mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
13,488 Commits 13 Branches 241 Tags 689 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Gusted aa23f477b7
Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439) 
- Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc.
- `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states.
- Add a prefix, such that code scanners can easily grep these in source code.
- 32 Bytes + prefix
 2022-02-04 18:03:15 +01:00
wxiaoguang 49dd906753
Use base32 for 2FA scratch token (#18384) 
* Use base32 for 2FA scratch token
* rename Secure* to Crypto*, add comments
 2022-01-26 12:10:10 +08:00
Gusted ff2fd08228
Simplify parameter types (#18006) 
Remove repeated type declarations in function definitions.
 2021-12-20 04:41:31 +00:00
luzpaz e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367) 
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
 2021-07-08 13:38:13 +02:00
silverwind 1e6fa57acb
Use single shared random string generation function (#15741) 
* Use single shared random string generation function

- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty

Fixes: #15536

* use const string method

* Update modules/avatar/avatar.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
 2021-05-10 07:45:17 +01:00
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases (#12465) 
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
 2020-10-05 01:49:33 -04:00
Jonas Franz e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00