| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update golang.org/x/crypto
- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer
* Fix deprecation notice
* Remove workaround
- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf
- & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a
* Update Kex Algorithms
- Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a
- Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Support ignore all santize for external renderer
* Update docs
* Apply suggestions from code review
Co-authored-by: silverwind <me@silverwind.io>
* Fix doc
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
|
| |
|
|
|
| |
* Don't clean up hardcoded `tmp`.
* Fixed import.
|
| |
|
|
|
|
|
|
| |
The service worker causes a lot of issues with JS errors after instance
upgrades while not bringing any real performance gain over regular HTTP
caching.
Disable it by default for this reason. Maybe later we can remove it
completely, as I simply see no benefit in having it.
|
| |
|
|
|
|
|
| |
* Add example to render html files
* Use class in example
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
| |
- Use a better and more curated list of Ciphers and KeyExchanges, these roughly follows OpenSSH's default.
- Remove some cryptography values which were deprecated.
|
| |
|
|
|
|
| |
* Added ACMECAURL option to support custom ACME provider. Closes #18306
* Refactor setting.go https settings, renamed options and variables, and documented app.example.ini
* Refactored runLetsEncrypt to runACME
* Improved documentation
|
| |
|
| |
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
| |
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
| |
Make router logger more friendly, show the related function name/file/line.
[BREAKING]
This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.
|
| |
|
|
|
|
|
| |
Migrate from U2F to Webauthn
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| | |
|
| |
|
|
|
| |
- Enable partial clones(which are by default disabled from git) by
default, unless configured otherwise.
- Resolves #18190
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that several versions of sendmail require that the mail is sent to them with
LF line endings instead of CRLF endings - which of course they will then convert back
to CRLF line endings to comply with the SMTP standard.
This PR adds another setting SENDMAIL_CONVERT_CRLF which will pass the message writer
through a filter. This will filter out and convert CRLFs to LFs before writing them
out to sendmail.
Fix #18024
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* `git` -> `Git`
* `Github` and `github` -> `GitHub`
* `crowdin` -> `Crowdin`
* `git-lfs` -> `Git LFS`
* `githooks`, `git hooks`, `git-hooks` -> `Git Hooks`
* `discord` -> `Discord`
* `2fa` -> `2FA`
* `gitlab` and `Gitlab` -> `GitLab`
* `web hook` -> `webhook`
* `linux` -> `Linux`
* `sqlite` -> `SQLite`
* `MYSQL` and `mysql` -> `MySQL`
* rename refs to `master` branch -> `main`
* Fix English grammar
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Save a bit of bandwidth by only requesting 3-times the rendered avatar
size. Factor 4 is only really beneficial on a handful of mobile phones
and I don't think they are the primary device we design for.
Configurability contributed by zeripath.
Fixes: https://github.com/go-gitea/gitea/pull/17422
Fixes: https://github.com/go-gitea/gitea/issues/16287
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move keys to models/keys
* Rename models/keys -> models/asymkey
* change the missed package name
* Fix package alias
* Fix test
* Fix docs
* Fix test
* Fix test
* merge
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Refactor install page (db type)
* set correct default DB HOST for different DB TYPE
* remove legacy TiDB from documents
* unify the usage of DB TYPE, in code we only use "mysql". "MySQL" is only shown to users for friendly name.
* Gitea can use TiDB via MySQL protocol
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
This PR adds another option to app.ini make co-committed-by and co-authored-by trailers
optional on a per server basis.
Fix #17194
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
| |
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make relative unix sockets absolute by making them absolute against the AppWorkPath
Fix #17833
## :warning: BREAKING :warning:
Prior to this PR relative unix sockets would have been asserted to be relative to the current working directory that gitea, gitea serv, hook and manager etc were running in. Hooks and Serv would have failed to work properly under this situation so we expect that although this is a technically breaking change the previous situation was already broken.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
| |
* detect dark theme via css variable
* minor refactor, add documentation
If your custom theme is considered a dark theme, set the global css variable `--is-dark-theme` to `true`.
This allows gitea to adjust the Monaco code editor's theme accordingly.
|
| | |
|
| |
|
|
|
| |
Use hostmacher to replace matchlist.
And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add settings to allow different SMTP envelope from address
Sometimes it may be advisable to hide or alias the from address on an SMTP mail
envelope. This PR adds two new options to the mailer to allow setting of an overriding
from address.
Fix #17477
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
| |
Use check attribute code to check the assigned language of a file and send that in to
chroma as a hint for the language of the file.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
| |
and 1.16 (#17530)
* fix documents for ALLOWED_HOST_LIST, its default value differs between 1.15 and 1.16
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Convert the old mirror syncing queue to the more modern queue format.
Fix a bug in the from the repo-archive queue PR - the assumption was made that uniqueness could be enforced with by checking equality in a map in channel unique queues - however this only works for primitive types - which was the initial intention but is an imperfect. This is fixed by marshalling the data and placing the martialled data in the unique map instead.
