mirror of
1
Fork 0
Commit Graph

3178 Commits

Author SHA1 Message Date
zeripath 1cd8d0ca0e
Fix NPE on view commit with notes (#15561)
Fix #15558

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-21 19:00:27 +01:00
Lunny Xiao 2255afffad
Fix lfs management find (#15537)
Fix #15236

* Do not do 40byte conversion within ParseTreeLine
* Missed a to40ByteSHA

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-04-21 18:31:59 +02:00
Lunny Xiao 9d99f6ab19
Refactor renders (#15175)
* Refactor renders

* Some performance optimization

* Fix comment

* Transform reader

* Fix csv test

* Fix test

* Fix tests

* Improve optimaziation

* Fix test

* Fix test

* Detect file encoding with reader

* Improve optimaziation

* reduce memory usage

* improve code

* fix build

* Fix test

* Fix for go1.15

* Fix render

* Fix comment

* Fix lint

* Fix test

* Don't use NormalEOF when unnecessary

* revert change on util.go

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* rename function

* Take NormalEOF back

Co-authored-by: zeripath <art27@cantab.net>
2021-04-19 18:25:08 -04:00
Lunny Xiao a3c4c57b7c
Fix bug on commit graph (#15517) 2021-04-17 10:27:25 +01:00
Kyle D f44543a1bb
Disable Stars config option (#14653)
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
2021-04-15 18:53:57 +02:00
6543 2a42d80d14
migration: github: if rate limit is not enabled, ignore it (#15490) 2021-04-15 15:34:22 +02:00
Lunny Xiao dc5a1d617d
Fix potential copy lfs records failure when fork a repository (#15441) 2021-04-14 22:15:28 +01:00
Naohisa Murakami 1426601cf7
Use index of the supported tags to choose user lang (#15452)
Fix #14793.

The previous implementation used the first return value of matcher.Match, which is the chosen language tag but may contain extensions such as de-DE-u-rg-chzzzz.

As mentioned in the documentation of language package, matcher.Match also returns the index of the supported tags, so I think it is better to use it rather than manipulate the returned language tag.
2021-04-14 19:52:01 +01:00
zeripath 1ee776970a
Fix ambiguous argument error on tags (#15432)
There is a weird gotcha with GetTagCommitID that because it uses git rev-list
can cause an ambiguous argument error.

This PR simply makes tags use the same code as branches.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-14 16:22:37 +02:00
zeripath 8e2a8efd84
Prevent superfluous response.WriteHeader (#15456)
This PR simply checks the status before writing the header.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-14 14:57:18 +02:00
Martin Michaelis 55eb1745bd
OAuth2 auto-register (#5123)
* Refactored handleOAuth2SignIn in routers/user/auth.go

The function handleOAuth2SignIn was called twice but some code path could only
be reached by one of the invocations. Moved the unnecessary code path out of
handleOAuth2SignIn.


* Refactored user creation

There was common code to create a user and display the correct error message.
And after the creation the only user should be an admin and if enabled a
confirmation email should be sent. This common code is now abstracted into
two functions and a helper function to call both.

* Added auto-register for OAuth2 users

If enabled new OAuth2 users will be registered with their OAuth2 details.
The UserID, Name and Email fields from the gothUser are used.
Therefore the OpenID Connect provider needs additional scopes to return
the coresponding claims.

* Added error for missing fields in OAuth2 response

* Linking and auto linking on oauth2 registration

* Set default username source to nickname

* Add automatic oauth2 scopes for github and google

* Add hint to change the openid connect scopes if fields are missing

* Extend info about auto linking security risk

Co-authored-by: Viktor Kuzmin <kvaster@gmail.com>
Signed-off-by: Martin Michaelis <code@mgjm.de>
2021-04-14 14:02:12 +02:00
Lunny Xiao 66f0fd0959
Add NeedPostProcess for Parser interface to improve performance of csv render (#15153) 2021-04-13 15:06:31 +08:00
KN4CK3R a35a5b225c
Add ETag header (#15370)
* Add ETag header.

* Comply with RFC 7232.

* Moved logic into httpcache.go

* Changed name.

* Lint

* Implemented If-None-Match list.

* Fixed missing header on *

* Removed weak etag support.

* Removed * support.

* Added unit test.

* Lint

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-12 10:49:26 -04:00
6543 83d771c1c7
use repo1_bare to test against (#15402) 2021-04-11 11:45:29 -04:00
zeripath c680eb2cc7
Links in markdown should be absolute to the repository not the server (#15088)
* Links in markdown should be absolute to the repository not the server

Fix #15075

Signed-off-by: Andrew Thornton <art27@cantab.net>

* match github

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-04-11 00:26:28 +08:00
zeripath 84f5a0bc62
Always set the merge base used to merge the commit (#15352)
The issue is that the TestPatch will reset the PR MergeBase - and it is possible for TestPatch to update the MergeBase whilst a merge is ongoing. The ensuing merge will then complete but it doesn't re-set the MergeBase it used to merge the PR.

Fixes the intermittent error in git test.

Signed-off-by: Andrew Thornton art27@cantab.net
2021-04-10 09:27:29 +01:00
zeripath 136a20926c
Turn RepoRef and RepoAssignment back into func(*Context) (#15372)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-09 20:26:08 -04:00
zeripath b9ed3cbc26
Upgrade to bluemonday 1.0.7 (#15379)
* Upgrade to bluemonday 1.0.7

Fix #15349

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve unit test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-09 19:13:06 -04:00
6543 9c4601bdf8
Code Formats, Nits & Unused Func/Var deletions (#15286)
* _ to unused func options

* rm useless brakets

* rm trifial non used models functions

* rm dead code

* rm dead global vars

* fix routers/api/v1/repo/issue.go

* dont overload import module
2021-04-09 09:40:34 +02:00
6543 147826a577
[API] pull notification subject status: add "merged" (#15344)
Current subject status can be "", "open" and "closed". This add "merged" to it.
2021-04-09 03:36:23 +02:00
KN4CK3R c03e488e14
Add LFS Migration and Mirror (#14726)
* Implemented LFS client.

* Implemented scanning for pointer files.

* Implemented downloading of lfs files.

* Moved model-dependent code into services.

* Removed models dependency. Added TryReadPointerFromBuffer.

* Migrated code from service to module.

* Centralised storage creation.

* Removed dependency from models.

* Moved ContentStore into modules.

* Share structs between server and client.

* Moved method to services.

* Implemented lfs download on clone.

* Implemented LFS sync on clone and mirror update.

* Added form fields.

* Updated templates.

* Fixed condition.

* Use alternate endpoint.

* Added missing methods.

* Fixed typo and make linter happy.

* Detached pointer parser from gogit dependency.

* Fixed TestGetLFSRange test.

* Added context to support cancellation.

* Use ReadFull to probably read more data.

* Removed duplicated code from models.

* Moved scan implementation into pointer_scanner_nogogit.

* Changed method name.

* Added comments.

* Added more/specific log/error messages.

* Embedded lfs.Pointer into models.LFSMetaObject.

* Moved code from models to module.

* Moved code from models to module.

* Moved code from models to module.

* Reduced pointer usage.

* Embedded type.

* Use promoted fields.

* Fixed unexpected eof.

* Added unit tests.

* Implemented migration of local file paths.

* Show an error on invalid LFS endpoints.

* Hide settings if not used.

* Added LFS info to mirror struct.

* Fixed comment.

* Check LFS endpoint.

* Manage LFS settings from mirror page.

* Fixed selector.

* Adjusted selector.

* Added more tests.

* Added local filesystem migration test.

* Fixed typo.

* Reset settings.

* Added special windows path handling.

* Added unit test for HTTPClient.

* Added unit test for BasicTransferAdapter.

* Moved into util package.

* Test if LFS endpoint is allowed.

* Added support for git://

* Just use a static placeholder as the displayed url may be invalid.

* Reverted to original code.

* Added "Advanced Settings".

* Updated wording.

* Added discovery info link.

* Implemented suggestion.

* Fixed missing format parameter.

* Added Pointer.IsValid().

* Always remove model on error.

* Added suggestions.

* Use channel instead of array.

* Update routers/repo/migrate.go

* fmt

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-04-08 18:25:57 -04:00
zeripath fa3895ce81
Move modules/forms to services/forms (#15305)
Forms are dependent on models and therefore should be in services.

This PR also removes the old auth. aliasing

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-06 20:44:05 +01:00
zeripath b101fa83a6
Fix bug in Wrap (#15302)
Whilst doing other work I have noticed that there is an issue with Wrap when passing an
http.Handler - the next should be the next handler in line not empty.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-06 17:40:56 +02:00
KN4CK3R 5f18404045
Close file on invalid range (Addition to #15166) (#15268)
* Close file on invalid range.

* Close on seek error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Moved 'Seek' into server.

* io.ReadSeekCloser is only available in Go 1.16

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-06 21:22:34 +08:00
zeripath 04196b7658
Update to bluemonday-1.0.6 (#15294)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-05 17:38:31 -04:00
6543 16dea6cebd
[refactor] replace int with httpStatusCodes (#15282)
* replace "200" (int) with "http.StatusOK" (const)

* ctx.Error & ctx.HTML

* ctx.JSON Part1

* ctx.JSON Part2

* ctx.JSON Part3
2021-04-05 11:30:52 -04:00
zeripath 0bb8bd8190
Add size to Save function (#15264)
Fix #15253

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-03 18:19:59 +02:00
KN4CK3R 3cc7d27b6f
Close file on invalid range (#15166)
* Close file on invalid range.

* Close on seek error

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-03 14:44:12 +02:00
6543 80d6c6d7de
[refactor] mailer service (#15072)
* Unexport SendUserMail

* Instead of "[]*models.User" or "[]string" lists infent "[]*MailRecipient" for mailer

* adopt

* code format

* TODOs for "i18n"

* clean

* no fallback for lang -> just use english

* lint

* exec testComposeIssueCommentMessage per lang and use only emails

* rm MailRecipient

* Dont reload from users from db if you alredy have in ram

* nits

* minimize diff

Signed-off-by: 6543 <6543@obermui.de>

* localize subjects

* linter ...

* Tr extend

* start tmpl edit ...

* Apply suggestions from code review

* use translation.Locale

* improve mailIssueCommentBatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add i18n to datas

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a comment

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-04-02 11:25:13 +01:00
zeripath ff460ca74d
Speed up `enry.IsVendor` (#15213)
`enry.IsVendor` is kinda slow as it simply iterates across all regexps.
This PR ajdusts the regexps to combine them to make this process a
little quicker.

Related #15143

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-04-01 19:41:09 +02:00
a1012112796 43fb4921e3
response simple text message for not html request when 404 (#15229)
* response simple text message for not html request when response 404

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-04-01 17:11:42 +02:00
a1012112796 007fb00c0e
response 404 for diff/patch of a commit that not exist (#15221)
* response 404 for diff/patch of a commit that not exist

fix #15217

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update routers/repo/commit.go

Co-authored-by: silverwind <me@silverwind.io>

* use ctx.NotFound()

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
2021-04-01 08:17:14 +03:00
zeripath 113c1557ff
Fix regression from #14623 - use debug SVC handler only on interactive sessions (#15210)
Unfortunately #14623 changed from the deprecated IsInteractiveSession to
IsWindowsService without recognising that they are the complement of
each other.

This means that Windows SVC control is not working correctly. This PR
adds some Tracing statements but also fixes the bug.

Fix #15159

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-31 22:48:48 +03:00
a1012112796 f5b6dc9759
add 'fonts' into 'KnownPublicEntries' (#15188)
fix #15184

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-03-30 15:47:34 +03:00
KN4CK3R 0c6137617f
Add Tabular Diff for CSV files (#14661)
Implements request #14320 The rendering of CSV files does match the diff style.

* Moved CSV logic into base package.

* Added method to create a tabular diff.

* Added CSV compare context.

* Added CSV diff template.

* Use new table style in CSV markup.

* Added file size limit for CSV rendering.

* Display CSV parser errors in diff.

* Lazy read single file.

* Lazy read rows for full diff.

* Added unit tests for various CSV changes.
2021-03-29 22:44:28 +02:00
a1012112796 3273fb9af1
use level config in main section when subsection not set level (#15176)
in previouse if a log subsetcion not set level
it will use ``info`` as default value.

this pr will make default value (``[log] -> LEVEL``) useable.

example config:
```INI
[log]
MODE = console
LEVEL = Trace

[log.console]
LEVEL =
STDERR = false
```

previous result:
```JSON
// console:
{
  "level": "info",
  ...................
}
```

after change:

```JSON
// console:
{
  "level": "track",
  ...................
}
```

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-28 20:08:19 +01:00
zeripath 82d1a7fb17
Update repository size on cron gc task (#15177)
git gc cron could change the size of the repository therefore we should update the
size of the repo stored in our database.

Also significantly improve the efficiency of counting lfs associated with the
repository
2021-03-28 05:56:28 +02:00
sotho e7609929c1
Expose resolver via API (#15167)
* Expose resolver via API
2021-03-28 00:37:51 +01:00
6543 290cf75f93
[refactor] Unify the export of user data via API (#15144)
* [refactor] unify how user data is exported via API

* test time via unix timestamp
2021-03-27 17:45:26 +01:00
parnic f4d27498bd
Add DefaultMergeStyle option to repository (#14789)
Fixes #12293
2021-03-27 15:55:40 +01:00
6543 dc56fb7c84
fix regression of 15139 (#15164) 2021-03-26 03:46:41 +01:00
zeripath b68eb54f95
Clusterfuzz found another way (#15160)
Clusterfuzz found another way so I found another way to stop it

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-26 01:21:00 +02:00
sotho f2844b7583
Fix wrong user returned in API (#15139)
The API call: GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
returns always the reviewer, but should return the poster.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-03-24 21:26:15 +01:00
6543 5f038cd7fe
[Vendor] update gitea-sdk v0.14.0 (#15103)
* upgraded code.gitea.io/sdk/gitea v0.13.2 => v0.14.0

* rm workaround
2021-03-22 18:03:18 +01:00
zeripath a587a28434
Fix another clusterfuzz identified issue (#15096)
* Fix another clusterfuzz identified issue

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-22 02:45:01 +01:00
6543 24f7bd5899
Use i18n.Reset to reload locales (#15073) 2021-03-21 16:11:36 +01:00
a1012112796 17731e05ff
fix double 'push tag' action feed (#15078)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-03-21 11:11:22 +01:00
6543 78e8f62706
[Refactor] remove possible resource leak (#15067)
* move "copy uploaded lfs files 2 repo" to own function for "defer file.Close()"

* rm type overload

* Update modules/repofiles/upload.go

Co-authored-by: zeripath <art27@cantab.net>
2021-03-21 00:30:29 +08:00
Lunny Xiao cf549500e0
Fix bug when upload on web (#15042)
* Fix bug when upload on web

* move into own function

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-03-19 23:49:29 +01:00
6543 a3a65137ba
Delete Labels & IssueLabels on Repo Delete too (#15039)
* Doctor: find IssueLabels without existing label

* on Repo Delete: delete labels & issue_labels too

* performance nits

* Add Migration: Delete orphaned IssueLabels

* Migration v174: use Sync2

* USE sess !!!

