* Set background of openIDConnect logo to white in arc-green theme
* Fixed linting off arc-green theme
Signed-off-by: Leo Maroni <git@em0lar.de>
* Revert changes of first commit (white background) and replaced the image
* Updated openid_connect (part 2)
* Update public/img/auth/openid_connect.svg
Now in one line
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable
and overwrites SSH_DOMAIN environment variable set the first time if nothing done
Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
* Make sure that sendmail processes register with the process manager
* Provide a timeout for these (initially of 5 minutes)
* Add configurable value and tie in to documentation
* Tie in to the admin config page.
Signed-off-by: Andrew Thornton <art27@cantab.net>
The SKS Keyserver network has been under attack with poisoned
certificates since at least 2019. Downloading a poisoned certificate has
the awful side-effect of completely breaking your keyring and most
software has now moved off the network and uses the keys.openpgp.org
which has a different protocol instead - in fact one whereby emails are
verified.
For more details regarding the attack see: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
See: https://keys.openpgp.org/about and https://keys.openpgp.org/about/faq
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
In #9888, it was reported that my earlier pull request #9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:
```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```
This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:
- The value from `.Value()` is used for each element.
- We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.
This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Support unicode emojis and remove emojify.js
This PR replaces all use of emojify.js and adds unicode emoji support to various areas of gitea.
This works in a few ways:
First it adds emoji parsing support into gitea itself. This allows us to
* Render emojis from valid alias (😄)
* Detect unicode emojis and let us put them in their own class with proper aria-labels and styling
* Easily allow for custom "emoji"
* Support all emoji rendering and features without javascript
* Uses plain unicode and lets the system render in appropriate emoji font
* Doesn't leave us relying on external sources for updates/fixes/features
That same list of emoji is also used to create a json file which replaces the part of emojify.js that populates the emoji search tribute. This file is about 35KB with GZIP turned on and I've set it to load after the page renders to not hinder page load time (and this removes loading emojify.js also)
For custom "emoji" it uses a pretty simple scheme of just looking for /emojis/img/name.png where name is something a user has put in the "allowed reactions" setting we already have. The gitea reaction that was previously hard coded into a forked copy of emojify.js is included and works as a custom reaction under this method.
The emoji data sourced here is from https://github.com/github/gemoji which is the gem library Github uses for their emoji rendering (and a data source for other sites). So we should be able to easily render any emoji and :alias: that Github can, removing any errors from migrated content. They also update it as well, so we can sync when there are new unicode emoji lists released.
I've included a slimmed down and slightly modified forked copy of https://github.com/knq/emoji to make up our own emoji module. The code is pretty straight forward and again allows us to have a lot of flexibility in what happens.
I had seen a few comments about performance in some of the other threads if we render this ourselves, but there doesn't seem to be any issue here. In a test it can parse, convert, and render 1,000 emojis inside of a large markdown table in about 100ms on my laptop (which is many more emojis than will ever be in any normal issue). This also prevents any flickering and other weirdness from using javascript to render some things while using go for others.
Not included here are image fall back URLS. I don't really think they are necessary for anything new being written in 2020. However, managing the emoji ourselves would allow us to add these as a feature later on if it seems necessary.
