Add package registry quota limits (#21584)

Related #20471

This PR adds global quota limits for the package registry. Settings for
individual users/orgs can be added in a seperate PR using the settings
table.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

modules/setting/packages.go

@@ -5,11 +5,15 @@
 package setting
 
 import (
+	"math"
 	"net/url"
 	"os"
 	"path/filepath"
 
 	"code.gitea.io/gitea/modules/log"
+
+	"github.com/dustin/go-humanize"
+	ini "gopkg.in/ini.v1"
 )
 
 // Package registry settings
@@ -19,8 +23,24 @@ var (
 		Enabled           bool
 		ChunkedUploadPath string
 		RegistryHost      string
+
+		LimitTotalOwnerCount int64
+		LimitTotalOwnerSize  int64
+		LimitSizeComposer    int64
+		LimitSizeConan       int64
+		LimitSizeContainer   int64
+		LimitSizeGeneric     int64
+		LimitSizeHelm        int64
+		LimitSizeMaven       int64
+		LimitSizeNpm         int64
+		LimitSizeNuGet       int64
+		LimitSizePub         int64
+		LimitSizePyPI        int64
+		LimitSizeRubyGems    int64
+		LimitSizeVagrant     int64
 	}{
-		Enabled: true,
+		Enabled:              true,
+		LimitTotalOwnerCount: -1,
 	}
 )
 
@@ -43,4 +63,32 @@ func newPackages() {
 	if err := os.MkdirAll(Packages.ChunkedUploadPath, os.ModePerm); err != nil {
 		log.Error("Unable to create chunked upload directory: %s (%v)", Packages.ChunkedUploadPath, err)
 	}
+
+	Packages.LimitTotalOwnerSize = mustBytes(sec, "LIMIT_TOTAL_OWNER_SIZE")
+	Packages.LimitSizeComposer = mustBytes(sec, "LIMIT_SIZE_COMPOSER")
+	Packages.LimitSizeConan = mustBytes(sec, "LIMIT_SIZE_CONAN")
+	Packages.LimitSizeContainer = mustBytes(sec, "LIMIT_SIZE_CONTAINER")
+	Packages.LimitSizeGeneric = mustBytes(sec, "LIMIT_SIZE_GENERIC")
+	Packages.LimitSizeHelm = mustBytes(sec, "LIMIT_SIZE_HELM")
+	Packages.LimitSizeMaven = mustBytes(sec, "LIMIT_SIZE_MAVEN")
+	Packages.LimitSizeNpm = mustBytes(sec, "LIMIT_SIZE_NPM")
+	Packages.LimitSizeNuGet = mustBytes(sec, "LIMIT_SIZE_NUGET")
+	Packages.LimitSizePub = mustBytes(sec, "LIMIT_SIZE_PUB")
+	Packages.LimitSizePyPI = mustBytes(sec, "LIMIT_SIZE_PYPI")
+	Packages.LimitSizeRubyGems = mustBytes(sec, "LIMIT_SIZE_RUBYGEMS")
+	Packages.LimitSizeVagrant = mustBytes(sec, "LIMIT_SIZE_VAGRANT")
+}
+
+func mustBytes(section *ini.Section, key string) int64 {
+	const noLimit = "-1"
+
+	value := section.Key(key).MustString(noLimit)
+	if value == noLimit {
+		return -1
+	}
+	bytes, err := humanize.ParseBytes(value)
+	if err != nil || bytes > math.MaxInt64 {
+		return -1
+	}
+	return int64(bytes)
 }

modules/setting/packages_test.go

@@ -0,0 +1,31 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package setting
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	ini "gopkg.in/ini.v1"
+)
+
+func TestMustBytes(t *testing.T) {
+	test := func(value string) int64 {
+		sec, _ := ini.Empty().NewSection("test")
+		sec.NewKey("VALUE", value)
+
+		return mustBytes(sec, "VALUE")
+	}
+
+	assert.EqualValues(t, -1, test(""))
+	assert.EqualValues(t, -1, test("-1"))
+	assert.EqualValues(t, 0, test("0"))
+	assert.EqualValues(t, 1, test("1"))
+	assert.EqualValues(t, 10000, test("10000"))
+	assert.EqualValues(t, 1000000, test("1 mb"))
+	assert.EqualValues(t, 1048576, test("1mib"))
+	assert.EqualValues(t, 1782579, test("1.7mib"))
+	assert.EqualValues(t, -1, test("1 yib")) // too large
+}