summaryrefslogtreecommitdiffstats
path: root/go.sum
Commit message (Collapse)AuthorAgeFilesLines
* Update go.mod dependencies (#23126)zeripath2023-02-241-287/+96
| | | | | | | | | | | | | | This PR does a bulk update of a lot of our go deps. I have not included nektos/act and xorm for the following reasons: * Xorm updates can sometimes be complex and I'd rather do that in a separate PR * I think people more update with the actions code should double check that the latest nektos/act library works correctly. --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Bump go.etcd.io/bbolt and blevesearch deps (#23062)WÁNG Xuěruì2023-02-241-13/+10
| | | | | | | | This notably brings support for GOARCH=loong64, among other fixes. --------- Signed-off-by: WANG Xuerui <xen0n@gentoo.org> Co-authored-by: zeripath <art27@cantab.net>
* Remove all package data after tests (#22984)KN4CK3R2023-02-231-2/+2
| | | | | | | | Fixes #21020 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)dependabot[bot]2023-02-201-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/8e2b117aee74f6b86c207a808b0255de45c0a18a"><code>8e2b117</code></a> http2/hpack: avoid quadratic complexity in hpack decoding</li> <li><a href="https://github.com/golang/net/commit/547e7edf3873d6f3a9c093d3785f9e2289e00746"><code>547e7ed</code></a> http2: avoid referencing ResponseWrite.Write parameter after returning</li> <li><a href="https://github.com/golang/net/commit/39940adcaaa73e661124cb80fb8dd57ea929dbaf"><code>39940ad</code></a> html: parse comments per HTML spec</li> <li><a href="https://github.com/golang/net/commit/87ce33ecb484cbb6bcfc8e506ce0330ef72e0847"><code>87ce33e</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/415cb6d518e71d202e2dc2f44c475cbff84eee72"><code>415cb6d</code></a> all: fix some comments</li> <li><a href="https://github.com/golang/net/commit/7e3c19ca52e202ae203b1914fc00c8e47a4d72fa"><code>7e3c19c</code></a> all: correct typos in comments</li> <li><a href="https://github.com/golang/net/commit/296f09aa3817abc1ddff7703799bf9babb7bbd16"><code>296f09a</code></a> http2: case insensitive handling for 100-continue</li> <li><a href="https://github.com/golang/net/commit/f8411da775a685be247bbedcb3ed2c998f895cd2"><code>f8411da</code></a> nettest: fix tests on dragonfly and js/wasm</li> <li><a href="https://github.com/golang/net/commit/8e0e7d8d38f2b6d21d742845570dde2902d06a1d"><code>8e0e7d8</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/7805fdc37dc2b54b28b9d621030e14dcf1dab67c"><code>7805fdc</code></a> http2: rewrite inbound flow control tracking</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.4.0...v0.7.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.4.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: delvh <leon@kske.dev> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Use import of OCI structs (#22765)KN4CK3R2023-02-061-0/+4
| | | | | | Fixes #22758 Otherwise we would need to rewrite the structs in `oci.go`.
