aboutsummaryrefslogtreecommitdiffstats
path: root/custom
Commit message (Collapse)AuthorAgeFilesLines
* Make internal SSH server host key path configurable (#14918)zeripath2021-03-081-0/+4
| | | | | | | | | | | * Make SSH server host key path configurable * make it possible to have multiple keys * Make gitea.rsa the default key * Add some more logging Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add SameSite setting for cookies (#14900)zeripath2021-03-071-0/+2
| | | | | | | | | Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR. Fix #5583 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow blocking some email domains from registering an account (#14667)Damien Goutte-Gattat2021-02-151-0/+2
| | | | | | | | | Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628
* Turn default hash password algorightm back to pbkdf2 from argon2 until we ↵Lunny Xiao2021-02-131-1/+1
| | | | | | | found a better one (#14673) * Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one * Add a warning on document
* Added option to disable webhooks (#13176)Paweł Bogusławski2021-02-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Added option to disable web hooks This mod introduces DISABLE_WEB_HOOKS parameter in [security] section of app.ini (by default set to false). If set to true it disables web hooks feature. Any existing undelivered web hook tasks will be cancelled. Any existing web hook definitions will be left untouched in db but its delivery tasks will be ignored. Author-Change-Id: IB#1105130 * Webhook spelling fixed Webhook spelling fixed. Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012 Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-510868421 Author-Change-Id: IB#1105174 * Parameter description fixed Parameter description fixed. Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012 Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-514086107 Author-Change-Id: IB#1105174
* Update docs and comments to remove macaron (#14491)Lunny Xiao2021-01-291-2/+0
|
* Cron job to cleanup hook_task table (#13080)Brad Albright2021-01-261-0/+15
| | | | | | | | | Close **Prune hook_task Table (#10741)** Added a cron job to delete webhook deliveries in the hook_task table. It can be turned on/off and the schedule controlled globally via app.ini. The data can be deleted by either the age of the delivery which is the default or by deleting the all but the most recent deliveries _per webhook_. Note: I had previously submitted pr #11416 but I closed it when I realized that I had deleted per repository instead of per webhook. Also, I decided allowing the settings to be overridden via the ui was overkill. Also this version allows the deletion by age which is probably what most people would want.
* Enhance Ghost comment mitigation Settings (#14392)65432021-01-211-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * refactor models.DeleteComment and delete related reactions too * use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser * nits * Use time.Duration as other time settings have * docs * Resolve Fixme & fix potential deadlock * Disabled by Default * Update Config Value Description * switch args * Update models/issue_comment.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Add pager to the branches page (#14202)Chester Liu2021-01-191-0/+4
| | | | | | | | | | | * Add pager to the branches page * override pageSize if bigger than max * Make branches commit range configurable Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
* Implement ghost comment mitigation (#14349)65432021-01-171-0/+3
| | | | | | | | | | | | | * Implement ghost comment mitigation Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue. * cleanup * use setting module correctly * add to docs Co-authored-by: Moritz Marquardt <git@momar.de>
* Use Request.URL.RequestURI() for fcgi (#14312) (#14314)Kyungmin Bae2021-01-131-1/+1
|
* Display SVG files as images instead of text (#14101)Jonathan Tran2021-01-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Change to display SVG files as images * Remove unsafe styles from SVG CSP * Add integration test to test SVG headers * Add config setting to disable SVG rendering * Add test for img tag when loading SVG image * Remove the Raw view button for svg files since we don't fully support this * Fix copyright year * Rename and move config setting * Add setting to cheat sheet in docs * Fix so that comment matches cheat sheet * Add allowing styles in CSP based on pull request feedback * Re-enable raw button since we show SVG styles now * Change so that SVG files are editable * Add UI to toggle between source and rendered image for SVGs * Change to show blame button for SVG images * Fix to update ctx data * Add test for DetectContentType when file is longer than sniffLen Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com>
* Update docs to clarify issues raised in #14272 (#14318)Nuno Silva2021-01-131-1/+8
| | | | | - example config is not supposed to be copied - 'persistable-channel' uses a leveldb internally - '*CONN_STR' overrides queue DIR
* Improve vfsgen to not unzip bindata files but send to browser directly (#7109)Lunny Xiao2020-12-241-1/+1
| | | | | | | | | | | | | | | * Don't unzip files from bindata but send to browser directly * remove dependent for httpgzip * Add tests for parseAcceptEncoding * Update docs for ENABLE_GZIP * Fix bug * Fix bug Co-authored-by: zeripath <art27@cantab.net>
