Commit graph

3627 commits

Author SHA1 Message Date
KN4CK3R
0a9a86b943
Respect REQUIRE_SIGNIN_VIEW for packages (#20873)
Fix #20863

When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-21 21:01:18 +08:00
6543
c5e88fb03d
[API] teamSearch show teams with no members if user is admin (#21204)
close #21176
2022-09-19 20:02:29 +08:00
wxiaoguang
395f65c65a
Remove unnecessary length check for repo's Description & Website (#21194)
Follows #21119

The manual length check doesn't make sense nowadays:
1. The length check is already done by form's `binding:MaxSize` (then the manual check is unnecessary)
2. The CreateRepository doesn't have such check (then the manual check is inconsistent)

So this PR removes these manual length checks.
2022-09-18 10:35:24 +08:00
wxiaoguang
321964155a
Treat git object mode 40755 as directory (#21195)
Git uses 040000 for tree object, but some users may get 040755 for
unknown reasons

Try to fix #21190
* #21190
2022-09-18 09:31:20 +08:00
JakobDev
548387b2be
Show label description in comments section (#21156)
The labels in the comment section are currently missing the description that all other labels have.
2022-09-16 20:44:00 +08:00
JakobDev
8351172b6e
Limit length of repo description and repo url input fields (#21119)
Both allow only limited characters. If you input more, you will get a error
message. So it make sense to limit the characters of the input fields.

Slightly relax the MaxSize of repo's Description and Website
2022-09-16 15:19:16 +08:00
wxiaoguang
0ba2f53ca1
Passing command line arguments correctly by string slice (#21168)
Using `append(args, strings.Fields(arg)...)` is dangerous, it may
generate incorrect results.

For example: `arg1 "the dangerous"` will be splitted to 3 arguments:
`arg1`, `"the`, `dangerous"`. In some cases the incorrect arguments may
lead to security problems.
2022-09-14 15:59:52 +02:00
sergemedvid
e07d089be0
Sort branches and tags by date descending (#21136)
This fixes #5709 and #17316 by changing the order of listed branches
and tags to show the ones with latest commits atop.
It's achieved with changing underlying "show-ref" git command with
"for-each-ref" as suggested in https://stackoverflow.com/a/5188364
Also, it's passing format string so the output matches "show-ref"
command output.

close #5709
close #17316
2022-09-14 14:11:24 +02:00
zeripath
88c2e24360
Add KaTeX rendering to Markdown. (#20571)
This PR adds mathematical rendering with KaTeX.

The first step is to add a Goldmark extension that detects the latex
(and tex) mathematics delimiters.

The second step to make this extension only run if math support is
enabled.

The second step is to then add KaTeX CSS and JS to the head which will
load after the dom is rendered.

Fix #3445

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-14 00:33:37 +08:00
Blender Defender
defc401b27
Make labels clickable in the comments section. (#21137)
This commit adds the possibility to click the labels in the message
"User added/removed the X label", which will lead to the issues page,
filtered by the clicked label.

This pull requests aims to fix #19768

_I've tried to follow the contribution guidelines as carefully as
possible, but in case I made a mistake: Please correct me._

<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-12 13:45:14 -04:00
silverwind
afdab9d8d4
Remove fomantic image module (#21145)
Remove this small, but unnecessary
[module](https://fomantic-ui.com/elements/image.html) and use `img`
selector over previous `.image`. Did a few tests, could not notice any
visual regression.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-12 17:08:46 +08:00
luzpaz
cb3b3e519f
Fix various typos (#21103)
Found via `codespell -q 3 -S
./options/locale,./options/license,./public/vendor,./web_src/fomantic -L
actived,allways,attachements,ba,befores,commiter,pullrequest,pullrequests,readby,splitted,te,unknwon`

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-07 14:40:36 -04:00
zeripath
8080e23c9b
Move go-licenses to generate and separate generate into a frontend and backend component (#21061)
The `go-licenses` make task introduced in #21034 is being run on make vendor
and occasionally causes an empty go-licenses file if the vendors need to
change. This should be moved to the generate task as it is a generated file.

Now because of this change we also need to split generation into two separate 
steps:

1. `generate-backend`
2. `generate-frontend`

In the future it would probably be useful to make `generate-swagger` part of `generate-frontend` but it's not tolerated with our .drone.yml

Ref #21034

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2022-09-05 14:04:18 +08:00
Aaron F
3963625b6e
Webhook for Wiki changes (#20219)
Add support for triggering webhook notifications on wiki changes.