* Add more events details supports for actions (#22680)Lunny Xiao2023-02-011-2/+2
| | | | | | | | | | | | | | | #21937 implemented only basic events based on name because of `act`'s limitation. So I sent a PR to parse all possible events details in https://gitea.com/gitea/act/pulls/11 and it merged. The ref documentation is https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows This PR depends on that and make more detail responses for `push` events and `pull_request` events. And it lefts more events there for future PRs. --------- Co-authored-by: Jason Song <i@wolfogre.com>
* Implement actions (#21937)Jason Song2023-01-311-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Close #13539. Co-authored by: @lunny @appleboy @fuxiaohei and others. Related projects: - https://gitea.com/gitea/actions-proto-def - https://gitea.com/gitea/actions-proto-go - https://gitea.com/gitea/act - https://gitea.com/gitea/act_runner ### Summary The target of this PR is to bring a basic implementation of "Actions", an internal CI/CD system of Gitea. That means even though it has been merged, the state of the feature is **EXPERIMENTAL**, and please note that: - It is disabled by default; - It shouldn't be used in a production environment currently; - It shouldn't be used in a public Gitea instance currently; - Breaking changes may be made before it's stable. **Please comment on #13539 if you have any different product design ideas**, all decisions reached there will be adopted here. But in this PR, we don't talk about **naming, feature-creep or alternatives**. ### ⚠️ Breaking `gitea-actions` will become a reserved user name. If a user with the name already exists in the database, it is recommended to rename it. ### Some important reviews - What is `DEFAULT_ACTIONS_URL` in `app.ini` for? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1055954954 - Why the api for runners is not under the normal `/api/v1` prefix? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1061173592 - Why DBFS? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1061301178 - Why ignore events triggered by `gitea-actions` bot? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1063254103 - Why there's no permission control for actions? - https://github.com/go-gitea/gitea/pull/21937#discussion_r1090229868 ### What it looks like <details> #### Manage runners <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205870657-c72f590e-2e08-4cd4-be7f-2e0abb299bbf.png"> #### List runs <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205872794-50fde990-2b45-48c1-a178-908e4ec5b627.png"> #### View logs <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205872501-9b7b9000-9542-4991-8f55-18ccdada77c3.png"> </details> ### How to try it <details> #### 1. Start Gitea Clone this branch and [install from source](https://docs.gitea.io/en-us/install-from-source). Add additional configurations in `app.ini` to enable Actions: ```ini [actions] ENABLED = true ``` Start it. If all is well, you'll see the management page of runners: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205877365-8e30a780-9b10-4154-b3e8-ee6c3cb35a59.png"> #### 2. Start runner Clone the [act_runner](https://gitea.com/gitea/act_runner), and follow the [README](https://gitea.com/gitea/act_runner/src/branch/main/README.md) to start it. If all is well, you'll see a new runner has been added: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205878000-216f5937-e696-470d-b66c-8473987d91c3.png"> #### 3. Enable actions for a repo Create a new repo or open an existing one, check the `Actions` checkbox in settings and submit. <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205879705-53e09208-73c0-4b3e-a123-2dcf9aba4b9c.png"> <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205879383-23f3d08f-1a85-41dd-a8b3-54e2ee6453e8.png"> If all is well, you'll see a new tab "Actions": <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205881648-a8072d8c-5803-4d76-b8a8-9b2fb49516c1.png"> #### 4. Upload workflow files Upload some workflow files to `.gitea/workflows/xxx.yaml`, you can follow the [quickstart](https://docs.github.com/en/actions/quickstart) of GitHub Actions. Yes, Gitea Actions is compatible with GitHub Actions in most cases, you can use the same demo: ```yaml name: GitHub Actions Demo run-name: ${{ github.actor }} is testing out GitHub Actions 🚀 on: [push] jobs: Explore-GitHub-Actions: runs-on: ubuntu-latest steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code uses: actions/checkout@v3 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: echo "🖥️ The workflow is now ready to test your code on the runner." - name: List files in the repository run: | ls ${{ github.workspace }} - run: echo "🍏 This job's status is ${{ job.status }}." ``` If all is well, you'll see a new run in `Actions` tab: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205884473-79a874bc-171b-4aaf-acd5-0241a45c3b53.png"> #### 5. Check the logs of jobs Click a run and you'll see the logs: <img width="1792" alt="image" src="https://user-images.githubusercontent.com/9418365/205884800-994b0374-67f7-48ff-be9a-4c53f3141547.png"> #### 6. Go on You can try more examples in [the documents](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions) of GitHub Actions, then you might find a lot of bugs. Come on, PRs are welcome. </details> See also: [Feature Preview: Gitea Actions](https://blog.gitea.io/2022/12/feature-preview-gitea-actions/) --------- Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: ChristopherHX <christopher.homberger@web.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Consume hcaptcha and pwn deps (#22610)John Olheiser2023-01-291-4/+0
| | | | | | | | | | | This PR just consumes the [hcaptcha](https://gitea.com/jolheiser/hcaptcha) and [haveibeenpwned](https://gitea.com/jolheiser/pwn) modules directly into Gitea. Also let this serve as a notice that I'm fine with transferring my license (which was already MIT) from my own name to "The Gitea Authors". Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add support for incoming emails (#22056)KN4CK3R2023-01-141-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | closes #13585 fixes #9067 fixes #2386 ref #6226 ref #6219 fixes #745 This PR adds support to process incoming emails to perform actions. Currently I added handling of replies and unsubscribing from issues/pulls. In contrast to #13585 the IMAP IDLE command is used instead of polling which results (in my opinion 😉) in cleaner code. Procedure: - When sending an issue/pull reply email, a token is generated which is present in the Reply-To and References header. - IMAP IDLE waits until a new email arrives - The token tells which action should be performed A possible signature and/or reply gets stripped from the content. I added a new service to the drone pipeline to test the receiving of incoming mails. If we keep this in, we may test our outgoing emails too in future. Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update golang deps (#22410)techknowlogick2023-01-121-107/+123
| | | | Note, hashicorp's LRU has been updated to v2 which supports generics but this was left out as it is a more involved upgrade.
