summaryrefslogtreecommitdiffstats
path: root/custom
Commit message (Collapse)AuthorAgeFilesLines
* Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)zeripath2021-11-221-0/+6
|
* Use `hostmatcher` to replace `matchlist`, improve security (#17605)wxiaoguang2021-11-201-1/+1
| | | | | Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
* Make SSL cipher suite configurable (#17440)zeripath2021-11-201-0/+10
|
* Add settings to allow different SMTP envelope from address (#17479)zeripath2021-11-191-0/+3
| | | | | | | | | | | * Add settings to allow different SMTP envelope from address Sometimes it may be advisable to hide or alias the from address on an SMTP mail envelope. This PR adds two new options to the mailer to allow setting of an overriding from address. Fix #17477 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix documents for ALLOWED_HOST_LIST, its default value differs between 1.15 ↵wxiaoguang2021-11-081-0/+1
| | | | | and 1.16 (#17530) * fix documents for ALLOWED_HOST_LIST, its default value differs between 1.15 and 1.16
* Only allow webhook to send requests to allowed hosts (#17482)wxiaoguang2021-11-011-0/+6
|
* Make the Mirror Queue a queue (#17326)zeripath2021-10-171-2/+2
| | | | | | | | | Convert the old mirror syncing queue to the more modern queue format. Fix a bug in the from the repo-archive queue PR - the assumption was made that uniqueness could be enforced with by checking equality in a map in channel unique queues - however this only works for primitive types - which was the initial intention but is an imperfect. This is fixed by marshalling the data and placing the martialled data in the unique map instead. The documentation is also updated to add information about the deprecated configuration values. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add simple update checker to Gitea (#17212)techknowlogick2021-10-161-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add simple update checker to Gitea * update struct and remove comments * fix lint * Update custom/conf/app.example.ini * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: delvh <dev.lh@web.de> * Update custom/conf/app.example.ini Co-authored-by: delvh <dev.lh@web.de> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: delvh <dev.lh@web.de> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md * Update modules/cron/tasks_extended.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * Update custom/conf/app.example.ini Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * take PR feedback into account and display banner on admin dashboard for alerts * Add more detailed message * placate lint * update per feedback Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Disable core.protectNTFS (#17300)zeripath2021-10-131-0/+2
| | | | | | | | | | | | | | core.protectNTFS protects NTFS from files which may be difficult to remove or interact with using the win32 api, however, it also appears to prevent such files from being entered into the git indexes - fundamentally causing breakages with PRs that affect these files. However, deliberately setting this to false may cause security issues due to the remain sparse checkout of files in the merge pipeline. The only sensible option therefore is to provide an optional setting which admins could set which would forcibly switch this off if they are affected by this issue. Fix #17092 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add metrics to get issues by repository (#17225)Romain2021-10-051-0/+2
|
* Add metrics to get issues by label (#17201)Romain2021-10-031-0/+2
| | | | | | | | | | | | | | | | | | | | | * Add metrics to get issues by label * Add comment on IssueByLabelCount * Code review - Unify "AS" in SQL (#17201) * Code review - Remove useless join (#17201) * Code review - Disable issue_by_label by default in settings (#17201) * use e * restore empty line * update docs Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix typo in app.example.ini (#17213)Petr Vaněk2021-10-031-2/+2
|
* Add nodeinfo endpoint for federation purposes (#16953)techknowlogick2021-09-281-0/+9
| | | | | | | | | | | | | | | | Nodeinfo is a way to expose certain metadata about a server for use of discovery regarding functionality of its federation capabilities. Two endpoints are required: 1. `/.well-known/nodeinfo` which informs client where it can find the location of the location of its metadata (including which version of the schema is used) 2. the endpoint which exposes the metadata in json format according to schema. Notes: * `openRegistrations` is a required field, but I propose to set to false as default in case someone writes a crawler to discover "open" gitea instances * to limit data leakage I also propose to not include the `usage` field (note it is required so it should be included, but left as empty). More info: https://github.com/jhass/nodeinfo https://github.com/jhass/nodeinfo/tree/main/schemas/2.1 http://nodeinfo.diaspora.software/protocol.html
* Use light/dark theme based on system preference (#17051)Gwyneth Morgan2021-09-271-2/+2
| | | | | | | | Add a new default theme `auto`, which will automatically switch between `gitea` (light) and `arc-green` (dark) themes depending on the user's operating system settings. Closes: #8183
* Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)65432021-09-091-2/+2
|
* Make mirror feature more configurable (#16957)65432021-09-071-3/+6
| | | | | | | | | | | Rename`[repository]` `DISABLE_MIRRORS` to `[mirror]` `DISABLE_NEW_PULL` and add `ENABLED` and `DISABLE_NEW_PUSH` with the below meanings: - `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors. - `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid. - `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Paginate releases page & set default page size to 10 (#16857)Lunny Xiao2021-08-291-0/+1
