Commit graph

138 commits

Author SHA1 Message Date
zeripath
fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
guillep2k
31655aabfc Fix password complexity regex for special characters (on master) (#8525)
* Fix extra space

* Fix regular expression

* Fix error template name

* Simplify check code, fix default values, add test

* Fix router tests

* Fix fmt

* Fix setting and lint

* Move cleaning up code to test, improve comments

* Tidy up variable declaration
2019-10-16 11:09:58 +08:00
zeripath
167e8f18da
Restore Graceful Restarting & Socket Activation (#7274)
* Prevent deadlock in indexer initialisation during graceful restart

* Move from gracehttp to our own service to add graceful ssh

* Add timeout for start of indexers and make hammer time configurable

* Fix issue with re-initialization in indexer during tests

* move the code to detect use of closed to graceful

* Handle logs gracefully - add a pid suffix just before restart

* Move to using a cond and a holder for indexers

* use time.Since

* Add some comments and attribution

* update modules.txt

* Use zero to disable timeout

* Move RestartProcess to its own file

* Add cleanup routine
2019-10-15 14:39:51 +01:00
Benson Muite
ebe8ff782f Update config-cheat-sheet.en-us.md (#8497)
* Update config-cheat-sheet.en-us.md

Add more information on configuring URI hyperlink rendering for Markdown.

* Update config-cheat-sheet.en-us.md

Update description as suggested by @guillep2k

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
2019-10-15 03:39:55 +01:00
Lunny Xiao
0be992a1e2 Make static resouces web browser cache time customized on app.ini (#8442)
* make static resouces web browser cache time customized on app.ini

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: zeripath <art27@cantab.net>

* Update custom/conf/app.ini.sample

Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>

* fix docs
2019-10-14 23:05:57 +01:00
Maxim Tkachenko
db657192d0 Password Complexity Checks (#6230)
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords.

Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com>
Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com>
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-10-14 16:24:26 +01:00
Lunny Xiao
e3e44a59d0 Update migrated repositories' issues/comments/prs poster id if user has a github external user saved (#7751)
* update migrated issues/comments when login as github

* add get userid when migrating or login with github oauth2

* fix lint

* add migrations for repository service type

* fix build

* remove unnecessary dependencies on migrations

* add cron task to update migrations poster ids and fix posterid when migrating

* fix lint

* fix lint

* improve code

* fix lint

* improve code

* replace releases publish id to actual author id

* fix import

* fix bug

* fix lint

* fix rawdata definition

* fix some bugs

* fix error message
2019-10-14 09:10:42 +03:00
Lunny Xiao
f2a3abc683
Move migrating repository from frontend to backend (#6200)
* move migrating to backend

* add loading image when migrating and fix tests

* fix format

* fix lint

* add redis task queue support and improve docs

* add redis vendor

* fix vet

* add database migrations and fix app.ini sample

* add comments for task section on app.ini.sample

* Update models/migrations/v84.go

Co-Authored-By: lunny <xiaolunwen@gmail.com>

* Update models/repo.go

Co-Authored-By: lunny <xiaolunwen@gmail.com>

* move migrating to backend

* add loading image when migrating and fix tests

* fix fmt

* add redis task queue support and improve docs

* fix fixtures

* fix fixtures

* fix duplicate function on index.js

* fix tests

* rename repository statuses

* check if repository is being create when SSH request

* fix lint

* fix template

* some improvements

* fix template

* unified migrate options

* fix lint

* fix loading page

* refactor

* When gitea restart, don't restart the running tasks because we may have servel gitea instances, that may break the migration

* fix js

* Update models/repo.go

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* fix tests

* rename ErrTaskIsNotExist to ErrTaskDoesNotExist

* delete release after add one on tests to make it run happy

* fix tests

* fix tests

* improve codes

* fix lint

* fix lint

* fix migrations
2019-10-13 21:23:14 +08:00
pseudocoder
eac5a8be75 DOCS: add mention of swagger api reference (#8452)
It's(swagger api link) mentioned vaguely in the FAQ but IMHO missing from API usage page.
2019-10-10 08:42:01 -04:00
Km
de8a0a3938 Add buildbot CI (#8378)
Buildbot can work with Gitea
2019-10-04 19:30:05 +02:00
helix84
cd1c960a2a typo fix (#8345) 2019-10-02 02:25:32 +03:00
David Svantesson
223b9d9a64 Add 'make revive' to instructions for checking code (#8314)
* Add 'make revive' to instructions for checking code

This is performed on drone, hacking instructions should contain the same to avoid unnecessary PR builds.