* Replace deprecated Webauthn library (#22400)techknowlogick2023-01-111-388/+25
| | | | | Fix #22052 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove satori/go.uuid (#22375)Jason Song2023-01-091-1/+0
| | | | `github.com/satori/go.uuid` is no longer used, so the `replace` is not needed now
* Upgrade go-chi to v5.0.8 (#22304)Lunny Xiao2023-01-011-2/+2
|
* Update bleve and zapx to fix unaligned atomic (#22031)zeripath2022-12-211-25/+20
| | | | | | | | | | | | There is an unaligned atomic field in zapx 15.3.5 which should have been fixed in a subsequent patch This bug causes issues on 32bit builds. Update bleve and zapx to account for this. Fix #21957 Signed-off-by: Andrew Thornton <art27@cantab.net>
* verify nodeinfo response by schema (#22137)Meisam2022-12-171-0/+6
| | | | | | ... using [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update xorm (#22094)KN4CK3R2022-12-101-6/+6
|
* Update gitea-vet to check FSFE REUSE (#22004)Jason Song2022-12-021-2/+2
| | | | | | | | | | | | | Related to: - #21840 - https://gitea.com/gitea/gitea-vet/pulls/21 What it looks like when it's working: https://drone.gitea.io/go-gitea/gitea/64040/1/5 All available SPDX license identifiers: [SPDX License List](https://spdx.org/licenses/). Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update chroma to v2.4.0 (#22000)silverwind2022-12-011-2/+4
| | | Did a few cursory tests, seems to work well.
* Upgrade golang.org/x/crypto (#21792)Gusted2022-11-121-9/+9
| | | | | | | | | - Update the crypto dependency to include https://github.com/golang/crypto/commit/6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 - Resolves #17798 Executed: `go get golang.org/x/crypto@6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 && rm go.sum && go mod tidy`
* Update binding to fix bugs (#21556)Lunny Xiao2022-10-231-2/+2
| | | Fix #19698
* Bump `golang.org/x/text` (#21412)Gusted2022-10-111-1/+2
| | | | | - Update the `golang.org/x/text` dependency, this fixes [a security issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
* Update to go-enry v2.8.3 (#21360)Clark Boylan2022-10-061-2/+2
| | | | | | | | | | | | This fixes an issue with enry's isVendor() method being too greedy. This lead to gitea classifying unvendored code as vendored. The impact of this is fairly minimal, but our Gitea users did notice which led me to fixing this in go-enry. Some files will be tagged with a vendored flag in the UI. I think it also impacts the calculation of language statistics in the repo as vendored files are not incorporated into the stats. For more information on the issue see the go-enry bug: https://github.com/go-enry/go-enry/issues/135
* Update Golang deps (#21304)techknowlogick2022-10-011-68/+78
|
* Update bluemonday (#21281)65432022-09-271-3/+4
| | | | | https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20 Co-authored-by: Lauris BH <lauris@nix.lv>
* Upgrade chroma to v2.3.0 (#21259)silverwind2022-09-261-7/+9
| | | | | | | | | | | | | The behaviour of `PreventSurroundingPre` has changed in https://github.com/alecthomas/chroma/pull/618 so that apparently it now causes line wrapper tags to be no longer emitted, but we need some form of indication to split the HTML into lines, so I did what https://github.com/yuin/goldmark-highlighting/pull/33 did and added the `nopWrapper`. Maybe there are more elegant solutions but for some reason, just splitting the HTML string on `\n` did not work. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update a few go dependencies (#21022)zeripath2022-09-011-351/+291
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a lot of go dependencies that appear old and we should update them. The following packages have been updated: * codeberg.org/gusted/mcaptcha * github.com/markbates/goth * github.com/buildkite/terminal-to-html * github.com/caddyserver/certmagic * github.com/denisenkom/go-mssqldb * github.com/duo-labs/webauthn * github.com/editorconfig/editorconfig-core-go/v2 * github.com/felixge/fgprof * github.com/gliderlabs/ssh * github.com/go-ap/activitypub * github.com/go-git/go-git/v5 * github.com/go-ldap/ldap/v3 * github.com/go-swagger/go-swagger * github.com/go-testfixtures/testfixtures/v3 * github.com/golang-jwt/jwt/v4 * github.com/klauspost/compress * github.com/lib/pq * gitea.com/lunny/dingtalk_webhook - instead of github.com * github.com/mattn/go-sqlite3 * github/matn/go-isatty * github.com/minio/minio-go/v7 * github.com/niklasfasching/go-org * github.com/prometheus/client_golang * github.com/stretchr/testify * github.com/unrolled/render * github.com/xanzy/go-gitlab * gopkg.in/ini.v1 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add support mCaptcha as captcha provider (#20458)Gusted2022-08-101-0/+2