| | | | | | | * Add release default page and set it to 10 * use limit Co-authored-by: 6543 <6543@obermui.de>
* Add EdDSA JWT signing algorithm (#16786)Aliaksandr Mianzhynski2021-08-251-1/+1
| | | | | | | | * Add EdDSA signing algorithm * Fix typo Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add proxy settings and support for migration and webhook (#16704)Lunny Xiao2021-08-181-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * Add proxy settings and support for migration and webhook * Fix default value * Add newline for example ini * Add lfs proxy support * Fix lint * Follow @zeripath's review * Fix git clone * Fix test * missgin http requests for proxy * use empty Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Add API Token Cache (#16547)zeripath2021-08-171-0/+4
| | | | | | | | | | | | | | | | | One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Allow setting X-FRAME-OPTIONS (#16643)zeripath2021-08-061-0/+3
| | | | | | | | | | | | | | | * Allow setting X-FRAME-OPTIONS This PR provides a mechanism to set the X-FRAME-OPTIONS header. Fix #7951 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Make Mermaid.js limit configurable (#16519)zeripath2021-07-241-0/+9
| | | | | | | | | | | | | | | | | | | | | | | * Make Mermaid.js limit configurable Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings to make the maximum size of a mermaid render configurable. Fix #16513 Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Make Mermaid.js limit configurable * Update custom/conf/app.example.ini Co-authored-by: silverwind <me@silverwind.io> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* add configuration option to restrict users by default (#16256)Richard Nienaber2021-07-151-0/+3
| | | | | | | | | | | | | | | | | | * add configuration option to restrict users by default * default IsRestricted permission only set on sign up setting this in the model messes with other workflows (e.g. syncing LDAP users) where the IsRestricted permission needs to be explicitly set and not overridden by a config value * fix formatting * Apply suggestions from code review * ensure newly created user is set to restricted * ensure imports are in the correct order Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Change @every 24h default schedules to @midnight (#16431)v1.16.0-devJimmy Praet2021-07-151-7/+7
|
* Add LRU mem cache implementation (#16226)zeripath2021-07-101-1/+2
| | | | | | | | | | | | | | The current default memory cache implementation is unbounded in size and number of objects cached. This is hardly ideal. This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea. The cache is limited by the number of objects stored in the cache (rather than size) for simplicity. The default number of objects is 50000 - which is perhaps too small as most of our objects cached are going to be much less than 1kB. It may be worth considering using a different LRU implementation that actively limits sizes or avoids GC - however, this is just a beginning implementation. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix various documentation, user-facing, and source comment typos (#16367)luzpaz2021-07-081-1/+1
| | | | | * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
* Add forge emojies (#16296)65432021-07-021-1/+1
| | | | | | | * codeberg :codeberg: * gitlab :gitlab: * git :git: * github :github: * gogs :gogs:
* Update Go-Git to take advantage of LargeObjectThreshold (#16316)zeripath2021-06-301-0/+3
| | | | | | Following the merging of https://github.com/go-git/go-git/pull/330 we can now add a setting to avoid go-git reading and caching large objects. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Vultr and DO Marketplace links (#16297)65432021-06-291-2/+2
| | | | | | | * fix emoji img path * move cloudron * Add Vultr and DO
* Add custom emoji support (#16004)65432021-06-291-3/+8
|
* Make allowed Visiblity modes configurable for Users (#16271)65432021-06-271-0/+3
| | | | | | | Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private. This PR adds functionality and settings to constrain a user's ability to change their visibility. Co-authored-by: zeripath <art27@cantab.net>
* Add Visible modes function from Organisation to Users too (#16069)Sergey Dryabzhinsky2021-06-261-3/+9
| | | | | | | | | | | | | | | | | | You can limit or hide organisations. This pull make it also posible for users - new strings to translte - add checkbox to user profile form - add checkbox to admin user.edit form - filter explore page user search - filter api admin and public user searches - allow admins view "hidden" users - add app option DEFAULT_USER_VISIBILITY - rewrite many files to use Visibility field - check for teams intersection - fix context output - right fake 404 if not visible Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Added support for gopher URLs. (#14749)ayb2021-06-251-0/+2
| | | | | | | | | * Added support for gopher URLs. * Add setting and make this user settable instead Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Rework repository archive (#14723)Lunny Xiao2021-06-231-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Use storage to store archive files * Fix backend lint * Add archiver table on database * Finish archive download * Fix test * Add database migrations * Add status for archiver * Fix lint * Add queue * Add doctor to check and delete old archives * Improve archive queue * Fix tests * improve archive storage * Delete repo archives * Add missing fixture * fix fixture * Fix fixture * Fix test * Fix archiver cleaning * Fix bug * Add docs for repository archive storage * remove repo-archive configuration * Fix test * Fix test * Fix lint Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Use data path instead of config path (#16227)KN4CK3R2021-06-231-1/+10
