Add private contribution setting

Status	File	+	-
M	`docs/internal/profile.md`	10	4
M	`internal/actions/sqlc/models.go`	24	23
M	`internal/admin/sqlc/models.go`	24	23
M	`internal/auth/policy/sqlc/models.go`	24	23
M	`internal/checks/sqlc/models.go`	24	23
M	`internal/issues/sqlc/models.go`	24	23
M	`internal/meta/sqlc/models.go`	24	23
A	`internal/migrationsfs/migrations/0055_user_private_contributions.sql`	15	0
M	`internal/notif/sqlc/models.go`	24	23
M	`internal/orgs/sqlc/models.go`	24	23
M	`internal/pulls/sqlc/models.go`	24	23
M	`internal/ratelimit/sqlc/models.go`	24	23
M	`internal/repos/sqlc/models.go`	24	23
M	`internal/social/sqlc/models.go`	24	23
M	`internal/users/queries/users.sql`	3	0
M	`internal/users/sqlc/models.go`	24	23
M	`internal/users/sqlc/querier.go`	1	0
M	`internal/users/sqlc/users.sql.go`	24	5
A	`internal/web/handlers/profile/contribution_settings.go`	79	0
M	`internal/web/handlers/profile/overview.go`	37	28
M	`internal/web/handlers/profile/profile.go`	25	22
M	`internal/web/handlers/profile/profile_test.go`	93	1
M	`internal/web/render/octicons.go`	2	0
M	`internal/web/static/css/shithub.css`	43	10
M	`internal/web/templates/profile/view.html`	23	6
M	`internal/webhook/sqlc/models.go`	24	23
M	`internal/worker/sqlc/models.go`	24	23

docs/internal/profile.mdmodified

  | Route | Source | Notes |
  |---|---|---|
  | `GET /{username}` | profile.serveProfile | Public profile. citext lookup; canonical-case 301; reserved short-circuit. |
 +| `POST /{username}/contribution-settings` | profile.contributionSettingsUpdate | Auth required. Profile owner toggles private contribution counts. |
  | `POST /{username}/pins` | profile.pinsUpdate | Auth required. Profile owner saves up to six public owned repositories. |
  | `GET /avatars/{username}` | profile.serveAvatar | Streams uploaded avatar OR falls back to deterministic SVG identicon. |
  ## Contribution calendar
 -The overview contribution calendar is computed from local Git history for repositories visible to the viewer:
 +The overview contribution calendar is computed from local Git history:
  - The window is the last 365 days, rendered as a 53-week GitHub-style grid.
 -- Only visible repositories are scanned, capped at 80 repos and 2,000 commits per repo for request-time safety.
 +- Public repositories are scanned when visible to the viewer, capped at 500 repos and 5,000 commits per repo for request-time safety.
  - When the user has verified email addresses, commits are counted only if the author email matches one of them.
 -- If no verified email exists, shithub falls back to visible user-owned repository commits as a best-effort local signal.
 -- Private repository contributions appear only when the viewer can already see those repositories.
 +- On affiliated repositories (user-owned repos and repos owned by organizations the user belongs to), shithub also accepts username, display-name, and GitHub noreply-address matches as a best-effort imported-history signal.
 +- Arbitrary public repositories outside the user's affiliation remain verified-email-only to avoid spoofed username/display-name commits.
 +- Private repositories are excluded by default. When the profile owner enables "Private contributions", private user-owned and member-org repositories contribute to the aggregate graph counts, but repository names and commit metadata are not exposed.
  ## Self-view enrichment
  - A "Customize pins" modal lists the user's public repositories with a
    live client-side filter and persists up to six selected repos through
    `profile_pin_sets` / `profile_pins` (migration 0040).
 +- The "Contribution settings" menu toggles the owner's
 +  `users.include_private_contributions` preference. The checked state
 +  mirrors the persisted setting, and the graph is recomputed after the
 +  POST redirect.
  - Cache-Control flips from `max-age=300` (anonymous) to `no-cache, private` so admin- or settings-driven changes appear immediately.
  Pinned repositories are intentionally public-only. Private repos are

internal/actions/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/admin/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/auth/policy/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/checks/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/issues/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/meta/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/migrationsfs/migrations/0055_user_private_contributions.sqladded

 +-- SPDX-License-Identifier: AGPL-3.0-or-later
 +--
 +-- Profile contribution privacy:
 +--
 +-- - include_private_contributions mirrors GitHub's profile setting for
 +--   displaying private contribution counts on the public contribution graph.
 +--   The graph never exposes private repository names or commit metadata.
++
 +-- +goose Up
 +ALTER TABLE users
 +    ADD COLUMN include_private_contributions boolean NOT NULL DEFAULT false;
++
 +-- +goose Down
 +ALTER TABLE users
 +    DROP COLUMN IF EXISTS include_private_contributions;

internal/notif/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/orgs/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/pulls/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/ratelimit/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/repos/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/social/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/users/queries/users.sqlmodified