This PR contains frontend and backend for webhook notifications on wiki actions (create a new page, rename a page, edit a page and delete a page). The frontend got a new checkbox under the Custom Event -> Repository Events section. There is only one checkbox for create/edit/rename/delete actions, because it makes no sense to separate it and others like releases or packages follow the same schema.

![image](https://user-images.githubusercontent.com/121972/177018803-26851196-831f-4fde-9a4c-9e639b0e0d6b.png)

The actions itself are separated, so that different notifications will be executed (with the "action" field). All the webhook receivers implement the new interface method (Wiki) and the corresponding tests.

When implementing this, I encounter a little bug on editing a wiki page. Creating and editing a wiki page is technically the same action and will be handled by the ```updateWikiPage``` function. But the function need to know if it is a new wiki page or just a change. This distinction is done by the ```action``` parameter, but this will not be sent by the frontend (on form submit). This PR will fix this by adding the ```action``` parameter with the values ```_new``` or ```_edit```, which will be used by the ```updateWikiPage``` function.

I've done integration tests with matrix and gitea (http).

![image](https://user-images.githubusercontent.com/121972/177018795-eb5cdc01-9ba3-483e-a6b7-ed0e313a71fb.png)

Fix #16457

Signed-off-by: Aaron Fischer <mail@aaron-fischer.net>
2022-09-04 20:54:23 +01:00
Eng Zer Jun
8b0aaa5f86
test: use T.TempDir to create temporary test directory (#21043)
A testing cleanup. 

This pull request replaces `os.MkdirTemp` with `t.TempDir`. We can use the `T.TempDir` function from the `testing` package to create temporary directory. The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. 

This saves us at least 2 lines (error check, and cleanup) on every instance, or in some cases adds cleanup that we forgot.

Reference: https://pkg.go.dev/testing#T.TempDir

```go
func TestFoo(t *testing.T) {
	// before
	tmpDir, err := os.MkdirTemp("", "")
	require.NoError(t, err)
	defer os.RemoveAll(tmpDir)

	// now
	tmpDir := t.TempDir()
}
```

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-09-04 16:14:53 +01:00
zeripath
c722a26e7e
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902)
When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.
    
Instead we move these options into the .gitconfig instead.

Fix #20400

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-04 16:13:23 +01:00
qwerty287
be14e79e98
Fix 500 on time tracking in timeline API (#21052)
Fix #21041
2022-09-04 15:01:23 +01:00
zeripath
e6b3be4608
Add more checks in migration code (#21011)
When migrating add several more important sanity checks:

* SHAs must be SHAs
* Refs must be valid Refs
* URLs must be reasonable

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
2022-09-04 13:47:56 +03:00
Kyle D
c8ded77680
Kd/ci playwright go test (#20123)
* Add initial playwright config

* Simplify Makefile

* Simplify Makefile

* Use correct config files

* Update playwright settings

* Fix package-lock file

* Don't use test logger for e2e tests

* fix frontend lint

* Allow passing TEST_LOGGER variable

* Init postgres database

* use standard gitea env variables

* Update playwright

* update drone

* Move empty env var to commands

* Cleanup

* Move integrations to subfolder

* tests integrations to tests integraton

* Run e2e tests with go test

* Fix linting

* install CI deps

* Add files to ESlint

* Fix drone typo

* Don't log to console in CI

* Use go test http server

* Add build step before tests

* Move shared init function to common package

* fix drone

* Clean up tests

* Fix linting

* Better mocking for page + version string

* Cleanup test generation

* Remove dependency on gitea binary

* Fix linting

* add initial support for running specific tests

* Add ACCEPT_VISUAL variable

* don't require git-lfs

* Add initial documentation

* Review feedback

* Add logged in session test

* Attempt fixing drone race

* Cleanup and bump version

* Bump deps

* Review feedback

* simplify installation

* Fix ci

* Update install docs
2022-09-02 15:18:23 -04:00
Jason Song
84447df4d3
Support Issue forms and PR forms (#20987)
* feat: extend issue template for yaml