* better func name

* code format & comment

* RAW SQL

* Update models/migrations/v176.go

* next try?
2021-03-19 21:01:24 +02:00
zeripath dace0ce1b1
Prevent addition of labels from outside the repository or organisation in issues (#14912)
* Never add labels not from this repository or organisation and remove org labels on transfer

Prevent the addition of labels from outside of the repository or
organisation and remove organisation labels on transfer.

Related #14908

Signed-off-by: Andrew Thornton <art27@cantab.net>

* switch to use sql

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove AS

Signed-off-by: Andrew Thornton <art27@cantab.net>

* subquery alias

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Give me some AS?

Signed-off-by: Andrew Thornton <art27@cantab.net>

* double AS

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* once more around the merry go round

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix api problem

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add outside label consistency check into doctor

This PR adds another consistency check into doctor in order to detect
labels that have been added from outside of repositories and organisations

Fix #14908

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix migration

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prep for merge

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-19 21:25:14 +08:00
zeripath c0c052bdbb
another clusterfuzz spotted issue (#15032)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-18 22:37:11 +01:00
KN4CK3R e8ad6c1ff3
Do not convert file path to lowercase (#15023)
* Do not convert file path to lowercase.

* lint

* Check against lowercase hostname.
2021-03-18 13:58:47 +00:00
zeripath 070c57867d
Fix postgres ID sequences broken by recreate-table (#15015)
* Fix postgres ID sequences broken by recreate-table

Unfortunately there is a subtle problem with recreatetable on postgres which
leads to the sequences not being renamed and not being left at 0.

Fix #14725

Signed-off-by: Andrew Thornton <art27@cantab.net>

* let us try information_schema instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-18 02:06:40 -04:00
zeripath 71aca93dec
Remove extraneous logging (#15020)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-18 04:25:52 +01:00
a1012112796 27b8eff96b
support gitmailmap in GetCodeActivityStats() (#15009)
ref:
- https://git-scm.com/docs/gitmailmap
- https://git-scm.com/docs/git-log#Documentation/git-log.txt-emaNem

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: zeripath <art27@cantab.net>
2021-03-17 17:00:26 -04:00
Norwin f4629fc472
Move repo.CloseIssuesViaCommitInAnyBranch to issue settings (#14965) 2021-03-16 02:00:52 +01:00
zeripath ed31ddc29a
Fix several render issues (#14986)
* Fix an issue with panics related to attributes
* Wrap goldmark render in a recovery function
* Reduce memory use in render emoji
* Use a pipe for rendering goldmark - still needs more work and a limiter

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-16 00:20:05 +01:00
Lauris BH 044cd4d016
Add reverse proxy configuration support for remote IP address (#14959)
* Add reverse proxy configuration support for remote IP address validation

* Trust all IP addresses in containerized environments by default

* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-16 00:27:28 +02:00
zeripath 6e423d5573
Ensure validation occurs on clone addresses too (#14994)
* Ensure validation occurs on clone addresses too

Fix #14984

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix api tests

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-15 17:52:11 -04:00
zeripath 164e35ead3
Make sure sibling images get a link too (#14979)
* Make sure sibling images get a link too

Due a problem with the ast.Walker in the our transformer in goldmark
an image with a sibling image will not be transformed to gain a parent
link. This PR fixes this.

Fix #12925

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-14 16:36:51 +00:00
zeripath 91ee3be588
Prevent incorrect HTML escaping in swagger.json (#14957)
* Prevent incorrect HTML escaping in swagger.json

Fix #14706

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops add it to the helper

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-11 23:43:04 -05:00
zeripath c8e5c79cfd
Add ui.explore settings to control view of explore pages (2) (#14094)
This is an alternative PR to #13687.

Add `[ui.explore]` settings to allow restricting the
explore pages to logged in users only and to disable the users explore page.

The two proposed settings are:

- `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the
user is signed in. Also restricts
  - `/api/v1/user/search`
  - `/api/v1/users/{username}`
  - `/api/v1/users/{username}/repos`
  - but does not restrict `/api/v1/users/{username}/heatmap`
- `DISABLE_USERS_PAGE`: Disables the /explore/users page

Fix #2908

Close #13687 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-11 13:40:54 +00:00
6543 177da717a7
[API] get pull, return head branch sha, even if deleted (#14931)
* API: return head branch sha, even if deleted

* relax if ref not resolvable
2021-03-08 21:48:31 +01:00
6543 14d8cb7819
Move Workaround for #12675 into it's own function (#14922)
* Move Workatround for #12675 into it's own function

* use more reliable solution (as tea do)
2021-03-08 20:00:19 +01:00
zeripath eb576269d4
Re-enable import local paths after reversion from #13610 (#14925)
PR #13610 unfortunately disabled importing repositories from local paths.
This PR restores this functionality.

Fix #14700

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-08 13:10:17 +00:00
zeripath c03f530212
Make internal SSH server host key path configurable (#14918)
* Make SSH server host key path configurable

* make it possible to have multiple keys

* Make gitea.rsa the default key

* Add some more logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-08 03:43:59 +01:00
zeripath 9b261f52f0
Add SameSite setting for cookies (#14900)
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. 

There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR.

Fix #5583

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-07 08:12:43 +00:00
zeripath a68db9076a
Fix race in LFS ContentStore.Put(...) (#14895)
Continuing on from #14888

The previous implementation has race whereby an incomplete upload or
hash mismatch upload can end up in the ContentStore. This PR moves the
validation into the reader so that if there is a hash error or size
mismatch the reader will return with an error instead of an io.EOF
causing the storage to abort the storage.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-06 20:21:56 +00:00
zeripath 20f13bfdfc
Fix a couple of issues with a feeds (#14897)
@CirnoT spotted a couple of issues with feeds on discord.

This PR fixes both of these.
2021-03-06 05:09:49 +01:00
zeripath 144cfe5720
Fix race in local storage (#14888)
LocalStorage should only put completed files in position

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-05 14:19:17 +01:00
a1012112796 a5279b74b6
Make manual merge autodetection optional and add manual merge as merge method (#12543)
* Make auto check manual merge as a chooseable mod and add manual merge way on ui

as title, Before this pr, we use same way with GH to check manually merge.
It good, but in some special cases, misjudgments can occur. and it's hard
to fix this bug. So I add option to allow repo manager block "auto check manual merge"
function, Then it will have same style like gitlab(allow empty pr). and to compensate for
not being able to detect THE PR merge automatically, I added a manual approach.

Signed-off-by: a1012112796 <1012112796@qq.com>

* make swager

* api support

* ping ci

* fix TestPullCreate_EmptyChangesWithCommits

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Apply review suggestions and add test

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* fix build

* test error message

* make fmt

* Fix indentation issues identified by @silverwind

Co-authored-by: silverwind <me@silverwind.io>

* Fix tests and make manually merged disabled error on API the same

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a small nit

* fix wrong commit id error

* fix bug

* simple test

* fix test

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-03 22:41:23 -05:00
zeripath 523efa433b
Move Bleve and Elastic code indexers to use a common cat-file --batch (#14781)
* Extract out the common cat-file batch calls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move bleve and elastic indexers to use a common cat-file --batch when indexing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move catfilebatch to batch_reader and rename to batch_reader.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-03-03 21:57:01 -05:00
zeripath 59d1cc49f1
Fix paging of file commit logs (#14831)
Unfortunately `git log revision ... --skip=x -- path` skips the number of commits
not the number of commits relating to the path.

This PR changes the function to have a reader that reads and skips the
necessary number of commits by hand instead.

Fix #8716

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-04 02:48:19 +02:00
zeripath 0bdeb2b302
Add missing repo.projects unit into swagger (#14876)
Fix #14875

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-03 23:44:30 +01:00
zeripath f0e15250b9
Migrate to use jsoniter instead of encoding/json (#14841)
* Migrate to use jsoniter

* fix tests

* update gitea.com/go-chi/binding

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-01 22:08:10 +01:00
a1012112796 6cf97df9fd
remove duplicate define of CheckAttribute() (#14837)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-03-01 14:14:17 +02:00
6543 a4148c0f12
Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications
2021-03-01 01:47:30 +01:00
a1012112796 83cf1a894e
Create tag on ui (#13467)
Support create single tag directly

support create tag with message from create release ui

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-02-28 19:57:45 +00:00
zeripath cf29cb30d3
Prevent use of double sub-path and incorrect asset path in manifest (#14827)
MakeAbsoluteAssetURL should just url join the static url prefix on to appurl
if it is not an absolute path - this is because StaticURLPrefix is an absolute
prefix not a relative prefix to the app sub url.

Fix #14422

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-28 12:29:22 +00:00
zeripath 3d8b5ad5f3
Fix a couple of CommentAsPatch issues. (#14804)
* CutDiffAroundLine makes the incorrect assumption that `---` and `+++` always represent part of the header of a diff.

This PR adds a flag to its parsing to prevent this problem and adds a streaming parsing technique to CutDiffAroundLine using an io.pipe instead of just sending data to an unbounded buffer.

Fix #14711

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle unquoted comment patch files

When making comment patches unfortunately the patch does not always quote the filename
This makes the diff --git header ambiguous again.

This PR finally adds handling for ambiguity in to parse patch

Fix #14812

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add in testing for no error

There is no way currently for CutDiffAroundLine in this test to cause an
error however, it should still be tested.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-27 19:46:14 +01:00
Lunny Xiao e79dae29cc
Fix repo-restore bug with poster not replaced (#14759)
* Fix restore bug

* Fix restore bug

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-02-22 11:57:41 +08:00
Lunny Xiao bd9361384a
Fix go get (#14758)
* Fix go get

* Fix default branch

Co-authored-by: 6543 <6543@obermui.de>
2021-02-22 00:51:15 +08:00
6543 190bd0accd
Export LFS & TimeTracking function status (#14753) 2021-02-20 11:17:51 +01:00
zeripath 65c940f66c
Prevent endless loop if templates missing (#14752)
Since the chi upgrade if the templates are missing an endless loop will occur if
status/500.tmpl is missing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-20 12:26:57 +08:00
Norwin 91424fff3d
stopwatch notif: check if timetracking is enabled (#14750)
fixes #14435
2021-02-20 00:06:56 +01:00
zeripath aa4f9180e4
Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999)
Also removes some unnecessary uses of fmt.Sprintf and adds documentation
strings

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-19 22:36:43 +01:00
Lunny Xiao 6362b24a59
Fix when a commit not found returned 500 (#14732)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-02-18 19:40:17 -05:00
6543 8d5c795cc4
[API] Add Restricted Field to User (#14630)
* Expose Restricted field for User

* Add Option to Change Restricted on User via adminEditUser API

* Add test who change restricted & test if it changed it ...

* make generate-swagger

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-18 16:25:35 +08:00
zeripath 7ab6c77b41
Remove NULs byte arrays passed to PostProcess (#14587)
PostProcess is supposed to be parsing and handling HTML
fragments, but on fuzzing it appears that there is a weird
issue with NUL elements that could cause a memory address
error in downstream libraries.

The simplest solution is to strip out the weird NULs - they
should not be there in any case and would be stripped out
anyway.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-18 02:32:14 +01:00
Lunny Xiao ec06eb112c
Fix github download on migration (#14703)
* Fix github download on migration

* Use Context for Client

Co-authored-by: zeripath <art27@cantab.net>
2021-02-18 01:36:49 +01:00
zeripath ae7e6cd474
Reduce calls to git cat-file -s (#14682)
* Reduce calls to git cat-file -s

There are multiple places where there are repeated calls to git cat-file
-s due to the blobs not being created with their size.

Through judicious use of git ls-tree -l and slight adjustments to the
indexer code we can avoid a lot of these calls.

* simplify by always expecting the long format

* Also always set the sized field and tell the indexer the update is sized
2021-02-17 22:32:25 +01:00
zeripath 7ba158183a
Use cat-file --batch in GetLanguageStats (#14685)
* Use cat-file --batch in GetLanguageStats

This PR moves to using a single cat-file --batch in GetLanguageStats
significantly reducing the number of processes spawned during language stat
processing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/git/repo_language_stats_nogogit.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-17 14:32:47 -05:00
zeripath ad43b119a8
Add Password Algorithm option to install page (#14701)
Add Password Algorithm option to install page

Fix #14674 

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-02-16 23:37:20 +01:00
zeripath 66a148e398
Restore detection of branches are equal on compare page (#14586)
Somehow the test for detecting if branches are equal broke
this PR restores this functionality.

Fix #14502

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-16 16:39:45 +01:00
zeripath 0a9a484e1e
Create DB session provider(based on xorm) (#13031)
* Create Xorm session provider

This PR creates a Xorm session provider which creates
the appropriate Session table for macaron/session.

Fix #7137

Signed-off-by: Andrew Thornton <art27@cantab.net>

* extraneous l

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use key instead of ID to be compatible with go-macaron/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* And change the migration too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update spacing of imports

Co-authored-by: 6543 <6543@obermui.de>

* Update modules/session/xorm.go

Co-authored-by: techknowlogick <matti@mdranta.net>

* add xorm provider to the virtual provider

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prep for master merge

* prep for merge master

* As per @lunny

* move migration out of the way

* Move to call this db session as per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-02-15 00:33:31 -05:00
Damien Goutte-Gattat fc4a8c2980
Allow blocking some email domains from registering an account (#14667)
Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account.

The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that.

The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.

close #13628
2021-02-15 00:31:29 +01:00
zeripath c9f1baf620
Prevent template renderer from rendering error (#14646)
When there is a panic during template rendering unrolled/render
will automatically render the error. This leads to the
panic being displayed in the page and not a 500 page

Fix #14467
Fix #14525

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-13 19:41:53 +00:00
zeripath b3c2e23cbb
Prevent race in PersistableChannelUniqueQueue.Has (#14651)
There is potentially a race with a slow starting internal
queue causing a NPE if Has is checked before the internal
queue has been setup.

This PR adds a lock on the Has() fn.