Fixes: https://github.com/go-gitea/gitea/issues/9182
Fixes: https://github.com/go-gitea/gitea/issues/8974
Fixes: https://github.com/go-gitea/gitea/issues/8953
Fixes: https://github.com/go-gitea/gitea/issues/6628
Fixes: https://github.com/go-gitea/gitea/issues/5130
* add new shared function emojiHTML
* don't increase emoji size in issue title
* Update templates/repo/issue/view_content/add_reaction.tmpl
Co-Authored-By: 6543 <6543@obermui.de>
* Support for emoji rendering in various templates
* Render code and review comments as they should be
* Better way to handle mail subjects
* insert unicode from tribute selection
* Add template helper for plain text when needed
* Use existing replace function I forgot about
* Don't include emoji greater than Unicode Version 12
Only include emoji and aliases in JSON
* Update build/generate-emoji.go
* Tweak regex slightly to really match everything including random invisible characters. Run tests for every emoji we have
* final updates
* code review
* code review
* hard code gitea custom emoji to match previous behavior
* Update .eslintrc
Co-Authored-By: silverwind <me@silverwind.io>
* disable preempt
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* backwards compatibility typo
* Unlist description and separate from list by an empty line
* redis needs password edit
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Use AJAX for notifications table
Signed-off-by: Andrew Thornton <art27@cantab.net>
* move to separate js
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate golangci-lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add autoupdating notification count
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix wipeall
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate tests
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Try hidden
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Try hide and hidden
Signed-off-by: Andrew Thornton <art27@cantab.net>
* More auto-update improvements
Only run checker on pages that have a count
Change starting checker to 10s with a back-off to 60s if there is no change
Signed-off-by: Andrew Thornton <art27@cantab.net>
* string comparison!
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @silverwind
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add configurability as per @6543
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add documentation as per @6543
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use CSRF header not query
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Further JS improvements
Fix @etzelia update notification table request
Fix @silverwind comments
Co-Authored-By: silverwind <me@silverwind.io>
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Simplify the notification count fns
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.
Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.
Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.
Fix #9907
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Across several files, references to cron.update_migration_post_id are made, although the actual setting is called cron.update_migration_poster_id according to modules/setting/cron.go (10e2f29144/modules/setting/cron.go (L54)).
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Add IIS Reverse Proxy documentation
@mahdiit in #10748 described how to set up IIS as a reverse proxy. This
PR adds these to our documentation.
Close #10748
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/usage/reverse-proxies.en-us.md
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Updated email setup documentation to include sendmail option
* Update docs/content/doc/usage/email-setup.en-us.md
full path to sendmail
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
* Update docs/content/doc/usage/email-setup.en-us.md
docker image does not have sendmail
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: James Lakin <jamesorlakin@users.noreply.github.com>
* Update docs/content/doc/usage/email-setup.en-us.md
Co-Authored-By: James Lakin <jamesorlakin@users.noreply.github.com>
Co-authored-by: 8ctopus <hello@octopuslabs.io>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: James Lakin <jamesorlakin@users.noreply.github.com>
* Add more logging in the LFS server
Adds more logging in the LFS server and stops sending internal server
error information to the client
* Add LFS Lock cursor implementation
* Simplify Claims in LFS and remove the float64 casts
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Create system webhook column (and migration)
* Create system webhook DB methods
Based on the default webhook ones
* Modify router to handle system webhooks and default ones
* Remove old unused admin nav template
* Adjust orgRepoCtx to differentiate system and default webhook URLs
* Assign IsSystemWebhook when creating webhooks
* Correctly use booleans for IsSystemWebhook
* Use system webhooks when preparing webhooks for payload
* Add UI and locale changes
* Use router params to differentiate admin hook pages
* Fix deleting admin webhooks and rename method
* Add clarity to webhook docs
* Revert "Remove old unused admin nav template"
This reverts commit 191a20a7389fe5f6256b0ad6aafd04b9b0e295c5.
* Rename WebHooksNewPost to GiteaHooksNewPost for clarity
* Reintroduce blank line lost during merge conflict
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Also adjusted other version mentions so go version is always mentioned
as major.minor and node only as major.
Co-authored-by: silverwind <me@silverwind.io>
* Show Signer in commit lists and add basic trust
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* ensure orange text and background is available
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update gpg_key.go
* Update models/gpg_key.go
* Apply suggestions from code review
* Require team collaborators to have access to UnitTypeCode
* as per @6543
* fix position of sha as per @silverwind
* as per @guillep2k
* Add frontend/backend make targets, fix source release
- Add 'make backend' and 'make frontend' make targets which are used to
build go and js/css/svg files respectively.
- The 'backend' target can be invoked without requiring Node.js to be
present on the system if pre-built frontend assets are present like
in the release source tarballs.