* Added option to disable migrations (#13114)Paweł Bogusławski2020-12-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | * Added option to disable migrations This patch introduces DISABLE_MIGRATIONS parameter in [repository] section of app.ini (by default set to false). If set to true it blocks access to repository migration feature. This mod hides also local repo import option in user editor if local repo importing or migrations is disabled. * Alter Example config DISABLE_MIGRATIONS set to false in example config to match its default value. * HTTP error 403 instead of 500 on denied access to migration * Parameter DISABLE_MIGRATIONS exposed via API Fixes: 04b04cf854bcb3ed7659442bcf79822bdebe29e9 Author-Change-Id: IB#1105130
* Manually approve new registration (#13083)Jiri Vlasak2020-12-191-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | * Add register manual confirm settings option The new settings option is used when manually approving new registrations. * Enable manual confirmation of new registered user When manual registration confirmation is desired (by default `false`) create new user in the database that is *not active*. The user must then be activated manually. This change speeds up the process of adding new confirmed users for Gitea instances without external auth mechanism. (Currently the option is to manually create new user by admin.) * Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Store repository data in data path if not previously set (#13991)techknowlogick2020-12-151-0/+2
| | | | | | | | | | | | | * Store repository data in data path if not previously set * update docs * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: silverwind <me@silverwind.io> * update docs Co-authored-by: silverwind <me@silverwind.io>
* Set RUN_MODE prod by default (#13765)silverwind2020-11-301-2/+2
| | | | | | | I think it's a bad default to have "dev" as the default run mode which enables debugging and now also disables HTTP caching. It's better to just default to a value suitable for general deployments. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add Allow-/Block-List for Migrate & Mirrors (#13610)65432020-11-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add black list and white list support for migrating repositories * fix fmt * fix lint * fix vendor * fix modules.txt * clean diff * specify log message * use blocklist/allowlist * allways use lowercase to match url * Apply allow/block * Settings: use existing "migrations" section * convert domains lower case * dont store unused value * Block private addresses for migration by default * fix lint * use proposed-upstream func to detect private IP addr * a nit * add own error for blocked migration, add tests, imprufe api * fix test * fix-if-localhost-is-ipv4 * rename error & error message * rename setting options * Apply suggestions from code review Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Format files (#13698)65432020-11-281-29/+29
| | | | | | | | | | | | | | | | * align "make help" * format * untouch build/generate-svg.js * untouch .eslintrc * combine editorconfig's * rm editorconfig Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* HTTP cache rework and enable caching for storage assets (#13569)silverwind2020-11-171-1/+1
| | | | | | | | | | This enabled HTTP time-based cache for storage assets, primarily avatars. I have not observed If-Modified-Since from browsers during tests but I guess it's good to support regardless. It introduces a new generic httpcache module that can handle both time-based and etag-based caching. Additionally, manifest.json and robots.txt are now also cachable.
* Clarify app.example.ini documentation (#13256)Mattias Persson2020-10-221-22/+21
| | | | | | | | | | | | | * Clarify app.example.ini documentation Hard to understand if cron i needed to activate all other cron. * Added missing "Extended cron tasks" to config-cheat-sheet.en-us.md cron default is false - setting it true activates all cron. Changed the documentation accordingly * Fixed spelling Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add ssh certificate support (#12281)Wim2020-10-101-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add ssh certificate support * Add ssh certificate support to builtin ssh * Write trusted-user-ca-keys.pem based on configuration * Update app.example.ini * Update templates/user/settings/keys_principal.tmpl Co-authored-by: silverwind <me@silverwind.io> * Remove unused locale string * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update options/locale/locale_en-US.ini Co-authored-by: silverwind <me@silverwind.io> * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * Add missing creation of SSH.Rootpath * Update cheatsheet, example and locale strings * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go Co-authored-by: zeripath <art27@cantab.net> * Update models/ssh_key.go * Optimizations based on feedback * Validate CA keys for external sshd * Add filename option and change default filename Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty. Add some more documentation. * Remove unneeded principalkey functions * Add blank line * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default email,username this means that users only can add the principals that match their email or username. To allow anything the admin need to set the option anything. This allows for a safe default in gitea which protects against malicious users using other user's prinicipals. (before that user could set it). This commit also has some small other fixes from the last code