* feat: support yaml template

* feat: render form to markdown

* feat: support yaml template for pr

* chore: rename to Fields

* feat: template unmarshal

* feat: split template

* feat: render to markdown

* feat: use full name as template file name

* chore: remove useless file

* feat: use dropdown of fomantic ui

* feat: update input style

* docs: more comments

* fix: render text without render

* chore: fix lint error

* fix: support use description as about in markdown

* fix: add field class in form

* chore: generate swagger

* feat: validate template

* feat: support is_nummber and regex

* test: fix broken unit tests

* fix: ignore empty body of md template

* fix: make multiple easymde editors work in one page

* feat: better UI

* fix: js error in pr form

* chore: generate swagger

* feat: support regex validation

* chore: generate swagger

* fix: refresh each markdown editor

* chore: give up required validation

* fix: correct issue template candidates

* fix: correct checkboxes style

* chore: ignore .hugo_build.lock in docs

* docs: separate out a new doc for merge templates

* docs: introduce syntax of yaml template

* feat: show a alert for invalid templates

* test: add case for a valid template

* fix: correct attributes of required checkbox

* fix: add class not-under-easymde for dropzone

* fix: use more back-quotes

* chore: remove translation in zh-CN

* fix EasyMDE statusbar margin

* fix: remove repeated blocks

* fix: reuse regex for quotes

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-02 15:58:49 +08:00
John Olheiser
a48d6ba4b4
Go 1.19 format (#20758)
* 1.19 gofumpt

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change CSV test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Commit whitespace fixes from @zeripath

Co-authored-by: zeripath <art27@cantab.net>

* Update emoji

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* bump swagger & fix generate-swagger

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-08-30 21:15:45 -05:00
Igor Rzegocki
354ebe4610
fix broken insecureskipverify handling in rediss connection uris (#20967)
fixes regression #19213
2022-08-29 16:38:49 +02:00
KN4CK3R
41c76ad714
Add support for Vagrant packages (#20930)
* Add support for Vagrant boxes.

* Add authentication.

* Add tests.

* Add integration tests.

* Add docs.

* Add icons.

* Update routers/api/packages/api.go

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
2022-08-29 15:04:45 +08:00
zeripath
bb0ff77e46
Share HTML template renderers and create a watcher framework (#20218)
The recovery, API, Web and package frameworks all create their own HTML
Renderers. This increases the memory requirements of Gitea
unnecessarily with duplicate templates being kept in memory.

Further the reloading framework in dev mode for these involves locking
and recompiling all of the templates on each load. This will potentially
hide concurrency issues and it is inefficient.

This PR stores the templates renderer in the context and stores this
context in the NormalRoutes, it then creates a fsnotify.Watcher
framework to watch files.

The watching framework is then extended to the mailer templates which
were previously not being reloaded in dev.

Then the locales are simplified to a similar structure.

Fix #20210 
Fix #20211
Fix #20217

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-28 10:43:25 +01:00
Lunny Xiao
b0c62846f1
Fix download archiver of a commit (#20962) 2022-08-26 15:07:06 +02:00
Gusted
27ac65a124
Only show relevant repositories on explore page (#19361)
Adds a new option to only show relevant repo's on the explore page, for bigger Gitea instances like Codeberg this is a nice option to enable to make the explore page more populated with unique and "high" quality repo's. A note is shown that the results are filtered and have the possibility to see the unfiltered results.

Co-authored-by: vednoc <vednoc@protonmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 20:38:41 +02:00
KN4CK3R
dc0253b063
Replace ServeStream with ServeContent (#20903)
* Replace ServeStream with ServeContent.

* Update modules/timeutil/timestamp.go

Co-authored-by: delvh <dev.lh@web.de>

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-25 12:05:21 -04:00
Lunny Xiao
1d8543e7db
Move some files into models' sub packages (#20262)
* Move some files into models' sub packages

* Move functions

* merge main branch

* Fix check

* fix check

* Fix some tests

* Fix lint

* Fix lint

* Revert lint changes

* Fix error comments

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 10:31:57 +08:00
Jason Song
15b189b570
Avoid frequent string2bytes conversions (#20940)
Fix #20939
2022-08-24 12:50:13 +01:00
zeripath
aa2e473991
Set no-tags in git fetch on compare (#20893)
* Set no-tags in git fetch on compare

In the compare endpoint the git fetch is restricted to a certain branch however,
this does not completely prevent tag acquisition/pollution as git fetch will collect
any tags on that branch.

This causes pollution of the tag namespace and could cause confusion by users.

