move UserSSHKeypair to models/user

models/user/ssh_keypair.go

@@ -1,7 +1,7 @@
 // Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package repo
+package user
 
 import (
 	"context"
@@ -11,7 +11,6 @@ import (
 	"strings"
 
 	"gitea.dev/models/db"
-	user_model "gitea.dev/models/user"
 	"gitea.dev/modules/secret"
 	"gitea.dev/modules/setting"
 	"gitea.dev/modules/util"
@@ -29,10 +28,10 @@ type UserSSHKeypair struct {
 
 // GetUserSSHKeypairByOwner gets the SSH keypair for the given owner
 func GetUserSSHKeypairByOwner(ctx context.Context, ownerID int64) (*UserSSHKeypair, error) {
-	settings, err := user_model.GetSettings(ctx, ownerID, []string{
-		user_model.UserSSHMirrorPrivPem,
-		user_model.UserSSHMirrorPubPem,
-		user_model.UserSSHMirrorFingerprint,
+	settings, err := GetSettings(ctx, ownerID, []string{
+		UserSSHMirrorPrivPem,
+		UserSSHMirrorPubPem,
+		UserSSHMirrorFingerprint,
 	})
 	if err != nil {
 		return nil, err
@@ -45,13 +44,13 @@ func GetUserSSHKeypairByOwner(ctx context.Context, ownerID int64) (*UserSSHKeypa
 		OwnerID: ownerID,
 	}
 
-	if privSetting, exists := settings[user_model.UserSSHMirrorPrivPem]; exists {
+	if privSetting, exists := settings[UserSSHMirrorPrivPem]; exists {
 		keypair.PrivateKeyEncrypted = privSetting.SettingValue
 	}
-	if pubSetting, exists := settings[user_model.UserSSHMirrorPubPem]; exists {
+	if pubSetting, exists := settings[UserSSHMirrorPubPem]; exists {
 		keypair.PublicKey = pubSetting.SettingValue
 	}
-	if fpSetting, exists := settings[user_model.UserSSHMirrorFingerprint]; exists {
+	if fpSetting, exists := settings[UserSSHMirrorFingerprint]; exists {
 		keypair.Fingerprint = fpSetting.SettingValue
 	}
 
@@ -84,13 +83,13 @@ func CreateUserSSHKeypair(ctx context.Context, ownerID int64) (*UserSSHKeypair,
 	}
 
 	err = db.WithTx(ctx, func(ctx context.Context) error {
-		if err := user_model.SetUserSetting(ctx, ownerID, user_model.UserSSHMirrorPrivPem, privateKeyEncrypted); err != nil {
+		if err := SetUserSetting(ctx, ownerID, UserSSHMirrorPrivPem, privateKeyEncrypted); err != nil {
 			return fmt.Errorf("failed to save private key: %w", err)
 		}
-		if err := user_model.SetUserSetting(ctx, ownerID, user_model.UserSSHMirrorPubPem, publicKeyStr); err != nil {
+		if err := SetUserSetting(ctx, ownerID, UserSSHMirrorPubPem, publicKeyStr); err != nil {
 			return fmt.Errorf("failed to save public key: %w", err)
 		}
-		if err := user_model.SetUserSetting(ctx, ownerID, user_model.UserSSHMirrorFingerprint, fingerprintStr); err != nil {
+		if err := SetUserSetting(ctx, ownerID, UserSSHMirrorFingerprint, fingerprintStr); err != nil {
 			return fmt.Errorf("failed to save fingerprint: %w", err)
 		}
 		return nil
@@ -120,7 +119,7 @@ func (k *UserSSHKeypair) GetDecryptedPrivateKey() (ed25519.PrivateKey, error) {
 
 // GetPublicKeyWithComment returns the public key with a descriptive comment (namespace-fingerprint@domain)
 func (k *UserSSHKeypair) GetPublicKeyWithComment(ctx context.Context) (string, error) {
-	owner, err := user_model.GetUserByID(ctx, k.OwnerID)
+	owner, err := GetUserByID(ctx, k.OwnerID)
 	if err != nil {
 		return k.PublicKey, nil
 	}
@@ -142,13 +141,13 @@ func (k *UserSSHKeypair) GetPublicKeyWithComment(ctx context.Context) (string, e
 // DeleteUserSSHKeypair deletes an SSH keypair
 func DeleteUserSSHKeypair(ctx context.Context, ownerID int64) error {
 	return db.WithTx(ctx, func(ctx context.Context) error {
-		if err := user_model.DeleteUserSetting(ctx, ownerID, user_model.UserSSHMirrorPrivPem); err != nil {
+		if err := DeleteUserSetting(ctx, ownerID, UserSSHMirrorPrivPem); err != nil {
 			return err
 		}
-		if err := user_model.DeleteUserSetting(ctx, ownerID, user_model.UserSSHMirrorPubPem); err != nil {
+		if err := DeleteUserSetting(ctx, ownerID, UserSSHMirrorPubPem); err != nil {
 			return err
 		}
-		return user_model.DeleteUserSetting(ctx, ownerID, user_model.UserSSHMirrorFingerprint)
+		return DeleteUserSetting(ctx, ownerID, UserSSHMirrorFingerprint)
 	})
 }
 

