mirror of
1
Fork 0
Commit Graph

16969 Commits

Author SHA1 Message Date
Jason Song 4e98224a45
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
2023-10-18 09:44:36 +00:00
yp05327 8abc1aae4a
Improve the list header in milestone page (#27302)
The ui of list header in milestone page is not same as issue and pr list
page.
And they are using different template codes which can be merged into
one.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/29eb426c-2dd6-4cf2-96e0-82339fb631bb)

![image](https://github.com/go-gitea/gitea/assets/18380374/b36c4dff-469a-4395-8a02-a8c54e17ab21)



![image](https://github.com/go-gitea/gitea/assets/18380374/d882c74a-451b-431d-b58e-3635a15d9718)

![image](https://github.com/go-gitea/gitea/assets/18380374/292cd38d-1b50-47f1-b32c-9b5de90ce5fb)


After:

![image](https://github.com/go-gitea/gitea/assets/18380374/4529234e-67dc-4e17-9440-e638be4fbc41)

![image](https://github.com/go-gitea/gitea/assets/18380374/c15b4d86-0762-497b-b28d-72d09443d629)

---------

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-10-18 00:03:42 +00:00
Lunny Xiao eeb1e0242b
Fix poster is not loaded in get default merge message (#27657) 2023-10-17 15:07:23 +00:00
puni9869 4adc2a828d
Hide archived labels by default from the suggestions when assigning labels for an issue (#27451)
Followup of #27115
Finally closes #25237

## Screenshots
### Issue Sidebar
<img width="513" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/9f7fda2f-5a03-4684-8619-fd3498a95b41">

### PR sidebar
<img width="367" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/53db9b64-faec-4a67-91d6-76945596a469">

### PR sidebar with archived labels shown
<img width="352" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/9dc5050f-4e69-4f76-bb83-582480a2281e">

---------

Signed-off-by: puni9869 <punitinani1@hotmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-10-17 16:10:45 +02:00
Yevhen Pavlov d98c863884
actions/setup-go use go-version-file (#27651)
These changes will allow not to specify the version of go in every
pipeline.
2023-10-17 10:24:54 +00:00
Sandro Santilli 0f3ea4e1b1
Update agit-support.en-us.md (#27652)
Clarify Agit PR creation documentation

See https://github.com/go-gitea/gitea/issues/27579
2023-10-17 17:53:36 +08:00
Denys Konovalov 0271114e64
cleanup repo details icons/labels (#27644)
Fix #27596 

Change confusing behavior when showing information about a repo via
labels and icons. Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
2023-10-16 23:06:15 +02:00
wxiaoguang 6c501b1498
Improve dropdown button alignment and fix hover bug (#27632)
1. fix #27631 , and add samples to devtest page
2. fix incorrect color for "ui dropdown button" when hover
2023-10-16 07:26:08 +00:00
GiteaBot d1f85525d0 [skip ci] Updated licenses and gitignores 2023-10-16 00:24:20 +00:00
Jason Song 1be49fdda6
Improve retrying index issues (#27554)
Fix #27540
2023-10-15 18:56:57 +00:00
Lunny Xiao cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
Nanguan Lin 7480aacdad
Fix 404 when there is an internal version of package (#27615)
close #27601
The Docker registry has an internal version, which leads to 404
2023-10-15 09:22:10 +00:00
GiteaBot 4f6043f554 [skip ci] Updated translations via Crowdin 2023-10-15 00:25:13 +00:00
Earl Warren 89c9a498fd
Add anchor to review types (#26894)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248

(cherry picked from commit 1741a5f1fe)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
2023-10-14 16:13:59 -05:00
Nanguan Lin 02d4e4d412
Update readme to remove drone svg (#27624) 2023-10-14 16:11:54 +00:00
Nanguan Lin e29e40d128
Change the default branch in the agit docs (#27621) 2023-10-14 09:50:23 -04:00
JakobDev 76a85a4ce9
Final round of `db.DefaultContext` refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
Evan Tobin ae419fa494
Fix permissions for Token DELETE endpoint to match GET and POST (#27610)
Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
2023-10-14 08:04:44 +00:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
GiteaBot ee6a390675 [skip ci] Updated translations via Crowdin 2023-10-14 00:22:28 +00:00
techknowlogick c573d96b70
rm outdated docs from some languages (#27530)
related to #27499
2023-10-13 19:29:18 +00:00
Chongyi Zheng b5a4ec0fb1
Upgrade go dependencies (#27599)
Upgrade all dependencies in `go.mod`

`golang.org/x/net` v0.17.0 also fixes
[CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-13 16:11:15 +00:00
Sergey Zolotarev cf74f5fc40
Fix build errors on BSD (in BSDMakefile) (#27594)
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).