- Fix source releases missing 'dist' folders inside 'node_modules' which
were erronously excluded from tar.
- Store VERSION in file VERSION for the release tarballs and prefer that
file over git-derived version.
* fix release task
* fix typo
* fix another typo
Move langauge detection to separate module to be more reusable
Add option to disable vendored file exclusion from file search
Allways show all language stats for search
* Database Preparation
* Apply suggestions from @guillep2k
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Repeat strong password notice on PostgreSQL
* Add prerequisite note
* Use utf8mb4 instead of utf8
* Use utf8mb4 if complete character coverage wanted
* utf8mb4 recommended
* Reword utf8mb4 recommendation
* Set InnoDB global variables may be needed
* Reorder step number
* Whoops, bump year date
* Remove `SET GLOBAL`s and step number reorder
It is assumed that such global variables value are already as default on MySQL 5.7 and later, so those are redundant.
* Syntax edit on MySQL GRANT PRIVILEGEs
* DB engine uniformity intro edit
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Upgrade levelqueue to version 0.2.0
This adds functionality for Unique Queues
* Add UniqueQueue interface and functions to create them
* Add UniqueQueue implementations
* Move TestPullRequests over to use UniqueQueue
* Reduce code duplication
* Add bytefifos
* Ensure invalid types are logged
* Fix close race in PersistableChannelQueue Shutdown
* Cache last commit to accelerate the repository directory page visit
* Default use default cache configuration
* add tests for last commit cache
* Simplify last commit cache
* Revert Enabled back
* Change the last commit cache default ttl to 8760h
* Fix test
* Update documentation for the go module era
use go env instead of $GOPATH
Update instructions to just use git clone
Slight update to readme
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixup
* Apply suggestions from code review
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
Co-Authored-By: Bagas Sanjaya <bagasdotme@gmail.com>
* Apply suggestions from code review
* Fix GOPATH settings
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- added new 'make webpack' target
- deprecated 'make js' and 'make css'
- extend webpack config to load the less files
- updated docs
I had to rename the source file of `arc-green.less` to avoid generating
a useless JS entrypoint via webpack-fix-style-only-entries which would
not work with different source/destination filenames. I hear that there
should be cleaner solutions possible once we upgrade to Webpack 5.
Co-authored-by: zeripath <art27@cantab.net>
* Add support for database schema
* Require setting search_path for the db user
* Add schema setting to admin/config.tmpl
* Use a schema different from default for psql tests
* Update postgres scripts to use custom schema
* Update to xorm/core 0.7.3 and xorm/xorm c37aff9b3a
* Fix migration test
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Make CertFile and KeyFile relative to CustomPath
The current code will absolute CertFile and KeyFile against the current working directory. This is quite unexpected for users. This code makes relative paths absolute against the CustomPath.
Fix #4196
* Improve error reporting when reading certificates
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Add privacy policy page and link
* Add TOS page and link
* Add update date
* [Docs] Add customizing PP and TOS
* Separate h2 user-generated content with its paragraph
* Reimplement Privacy Policy
The document is inspired from GitHub.
* Refactor to contrib
* [Docs] Mention how to add legal pages
* Reimplement Terms of Service
Adapted from GitHub
* Update revision date
* Rename to mark as sample file
* Apply suggestion from @sapk
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Apply suggestion from @sapk
Use absolute link instead
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Apply suggestion from @zeripath
Change `Last Updated` element to `<h4>`
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Close this `<li>` element instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Intentionally grammar fix
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Information grammar
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Cannot guarantee absolute security...