  -- name: UpdateUserTheme :exec
  UPDATE users SET theme = $2 WHERE id = $1;
 +-- name: UpdateUserPrivateContributions :exec
 +UPDATE users SET include_private_contributions = $2 WHERE id = $1;
++
  -- name: BumpUserSessionEpoch :exec
  UPDATE users SET session_epoch = session_epoch + 1 WHERE id = $1;

internal/users/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/users/sqlc/querier.gomodified

  	UnsuspendUser(ctx context.Context, db DBTX, id int64) error
  	UpdateUserAvatarKey(ctx context.Context, db DBTX, arg UpdateUserAvatarKeyParams) error
  	UpdateUserPassword(ctx context.Context, db DBTX, arg UpdateUserPasswordParams) error
 +	UpdateUserPrivateContributions(ctx context.Context, db DBTX, arg UpdateUserPrivateContributionsParams) error
  	UpdateUserProfile(ctx context.Context, db DBTX, arg UpdateUserProfileParams) error
  	UpdateUserTheme(ctx context.Context, db DBTX, arg UpdateUserThemeParams) error
  	UpsertUserNotificationPref(ctx context.Context, db DBTX, arg UpsertUserNotificationPrefParams) error

internal/users/sqlc/users.sql.gomodified

  INSERT INTO users (username, display_name, password_hash)
  VALUES ($1, $2, $3)
 -RETURNING id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin
 +RETURNING id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin, include_private_contributions
+ `
  type CreateUserParams struct {
  		&i.Theme,
  		&i.SessionEpoch,
  		&i.IsSiteAdmin,
 +		&i.IncludePrivateContributions,
+ 	)
  	return i, err
+ }
  const getUserByID = `-- name: GetUserByID :one
 -SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin
 +SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin, include_private_contributions
  FROM users
  WHERE id = $1 AND deleted_at IS NULL
+ `
  		&i.Theme,
  		&i.SessionEpoch,
  		&i.IsSiteAdmin,
 +		&i.IncludePrivateContributions,
+ 	)
  	return i, err
+ }
  const getUserByUsername = `-- name: GetUserByUsername :one
 -SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin
 +SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin, include_private_contributions
  FROM users
  WHERE username = $1 AND deleted_at IS NULL
+ `
  		&i.Theme,
  		&i.SessionEpoch,
  		&i.IsSiteAdmin,
 +		&i.IncludePrivateContributions,
+ 	)
  	return i, err
+ }
  const getUserByUsernameIncludingDeleted = `-- name: GetUserByUsernameIncludingDeleted :one
 -SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin FROM users WHERE username = $1
 +SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin, include_private_contributions FROM users WHERE username = $1
+ `
  func (q *Queries) GetUserByUsernameIncludingDeleted(ctx context.Context, db DBTX, username string) (User, error) {
  		&i.Theme,
  		&i.SessionEpoch,
  		&i.IsSiteAdmin,
 +		&i.IncludePrivateContributions,
+ 	)
  	return i, err
+ }
  const getUserIncludingDeleted = `-- name: GetUserIncludingDeleted :one
 -SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin FROM users WHERE id = $1
 +SELECT id, username, display_name, primary_email_id, password_hash, password_algo, password_updated_at, email_verified, last_login_at, suspended_at, suspended_reason, deleted_at, created_at, updated_at, bio, location, website, company, pronouns, avatar_object_key, theme, session_epoch, is_site_admin, include_private_contributions FROM users WHERE id = $1
+ `
  // Like GetUserByID but returns the row even when deleted_at IS NOT NULL.
  		&i.Theme,
  		&i.SessionEpoch,
  		&i.IsSiteAdmin,
 +		&i.IncludePrivateContributions,
+ 	)
  	return i, err
+ }
  	return err
+ }
 +const updateUserPrivateContributions = `-- name: UpdateUserPrivateContributions :exec
 +UPDATE users SET include_private_contributions = $2 WHERE id = $1
 +`
++
 +type UpdateUserPrivateContributionsParams struct {
 +	ID                          int64
 +	IncludePrivateContributions bool
 +}
++
 +func (q *Queries) UpdateUserPrivateContributions(ctx context.Context, db DBTX, arg UpdateUserPrivateContributionsParams) error {
 +	_, err := db.Exec(ctx, updateUserPrivateContributions, arg.ID, arg.IncludePrivateContributions)
 +	return err
 +}
++
  const updateUserProfile = `-- name: UpdateUserProfile :exec
  UPDATE users
  SET display_name = $2,