The documentation is also updated to add information about the deprecated configuration values.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add simple update checker to Gitea
* update struct and remove comments
* fix lint
* Update custom/conf/app.example.ini
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: delvh <dev.lh@web.de>
* Update custom/conf/app.example.ini
Co-authored-by: delvh <dev.lh@web.de>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: delvh <dev.lh@web.de>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
* Update modules/cron/tasks_extended.go
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update custom/conf/app.example.ini
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* take PR feedback into account and display banner on admin dashboard for alerts
* Add more detailed message
* placate lint
* update per feedback
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.
The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.
Fix #17092
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add metrics to get issues by label
* Add comment on IssueByLabelCount
* Code review - Unify "AS" in SQL (#17201)
* Code review - Remove useless join (#17201)
* Code review - Disable issue_by_label by default in settings (#17201)
* use e
* restore empty line
* update docs
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nodeinfo is a way to expose certain metadata about a server for use of discovery regarding functionality of its federation capabilities.
Two endpoints are required:
1. `/.well-known/nodeinfo` which informs client where it can find the location of the location of its metadata (including which version of the schema is used)
2. the endpoint which exposes the metadata in json format according to schema.
Notes:
* `openRegistrations` is a required field, but I propose to set to false as default in case someone writes a crawler to discover "open" gitea instances
* to limit data leakage I also propose to not include the `usage` field (note it is required so it should be included, but left as empty).
More info:
https://github.com/jhass/nodeinfo
https://github.com/jhass/nodeinfo/tree/main/schemas/2.1
http://nodeinfo.diaspora.software/protocol.html
|
| |
|
|
|
|
|
|
| |
Add a new default theme `auto`, which will automatically switch between
`gitea` (light) and `arc-green` (dark) themes depending on the user's
operating system settings.
Closes: #8183
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just a tiny change to save someone some time while reading the docs. I got lost in the angular code and npm packages trying to reverse engineer it and figure out what setting controlled this file limit:
Eventually I tracked it down from
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/options/locale/locale_en-US.ini#L2776
to
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/templates/repo/upload.tmpl#L11
to
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/web_src/js/index.js#L1043
to
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/web_src/js/features/dropzone.js#L3
to
https://www.npmjs.com/package/dropzone
and then I realized I can't read :sweat_smile:, back to
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/templates/repo/upload.tmpl#L8
and quickly solved it from there!!
https://github.com/go-gitea/gitea/blob/b74a0f9060d5fda341f5554ef529a2006308c6ab/modules/upload/upload.go#L81
Yes I know this long path was 90% me failing to read code properly and going on a red herring journey... but point is we should not have to do this in the first place to know how to configure this file upload form :pleading_face: :point_right: :point_left:
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Rename`[repository]` `DISABLE_MIRRORS` to `[mirror]` `DISABLE_NEW_PULL` and add `ENABLED` and `DISABLE_NEW_PUSH` with the below meanings:
- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
- `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
- `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thanks to https://github.com/go-gitea/gitea/pull/16788 I can see why our docker container kept restarting when adding the custom mail template example.
[The example template](https://docs.gitea.io/en-us/mail-templates/#example) has an error
```
2021/09/03 10:55:25 cmd/web.go:91:func1() [F] PANIC: template: mail/issue/default:35: function "AppURL" not defined
/usr/local/go/src/html/template/template.go:374 (0x1563bb8)
/go/src/code.gitea.io/gitea/vendor/github.com/unrolled/render/render.go:322 (0x1563782)
/go/src/code.gitea.io/gitea/vendor/github.com/unrolled/render/render.go:202 (0x1562f8b)
/go/src/code.gitea.io/gitea/vendor/github.com/unrolled/render/render.go:146 (0x15629d2)
/go/src/code.gitea.io/gitea/modules/templates/base.go:88 (0x16b0769)
/go/src/code.gitea.io/gitea/routers/web/base.go:125 (0x225f284)
/go/src/code.gitea.io/gitea/routers/web/web.go:95 (0x2261284)
/go/src/code.gitea.io/gitea/routers/init.go:147 (0x22817ba)
/go/src/code.gitea.io/gitea/cmd/web.go:158 (0x239741a)
/go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:524 (0x1740884)
/go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/command.go:173 (0x17415f8)
/go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:277 (0x173e8c7)
/go/src/code.gitea.io/gitea/main.go:115 (0x23d3e69)
/usr/local/go/src/runtime/proc.go:225 (0x443995)
/usr/local/go/src/runtime/asm_amd64.s:1371 (0x47b360)
```
|
| | |
|
| |
|
|
|
|
|
| |
* Add release default page and set it to 10
* use limit
Co-authored-by: 6543 <6543@obermui.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add proxy settings and support for migration and webhook
* Fix default value
* Add newline for example ini
* Add lfs proxy support
* Fix lint
* Follow @zeripath's review
* Fix git clone
* Fix test
* missgin http requests for proxy
* use empty
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.
A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.
Related #14668
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow setting X-FRAME-OPTIONS
This PR provides a mechanism to set the X-FRAME-OPTIONS header.
Fix #7951
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: ltdk <usr@ltdk.xyz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Make Mermaid.js limit configurable
Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings
to make the maximum size of a mermaid render configurable.
Fix #16513
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixup! Make Mermaid.js limit configurable
* Update custom/conf/app.example.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