Fix #14311

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-13 20:02:09 +01:00
Lunny Xiao 5e4fa7c703
Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one (#14673)
* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one

* Add a warning on document
2021-02-13 18:03:29 +01:00
6543 0a4c2d75cd
rm gogs relict (#14665) 2021-02-14 00:07:17 +08:00
Paweł Bogusławski 7d7007dca7
Added option to disable webhooks (#13176)
* Added option to disable web hooks

This mod introduces DISABLE_WEB_HOOKS parameter in [security] section
of app.ini (by default set to false). If set to true it disables web
hooks feature. Any existing undelivered web hook tasks will be cancelled.
Any existing web hook definitions will be left untouched in db but
its delivery tasks will be ignored.

Author-Change-Id: IB#1105130

* Webhook spelling fixed

Webhook spelling fixed.

Fixes: 07df6614dc
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-510868421
Author-Change-Id: IB#1105174

* Parameter description fixed

Parameter description fixed.

Fixes: 07df6614dc
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-514086107
Author-Change-Id: IB#1105174
2021-02-11 12:34:34 -05:00
a1012112796 ac701637b4
Add dismiss review feature (#12674)
* Add dismiss review feature

refs:
    https://github.blog/2016-10-12-dismissing-reviews-on-pull-requests/
    https://developer.github.com/v3/pulls/reviews/#dismiss-a-review-for-a-pull-request

* change modal ui and error message

* Add unDismissReview api

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-02-11 18:32:25 +01:00
Romain c69c01d2b6
Sort / Move project boards (#14634)
Sort Project board (#14533)
2021-02-11 17:32:27 +01:00
6543 ac97ea573c
[Vendor] Update go-redis to v8.5.0 (#13749)
* Update go-redis to v8.4.0

* github.com/go-redis/redis/v8  v8.4.0 -> v8.5.0

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* TODO

* Use the Queue termination channel as the default context for pushes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missed one

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-02-10 21:28:32 +00:00
zeripath 0a23079485
Do not assume all 40 char strings are SHA1s (#14624)
GetCommit() assumes that all 40 char strings are SHA1s. This leads to an
error if you try to do a PR on a branch which is 40 characters long.

This PR attempts the SHA first - and if it fails will switch to using rev-parse.

Fix #14470

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-10 07:37:25 +00:00
zeripath f9abf94bd9
HasPreviousCommit causes recursive load of commits unnecessarily (#14598)
This PR improves HasPreviousCommit to prevent the automatic and recursive loading
of previous commits using git merge-base --is-ancestor and git rev-list

Fix #13684

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-10 07:00:57 +00:00
zeripath f82b1dd7c3
Prevent adding nil label to .AddedLabels or .RemovedLabels (#14623)
* Prevent adding nil label to .AddedLabels or .RemovedLabels

There are possibly a few old databases out there with malmigrated data that can
cause panics with empty labels being migrated.

This PR adds a few tests to prevent nil labels being added.

Fix #14466

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add doctor command to remove the broken label comments

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-02-10 10:50:44 +08:00
zeripath 30f7ddb833
Ensure memcache TTL cannot be over 30 days (#14592)
Memcached TTL cannot be > 30 days and if it is attempted the TTL is interpreted as
a unix timestamp.

This PR ensures that the TTL is switched to a unix timestamp in those cases.

Fix #14571

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-09 22:29:03 +00:00
zeripath e65cfabda7
Remove spurious DataAsync Error logging (#14599)
Breaking the pipe is a valid way of killing a piped command and any error from
a broken cat-file batch command should be passed back up to the writer any way
therefore specifically logging it is unnecessary.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-02-07 21:04:58 +00:00
Lunny Xiao 240fea8c14
Fix rate limit bug when downloading assets on migrating from github (#14564) 2021-02-07 15:56:11 +00:00
6543 cbe7f5296e
[API] Add affected files of commits to commit struct (#14579)
* Add files affected by a commit to gitea API -- similar to github

* Add files affected by a commit to gitea API

* Fix stupid error

* Fix other stupid typo

* Generate swagger tmpl

* Comply with convert to git commit refacto

* update swagger docs

* extend test

* format code

* Update integrations/api_repo_git_commits_test.go

* Update modules/convert/git_commit.go

Co-authored-by: Laurent Cahour <laurent.cahour@dont-nod.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-02-07 15:43:40 +01:00
John Olheiser 19fccdc45d
Fix locale init (#14582)
just log if lang is already loaded since we can not reload it

Co-authored-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-02-05 22:41:45 +01:00
6543 87009ab40a
Reduce data races (#14549)
* Add race conditions into test

* Fix Race in GetManager()

* DataAsync() use error chan

* just log no chan

* finish
2021-02-03 22:36:38 +01:00
6543 0d1444751f
[API] Add pagination to ListBranches (#14524)
* make PaginateUserSlice generic -> PaginateSlice

* Add pagination to ListBranches

* add skip, limit to Repository.GetBranches()

* Move routers/api/v1/utils/utils PaginateSlice -> modules/util/paginate.go

* repo_module.GetBranches paginate

* fix & rename & more logging

* better description

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2021-02-03 20:06:13 +01:00
Stefan eea4197cd9
Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) 2021-01-30 14:20:32 +01:00
Lunny Xiao 5e20fd6dbf
Move middlewares to web/middleware (#14480)
Co-authored-by: 6543 <6543@obermui.de>
2021-01-30 10:55:53 +02:00
6543 0e0424c8ec
Add Doctor FixWrongUserType (#14522)
* Add Doctor FixWrongUserType

* use NoAutoTime
2021-01-29 19:30:43 +01:00
Lunny Xiao 0cd87d64ff
Update docs and comments to remove macaron (#14491) 2021-01-29 16:35:30 +01:00
Lunny Xiao 87b098f3b6
Fix json charset bug (#14514) 2021-01-29 08:42:47 -05:00
a1012112796 f19da14c34
enhancement: add signoff option in commit form (#14516)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-01-29 16:57:45 +08:00
Lunny Xiao f761c82c94
Fix load time bug (#14508) 2021-01-29 05:33:47 +01:00
6543 99b7af6fc8
Add some Unit-Tests (#14500)
* fix url

* modules/auth/pa: coverage: 40#.0%

* modules/base coverage: 67.6% -> 89.9%

* modules/cache coverage: 0% -> 12.0%

* modules/convert coverage: 27.1% -> 29.7%
2021-01-28 19:08:11 +01:00
Lunny Xiao 154b23da0a
Fix display since time round (#14226)
* Fix display since time round

* Fix since time

* Fix tests
2021-01-28 13:29:22 +01:00
6543 a7cfb9f2c3
Fix JSON Header response (#14499) 2021-01-27 15:46:22 -06:00
Lunny Xiao a51cc6dea4
Fix access log (#14475)
Fix #14121, #14478.

The `AccessLog` middleware has to be after `Contexter` or `APIContexter` so that we can get `LoginUserName` if possible.
And also there is a **BREAK** change that it removed internal API access log.
2021-01-27 18:46:35 +01:00
Lunny Xiao 41c0776568
Fix captcha (#14488)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-27 22:56:54 +08:00
Lunny Xiao 669ff8e9b1
Fix switch language (#14484)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-27 16:20:42 +02:00
PhilAtWysdom af7f71207c
Fix: url.Values map was not initialized (#14485)
Values map was not initialized, leading to error 500 on submission of initial configuration

Co-authored-by: 6543 <6543@obermui.de>
2021-01-27 15:33:32 +02:00
Jui-Nan Lin c10503afec
[Feature] add precise search type for Elastic Search (#12869)
* feat: add type query parameters for specifying precise search

* feat: add select dropdown in search box

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-27 12:00:35 +02:00
Brad Albright a598877fdf
Cron job to cleanup hook_task table (#13080)
Close **Prune hook_task Table (#10741)**

Added a cron job to delete webhook deliveries in the hook_task table. It can be turned on/off and the schedule controlled globally via app.ini. The data can be deleted by either the age of the delivery which is the default or by deleting the all but the most recent deliveries _per webhook_.

Note: I had previously submitted pr #11416  but I closed it when I realized that I had deleted per repository instead of per webhook. Also, I decided allowing the settings to be overridden via the ui was overkill. Also this version allows the deletion by age which is probably what most people would want.
2021-01-26 22:02:42 +01:00
Lunny Xiao 6433ba0ec3
Move macaron to chi (#14293)
Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR.

- [x] Define `context.ResponseWriter` interface with an implementation `context.Response`.
- [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before.
- [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic .
- [x] Use https://github.com/unrolled/render instead of macaron's internal render
- [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip
- [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK**
- [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha
- [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache
- [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding
- [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors
- [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation`
- [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle.
- [x] Removed macaron log service because it's not need any more. **BREAK**
- [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition.
- [x] Move Git HTTP protocol implementation to use routers directly.
- [x] Fix the problem that chi routes don't support trailing slash but macaron did.
- [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. 

Notices:
- Chi router don't support request with trailing slash
- Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI.

Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 16:36:53 +01:00
Dofri Jónsson 012bf388ab
Fix incorrect key name so registerManualConfirm setting works as expected. (#14455) 2021-01-26 09:20:59 +08:00
Andrew Bezold bc05ddc0eb
Redirect on changed user and org name (#11649)
* Add redirect for user

* Add redirect for orgs

* Add user redirect test

* Appease linter

* Add comment to DeleteUserRedirect function

* Fix locale changes

* Fix GetUserByParams

* Fix orgAssignment

* Remove debug logging

* Add redirect prompt

* Dont Export DeleteUserRedirect & only use it within a session

* Unexport newUserRedirect

* cleanup

* Fix & Dedub API code

* Format Template

* Add Migration & rm dublicat

* Refactor: unexport newRepoRedirect() & rm dedub del exec

* if this fails we'll need to re-rename the user directory

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-24 16:23:05 +01:00
6543 4acb499f30
just overload to not get it by mistake again ... (#14440) 2021-01-23 21:33:43 +02:00
6543 a0e424da85
Enhance Ghost comment mitigation Settings (#14392)
* refactor models.DeleteComment and delete related reactions too

* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser

* nits

* Use time.Duration as other time settings have

* docs

* Resolve Fixme & fix potential deadlock

* Disabled by Default

* Update Config Value Description

* switch args

* Update models/issue_comment.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-21 21:56:19 -05:00
6543 81c833d92d
Add support to migrate from gogs (#14342)
Add support to migrate gogs:

  *  issues
  *  comments
  *  labels
  *  milestones
  *  wiki


Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-01-21 20:33:58 +01:00
Norwin b5570d3e68
Display current stopwatch in navbar (#14122)
* add notification about running stopwatch to header

* serialize seconds, duration in stopwatches api

* ajax update stopwatch

i should get my testenv working locally...

* new variant: hover dialog

* noscript compatibility

* js: live-update stopwatch time

* js live update robustness
2021-01-21 15:51:52 +01:00
Artemis Tosini cb08248c33
Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)
* Add support for ed25519_sk and ecdsa_sk SSH keys

These start with sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com.
They are supported in recent versions of go x/crypto/ssh and OpenSSH 8.2
or higher.

* skip ssh-keygen

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-01-20 20:36:55 +00:00
zeripath 172229966c
Prevent panic on fuzzer provided string (#14405)
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-20 23:10:50 +08:00
Lunny Xiao 135b0e502d
Fix log http status is always zero (#14400)
* Fix log http status is always zero

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
2021-01-19 20:47:43 -05:00
Chester Liu 0c0445c97a
Add pager to the branches page (#14202)
* Add pager to the branches page

* override pageSize if bigger than max

* Make branches commit range configurable

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2021-01-19 05:07:38 +01:00
6543 2686e6bbbe
Check if label template exist first (#14384)
* add check

* refactor

* rollback repo on error after session closed
2021-01-18 21:00:50 +01:00
Lauris BH f5abe2f563
Upgrade blevesearch dependency to v2.0.1 (#14346)
* Upgrade blevesearch dependency to v2.0.1

* Update rupture to v1.0.0

* Fix test
2021-01-17 20:21:14 -05:00
6543 21da519c0c
Implement ghost comment mitigation (#14349)
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
2021-01-17 21:48:38 +01:00
Lauris BH 0a3c3357f3
Sort issue search results by revelance (#14353) 2021-01-16 12:55:17 +08:00
Kyle D bfd0c47ef6
Kd/fix allow svg doctype (#14344)
* make svg regex case-insensitive & use strict word boundary

* allow doctype svg

* add doctype tests

* allow <!DOCTYPE svg> and <svg/>
2021-01-15 17:38:41 +08:00
Lunny Xiao 84b147c7f0
Use IsProd instead of testing if it's equal. (#14336)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-14 23:17:03 +02:00
Lunny Xiao f76c30094f
Fix typo (#14332) 2021-01-14 23:35:10 +08:00
Jonathan Tran 81467e6f35
Display SVG files as images instead of text (#14101)
* Change to display SVG files as images

* Remove unsafe styles from SVG CSP

* Add integration test to test SVG headers

* Add config setting to disable SVG rendering

* Add test for img tag when loading SVG image

* Remove the Raw view button for svg files since we don't fully support this

* Fix copyright year

* Rename and move config setting

* Add setting to cheat sheet in docs

* Fix so that comment matches cheat sheet

* Add allowing styles in CSP based on pull request feedback

* Re-enable raw button since we show SVG styles now

* Change so that SVG files are editable

* Add UI to toggle between source and rendered image for SVGs

* Change to show blame button for SVG images

* Fix to update ctx data

* Add test for DetectContentType when file is longer than sniffLen

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
2021-01-12 22:45:19 -05:00
6543 6b3b6f1833
Add option to change username to the admin panel (#14229)
Co-authored-by: Bwko <bouwko@gmail.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-10 14:14:02 +02:00
Jimmy Praet bcb7f35221
Do not reload page after adding comments in Pull Request reviews (#13877)
Fixed #8861 
* use ajax on PR review page

* handle review comments

* extract duplicate code

FetchCodeCommentsByLine was initially more or less copied from fetchCodeCommentsByReview. Now they both use a common findCodeComments function instead

* use the Engine that was passed into the method

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-08 23:49:55 +02:00
Lunny Xiao 3c96a37162
Some code improvements (#14266) 2021-01-06 19:23:57 +00:00
Lunny Xiao a1c9e8f266
Fix windows build error (#14263)
* fix build

* take flash error message back and fix more windows lint error

* performance optimization

* own step to check lint for windows

Co-authored-by: 6543 <6543@obermui.de>
2021-01-06 09:38:00 +08:00
6543 325add71cf
Add option for administrator to reset user 2FA (#14243)
* Frontend

* Backend

* only show 2FA-Reset option if posible
2021-01-05 14:54:48 +01:00
Lunny Xiao 15a475b7db
Fix recovery middleware to render gitea style page. (#13857)
* Some changes to fix recovery

* Move Recovery to middlewares

* Remove trace code

* Fix lint

* add session middleware and remove dependent on macaron for sso

* Fix panic 500 page rendering

* Fix bugs

* Fix fmt

* Fix vendor

* recover unnecessary change

* Fix lint and addd some comments about the copied codes.