internal/web/handlers/profile/contribution_settings.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package profile
++
 +import (
 +	"errors"
 +	"net/http"
 +	"net/url"
 +	"strings"
++
 +	"github.com/go-chi/chi/v5"
 +	"github.com/jackc/pgx/v5"
++
 +	authpkg "github.com/tenseleyFlow/shithub/internal/auth"
 +	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +func (h *Handlers) contributionSettingsUpdate(w http.ResponseWriter, r *http.Request) {
 +	ctx := r.Context()
 +	rawName := chi.URLParam(r, "username")
 +	lower := strings.ToLower(rawName)
 +	if authpkg.IsReserved(lower) {
 +		h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(ctx)
 +	if viewer.IsAnonymous() {
 +		h.d.Render.HTTPError(w, r, http.StatusUnauthorized, "")
 +		return
 +	}
 +	if err := r.ParseForm(); err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "")
 +		return
 +	}
++
 +	user, err := h.q.GetUserByUsername(ctx, h.d.Pool, rawName)
 +	if err != nil {
 +		if errors.Is(err, pgx.ErrNoRows) {
 +			h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)
 +			return
 +		}
 +		h.d.Logger.ErrorContext(ctx, "profile contributions: user lookup", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
 +	if user.SuspendedAt.Valid || user.DeletedAt.Valid {
 +		h.d.Render.HTTPError(w, r, http.StatusGone, "")
 +		return
 +	}
 +	if viewer.ID != user.ID {
 +		h.d.Render.HTTPError(w, r, http.StatusForbidden, "")
 +		return
 +	}
++
 +	includePrivate := r.PostFormValue("include_private_contributions") == "1"
 +	if err := h.q.UpdateUserPrivateContributions(ctx, h.d.Pool, usersdb.UpdateUserPrivateContributionsParams{
 +		ID:                          user.ID,
 +		IncludePrivateContributions: includePrivate,
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(ctx, "profile contributions: update settings", "user_id", user.ID, "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
 +	http.Redirect(w, r, profileContributionSettingsReturnPath(r.PostFormValue("return_to"), user.Username), http.StatusSeeOther)
 +}
++
 +func profileContributionSettingsReturnPath(raw, username string) string {
 +	fallback := "/" + url.PathEscape(username)
 +	u, err := url.Parse(raw)
 +	if err != nil || u.IsAbs() || u.Host != "" || u.Path != fallback {
 +		return fallback
 +	}
 +	u.Scheme = ""
 +	u.Host = ""
 +	u.User = nil
 +	u.Fragment = ""
 +	return u.RequestURI()
 +}

internal/web/handlers/profile/overview.gomodified

+ }
  type contributionCalendar struct {
 -	Total             int
 -	Period            string
 -	Weeks             []contributionWeek
 -	Years             []contributionYear
 -	CurrentYear       int
 -	SelectedYear      int
 -	MonthLabel        string
 -	MonthCommitCount  int
 -	MonthRepoCount    int
 -	HasRepositoryData bool
 +	Total                       int
 +	Period                      string
 +	Weeks                       []contributionWeek
 +	Years                       []contributionYear
 +	CurrentYear                 int
 +	SelectedYear                int
 +	MonthLabel                  string
 +	MonthCommitCount            int
 +	MonthRepoCount              int
 +	HasRepositoryData           bool
 +	IncludePrivateContributions bool
+ }
  type contributionYear struct {
  	gridStart := windowStart.AddDate(0, 0, -int(windowStart.Weekday()))
  	windowEnd := windowEndDay.Add(24 * time.Hour)
  	activityMonth := time.Date(windowEndDay.Year(), windowEndDay.Month(), 1, 0, 0, 0, 0, time.UTC)
 -	repos := h.profileContributionRepos(ctx, user, viewer)
 +	repos := h.profileContributionRepos(ctx, user, viewer, user.IncludePrivateContributions)
  	counts := map[string]int{}
  	reposWithMonthActivity := map[int64]struct{}{}
  		weeks = append(weeks, week)
+ 	}
  	return contributionCalendar{
 -		Total:             total,
 -		Period:            period,
 -		Weeks:             weeks,
 -		Years:             contributionYears(user.Username, currentYear, selectedYear),
 -		CurrentYear:       currentYear,
 -		SelectedYear:      selectedYear,
 -		MonthLabel:        activityMonth.Format("January 2006"),
 -		MonthCommitCount:  monthCommitCount,
 -		MonthRepoCount:    len(reposWithMonthActivity),
 -		HasRepositoryData: h.d.RepoFS != nil && len(repos) > 0,
 +		Total:                       total,
 +		Period:                      period,
 +		Weeks:                       weeks,
 +		Years:                       contributionYears(user.Username, currentYear, selectedYear),
 +		CurrentYear:                 currentYear,
 +		SelectedYear:                selectedYear,
 +		MonthLabel:                  activityMonth.Format("January 2006"),
 +		MonthCommitCount:            monthCommitCount,
 +		MonthRepoCount:              len(reposWithMonthActivity),
 +		HasRepositoryData:           h.d.RepoFS != nil && len(repos) > 0,
 +		IncludePrivateContributions: user.IncludePrivateContributions,
+ 	}
+ }
 -func (h *Handlers) profileContributionRepos(ctx context.Context, user usersdb.User, viewer middleware.CurrentUser) []profileContributionRepo {
 +func (h *Handlers) profileContributionRepos(ctx context.Context, user usersdb.User, viewer middleware.CurrentUser, includePrivate bool) []profileContributionRepo {
  	actor := policy.AnonymousActor()
  	if !viewer.IsAnonymous() {
  		actor = viewer.PolicyActor()
  	queries := reposdb.New()
  	seen := map[int64]struct{}{}
  	out := make([]profileContributionRepo, 0, 64)
 -	add := func(ownerSlug string, repo reposdb.Repo, allowIdentityFallback bool) {
 +	add := func(ownerSlug string, repo reposdb.Repo, allowIdentityFallback, affiliated bool) {
  		if ownerSlug == "" {
  			return
+ 		}
  		if _, ok := seen[repo.ID]; ok {
  			return
+ 		}
 -		if !policy.IsVisibleTo(ctx, deps, actor, policy.NewRepoRefFromRepo(repo)) {
 -			return
 +		repoRef := policy.NewRepoRefFromRepo(repo)
 +		if repoRef.IsPrivate() {
 +			if !includePrivate || !affiliated {
 +				return
 +			}
 +		} else {
 +			if !policy.IsVisibleTo(ctx, deps, actor, repoRef) {
 +				return
 +			}
+ 		}
  		seen[repo.ID] = struct{}{}
  		out = append(out, profileContributionRepo{
  		h.d.Logger.WarnContext(ctx, "profile overview: contribution user repos", "user_id", user.ID, "error", err)
  	} else {
  		for _, repo := range userRepos {
 -			add(user.Username, repo, true)
 +			add(user.Username, repo, true, true)
+ 		}
+ 	}
  				continue
+ 			}
  			for _, repo := range orgRepos {
 -				add(org.Slug, repo, true)
 +				add(org.Slug, repo, true, true)
+ 			}
+ 		}
+ 	}
  		return out
+ 	}
  	for _, row := range publicRepos {
 -		add(row.OwnerSlug, row.Repo, false)
 +		add(row.OwnerSlug, row.Repo, false, false)
+ 	}
  	return out
+ }