* lint is deprecated. Denote revive +vet as code analysis in continuous text.
2019-09-29 23:36:52 +03:00
Bill Wenrich
41dcdbf500 [docs] Docker build - ZeroMQ dependency for Jupyter (#8262)
* doc py3-zmq - ZeroMQ bindings for jupyter

#7970 https://github.com/go-gitea/gitea/issues/7970

* rebase Dockerfile to 1.9.x for jupyter

* [docs] external-renderers.en-us.md - use templated variable for version

Co-Authored-By: techknowlogick <matti@mdranta.net>
2019-09-26 09:04:53 +02:00
David Svantesson
b19db40eab Update hacking-on-gitea.en-us.md (#8275)
Fix spelling of misspell in command to validate swagger.
2019-09-24 14:29:11 -04:00
John Olheiser
73f7e82024 Remove unnecessary backslash (#8249) 2019-09-20 13:06:17 -04:00
Lunny Xiao
3c0e6d1126 update cache item_ttl docs (#8222) 2019-09-18 10:50:45 +03:00
guillep2k
72f6d5c882 Restrict repository indexing by glob match (#7767)
* Restrict repository indexing by file extension

* Use REPO_EXTENSIONS_LIST_INCLUDE instead of REPO_EXTENSIONS_LIST_EXCLUDE and have a more flexible extension pattern

* Corrected to pass lint gosimple

* Add wildcard support to REPO_INDEXER_EXTENSIONS

* This reverts commit 72a650c8e42f4abf59d5df7cd5dc27b451494cc6.

* Add wildcard support to REPO_INDEXER_EXTENSIONS (no make vendor)

* Simplify isIndexable() for better clarity

* Add gobwas/glob to vendors

* manually set appengine new release

* Implement better REPO_INDEXER_INCLUDE and REPO_INDEXER_EXCLUDE

* Add unit and integration tests

* Update app.ini.sample and reword config-cheat-sheet

* Add doc page and correct app.ini.sample

* Some polish on the doc

* Simplify code as suggested by @lafriks
2019-09-11 20:26:28 +03:00
techknowlogick
3fd0eec900
Update third-party-tools.en-us.md (#8148) 2019-09-11 00:16:11 -04:00
Feodor Fitsner
79c8bc0e51 Added AppVeyor to the list of CI/CD working with Gitea (#8104) 2019-09-05 22:48:35 +02:00
nu_no
5fcef38f7f Fix broken link (#8091) 2019-09-05 00:31:43 +02:00
Km
18896d8df1 Propose some references about ci/cd solutions compatibles with gitea (#7996)
* Propose some references about ci/cd solutions compatibles with gitea

* No note about theirs integration level, only a starting point.

* Update docs/content/doc/advanced/ci-cd.en-us.md

Improve text

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Improve link to CI solutions

Update docs/content/doc/advanced/ci-cd.en-us.md

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Update docs/content/doc/advanced/ci-cd.en-us.md

Typo in name :/

Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>

* Remove redundant empty line

* Invite user to consult new CI/CD page

* Link target CI tools

* Jenkins and its plugin

* Update docs/content/doc/advanced/third-party-tools.en-us.md

Simplify link CI/CD

Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>

* Update docs/content/doc/advanced/ci-cd.en-us.md

Typo

Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>

* Provide gitea documentation about drone usage

    Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>

* Update docs/content/doc/advanced/ci-cd.en-us.md

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Apply suggestions from code review

Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-08-29 17:30:12 -04:00
Gary Kim
f1c414882c Add Ability for User to Customize Email Notification Frequency (#7813)
* Add Backend Logic for Toggling Email Notification

This commit adds the backend logic for
allowing users to enable or disable email
notifications. The implementation ensures
that only issue notification emails get disabled
and important emails are still sent regardless
of the setting.

The UI to toggle this setting has not yet been
implemented.

* Add UI and complete user email notification enable

This commit completes the functionality to allow
users to disable their own email notifications.

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add Third Option for Only Email on Mention

Signed-off-by: Gary Kim <gary@garykim.dev>

* Readd NOT NULL to new preference string

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add Tests and Rewrite Comment

Signed-off-by: Gary Kim <gary@garykim.dev>

* Allow admin to set default email frequency

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add new config option to docs

Signed-off-by: Gary Kim <gary@garykim.dev>

* Fix a few mistakes

Signed-off-by: Gary Kim <gary@garykim.dev>

* Only update required columns

Signed-off-by: Gary Kim <gary@garykim.dev>

* Simplify an error check

Signed-off-by: Gary Kim <gary@garykim.dev>

* Make email_notification_preference column in DB be VARCHAR(20)

Signed-off-by: Gary Kim <gary@garykim.dev>

* Handle errors

Signed-off-by: Gary Kim <gary@garykim.dev>

* Update models/migrations/v93.go

Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-08-29 17:05:42 +03:00
David Svantesson
c9546d4cdd Include description in repository search. (#7942)
* Add description in repository search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Refactor SearchRepositoryByName with a general function SearchRepository