This PR adds `--no-tags` to the `git fetch` call.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/git/repo_compare.go

* Update modules/git/repo_compare.go

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-23 14:12:43 -04:00
silverwind
56220515fc
Enable contenthash in filename for dynamic assets (#20813)
This should solve the main problem of dynamic assets getting stale after
a version upgrade. Everything not affected will use query-string based
cache busting, which includes files loaded via HTML or worker scripts.
2022-08-23 20:58:04 +08:00
zeripath
943753f560
Support Proxy protocol (#12527)
This PR adds functionality to allow Gitea to sit behind an
HAProxy and HAProxy protocolled connections directly.

Fix #7508

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-21 19:20:43 +01:00
wxiaoguang
6784a707d1
Fix graceful doc (#20883) 2022-08-21 02:50:27 -04:00
JonRB
cb37c6ba5c
call builtinUnused() if internal SSH is disabled (#20877)
The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout. 

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in #20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called. 

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix #20609
2022-08-20 22:09:41 +01:00
Gusted
3d52edc7a4
Don't open new page for ext wiki on same repository (#20725)
- When the external wiki has been set to a file on the repository, don't
open the page on a tab.
- Resolves #20657
2022-08-20 15:47:04 +01:00
zeripath
3aa5749d53
Disable doctor logging on panic (#20847)
* Disable doctor logging on panic

If permissions are incorrect for writing to the doctor log simply disable the log file
instead of panicing.

Related #20570

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update cmd/doctor.go

* Update cmd/doctor.go

Co-authored-by: delvh <dev.lh@web.de>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-18 21:27:27 -04:00
Lunny Xiao
a4e91c4197
Add proxy host into allow list (#20798)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-16 20:15:54 -04:00
Will Norris
82f89ff996
auth/reverseproxy: Add support for full name (#20776)
This adds support for getting the user's full name from the reverse
proxy in addition to username and email.

Tested locally with caddy serving as reverse proxy with Tailscale
authentication.

Signed-off-by: Will Norris <will@tailscale.com>

Signed-off-by: Will Norris <will@tailscale.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-16 14:30:27 +08:00
Lunny Xiao
1f146090ec
Add migrate repo archiver and packages storage support on command line (#20757)
* Add migrate repo archiver and packages storage support on command line

* Fix typo

* Use stdCtx

* Use packageblob and fix command description

* Add migrate packages unit tests

* Fix comment year

* Fix the migrate storage command line description

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Fix test

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 12:05:15 +08:00
Lunny Xiao
86c85c19b6
Refactor AssertExistsAndLoadBean to use generics (#20797)
* Refactor AssertExistsAndLoadBean to use generics

* Fix tests

Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
xpy
efaa9958b5
Fix push mirror address backend get error Address cause setting page display error (#20593)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-14 23:12:01 -04:00
zeripath
58a4407acb
Remove follow from commits by file (#20765)
The use of `--follow` makes getting these commits very slow on large repositories
as it results in searching the whole commit tree for a blob.

Now as nice as the results of `--follow` are, I am uncertain whether it is really
of sufficient importance to keep around.

Fix #20764

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-14 21:22:13 -04:00
Frank
1f0638747b
Preserve unix socket file (#20499)
By default Gitea will always unlink any sockets that are provided using the `LISTEN_FDS` environment variable. This is because it uses this variable to handle passing when it is doing a graceful restart. However, this same mechanism is used by systemd - which explicitly expects that passed in sockets should not be unlinked by the receiving process. 

This PR adjusts Gitea's graceful restart mechanism to use an additional environment variable which tracks if a listening socket was opened by Gitea - and therefore should be unlinked on shutdown by Gitea.

Fix #20490

Co-authored-by: zeripath <art27@cantab.net>
2022-08-13 22:31:33 +01:00
zeripath
99efa02edf
Switch Unicode Escaping to a VSCode-like system (#19990)
This PR rewrites the invisible unicode detection algorithm to more
closely match that of the Monaco editor on the system. It provides a
technique for detecting ambiguous characters and relaxes the detection
of combining marks.

Control characters are in addition detected as invisible in this
implementation whereas they are not on monaco but this is related to
font issues.

Close #19913

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-13 19:32:34 +01:00
wxiaoguang
11dc6df5be
Fix git.Init for doctor sub-command (#20782) 2022-08-14 00:33:18 +08:00
silverwind
20b3a90450
Remove useless JS operation for relative time tooltips (#20756)
This operation that shifts the content from title to data-content is
useless when we can directly render the expected HTML instead.