models/user/ssh_keypair_test.go

@@ -1,13 +1,13 @@
 // Copyright 2025 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package repo_test
+package user_test
 
 import (
 	"crypto/ed25519"
 	"testing"
 
-	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
 	"gitea.dev/models/unittest"
 	"gitea.dev/modules/setting"
 	"gitea.dev/modules/util"
@@ -21,7 +21,7 @@ func TestUserSSHKeypair(t *testing.T) {
 
 	t.Run("CreateUserSSHKeypair", func(t *testing.T) {
 		// Test creating a new SSH keypair for a user
-		keypair, err := repo_model.CreateUserSSHKeypair(t.Context(), 1)
+		keypair, err := user_model.CreateUserSSHKeypair(t.Context(), 1)
 		require.NoError(t, err)
 		assert.NotNil(t, keypair)
 		assert.Equal(t, int64(1), keypair.OwnerID)
@@ -33,7 +33,7 @@ func TestUserSSHKeypair(t *testing.T) {
 		assert.Contains(t, keypair.PublicKey, "ssh-ed25519")
 
 		// Test creating a keypair for an organization
-		orgKeypair, err := repo_model.CreateUserSSHKeypair(t.Context(), 2)
+		orgKeypair, err := user_model.CreateUserSSHKeypair(t.Context(), 2)
 		require.NoError(t, err)
 		assert.NotNil(t, orgKeypair)
 		assert.Equal(t, int64(2), orgKeypair.OwnerID)
@@ -45,18 +45,18 @@ func TestUserSSHKeypair(t *testing.T) {
 
 	t.Run("GetUserSSHKeypairByOwner", func(t *testing.T) {
 		// Create a keypair first
-		created, err := repo_model.CreateUserSSHKeypair(t.Context(), 3)
+		created, err := user_model.CreateUserSSHKeypair(t.Context(), 3)
 		require.NoError(t, err)
 
 		// Test retrieving the keypair
-		retrieved, err := repo_model.GetUserSSHKeypairByOwner(t.Context(), 3)
+		retrieved, err := user_model.GetUserSSHKeypairByOwner(t.Context(), 3)
 		require.NoError(t, err)
 		assert.Equal(t, created.OwnerID, retrieved.OwnerID)
 		assert.Equal(t, created.PublicKey, retrieved.PublicKey)
 		assert.Equal(t, created.Fingerprint, retrieved.Fingerprint)
 
 		// Test retrieving non-existent keypair
-		_, err = repo_model.GetUserSSHKeypairByOwner(t.Context(), 999)
+		_, err = user_model.GetUserSSHKeypairByOwner(t.Context(), 999)
 		assert.ErrorIs(t, err, util.ErrNotExist)
 	})
 
@@ -67,7 +67,7 @@ func TestUserSSHKeypair(t *testing.T) {
 		}
 
 		// Create a keypair
-		keypair, err := repo_model.CreateUserSSHKeypair(t.Context(), 4)
+		keypair, err := user_model.CreateUserSSHKeypair(t.Context(), 4)
 		require.NoError(t, err)
 
 		// Test decrypting the private key
@@ -83,29 +83,29 @@ func TestUserSSHKeypair(t *testing.T) {
 
 	t.Run("DeleteUserSSHKeypair", func(t *testing.T) {
 		// Create a keypair
-		_, err := repo_model.CreateUserSSHKeypair(t.Context(), 5)
+		_, err := user_model.CreateUserSSHKeypair(t.Context(), 5)
 		require.NoError(t, err)
 
 		// Verify it exists
-		_, err = repo_model.GetUserSSHKeypairByOwner(t.Context(), 5)
+		_, err = user_model.GetUserSSHKeypairByOwner(t.Context(), 5)
 		require.NoError(t, err)
 
 		// Delete it
-		err = repo_model.DeleteUserSSHKeypair(t.Context(), 5)
+		err = user_model.DeleteUserSSHKeypair(t.Context(), 5)
 		require.NoError(t, err)
 