internal/web/handlers/profile/profile.gomodified

  func (h *Handlers) MountProfile(r chi.Router) {
  	r.Group(func(r chi.Router) {
  		r.Use(middleware.RequireUser)
 +		r.Post("/{username}/contribution-settings", h.contributionSettingsUpdate)
  		r.Post("/{username}/pins", h.pinsUpdate)
  	})
  	r.Get("/{username}", h.serveProfile)
  		displayName = user.Username
+ 	}
  	data := map[string]any{
 -		"Title":            displayName,
 -		"User":             user,
 -		"DisplayName":      displayName,
 -		"IsSelf":           isSelf,
 -		"AvatarURL":        avatarURL,
 -		"OGTitle":          displayName + " (@" + user.Username + ")",
 -		"OGDescription":    ogDescription(user),
 -		"OGImage":          avatarURL,
 -		"JoinedFormatted":  user.CreatedAt.Time.Format("January 2, 2006"),
 -		"WebsiteSafe":      safeWebsite(user.Website),
 -		"Tabs":             tabs,
 -		"ActiveTab":        "overview",
 -		"VisibleRepoCount": len(visibleRepos),
 -		"Orgs":             h.profileOrganizations(r.Context(), user.ID),
 -		"ProfileReadme":    readme,
 -		"HasProfileReadme": hasReadme,
 -		"Contributions":    h.contributionCalendar(r.Context(), user, viewer, r.URL.Query()),
 -		"PinnedRepos":      pinnedRepos,
 -		"PinCandidates":    pinCandidates,
 -		"PinsRemaining":    profilePinsRemaining(pinCandidates),
 -		"CanCustomizePins": isSelf,
 -		"PinsAction":       "/" + url.PathEscape(user.Username) + "/pins",
 +		"Title":                      displayName,
 +		"User":                       user,
 +		"DisplayName":                displayName,
 +		"IsSelf":                     isSelf,
 +		"AvatarURL":                  avatarURL,
 +		"OGTitle":                    displayName + " (@" + user.Username + ")",
 +		"OGDescription":              ogDescription(user),
 +		"OGImage":                    avatarURL,
 +		"JoinedFormatted":            user.CreatedAt.Time.Format("January 2, 2006"),
 +		"WebsiteSafe":                safeWebsite(user.Website),
 +		"Tabs":                       tabs,
 +		"ActiveTab":                  "overview",
 +		"VisibleRepoCount":           len(visibleRepos),
 +		"Orgs":                       h.profileOrganizations(r.Context(), user.ID),
 +		"ProfileReadme":              readme,
 +		"HasProfileReadme":           hasReadme,
 +		"Contributions":              h.contributionCalendar(r.Context(), user, viewer, r.URL.Query()),
 +		"PinnedRepos":                pinnedRepos,
 +		"PinCandidates":              pinCandidates,
 +		"PinsRemaining":              profilePinsRemaining(pinCandidates),
 +		"CanCustomizePins":           isSelf,
 +		"PinsAction":                 "/" + url.PathEscape(user.Username) + "/pins",
 +		"ContributionSettingsAction": "/" + url.PathEscape(user.Username) + "/contribution-settings",
 +		"ContributionSettingsReturn": r.URL.RequestURI(),
+ 	}
  	w.Header().Set("Content-Type", "text/html; charset=utf-8")
  	if err := h.d.Render.RenderPage(w, r, "profile/view", data); err != nil {