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Use `<h4>` element for last updated date
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Remove trailing `</p>` at the end of API clause
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Migrate privacy email domain to Your Gitea Instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container for `<ol>` definitions
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container that contain `<ol>` user-generated content
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Remove `<p>` container for private repositories `<ol>` listing
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestions from @zeripath
Migrate remaining email domains to Your Gitea Instance
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Offer support
Co-Authored-By: zeripath <art27@cantab.net>
* Apply suggestion from @zeripath
Change "Your Gitea Instance" references to match your situation and Gitea project disclaimer
Co-Authored-By: zeripath <art27@cantab.net>
* Reword transmission data to reflect hosting on third-party provider
* Reword Analytics clause to reflects that not all Gitea instances deploy analytics OOTB
* Remove `<p>` container from account terms
* Migrate support email on tos to your-gitea-instance
* Reword Tracking and Analytics clause for OOTB case
* [Docs] Append privacy.html to cp destination
* Apply suggestion from @6543
Create or append to footer template
Co-Authored-By: 6543 <6543@obermui.de>
* Apply suggestion from myself
@6543 suggest replacing this `cp` line (which assumed that Gitea sources are available) with `wget` to GitHub raw link. At the time of writing this, this returned 404, but when this PR has been merged, this should get the actual page.
* Apply suggestions from @6543
1. Add gpg key to profile information
2. Add Git repos to list of User Personal Information
3. Comment out responsibility for sensitive information
Co-Authored-By: 6543 <6543@obermui.de>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
* Restricted users (#4334): initial implementation
* Add User.IsRestricted & UI to edit it
* Pass user object instead of user id to places where IsRestricted flag matters
* Restricted users: maintain access rows for all referenced repos (incl public)
* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses
* Add basic repo access tests for restricted users
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Mention restricted users in the faq
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Remove unnecessary `org.IsOrganization()` call
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* Revert to an `int64` keyed `accessMap`
* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`
Signed-off-by: Manush Dodunekov <manush@stendahls.se>
* or even better: `map[int64]*userAccess`
* updateUserAccess(): use tighter syntax as suggested by lafriks
* even tighter
* Avoid extra loop
* Don't disclose limited orgs to unauthenticated users
* Don't assume block only applies to orgs
* Use an array of `VisibleType` for filtering
* fix yet another thinko
* Ok - no need for u
* Revert "Ok - no need for u"
This reverts commit 5c3e886aabd5acd997a3b35687d322439732c200.
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Delay printing hook statuses until after 1 second
* Move to a 5s delay, wrapped writer structure and add config
* Update cmd/hook.go
* Apply suggestions from code review
* Update cmd/hook.go
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* add doctor
* Add a new command doctor to check if some wrong configurations on gitea instance
* fix import
* use regex match authorized_keys on doctor
* Add documentation
* Rename h3 title
* Add intro
Should work on Ubuntu Xenial, but should work on any Linux distros.
* Indirect edit files
Instead of providing `sudo vim`, invite to edit files.
* enable now instead of enable and start
* Re-add systemctl enable && systemctl start
* Revert service enablement back to status quo
* Add enable now counterpart for systemd > v220
* Apply suggestions from @sapk
Strip `vim` from editor usage
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* Add footer extra links template
* [Docs] Update to mention extra links footer template
* Commit suggestion from @davidsvantesson
Co-Authored-By: David Svantesson <davidsvantesson@gmail.com>
* Move template placement to right side of footer
Co-authored-by: David Svantesson <davidsvantesson@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
* DOCS: add mention of swagger api reference
It's(swagger api link) mentioned vaguely in the FAQ but IMHO missing from API usage page.
* Add warning to avoid template mismatches
Related to https://github.com/go-gitea/gitea/issues/9320
* Refactor
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add push-create to SSH serv
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Cannot push for another user unless admin
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Get owner in case admin pushes for another user
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Set new repo ID in result
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update to service and use new org perms
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Move pushCreateRepo to services
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Fix import order
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Changes for @guillep2k
* Check owner (not user) in SSH
* Add basic tests for created repos (private, not empty)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Default NO_REPLY_ADDRESS to DOMAIN
The default NO_REPLY_ADDRESS was previously noreply.example.org
This PR changes this to default to the default DOMAIN for gitea.
* Change default to noreply.%(DOMAIN)s
* Change default to "noreply" + Domain
* Remove more explicit 'generate' calls
`generate` is now implicit during `build` since #9114, it is no longer
necessary or desired to specify it explicitely.