* Use util.StatDir instead of com.StatDir

Co-authored-by: 6543 <6543@obermui.de>
2021-01-05 21:05:40 +08:00
Nuno Silva 44ff1d6a1e
Render links for commit hashes followed by comma (#14224)
Regex test cases: https://regex101.com/r/mVbPxM/2/

fixes #14223
2021-01-03 23:11:10 +08:00
Paul Barton 7576e37a65
Add MirrorInterval to the API (#14163)
* Added MirrorInterval to the API

* Remove MirrorInterval from CreateRepository

* Removed Duplicate UpdateMirror Function

* Updated Error Logging

* Update Log Message for is not Mirror

Co-authored-by: 6543 <6543@obermui.de>

* Delete Debug Statement that snuck in

Co-authored-by: zeripath <art27@cantab.net>

* Add Check for If Interval is too small

* Output to API Call

* Add Error Object when time is Less than Min Interval

* Frequency Error Message

Co-authored-by: zeripath <art27@cantab.net>

* Allow Zero Mirror Interval

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 18:47:47 -05:00
Jimmy Praet e6acce649b
Send notifications for mentions in pulls, issues, (code-)comments (#14218)
Fixes #14187: mention handling extracted from email notification code
Fixes #14013: add notification for mentions in pull request code comments
Fixes #13450: Not receiving any emails with setting "Only Email on Mention"
2021-01-02 18:04:02 +01:00
Lunny Xiao d44f192d3e
When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-01 17:05:45 -05:00
silverwind 1bf7d71a0a
Consolidate Logos and update README header (#14136)
* Consolidate Logos and update README header

- Remove unused `logo-lg.png`, `logo-sm.png` and `logo-192.png`.
- Consolidate `favicon.svg` and `logo.svg` to just `logo.svg`.
- Remove Safari Mask icon, it seems to work fine with just `favicon.png` (no SVG support).
- Remove Fluid Icon. It only served Firefox and SVG works just fine there.
- Update customization instructions.
- Update README.md to use SVG icon, increase logo size and center it and badges.

* Update README_ZH.md

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

* Update README_ZH.md

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-01-01 14:04:35 -05:00
Johnny Oskarsson a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
Chester Liu 632800eda7
Check for 'main' as potential default branch name (#14193) 2020-12-30 15:46:26 +00:00
silverwind 8e5aea88c7
Improve label and text wrapping (#14113)
* Improve label wrapping

- Adjust issue list styles so labels can wrap on the same line as the
  text. This relies on `display: inline` with the HTML whitespace being
  used as the separator.
- Add global word-break: break-word. This should generally avoid text
  overflows in various places.

* add whitespace to history labels

* use overflow-wrap

* restore word-break rules

* use correct pre

* use better selector for middle align

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-29 18:48:28 -05:00
Lunny Xiao 11555d850b
Fix bug of link query order on markdown render (#14156)
* Fix bug of link query order on markdown render

* Fix bluemonday bug and fix one wrong test

Co-authored-by: 6543 <6543@obermui.de>
2020-12-29 00:28:27 +08:00
Timo Ley 2b2a4a53bf
Custom icons for OAuth sources (#14161)
* Add Icon URL to Backend

* Template for Icon URL

* Localization & Edit Icon URL

* Improve Custom Icon URL

* Removed not working else

Co-authored-by: 6543 <6543@obermui.de>
2020-12-28 03:35:55 +01:00
Lunny Xiao dd08853b10
Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
* Dump github/gitlab repository data to a local directory

* Fix lint

* Adjust directory structure

* Allow migration special units

* Allow migration ignore release assets

* Fix lint

* Add restore repository

* stage the changes

* Merge

* Fix lint

* Update the interface

* Add some restore methods

* Finish restore

* Add comments

* Fix restore

* Add a token flag

* Fix bug

* Fix test

* Fix test

* Fix bug

* Fix bug

* Fix lint

* Fix restore

* refactor downloader

* fmt

* Fix bug isEnd detection on getIssues

* Refactor maxPerPage

* Remove unused codes

* Remove unused codes

* Fix bug

* Fix restore

* Fix dump

* Uploader should not depend downloader

* use release attachment name but not id

* Fix restore bug

* Fix lint

* Fix restore bug

* Add a method of DownloadFunc for base.Release to make uploader not depend on downloader

* fix Release yml marshal

* Fix trace information

* Fix bug when dump & restore

* Save relative path on yml file

* Fix bug

* Use relative path

* Update docs

* Use git service string but not int

* Recognize clone addr to service type
2020-12-27 11:34:19 +08:00
6543 212fa340cf
Migration: drop to long repo topics (#14152) 2020-12-27 09:23:57 +08:00
6543 a19447aed1
migrate from com.* to alternatives (#14103)
* remove github.com/unknwon/com from models

* dont use "com.ToStr()"

* replace "com.ToStr" with "fmt.Sprint" where its easy to do

* more refactor

* fix test

* just "proxy" Copy func for now

* as per @lunny
2020-12-25 11:59:32 +02:00
Daniil Pankratov 5a94db37ed
Fix creating OAuth2 auth source from CLI (#14116)
Fix creation OAuth2 auth source from CLI.

Fix #8356

Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
2020-12-24 19:47:17 +00:00
Lunny Xiao 19ae6439b0
Improve vfsgen to not unzip bindata files but send to browser directly (#7109)
* Don't unzip files from bindata but send to browser directly

* remove dependent for httpgzip

* Add tests for parseAcceptEncoding

* Update docs for ENABLE_GZIP

* Fix bug

* Fix bug

Co-authored-by: zeripath <art27@cantab.net>
2020-12-24 12:25:17 +08:00
6543 5b958315c1
API: Make BasicAuth Prefix case insensitive (#14106) 2020-12-23 20:52:46 +01:00
silverwind cd5278a44c
Fix manifest encoding (#14114)
The previous URL encoding would encode spaces to '+' for the app name
which is incorrect. Use base64 encoding instead which does not have such
issues.
2020-12-23 19:09:54 +00:00
6543 27fa4814b8
Fix git.parseTagData (#14105)
* Fix git.parseTagData()
close #14092

* Add Test

* add message to test

* limit readers

* git tag -m trims and terminates with a newline

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-22 21:44:25 +01:00
silverwind 3a21f8a986
Inline manifest.json (#14038)
* Inline manifest.json

Improve performance by eliminating this separate request and just inline
this small JSON in HTML directly as a data uri.

Also update previously static app name scripts to use AppName.

I've confirmed this as working via "Add to Homescreen" feature which
offered to save the shortcut under the new app name.

* prerender manifest data on startup

* move to settings

* restore setting.AppStartTime and use it on admin page

* use double quotes because template.URL escapes everything

* fix lint

* move variable to global context variable

* delete template file

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-22 19:13:50 +08:00
Cirno the Strongest 2c9dd71140
Standardize Co-Authored-By / Reviewed-By strings (#14097)
* Standardize Co-Authored-By / Reviewed-By strings

* Use lowercase variant

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-21 21:19:33 -05:00
Lunny Xiao acd5e5a868
Add StatDir and replace com.StatDir (#14099)
* Add StatDir and replace com.StatDir

* a nit

* Remove wrong file

Co-authored-by: 6543 <6543@obermui.de>
2020-12-22 07:40:57 +08:00
胡玮文 c21a399646
more test case for STORAGE_TYPE overrides (and fixes) (#14096)
Signed-off-by: 胡玮文 <huww98@outlook.com>
2020-12-22 01:03:18 +02:00
胡玮文 addd4248da
Fix storage config implementation (#14091)
The design is very flexible, but not implemented correctly.
This commit fixes several issues:
* Costom storage type stated in https://docs.gitea.io/en-us/config-cheat-sheet/#storage-storage
  not working
* [storage.attachments], [storage.minio] section not respected

Signed-off-by: 胡玮文 <huww98@outlook.com>
2020-12-21 18:59:18 +01:00
6543 9271040c21
Add Test for Fix #14040 (#14045)
Add Test for Fix #14040
2020-12-21 18:27:23 +01:00
a1012112796 34df4e5df5
Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
* Add mentionable teams to tributeValues

Signed-off-by: a1012112796 <1012112796@qq.com>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Change team mention rules to gh's style

* use org's avator as team avator in ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/markup/html.go

* Update models/issue.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Update models/issue.go

* fix a small nit and update test code

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-21 16:39:28 +01:00
Paweł Bogusławski 839daa85aa
Added option to disable migrations (#13114)
* Added option to disable migrations

This patch introduces DISABLE_MIGRATIONS parameter in [repository]
section of app.ini (by default set to false). If set to true
it blocks access to repository migration feature.

This mod hides also local repo import option in user editor if
local repo importing or migrations is disabled.

* Alter Example config

DISABLE_MIGRATIONS set to false in example config to
match its default value.

* HTTP error 403 instead of 500 on denied access to migration

* Parameter DISABLE_MIGRATIONS exposed via API

Fixes: 04b04cf854
Author-Change-Id: IB#1105130
2020-12-21 15:39:41 +01:00
Jiri Vlasak d7c67a9fb2
Manually approve new registration (#13083)
* Add register manual confirm settings option

The new settings option is used when manually approving new
registrations.

* Enable manual confirmation of new registered user

When manual registration confirmation is desired (by default `false`)
create new user in the database that is *not active*. The user must then
be activated manually.

This change speeds up the process of adding new confirmed users for
Gitea instances without external auth mechanism. (Currently the option
is to manually create new user by admin.)

* Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-19 20:31:06 -05:00
Lunny Xiao 1d3a580a3e
Refactor get tag to remove unnecessary steps (#14058)
* Fix tag cache bug
2020-12-20 00:30:39 +02:00
6543 e483220ea3
[Refactor] CombinedStatus and CommitStatus related functions & structs (#14026)
* RM unused struct

* rename (*CommitStatus) loadRepo() -> loadAttributes()

* move ToCommitStatus into its own file

* use CommitStatusState instead of StatusState

* move CombinedStatus convertion into convert package

* let models.GetLatestCommitStatus use repoID direct and accept ListOptions

* update swagger docs

* fix tests

* Fix swagger docs

* rm page

* fix swagger docs!!!

* return json null

* always return json

* rename api.Status to api.CommitStatus

* fix swagger docs

* sec swagger fix
2020-12-18 11:33:32 +08:00
silverwind 27edc1aa19
Fix panic in BasicAuthDecode (#14046)
* Fix panic in BasicAuthDecode

If the string does not contain ":" that function would run into an
`index out of range [1] with length 1` error. prevent that.

* Update BasicAuthDecode()

Co-authored-by: 6543 <6543@obermui.de>
2020-12-17 20:51:28 -05:00
zeripath e4567d4285
Fix bug in commit verification introduced in #13673 (#14040)
There is a slight bug in the commit_reader introduced in #13673 whereby
commit messages which have a final unterminated line miss their final line.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-17 21:42:33 +01:00
zeripath 511f6138d4
Use native git variants by default with go-git variants as build tag (#13673)
* Move last commit cache back into modules/git

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from the interface for last commit cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move cacheref to last_commit_cache

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove go-git from routers/private/hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move FindLFSFiles to pipeline

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make no-go-git variants

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Submodule RefID

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix issue with GetCommitsInfo

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix GetLastCommitForPaths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Improve efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More efficiency

Signed-off-by: Andrew Thornton <art27@cantab.net>

* even faster

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reduce duplication

* As per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* attempt to fix drone

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test-tags

Signed-off-by: Andrew Thornton <art27@cantab.net>

* default to use no-go-git variants and add gogit build tag

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-17 22:00:47 +08:00
zeripath 0851a89581
Cause NotifyMigrateRepository to emit a repo create webhook (#14004)
* Cause NotifyMigrateRepository to emit a repo create webhook

This PR simply makes NotifyMigrateRepository emit a Create Repo webhook.
The reason for no new payload is that the information sent to
NotifyMigrateRepository is only essentially the same as
NotifyCreateRepository

Fix #13996

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-17 13:26:22 +01:00
zeripath 80a299d307
Always wait for the cmd to finish (#14006)
After cancelling the context we still need to wait for the
command to finish otherwise zombie processes may occur

Fix #13987

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-17 12:50:21 +01:00
techknowlogick 88b585c2e0
Store repository data in data path if not previously set (#13991)
* Store repository data in data path if not previously set

* update docs

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

* update docs

Co-authored-by: silverwind <me@silverwind.io>
2020-12-15 16:52:59 -05:00
6543 e2aa701812
[API] Add ref to create/edit issue options & deprecated assignee (#13992)
* API: Add ref to create/edit issue options

* deprecate Assignee in favour of Assignees
2020-12-15 19:38:10 +01:00
zeripath 980b0df829
Standardise logging of failed authentication attempts in internal SSH (#13962)
Continuing on from #13953 continue to improve and standardise
logging from internal SSH.

Also updates the fail2ban setup

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-15 08:45:13 +00:00
zeripath 825efa2605
[API] Add Ref to Issue (#13946)
* Add Ref to api.Issue

This PR adds Ref to api.Issue and adds the backend parts to the migrator.

Fix #13918

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-13 11:34:11 +00:00
silverwind 41e8b834af
Markdown task list improvements (#13952)
* Markdown task list improvements

- Remove `.ui` class and wrappers to prevent fomantic from messing with it.
- Change rendered HTML to match GitHub.
- Add custom styling for the checkboxes.

* fix unittest

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-13 09:05:50 +08:00
zeripath e46a638e8f
Report permissions denied in internal SSH (#13953)
This PR standardizes reporting of permission denied from the internal ssh.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-11 23:52:38 +01:00
zeripath 8e0548ed4a
Ensure that HEAD is updated to match default branch in template generation (#13948)
Fix #13912

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-12-11 22:41:59 +01:00
Gary Wang c11cf4bb39
chore: use octicon-mirror for feeds display (#13928)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-10 18:06:45 -05:00
silverwind ccfa40889a
Fix avatar template error on repo collaborator page (#13924)
Fixes error `template: repo/settings/collaboration:16:16: executing
"repo/settings/collaboration" at <.>: wrong type for value; expected
*models.User; got *models.Collaborator` seen on repo collaborator page.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-10 00:44:13 -05:00
Lunny Xiao 6edfa6bc88
Fix broken migration on webhook (#13911)
* Fix broken migration on webhook

* Fix lint

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-12-09 17:20:13 +00:00
silverwind 97ab820acc
Fix action avatar loading (#13909)
Fixes #13883

Co-authored-by: 6543 <6543@obermui.de>
2020-12-09 07:11:15 +02:00
silverwind c05701dd7d
Fix frontpage avatars (#13853)
The frontpage uses a rather strange method to obtain the commit's avatar
which I've overlooked earlier. I don't exactly understand how it works
but this change fixes the wrong default avatars by using the function
that was in previous use.