internal/web/handlers/profile/profile_test.gomodified

  	tmplFS := fstest.MapFS{
  		"_layout.html":           {Data: []byte(`{{ define "layout" }}<html><head><title>{{ .Title }}</title></head><body>{{ template "page" . }}</body></html>{{ end }}`)},
  		"hello.html":             {Data: []byte(`{{ define "page" }}home{{ end }}`)},
 -		"profile/view.html":      {Data: []byte(`{{ define "page" }}USER={{.User.Username}} DISPLAY={{.User.DisplayName}}{{ if .IsSelf }} SELF=1{{ end }} BIO={{.User.Bio}} VISIBLE={{.VisibleRepoCount}} ORGS={{len .Orgs}} README={{.HasProfileReadme}} CONTRIB={{.Contributions.Total}} PERIOD={{.Contributions.Period}} WEEKS={{len .Contributions.Weeks}} YEARS={{len .Contributions.Years}} YEARLINKS={{range .Contributions.Years}}{{.Year}}:{{.Active}}:{{.Href}};{{end}} PINS={{len .PinnedRepos}} PINNAMES={{range .PinnedRepos}}{{.Name}};{{end}} CANDIDATES={{len .PinCandidates}} SELECTED={{range .PinCandidates}}{{if .IsPinned}}{{.Name}};{{end}}{{end}}{{ if .CanCustomizePins }} CUSTOMIZE=1{{ end }}{{ end }}`)},
 +		"profile/view.html":      {Data: []byte(`{{ define "page" }}USER={{.User.Username}} DISPLAY={{.User.DisplayName}}{{ if .IsSelf }} SELF=1{{ end }} BIO={{.User.Bio}} VISIBLE={{.VisibleRepoCount}} ORGS={{len .Orgs}} README={{.HasProfileReadme}} CONTRIB={{.Contributions.Total}} PERIOD={{.Contributions.Period}} PRIVATE={{.Contributions.IncludePrivateContributions}} WEEKS={{len .Contributions.Weeks}} YEARS={{len .Contributions.Years}} YEARLINKS={{range .Contributions.Years}}{{.Year}}:{{.Active}}:{{.Href}};{{end}} PINS={{len .PinnedRepos}} PINNAMES={{range .PinnedRepos}}{{.Name}};{{end}} CANDIDATES={{len .PinCandidates}} SELECTED={{range .PinCandidates}}{{if .IsPinned}}{{.Name}};{{end}}{{end}}{{ if .CanCustomizePins }} CUSTOMIZE=1 ACTION={{.ContributionSettingsAction}} RETURN={{.ContributionSettingsReturn}}{{ end }}{{ end }}`)},
  		"profile/suspended.html": {Data: []byte(`{{ define "page" }}SUSPENDED={{.Username}}{{ end }}`)},
  		"orgs/profile.html":      {Data: []byte(`{{ define "page" }}ORG={{.Org.Slug}} REPOS={{len .Repos}} PINS={{len .PinnedRepos}} PINNAMES={{range .PinnedRepos}}{{.Name}};{{end}} CANDIDATES={{len .PinCandidates}} SELECTED={{range .PinCandidates}}{{if .IsPinned}}{{.Name}};{{end}}{{end}} MEMBERS={{.MemberCount}} PEOPLE={{len .People}} NAMES={{range .Repos}}{{.Name}};{{end}} LANGS={{range .TopLanguages}}{{.Name}}={{.Count}};{{end}} TOPICS={{range .TopTopics}}{{.Name}}={{.Count}};{{end}} VIEWAS={{.ViewAs}}{{ if .CanCustomizePins }} CUSTOMIZE=1{{ end }}{{ end }}`)},
  		"orgs/repositories.html": {Data: []byte(`{{ define "page" }}ORGREPOS={{.Org.Slug}} ACTIVE={{.ActiveOrgNav}} TOTAL={{.RepoCount}} FILTERED={{.FilteredCount}} PAGE={{.Page}}/{{.PageCount}} TYPE={{.SelectedType}} LANG={{.SelectedLanguage}} SORT={{.SelectedSort}} PREV={{.PrevHref}} NEXT={{.NextHref}} NAMES={{range .Repos}}{{.Name}};{{end}}{{range .PaginationPages}} P{{.Number}}={{.Current}}{{end}}{{ end }}`)},
  	return resp
+ }
 +func (e *profileEnv) postContributionSettings(t *testing.T, path string, user usersdb.User, includePrivate bool, returnTo string) *http.Response {
 +	t.Helper()
 +	include := "0"
 +	if includePrivate {
 +		include = "1"
 +	}
 +	form := url.Values{
 +		"include_private_contributions": {include},
 +		"return_to":                     {returnTo},