| | | | | https://mcaptcha.org/ Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
* Update lunny/levelqueue to prevent NPE when reads are performed after close ↵zeripath2022-07-291-2/+2
| | | | (#20534)
* update xorm.io/xorm v1.3.2-0.20220714055524-c3bce556200f (#20371)65432022-07-141-2/+2
| | | | | | | Xorm 1.3.2-0.20220714055524 contains a fix for interpreting db column sizes. Prior to this fix xorm would assume that the size of a column was within the range of an `int`. This is correct on 64bit machines where `int` is typical equivalent to `int64` however, on 32bit machines `int` tends to be `int32`. Unfortunately the size of a LONGTEXT field is actually `max_uint32`, thus using `strconv.Atoi` on these fields will fail and thus #20161 occurs on 32 bit arm. Xorm 1.3.2-0.20220714055524 changes this field to use int64 instead. Fix #20161
* Update goldmark (#20300)Gusted2022-07-091-2/+2
| | | | | Update goldmark to v1.4.13 to fix a issue with quotes after a empty list item(See https://github.com/yuin/goldmark/issues/313) and downstream issue https://codeberg.org/Codeberg/Community/issues/645
* Update Bluemonday to v1.0.19 (#20199)zeripath2022-07-011-7/+6
| | | | | | | | | | | The current version of bluemonday is double escaping attributes. This PR updates bluemonday to the version that fixes this. (See: microcosm-cc/bluemonday#143 ) Fix #19860 Signed-off-by: Andrew Thornton art27@cantab.net
* User keypairs and HTTP signatures for ActivityPub federation using go-ap ↵Anthony Wang2022-06-191-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
* Add fgprof pprof profiler (#20005)zeripath2022-06-181-0/+4
| | | | | | | | | | | | | | | | | | | | | fgprof is a sampling Go profiler that allows you to analyze On-CPU as well as Off-CPU (e.g. I/O) time together. Go's builtin sampling CPU profiler can only show On-CPU time, but it's better than fgprof at that. Go also includes tracing profilers that can analyze I/O, but they can't be combined with the CPU profiler. fgprof is designed for analyzing applications with mixed I/O and CPU workloads. This kind of profiling is also known as wall-clock profiling. Whilst fgprof can cause significant STW latencies in applications with a lot of goroutines (> 1-10k), these latencies only occur if the profile is requested - it doesn't cause a delay by simply being available. The fgprof profile is mounted on `http://localhost:6060/debug/fgprof?seconds=3` Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent NPE whilst migrating if there is a team request review (#19855)zeripath2022-06-091-3/+3
| | | | | | | | | A pr.Reviewer may be nil when migrating from Gitea if this is a team request review. We do not migrate teams therefore we cannot map these requests, but we can migrate user requests. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add support for rendering terminal output with colors (#19497)Lauris BH2022-06-091-0/+3
|
* Implement http signatures support for the API (#17565)Wim2022-06-051-0/+2
| | | | | | | | | | | | | | | | Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix order by parameter (#19849)Lunny Xiao2022-06-041-17/+101
| | | | | | | | | | Upgrade builder to v0.3.11 Upgrade xorm to v1.3.1 and fixed some hidden bugs. Replace #19821 Replace #19834 Included #19850 Co-authored-by: zeripath <art27@cantab.net>
* Add 'make tidy' (#19800)silverwind2022-05-241-56/+0
| | | | | Convenience command to run 'go mod tidy'. The compat flag is set to the minimum supported go version instead of min version minus one which is go's default, which eliminated some checksums in go.sum as a result.
