silverwind [Fri, 20 Oct 2023 14:56:19 +0000 (16:56 +0200)]
Fix sticky diff header background (#27697)
Fixes: https://github.com/go-gitea/gitea/issues/27604
Add negative margins so the header covers any shadow of active elements.
No rendering change of the content of the header because the padding
counteracts the effect.
Nanguan Lin [Fri, 20 Oct 2023 12:01:25 +0000 (20:01 +0800)]
Clean some functions about project issue (#27705)
1. remove unused function `MoveIssueAcrossProjectBoards`
2. extract the project board condition into a function
3. use db.NoCondition instead of -1. (BTW, the usage of db.NoCondition
is too confusing. Is there any way to avoid that?)
4. remove the unnecessary comment since the ctx refactor is completed.
5. Change `b.ID != 0` to `b.ID > 0`. It's more intuitive but I think
they're the same since board ID can't be negative.
silverwind [Thu, 19 Oct 2023 19:51:56 +0000 (21:51 +0200)]
Update and add new eslint plugins (#27698)
- Switch `eslint-plugin-import` to
[`eslint-plugin-i`](https://github.com/un-es/eslint-plugin-i), a fork
with better dependencies
- Update `eslint-plugin-regexp` to 2.0.0 and add new rules
- Add
[`eslint-plugin-vitest`](https://github.com/veritem/eslint-plugin-vitest)
JakobDev [Thu, 19 Oct 2023 11:43:15 +0000 (13:43 +0200)]
Fix required checkboxes in issue forms (#27592)
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
MiloCubed [Thu, 19 Oct 2023 08:14:46 +0000 (16:14 +0800)]
[docs] Add note that PROTOCOL config is case-sensitive (#25685)
See [issue on
gitea.com](https://gitea.com/gitea/gitea-docusaurus/issues/38), copied
below for convenience:
> Hello, may I first confirm that the app.ini PROTOCOL config is case
sensitive (must be lowercase)?
>
> If so, I'd like to suggest for it to be highlighted in the [HTTPS
Setup](https://docs.gitea.com/administration/https-setup#using-the-built-in-server)
page.
> Perhaps something like:
> For the PROTOCOL=https field, make sure https is lowercase. Writing
PROTOCOL=HTTPS may result in a SSL_ERROR_RX_RECORD_TOO_LONG error on
Firefox or ERR_SSL_PROTOCOL_ERROR on Chrome and Edge.
>
> Background
> At first I carelessly wrote PROTOCOL=HTTPS in my app.ini, and Firefox
didn't allow me to connect because:
> Secure Connection Failed
> An error occurred during a connection to gitea.local.lan. SSL received
a record that exceeded the maximum permissible length.
> Error code: SSL_ERROR_RX_RECORD_TOO_LONG
> I spent maybe half an hour troubleshooting my certs, ports, and other
configs before backtracking to the start and realizing the
capitalization difference there 😅. When I changed that config to
lowercase, it worked.
For this PR I added the note in the Config Cheat Sheet page and fixed
the links to it from the HTTPS Setup page.
Was originally thinking to put the note in the HTTPS Setup page itself,
but since there are 2 sections referencing the PROTOCOL config, I was
thinking it'd be neater and more concise to put it in the Config Cheat
Sheet page instead. Especially since both sections already link to it,
and I actually tried to check that link quite early on in my
troubleshooting (but didn't pay much attention to it since the link was
broken).
## Before/After screenshots as per [this repo's
docs](https://github.com/go-gitea/gitea/tree/main/docs)
Before - links
![image](https://github.com/go-gitea/gitea/assets/135522693/e0745077-f6a9-4178-aa78-2155ccb58fd6)
Note: For this the links weren't broken, the links fix is because they
were broken on gitea.com's docs (see below).
silverwind [Wed, 18 Oct 2023 15:16:06 +0000 (17:16 +0200)]
Clipboard copy enhancements (#27669)
1. Do not show temporary tooltips that are triggered from within
dropdowns. Previously this resulted in the tooltip being stuck to
top-left of the page like seen on issue comment URL copy. I could not
figure out any tippy options that prevent this, so I think it's better
to just not show it.
1. Refactor `initGlobalCopyToClipboardListener` so that it does not run
a often useless `document.querySelector` on every click, make
`data-clipboard-text-type` work with `data-clipboard-target`. No use in
current code base but still good to have. Finally some minor code
cleanup in the function.
Jason Song [Wed, 18 Oct 2023 09:44:36 +0000 (17:44 +0800)]
Support allowed hosts for webhook to work with proxy (#27655)
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
yp05327 [Wed, 18 Oct 2023 00:03:42 +0000 (09:03 +0900)]
Improve the list header in milestone page (#27302)
The ui of list header in milestone page is not same as issue and pr list
page.
And they are using different template codes which can be merged into
one.