 +	}
 +	req, err := http.NewRequest(http.MethodPost, e.srv.URL+path, strings.NewReader(form.Encode()))
 +	if err != nil {
 +		t.Fatalf("request: %v", err)
 +	}
 +	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 +	req.Header.Set("X-Test-User-ID", strconv.FormatInt(user.ID, 10))
 +	req.Header.Set("X-Test-Username", user.Username)
 +	resp, err := newNonRedirClient(t).Do(req)
 +	if err != nil {
 +		t.Fatalf("POST: %v", err)
 +	}
 +	t.Cleanup(func() { _ = resp.Body.Close() })
 +	return resp
 +}
++
  // =============================== tests ==================================
  func TestProfile_RendersForExistingUser(t *testing.T) {
+ 	}
+ }
 +func TestProfile_PrivateContributionsRequireOwnerOptIn(t *testing.T) {
 +	t.Parallel()
 +	env := setupProfileEnvWithRepoFS(t)
 +	alice := env.insertUser(t, "alice", "Alice Anderson", "")
 +	env.insertVerifiedEmail(t, alice.ID, "alice@example.com")
 +	env.insertUserRepo(t, alice.ID, "public-work", "visible work", "public", "Go", 0, 0)
 +	env.insertUserRepo(t, alice.ID, "private-work", "private work", "private", "Go", 0, 0)
++
 +	now := time.Now().UTC()
 +	env.writeInitialCommit(t, "alice", "public-work", "Alice Anderson", "alice@example.com", now.AddDate(0, 0, -2))
 +	env.writeInitialCommit(t, "alice", "private-work", "Alice Anderson", "alice@example.com", now.AddDate(0, 0, -1))
++
 +	body := env.getAs(t, "/alice", alice)
 +	for _, want := range []string{
 +		"CONTRIB=1",
 +		"PRIVATE=false",
 +		"CUSTOMIZE=1 ACTION=/alice/contribution-settings RETURN=/alice",
 +	} {
 +		if !strings.Contains(body, want) {
 +			t.Errorf("missing %q in body: %s", want, body)
 +		}
 +	}
 +	if strings.Contains(body, "private-work") {
 +		t.Fatalf("self profile leaked private repo name through contribution settings: %s", body)
 +	}
++
 +	currentYear := time.Now().UTC().Year()
 +	returnTo := fmt.Sprintf("/alice?year=%d", currentYear)
 +	resp := env.postContributionSettings(t, "/alice/contribution-settings", alice, true, returnTo)
 +	if resp.StatusCode != http.StatusSeeOther {
 +		t.Fatalf("status %d, want 303", resp.StatusCode)
 +	}
 +	if loc := resp.Header.Get("Location"); loc != returnTo {
 +		t.Fatalf("Location = %q, want %q", loc, returnTo)
 +	}
++
 +	body = env.getAs(t, "/alice", usersdb.User{})
 +	for _, want := range []string{
 +		"CONTRIB=2",
 +		"PRIVATE=true",
 +	} {
 +		if !strings.Contains(body, want) {
 +			t.Errorf("missing %q in body: %s", want, body)
 +		}
 +	}
 +	if strings.Contains(body, "private-work") {
 +		t.Fatalf("anonymous profile leaked private repo name after private contribution opt-in: %s", body)
 +	}
 +}
++
 +func TestProfile_ContributionSettingsRequireProfileOwner(t *testing.T) {
 +	t.Parallel()
 +	env := setupProfileEnv(t)
 +	alice := env.insertUser(t, "alice", "Alice", "")
 +	bob := env.insertUser(t, "bob", "Bob", "")
++
 +	resp := env.postContributionSettings(t, "/alice/contribution-settings", bob, true, "/alice")
 +	if resp.StatusCode != http.StatusForbidden {
 +		t.Fatalf("status %d, want 403", resp.StatusCode)
 +	}
++
 +	body := env.getAs(t, "/alice", alice)
 +	if !strings.Contains(body, "PRIVATE=false") {
 +		t.Fatalf("unexpected settings change by non-owner: %s", body)
 +	}
 +}
++
  func TestProfile_UnknownUser404(t *testing.T) {
  	t.Parallel()
  	env := setupProfileEnv(t)

