get a user
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of the user whose data is to be listed
	//   type: string
	//   required: true
	// responses:
	//   "200":
	//     "$ref": "#/responses/User"
	//   "404":
	//     "$ref": "#/responses/notFound"

	if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
		// fake ErrUserNotExist error message to not leak information about existence
		ctx.APIErrorNotFound("GetUserByName", user_model.ErrUserNotExist{Name: ctx.PathParam("username")})
		return
	}
	ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.ContextUser, ctx.Doer))
}

// GetAuthenticatedUser get current user's information
func GetAuthenticatedUser(ctx *context.APIContext) {
	// swagger:operation GET /user user userGetCurrent
	// ---
	// summary: Get the authenticated user
	// produces:
	// - application/json
	// responses:
	//   "200":
	//     "$ref": "#/responses/User"

	ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.Doer, ctx.Doer))
}

// GetUserHeatmapData is the handler to get a users heatmap
func GetUserHeatmapData(ctx *context.APIContext) {
	// swagger:operation GET /users/{username}/heatmap user userGetHeatmapData
	// ---
	// summary: Get a user's heatmap
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of the user whose heatmap is to be obtained
	//   type: string
	//   required: true
	// responses:
	//   "200":
	//     "$ref": "#/responses/UserHeatmapData"
	//   "404":
	//     "$ref": "#/responses/notFound"

	heatmap, err := activities_model.GetUserHeatmapDataByUser(ctx, ctx.ContextUser, ctx.Doer)
	if err != nil {
		ctx.APIErrorInternal(err)
		return
	}
	ctx.JSON(http.StatusOK, heatmap)
}

func ListUserActivityFeeds(ctx *context.APIContext) {
	// swagger:operation GET /users/{username}/activities/feeds user userListActivityFeeds
	// ---
	// summary: List a user's activity feeds
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of the user whose activity feeds are to be listed
	//   type: string
	//   required: true
	// - name: only-performed-by
	//   in: query
	//   description: if true, only show actions performed by the requested user
	//   type: boolean
	// - name: date
	//   in: query
	//   description: the date of the activities to be found
	//   type: string
	//   format: date
	// - name: page
	//   in: query
	//   description: page number of results to return (1-based)
	//   type: integer
	// - name: limit
	//   in: query
	//   description: page size of results
	//   type: integer
	// responses:
	//   "200":
	//     "$ref": "#/responses/ActivityFeedsList"
	//   "404":
	//     "$ref": "#/responses/notFound"

	includePrivate := ctx.IsSigned && (ctx.Doer.IsAdmin || ctx.Doer.ID == ctx.ContextUser.ID)
	listOptions := utils.GetListOptions(ctx)

	opts := activities_model.GetFeedsOptions{
		RequestedUser:   ctx.ContextUser,
		Actor:           ctx.Doer,
		IncludePrivate:  includePrivate,
		OnlyPerformedBy: ctx.FormBool("only-performed-by"),
		Date:            ctx.FormString("date"),
		ListOptions:     listOptions,
	}
	opts.ApplyPublicOnly(ctx.PublicOnly)

	feeds, count, err := feed_service.GetFeeds(ctx, opts)
	if err != nil {
		ctx.APIErrorInternal(err)
		return
	}
	ctx.SetTotalCountHeader(count)