review. * Rewrite principal keys file on user deletion * Use correct rewrite method * Set correct AuthorizedPrincipalsBackup default setting * Rewrite principalsfile when adding principals * Add update authorized_principals option to admin dashboard * Handle non-primary emails Signed-off-by: Andrew Thornton <art27@cantab.net> * Add the command actually to the dashboard template * Update models/ssh_key.go Co-authored-by: silverwind <me@silverwind.io> * By default do not show principal options unless there are CA keys set or they are explicitly set Signed-off-by: Andrew Thornton <art27@cantab.net> * allow settings when enabled * Fix typos in TrustedUserCAKeys path * Allow every CASignatureAlgorithms algorithm As this depends on the content of TrustedUserCAKeys we should allow all signature algorithms as admins can choose the specific algorithm on their signing CA * Update models/ssh_key.go Co-authored-by: Lauris BH <lauris@nix.lv> * Fix linting issue Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Disable DSA ssh keys by default (#13056)zeripath2020-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Disable DSA ssh keys by default OpenSSH has disabled DSA keys since version 7.0 As the docker runs openssh > v7.0 we should just disable DSA keys by default. Refers to #11417 Signed-off-by: Andrew Thornton <art27@cantab.net> * Just disable DSA keys by default Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Appears we need to set the minimum key sizes too Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove DSA type * Fix Tests Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Mitigate Security vulnerability in the git hook feature (#13058)Niklas Goerke2020-10-071-2/+7
| | | | | | | | | | | | | * Extend git hook warning in the UI. Git hooks are a dangerous feature, administrators should be warned before giving the git hook privilege to users. * Disable Git hooks by default and add warning. Git hooks are a dangerous features (see warning text) that should only be enabled if the administrator was informed about the risk involved. Co-authored-by: Niklas Goerke <goerke@fzi.de>
* Attachments: Add extension support, allow all types for releases (#12465)silverwind2020-10-051-5/+8
| | | | | | | | | | | | | | | | | | | | | * Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `<input type="file">` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH <lauris@nix.lv>
* hCaptcha Support (#12594)John Olheiser2020-10-021-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Initial work on hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Use module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Format Signed-off-by: jolheiser <john.olheiser@gmail.com> * At least return and debug log a captcha error Signed-off-by: jolheiser <john.olheiser@gmail.com> * Pass context to hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * Finish hcaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update example config Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply error fix for recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change recaptcha ChallengeTS to string Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Copy missing things from app.example.ini to Cheat Sheet (#12988)zeripath2020-10-011-20/+14
| | | Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add default storage configurations (#12813)Lunny Xiao2020-09-291-9/+34
| | | | Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Allow common redis and leveldb connections (#12385)zeripath2020-09-281-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow common redis and leveldb connections Prevents multiple reopening of redis and leveldb connections to the same place by sharing connections. Further allows for more configurable redis connection type using the redisURI and a leveldbURI scheme. Signed-off-by: Andrew Thornton <art27@cantab.net> * add unit-test Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> * add test Signed-off-by: Andrew Thornton <art27@cantab.net> * Update modules/cache/cache_redis.go * Update modules/queue/queue_disk.go * Update modules/cache/cache_redis.go * Update modules/cache/cache_redis.go * Update modules/queue/unique_queue_disk.go * Update modules/queue/queue_disk.go * Update modules/queue/unique_queue_disk.go * Update modules/session/redis.go Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add config option to make create-on-push repositories public by default (#12936)Tait Hoyem2020-09-271-0/+2
| | | | | | | | | | | | | | | | | | | | | * Add config option to make create-on-push repositories public by default * Fix linting * Add option to 'config cheat sheet' page * Chinese translation Signed-off-by: a1012112796 <1012112796@qq.com> * Fix typo in docs * fix typo * Add option to example config Co-authored-by: Tait Hoyem <code@tait.tech> Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* [Docs] Add all chooseable cron config options to 'app.example.ini' (#12931)赵智超2020-09-251-1/+106
| | | | | | | | | | | As title. ref: https://github.com/go-gitea/gitea/blob/master/modules/cron/tasks_basic.go https://github.com/go-gitea/gitea/blob/master/modules/cron/tasks_extended.go https://github.com/go-gitea/gitea/blob/ba20dd7a7b59157d9232de7dfa99a23b0fb0d2aa/modules/setting/cron.go#L7-L11 Signed-off-by: a1012112796 <1012112796@qq.com>