 		// Verify it's gone
-		_, err = repo_model.GetUserSSHKeypairByOwner(t.Context(), 5)
+		_, err = user_model.GetUserSSHKeypairByOwner(t.Context(), 5)
 		assert.ErrorIs(t, err, util.ErrNotExist)
 	})
 
 	t.Run("RegenerateUserSSHKeypair", func(t *testing.T) {
 		// Create initial keypair
-		original, err := repo_model.CreateUserSSHKeypair(t.Context(), 6)
+		original, err := user_model.CreateUserSSHKeypair(t.Context(), 6)
 		require.NoError(t, err)
 
 		// Regenerate it
-		regenerated, err := repo_model.RegenerateUserSSHKeypair(t.Context(), 6)
+		regenerated, err := user_model.RegenerateUserSSHKeypair(t.Context(), 6)
 		require.NoError(t, err)
 
 		// Verify it's different
@@ -131,7 +131,7 @@ func TestUserSSHKeypairConcurrency(t *testing.T) {
 		// Start multiple goroutines creating keypairs for different owners
 		for i := range 10 {
 			go func(ownerID int64) {
-				_, err := repo_model.CreateUserSSHKeypair(ctx, ownerID+100)
+				_, err := user_model.CreateUserSSHKeypair(ctx, ownerID+100)
 				results <- err
 			}(int64(i))
 		}

modules/ssh/mirror.go

@@ -21,12 +21,12 @@ func IsSSHURL(remote string) bool {
 }
 
 // GetOrCreateSSHKeypairForUser gets or creates an SSH keypair for the given user
-func GetOrCreateSSHKeypairForUser(ctx context.Context, userID int64) (*repo_model.UserSSHKeypair, error) {
-	keypair, err := repo_model.GetUserSSHKeypairByOwner(ctx, userID)
+func GetOrCreateSSHKeypairForUser(ctx context.Context, userID int64) (*user_model.UserSSHKeypair, error) {
+	keypair, err := user_model.GetUserSSHKeypairByOwner(ctx, userID)
 	if err != nil {
 		if db.IsErrNotExist(err) {
 			log.Debug("Creating new SSH keypair for user %d", userID)
-			return repo_model.CreateUserSSHKeypair(ctx, userID)
+			return user_model.CreateUserSSHKeypair(ctx, userID)
 		}
 		return nil, fmt.Errorf("failed to get SSH keypair for user %d: %w", userID, err)
 	}
@@ -34,12 +34,12 @@ func GetOrCreateSSHKeypairForUser(ctx context.Context, userID int64) (*repo_mode
 }
 
 // GetOrCreateSSHKeypairForOrg gets or creates an SSH keypair for the given organization
-func GetOrCreateSSHKeypairForOrg(ctx context.Context, orgID int64) (*repo_model.UserSSHKeypair, error) {
-	keypair, err := repo_model.GetUserSSHKeypairByOwner(ctx, orgID)
+func GetOrCreateSSHKeypairForOrg(ctx context.Context, orgID int64) (*user_model.UserSSHKeypair, error) {
+	keypair, err := user_model.GetUserSSHKeypairByOwner(ctx, orgID)
 	if err != nil {
 		if db.IsErrNotExist(err) {
 			log.Debug("Creating new SSH keypair for organization %d", orgID)
-			return repo_model.CreateUserSSHKeypair(ctx, orgID)
+			return user_model.CreateUserSSHKeypair(ctx, orgID)
 		}
 		return nil, fmt.Errorf("failed to get SSH keypair for organization %d: %w", orgID, err)
 	}
@@ -49,7 +49,7 @@ func GetOrCreateSSHKeypairForOrg(ctx context.Context, orgID int64) (*repo_model.
 // GetSSHKeypairForRepository gets the appropriate SSH keypair for a repository
 // If the repository belongs to an organization, it uses the org's keypair,
 // otherwise it uses the user's keypair
-func GetSSHKeypairForRepository(ctx context.Context, repo *repo_model.Repository) (*repo_model.UserSSHKeypair, error) {
+func GetSSHKeypairForRepository(ctx context.Context, repo *repo_model.Repository) (*user_model.UserSSHKeypair, error) {
 	if repo.Owner == nil {
 		owner, err := user_model.GetUserByID(ctx, repo.OwnerID)
 		if err != nil {
@@ -66,7 +66,7 @@ func GetSSHKeypairForRepository(ctx context.Context, repo *repo_model.Repository
 