	ctx.JSON(http.StatusOK, convert.ToActivities(ctx, feeds, ctx.Doer))
}
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
API add/generalize pagination (#9452 ) 2020-01-24 19:00:29 +00:00			`// Copyright 2020 The Gitea Authors.`
Implement FSFE REUSE for golang files (#21840 ) 2022-11-27 13:20:29 -05:00			`// SPDX-License-Identifier: MIT`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00
refactor API routes and some work for #976 2015-12-04 17:16:42 -05:00			`package user`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00
			`import (`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00			`"net/http"`
fix: trim the whitespaces for the search keyword (#893 ) 2017-02-11 12:00:01 +08:00
Move some files into models' sub packages (#20262 ) 2022-08-25 10:31:57 +08:00			`activities_model "code.gitea.io/gitea/models/activities"`
Move user related model into models/user (#17781 ) 2021-11-24 17:49:20 +08:00			`user_model "code.gitea.io/gitea/models/user"`
API add/generalize pagination (#9452 ) 2020-01-24 19:00:29 +00:00			`"code.gitea.io/gitea/routers/api/v1/utils"`
Move context from modules to services (#29440 ) 2024-02-27 15:12:22 +08:00			`"code.gitea.io/gitea/services/context"`
Move `convert` package to services (#22264 ) 2022-12-29 03:57:15 +01:00			`"code.gitea.io/gitea/services/convert"`
Move GetFeeds to service layer (#32526 ) 2024-11-29 09:53:49 -08:00			`feed_service "code.gitea.io/gitea/services/feed"`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00			`)`

golint fixed for routers (#208 ) 2016-11-24 15:04:31 +08:00			`// Search search users`
Convert all API handers to use *context.APIContext 2016-03-13 18:49:16 -04:00			`func Search(ctx *context.APIContext) {`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// swagger:operation GET /users/search user userSearch`
			`// ---`
			`// summary: Search for users`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: q`
			`// in: query`
			`// description: keyword`
			`// type: string`
Add support for search by uid (#4876 ) 2018-10-18 09:44:51 +01:00			`// - name: uid`
			`// in: query`
			`// description: ID of the user to search for`
			`// type: integer`
Fix Swagger JSON autogeneration issues. (#4845 ) 2018-10-21 04:40:42 +01:00			`// format: int64`
API add/generalize pagination (#9452 ) 2020-01-24 19:00:29 +00:00			`// - name: page`
			`// in: query`
			`// description: page number of results to return (1-based)`
			`// type: integer`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// - name: limit`
			`// in: query`
Remove page size limit comment from swagger (#11806 ) 2020-06-09 06:57:38 +02:00			`// description: page size of results`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// type: integer`
			`// responses:`
			`// "200":`
Update Swagger API to match the return of /users/search (#4847 ) 2018-09-21 09:56:26 +01:00			`// description: "SearchResults of a successful search"`
			`// schema:`
			`// type: object`
			`// properties:`
			`// ok:`
			`// type: boolean`
			`// data:`
			`// type: array`
			`// items:`
			`// "$ref": "#/definitions/User"`
Swagger info corrections (#9441 ) 2019-12-20 18:07:12 +01:00
Add pagination headers on endpoints that support total count from database (#11145 ) 2020-06-21 10:22:06 +02:00			`listOptions := utils.GetListOptions(ctx)`

Enable system users search via the API (#28013 ) 2023-11-13 15:31:38 +01:00			`uid := ctx.FormInt64("uid")`
			`var users []*user_model.User`
			`var maxResults int64`
			`var err error`

			`switch uid {`
			`case user_model.GhostUserID:`
			`maxResults = 1`
			`users = []*user_model.User{user_model.NewGhostUser()}`
			`case user_model.ActionsUserID:`
			`maxResults = 1`
			`users = []*user_model.User{user_model.NewActionsUser()}`
			`default:`
fix: Unify public-only token filtering in API queries and repo access checks (#37118 ) (#37773 ) 2026-05-19 08:38:51 -07:00			`opts := user_model.SearchUserOptions{`
Add support for searching users by email (#30908 ) 2024-10-05 02:45:06 +09:00			`Actor: ctx.Doer,`
			`Keyword: ctx.FormTrim("q"),`
			`UID: uid,`
Support actions and reusable workflows from private repos (#32562 ) 2025-10-25 11:37:33 -06:00			`Types: []user_model.UserType{user_model.UserTypeIndividual},`
Add support for searching users by email (#30908 ) 2024-10-05 02:45:06 +09:00			`SearchByEmail: true,`
			`ListOptions: listOptions,`
fix: Unify public-only token filtering in API queries and repo access checks (#37118 ) (#37773 ) 2026-05-19 08:38:51 -07:00			`}`
			`opts.ApplyPublicOnly(ctx.PublicOnly)`
			`users, maxResults, err = user_model.SearchUsers(ctx, opts)`
Enable system users search via the API (#28013 ) 2023-11-13 15:31:38 +01:00			`if err != nil {`
			`ctx.JSON(http.StatusInternalServerError, map[string]any{`
			`"ok": false,`
			`"error": err.Error(),`
			`})`
			`return`
			`}`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00			`}`