Also introduced a few constants for size an size increase factor.

Fixes: https://github.com/go-gitea/gitea/issues/13844
2020-12-09 01:12:15 +01:00
Eric Lesiuta abb9cffe4a
Log IP on SSH authentication failure for Built-in SSH server (#13150)
* Log IP on SSH authentication failure

fixes https://github.com/go-gitea/gitea/issues/13094

* include string 'Failed authentication attempt' in error

* update fail2ban docs

also match failed authentication over command line

* better logging of authentication errors with IP addresses

* format ...

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2020-12-08 18:54:33 +01:00
Lunny Xiao 42354dfe45
Move webhook type from int to string (#13664)
* Move webhook type from int to string

* rename webhook_services

* finish refactor

* Fix merge

* Ignore unnecessary ci

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2020-12-08 11:41:14 +01:00
silverwind e7938c9c44
Repo avatar fixes (#13891)
- Split up avatar rendering helpers for performance
- Fix showing repo SVG icon when no avatar is set
- Make repo SVG and avatar same size at 32px
- Fix fork line by adding vertical flexbox on repo title

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-07 23:14:28 -05:00
Lunny Xiao ab22ab4a37
Refactor push update (#13381)
* Refactor Push update

* Remove the push_test since the function has been removed.

* Use default branch setting instead master
2020-12-08 03:23:18 +01:00
Eric Belhomme 6ddf881245
issue #12450: return original URL in `original_url` JSON field (#13885)
Co-authored-by: Gitea <gitea@fake.local>
2020-12-07 13:07:48 +01:00
6543 48a3bb7a32
User Settings: Ignore empty language codes & validate (#13755) 2020-12-04 08:20:30 +02:00
mrsdizzie 3512c7e40f
Fix crash in short link processor (#13839)
Fixes #13819
2020-12-04 03:01:42 +01:00
silverwind 9269a038a4
Direct avatar rendering (#13649)
* Direct avatar rendering

This adds new template helpers for avatar rendering which output image
elements with direct links to avatars which makes them cacheable by the
browsers.

This should be a major performance improvment for pages with many avatars.

* fix avatars of other user's profile pages

* fix top border on user avatar name

* uncircle avatars

* remove old incomplete avatar selector

* use title attribute for name and add it back on blame

* minor refactor

* tweak comments

* fix url path join and adjust test to new result

* dedupe functions
2020-12-03 19:46:11 +01:00
6543 4353cf96c0
Move LFSLock APIFormat into convert package (#13808) 2020-12-03 16:05:48 +02:00
John Olheiser e306c292ac
Expose default theme in meta and API (#13809)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: 6543 <6543@obermui.de>
2020-12-03 13:53:21 +01:00
Jimmy Praet 056b8f5b52
Clickable links in pull request (and issue) titles (#13695)
* clickable links in pull request (and issue) titles #13658

reuses the existing logic to render clickable links in commit messages

* dedicated RenderIssueTitle function

applied patch from @mrsdizzie
2020-12-03 11:50:47 +01:00
zeripath 5e0a3784ea
When reinitialising DBConfig reset the database use flags (#13796)
One perennial issue is users running the install page,
changing the database dialect and then suffering with issues

This PR simply resets all of the database.Use flags on
initDBConfig. This should prevent this issue from occuring.

Fix #13788
Fix #5480

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-02 19:39:48 -05:00
6543 7ac8a770e1
Move Repo APIFormat to convert package (#13787)
* Move Repo APIFormat to convert package

* tweek
2020-12-02 16:38:30 -05:00
6543 2b4a08e962
Migrations: Use Process Manager to create own Context (#13792) 2020-12-02 18:36:06 +00:00
6543 4f5ff1ef08
move notification APIFormat (#13783) 2020-12-02 09:24:35 +00:00
zeripath 4569339a4b
Refactor doctor (#12264)
* Refactor Logger

Refactor Logger to make a logger interface and make it possible to
wrap loggers for specific purposes.

* Refactor Doctor

    Move the gitea doctor functions into its own module.
    Use a logger for its messages instead of returning a results string[]

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/doctor/misc.go

Co-authored-by: 6543 <6543@obermui.de>

* Update modules/doctor/misc.go

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-02 06:56:04 +02:00
silverwind bc455ed257
Set RUN_MODE prod by default (#13765)
I think it's a bad default to have "dev" as the default run mode which
enables debugging and now also disables HTTP caching. It's better to
just default to a value suitable for general deployments.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-30 14:52:04 -05:00
silverwind da4bb6fc4e
Fix label styles affecting shabox (#13734)
* Fix label styles affecting shabox

Add common parent .labels-list to issue labels lists to prevent
affecting other elements.

Fixes: https://github.com/go-gitea/gitea/issues/13704

* Update templates/shared/issuelist.tmpl

* Update templates/shared/issuelist.tmpl

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-11-28 22:26:03 -05:00
6543 b2435af9be
Add Allow-/Block-List for Migrate & Mirrors (#13610)
* add black list and white list support for migrating repositories

* fix fmt

* fix lint

* fix vendor

* fix modules.txt

* clean diff

* specify log message

* use blocklist/allowlist

* allways use lowercase to match url

* Apply allow/block

* Settings: use existing "migrations" section

* convert domains lower case

* dont store unused value

* Block private addresses for migration by default

* fix lint

* use proposed-upstream func to detect private IP addr

* a nit

* add own error for blocked migration, add tests, imprufe api

* fix test

* fix-if-localhost-is-ipv4

* rename error & error message

* rename setting options

* Apply suggestions from code review

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 19:37:58 -05:00
zeripath 911d370dad
Push HEAD instead of master when initialising repositories (#13719)
* Push HEAD instead of master when initialising repositories

It is possible on modern gits to change the initial branch to something other than
master. This breaks initialising repositories because we assume that the initial
branch is going to be master unless specifically changed.

This PR simply bypasses this issue by pushing the HEAD rather than the master branch.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/repository/init.go

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 16:00:38 -05:00
a1012112796 9c26dc1f3a
Add block on official review requests branch protection (#13705)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-28 21:30:46 +02:00
Jimmy Praet 48c9865fce
Fix review request notification issue link when external issue tracker is enabled (#13723)
The issue.HTMLURL() automatically gets converted to the expected #issue format by the post processors
2020-11-28 13:06:59 +02:00
zeripath 742e21aeba
Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186)
* Ensure errors from IsDir propagate

* Handle errors when checking IsFile

* Handle and propagate errors from IsExist

* Update modules/templates/static.go

* Update modules/templates/static.go

* Return after ctx.ServerError

* Apply suggestions from code review

* Fix tests

The previous merge managed to break repo_form.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-27 21:42:08 -05:00
Lauris BH 57fa9b0f25
Support shortened commit SHAs in URLs (#13686)
* Support shortened commit SHAs in URLs and API

* Add test case for short sha

* Fix format

* Revert API support

* Add canonical link headers for short commit ID URLs
2020-11-25 15:07:39 -05:00
silverwind 6d93a3ab18
Issue and Pulls lists rework (#13594)
* Issue and Pulls lists rework

Reorganized and restyled the issue and pull request lists.

* color and layout tweaks

* use new issue list on dashboard as well

* move pagination into template

* misc tweaks

* fix label hover

* fix milestone list

* fix discrepancies between issue and milestone list, add new 'merge' helper

* fmt

* simplify merge helper

* remove whitespace

* fix startIndex

* further simplify dict merging

* rename helper to 'mergeinto' for clarity

* allow bottom-row to wrap

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-25 13:20:40 +02:00
Kevin Zúñiga 247ab6a922
Send error message when CSRF token is missing (#13676) 2020-11-23 07:56:04 +00:00
6543 1bb5c09b5d
API: Admin EditUser: Make FullName, Email, Website & Location optional (#13562)
* API: Admin EditUser: Make FullName, Email, Website & Location optional

* update swagger docs

* add Tests

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-19 20:56:42 -05:00
6543 24b3b2140a
finaly fix gitlab migration with subdir 2.0 (#13646)
* final fix 2.0?

* ignore Approvals for pulls if not found

* CI.restart()

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-20 01:18:34 +02:00
6543 ad2a288622
finaly fix gitlab migration with subdir (#13629)
* finaly fix #13535

* add logging
2020-11-19 00:17:56 -05:00
silverwind 0615b668dc
HTTP cache rework and enable caching for storage assets (#13569)
This enabled HTTP time-based cache for storage assets, primarily
avatars. I have not observed If-Modified-Since from browsers during
tests but I guess it's good to support regardless.

It introduces a new generic httpcache module that can handle both
time-based and etag-based caching.

Additionally, manifest.json and robots.txt are now also cachable.
2020-11-17 17:44:52 -05:00
6543 77aa742528
Migration: Gitlab: Support Subdirectory (#13563)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-16 21:22:49 +02:00
silverwind efcba9b011
Render diff stats server-side (#13579)
Eliminates a flash on page load on the diff stat bars.
2020-11-15 23:50:06 +00:00
6543 7d2700c8be
[API] Only Return Json (#13511)
* Let Branch and Raw Endpoint return json error if not found

* Revert "RM RepoRefByTypeForAPI and move needed parts into GetRawFile directly"

This reverts commit d826d08577b23765cb3c257e7a861191d1aa9a04.

* more similar to RepoRefByType

* dedub-code

* API should just speak JSON

* nice name

Co-authored-by: zeripath <art27@cantab.net>
2020-11-14 11:13:55 -05:00
Patrick Aljord a2efcb6acc
missing quotes in default value slice (#13550)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-13 22:17:58 -05:00
mrsdizzie 6280af0324
Use existing analyzer module for language detection for highlighting (#13522)
* Use existing analyzer module for language detction for highlighting

Thanks @lafriks for pointing out we can reuse existing code for more reliable language detection here.

* Update modules/highlight/highlight.go

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-13 16:13:41 -05:00
Lunny Xiao dd29ecb333
Add missed sync branch/tag webhook (#13538)
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-13 14:12:33 -05:00
Lunny Xiao c296f4fed6
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420)
* When route cannot be found on chi, go to macaron

* Stick chi version to 1.5.0

* Follow router log setting
2020-11-13 14:51:07 +02:00
zeripath 5d932b35ca
Disallow urlencoded new lines in git protocol paths if there is a port (#13521)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-11-11 20:34:16 +00:00
zeripath 182b5a08ed
Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470)
Fix #12440
Closes #13192

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-09 21:14:02 -05:00
zeripath 77e5081a2e
Fix panic bug in handling multiple references in commit (#13486)
* Fix panic bug in handling multiple references in commit

The issue lay in determining the position of matches on a second run round
a commit message in FindAllIssueReferences.

Fix #13483

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Extract function and make testable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix the comment

Signed-off-by: Andrew Thornton <art27@cantab.net>

* cleaning up the comments a bit more

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-11-10 00:57:47 +02:00
zeripath c05a8abc76
Multiple GitGraph improvements: Exclude PR heads, Add branch/PR links, Show only certain branches, (#12766)
* Multiple GitGraph improvements.

Add backend support for excluding PRs, selecting branches and files.

Fix #10327

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Only show refs in dropdown we display on the graph

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use flexbox for ui header

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move Hide Pull Request button to the dropdown

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add SHA and user pictures

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test 2

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixes

* async

* more tweaks

* use tabs in tmpl

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove commented thing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix linting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/js/features/gitgraph.js

Co-authored-by: silverwind <me@silverwind.io>

* graph tweaks

* more tweaks

* add title

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix loading indicator z-index and position

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-08 12:21:54 -05:00
John Olheiser 7c68ac8f7d
Tags cleanup (#13428)
* Tags cleanup

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* fmt

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-11-05 08:20:42 -06:00
Viktor Suprun 7d16e6db8e
Fixed git args duplication (#13411)
Because newGit() invoked twice (inside PreInstallInit() and
GlobalInit()) and git parameters is global object, all
git commands call with duplicated args
`-c credential.helper= -c protocol.version=2`
2020-11-03 13:35:09 +02:00
Lunny Xiao f070249df4
Fix typo (#13380) 2020-10-31 22:09:16 -04:00
Lunny Xiao e4e85a3e51
Storage configuration support `[storage]` (#13314)
* Fix minio bug

* Add tests for storage configuration

* Change the Seek flag to keep compitable minio?

* Fix test when first-byte-pos of all ranges is greater than the resource length

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-31 16:51:48 -04:00
Lunny Xiao a420beda2a
Fix a bug on refactoring (#13373) 2020-10-31 23:42:54 +08:00
zeripath 47dd1cb7ae
Refactor Logger (#13294)
Refactor Logger to make a logger interface and make it possible to
wrap loggers for specific purposes.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-31 01:36:46 -04:00
John Olheiser b5e974c8a5
Delete tag API (#13358)
* Delete tag API

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Wording

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add conflict response and fix API tests

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix other test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-30 20:56:34 -05:00
Lunny Xiao 4df2ed29f2
Refactor: Move PushUpdateOptions (#13363)
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
2020-10-30 22:59:02 +01:00
zeripath 5b2096dd5f
Migrations should not fail for comment reactions (#13352)
An extension to #13444 - where we now ensure that comment reaction failures do not cause migrations failure

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-29 17:41:49 -04:00
zeripath 4b33afcd5b
Migration failure during reaction migration from gitea (#13344)
* Migrating reactions is just not that important

A failure during migrating reactions should not cause failure of
migration.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking issue reactions check the correct permission

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-28 22:23:31 -04:00
zeripath beb6bf4261
Remove obsolete change of email on profile page (#13341)
* Remove obsolete change of email on profile page

The change email on the account profile page is out-of-date
and unnecessary.

Changing email should be done using the account page.

Fix #13336

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-28 22:33:14 +00:00
zeripath 7dfb2fc176
Add migrated pulls to pull request task queue (#13331)
* Add migrated pulls to pull request task queue

Fix #13321

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Improve error reports

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-27 17:34:56 -04:00
Lunny Xiao 38d11eea58
Fix send mail (#13312)
* Fix send mail

* Fix send mail

* Update modules/private/mail.go

Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-26 12:42:27 -04:00
Pedro Alves c40df54e28
Group Label Changed Comments in timeline (#13304)
* Create function to group label comments

* Combine multiple label additions into one

* Group removed and added labels in the same comment

* Fix indentation on comments.tmpl

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-25 17:49:48 -04:00
Divyam Bhasin 7974b34183
#12897 - add mastodon provider (#13293)
* added mastodon provider to oauth code

* changed go.mod and vendor/modules.txt to add updated goth

* vendored mastodon and new goth

* committing result of go mod tidy && go mod vendor

* added pic and mastodon to oauth models

* handled instance url

* applied lafriks suggestion

* Update web_src/js/index.js

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-25 14:21:49 -04:00
zeripath 172e7ee87f
Fix Storage mapping (#13297)
This PR fixes several bugs in setting storage

* The default STORAGE_TYPE should be the provided type.
* The Storage config should be passed in to NewStorage as a pointer - otherwise the Mappable interface function MapTo will not be found
* There was a bug in the MapTo function.