* Adopt repositories (#12920)zeripath2020-09-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Don't automatically delete repository files if they are present Prior to this PR Gitea would delete any repository files if they are present during creation or migration. This can in certain circumstances lead to data-loss and is slightly unpleasant. This PR provides a mechanism for Gitea to adopt repositories on creation and otherwise requires an explicit flag for deletion. PushCreate is slightly different - the create will cause adoption if that is allowed otherwise it will delete the data if that is allowed. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix tests and migrate overwrite Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @lunny Only offer to adopt or overwrite if the user can do that. Allow the site administrator to adopt or overwrite in all circumstances Signed-off-by: Andrew Thornton <art27@cantab.net> * Use setting.Repository.DefaultBranch for the default branch Signed-off-by: Andrew Thornton <art27@cantab.net> * Always set setting.Repository.DefaultBranch Signed-off-by: Andrew Thornton <art27@cantab.net> * update swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * update templates Signed-off-by: Andrew Thornton <art27@cantab.net> * ensure repo closed Signed-off-by: Andrew Thornton <art27@cantab.net> * Rewrite of adoption as per @6543 and @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * update swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * missing not Signed-off-by: Andrew Thornton <art27@cantab.net> * add modals and flash reporting Signed-off-by: Andrew Thornton <art27@cantab.net> * Make the unadopted page searchable Signed-off-by: Andrew Thornton <art27@cantab.net> * Add API Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * fix swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle empty and non-master branched repositories Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * remove commented out code Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add configurable Trust Models (#11712)zeripath2020-09-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add configurable Trust Models Gitea's default signature verification model differs from GitHub. GitHub uses signatures to verify that the committer is who they say they are - meaning that when GitHub makes a signed commit it must be the committer. The GitHub model prevents re-publishing of commits after revocation of a key and prevents re-signing of other people's commits to create a completely trusted repository signed by one key or a set of trusted keys. The default behaviour of Gitea in contrast is to always display the avatar and information related to a signature. This allows signatures to be decoupled from the committer. That being said, allowing arbitary users to present other peoples commits as theirs is not necessarily desired therefore we have a trust model whereby signatures from collaborators are marked trusted, signatures matching the commit line are marked untrusted and signatures that match a user in the db but not the committer line are marked unmatched. The problem with this model is that this conflicts with Github therefore we need to provide an option to allow users to choose the Github model should they wish to. Signed-off-by: Andrew Thornton <art27@cantab.net> * Adjust locale strings Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @6543 Co-authored-by: 6543 <6543@obermui.de> * Update models/gpg_key.go * Add migration for repository Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Check passwords against HaveIBeenPwned (#12716)John Olheiser2020-09-081-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply suggestions mrsdizzie Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Add link to HIBP Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add more details to admin command Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Consistency and making some noise ;) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: zeripath <art27@cantab.net>
* Use argon as default password hash algorithm (#12688)zeripath2020-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * Restrict TLS connections to 1.2 minimum * Set Argon2 as the default KDF * Fix user.yml * Remove TLS minversion changes Signed-off-by: Andrew Thornton <art27@cantab.net> * Add migration as per @techknowlogick Signed-off-by: Andrew Thornton <art27@cantab.net> * set the password algo in the fixtures Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove the v148 migration - it needs recreate table to change the defaults Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Nadim Kobeissi <nadim@symbolic.software>
* Support elastic search for code search (#10273)Lunny Xiao2020-08-301-0/+8
| | | | | | | | | | | | | | | | | | | | | | | * Support elastic search for code search * Finished elastic search implementation and add some tests * Enable test on drone and added docs * Add new fields to elastic search * Fix bug * remove unused changes * Use indexer alias to keep the gitea indexer version * Improve codes * Some code improvements * The real indexer name changed to xxx.v1 Co-authored-by: zeripath <art27@cantab.net>
* fix documentation for REFRESH_TOKEN_EXPIRATION_TIME (#12642)zeripath2020-08-291-1/+1
| | | | | | | REFRESH_TOKEN_EXPIRATION_TIME refers to the refresh token not the access token Fix #12641 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update JWT docs in example config (#12591)techknowlogick2020-08-241-2/+2
| | | | | | | | | | | | | * Update JWT docs in example config align with way we have `LFS_JWT_SECRET` in config Fix #12590 * Update custom/conf/app.example.ini Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Disable password complexity check default (#12557)mrsdizzie2020-08-211-3/+3
