aboutsummaryrefslogtreecommitdiffstats
path: root/modules/setting
Commit message (Collapse)AuthorAgeFilesLines
* enforce explanation for necessary nolints and fix bugs (#34883)TheFox0x76 days5-6/+9
| | | | | | | Follows up https://github.com/go-gitea/gitea/pull/34851 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix remaining issues after `gopls modernize` formatting (#34771)silverwind2025-06-181-1/+1
| | | | | | | | Followup https://github.com/go-gitea/gitea/pull/34751, fix all remaining marked issues. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Run `gopls modernize` on codebase (#34751)silverwind2025-06-185-16/+8
| | | | Recent modernize fixes: https://github.com/golang/tools/commits/master/gopls/internal/analysis/modernize
* Improve instance wide ssh commit signing (#34341)ChristopherHX2025-06-111-0/+6
| | | | | | | | | | | | | | | | | * Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea * SSH format can be added in gitea config * SSH Signing worked before with DEFAULT_TRUST_MODEL=committer `TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents to trust for every user of this instance Closes #34329 Related #31392 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update x/crypto package and make builtin SSH use default parameters (#34667)wxiaoguang2025-06-091-15/+11
|
* Refactor some tests (#34580)wxiaoguang2025-06-031-6/+4
| | | | 1. use `test.MockVariableValue` as much as possible 2. avoid `time.Sleep` as much as possible
* Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187)wxiaoguang2025-04-281-0/+10
| | | | | | | | | | | | | | | | | | | | | Fix #880 Design: 1. A global setting `security.TWO_FACTOR_AUTH`. * To support org-level config, we need to introduce a better "owner setting" system first (in the future) 2. A user without 2FA can login and may explore, but can NOT read or write to any repositories via API/web. 3. Keep things as simple as possible. * This option only aggressively suggest users to enable their 2FA at the moment, it does NOT guarantee that users must have 2FA before all other operations, it should be good enough for real world use cases. * Some details and tests could be improved in the future since this change only adds a check and seems won't affect too much. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Option to delay conflict checking of old pull requests until page view (#27779)Brecht Van Lommel2025-04-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | `[repository.pull-request] DELAY_CHECK_FOR_INACTIVE_DAYS` is a new setting to delay the mergeable check for pull requests that have been inactive for the specified number of days. This avoids potentially long delays for big repositories with many pull requests. and reduces system load overall when there are many repositories or pull requests. When viewing the PR, checking will start immediately and the PR merge box will automatically reload when complete. Accessing the PR through the API will also start checking immediately. The default value of `7` provides a balance between system load, and keeping behavior similar to what it was before both for users and API access. With `0` all conflict checking will be delayed, while `-1` always checks immediately to restore the previous behavior. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make public URL generation configurable (#34250)wxiaoguang2025-04-221-7/+12
| | | | | | | Follow up #32564 Co-authored-by: Jannis Pohl <838818+jannispl@users.noreply.github.com> Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
* Add API endpoint to request contents of multiple files simultaniously (#34139)Denys Konovalov2025-04-221-0/+2
| | | | | | | | | | | | | | | | Adds an API POST endpoint under `/repos/{owner}/{repo}/file-contents` which receives a list of paths and returns a list of the contents of these files. This API endpoint will be helpful for applications like headless CMS (reference: https://github.com/sveltia/sveltia-cms/issues/198) which need to retrieve a large number of files by reducing the amount of needed API calls. Close #33495 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make ROOT_URL support using request Host header (#32564)Jannis Pohl2025-04-201-11/+32
| | | | | | | Resolve #32554 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add middleware for request prioritization (#33951)Rowan Bohde2025-04-141-0/+17
| | | | | | | | | | | | | | | | | | | This adds a middleware for overload protection that is intended to help protect against malicious scrapers. It does this via [`codel`](https://github.com/bohde/codel), which will perform the following: 1. Limit the number of in-flight requests to some user-defined max 2. When in-flight requests have reached their begin queuing requests. Logged-in requests having priority above logged-out requests 3. Once a request has been queued for too long, it has a probabilistic chance to be rejected based on how overloaded the entire system is. When a server experiences more traffic than it can handle, this keeps latency low for logged-in users and rejects just enough requests from logged-out users to not overload the service. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Fix package upload temp path (#34196)wxiaoguang2025-04-141-10/+2
| | | | | Fix #34195 The temp dir should be created when it is used.