Fix #13286

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-25 17:19:06 +00:00
Lunny Xiao d130cd147f
Fix bug isEnd detection on getIssues/getPullRequests (#13299) 2020-10-25 01:11:03 -04:00
Maxim Zhiburt a1952afc38
Sendmail command (#13079)
* Add SendSync method

Usefull to have when you need to be confident that message was sent.

* Add sendmail command

* add checks that if either title or content is empty then error out

* Add a confirmation step

* Add --force option to bypass confirm step

* Move implementation of runSendMail to a different file

* Add copyrighting comment

* Make content optional

Print waring if it's empty or haven't been set up.
The warning will be skiped if there's a `--force` flag.

* Fix import style

Co-authored-by: 6543 <6543@obermui.de>

* Use batch when getting all users

IterateUsers uses batching by default.

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Send emails one by one instead of as one chunck

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Send messages concurantly

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Use SendAsync+Flush instead of SendSync

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Add timeout parameter to sendemail command

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Fix spelling mistake

Signed-off-by: Maxim Zhiburt <zhiburt@gmail.com>

* Update cmd/admin.go

Co-authored-by: 6543 <6543@obermui.de>

* Connect to a running Gitea instance

* Fix mispelling

* Add copyright comment

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-24 16:38:14 -04:00
zeripath f40a2a4404
Store task errors following migrations and display them (#13246)
* Store task errors following migrations and display them

When migrate tasks fail store the error in the task table
and ensure that they show on the status page.

Fix #13242

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/js/index.js

* Hide the failed first

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-23 19:46:35 -04:00
John Olheiser 21d621301e
Remove PAM from auth dropdown when unavailable (#13276)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-10-23 11:10:29 +01:00
6543 81d3942bf0
Migrations: Gitea should not fail just because of no apiConfig return (#13229)
* close #13227

* log it

👍

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-22 01:46:18 -04:00
zeripath de6e427a01
go-version constraints ignore pre-releases (#13234)
Go-version constraints ignore pre-releases.

Rather than change the library further this PR simply changes
the git version comparison to use simple version compare ignoring the
issue of pre-releases.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-21 11:42:08 -04:00
a1012112796 b9850375fc
Add review request api (#11355)
* Add review request api

* add : POST /repos/{owner}/{repo}/pulls/{index}/requested_reviewers
* Remove : DELET /repos/{owner}/{repo}/pulls/{index}/requested_reviewers
* fix some request review bug
* block delet request review by models/DeleteReview()

Signed-off-by: a1012112796 <1012112796@qq.com>

* make fmt

* fix bug

* fix test code

* fix typo

* Apply suggestion from code review @jonasfranz

* fix swagger ref

* fix typo

Co-authored-by: Lauris BH <lauris@nix.lv>

* fix comment

* Change response message

* chang response so some simplfy

* Add ErrIllLegalReviewRequest
fix some nits

* make fmt

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* * Add team support
* fix test
* fix an known bug

* fix nit

* fix test

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* update get api and add test

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
2020-10-20 14:18:25 -04:00
zeripath 2f1353a2f3
Move install pages out of main macaron routes (#13195)
* Move install pages out of main macaron loop

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/post-install.tmpl

Co-authored-by: Lauris BH <lauris@nix.lv>

* remove prefetch

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-19 17:03:08 -04:00
zeripath 25b7766673
When handling errors in storageHandler check underlying error (#13178)
Unfortunately there was a mistake in #13164 which fails to handle
os.PathError wrapping an os.ErrNotExist

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-17 21:29:06 -04:00
6543 d453533beb
[Refactor] Move APIFormat functions into convert package (#12856)
* USER APIFormat -> ToUser

* Migrate more and mark APIFormat deprecated

* models.Comment APIFormat() -> convert.ToComment

* models.Release APIFormat() -> convert.ToRelease

* models.Attachments APIFormat() -> convert.ToReleaseAttachments

* models.CommitStatus APIFormat() -> convert.ToCommitStatus

* finish migration to convert.ToUser

* Move Test

* Imprufe Test

* fix test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-17 00:23:08 -04:00
6543 12a1f914f4
Vendor Update Go Libs (#13166)
* update github.com/alecthomas/chroma v0.8.0 -> v0.8.1

* github.com/blevesearch/bleve v1.0.10 -> v1.0.12

* editorconfig-core-go v2.1.1 -> v2.3.7

* github.com/gliderlabs/ssh v0.2.2 -> v0.3.1

* migrate editorconfig.ParseBytes to Parse

* github.com/shurcooL/vfsgen to 0d455de96546

* github.com/go-git/go-git/v5 v5.1.0 -> v5.2.0

* github.com/google/uuid v1.1.1 -> v1.1.2

* github.com/huandu/xstrings v1.3.0 -> v1.3.2

* github.com/klauspost/compress v1.10.11 -> v1.11.1

* github.com/markbates/goth v1.61.2 -> v1.65.0

* github.com/mattn/go-sqlite3 v1.14.0 -> v1.14.4

* github.com/mholt/archiver v3.3.0 -> v3.3.2

* github.com/microcosm-cc/bluemonday 4f7140c49acb -> v1.0.4

* github.com/minio/minio-go v7.0.4 -> v7.0.5

* github.com/olivere/elastic v7.0.9 -> v7.0.20

* github.com/urfave/cli v1.20.0 -> v1.22.4

* github.com/prometheus/client_golang v1.1.0 -> v1.8.0

* github.com/xanzy/go-gitlab v0.37.0 -> v0.38.1

* mvdan.cc/xurls v2.1.0 -> v2.2.0

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-16 01:06:27 -04:00
zeripath 91f2afdb54
Prevent panics with missing storage (#13164)
* The `.Use` of storageHandler before setting up the template renderer
causes a panic if there is an error to log.
* The error passed to `ctx.Error` in that case may contain sensitive
information and should not be rendered to the end user. We should
instead log the error and render a simple error message.
* There is no handling of missing avatars and this needs a 404. Minio
errors need to be mapped to standard golang errors such as
os.ErrNotExist.
* There is no logging when storage is set up.

Related #13159

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-15 23:51:06 -04:00
zeripath c8f7a6b774
Slightly simplify the queue settings code to help reduce the risk of problems (#12976)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-15 17:40:03 -04:00
6543 e374bb7e2d
[Vendor] Update go-ldap to v3.2.4 (#13163)
* [Vendor] update go-ldap to v3.0.3

* update go-ldap to v3.2.4

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-15 15:27:33 -04:00
Lunny Xiao 80a6b0f5bc
Avatars and Repo avatars support storing in minio (#12516)
* Avatar support minio

* Support repo avatar minio storage

* Add missing migration

* Fix bug

* Fix test

* Add test for minio store type on avatars and repo avatars; Add documents

* Fix bug

* Fix bug

* Add back missed avatar link method

* refactor codes

* Simplify the codes

* Code improvements

* Fix lint

* Fix test mysql

* Fix test mysql

* Fix test mysql

* Fix settings

* Fix test

* fix test

* Fix bug
2020-10-14 21:07:51 +08:00
zeripath edfebe65b1
Finally fix diff names (#13136)
* Finally fix diff names

#12771 attempted to fix diff by avoiding the git diff line as
it is possible to have an ambiguous line here.

#12254 attempted to fix diff by assuming that names would quoted
if they needed to be and if one was quoted then both would be.

Both of these were wrong.

I have now discovered `--src-prefix` and `--dst-prefix` which
means that we can set this in such a way to force the git diff
to always be unambiguous.

Therefore this PR rollsback most of the changes in #12771 and
uses these options to fix this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update services/gitdiff/gitdiff.go

* Update services/gitdiff/gitdiff.go

* Update modules/repofiles/temp_repo.go

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-14 07:49:33 +03:00
6543 49b1948cb1
Gitea 2 Gitea migration (#12657)
* first draft

* update gitea sdk to 9e280adb4da

* adapt feat of updated sdk

* releases now works

* break the Reactions loop

* use convertGiteaLabel

* fix endless loop because paggination is not supported there !!!

* rename gitea local uploader files

* pagination can bite you in the ass

* Version Checks

* lint

* docs

* rename gitea sdk import to miss future conficts

* go-swagger: dont scan the sdk structs

* make sure gitea can shutdown gracefully

* make GetPullRequests and GetIssues similar

* rm useles

* Add Test: started ...

* ... add tests ...

* Add tests and Fixing things

* Workaround missing SHA

* Adapt: Ensure that all migration requests are cancellable
(714ab71ddc)

* LINT: fix misspells in test set

* adapt ListMergeRequestAwardEmoji

* update sdk

* Return error when creating giteadownloader failed

* update sdk

* adapt new sdk

* adopt new features

* check version before err

* adapt: 'migrate service type switch page'

* optimize

* Fix DefaultBranch

* impruve

* handle subPath

* fix test

* Fix ReviewCommentPosition

* test GetReviews

* add DefaultBranch int test set

* rm unused

* Update SDK to v0.13.0

* addopt sdk changes

* found better link

* format template

* Update Docs

* Update Gitea SDK (v0.13.1)
2020-10-14 07:06:00 +03:00
赵智超 dfa7291f8f
[Enhancement] Allow admin to merge pr with protected file changes (#12078)
* [Enhancement] Allow admin to merge pr with protected file changes

As tilte, show protected message in diff page and merge box.

Signed-off-by: a1012112796 <1012112796@qq.com>

* remove unused ver

* Update options/locale/locale_en-US.ini

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* Add TrN

* Apply suggestions from code review

* fix lint

* Update options/locale/locale_en-US.ini

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

* move pr proteced files check to TestPatch
* Call TestPatch when protected branches settings changed

* Apply review suggestion @CirnoT

* move to service @lunny

* slightly restructure routers/private/hook.go

Adds a lot of comments and simplifies the logic

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* skip duplicate protected files check

* fix check logic

* slight refactor of TestPatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking for protected files changes in TestPatch use the temporary repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix introduced issue with hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the check on PR index being greater than 0 as it unnecessary

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-13 14:50:57 -04:00
zeripath 6b1266b6b3
Provide self-registering storage system (#12978)
* Provide self-registering storage system

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More simplification

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove old strings from setting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops attachments not attachment

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-12 23:58:34 -04:00
6543 ade9c8dc3c
[API] If User is Admin, show 500 error message on PROD mode too (#13115)
* API: show admin 500 error message on PROD mode too

* a nit

* dont miss InternalServerError

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-12 20:41:49 -04:00
6543 845d0afb33
4 line diff (#13103) 2020-10-12 09:15:15 +08:00
kolaente 64133126cd
Update golangci-lint to version 1.31.0 (#13102)
This PR updates golangci-lint to the latest version 1.31.0.

The upgrade introduced a new check for which I've fixed or disabled most cases.

Signed-off-by: kolaente <k@knt.li>
2020-10-11 21:27:20 +01:00
zeripath 7edf7eb46c
Log the underlying panic in runMigrateTask (#13096)
If there is a panic during runMigrateTask we should capture and log the underlying
panic error.

This PR ensures that the panic is logged and captured as part of the task message.

Fix #13095

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-11 14:51:13 -04:00
Wim 9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
zeripath 7eb8460132
Fix attachments list in edit comment (#13036)
#11141 broke the appearance of dropzone attachments when editting
comments causing poorly updating lists.

This PR fixes this.

Fix #12583

Signed-off-by: Andrew Thornton art27@cantab.net
2020-10-11 00:49:59 +01:00
zeripath ea69ec6f0f
Disable DSA ssh keys by default (#13056)
* Disable DSA ssh keys by default

OpenSSH has disabled DSA keys since version 7.0

As the docker runs openssh > v7.0 we should just disable
DSA keys by default.

Refers to #11417

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Just disable DSA keys by default

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove DSA type

* Fix Tests

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 09:52:57 +03:00
Iván Valdés 06f1cdde6e
Fix line break for MS teams webhook (#13081)
Signed-off-by: Ivan Valdes <ivan@vald.es>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 01:30:55 -04:00
Lunny Xiao 9b81193166
Cache last commit when pushing for big repository (#10109)
* Cache last commit when pushing for big repository

* Fix bug

* detect force push

* Refactor cache push

* Finish cache last commit info when push

* Some improvements

* Fix lint

* Remove unused changes

* Move pull request test before cache

* Fix test mysql

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 01:17:23 +03:00
赵智超 a5ba8188da
fix a small nit (#13074)
Signed-off-by: a1012112796 <1012112796@qq.com>
2020-10-08 11:50:17 -04:00
zeripath 144fa5a537
Avoid setting the CONN_STR in issue indexer queue unless it is meant to be set (#13069)
Since the move to common leveldb and common redis the disk queue code (#12385)
will check the connection string before defaulting to the DATADIR.

Therefore we should ensure that the connection string is kept empty
unless it is actually set.

Unforunately the issue indexer was missed in #13025 this PR fixes this omission

Fix #13062

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-07 23:24:41 +01:00
techknowlogick e00e8d8ad3
Disable Git Hooks by default (#13064)
* Disable Git Hooks by default

Related #13058

* pass tests
2020-10-07 14:24:14 -04:00
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-05 01:49:33 -04:00
Lucas Queiroz 67a5573310
[#13004] Add Timestamp to Tag list API (#13026)
* Add Timestamp to Tag list API

* Add unit test for ToCommitMeta

* Rename timestamp to created

* Reformat files
2020-10-05 12:07:54 +08:00
赵智超 01c7204895
Return sample message for login error in api context (#12994)
* Return sample message for login error in api context

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update modules/context/auth.go

Co-authored-by: silverwind <me@silverwind.io>

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-04 17:39:31 -04:00
zeripath 3f3a4f5b41
Avoid setitng the CONN_STR in queues unless it is meant to be set (#13025)
Since the move to common leveldb and common redis the disk queue code
will check the connection string before defaulting to the DATADIR.

Therefore we should ensure that the connection string is kept empty
unless it is actually set.

Fix #13023

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-04 18:12:26 +01:00
John Olheiser 72636fd664
hCaptcha Support (#12594)
* Initial work on hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Format

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* At least return and debug log a captcha error

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Pass context to hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Finish hcaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update example config

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply error fix for recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change recaptcha ChallengeTS to string

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-02 23:37:53 -04:00
zeripath 54dd28f159
Fix 500 on README in submodule (#13006)
If a README file is a symlink to a submodule Gitea the view branch page
will return a 500.

