mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-15 20:09:18 -05:00
Database should use foreign keys #596
Closed
opened 2025-11-02 03:29:19 -06:00 by GiteaMirror
·
27 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#596
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @lesderid on GitHub (Mar 30, 2017).
Description
Gitea's database should use foreign keys. This is much cleaner and makes it easier to do maintenance on the database (e.g. removing spam) without forgetting to delete certain records or deleting too many records.
@andreynering commented on GitHub (Mar 30, 2017):
Foreign keys are important, and it was discussed before.
The problem is that a migration that adds foreign keys will break on installations that already have orphan DB registries.
Maybe we should try to create references but ignore any error.
@lunny commented on GitHub (Mar 31, 2017):
I don't like foreign key. It means your database data could be changed by your Go code and database events.
@travnick commented on GitHub (Mar 31, 2017):
I like foreign keys.
It ensures your data integrity. Also you will get an error if trying do to same stupid things (bugs).
http://dbadiaries.com/foreign-key-constraints
@strk commented on GitHub (Mar 31, 2017):
I agree about using foreign key, but before being able to do that
we'll need a way to ensure they can be added and a way to deal with
the case in which they cannot. So maybe an admin panel to find
orphaned/broken records and repair them ?
@sailfish009 commented on GitHub (Apr 1, 2017):
i don't like foreign key, data must be Immutable.
@tboerger commented on GitHub (Apr 1, 2017):
Foreign keys are important to enforce a sane database
@travnick commented on GitHub (Apr 1, 2017):
@sailfish009 No one enforces you to set foreign keys as CASCADE. There is also RESTRICT option.
@bkcsoft commented on GitHub (Apr 18, 2017):
While I like the idea of foreign keys for some things (comments on issues, repos on org/users), you'd still need to be careful with that relations you setup. If a user deletes their account, do you want their comments to go away as well? For any kind of corporate development, that would be considered a bug as potentially vital information might go lost if a user is deleted when an employee quits.
Aside from consistency, there's also performance gains to be had by having the RMDBS taking care of clean-up instead of having Go do that (Go really shouldn't be doing that...). But at the same time, SQLite and FK aren't really friends. While I don't suggest hampering performance for the sake of being friendly with SQLite, we must still consider these things.
Just my 2 cents.
@jgdye commented on GitHub (Aug 19, 2017):
I admit that I haven't reviewed the code, but why would you ever delete a user row from the database? Shouldn't you just set a flag to disallow login? If the concern is allowing the username to be recycled, wouldn't that cause the same issue with regard to comments, etc as FKs and deleting the user?
@lafriks commented on GitHub (Aug 19, 2017):
@jgdye but currently everywhere they are deleted so it is not possible to set on existing installs
@lesderid commented on GitHub (Aug 19, 2017):
@jgdye Removing spam is my main use case.
@jgdye commented on GitHub (Aug 19, 2017):
@lafricks Any FK solution is going to require large database adjustments on existing installs. I'm not a Go programmer, but I would suggest two stages to implementation. Start with adding the active flag and deactivating instead of removing rows, and when a FK solution that works is finished, have a maintenance option to unorphan comments by creating deactivated users. Perhaps also a config flag that tells Gitea whether to try to create the FKs or not.
@lesderid For the spam case I would think offering a choice of disabling and keeping comments or a cascading delete that removes all comments if a spammer would work well. If it's a spammer that has also made real contributions you don't want to lose, disabling instead of deleting would also prevent them coming registering again with the same name. FKs would help in the nuke the entire account case.
@jgdye commented on GitHub (Aug 19, 2017):
@lafriks apologies for the misspelling. Editing on my phone and couldn't see your username while typing.
@bkcsoft commented on GitHub (Aug 19, 2017):
FKs in SQLite is a no-op if not enabled so you could just setup the FKs and then continue to delete children as well, for Postgres etc the
Delete-op would essentially be a no-op, and for SQLite we ensure that we don't leave orphans around.As for already orphaned data, just have the migration delete orphans before running
Syncon that table.Also, as always I'd recommend doing this incrementally, 1 or 2 tables per PR. Less bugs, easier reviews, easier to revert if it breaks 🙂
@bkcsoft commented on GitHub (Aug 19, 2017):
PS. I'd start off with something like issues and issue-comments, if a repo is deleted all issues and related comments could and should be removed, since they would already be inaccessable anyhow 🙂
@lesderid commented on GitHub (Aug 19, 2017):
@jgdye In my experience, the spammer(s) I have encountered create an account to spam and they use it to create hundreds/thousands of spam orgs and repos, so nuking the account is exactly what would need to be done.
@tboerger commented on GitHub (Aug 20, 2017):
Spammer or whatever reason. Foreign keys are best practice to keep the database in a consistent state.
@thibaultmeyer commented on GitHub (Aug 20, 2017):
related to delete user operation, some solutions are possibles:
The second option seems good: do you want migrate user data ? yes / no . If "yes", what do you want migrate ? (multiple-choice) Comments / Issues / Repos. Migrate to which user ?
Usualy in corporate environment, an user is just disabled, and, many weeks (or months / years) later, account is deleted once and for all.
@lafriks commented on GitHub (Aug 20, 2017):
@0xbaadf00d depending on need there are multiple scenarios that need to be taken into account.
Setting to null is not an option as in some tables that could cause bugs so I think only options is creating migrations that will create empty (flaged as deleted) records
@thibaultmeyer commented on GitHub (Aug 20, 2017):
Sure, is not a trivial question. But take care about soft delete (entry is still in database but flag as "deleted"). In Europe, we have some rules about personnal data (user first/last name, email, ...) and an user can ask to be hard deleted from database.
Here the multi-language EU document (get effective in 2018/01/01) :
http://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679
In case of spammer, just delete account without enabling "migration options" and all data related to the account data will be hard deleted.
If spammer is the main problem, why not use am email domain blacklist to deny all domains like @facebook.com, @yopmail.com, ... ?
@stale[bot] commented on GitHub (Feb 13, 2019):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
@lesderid commented on GitHub (Feb 13, 2019):
Activity!
@stale[bot] commented on GitHub (Apr 14, 2019):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
@lesderid commented on GitHub (Apr 14, 2019):
More activity!
More seriously, are there any updates on this?
@zeripath commented on GitHub (Apr 15, 2019):
No one is working on this. You're more than welcome to try. I expect that this would not be trivial to switch on.
@stale[bot] commented on GitHub (Jun 14, 2019):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
@lesderid commented on GitHub (Jun 14, 2019):
Activity!
As people have said before, sweeping stuff under the rug is not a solution to issue triage.