This change does prevent these tooltips from working when the user has
JS disabled in their browser, but I think we made it clear by now that
JS is required for gitea to work properly.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-12 17:03:41 -04:00
oliverpool
c81b26b0e5
refactor webhook *NewPost (#20729)
* refactor webhook *NewPost

* remove empty values

* always show errs.Message

* remove utils.IsValidSlackChannel

* move IsValidSlackChannel to services/webhook package

* binding: handle empty Message case

* make IsValidSlackChannel more strict
2022-08-11 17:48:23 +02:00
Gusted
58de07e5fd
Add support mCaptcha as captcha provider (#20458)
https://mcaptcha.org/

Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
2022-08-10 15:20:10 +02:00
wxiaoguang
75d96f4a02
Refactor legacy git init (#20376)
* merge `CheckLFSVersion` into `InitFull` (renamed from `InitWithSyncOnce`)
* remove the `Once` during git init, no data-race now
* for doctor sub-commands, `InitFull` should only be called in initialization stage

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-09 11:22:24 +08:00
Lunny Xiao
98190d0024
Fix disable download button (#20701) 2022-08-08 15:42:36 +02:00
Gusted
498352c210
Fix SecToTime edge-cases (#20610) 2022-08-08 13:07:42 +08:00
KN4CK3R
f55af4675c
Add support for Pub packages (#20560)
* Added support for Pub packages.

* Update docs/content/doc/packages/overview.en-us.md

Co-authored-by: Gergely Nagy <algernon@users.noreply.github.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gergely Nagy <algernon@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-08-07 18:09:54 +08:00
parnic
27789908d8
Use request timeout for git service rpc (#20689)
This enables git.Command's Run to optionally use the given context directly so its deadline will be respected. Otherwise, it falls back to the previous behavior of using the supplied timeout or a default timeout value of 360 seconds.

repo's serviceRPC() calls now use the context's deadline (which is unset/unlimited) instead of the default 6-minute timeout. This means that large repo clones will no longer arbitrarily time out on the upload-pack step, and pushes can take longer than 6 minutes on the receive-pack step.

Fixes #20680

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-06 16:13:11 +03:00
Norwin
279e4e235c
Increase default item listing size ISSUE_PAGING_NUM to 20 (#20547)
* increase default page sizes to 20
* adjust docs to reflect that the setting is used all over the place
* fix tests

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-08-06 18:43:40 +08:00
JonRB
7cc7c3e449
Executable check always returns true for windows (#20637)
* Executable check always returns true for windows 

Windows doesn't have the concept of "executable" POSIX bits so for now always return true to minimise doctor and logging noise. Addresses #20636

* gofmt tweak

* Update modules/repository/hooks.go

Co-authored-by: silverwind <me@silverwind.io>

* gofmt comment line

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-08-04 15:28:32 +08:00
Gusted
87a7c37ecb
Use strings.Cut for GIT_PROTOCOL value (#20638)
- As per https://github.com/go-gitea/gitea/pull/20616#discussion_r935612542
2022-08-03 01:34:50 +03:00
KN4CK3R
631539c104
Fix package upload for files >32mb (#20622)
* Rewind file before first read.
* Added tests.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 21:35:48 +08:00
Gusted
8740631b79
Enable Wire 2 for Internal SSH Server (#20616)
- Git only decides to use the Wire 2 protocol when `git
{receive,upload}-pack` receive the `GIT_PROTOCOL` environment with as
value `version=2`. Currently the internal SSH Server wasn't passing this
environment through. The `gitea serv` code already passed all received
environments to the git command, so no code changes there.
2022-08-02 15:56:38 +08:00
Clar Fon
036dd8a788
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 13:24:18 +08:00
Gary Wang
72b1fd7fdd
Should also support upper-case README files (#20581)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-01 20:15:40 +08:00
Gary Wang
c35535ce07
Support localized README (#20508)
* Support localized README

* Slightly simplify getting the readme file and add some tests. Ensure that i18n also
works for docs/ etc.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/markup/renderer.go

* Update modules/markup/renderer.go

* Update modules/markup/renderer.go

Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-08-01 01:36:58 +03:00
Lunny Xiao
589677fafb
Add disable download source configuration (#20548)
Add configuration to enable/disable download source from UI.