The underlying problem is a missed conversion of an
plumbing.ErrObjectNotFound in git/tree_blob.go.

Fix #12599

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-02 09:27:44 -04:00
James Lakin 6fc129fe62
Fix repository create/delete event webhooks (#13008)
This small PR changes the webhook trigger behaviour to be more in line with what's expected. (When 'repository' events are enabled, of course)

In other words:

For system-wide or default webhooks, repository events will now trigger said webhook. Previously it had to be under an organization for create events to be visible - a tad unexpected!
Deleting a repository will now fire its own defined webhooks, not just organisational and system ones.
In order to enable the latter the webhook has to now be triggered before the actual repo undergoes deletion. I'm willing to tweak this to try and 'grab' the webhook model beforehand and trigger the webhook notifier directly afterwards, but this may make the code more complex for little benefit.

Closes #11766, #9180.
2020-10-02 10:37:46 +01:00
Pranav Nachnekar 1827f892de
fix: media links in org files not liked to media files (#12997)
* fix: media links in org files not liked to media files

* fix: write directly to io.Writer r

as suggested by code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 11:22:34 -04:00
techknowlogick 156f54d6e2
allow U2F with default settings for gitea in subpath (#12990)
* allow U2F with default settings for gitea in subpath

* use trim suffix

Co-authored-by: zeripath <art27@cantab.net>
2020-10-01 20:49:49 +08:00
6543 818d921bbb
Refactor use TrimSuffix instead of TrimRight (#12993)
* Refactor use TrimSuffix instead of TrimRight

* TrimRight right

* has #12990
2020-10-01 06:54:34 +01:00
zeripath fe79b13ab2
Always return a list from GetCommitsFromIDs (#12981)
`GetCommitsFromIDs` is only used in one place: `LoadPushCommits` where
it expects that `c.Commits` is not nil.

This potentially nil set causes a NPE in in #12953

Fix #12953

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-29 22:26:54 +01:00
Lunny Xiao 3878e985b6
Add default storage configurations (#12813)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-29 12:05:13 +03:00
zeripath 4c6ac08182
Completely quote AppPath and CustomConf paths (#12955)
* Completely quote AppPath and CustomConf paths

Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.

Fix #10813

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing change

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix Test_CmdKeys

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-28 21:16:52 -04:00
zeripath 5cfc1f573f
Fix the issue reported on #12385 (#12969)
Missed setting ConnectionString on queuesettings

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-28 19:00:54 -04:00
zeripath 7f8e3192cd
Allow common redis and leveldb connections (#12385)
* Allow common redis and leveldb connections

Prevents multiple reopening of redis and leveldb connections to the same
place by sharing connections.

Further allows for more configurable redis connection type using the
redisURI and a leveldbURI scheme.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add unit-test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/cache/cache_redis.go

* Update modules/queue/queue_disk.go

* Update modules/cache/cache_redis.go

* Update modules/cache/cache_redis.go

* Update modules/queue/unique_queue_disk.go

* Update modules/queue/queue_disk.go

* Update modules/queue/unique_queue_disk.go

* Update modules/session/redis.go

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-28 00:09:46 +03:00
Tait Hoyem c85c9d40c2
Add config option to make create-on-push repositories public by default (#12936)
* Add config option to make create-on-push repositories public by default

* Fix linting

* Add option to 'config cheat sheet' page

* Chinese translation

Signed-off-by: a1012112796 <1012112796@qq.com>

* Fix typo in docs

* fix typo

* Add option to example config

Co-authored-by: Tait Hoyem <code@tait.tech>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-27 15:20:52 -04:00
zeripath f1ab1c532b
Allow extended config on cron settings (#12939)
* Allow extended config on cron settings

Fix #12934

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-25 09:58:09 +01:00
赵智超 3c360801b3
Add IsTemplate option in create repo ui and api (#12942)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-25 13:18:37 +08:00
zeripath 7a7f56044a
Adopt repositories (#12920)
* Don't automatically delete repository files if they are present

Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.

This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.

PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix tests and migrate overwrite

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @lunny

Only offer to adopt or overwrite if the user can do that.

Allow the site administrator to adopt or overwrite in all
circumstances

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use setting.Repository.DefaultBranch for the default branch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Always set setting.Repository.DefaultBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update templates

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ensure repo closed

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Rewrite of adoption as per @6543 and @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing not

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add modals and flash reporting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make the unadopted page searchable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add API

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle empty and non-master branched repositories

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove commented out code

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-25 07:09:23 +03:00
zeripath 3f522cdaad
Fix handling of migration errors (#12928)
* Fix handling of migration errors

The migration type selection screen PR did not correctly handle errors
and any user input error on the migration page would simply redirect
back to the selection page. This meant that the error would simply be
lost and the user would be none the wiser as to what happened.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make gen-swagger

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-23 15:25:46 -05:00
John Olheiser ec6a35aeb1
Hopefully support GH enterprise (#12863)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-21 10:36:51 -04:00
6543 2dbca92a0f
API: NotificationSubject show Issue/Pull State (#12901) 2020-09-20 19:10:53 -04:00
zeripath 4979f15c3f
Add configurable Trust Models (#11712)
* Add configurable Trust Models

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Adjust locale strings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Co-authored-by: 6543 <6543@obermui.de>

* Update models/gpg_key.go

* Add migration for repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-20 00:44:55 +08:00
mrsdizzie 25ddf77b51
Fix panic when adding long comment (#12892)
Previous PR #12881 causes out of bounds panic by working on wrong string.
2020-09-18 13:50:06 -04:00
6543 1418288734
Refactor: move Commit To APIFormat Code & Lot of StopWatch related things (#12729)
* move GitCommit to APIFormat convertion into convert package

* rename Commit convert functions

* move stopwatch to api convertion into convert package & rm unused code & extend test

* fix compare time

* Gitea not Gogs ;)
2020-09-18 20:09:26 +08:00
赵智超 5995326d51
Add size limit for content of comment on action ui (#12881)
Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-18 10:38:21 +03:00
6543 06480af472
Convert User expose ID each time (#12855)
* git blame tells me a lot of gitea things happen here around 2018, add header

* move user code int its own file

* expose user id

* adopt things from APIFormat

* fix test

* CI.restart()
2020-09-17 16:33:23 -05:00
赵智超 a9decf0dac
Use a simple format for the big number on ui (#12822)
* Use a simple format for the big number on ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* make fmt

* Apply review suggestion @silverwind

* Change name 2

* make fmt

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-16 00:07:18 -04:00
John Olheiser d9085fe176
Fix anonymous GL migration (#12862)
* Fix anonymous GL migration

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Rely on password instead

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
2020-09-15 15:32:14 -04:00
6543 6c61f498ea
On Migration respect old DefaultBranch (#12843)
* On Migration respect old DefaultBranch

* add DefaultBranch int test set

Co-authored-by: zeripath <art27@cantab.net>
2020-09-15 22:37:44 +08:00
Jui-Nan Lin 6c4e9623cc
fix: use Base36 for all code indexers (#12830) 2020-09-14 13:40:07 +03:00
John Olheiser b2bda11595
Fix markdown meta parsing (#12817)
* Fix meta parsing and add minimal test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add license

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Require first separator and add more tests

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Make fmt

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Go lets this work gracefully 🙏

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-12 21:48:47 -04:00
zeripath f91bb745d6
Don't replace underscores in auto-generated IDs in goldmark (#12805)
Fix #12196

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-12 12:00:48 -04:00
Lunny Xiao 8ce10fb6e1
Fix bug on elastic search (#12811)
* Fix bug on elastic search

* Add more comments for elastic search result startIndex and endIndex

* refactor indexPos

* refactor indexPos

* Fix bug
2020-09-12 20:31:52 +08:00
silverwind ffddf3f8a6
Make SVG size argument optional (#12814)
Now defaults to 16 on both frontend and backend.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-11 16:19:00 -04:00
John Olheiser 26c4a049da
Issue templates directory (#11450)
* Issue templates

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add some comments, appease the linter

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add docs and re-use dir candidates

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add default labels to issue templates

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Generate swagger

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Suggested changes

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update issue.go

* Suggestions

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Extract metadata from legacy if possible

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-11 10:48:39 -04:00
Lunny Xiao dd1a651b58
Move all push update operations to a queue (#10133)
* Fix test

* Add no queue for test only

* improve code

* Auto watch whatever branch operation

* Fix lint

* Rename noqueue to immediate

* Remove old PushUpdate function

* Fix tests

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-11 10:14:48 -04:00
6543 fd60ebfe14
[API] Migration: Change ServiceType String (#12672)
* use different structs for MigrateRepoOptions on UI and API

* Fix TokenAuth and rename UID to an understandable Name

* fix swagger doc

* simplify & mk redable

* R E F A C T O R:
migration has now internal 3 structs to store its options:
 * the Options for WebUI: modules/auth/repo_form.go
 * the Options for API: modules/structs/repo.go
 * the option struct with after validation for internal prossessing: modules/migrations/base/options.go

* Copyright Header

* Deprecate UID - add RepoOwner

* adopt repo.go -> migrate.go

* add comment about each struct purpose

* lint
2020-09-10 23:29:19 +01:00
John Olheiser c3e8c9441a
Add check for LDAP group membership (#10869)
This is a port of gogs/gogs#4398

The only changes made by myself are:

Add locales
Add some JS to the UI
Otherwise all code credit goes to @aboron

Resolves #10829

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-10 16:30:07 +01:00
6543 e10327168d
GitLab DL: normalizeColor (#12793) 2020-09-10 14:04:30 +01:00
Lunny Xiao 0db9043aa7
return error when create gitlabdownloader (#12790) 2020-09-10 11:27:49 +03:00
Lunny Xiao e153cf07c3
Add a migrate service type switch page (#12697)
* Add a migrat service type switch page

* Improve translations

* remove images

* Fix images

* remove extra create repo button on dashboard

* Follow reviewers' opinions

* Fix frontend lint

* Remove wrong submit file

* Fix tests

* Adjust the size of image

* Apply suggestions from code review

Co-authored-by: 赵智超 <1012112796@qq.com>

* Remove username and password from migration of github/gitlab

* Improve docs

* Improve interface docs

Co-authored-by: 赵智超 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-09 14:29:10 -04:00
zeripath 96969ddec8
Fix yet another bug with diff file names (#12771)
Following further testing it has become apparent that the diff line
cannot be used to determine filenames for diffs with any sort of predictability
the answer therefore is to use the other lines that are provided with a diff

Fix #12768

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-09 14:08:40 +01:00
John Olheiser c6e4bc53aa
Check passwords against HaveIBeenPwned (#12716)
* Implement pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply suggestions mrsdizzie

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Add link to HIBP

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add more details to admin command

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Consistency and making some noise ;)

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-08 17:06:39 -05:00
silverwind 3865ecbf13
File header tweaks, add CSS helpers (#12635)
- replace two instances of fontawesome with octicons
- add new "class" optional argument to "svg" helper
- add many new CSS helpers and move their import to the end for
  increaseed precedence

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-08 13:17:56 -04:00
Vedran e204398754
Change/remove a branch of an open issue (#9080)
* Add field with isIssueWriter to front end

* Make branch field editable

* Switch frontend to form and POST from javascript

* Add /issue/id/ref endpoint to routes

* Use UpdateIssueTitle model to change ref in backend

* Removed crossreference check and adding comments on branch change

* Use ref returned from POST to update the field

* Prevent calling loadRepo from models/

* Branch/tag refreshed without page reload

* Remove filter for empty branch name

* Add clear option to tag list as well

* Delete button translation and coloring

* Fix for not showing selected branch name in new issue

* Check that branch is not being changed on a PR

* Change logic

* Notification when changing issue ref

* Fix for renamed permission parameter

* Fix for failing build

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-08 12:29:51 -04:00
Lunny Xiao 7a5465fc56
LFS support to be stored on minio (#12518)
* LFS support to be stored on minio

* Fix test

* Fix lint

* Fix lint

* Fix check

* Fix test

* Update documents and add migration for LFS

* Fix some bugs
2020-09-08 23:45:10 +08:00
mrsdizzie 489c8a1478
Compare SSH_DOMAIN when parsing submodule URLs (#12753)
Right now we only compare the hostname from a submodule with the prefixURL it is viewed from to check if the submodule is hosted on the same Gitea instance. This adds an additional check to compare it against SSH_DOMAIN as well since the same Gitea instance might have a different hostname for SSH and if the submodule uses that hostname we should also detect that and link to the proper DOMAIN value.

Fixes #12747, #9756
2020-09-07 20:08:10 -04:00
Lunny Xiao 91e7ad569a
Add queue for code indexer (#10332)
* Add queue for code indexer

* Fix lint

* Fix test

* Fix lint

* Fix bug

* Fix bug

* Fix lint

* Add noqueue

* Fix tests

* Rename noqueue to immediate
2020-09-07 23:05:08 +08:00
6543 ad2bf376df
RepoInit Respect AlternateDefaultBranch (#12746) 2020-09-06 16:58:54 -04:00
6543 f7b3e06026
Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745)
* Update Vendor github.com/nfnt/resize

* switch resize algo NearestNeighbor -> Bilinear
2020-09-06 20:53:33 +01:00
6543 0c6a802731
[Vendor] Update xanzy/go-gitlab v0.31.0 => v0.37.0 (#12701)
* update github.com/xanzy/go-gitlab v0.31.0 => v0.37.0

* vendor

* adapt changes

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-06 11:37:53 -04:00
zeripath 69b8d7ba19
use assignment in tests (#12734)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-06 01:50:57 +03:00
techknowlogick 9a17e2830b
refactor repo_stats to use os.pipe (#11726)
* refactor repo_stats to use os.pipe

* woops. missing reader.

* stdout not stderr, woops

* Fix copyright date and ensure that the stderr is collected

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-09-05 16:12:14 -04:00
6543 1ea1cade85
Add Created & Updated to Milestone (#12662)
* Add Created and Updated to Milestone table and expose via API

* Expose to UI - To Overloaded ?!?