Fix CodeQL code scanning alerts (#36858 ) 2026-03-08 15:35:50 +01:00			`ctx.SetLinkHeader(maxResults, listOptions.PageSize)`
[API] generalize list header (#16551 ) 2021-08-12 14:43:08 +02:00			`ctx.SetTotalCountHeader(maxResults)`
Add pagination headers on endpoints that support total count from database (#11145 ) 2020-06-21 10:22:06 +02:00
Replace `interface{}` with `any` (#25686 ) 2023-07-04 20:36:08 +02:00			`ctx.JSON(http.StatusOK, map[string]any{`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00			`"ok": true,`
Add context cache as a request level cache (#22294 ) 2023-02-15 21:37:34 +08:00			`"data": convert.ToUsers(ctx, ctx.Doer, users),`
Add /api/v1/users/search 2014-04-30 23:48:01 -04:00			`})`
			`}`
more APIs on #12 2014-11-18 11:07:16 -05:00
golint fixed for routers (#208 ) 2016-11-24 15:04:31 +08:00			`// GetInfo get user's information`
Convert all API handers to use *context.APIContext 2016-03-13 18:49:16 -04:00			`func GetInfo(ctx *context.APIContext) {`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// swagger:operation GET /users/{username} user userGet`
			`// ---`
			`// summary: Get a user`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
Add a `login`/`login-name`/`username` disambiguation to affected endpoint parameters and response/request models (#34901 ) 2025-06-30 06:17:45 +02:00			`// description: username of the user whose data is to be listed`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// type: string`
			`// required: true`
			`// responses:`
			`// "200":`
			`// "$ref": "#/responses/User"`
			`// "404":`
			`// "$ref": "#/responses/notFound"`
Swagger info corrections (#9441 ) 2019-12-20 18:07:12 +01:00
Move almost all functions' parameter db.Engine to context.Context (#19748 ) 2022-05-20 22:08:52 +08:00			`if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {`
Add Visible modes function from Organisation to Users too (#16069 ) 2021-06-26 22:53:14 +03:00			`// fake ErrUserNotExist error message to not leak information about existence`
Refactor error system (#33610 ) 2025-02-17 14:13:17 +08:00			`ctx.APIErrorNotFound("GetUserByName", user_model.ErrUserNotExist{Name: ctx.PathParam("username")})`
Add Visible modes function from Organisation to Users too (#16069 ) 2021-06-26 22:53:14 +03:00			`return`
			`}`
Add context cache as a request level cache (#22294 ) 2023-02-15 21:37:34 +08:00			`ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.ContextUser, ctx.Doer))`
Fix #3391 2016-08-11 15:29:39 -07:00			`}`

Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// GetAuthenticatedUser get current user's information`
Fix #3391 2016-08-11 15:29:39 -07:00			`func GetAuthenticatedUser(ctx *context.APIContext) {`
Update swagger documentation (#2899 ) 2017-11-12 23:02:25 -08:00			`// swagger:operation GET /user user userGetCurrent`
			`// ---`
			`// summary: Get the authenticated user`
			`// produces:`
			`// - application/json`
			`// responses:`
			`// "200":`
			`// "$ref": "#/responses/User"`
Swagger info corrections (#9441 ) 2019-12-20 18:07:12 +01:00
Add context cache as a request level cache (#22294 ) 2023-02-15 21:37:34 +08:00			`ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.Doer, ctx.Doer))`
more APIs on #12 2014-11-18 11:07:16 -05:00			`}`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00
			`// GetUserHeatmapData is the handler to get a users heatmap`
			`func GetUserHeatmapData(ctx *context.APIContext) {`
			`// swagger:operation GET /users/{username}/heatmap user userGetHeatmapData`
			`// ---`
			`// summary: Get a user's heatmap`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
Add a `login`/`login-name`/`username` disambiguation to affected endpoint parameters and response/request models (#34901 ) 2025-06-30 06:17:45 +02:00			`// description: username of the user whose heatmap is to be obtained`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00			`// type: string`
			`// required: true`
			`// responses:`
			`// "200":`
			`// "$ref": "#/responses/UserHeatmapData"`
			`// "404":`
			`// "$ref": "#/responses/notFound"`