Co-authored-by: zeripath <art27@cantab.net>
2022-07-31 18:57:02 +02:00
Norwin
8a330b6b5b
Add setting SQLITE_JOURNAL_MODE to enable WAL (#20535)
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-07-30 21:57:41 +02:00
silverwind
ae3dde1c87
Rework file highlight rendering and fix yaml copy-paste (#19967)
* Rework file highlight rendering and fix yaml copy-paste

* use Split+Trim to replace tag parser

* remove unnecessary bytes.Count

* remove newLineInHTML = "&#10;"

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-07-30 21:17:43 +02:00
Mohamed Sekour
0e61a74e5a
Add new API endpoints for push mirrors management (#19841)
- Add a new push mirror to specific repository
- Sync now ( send all the changes to the configured push mirrors )
- Get list of all push mirrors of a repository
- Get a push mirror by ID
- Delete push mirror by ID

Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2022-07-30 18:45:59 +02:00
Gusted
692707f145
Add latest commit's SHA to content response (#20398)
* Add latest commit's SHA to content response

- When requesting the contents of a filepath, add the latest commit's
SHA to the requested file.
- Resolves #12840

* Add swagger

* Fix NPE

* Fix tests

* Hook into LastCommitCache

* Move AddLastCommitCache to a common nogogit and gogit file

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Prevent NPE

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-07-30 16:09:04 +08:00
silverwind
eaf653f843
Rework raw file http header logic (#20484)
- Always respect the user's configured mime type map
- Allow more types like image/pdf/video/audio to serve with correct content-type
- Shorten cache duration of raw files to 5 minutes, matching GitHub
- Don't set `content-disposition: attachment`, let the browser decide whether it wants to download or display a file directly
- Implement rfc5987 for filenames, remove previous hack. Confirmed it working in Safari.
- Make PDF attachment work in Safari by removing `sandbox` attribute.

This change will make a lot more file types open directly in browser now. Logic should generally be more readable than before with less `if` nesting and such.

Replaces: https://github.com/go-gitea/gitea/pull/20460
Replaces: https://github.com/go-gitea/gitea/pull/20455
Fixes: https://github.com/go-gitea/gitea/issues/20404
2022-07-29 17:26:55 +02:00
zeripath
c9c5bd88be
Stop logging EOFs and exit(1)s in ssh handler (#20476)
The code in modules/ssh/ssh.go:sessionHandler() currently cause an error to be
logged if `gitea serv` exits with a exit(1). This logging is useless because the
accompanying stderr is not provided and in any case the exit(1) is most likely due
to permissions errors.

Further it then causes the EOF to be logged - even though this is not helpful.

This PR simply checks the errors returned and stops logging them.

In the case of misconfigurations causing `gitea serv` to fail with exit(1)
the current logging is not helpful at determining this and users should simply
review the message passed over the ssh connection.

Fix #20473

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-28 20:56:55 +01:00
KN4CK3R
a846bfefd8
Extended permission checks. (#20517) 2022-07-28 21:04:03 +08:00
Tyrone Yeh
3bd8f50af8
Added email notification option to receive all own messages (#20179)
Sometimes users want to receive email notifications of messages they create or reply to,
Added an option to personal preferences to allow users to choose

Closes #20149
2022-07-28 16:30:12 +08:00
KN4CK3R
86e5268c39
Add Docker /v2/_catalog endpoint (#20469)
* Added properties for packages.
* Fixed authenticate header format.
* Added _catalog endpoint.
* Check owner visibility.
* Extracted condition.
* Added test for _catalog.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-07-28 11:59:39 +08:00
Philip Peterson
4604048010
Removed some vestigial code related to Range bounds checks (#20312) 2022-07-28 11:04:36 +08:00
zeripath
a2cfcdb91a
Slightly simplify LastCommitCache (#20444)
The LastCommitCache code is a little complex and there is unnecessary
duplication between the gogit and nogogit variants.

This PR adds the LastCommitCache as a field to the git.Repository and
pre-creates it in the ReferencesGit helpers etc. There has been some
simplification and unification of the variant code.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-25 16:39:42 +01:00
KN4CK3R
690272d2e2
Fix Ruby package parsing by removed unused email field (#20470) 2022-07-25 02:52:14 +02:00
wxiaoguang
3310dd1d19
Improve code diff highlight, fix incorrect rendered diff result (#19958)
Use Unicode placeholders to replace HTML tags and HTML entities first, then do diff, then recover the HTML tags and HTML entities. Now the code diff with highlight has stable behavior, and won't emit broken tags.
2022-07-23 19:28:02 +08:00
silverwind
14178c56bb
Add Cache-Control header to html and api responses, add no-transform (#20432)
`no-transform` allegedly disables CloudFlare auto-minify and we did not
set caching headers on html or api requests, which seems good to have
regardless.