* fix unit test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-05 13:38:54 -04:00
6543 bc11caff94
[Vendor] Switch go-version lib (#12719)
* vendor: switch from "mcuadros/go-version" to "hashicorp/go-version"

* Adapt P1

* simplify

* fix lint

* adapt

* fix lint & rm old code

* no deadlock

* rm RWMutex and check GoVersion only 1-time

* Copyright header

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-05 12:42:58 -04:00
zeripath 9fdb4f887b
Update to go-org 1.3.2 (#12728)
* Update to go-org 1.3.2

Fix #12727

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix unit test

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-05 11:45:10 -04:00
Jochen Peters 385433d2f4
additional data for type StopWatch in swagger api (#12458)
* additional data for type StopWatch in swagger api

* fix lint-backend issue with gofmt

* fix format in v1_json with 'make generate-swagger'

* using issue.LoadRepo() instead of getRepositoryByID()

Co-authored-by: jochen@homeland <no-go@localhost>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-05 12:58:33 +01:00
6543 dba5d82f86
Expose Attachemnt Settings by API (#12514)
close #12368
2020-09-05 08:43:06 +01:00
Lunny Xiao b51bd7f1d6
Refactor webhook payload convertion (#12310)
* Refactor webhook payload convertion

* Fix lint

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-04 22:57:13 -04:00
zeripath bda9e51fef
Remove async pre-empt hack if go >= 1.15 (#12718)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-04 14:59:19 -04:00
6543 2a52aeec49
API: Expose its limitation settings (#12714)
* API: Expose its limitation settings

* TESTs

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-04 14:10:15 -04:00
Lauris BH e710a34981
Add spent time to referenced issue in commit message (#12220) 2020-09-04 11:37:37 -04:00
6543 d7456106bf
fix go1.15 lint error in modules/public/public.go (#12707)
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-04 16:15:54 +03:00
zeripath 5c0697ad1e
Use argon as default password hash algorithm (#12688)
* Restrict TLS connections to 1.2 minimum

* Set Argon2 as the default KDF

* Fix user.yml

* Remove TLS minversion changes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add migration as per @techknowlogick

Signed-off-by: Andrew Thornton <art27@cantab.net>

* set the password algo in the fixtures

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the v148 migration - it needs recreate table to change the defaults

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Nadim Kobeissi <nadim@symbolic.software>
2020-09-03 14:58:31 -04:00
6543 ad4a644fb3
Migrations: Gitlab Add Reactions Support for Issues & MergeRequests (#12695)
* fix migrations: gitlab_test

* more stable test

* Get Reactions to Pulls

* Reactions for Issues

* Comments are still hard

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-03 10:35:17 +03:00
S7evinK 7af2ccd511
Avoid sending "0 new commits" webhooks (#12212)
* Avoid sending "0 new commits" webhook

Signed-off-by: Till Faelligen <tfaelligen@gmail.com>

* Revert "Avoid sending "0 new commits" webhook"

This reverts commit 1f47ccfacd.

* Move commit count check to more central place

* Make tests pass

* Update modules/webhook/webhook.go

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-02 22:46:02 -04:00
zeripath 702e98c5ec
Set TLS minimum version to 1.2 (#12689)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-02 23:37:49 +01:00
zeripath 5fd9f72104
When reading expired sessions - expire them (#12686)
* When reading expired sessions - expire them

Update to latest macaron/session following merge of
https://gitea.com/macaron/session/pulls/11

Also remove old memory provider as 11 updates the memory provider to
make it unnecessary.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and macaron/session/pulls/12

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-02 17:10:35 -04:00
zeripath dead2a9b2d
Escape failed highlighted code (#12685)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-02 16:19:42 -04:00
zeripath 714ab71ddc
Ensure that all migration requests are cancellable (#12669)
* Ensure that all migration requests are cancellable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use WithContext as RequestWithContext is go 1.14

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-02 13:49:25 -04:00
zeripath 58f57b3b6c
Escape provider name in oauth2 provider redirect (#12648)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-30 23:55:01 +01:00
Lunny Xiao 9bc69ff26e
Support elastic search for code search (#10273)
* Support elastic search for code search

* Finished elastic search implementation and add some tests

* Enable test on drone and added docs

* Add new fields to elastic search

* Fix bug

* remove unused changes

* Use indexer alias to keep the gitea indexer version

* Improve codes

* Some code improvements

* The real indexer name changed to xxx.v1

Co-authored-by: zeripath <art27@cantab.net>
2020-08-30 19:08:01 +03:00
zeripath d257485bc0
Rename models.ProtectedBranchRepoID to models.EnvRepoID and ensure EnvPusherEmail is set (#12646)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-30 08:24:39 +01:00
zeripath eb1bf2377b
Set context for running CreateArchive in to that of the request (#12555)
Set the context for CreateArchive to that of the request to ensure that archives
are only built for as long as a request is requesting them

Fix #11551

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-28 09:55:12 +03:00
techknowlogick c5d5d63c9c
Macaron 1.5 (#12596)
* update macaron to v1.5 of fork

* update macaron to v1.5 of fork

* test gzip PR

* add push method impl to context_tests

* use proper gzip commit

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-08-27 22:47:17 -04:00
John Olheiser 211321fb93
Git migration UX (#12619)
* Initial work

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Implementation

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix gitlab and token cloning

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Imports and JS

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Linting

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Generate swagger

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Move mirror toggle and rename options

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-08-28 09:36:37 +08:00
John Olheiser b611ae1908
Mark Cache with ini tag (#12605)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-08-26 02:04:18 +03:00
zeripath 2ae8c7ab1c
Add cron running API (#12421)
* Add cron running API

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* placate-swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* return not found

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-08-24 11:48:15 -04:00
silverwind ee047312a1
Fix emoji replacements, make emoji images consistent (#12567)
- Fix emoji not being replaced in issue title change text
- Make the image attributes consistent, add alt, remove align

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-08-23 21:44:53 -04:00
John Olheiser 43a397ce9a
Initial support for push options (#12169)
* Initial support for push options

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix misspelling 🤦

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix formatting after conflict resolution

* defer close git repo

* According the GitLab documentation, git >= 2.10

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Words are hard. Thanks @mrsdizzie 😅

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Only update if there are push options

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
2020-08-23 17:02:35 +01:00
赵智超 e7d65cbc6e
Add email notify for new release (#12463)
* Add email notify for new release

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-08-23 16:03:18 +01:00
zeripath e429c1164e
Ensure that the detected charset order is set in chardet test (#12574)
TestToUTF8WithFallback is the cause of recurrent spurious test failures
even despite code to set the detected charset order.

The reason why this happens is because the preferred detected charset order
is not being initialised for these tests.

This PR simply ensures that this is set at the start of each test and would
allow different tests to be written to allow differing orders.

Replaces #12571
Close #12571

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-23 14:15:29 +01:00
zeripath fcabbae168
Set utf8mb4 as the default charset on MySQL if CHARSET is unset (#12563)
MySQL in its infinite wisdom determines that UTF8 does not
mean UTF8. Our install scripts know about this and will set
CHARSET to utf8mb4 if we users choose this but... users who
do not explicitly set this variable will default to utf8mb3
without knowing it.

This PR changes the unset CHARSET value to utf8mb4 if users
choose to use mysql.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-22 13:56:33 +01:00
zeripath b78448e94e
Skip SSPI authentication attempts for /api/internal (#12556)
* Skip SSPI authentication attempts for /api/internal

SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.

Fix #11260

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update oauth2.go

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-22 12:09:43 +03:00
mrsdizzie fb70b5d207
Disable password complexity check default (#12557)
* Disable password complexity check default

These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints.

* fix copy paste format
2020-08-21 18:42:23 -04:00
Success 7c0862b6d9
fix typos (#12545)
* fix typo in app.ini

* fix typo in git hook module

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-08-20 18:41:08 +01:00
zeripath d15bb17b78
Default empty merger list to those with write permissions (#12535)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-08-20 10:48:40 +03:00
Wim e14f6088f8
Remove hardcoded ES indexername (#12521) 2020-08-18 11:08:51 -05:00
Florian Klink 95d478c29c
change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
* docs: update heading

This section covers more paths than the 3 listed in the heading.

* setting: change PIDFile default from /var/run/gitea.pid to /run/gitea.pid

On most modern distributions, /var/run is deprecated and only kept for
backwards compat according to
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html, and is a
symlink to `/run/` on modern distributions.

Old Distros that still don't have `/run` can update the gitea default as
described in from-source.en-us.md to point to the old location.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-08-18 14:21:24 +03:00
Lunny Xiao 62e6c9bc6c
Add a storage layer for attachments (#11387)
* Add a storage layer for attachments

* Fix some bug

* fix test

* Fix copyright head and lint

* Fix bug

* Add setting for minio and flags for migrate-storage

* Add documents

* fix lint

* Add test for minio store type on attachments

* fix test

* fix test

* Apply suggestions from code review

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Add warning when storage migrated successfully

* Fix drone

* fix test

* rebase

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* refactor the codes

* add trace

* Fix test

* remove log on xorm

* Fi download bug

* Add a storage layer for attachments

* Add setting for minio and flags for migrate-storage

* fix lint

* Add test for minio store type on attachments

* Apply suggestions from code review

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Fix drone

* fix test

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* refactor the codes

* add trace

* Fix test

* Add URL function to serve attachments directly from S3/Minio

* Add ability to enable/disable redirection in attachment configuration

* Fix typo

* Add a storage layer for attachments

* Add setting for minio and flags for migrate-storage

* fix lint

* Add test for minio store type on attachments

* Apply suggestions from code review

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Fix drone

* fix test

* Fix test

* display the error on console

* Move minio test to amd64 since minio docker don't support arm64

* don't change unrelated files

* Fix lint

* Fix build

* update go.mod and go.sum

* Use github.com/minio/minio-go/v6

* Remove unused function

* Upgrade minio to v7 and some other improvements

* fix lint

* Fix go mod

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Tyler <tystuyfzand@gmail.com>
2020-08-18 12:23:45 +08:00
Lanre Adelowo 4027c5dd7c
Kanban board (#8346)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com>
Co-authored-by: Kerry <flatline-studios@users.noreply.github.com>
Co-authored-by: Jaqra <jaqra@hotmail.com>
Co-authored-by: Kyle Evans <kevans91@users.noreply.github.com>
Co-authored-by: Tsakiridis Ilias <TsakiDev@users.noreply.github.com>
Co-authored-by: Ilias Tsakiridis <ilias.tsakiridis@outlook.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-08-16 23:07:38 -04:00
zeripath ac3cfad23d
Make the default PID file compile-time settable (#12485)
#12391 offered to change the default PID file from /var/run/gitea.pid however in discussion it was decided that this could break users of older systems. An alternative was offered that we could make the PID file compile/link time settable.

This PR does this, and changes the name of the setting from CustomPID to simply PIDFile. It also updates the from-source docs to show how to change the compiler settings to do this.

Closes #12391

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Florian Klink <flokli@flokli.de>
2020-08-15 21:15:27 +01:00
zeripath 2ef318e6f1
Add Access-Control-Expose-Headers (#12446)
Fix #12424

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
2020-08-13 18:18:18 +01:00
techknowlogick bd7d6a3d73
go1.15 (#12475)
* go1.15

* update makefile xgo version

* fix vet issue

* update docs to version of go in use

* add TODO for asyncpreemptoff

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-08-13 10:11:24 -04:00
zeripath be1b33c197
Do not add prefix on http/https submodule links (#12477)
Fix #12345

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-13 00:19:04 -04:00
zeripath 74bd9691c6
Re-attempt to delete temporary upload if the file is locked by another process (#12447)
Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util.

Fix #12339

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
2020-08-11 21:05:34 +01:00
techknowlogick 22c952ac7a
Make dashboard newsfeed list length a configurable item (#12469)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-08-11 10:48:13 -04:00
zeripath 02e990a89b
Prevent redirect back to /user/events (#12462)
This PR prevents 2 further ways of causing the redirect cookie to be set
to redirect back to /user/events

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-08 18:39:40 -04:00
6543 78d17b4b43
Make default StaticRootPath compile time settable (#12371)
Make it possible to compile the default location of StaticRootPath independent from AppWorkPath

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-08-08 15:02:22 +01:00
zeripath e770c2b850
Detect full references to issues and pulls in commit messages (#12399)
Fix #10269

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-06 20:20:05 +01:00
zeripath 2c1ae6c82d
Render the git graph on the server (#12333)
Rendering the git graph on the server means that we can properly track flows and switch from the Canvas implementation to a SVG implementation.

* This implementation provides a 16 limited color selection
* The uniqued color numbers are also provided
* And there is also a monochrome version
*In addition is a hover highlight that allows users to highlight commits on the same flow.

Closes #12209

Signed-off-by: Andrew Thornton art27@cantab.net
Co-authored-by: silverwind <me@silverwind.io>
2020-08-06 09:04:08 +01:00
zeripath 48598a7e83
Mirror System Notice reports are too frequent (#12438)
This PR switches off the success reports from the Update Mirrors cron job
as they are too frequent and not necessarily helpful.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-08-05 21:40:36 +01:00
silverwind e61c09ed73
Add loading spinners and mermaid error handling (#12358)
- Add loading spinners on editor and mermaid renderers
- Add error handling and inline error box for mermaid
- Fix Mermaid rendering by using the .init api
2020-08-04 20:56:37 +01:00
zeripath bac65f1b82
Fix incorrect error logging in Stats indexer and OAuth2 (#12387)
* Fix incorrect logging in oauth2.go

Fix #11945

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle ErrAlreadyInQueue in stats indexer

Fix #12380

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fixes type in error message of indexer

Add the missing character in the error message.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lieven Hollevoet <hollie@lika.be>
2020-08-01 10:45:26 -04:00
6543 b3e06523c1
[Vendor] upgrade google/go-github to v32.1.0 (#12361)
* upgrate go-github client to v32.1.0

* migrate
2020-07-31 15:22:34 +01:00
S7evinK bf60146444
Don't use legacy method to send Matrix Webhook (#12348)
* Don't use legacy send for messages

* Add migrations to ensure Matrix webhooks use PUT

* Set HTTP method to PUT as default

* Fix sql condition..

Signed-off-by: Till Faelligen <tfaelligen@gmail.com>

* Rename getTxnID -> getMatrixTxnID

* Use local variable instead of constant value

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-07-30 18:04:19 -04:00
赵智超 1f12dc8e88
Add action feed for new release (#12324)
* Add action feed for new release

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix lint

* Apply suggestions from code review

* Add ReleaseID to the action table
* Remove error message
* Fold the attachments download list

* remove attchment download list

* simplify code

* fix create release from existing tag

* simplify ui

* translation change

* fix test

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-07-29 15:20:54 -04:00
zeripath 2f6aadffa8
Git 2.28 no longer permits diff with ... on unrelated branches (#12364)
* Git 2.28 no longer permits diff with ... on unrelated branches

Signed-off-by: Andrew Thornton <art27@cantab.net>

* need to check stderr
2020-07-29 13:53:04 -04:00
zeripath 63e5bf6ef7
Only use --exclude on name-rev with git >= 2.13 (#12347)
Fix #11917

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-07-28 15:11:05 +01:00