* add js,css,generate dependencies to release task
* remove generate warning as per @lunny
* Support custom sanitization policy
Allowing the gitea administrator to configure sanitization policy allows
them to couple external renders and custom templates to support more
markup. In particular, the `pandoc` renderer allows generating KaTeX
annotations, wrapping them in `<span>` elements with class `math` and
either `inline` or `display` (depending on whether or not inline or
block mode was requested).
This iteration gives the administrator whitelisting powers; carefully
crafted regexes will thus let through only the desired attributes
necessary to support their custom markup.
Resolves: #9054
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Document new sanitization configuration
- Adds basic documentation to app.ini.sample,
- Adds an example to the Configuration Cheat Sheet, and
- Adds extended information to External Renderers section.
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Drop extraneous length check in newMarkupSanitizer(...)
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Fix plural ELEMENT and ALLOW_ATTR in docs
These were left over from their initial names. Make them singular to
conform with the current expectations.
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* add [ui] Reactions
* move contend check from form to go functions
* use else if
* check if reaction is allowed only on react
(so previous custom reaction can be still removed)
* use $.AllowedReactions in templates
* use ctx.Flash.Error
* use it there too
* add redirection
* back to server error
because a wrong reaction is a template issue ...
* add emoji list link
* add docs entry
* small wording nit
suggestions from @jolheiser - thx
* same reactions as github
* fix PR reactions
* handle error so template JS could check
* Add Integrations Test
* add REACTIONS setting to cheat-sheet doc page
* Add support for local vs. remote xrefs
* Add doc for references
* Docs: fix cases not currently supported
* One more doc fix
* Doc: mentions for teams and orgs
* Change !num ref concept, no change in functionality
* Fix test
* Improve table of issue reference types
* Fix paragraph mark
* Add single sign-on support via SSPI on Windows
* Ensure plugins implement interface
* Ensure plugins implement interface
* Move functions used only by the SSPI auth method to sspi_windows.go
* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected
* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.
* Update documentation for the new 'SPNEGO with SSPI' login source
* Mention in documentation that ROOT_URL should contain the FQDN of the server
* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)
* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)
* Add option in SSPIConfig for removing of domains from logon names
* Update helper text for StripDomainNames option
* Make sure handleSignIn() is called after a new user object is created by SSPI auth method
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Remove default value from text of form field helper
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates
* Remove code duplication
* Log errors in ActiveLoginSources
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert suffix of randomly generated E-mails for Reverse proxy authentication
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Revert unneeded white-space change in template
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add copyright comments at the top of new files
* Use loopback name for randomly generated emails
* Add locale tag for the SSPISeparatorReplacement field with proper casing
* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields
* Update docs/content/doc/features/authentication.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Remove Priority() method and define the order in which SSO auth methods should be executed in one place
* Log authenticated username only if it's not empty
* Rephrase helper text for automatic creation of users
* Return error if more than one active SSPI auth source is found
* Change newUser() function to return error, letting caller log/handle the error
* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed
* Refactor initialization of the list containing SSO auth methods
* Validate SSPI settings on POST
* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page
* Make 'Default language' in SSPI config empty, unless changed by admin
* Show error if admin tries to add a second authentication source of type SSPI
* Simplify declaration of global variable
* Rebuild gitgraph.js on Linux
* Make sure config values containing only whitespace are not accepted
* Add USE_SERVICE_WORKER setting
This will be very useful setting for anyone doing frontend work.
Fixes: https://github.com/go-gitea/gitea/issues/9044
* prevent potential syntax error on old browsers
* Graceful Shutdown for windows and others
Restructures modules/graceful, adding shutdown for windows, removing and
replacing the old minwinsvc code.
Creates a new waitGroup - terminate which allows for goroutines to
finish up after the shutdown of the servers.
Shutdown and terminate hooks are added for goroutines.