Transformation is still allowed for asset requests.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-07-23 14:38:03 +08:00
Gergely Nagy
4d22bda4db
Allow non-semver packages in the Conan package registry (#20412)
A lot of existing packages do not conform to SemVer, yet, they should be allowed
in the Conan package registry as-is. To achieve this, remove the SemVer check
from `NewRecipeReference`, and replace it with a simple empty string check.

A unit test with a non-semver version is also included.

Fixes #20405.

Signed-off-by: Gergely Nagy <me@gergo.csillger.hu>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-07-22 22:54:02 +01:00
Lucas Azevedo
599ae09a94
Use body text color in repository files table links (#20386)
Use body text color in for links in the repository files table
Issue/PR links (`.ref-issue`) will not be affected, as seen in other git services.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-07-22 18:49:24 +08:00
6543
c0f5111fea
Dismiss prior pull reviews if done via web in review dismiss (#20197) 2022-07-19 15:20:28 +02:00
wxiaoguang
fee0e4dbea
Remove confusing TrimPrefix(... git.BranchPrefix) (#20369)
Make Repository.GetDefaultBranch return the real branch name, instead of the ref name. Then there is no need to do TrimPrefix for repo.DefaultBranch
2022-07-16 08:10:02 +08:00
a1012112796
4f267ef643
Allow access to the Public Organization Member lists with minimal permissions (#20330)
Examining Organization membership should not necessarily require sign-in if the organization is public and the members are public. Therefore we should adjust `/org/{org}/members` to not require login.

Fix #7501

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-07-15 15:21:54 +01:00
silverwind
7d20c8323a
Fix commit status icon when in subdirectory (#20285)
When viewing a subdirectory and the latest commit to that directory in
the table, the commit status icon incorrectly showed the status of the
HEAD commit instead of the latest for that directory.
2022-07-15 14:01:32 +01:00
Baekjun Kim
e35a39e81d
Include login_name in adminCreateUser response (#20283)
`login_name` (Authentication Sign-in Name) is not included in the response of `adminUserCreate` API. 
This PR is to return user-specified `login_name` if there is one.
2022-07-15 16:52:11 +08:00
Bian Jiaping
e49ef56dde
Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
`PATCH /repos/{owner}/{repo}` API allows users to update `allow_rebase_update`, `default_delete_branch_after_merge`, but `GET /repos/{owner}/{repo}` API does not return these two options, and API users has no other ways to find the state of these two options.

This PR add `allow_rebase_update`, `default_delete_branch_after_merge` to repository query api response.
2022-07-15 16:00:01 +08:00
Gusted
edd945bca3
Allow to specify colors for text in markup (#20363)
`<span style="color: red">Hello World!</span>` will now be accepted by
Bluemonday, other properties are still disallowed by Bluemonday.
2022-07-15 14:38:10 +08:00
zeripath
fe09ee564d
Prevent context deadline error propagation in GetCommitsInfo (#20346)
* Prevent context deadline error propagation in GetCommitsInfo

Although `WalkGitLog` tries to test for `context.DeadlineExceededErr`
there is a small chance that the error will propagate to the reader
before it is recognised. This will cause the error to propagate up to
`renderDirectoryFiles` and cause a http status 500.

Here we check that the error passed is a `DeadlineExceededErr` via error.Is

Fix #20329

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-14 00:24:29 +02:00
Gusted
b7c6ec91ba
Use default values when provided values are empty (#20318)
* Use default values when provided values are empty

- When provided values are empty like `:3000` would imply that host is
empty, use the default value.
- Resolves #20316

* Update database.go

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-07-13 13:33:31 +08:00
wxiaoguang
f67a1030b3
Add tests for the host checking logic, clarify the behaviors (#20328)
Before, the combination of AllowedDomains/BlockedDomains/AllowLocalNetworks is confusing.

