The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.
This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.
It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.
specify user in rootless container numerically (#16361)
* specify user in rootless container numerically
With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container. The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.
Redirect on bad CSRF instead of presenting bad page (#14937)
The current CSRF handler is a bit harsh with bad CSRF tokens on webpages
I think we can be a little kinder and redirect to base page with a flash error
Fix relative links in postprocessed images (#16334)
If a pre-post-processed file contains relative img tags these need to be updated
and joined correctly with the prefix. Finally, the node attributes need to be updated.
Fix #16308
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
This strict equality check in `u2fError` was causing the error
description to hide immediately after showing. `Object.keys`
always returns strings, but `errorType` argument is usually a
number type.
Jimmy Praet [Thu, 1 Jul 2021 22:02:48 +0000 (00:02 +0200)]
Wrap around for previous/next buttons (#16319)
Fixes #16317
Wrap around from last to first comment when clicking "Next" on last comment.
Wrap around from first to last comment when clicking "Previous" on first comment.
zeripath [Wed, 30 Jun 2021 19:14:53 +0000 (20:14 +0100)]
Add button to delete undeleted repositories from failed migrations (#16197)
This PR adds a button to delete failed repositories if there has been a
failure during migration and for whatever reason the repository doesn't
get deleted automatically.
zeripath [Tue, 29 Jun 2021 20:12:43 +0000 (21:12 +0100)]
Fix panic in recursive cache (#16298)
There is a bug with last commit cache recursive cache where the last
commit information that refers to the current tree itself will cause a
panic due to its path ("") not being included in the expected tree entry
paths.
This PR fixes this by skipping the missing entry.
Fix #16290
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
zeripath [Mon, 28 Jun 2021 23:26:40 +0000 (00:26 +0100)]
Update fail2ban documentation (#16286)
Following the merge of #16278 we need to update the fail2ban
documentation to take account of the availability of the new
sshConnectionFailed failed authentication attempt log message.
Also add a deprecation notice regarding the previous publicKeyHandler
messages, as these may be a source of false positives.
zeripath [Mon, 28 Jun 2021 17:05:27 +0000 (18:05 +0100)]
Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (#16278)
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback
Following the merging of https://github.com/gliderlabs/ssh/pull/143 we
can now report connections to the ssh server that have failed before
public key exchange has completed using the standard fail2ban message.
This PR updates Gliderlabs SSH and adds a callback that will provide this
logging.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* move the callback to its own function to make the logging appear little nicer
As title, the change counter-works the effect from #14926 that links seem unclickable (especially in the default gitea theme), while maintaining some sort of visual harmony.
Co-authored-by: Andrew Thornton <art27@cantab.net>
Norwin [Sun, 27 Jun 2021 23:13:20 +0000 (01:13 +0200)]
Link to previous blames in file blame page (#16259)
Adds a link to each blame hunk, to view the blame of an earlier version of the file, similar to GitHub. Also refactors the blame render from fmtstring based to template based.
* Fix blame bottom line and add blame prior button
* Jump to previous parent commit from the commit.
* Fix previous commit link
* Fix previous blame link
* Fix the given file not exist in the previous commit.
* Fix blameRow struct not export
* fix theming issues, rename template var
* remove unused LastCommit fetch
* fix location of blame-hunk divider
* rewrite previous commit checks
* remove duplicate commit lookup
its already resolved and stored in ctx.Repo.Commit!
zeripath [Sun, 27 Jun 2021 20:21:16 +0000 (21:21 +0100)]
Handle misencoding of login_source cfg in mssql (#16268)
* Handle misencoding of login_source cfg in mssql
Unfortunately due a bug in xorm (see https://gitea.com/xorm/xorm/pulls/1957) updating
loginsources on MSSQL causes them to become corrupted. (#16252)
Whilst waiting for the referenced PR to be merged and to handle the corrupted
loginsources correctly we need to add a wrapper to the `FromDB()` methods to look
for and ignore the misplaced BOMs that have been added.
Fix #16252
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update models/login_source.go
KN4CK3R [Sun, 27 Jun 2021 19:21:09 +0000 (21:21 +0200)]
Refactor Webhook + Add X-Hub-Signature (#16176)
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.
## :warning: BREAKING :warning:
* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).
zeripath [Sun, 27 Jun 2021 00:56:58 +0000 (01:56 +0100)]
Add --quiet and --verbose to gitea web to control initial logging (#16260)
One of the repeatedly reported issues has been that gitea produces too much console
logging during set up even if the console logger is turned off.
Fundamentally this is due to some otherwise very helpful logging that has to occur
before logging is set up. This has come to a head with the merging of #16243 where
otherwise potentially helpful Trace logging in the git module now appears on the
console.
This PR proposes three things:
1. Change the initial default logger to Info not Trace.
2. Change the logging for the AppPath things to Info in recompense.
3. Add two new command line options to gitea web: --quiet and --verbose
`gitea web -q` or `gitea web --quiet` will only log Fatal level initially.
`gitea web -verbose` will log at Trace.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Add Visible modes function from Organisation to Users too (#16069)
You can limit or hide organisations. This pull make it also posible for users
- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible
Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
Jimmy Praet [Fri, 25 Jun 2021 17:01:43 +0000 (19:01 +0200)]
Append to existing trailers in generated squash commit message (#15980)
* Remove superfluous newline before Co-authored-by trailers
* Append to existing PR description trailer section
If the existing PR description message already contains a trailer section (e.g. Signed-off-by: ),
append to it instead of creating a new trailer section.
* Reuse compiled regexp
* Simplify regex and deal with trailing \n in PR description
* Add tests for CommitMessageTrailersPattern
- add support for Key:Value (no space after colon)
- add support for whitespace "folding"