|
* Update documentation for Implicit TLS (#16220)zeripath2021-06-211-2/+2
| | | | | | | As per RFC 8314, it is now recommended to prefer TLS over STARTTLS. Fix #16160 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Clean-up the settings hierarchy for issue_indexer queue (#16001)zeripath2021-06-161-5/+5
| | | | | | | | | There are a couple of settings in `[indexer]` relating to the `issue_indexer` queue which override settings in unpredictable ways. This PR adjusts this hierarchy and makes explicit that these settings are deprecated. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Set self-adjusting deadline for connection writing (#16068)zeripath2021-06-111-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | * Set self-adjusting deadline for connection writing In #16055 it appears that the simple 5s deadline doesn't work for large file writes. Now we can't - or at least shouldn't just set no deadline as go will happily let these connections block indefinitely. However, what seems reasonable is to set some minimum rate we expect for writing. This PR suggests the following algorithm: * Every write has a minimum timeout of 5s (adjustable at compile time.) * If there has been a previous write - then consider its previous deadline, add half of the minimum timeout + 2s per kb about to written. * If that new deadline is after the minimum timeout use that. Fix #16055 * Linearly increase timeout * Make PerWriteTimeout, PerWritePerKbTimeouts configurable Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Update queue workers for v1.15 (#15999)Kyle D2021-05-281-5/+5
| | | | | | | | | | | * Update queue workers for v1.15 * update app.example.ini * update re queue path Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* add a new internal hook to save ssh log (#15787)a10121127962021-05-211-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | * add a new internal hook to save ssh log as title, when a ssh error ocure like #15785. only when switch ``RUN_MODE`` to dev can we found which error is ocure. But this way is not a good idea for production envirment. this changes try save ssh error mesage to the log file like other log by a new internal hook. I think it's usefull for find error message in production envirment. Thanks. Signed-off-by: a1012112796 <1012112796@qq.com> * rename and fix nit * Update modules/private/hook.go Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add mimetype mapping settings (#15133)Adam Szatyin2021-05-101-1/+9
| | | | | | | | | | | | | * Fix APK's Content-Type header * Fix case sensitive comparison * Add custom mime type mapping for downloadable files * Add documentation for MIME type mapping * Rename download.mimetype.mapping configuration to repository.mimetype_mapping Co-authored-by: zeripath <art27@cantab.net>
* add note about ``cron.SCHEDULE`` format in document (#15812)a10121127962021-05-101-0/+5
| | | | | | | | | | | | * add note about ``cron.SCHEDULE`` format in document Signed-off-by: a1012112796 <1012112796@qq.com> * Update custom/conf/app.example.ini Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Comment out app.example.ini (#15807)zeripath2021-05-091-1288/+2013
| | | | | | | | | | | | | | This PR is an alternative to #15559. Instead of deleting the app.example.ini - just comment out most of the thing. This makes it clear what needs to be set and what is completely optional - and keeps the documentation. The app.example.ini is moved around to move the most important settings higher in the document. Close #15559 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow only internal registration (#15795)65432021-05-091-0/+2
| | | | | * Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings * OpenID respect setting too
* OAuth2 login: Set account link to "login" as default behavior (#15768)65432021-05-071-1/+1
|
* add cron job to delete old actions from database (#15688)a10121127962021-05-011-0/+8
| | | | | that's a way to save database storage space. Signed-off-by: a1012112796 <1012112796@qq.com>
* Disable Stars config option (#14653)Kyle D2021-04-151-0/+2
| | | | | | | * Add config option to disable stars * Replace "stars" with watched in user profile * Add documentation
* Fixed several typos. (#15470)KN4CK3R2021-04-141-9/+9
|
* OAuth2 auto-register (#5123)Martin Michaelis2021-04-141-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactored handleOAuth2SignIn in routers/user/auth.go The function handleOAuth2SignIn was called twice but some code path could only be reached by one of the invocations. Moved the unnecessary code path out of handleOAuth2SignIn. * Refactored user creation There was common code to create a user and display the correct error message. And after the creation the only user should be an admin and if enabled a confirmation email should be sent. This common code is now abstracted into two functions and a helper function to call both. * Added auto-register for OAuth2 users If enabled new OAuth2 users will be registered with their OAuth2 details. The UserID, Name and Email fields from the gothUser are used. Therefore the OpenID Connect provider needs additional scopes to return the coresponding claims. * Added error for missing fields in OAuth2 response * Linking and auto linking on oauth2 registration * Set default username source to nickname * Add automatic oauth2 scopes for github and google * Add hint to change the openid connect scopes if fields are missing * Extend info about auto linking security risk Co-authored-by: Viktor Kuzmin <kvaster@gmail.com> Signed-off-by: Martin Michaelis <code@mgjm.de>
* Fix typo in app.example.ini (#15287)Ikko Ashimine2021-04-051-1/+1
| | | | | seperated -> separated Co-authored-by: zeripath <art27@cantab.net>