* Remove unused functions - these can be added in a different PR
* Add startup timeout functionality
* Document STARTUP_TIMEOUT
* Add retry for migration http/https requests
* give the more suitable name for retry configuraion items
* fix docs and lint
* Only use retryDownloader when setting > 1
Passing these volumes to the container enable gitea to use hosts localtime and timezone.
This is a mandatory change when using the "Setup fail2ban" Guide, but it is not described in the documentation.
In investigating #7947 it has become clear that the storage component of go-git repositories needs closing.
This PR adds this Close function and adds the Close functions as necessary.
In TransferOwnership the ctx.Repo.GitRepo is closed if it is open to help prevent the risk of multiple open files.
Fixes #7947
* Add support for AUTO_WATCH_ON_CHANGES and AUTO_WATCH_ON_CLONE
* Update models/repo_watch.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Round up changes suggested by lafriks
* Added changes suggested from automated tests
* Updated deleteUser to take RepoWatchModeDont into account, corrected inverted DefaultWatchOnClone and DefaultWatchOnChanges behaviour, updated and added tests.
* Reinsert import "github.com/Unknwon/com" on http.go
* Add migration for new column `watch`.`mode`
* Remove serv code
* Remove WATCH_ON_CLONE; use hooks, add integrations
* Renamed watch_test.go to repo_watch_test.go
* Correct fmt
* Add missing EOL
* Correct name of test function
* Reword cheat and ini descriptions
* Add update to migration to ensure column value
* Clarify comment
Co-Authored-By: zeripath <art27@cantab.net>
* Simplify if condition
* Add template capability for issue mail subject
* Remove test string
* Fix trim subject length
* Add comment to template and run make fmt
* Add information for the template
* Rename defaultMailSubject() to fallbackMailSubject()
* General rewrite of the mail template code
* Fix .Doer name
* Use text/template for subject instead of html
* Fix subject Re: prefix
* Fix mail tests
* Fix static templates
* [skip ci] Updated translations via Crowdin
* Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params (#8528)
* Expose db.SetMaxOpenConns and allow other dbs to set their connection params
* Add note about port exhaustion
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Prevent .code-view from overriding font on icon fonts (#8614)
* Correct some outdated statements in the contributing guidelines (#8612)
* More information for drone-cli in CONTRIBUTING.md
* Increases the version of drone-cli to 1.2.0
* Adds a note for the Docker Toolbox on Windows
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Fix the url for the blog repository (now on gitea.com)
Signed-off-by: LukBukkit <luk.bukkit@gmail.com>
* Remove TrN due to lack of lang context
* Redo templates to match previous code
* Fix extra character in template
* Unify PR & Issue tempaltes, fix format
* Remove default subject
* Add template tests
* Fix template
* Remove replaced function
* Provide User as models.User for better consistency
* Add docs
* Fix doc inaccuracies, improve examples
* Change mail footer to math AppName
* Add test for mail subject/body template separation
* Add support for code review comments
* Update docs/content/doc/advanced/mail-templates-us.md
Co-Authored-By: 6543 <24977596+6543@users.noreply.github.com>
* in progress changes for #7405, added ability to add cross-repo dependencies
* removed unused repolink var
* fixed query that was breaking ci tests; fixed check in issue dependency add so that the id of the issue and dependency is checked rather than the indexes
* reverted removal of string in local files becasue these are done via crowdin, not updated manually
* removed 'Select("issue.*")' from getBlockedByDependencies and getBlockingDependencies based on comments in PR review
* changed getBlockedByDependencies and getBlockingDependencies to use a more xorm-like query, also updated the sidebar as a result
* simplified the getBlockingDependencies and getBlockedByDependencies methods; changed the sidebar to show the dependencies in a different format where you can see the name of the repository
* made some changes to the issue view in the dependencies (issue name on top, repo full name on separate line). Change view of issue in the dependency search results (also showing the full repo name on separate line)
* replace call to FindUserAccessibleRepoIDs with SearchRepositoryByName. The former was hardcoded to use isPrivate = false on the repo search, but this code needed it to be true. The SearchRepositoryByName method is used more in the code including on the user's dashboard
* some more tweaks to the layout of the issues when showing dependencies and in the search box when you add new dependencies
* added Name to the RepositoryMeta struct
* updated swagger doc
* fixed total count for link header on SearchIssues
* fixed indentation
* fixed aligment of remove icon on dependencies in issue sidebar