internal/web/render/octicons.gomodified

  			`><path d="M1.75 1h8.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0 1 10.25 10H7.061l-2.574 2.573A1.458 1.458 0 0 1 2 11.543V10h-.25A1.75 1.75 0 0 1 0 8.25v-5.5C0 1.784.784 1 1.75 1ZM1.5 2.75v5.5c0 .138.112.25.25.25h1a.75.75 0 0 1 .75.75v2.19l2.72-2.72a.749.749 0 0 1 .53-.22h3.5a.25.25 0 0 0 .25-.25v-5.5a.25.25 0 0 0-.25-.25h-8.5a.25.25 0 0 0-.25.25Zm13 2a.25.25 0 0 0-.25-.25h-.5a.75.75 0 0 1 0-1.5h.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0 1 14.25 12H14v1.543a1.458 1.458 0 0 1-2.487 1.03L9.22 12.28a.75.75 0 0 1 1.06-1.06l2.22 2.22v-2.19a.75.75 0 0 1 .75-.75h1a.25.25 0 0 0 .25-.25Z"/></svg>`),
  		"checklist": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +
  			`><path d="M2.5 1.75v11.5c0 .138.112.25.25.25h3.17a.75.75 0 0 1 0 1.5H2.75A1.75 1.75 0 0 1 1 13.25V1.75C1 .784 1.784 0 2.75 0h8.5C12.216 0 13 .784 13 1.75v7.736a.75.75 0 0 1-1.5 0V1.75a.25.25 0 0 0-.25-.25h-8.5a.25.25 0 0 0-.25.25Zm13.274 9.537-4.557 4.45a.75.75 0 0 1-1.055-.008l-1.943-1.95a.75.75 0 0 1 1.062-1.058l1.419 1.425 4.026-3.932a.75.75 0 1 1 1.048 1.074ZM4.75 4h4.5a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1 0-1.5ZM4 7.75A.75.75 0 0 1 4.75 7h2a.75.75 0 0 1 0 1.5h-2A.75.75 0 0 1 4 7.75Z"/></svg>`),
 +		"check": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +
 +			`><path d="M13.78 4.22a.75.75 0 0 1 0 1.06l-7.25 7.25a.75.75 0 0 1-1.06 0L2.22 9.28a.751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018L6 10.94l6.72-6.72a.75.75 0 0 1 1.06 0Z"/></svg>`),
  		"check-circle": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +
  			`><path d="M8 1.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm11.03-1.78a.75.75 0 0 1 0 1.06l-3.25 3.25a.75.75 0 0 1-1.06 0L4.97 8.78a.75.75 0 0 1 1.06-1.06l1.22 1.22 2.72-2.72a.75.75 0 0 1 1.06 0Z"/></svg>`),
  		"check-circle-fill": trustedSVG(`<svg xmlns="http://www.w3.org/2000/svg" ` + cls +

internal/web/static/css/shithub.cssmodified

    right: 0;
    top: calc(100% + 0.45rem);
    width: min(360px, calc(100vw - 2rem));
 -  padding: 1rem;
 +  padding: 0.75rem 0;
    border: 1px solid var(--border-default);
    border-radius: 12px;
    background: var(--canvas-overlay, var(--canvas-default));
    color: var(--fg-default);
    box-shadow: 0 16px 32px rgba(1,4,9,0.45);
+ }
 -.shithub-profile-contrib-settings strong {
 +.shithub-contrib-settings-menu form {
 +  margin: 0;
 +}
 +.shithub-contrib-setting-item {
 +  display: grid;
 +  grid-template-columns: 24px minmax(0, 1fr);
 +  gap: 0.5rem;
 +  width: 100%;
 +  padding: 0.35rem 1rem;
 +  border: 0;
 +  background: transparent;
 +  color: var(--fg-default);
 +  font: inherit;
 +  text-align: left;
 +}
 +button.shithub-contrib-setting-item {
 +  cursor: pointer;
 +}
 +button.shithub-contrib-setting-item:hover {
 +  background: var(--canvas-subtle);
 +}
 +.shithub-contrib-setting-item.is-static {
 +  cursor: default;
 +}
 +.shithub-contrib-setting-check {
 +  display: flex;
 +  align-items: flex-start;
 +  justify-content: center;
 +  padding-top: 0.1rem;
 +  color: var(--fg-default);
 +}
 +.shithub-contrib-setting-check svg {
 +  width: 16px;
 +  height: 16px;
 +}
 +.shithub-contrib-setting-item strong {
    display: block;
 -  margin-bottom: 0.35rem;
 +  margin: 0 0 0.45rem;
 +  color: var(--fg-default);
+ }
 -.shithub-profile-contrib-settings p {
 -  margin: 0 0 1rem;
 +.shithub-contrib-setting-item span span {
 +  display: block;
    color: var(--fg-muted);
    line-height: 1.45;
+ }
 -.shithub-profile-contrib-settings p:last-child {
 -  margin-bottom: 0;
 -}
  .shithub-profile-contrib-layout {
    display: grid;
    grid-template-columns: minmax(0, 1fr) 112px;
    width: 0;
    height: 0;
    border: 5px solid transparent;
 -  border-top-color: var(--fg-muted);
 +  border-top-color: #6e7681;
    transform: translateX(-50%);
    pointer-events: none;
+ }
    max-width: min(260px, 80vw);
    padding: 0.35rem 0.55rem;
    border-radius: 6px;
 -  background: var(--fg-muted);
 +  background: #6e7681;
    color: #fff;
    box-shadow: 0 8px 18px rgba(1,4,9,0.35);
    font-size: 0.75rem;