Denys Konovalov [Mon, 16 Oct 2023 21:06:15 +0000 (23:06 +0200)]
cleanup repo details icons/labels (#27644)
Fix #27596
Change confusing behavior when showing information about a repo via
labels and icons. Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
Earl Warren [Sat, 14 Oct 2023 21:13:59 +0000 (23:13 +0200)]
Add anchor to review types (#26894)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248
Evan Tobin [Sat, 14 Oct 2023 08:04:44 +0000 (03:04 -0500)]
Fix permissions for Token DELETE endpoint to match GET and POST (#27610)
Fixes #27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
KN4CK3R [Sat, 14 Oct 2023 00:56:41 +0000 (02:56 +0200)]
Enhanced auth token / remember me (#27606)
Closes #27455
> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
>
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.
The PR removes the now obsolete setting `COOKIE_USERNAME`.
silverwind [Fri, 13 Oct 2023 08:19:21 +0000 (10:19 +0200)]
Enable shorthands in `declaration-strict-value` linter (#27597)
Enable [shorthand
matching](https://github.com/AndyOGo/stylelint-declaration-strict-value#expandshorthand)
in this lint rule and match color properties by regex. Patterns like
this will now fail lint:
```css
background: #123456;
border: 1px sold rgba(0,0,0,0);
```
silverwind [Wed, 11 Oct 2023 12:34:21 +0000 (14:34 +0200)]
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
Nanguan Lin [Wed, 11 Oct 2023 11:02:24 +0000 (19:02 +0800)]
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
Earl Warren [Wed, 11 Oct 2023 07:28:16 +0000 (09:28 +0200)]
show manual cron run's last time (#27544)
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
wxiaoguang [Mon, 9 Oct 2023 07:19:23 +0000 (15:19 +0800)]
Improve file history UI and fix URL escaping bug (#27531)
Follow #27354
Major changes:
1. The `right aligned` in `<th class="one wide right aligned">` is a
no-op because it doesn't have any content
2. The `gt-df` in `<td class="sha gt-df">` was wrong, it causes UI
misalignment, a table cell shouldn't be "flex"
3. Use `gt-py-0` for `gt-pt-0 gt-pb-0`
4. Simplify the layout for buttons, because the `text right aligned` is
widely used and good enough, it doesn't make sense to introduce the
`<div class="gt-df gt-je">`
5. Escape the `$.FileName` correctly
silverwind [Mon, 9 Oct 2023 06:16:16 +0000 (08:16 +0200)]
Simplify `contrib/backport` (#27520)
This script was trying to be too smart, make it more straightforward and
less error-prone so that i could be used by the backport bot too
ideally.
- Always delete the backport branch so that script is idempotent in this
regard
- Remove the push functionality, it's best done by the user because only
they know the remote name
- Remove reading docs/config.yaml, it no longer exists
- Remove version detection, version is now a required argument
- Remove opening the pull request with xdg-open, xdg-open is not
portable
- Remove continue from failed cherry pick. It's best to reset manually
in this case
- Clean up the console logging
Example run:
```
$ go run ./contrib/backport --version v1.21 27503
* Backporting 27503 to origin/release/v1.21 as backport-27503-v1.21
* `git fetch origin main`
* `git fetch origin release/v1.21`
* `git branch -D backport-27503-v1.21`
* `git checkout -b backport-27503-v1.21 origin/release/v1.21`
* Attempting git cherry-pick 08efeb5cdc22d21b5ef12cc540727594a22062d1
* Amending commit to prepend `Backport #27503` to body
Backport done! You can now push it with `git push yourremote backport-27503-v1.21`
```
silverwind [Sun, 8 Oct 2023 22:16:06 +0000 (00:16 +0200)]
Restore warning commit status (#27504)
Partial revert of https://github.com/go-gitea/gitea/pull/25839. This
commit status is used by a number of external integrations, so I think
we should not remove it (See
https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077).
This is a rare case where an existing migration needed to be alterted to
avoid data loss.
silverwind [Sun, 8 Oct 2023 13:11:26 +0000 (15:11 +0200)]
Tweak labeler config (#27502)
Alternative to https://github.com/go-gitea/gitea/pull/27439. Removes a
few spammy labels, and disables `sync-labels` which make it never remove
labels (which is default behaviour).
Gary Wang [Sun, 8 Oct 2023 10:07:55 +0000 (18:07 +0800)]
Add hover background to wiki list page (#27507)
This patch adds a hover background for the wiki row in wiki list page,
which make its behavior more close to repo's file list page.
This patch also make the wiki-git-entry visible on the row is hovered
instead of the cel, so users won't be confused since the 'grid' is not
visible from the web page.
After the patch: (when the wiki named 'Home' is hovered)
Duplicate headers in a single Markdown document are problemlematic
because the auto-generated links won't be stable. Enable this rule with
no exceptions which is also the default of `markdownlint`. For example:
```md
# A
## Example
# B
## Example
```
Docasaurus will generated `example` and `example-1` links for this. If
the first heading is altered, the link `example` will unexpectedly move
to the second example heading.
Remove .exe suffix when cross-compiling on Windows (#27448)
When compiling GItea for Linux on Windows, you get a `gitea.exe` file as
output, but because it's a Linux executable, the `.exe` extension is
unnecessary.
This PR adds a check for `GOOS` environment variable in addition to
`OS`.