* Set MERMAID_MAX_SOURCE_CHARACTERS to 50000 (#34152)wxiaoguang2025-04-091-1/+1
| | | Fix #32015
* Uniform all temporary directories and allow customizing temp path (#32352)Lunny Xiao2025-04-085-36/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR uniform all temporary directory usage so that it will be easier to manage. Relate to #31792 - [x] Added a new setting to allow users to configure the global temporary directory. - [x] Move all temporary files and directories to be placed under os.Temp()/gitea. - [x] `setting.Repository.Local.LocalCopyPath` now will be `setting.TempPath/local-repo` and the customized path is removed. ```diff -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;[repository.local] -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;; -;; Path for local repository copy. Defaults to TEMP_PATH + `local-repo`, this is deprecated and cannot be changed -;LOCAL_COPY_PATH = local-repo ``` - [x] `setting.Repository.Upload.TempPath` now will be `settting.TempPath/uploads` and the customized path is removed. ```diff ;[repository.upload] -;; -;; Path for uploads. Defaults to TEMP_PATH + `uploads` -;TEMP_PATH = uploads ``` - [x] `setting.Packages.ChunkedUploadPath` now will be `settting.TempPath/package-upload` and the customized path is removed. ```diff ;[packages] -;; -;; Path for chunked uploads. Defaults it's `package-upload` under `TEMP_PATH` unless it's an absolute path. -;CHUNKED_UPLOAD_PATH = package-upload ``` - [x] `setting.SSH.KeyTestPath` now will be `settting.TempPath/ssh_key_test` and the customized path is removed. ```diff [server] -;; -;; Directory to create temporary files in when testing public keys using ssh-keygen, -;; default is the system temporary directory. -;SSH_KEY_TEST_PATH = ``` TODO: - [ ] setting.PprofDataPath haven't been changed because it may need to be kept until somebody read it but temp path may be clean up any time. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix markdown render behaviors (#34122)wxiaoguang2025-04-052-9/+126
| | | | | | | * Fix #27645 * Add config options `MATH_CODE_BLOCK_DETECTION`, problematic syntaxes are disabled by default * Fix #33639 * Add config options `RENDER_OPTIONS_*`, old behaviors are kept
* Enable addtional linters (#34085)TheFox0x72025-04-012-2/+3
| | | | | | | | enable mirror, usestdlibbars and perfsprint part of: https://github.com/go-gitea/gitea/issues/34083 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Enable testifylint rules (#34075)TheFox0x72025-03-3113-143/+143
| | | | enable testifylint rules disabled in: https://github.com/go-gitea/gitea/pull/34054
* Add a config option to block "expensive" pages for anonymous users (#34024)wxiaoguang2025-03-303-10/+48
| | | | | | | | | | | Fix #33966 ``` ;; User must sign in to view anything. ;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources, ;; for example: block anonymous AI crawlers from accessing repo code pages. ;; The "expensive" mode is experimental and subject to change. ;REQUIRE_SIGNIN_VIEW = false ```
* enable staticcheck QFxxxx rules (#34064)TheFox0x72025-03-291-2/+2
|
* Use filepath.Join instead of path.Join for file system file operations (#33978)Lunny Xiao2025-03-243-7/+4
|
* Move ParseBool to optional (#33979)Lunny Xiao2025-03-241-2/+2
|
* Add material icons for file list (#33837)wxiaoguang2025-03-101-0/+2
|
* Email option to embed images as base64 instead of link (#32061)sommerf-lf2025-03-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | ref: #15081 ref: #14037 Documentation: https://gitea.com/gitea/docs/pulls/69 # Example Content: ![image](https://github.com/user-attachments/assets/e73ebfbe-e329-40f6-9c4a-f73832bbb181) Result in Email: ![image](https://github.com/user-attachments/assets/55b7019f-e17a-46c3-a374-3b4769d5c2d6) Result with source code: (first image is external image, 2nd is now embedded) ![image](https://github.com/user-attachments/assets/8e2804a1-580f-4a69-adcb-cc5d16f7da81) --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Try to fix ACME path when renew (#33668)wxiaoguang2025-02-231-9/+16
| | | Try to fix #32191
* Support disable passkey auth (#33348)yp053272025-01-221-0/+2
| | | | | | | Fix #33314 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make Gitea always use its internal config, ignore `/etc/gitconfig` (#33076)wxiaoguang2025-01-021-0/+3
| | | | | | | | | | | | | | | | | | | In history, Gitea could use the system config `/etc/gitconfig` because some users said that "they might put certNonceSeed in it" Actually, we shouldn't not use it, because it also causes conflicts (there are already some fixes like #28848) To make the system clear, I think it's worth to introduce the breaking change: add `GIT_CONFIG_NOSYSTEM=1` to all git commands. ## :warning: BREAKING :warning: For most users, nothing need to do. If you have made changes to `/etc/gitconfig` to affect Gitea's behavior, you need to move these config options to Gitea's internal git config file, it is usually in Gitea's `{AppDataPath}/home/.git` directory.