This PR adds tests for the logic, clarify the behaviors.
2022-07-13 09:07:16 +08:00
luzpaz
d29d6d1991
Fix various typos (#20338)
* Fix various typos

Found via `codespell -q 3 -S ./options/locale,./options/license,./public/vendor -L actived,allways,attachements,ba,befores,commiter,pullrequest,pullrequests,readby,splitted,te,unknwon`

Co-authored-by: zeripath <art27@cantab.net>
2022-07-12 23:32:37 +02:00
Gusted
2399b5900a
Vertical align avatar at middle (#20302)
- Currently the avatar in the navbar is being vertically aligned to the
top, this caused that the icon besides it isn't being at the middle of
the avatar. Use the `vm` helper class to force the `vertical-align` to
be `middle`.
- Resolves #20292
2022-07-10 19:49:13 +01:00
wxiaoguang
27e2def5f0
Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299)
* Refactor SSH init code, fix directory creation for TrustedUserCAKeys file

* Update modules/ssh/init.go

Co-authored-by: zeripath <art27@cantab.net>

* fix lint copyright

* Update modules/ssh/init.go

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-07-10 14:50:26 +08:00
wxiaoguang
36353e27e6
Do not create empty ".ssh" directory when loading config (#20289)
Creating the directory automatically is not correct.
In other places for ssh key writing (RewriteAllPrincipalKeys / appendAuthorizedKeysToFile, etc), the directory will still be created when updating the keys.
This PR will resolve the confusing and annoying problem: the dummy and empty ".ssh" directory in new git home.
2022-07-09 22:32:18 +08:00
Chongyi Zheng
49f9d43afe
Implement sync push mirror on commit (#19411)
Support synchronizing with the push mirrors whenever new commits are pushed or synced from pull mirror.

Related Issues: #18220

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-07-08 20:45:12 +01:00
wxiaoguang
496b8e3990
Use git.HOME_PATH for Git HOME directory (#20114)
* Add git.HOME_PATH

* add legacy file check

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* pass env GNUPGHOME to git command, move the existing .gitconfig to new home, make the fix for 1.17rc more clear.

* set git.HOME_PATH for docker images to default HOME

* Revert "set git.HOME_PATH for docker images to default HOME"

This reverts commit f120101ddc267cef74e4f4b92c783d5fc8e275a1.

* force Gitea to use a stable GNUPGHOME directory

* extra check to ensure only process dir or symlink for legacy files

* refactor variable name

* The legacy dir check (for 1.17-rc1) could be removed with 1.18 release, since users should have upgraded from 1.17-rc to 1.17-stable

* Update modules/git/git.go

Co-authored-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>

* remove initFixGitHome117rc

* Update git.go

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-07-08 16:09:07 +08:00
Gusted
3f513f9e54
Fix NPE when using non-numeric (#20277)
- This code is only valid when `refNumeric` exist(otherwise we didn't find
such numeric PR and can skip that check) and give a free-pas to the  "BEFORE" check when
`ref` is nil.
- Resolves #20109
2022-07-07 17:46:49 +02:00
zeripath
354bfbe779
Allow RSA 2047 bit keys (#20272)
Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such
a way that they appear to have 2047 bit length. This PR simply changes our defaults to
allow these.

Fix #20249

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-06 16:49:27 -04:00
zeripath
ba0f9274e9
Allow dev i18n to be more concurrent (#20159)
The recent changes to add live-reloading to the i18n translation files made the i18n code totally non-concurrent when using dev. This will make discovering other concurrency related issues far more difficult. This PR fixes these, adds some more comments to the code and slightly restructures a few functions.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-04 12:17:09 +02:00
silverwind
54e7483207
Update default allowed attachment types (#20192)
Synced the list to what is allowed on GitHub currently.
2022-07-01 15:42:20 +02:00
wxiaoguang
d6c0aa7f1c
Fix dump-repo git init, fix wrong error type for NullDownloader (#20182)
* Fix `dump-repo` git init

* fix wrong error type for NullDownloader
2022-07-01 07:48:25 +08:00
Gusted
91b21473a6
Add username check to doctor (#20140)
* Add username check to doctor

- Add a new breaking change detector to Gitea's doctor, which checks if
all users still have a valid username according to Gitea. Given from
time-to-time we need to make changes, either due to new routes or due to
security, it's for a instance's admin to check if all users still have a
valid username.

* Fix extra argument

* Apply suggestions from code review

Co-authored-by: Jimmy Praet <jimmy.praet@telenet.be>

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

Co-authored-by: Jimmy Praet <jimmy.praet@telenet.be>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: delvh <dev.lh@web.de>
2022-06-27 19:45:50 -04:00