Another round of `db.DefaultContext` refactor (#27103 ) 2023-09-25 15:17:37 +02:00			`heatmap, err := activities_model.GetUserHeatmapDataByUser(ctx, ctx.ContextUser, ctx.Doer)`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00			`if err != nil {`
Refactor error system (#33626 ) 2025-02-18 04:41:03 +08:00			`ctx.APIErrorInternal(err)`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00			`return`
			`}`
Swagger info corrections (#9441 ) 2019-12-20 18:07:12 +01:00			`ctx.JSON(http.StatusOK, heatmap)`
User action heatmap (#5131 ) 2018-10-23 04:57:42 +02:00			`}`
Add activity feeds API (#23494 ) 2023-04-04 21:35:31 +08:00
			`func ListUserActivityFeeds(ctx *context.APIContext) {`
			`// swagger:operation GET /users/{username}/activities/feeds user userListActivityFeeds`
			`// ---`
			`// summary: List a user's activity feeds`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
Add a `login`/`login-name`/`username` disambiguation to affected endpoint parameters and response/request models (#34901 ) 2025-06-30 06:17:45 +02:00			`// description: username of the user whose activity feeds are to be listed`
Add activity feeds API (#23494 ) 2023-04-04 21:35:31 +08:00			`// type: string`
			`// required: true`
			`// - name: only-performed-by`
			`// in: query`
			`// description: if true, only show actions performed by the requested user`
			`// type: boolean`
			`// - name: date`
			`// in: query`
			`// description: the date of the activities to be found`
			`// type: string`
			`// format: date`
			`// - name: page`
			`// in: query`
			`// description: page number of results to return (1-based)`
			`// type: integer`
			`// - name: limit`
			`// in: query`
			`// description: page size of results`
			`// type: integer`
			`// responses:`
			`// "200":`
			`// "$ref": "#/responses/ActivityFeedsList"`
			`// "404":`
			`// "$ref": "#/responses/notFound"`

			`includePrivate := ctx.IsSigned && (ctx.Doer.IsAdmin \|\| ctx.Doer.ID == ctx.ContextUser.ID)`
			`listOptions := utils.GetListOptions(ctx)`

			`opts := activities_model.GetFeedsOptions{`
			`RequestedUser: ctx.ContextUser,`
			`Actor: ctx.Doer,`
			`IncludePrivate: includePrivate,`
			`OnlyPerformedBy: ctx.FormBool("only-performed-by"),`
			`Date: ctx.FormString("date"),`
			`ListOptions: listOptions,`
			`}`
fix: Unify public-only token filtering in API queries and repo access checks (#37118 ) (#37773 ) 2026-05-19 08:38:51 -07:00			`opts.ApplyPublicOnly(ctx.PublicOnly)`
Add activity feeds API (#23494 ) 2023-04-04 21:35:31 +08:00
Move GetFeeds to service layer (#32526 ) 2024-11-29 09:53:49 -08:00			`feeds, count, err := feed_service.GetFeeds(ctx, opts)`
Add activity feeds API (#23494 ) 2023-04-04 21:35:31 +08:00			`if err != nil {`
Refactor error system (#33626 ) 2025-02-18 04:41:03 +08:00			`ctx.APIErrorInternal(err)`
Add activity feeds API (#23494 ) 2023-04-04 21:35:31 +08:00			`return`
			`}`
			`ctx.SetTotalCountHeader(count)`

			`ctx.JSON(http.StatusOK, convert.ToActivities(ctx, feeds, ctx.Doer))`
			`}`