   ```
   + which gmake /usr/local/bin/gmake
   + false

   *** Failed target:  .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
   *** Error code 1
   ```

2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:

   ``` gmake: *** empty string invalid as file name.  Stop. ```
2023-10-13 15:38:27 +00:00
silverwind 532f166c4d
Enable shorthands in `declaration-strict-value` linter (#27597)
Enable [shorthand
matching](https://github.com/AndyOGo/stylelint-declaration-strict-value#expandshorthand)
in this lint rule and match color properties by regex. Patterns like
this will now fail lint:

```css
background: #123456;
border: 1px sold rgba(0,0,0,0);
```
2023-10-13 08:19:21 +00:00
GiteaBot 3e9a379d38 [skip ci] Updated translations via Crowdin 2023-10-13 00:23:41 +00:00
silverwind c37f95fc56
Make disk clean action a bit more robust (#27590) 2023-10-12 00:24:13 -04:00
GiteaBot d020343269 [skip ci] Updated translations via Crowdin 2023-10-12 00:21:30 +00:00
JakobDev bf24852b20
Keep filter when showing unfiltered results on explore page (#27192)
Fixes https://codeberg.org/Codeberg/Community/issues/1302

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-11 22:10:51 +00:00
JakobDev 328da56a28
Don't show Link to TOTP if not set up (#27585) 2023-10-11 20:12:54 +00:00
wxiaoguang 1d155a43ad
Fix data-race bug when accessing task.LastRun (#27584) 2023-10-11 14:51:20 +00:00
Lunny Xiao fb74fe99d6
Fix template bug (#27581)
Regression from #27414
2023-10-11 14:02:15 +00:00
silverwind 73b63d9311
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-11 12:34:21 +00:00
Nanguan Lin dc04044716
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
2023-10-11 11:02:24 +00:00
Lunny Xiao dca195e9bd
Fix the robots.txt path 2023-10-11 18:01:52 +08:00
Earl Warren 1050d7a78f
show manual cron run's last time (#27544)
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949

(cherry picked from commit fd34fdac14)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
2023-10-11 07:28:16 +00:00
techknowlogick dc7cf7a984
fully replace drone with actions (#27556)
this builds binaries and docker images for tags
2023-10-11 06:39:32 +00:00
zeripath 4378f9dfff
Revert "Simplify `contrib/backport` (#27520)" (#27566)
This reverts #27520 commit 79e8865aae
which breaks `--continue` functionality.
2023-10-11 05:55:17 +00:00
Nanguan Lin 248b7ee850
Align ISSUE_TEMPLATE with the new label system (#27573)
As title
2023-10-11 13:25:31 +08:00
JakobDev ebe803e514
Penultimate round of `db.DefaultContext` refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
GiteaBot 50166d1f7c [skip ci] Updated translations via Crowdin 2023-10-11 00:22:56 +00:00
Lunny Xiao 5c9fbcca00
Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
Lunny Xiao 7ff1f2527c
Make actions default enabled for newly created repository if global configuraion enabled (#27482) 2023-10-10 14:45:31 +00:00
Nanguan Lin 5b6258a0b9
Fix the wrong HTTP response status code for duplicate packages (#27480)
fix #27470 
(hope there is nothing missing 😢 )

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-10 15:39:58 +02:00
Jason Song 2c7b6c378e
Increase queue length (#27555) 2023-10-10 18:47:49 +08:00
Sebastian Grabowski 3c131307ac
Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536)
Fixes #27535
2023-10-10 00:01:46 +00:00
Kyle D ac4ae35542
Remove max-width and add hide text overflow (#27359)
Closes https://github.com/go-gitea/gitea/issues/27358
2023-10-09 19:04:31 -04:00
wxiaoguang e2e0280108
Fix `environment-to-ini` inherited key bug (#27543)
Fix  #27541

The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
2023-10-10 01:10:37 +08:00
Nanguan Lin 28ead9ea62
Improve docs about register/run as a service (#27461)
As title
2023-10-09 13:20:16 +00:00
Michael Santos 5283ce9650
api: GetPullRequestCommits: return file list (#27483)
Fixes https://github.com/go-gitea/gitea/issues/27481

----

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 11:22:12 +00:00
techknowlogick 65eea1d536
switch to using official AWS step in release nightly (#27532)
`jakejarvis/s3-sync-action@master` is out of date, and using official
actions is always recommended
2023-10-09 10:12:19 +00:00