internal/web/templates/profile/view.htmlmodified

        <section class="shithub-profile-contributions" aria-labelledby="contrib-h">
          <div class="shithub-profile-contrib-head">
            <h2 id="contrib-h">{{ .Contributions.Total }} contribution{{ pluralize .Contributions.Total "" "s" }} {{ .Contributions.Period }}</h2>
 +          {{ if .IsSelf }}
            <details class="shithub-profile-contrib-settings">
              <summary>Contribution settings {{ octicon "triangle-down" }}</summary>
 -            <div>
 -              <strong>Private contributions</strong>
 -              <p>Private contribution counts are shown only when those repositories are visible to you.</p>
 -              <strong>Activity overview</strong>
 -              <p>Activity is summarized from visible repositories on this shithub instance.</p>
 +            <div class="shithub-contrib-settings-menu">
 +              <form method="post" action="{{ .ContributionSettingsAction }}">
 +                <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
 +                <input type="hidden" name="return_to" value="{{ .ContributionSettingsReturn }}">
 +                <input type="hidden" name="include_private_contributions" value="{{ if .Contributions.IncludePrivateContributions }}0{{ else }}1{{ end }}">
 +                <button type="submit" class="shithub-contrib-setting-item" aria-pressed="{{ .Contributions.IncludePrivateContributions }}">
 +                  <span class="shithub-contrib-setting-check" aria-hidden="true">{{ if .Contributions.IncludePrivateContributions }}{{ octicon "check" }}{{ end }}</span>
 +                  <span>
 +                    <strong>Private contributions</strong>
 +                    <span>{{ if .Contributions.IncludePrivateContributions }}Turning off private contributions will show only public activity on your profile.{{ else }}Turning on private contributions will show private activity counts on your profile.{{ end }}</span>
 +                  </span>
 +                </button>
 +              </form>
 +              <div class="shithub-contrib-setting-item is-static">
 +                <span class="shithub-contrib-setting-check" aria-hidden="true"></span>
 +                <span>
 +                  <strong>Activity overview</strong>
 +                  <span>Turning on the activity overview will show an overview of your activity across organizations and repositories.</span>
 +                </span>
 +              </div>
              </div>
            </details>
 +          {{ end }}
          </div>
          <div class="shithub-profile-contrib-layout">
                  {{ range .Contributions.Weeks }}
                  <div class="shithub-contrib-week">
                    {{ range .Days }}
 -                  <span class="shithub-contrib-day level-{{ .Level }}{{ if .IsFuture }} is-future{{ end }}{{ if not .IsInWindow }} is-outside{{ end }}" title="{{ .Title }}" data-title="{{ .Title }}" data-date="{{ .Date }}" data-count="{{ .Count }}" aria-label="{{ .Title }}" tabindex="0"></span>
 +                  <span class="shithub-contrib-day level-{{ .Level }}{{ if .IsFuture }} is-future{{ end }}{{ if not .IsInWindow }} is-outside{{ end }}" data-title="{{ .Title }}" data-date="{{ .Date }}" data-count="{{ .Count }}" aria-label="{{ .Title }}" tabindex="0"></span>
                    {{ end }}
                  </div>
                  {{ end }}

internal/webhook/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

internal/worker/sqlc/models.gomodified

+ }
  type User struct {
 -	ID                int64
 -	Username          string
 -	DisplayName       string
 -	PrimaryEmailID    pgtype.Int8
 -	PasswordHash      string
 -	PasswordAlgo      string
 -	PasswordUpdatedAt pgtype.Timestamptz
 -	EmailVerified     bool
 -	LastLoginAt       pgtype.Timestamptz
 -	SuspendedAt       pgtype.Timestamptz
 -	SuspendedReason   pgtype.Text
 -	DeletedAt         pgtype.Timestamptz
 -	CreatedAt         pgtype.Timestamptz
 -	UpdatedAt         pgtype.Timestamptz
 -	Bio               string
 -	Location          string
 -	Website           string
 -	Company           string
 -	Pronouns          string
 -	AvatarObjectKey   pgtype.Text
 -	Theme             string
 -	SessionEpoch      int32
 -	IsSiteAdmin       bool
 +	ID                          int64
 +	Username                    string
 +	DisplayName                 string
 +	PrimaryEmailID              pgtype.Int8
 +	PasswordHash                string
 +	PasswordAlgo                string
 +	PasswordUpdatedAt           pgtype.Timestamptz
 +	EmailVerified               bool
 +	LastLoginAt                 pgtype.Timestamptz
 +	SuspendedAt                 pgtype.Timestamptz
 +	SuspendedReason             pgtype.Text
 +	DeletedAt                   pgtype.Timestamptz
 +	CreatedAt                   pgtype.Timestamptz
 +	UpdatedAt                   pgtype.Timestamptz
 +	Bio                         string
 +	Location                    string
 +	Website                     string
 +	Company                     string
 +	Pronouns                    string
 +	AvatarObjectKey             pgtype.Text
 +	Theme                       string
 +	SessionEpoch                int32
 +	IsSiteAdmin                 bool
 +	IncludePrivateContributions bool
+ }
  type UserEmail struct {

tenseleyflow/shithub / `f1b97dc`

27 changed files