| | | | | | | * Disable password complexity check default These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints. * fix copy paste format
* fix typos (#12545)Success2020-08-201-1/+1
| | | | | | | * fix typo in app.ini * fix typo in git hook module Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add a storage layer for attachments (#11387)Lunny Xiao2020-08-181-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a storage layer for attachments * Fix some bug * fix test * Fix copyright head and lint * Fix bug * Add setting for minio and flags for migrate-storage * Add documents * fix lint * Add test for minio store type on attachments * fix test * fix test * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Add warning when storage migrated successfully * Fix drone * fix test * rebase * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * refactor the codes * add trace * Fix test * remove log on xorm * Fi download bug * Add a storage layer for attachments * Add setting for minio and flags for migrate-storage * fix lint * Add test for minio store type on attachments * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Fix drone * fix test * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * refactor the codes * add trace * Fix test * Add URL function to serve attachments directly from S3/Minio * Add ability to enable/disable redirection in attachment configuration * Fix typo * Add a storage layer for attachments * Add setting for minio and flags for migrate-storage * fix lint * Add test for minio store type on attachments * Apply suggestions from code review Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> * Fix drone * fix test * Fix test * display the error on console * Move minio test to amd64 since minio docker don't support arm64 * don't change unrelated files * Fix lint * Fix build * update go.mod and go.sum * Use github.com/minio/minio-go/v6 * Remove unused function * Upgrade minio to v7 and some other improvements * fix lint * Fix go mod Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: Tyler <tystuyfzand@gmail.com>
* Kanban board (#8346)Lanre Adelowo2020-08-161-2/+7
| | | | | | | | | | | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com> Co-authored-by: Kerry <flatline-studios@users.noreply.github.com> Co-authored-by: Jaqra <jaqra@hotmail.com> Co-authored-by: Kyle Evans <kevans91@users.noreply.github.com> Co-authored-by: Tsakiridis Ilias <TsakiDev@users.noreply.github.com> Co-authored-by: Ilias Tsakiridis <ilias.tsakiridis@outlook.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Make dashboard newsfeed list length a configurable item (#12469)techknowlogick2020-08-111-0/+2
| | | Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Clarify documentation of SKIP_VERIFY (#12203)Alexander Scheel2020-07-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Clarify documentation of SKIP_VERIFY The documentation clearly documents the empty value as the default, however at least one user reported this as being unclear. Mark values explicitly so it is clear what values it can take. This clarifies that an empty value in fact leaves certificate verification enabled, whereas it has to be explicitly set to true to disable certificate verification. Resolves: #12117 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update custom/conf/app.example.ini Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Update custom/conf/app.example.ini Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move EventSource to SharedWorker (#12095)zeripath2020-07-031-1/+1
| | | | | | | | | | | | | Move EventSource to use a SharedWorker. This prevents issues with HTTP/1.1 open browser connections from preventing gitea from opening multiple tabs. Also allow setting EVENT_SOURCE_UPDATE_TIME to disable EventSource updating Fix #11978 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update docs to specify utf8mb4 default (#11962)silverwind2020-06-181-2/+2
| | | | | | Install tool already sets it as the default so we can just update example ini and docs to it. Fixes: https://github.com/go-gitea/gitea/issues/11081
* Rename custom/conf/app.ini.sample to custom/conf/app.example.ini for better ↵Lunny Xiao2020-06-171-0/+0
| | | | | | | | | | | syntax light on editor (#11926) * Rename custom/conf/app.ini.sample to custom/conf/app.sample.ini for better syntax light on editor * rename to app.example.ini * per @6543 's comment, update all references on docs Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Global default branch setting (#11918)techknowlogick2020-06-171-0/+2
| | | | | | | | | * Global default branch setting * add to app.ini example per @silverwind * update per @lunny Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Replace jquery-datetimepicker with native date input (#11684)silverwind2020-06-101-29/+3
| | | | | | | | | | | | This removes the jQuery plugin as well as the associated config options. Native input[type=date] does not require a language attribute as it is localized by default, except for the placeholder attribute for which I currently piggy-back the repo.issues.due_date_form localization option. Implementation should pretty much match GH. Of note is that Safari does not provide a UI for this input type, but I don't think providing one is neccessary and GH did not bother either. Co-authored-by: techknowlogick <techknowlogick@gitea.io>