Instance-wide (global) info banner and maintenance mode (#36571)

The banner allows site operators to communicate important announcements (e.g., maintenance windows, policy updates, service notices) directly within the UI. The maintenance mode only allows admin to access the web UI. * Fix #2345 * Fix #9618 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-03-20 03:40:27 +00:00 · 2026-02-26 16:16:11 +01:00
parent d0f92cb0a1
commit 26d83c932a
34 changed files with 870 additions and 158 deletions
--- a/tests/integration/admin_config_test.go
+++ b/tests/integration/admin_config_test.go
@@ -7,10 +7,14 @@ import (
 	"net/http"
 	"testing"

+	"code.gitea.io/gitea/models/system"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/setting/config"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestAdminConfig(t *testing.T) {
@@ -20,4 +24,46 @@ func TestAdminConfig(t *testing.T) {
 	req := NewRequest(t, "GET", "/-/admin/config")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	assert.True(t, test.IsNormalPageCompleted(resp.Body.String()))
+
+	t.Run("OpenEditorWithApps", func(t *testing.T) {
+		cfg := setting.Config().Repository.OpenWithEditorApps
+		editorApps := cfg.Value(t.Context())
+		assert.Len(t, editorApps, 3)
+		assert.False(t, cfg.HasValue(t.Context()))
+
+		require.NoError(t, system.SetSettings(t.Context(), map[string]string{cfg.DynKey(): "[]"}))
+		config.GetDynGetter().InvalidateCache()
+
+		editorApps = cfg.Value(t.Context())
+		assert.Len(t, editorApps, 3)
+		assert.False(t, cfg.HasValue(t.Context()))
+
+		require.NoError(t, system.SetSettings(t.Context(), map[string]string{cfg.DynKey(): "[{}]"}))
+		config.GetDynGetter().InvalidateCache()
+
+		editorApps = cfg.Value(t.Context())
+		assert.Len(t, editorApps, 1)
+		assert.True(t, cfg.HasValue(t.Context()))
+	})
+
+	t.Run("InstanceWebBanner", func(t *testing.T) {
+		banner, rev1, has := setting.Config().Instance.WebBanner.ValueRevision(t.Context())
+		assert.False(t, has)
+		assert.Equal(t, setting.WebBannerType{}, banner)
+
+		req = NewRequestWithValues(t, "POST", "/-/admin/config", map[string]string{
+			"key":   "instance.web_banner",
+			"value": `{"DisplayEnabled":true,"ContentMessage":"test-msg","StartTimeUnix":123,"EndTimeUnix":456}`,
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+		banner, rev2, has := setting.Config().Instance.WebBanner.ValueRevision(t.Context())
+		assert.NotEqual(t, rev1, rev2)
+		assert.True(t, has)
+		assert.Equal(t, setting.WebBannerType{
+			DisplayEnabled: true,
+			ContentMessage: "test-msg",
+			StartTimeUnix:  123,
+			EndTimeUnix:    456,
+		}, banner)
+	})
 }
--- a/tests/integration/config_instance_test.go
+++ b/tests/integration/config_instance_test.go
@@ -0,0 +1,126 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+	"time"
+
+	system_model "code.gitea.io/gitea/models/system"
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/setting/config"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func mockSystemConfig[T any](t *testing.T, opt *config.Option[T], v T) func() {
+	jsonBuf, _ := json.Marshal(v)
+	old := opt.Value(t.Context())
+	require.NoError(t, system_model.SetSettings(t.Context(), map[string]string{opt.DynKey(): string(jsonBuf)}))
+	config.GetDynGetter().InvalidateCache()
+	return func() {
+		jsonBuf, _ := json.Marshal(old)
+		require.NoError(t, system_model.SetSettings(t.Context(), map[string]string{opt.DynKey(): string(jsonBuf)}))
+		config.GetDynGetter().InvalidateCache()
+	}
+}
+
+func TestInstance(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("WebBanner", func(t *testing.T) {
+		t.Run("Visibility", func(t *testing.T) {
+			defer mockSystemConfig(t, setting.Config().Instance.WebBanner, setting.WebBannerType{
+				DisplayEnabled: true,
+				ContentMessage: "Planned **upgrade** in progress.",
+			})()
+
+			t.Run("AnonymousUserSeesBanner", func(t *testing.T) {
+				resp := MakeRequest(t, NewRequest(t, "GET", "/"), http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Planned <strong>upgrade</strong> in progress.")