 // GetSSHKeypairForURL gets the appropriate SSH keypair for a given repository and URL
 // Returns nil if the URL is not an SSH URL
-func GetSSHKeypairForURL(ctx context.Context, repo *repo_model.Repository, url string) (*repo_model.UserSSHKeypair, error) {
+func GetSSHKeypairForURL(ctx context.Context, repo *repo_model.Repository, url string) (*user_model.UserSSHKeypair, error) {
 	if !IsSSHURL(url) {
 		return nil, nil //nolint:nilnil // non-SSH URLs don't need a keypair
 	}

routers/api/v1/org/mirror.go

@@ -7,7 +7,7 @@ import (
 	"net/http"
 
 	"gitea.dev/models/db"
-	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
 	ssh_module "gitea.dev/modules/ssh"
 	"gitea.dev/services/context"
 )
@@ -82,7 +82,7 @@ func RegenerateManagedSSHKey(ctx *context.APIContext) {
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 
-	keypair, err := repo_model.RegenerateUserSSHKeypair(ctx, ctx.Org.Organization.ID)
+	keypair, err := user_model.RegenerateUserSSHKeypair(ctx, ctx.Org.Organization.ID)
 	if err != nil {
 		ctx.APIErrorInternal(err)
 		return

routers/api/v1/user/mirror.go

@@ -7,7 +7,7 @@ import (
 	"net/http"
 
 	"gitea.dev/models/db"
-	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
 	ssh_module "gitea.dev/modules/ssh"
 	"gitea.dev/services/context"
 )
@@ -66,7 +66,7 @@ func RegenerateManagedSSHKey(ctx *context.APIContext) {
 	//         fingerprint:
 	//           type: string
 
-	keypair, err := repo_model.RegenerateUserSSHKeypair(ctx, ctx.Doer.ID)
+	keypair, err := user_model.RegenerateUserSSHKeypair(ctx, ctx.Doer.ID)
 	if err != nil {
 		ctx.APIErrorInternal(err)
 		return

routers/web/org/setting_ssh_keys.go

@@ -6,8 +6,8 @@ package org
 import (
 	"net/http"
 
-	repo_model "gitea.dev/models/repo"
 	ssh_module "gitea.dev/modules/ssh"
+	user_model "gitea.dev/models/user"
 	"gitea.dev/modules/templates"
 	shared_user "gitea.dev/routers/web/shared/user"
 	"gitea.dev/services/context"
@@ -36,7 +36,7 @@ func SSHKeys(ctx *context.Context) {
 
 	publicKeyWithComment, _ := keypair.GetPublicKeyWithComment(ctx)
 	ctx.Data["SSHKeypair"] = struct {
-		*repo_model.UserSSHKeypair
+		*user_model.UserSSHKeypair
 		PublicKeyWithComment string
 	}{keypair, publicKeyWithComment}
 
@@ -45,7 +45,7 @@ func SSHKeys(ctx *context.Context) {
 
 // RegenerateSSHKey regenerates the SSH keypair for organization mirror operations
 func RegenerateSSHKey(ctx *context.Context) {
-	_, err := repo_model.RegenerateUserSSHKeypair(ctx, ctx.Org.Organization.ID)
+	_, err := user_model.RegenerateUserSSHKeypair(ctx, ctx.Org.Organization.ID)
 	if err != nil {
 		ctx.ServerError("RegenerateSSHKeypairForOrg", err)
 		return

routers/web/user/setting/keys.go

@@ -10,7 +10,6 @@ import (
 
 	asymkey_model "gitea.dev/models/asymkey"
 	"gitea.dev/models/db"
-	repo_model "gitea.dev/models/repo"
 	user_model "gitea.dev/models/user"
 	"gitea.dev/modules/setting"
 	ssh_module "gitea.dev/modules/ssh"
@@ -351,7 +350,7 @@ func loadKeysData(ctx *context.Context) {
 		// Create a struct with the public key including comment
 		publicKeyWithComment, _ := mirrorKeypair.GetPublicKeyWithComment(ctx)
 		mirrorKeyData := struct {
-			*repo_model.UserSSHKeypair
+			*user_model.UserSSHKeypair
 			PublicKeyWithComment string
 		}{
 			UserSSHKeypair:       mirrorKeypair,
@@ -366,7 +365,7 @@ func loadKeysData(ctx *context.Context) {
 
 // RegenerateUserSSHKeypair regenerates the SSH keypair for repository mirroring
 func RegenerateUserSSHKeypair(ctx *context.Context) {
-	_, err := repo_model.RegenerateUserSSHKeypair(ctx, ctx.Doer.ID)
+	_, err := user_model.RegenerateUserSSHKeypair(ctx, ctx.Doer.ID)
 	if err != nil {
 		ctx.ServerError("RegenerateSSHKeypairForUser", err)
 		return