* removed unnecessary nil check (unnecessary because issue.loadRepo is called prior to this block)
* reverting .css change, somehow missed or forgot that less is used
* updated less file and generated css; updated sidebar template with styles to line up delete and issue index
* added ordering to the blocked by/depends on queries
* fixed sorting in issue dependency search and the depends on/blocks views to show issues from the current repo first, then by created date descending; added a "all cross repository dependencies" setting to allow this feature to be turned off, if turned off, the issue dependency search will work the way it did before (restricted to the current repository)
* re-applied my swagger changes after merge
* fixed split string condition in issue search
* changed ALLOW_CROSS_REPOSITORY_DEPENDENCIES description to sound more global than just the issue dependency search; returning 400 in the cross repo issue search api method if not enabled; fixed bug where the issue count did not respect the state parameter
* when adding a dependency to an issue, added a check to make sure the issue and dependency are in the same repo if cross repo dependencies is not enabled
* updated sortIssuesSession call in PullRequests, another commit moved this method from pull.go to pull_list.go so I had to re-apply my change here
* fixed incorrect setting of user id parameter in search repos call
* static url
* add cors support for static resources
* [assets] work on the migration to configurable url for assets
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [misc] fix whitespace
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [assets] fix the loading of the manifest.json
It is generated dynamically, and as such can not be served by the cdn.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Revert "add cors support for static resources"
This reverts commit 42f964fd181dbb8b139808b9be623470d4f0e40f
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docs] add the STATIC_URL_PREFIX option
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docs] reverse-proxy: nginx: add two setups for STATIC_URL_PREFIX
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [assets] migrate the url of a new asset to the static url prefix
REF: f2a3abc683
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Expose db.SetMaxOpenConns and allow other dbs to set their connection params
* Add note about port exhaustion
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
* Prevent deadlock in indexer initialisation during graceful restart
* Move from gracehttp to our own service to add graceful ssh
* Add timeout for start of indexers and make hammer time configurable
* Fix issue with re-initialization in indexer during tests
* move the code to detect use of closed to graceful
* Handle logs gracefully - add a pid suffix just before restart
* Move to using a cond and a holder for indexers
* use time.Since
* Add some comments and attribution
* update modules.txt
* Use zero to disable timeout
* Move RestartProcess to its own file
* Add cleanup routine
* Add Diff Download to Compare List
* Add&Change Text for Diff Options
* move button to seperate template
* add drop down menue with options
* Update: Compare
update Gogs, BitBucket, RhodeCode and remove gitea issue link
Co-Authored-By: Lauris BH <lauris@nix.lv>
* remove last things from TESTing
* Update config-cheat-sheet.en-us.md
Add more information on configuring URI hyperlink rendering for Markdown.
* Update config-cheat-sheet.en-us.md
Update description as suggested by @guillep2k
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords.
Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com>
Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com>
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Doc recommend to use reverse proxy if Apache/nginx is also running on server
* Update docs/content/doc/usage/https-support.md
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Add 'make revive' to instructions for checking code
This is performed on drone, hacking instructions should contain the same to avoid unnecessary PR builds.
* lint is deprecated. Denote revive +vet as code analysis in continuous text.
* doc py3-zmq - ZeroMQ bindings for jupyter
#7970https://github.com/go-gitea/gitea/issues/7970
* rebase Dockerfile to 1.9.x for jupyter
* [docs] external-renderers.en-us.md - use templated variable for version
Co-Authored-By: techknowlogick <matti@mdranta.net>
* Added admin cmd ref to backup-restore guide
* Clarified reason for command execution
* Include directive for where command should be executed from
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Be direct in consequences
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Restrict repository indexing by file extension
* Use REPO_EXTENSIONS_LIST_INCLUDE instead of REPO_EXTENSIONS_LIST_EXCLUDE and have a more flexible extension pattern
* Corrected to pass lint gosimple
* Add wildcard support to REPO_INDEXER_EXTENSIONS
* This reverts commit 72a650c8e42f4abf59d5df7cd5dc27b451494cc6.