* Update go-chi/cache to utilize Ping() (#19719)65432022-05-151-2/+2
| | | | | | | * update gitea.com/go-chi/cache -> v0.2.0 * ajust to new interface * refactor
* Update go deps (#19665)65432022-05-101-79/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | * update gitea.com/go-chi/binding * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/duo-labs/webauthn * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/emirpasic/gods * update github.com/gliderlabs/ssh * update github.com/go-chi/cors * update github.com/go-enry/go-enry/v2 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/golang-jwt/jwt/v4 * update github.com/google/pprof * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/minio/minio-go/v7 * update github.com/olivere/elastic/v7 * update github.com/unrolled/render * update github.com/urfave/cli * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * adopt breaking changes of certmagic
* Remove legacy unmaintained packages, refactor to support change default ↵wxiaoguang2022-04-031-5/+0
| | | | | | | | | | locale (#19308) Remove two unmaintained vendor packages `i18n` and `paginater`. Changes: * Rewrite `i18n` package with a more clear fallback mechanism. Fix an unstable `Tr` behavior, add more tests. * Refactor the legacy `Paginater` to `Paginator`, test cases are kept unchanged. Trivial enhancement (no breaking for end users): * Use the first locale in LANGS setting option as the default, add a log to prevent from surprising users.
* Upgrade xorm/builder from v0.3.9 to v0.3.10 (#19296)Lunny Xiao2022-04-021-1/+2
| | | | xorm/builder v0.3.10 add support to EXISTS and NOT EXISTS.
* go.mod: update kevinburke/ssh_config to v1.2.0 (#19286)Kevin Burke2022-04-011-2/+2
| | | | | | | | | | | | | | | Previously if you tried to read a HostName in a config file that looked like this: ``` Host github HostName github.com # This is the host for code review ``` DefaultUserSettings.Get("HostName") would return "github.com ", which I think is unintuitive and unexpected. This behavior is fixed in v1.2 which would return "github.com" in the above example.
* Add Goroutine stack inspector to admin/monitor (#19207)zeripath2022-03-311-0/+1
| | | | | | | | | | | | | | | | | | | Continues on from #19202. Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile. The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines. If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound. In this way we should be able to more easily examine goroutines that have been stuck. A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Redis Sentinel Authentication Support (#19213)Justin Sievenpiper2022-03-301-5/+9
| | | | | Gitea was not able to supply any authentication parameters to it. So this brings support to do that, along with some light extraction of a couple of bits into some separate functions for easier testing. I looked at other libraries supporting similar RedisUri-style connection strings (e.g. Lettuce), but it looks like this type of configuration is beyond what would typically be done in a connection string. Since gitea doesn't have configuration options for manually specifying all this redis connection detail, I went ahead and just chose straightforward names for these new parameters.
* Bump goldmark to v1.4.11 (#19201)Robert Kaussow2022-03-241-2/+2
| | | | | | | | | * Bump goldmark to v1.4.11 * add testcase Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Update golang.org/x/crypto (#19097)Gusted2022-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | * Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf - & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a * Update Kex Algorithms - Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a - Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
* Upgrading binding package (#19034)Lunny Xiao2022-03-091-2/+2
| | | Fix #18855
* bump go deps (#19021)techknowlogick2022-03-081-186/+779
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update `go-enry` to v2.8.0 (#18993)Gusted2022-03-041-2/+2
| | | | | | | - It was reported in the Matrix channel that Chroma [has support](https://github.com/alecthomas/chroma/commit/d40210297631298bde98a8fcfd52c3d2555cc367) for the Fennel language, go-enry only added detection support for this [in v2.7.2](https://github.com/go-enry/go-enry/commit/0affa3ccca37cd781600760956581c5f94ef8a3c). Co-authored-by: techknowlogick <techknowlogick@gitea.io>