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Allow to specify if description shall be included in API repo search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add new app.ini setting for whether to search within repo description.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Search keyword in description (if setting enabled) on:
 - Explore page
 - Organization profile page
 - User profile page
 - Admin repo page

Do not search keyword in description on:
 - Any non-keyword search (not relevant)
 - Incremental search (uses API)

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Put parameters related to keyword directly after it

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test cases for including (and not including) repository description in search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Rename test function from TestSearchRepositoryByName to TestSearchRepository.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Make setting SEARCH_REPO_DESCRIPTION default to true

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
2019-08-25 20:06:36 +03:00
guillep2k
e3115cc019 Add support for DEFAULT_ORG_MEMBER_VISIBLE (#7669)
* Add support for DEFAULT_ORG_MEMBER_VISIBLE

* Correct formatting

* Improved description in cheat sheet.

* Add test for DefaultOrgMemberVisible

* Remove dead code
2019-08-24 15:28:59 +03:00
Lunny Xiao
f83db078f0 Move database settings from models to setting (#7806)
* move database settings from models to setting

* update docs

* fix checkout pr

* fix tests

* fix lint

* remove unsupported tidb options

* correct wrong variable name

* remove tidb totally
2019-08-24 11:24:45 +02:00
Lunny Xiao
85202d4784
Display ui time with customize time location (#7792)
* display ui time with customize time location

* fix lint

* rename UILocation to DefaultUILocation

* move time related functions to modules/timeutil

* fix tests

* fix tests

* fix build

* fix swagger
2019-08-15 22:46:21 +08:00
Antoine GIRARD
46d6b92ad0 Import topics during migration (#7851)
* add GetTopics interface

* CreateTopics

* remove un-needed comment
2019-08-14 14:16:12 +08:00
Antoine GIRARD
9692ebcc54 add details for db socket listening (#7830) 2019-08-12 17:52:11 -04:00
Mason
c534b7e211 Add SSH_LISTEN_HOST to the config cheatsheet (#7793)
This was missing before, and this commit adds it with the correct
default value and description
2019-08-08 18:40:31 +03:00
guillep2k
3b97b9efbf Correct formatting of bullet list (#7794) 2019-08-08 07:47:57 +03:00
Tamal Saha
2102f9d92d Support setting cookie domain (#6288)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-07-12 09:57:31 -04:00
Sandro Santilli
a0820e09fb Add section about customizing mail (#7419)
See https://github.com/go-gitea/gitea/issues/6037
2019-07-11 01:27:57 -04:00
Mura Li
f88aa1d215 Support git.PATH entry in app.ini (#6772) 2019-07-07 03:26:56 -04:00
EpicCoder
8d9d6aa903 Add additional password hash algorithms (closes #5859) (#6023) 2019-07-07 02:01:01 -04:00
Lunny Xiao
87404d7c0b Use vendors when go generate (#7340)
* use vendors when go generate

* update docs about golang minimal requirement from 1.9 to 1.11

* fix build
2019-07-06 23:00:41 -04:00
AJ ONeal
62d6127f1b Make captcha and password optional for external accounts (#6606) 2019-07-06 15:48:02 -04:00
silverwind
a71cabbd53 add 'npm' and 'npm-update' make targets and lockfile (#7246)
* add 'npm' and 'npm-update' make targets and lockfile

- `make npm` installs and updates node_modules, triggered automatically
   on `make css` and `make js` as it completes reasonably fast and
   ensures consistent modules.
- `make npm-update` updates all dependencies to their latest version,
   regenerates `node_modules` from scratch and updates
   `package-lock.json`. It uses npm modules `updates` written by yours
   truly to find the latest version of each dependency.

* add suggested make dependencies

* remove package-lock.json during npm-update

* regenerate package-lock.json
2019-06-18 22:59:47 -04:00
Antoine GIRARD
2d097655a6 Fix relref link in docs (#7233) 2019-06-17 22:57:48 -04:00
techknowlogick
6d0f78542f
Add docs for INTERNAL_TOKEN_URI (#7234) 2019-06-17 22:52:03 -04:00
Mario Lubenka
8eba27c792 Repository avatar fallback configuration (#7087)
* Only show repository avatar in list when one was selected

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Adds fallback configuration option for repository avatar

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Implements repository avatar fallback

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Adds admin task for deleting generated repository avatars

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Solve linting issues

Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>

* Save avatar before updating database

* Linting

* Update models/repo.go

Co-Authored-By: zeripath <art27@cantab.net>
2019-06-02 14:40:12 +08:00
zeripath
356854fc5f Move serv hook functionality & drop GitLogger (#6993)
* Move hook functionality internally