+			})
+
+			t.Run("NormalUserSeesBanner", func(t *testing.T) {
+				sess := loginUser(t, "user2")
+				resp := sess.MakeRequest(t, NewRequest(t, "GET", "/user/settings"), http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Planned <strong>upgrade</strong> in progress.")
+			})
+
+			t.Run("AdminSeesBannerWithoutEditHint", func(t *testing.T) {
+				sess := loginUser(t, "user1")
+				resp := sess.MakeRequest(t, NewRequest(t, "GET", "/-/admin"), http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Planned <strong>upgrade</strong> in progress.")
+				assert.NotContains(t, resp.Body.String(), "Edit this banner")
+			})
+
+			t.Run("APIRequestUnchanged", func(t *testing.T) {
+				MakeRequest(t, NewRequest(t, "GET", "/api/v1/version"), http.StatusOK)
+			})
+		})
+
+		t.Run("TimeWindow", func(t *testing.T) {
+			now := time.Now().Unix()
+			defer mockSystemConfig(t, setting.Config().Instance.WebBanner, setting.WebBannerType{
+				DisplayEnabled: true,
+				ContentMessage: "Future banner",
+				StartTimeUnix:  now + 3600,
+				EndTimeUnix:    now + 7200,
+			})()
+
+			resp := MakeRequest(t, NewRequest(t, "GET", "/"), http.StatusOK)
+			assert.NotContains(t, resp.Body.String(), "Future banner")
+
+			defer mockSystemConfig(t, setting.Config().Instance.WebBanner, setting.WebBannerType{
+				DisplayEnabled: true,
+				ContentMessage: "Expired banner",
+				StartTimeUnix:  now - 7200,
+				EndTimeUnix:    now - 3600,
+			})()
+
+			resp = MakeRequest(t, NewRequest(t, "GET", "/"), http.StatusOK)
+			assert.NotContains(t, resp.Body.String(), "Expired banner")
+		})
+	})
+
+	t.Run("MaintenanceMode", func(t *testing.T) {
+		defer mockSystemConfig(t, setting.Config().Instance.WebBanner, setting.WebBannerType{
+			DisplayEnabled: true,
+			ContentMessage: "MaintenanceModeBanner",
+		})()
+		defer mockSystemConfig(t, setting.Config().Instance.MaintenanceMode, setting.MaintenanceModeType{AdminWebAccessOnly: true})()
+
+		t.Run("AnonymousUser", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/")
+			req.Header.Add("Accept", "text/html")
+			resp := MakeRequest(t, req, http.StatusServiceUnavailable)
+			assert.Contains(t, resp.Body.String(), "MaintenanceModeBanner")
+			assert.Contains(t, resp.Body.String(), `href="/user/login"`) // it must contain the login link
+
+			MakeRequest(t, NewRequest(t, "GET", "/user/login"), http.StatusOK)
+			MakeRequest(t, NewRequest(t, "GET", "/-/admin"), http.StatusSeeOther)
+			MakeRequest(t, NewRequest(t, "GET", "/api/internal/dummy"), http.StatusForbidden)
+		})
+
+		t.Run("AdminLogin", func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{"user_name": "user1", "password": userPassword})
+			resp := MakeRequest(t, req, http.StatusSeeOther)
+			assert.Equal(t, "/-/admin", resp.Header().Get("Location"))
+
+			sess := loginUser(t, "user1")
+			req = NewRequest(t, "GET", "/")
+			req.Header.Add("Accept", "text/html")
+			resp = sess.MakeRequest(t, req, http.StatusServiceUnavailable)
+			assert.Contains(t, resp.Body.String(), "MaintenanceModeBanner")
+
+			resp = sess.MakeRequest(t, NewRequest(t, "GET", "/user/login"), http.StatusSeeOther)
+			assert.Equal(t, "/-/admin", resp.Header().Get("Location"))
+
+			sess.MakeRequest(t, NewRequest(t, "GET", "/-/admin"), http.StatusOK)
+		})
+	})
+}