Codeberg/Community
54
325
Fork
You've already forked Community
12

Improve Codeberg Administration tools #442

Closed
opened 2021年05月08日 22:04:35 +02:00 by fnetX · 4 comments
Owner
Copy link

Codeberg is growing every day and we're proud more and more people are using our service every day to create awesome open source projects.

But with increasing absolute use, there is also an increase in abuse and while our current moderation workflow is still okayish, we will have to look into better toolchains soon.

One part is the spam and abuse reporting, also see #424 for that, which involves a dashboard built into Gitea. We should also take some steps further for easier administration - it can be discussed whether these changes should also go into Gitea or if we want to build a custom dashboard.

The current situation is that we have some admin scripts that interface with the Gitea API and allow us to do certain tasks. These are a bit hacky but work - but they are not really convenient for doing simple tasks like removing a single repo ...

My idea was to create a standalone service that allows to do the jobs of our admin scripts with a nicer frontend. I thought not to have a fine-grained user management there, but rather a box in the frontend where you'd enter your Gitea API key and the script re-uses this in the backend for your requests. We might want to use this API key to derive the user and do further checking of certain actions later (like sending automated emails, fetching private repos and so on).

We could also see if we can integrate everything into Gitea, but I'm sure we'll face jobs that are not necessary for the majority of instances (like interfacing with specific scanners for missing licences or malicious pages repos etc). And our solution could be used by other people running Gitea easily if we mostly re-use the API. Different opinions?

I could imagine doing some work into this if someone joins, too. @momar are you interested in doing some front-end work? I think you have some experience in this? @n you provided some helper scripts earlier? Are you interested in building this, too?

Codeberg is growing every day and we're proud more and more people are using our service every day to create awesome open source projects. But with increasing absolute use, there is also an increase in **ab**use and while our current moderation workflow is still okayish, we will have to look into better toolchains soon. One part is the spam and abuse reporting, also see #424 for that, which involves a dashboard built into Gitea. We should also take some steps further for easier administration - it can be discussed whether these changes should also go into Gitea or if we want to build a custom dashboard. **The current situation** is that we have some admin scripts that interface with the Gitea API and allow us to do certain tasks. These are a bit hacky but work - but they are not really convenient for doing simple tasks like removing a single repo ... **My idea** was to create a standalone service that allows to do the jobs of our admin scripts with a nicer frontend. I thought not to have a fine-grained user management there, but rather a box in the frontend where you'd enter your Gitea API key and the script re-uses this in the backend for your requests. We might want to use this API key to derive the user and do further checking of certain actions later (like sending automated emails, fetching private repos and so on). We could also see if we can integrate everything into Gitea, but I'm sure we'll face jobs that are not necessary for the majority of instances (like interfacing with specific scanners for missing licences or malicious pages repos etc). And our solution could be used by other people running Gitea easily if we mostly re-use the API. Different opinions? I could imagine doing some work into this if someone joins, too. @momar are you interested in doing some front-end work? I think you have some experience in this? @n you provided some helper scripts earlier? Are you interested in building this, too?
fnetX added this to the (deleted) milestone 2021年05月08日 22:08:21 +02:00

for backend things you can @ping me too - but I'm realy not good at frontend ...

for backend things you can @ping me too - but I'm realy not good at frontend ...

I don't have a lot of time at the moment but I'd still like to contribute when I can.

I don't have a lot of time at the moment but I'd still like to contribute when I can.
Author
Owner
Copy link

Okay, thank you both.

I'll just share a first braindump of what's necessary or nice-to-have

  • internal search of repos
    • with checkboxes to easily add them for some action
    • maybe with filtering (like list all big repos, list only private repos etc)
  • expand a list of repos to also include all it's forks
  • maybe a search to find similar repos (like similar files or a shared git history for unreal forks)
  • quarantine a list of repos (basically: lock, rename and move to another org)
  • send a mail to users after quarantine
  • select repos to issue a warning mail (e. g. enourmous resource usage in private repos, no licence etc)
  • list quarantined repos, select them to
    • delete them
    • move them back to the original owner
  • allow to mark users for removal for multiple reasons, e.g. spam / scam accounts
    • ideally hide them
    • send explanation mail to user, maybe give them a configurable grace-time to appeal
    • auto-remove uers after
  • dashboard of user reports, either from Gitea or the software might also add this on it's own? Not sure ... (we could easily change the templates to have a report link on every page that reports something with this tool, but a Gitea-native feature would be much better)
  • ideally replace content with a descriptive message? (e. g. for the current quarantined pages, I would have liked to serve a warning alike "This page was part of a malware campaign and has been locked by Codeberg" to warn people that eventually clicked a bad link somewhere not to do this again ...)
  • maybe some transparent dashboard which actions have been taken and why (visible to Codeberg users or members)
  • internally save a history of actions for review
  • list users and which action has already been taken
  • select and disable user accounts (maybe from the previous user/action list)
Okay, thank you both. I'll just share a first braindump of what's necessary or nice-to-have - internal search of repos - with checkboxes to easily add them for some action - maybe with filtering (like list all big repos, list only private repos etc) - expand a list of repos to also include all it's forks - maybe a search to find similar repos (like similar files or a shared git history for unreal forks) - quarantine a list of repos (basically: lock, rename and move to another org) - send a mail to users after quarantine - select repos to issue a warning mail (e. g. enourmous resource usage in private repos, no licence etc) - list quarantined repos, select them to - delete them - move them back to the original owner - allow to mark users for removal for multiple reasons, e.g. spam / scam accounts - ideally hide them - send explanation mail to user, maybe give them a configurable grace-time to appeal - auto-remove uers after - dashboard of user reports, either from Gitea or the software might also add this on it's own? Not sure ... (we could easily change the templates to have a report link on every page that reports something with this tool, but a Gitea-native feature would be much better) - ideally replace content with a descriptive message? (e. g. for the current quarantined pages, I would have liked to serve a warning alike "This page was part of a malware campaign and has been locked by Codeberg" to warn people that eventually clicked a bad link somewhere not to do this again ...) - maybe some transparent dashboard which actions have been taken and why (visible to Codeberg users or members) - internally save a history of actions for review - list users and which action has already been taken - select and disable user accounts (maybe from the previous user/action list)
Author
Owner
Copy link

Ongoing, but WIP. Help still appreciated :)

https://codeberg.org/Codeberg/moderation

Ongoing, but WIP. Help still appreciated :) https://codeberg.org/Codeberg/moderation
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#442
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?