* Internalise serv logic

* Remove old internal paths

* finally remove the gitlogger

* Disallow push on archived repositories

* fix lint error

* Update modules/private/key.go

* Update routers/private/hook.go

* Update routers/private/hook.go

* Update routers/private/hook.go

* Updated routers/private/serv.go

* Fix LFS Locks over SSH

* rev-list needs to be run by the hook process

* fixup

* Improve git test

* Ensure that the lfs files are created with a different prefix

* Reduce the replication in git_test.go

* slight refactor

* Remove unnecessary "/"

* Restore ensureAnonymousClone

* Restore ensureAnonymousClone

* Run rev-list on server side

* Try passing in the alternative directories instead

* Mark test as skipped

* Improve git test

* Ensure that the lfs files are created with a different prefix
* Reduce the replication in git_test.go
* Remove unnecessary "/"
2019-06-01 23:00:21 +08:00
Sergey Dryabzhinsky
3fd18838aa Repository avatars (#6986)
* Repository avatars

- first variant of code from old work for gogs
- add migration 87
- add new option in app.ini
- add en-US locale string
- add new class in repository.less

* Add changed index.css, remove unused template name

* Update en-us doc about configuration options

* Add comments to new functions, add new option to docker app.ini

* Add comment for lint

* Remove variable, not needed

* Fix formatting

* Update swagger api template

* Check if avatar exists

* Fix avatar link/path checks

* Typo

* TEXT column can't have a default value

* Fixes:

- remove old avatar file on upload
- use ID in name of avatar file - users may upload same files
- add simple tests

* Fix fmt check

* Generate PNG instead of "static" GIF

* More informative comment

* Fix error message

* Update avatar upload checks:

- add file size check
- add new option
- update config docs
- add new string to en-us locale

* Fixes:

- use FileHEader field for check file size
- add new test - upload big image

* Fix formatting

* Update comments

* Update log message

* Removed wrong style - not needed

* Use Sync2 to migrate

* Update repos list view

- bigger avatar
- fix html blocks alignment

* A little adjust avatar size

* Use small icons for explore/repo list

* Use new cool avatar preparation func by @lafriks

* Missing changes for new function

* Remove unused import, move imports

* Missed new option definition in app.ini

Add file size check in user/profile avatar upload

* Use smaller field length for Avatar

* Use session to update repo DB data, update DeleteAvatar - use session too

* Fix err variable definition

* As suggested @lafriks - return as soon as possible, code readability
2019-05-29 22:22:26 -04:00
Lunny Xiao
063fa99159
when git version >= 2.18, git command could run with git wire protocol version 2 param if enabled (#7047) 2019-05-26 17:50:06 +08:00
Tekaoh
6c16febe4d Update config-cheat-sheet.en-us.md (#7046) 2019-05-26 06:23:30 +01:00
Lunny Xiao
d5a98a2969 Add support of utf8mb4 for mysql (#6992) 2019-05-24 00:15:26 -04:00
Monty Taylor
6eb53ac570 Fix documentation on Oauth2.Enable flag (#7011)
* Fix documentation on Oauth2.Enable flag

The docs list this as ENABLED, but in the source code it's
ENABLE, meaning following the docs leads to confusion.

* Update sample config for oauth2.ENABLE
2019-05-21 21:48:34 -04:00
silverwind
d9dcd09340 add make targets for js and css, add js linter (#6952)
* add make targets for js,css, add javascript linter

- add `make js`, deprecating `make javascripts`
- add `make css`, deprecating `make generate-stylesheets` and
  `make stylesheets-check`
- changed the unclean css check to only run on CI
- add JS linting via eslint with basic configuration and fixed
  discovered issues
- changed autoprefixer to use official `postcss-cli` avoiding the need
  to loop in the makefile
- moved browserslist to package.json so other future tools can use it
  too.
- update documentation for new make targets and added JS section

* fix indentation

* move functions used in html to 'exported' list

* Run lessc binary without having to install anything to node_modules

* use relative paths to node bin scripts, removing npx

* Revert "use relative paths to node bin scripts, removing npx"

This reverts commit 119b725525a8430b32ee7a6e6009b4ece544e39b.

* fix lessc and postcss plugins

* check for node_modules and use actual bin names
2019-05-16 08:57:47 +03:00
zeripath
775a5a5b0f
Stop colorizing files by default (#6949) 2019-05-15 22:37:06 +01:00
Tamal Saha
34d06f4c6b Handle CORS requests (#6289) 2019-05-13 11:38:53 -04:00
zeripath
e3166744fe
Fix logging documentation (#6904)
* ENABLE_MACARON_REDIRECT should be REDIRECT_MACARON_LOG

* Allow DISABLE_ROUTER_LOG to be set in the [log] section
2019-05-11 10:13:57 +01:00