* Add wildcard support to REPO_INDEXER_EXTENSIONS (no make vendor)
* Simplify isIndexable() for better clarity
* Add gobwas/glob to vendors
* manually set appengine new release
* Implement better REPO_INDEXER_INCLUDE and REPO_INDEXER_EXCLUDE
* Add unit and integration tests
* Update app.ini.sample and reword config-cheat-sheet
* Add doc page and correct app.ini.sample
* Some polish on the doc
* Simplify code as suggested by @lafriks
* Propose some references about ci/cd solutions compatibles with gitea
* No note about theirs integration level, only a starting point.
* Update docs/content/doc/advanced/ci-cd.en-us.md
Improve text
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Improve link to CI solutions
Update docs/content/doc/advanced/ci-cd.en-us.md
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Update docs/content/doc/advanced/ci-cd.en-us.md
Typo in name :/
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Remove redundant empty line
* Invite user to consult new CI/CD page
* Link target CI tools
* Jenkins and its plugin
* Update docs/content/doc/advanced/third-party-tools.en-us.md
Simplify link CI/CD
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Update docs/content/doc/advanced/ci-cd.en-us.md
Typo
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Provide gitea documentation about drone usage
Co-Authored-By: John Olheiser <42128690+jolheiser@users.noreply.github.com>
* Update docs/content/doc/advanced/ci-cd.en-us.md
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Apply suggestions from code review
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add Backend Logic for Toggling Email Notification
This commit adds the backend logic for
allowing users to enable or disable email
notifications. The implementation ensures
that only issue notification emails get disabled
and important emails are still sent regardless
of the setting.
The UI to toggle this setting has not yet been
implemented.
* Add UI and complete user email notification enable
This commit completes the functionality to allow
users to disable their own email notifications.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add Third Option for Only Email on Mention
Signed-off-by: Gary Kim <gary@garykim.dev>
* Readd NOT NULL to new preference string
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add Tests and Rewrite Comment
Signed-off-by: Gary Kim <gary@garykim.dev>
* Allow admin to set default email frequency
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add new config option to docs
Signed-off-by: Gary Kim <gary@garykim.dev>
* Fix a few mistakes
Signed-off-by: Gary Kim <gary@garykim.dev>
* Only update required columns
Signed-off-by: Gary Kim <gary@garykim.dev>
* Simplify an error check
Signed-off-by: Gary Kim <gary@garykim.dev>
* Make email_notification_preference column in DB be VARCHAR(20)
Signed-off-by: Gary Kim <gary@garykim.dev>
* Handle errors
Signed-off-by: Gary Kim <gary@garykim.dev>
* Update models/migrations/v93.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add description in repository search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Refactor SearchRepositoryByName with a general function SearchRepository
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Allow to specify if description shall be included in API repo search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add new app.ini setting for whether to search within repo description.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Search keyword in description (if setting enabled) on:
- Explore page
- Organization profile page
- User profile page
- Admin repo page
Do not search keyword in description on:
- Any non-keyword search (not relevant)
- Incremental search (uses API)
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Put parameters related to keyword directly after it
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for including (and not including) repository description in search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Rename test function from TestSearchRepositoryByName to TestSearchRepository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make setting SEARCH_REPO_DESCRIPTION default to true
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add support for DEFAULT_ORG_MEMBER_VISIBLE
* Correct formatting
* Improved description in cheat sheet.
* Add test for DefaultOrgMemberVisible
* Remove dead code
* display ui time with customize time location
* fix lint
* rename UILocation to DefaultUILocation
* move time related functions to modules/timeutil
* fix tests
* fix tests
* fix build
* fix swagger