* Fix bleve fuzziness search (#33078)wxiaoguang2025-01-031-0/+3
| | | Close #31565
* Refactor env var related code (#33075)wxiaoguang2025-01-021-2/+16
| | | And add more comments
* unset XDG_HOME_CONFIG as gitea manages configuration locations (#33067)JonRB2025-01-021-0/+5
| | | | | | | | unset XDG_CONFIG_HOME early to enable gitea to manage git configuration. simple error checking to satisfy the linting. Closes #33039 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove some unnecessary template helpers (#33069)wxiaoguang2025-01-011-2/+3
| | | | DisableGitHooks and DisableImportLocal are only used when editing a user, so only set them in `editUserCommon`
* Fix settings not being loaded at CLI (#26402)cassio zareck2024-12-305-13/+1
| | | | | | | | | | Closes #25898 The problem was that the default settings weren't being loaded --------- Signed-off-by: cassiozareck <cassiomilczareck@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add `show more` organizations icon in user's profile (#32986)yp053272024-12-271-0/+3
| | | | | | | | | | | | | | | | | | | Close #32952 # ⚠️ Doc update is required ![image](https://github.com/user-attachments/assets/296c5109-8fc1-43ea-b7dc-e79919cc1f9a) ![image](https://github.com/user-attachments/assets/d30980f6-22e4-4b97-9143-c750dc399da6) ------ ⚠️This PR refuses to be cherry-picked by any forked projects without any mentions. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Clarify path param naming (#32969)wxiaoguang2024-12-241-0/+6
| | | | | | | | | In history (from some legacy frameworks), both `:name` and `name` are supported as path path name, `:name` is an alias to `name`. To make code consistent, now we should only use `name` but not `:name`. Also added panic check in related functions to make sure the name won't be abused in case some downstreams still use them.
* Update i18n.go - Language Picker (#32933)Aindriú Mac Giolla Eoin2024-12-211-0/+1
|
* Enable tenv and testifylint rules (#32852)TheFox0x72024-12-153-7/+7
| | | | Enables tenv and testifylint linters closes: https://github.com/go-gitea/gitea/issues/32842
* Allow to fork repository into the same owner (#32819)wxiaoguang2024-12-141-0/+1
| | | | | | | | | | | | This feature is experimental, not fully tested, and may be changed in the future. It is only designed for users who really need it: set `[repository].ALLOW_FORK_INTO_SAME_OWNER=true` in your app.ini Doc: https://gitea.com/gitea/docs/pulls/122 ![image](https://github.com/user-attachments/assets/38d08c23-9cfc-49d8-9321-ff81edf65395)
* Add Arch package registry (#32692)KN4CK3R2024-12-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | Close #25037 Close #31037 This PR adds a Arch package registry usable with pacman. ![grafik](https://github.com/user-attachments/assets/81cdb0c2-02f9-4733-bee2-e48af6b45224) Rewrite of #25396 and #31037. You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a package for testing. Docs PR: https://gitea.com/gitea/docs/pulls/111 Co-authored-by: [d1nch8g@ion.lc](mailto:d1nch8g@ion.lc) Co-authored-by: @ExplodingDragon --------- Co-authored-by: dancheg97 <dancheg97@fmnx.su> Co-authored-by: dragon <ExplodingFKL@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Allow to disable the password-based login (sign-in) form (#32687)wxiaoguang2024-12-021-0/+2
| | | | | | | | | | | | | | Usually enterprise/organization users would like to only allow OAuth2 login. This PR adds a new config option to disable the password-based login form. It is a simple and clear approach and won't block the future login-system refactoring works. Fix a TODO in #24821 Replace #21851 Close #7633 , close #13606
* Support optional/configurable IAMEndpoint for Minio Client (#32581) (#32581)Michael Owoc2024-11-222-0/+14
| | | | | | | | | | | | | | | | | | | | | | | Targeting issue #32271 This modification allows native Kubernetes + AWS (EKS) authentication with the Minio client, to Amazon S3 using the IRSA role assigned to a Service account by replacing the hard coded reference to the `DefaultIAMRoleEndpoint` with an optional configurable endpoint. Internally, Minio's `credentials.IAM` provider implements a discovery flow for IAM Endpoints if it is not set. For backwards compatibility: - We have added a configuration mechanism for an `IamEndpoint` to retain the unit test safety in `minio_test.go`. - We believe existing clients will continue to function the same without needing to provide a new config property since the internals of Minio client also often resolve to the `http://169.254.169.254` default endpoint that was being hard coded before To test, we were able to build a docker image from source and, observe it choosing the expected IAM endpoint, and see files uploaded via the client.
* Refactor markup render system (#32533)wxiaoguang2024-11-181-6/+15
| | | | | Remove unmaintainable sanitizer rules. No need to add special "class" regexp rules anymore, use RenderInternal.SafeAttr instead, more details (and examples) are in the tests
* Fix `recentupdate` sorting bugs (#32505)Zettat1232024-11-151-0/+1
| | | | | | Fix #32499 - Add the missing `recentupdate` to `OrderByFlatMap` - Assign default value(`recentupdate`) to `EXPLORE_PAGING_DEFAULT_SORT`
* Add avif image file support (#32508)wxiaoguang2024-11-151-13/+13
| | | | | | | | | Most modern browsers support it now ` Update ALLOWED_TYPES #96 ` https://gitea.com/gitea/docs/pulls/96 --------- Co-authored-by: silverwind <me@silverwind.io>
* Add `DEFAULT_MIRROR_REPO_UNITS` and `DEFAULT_TEMPLATE_REPO_UNITS` options ↵Zettat1232024-11-111-0/+4
| | | | | | | | | | | | | (#32416) Resolve #30350 The action unit of mirrors and templates should be disabled by default. This PR adds `DEFAULT_MIRROR_REPO_UNITS` and `DEFAULT_TEMPLATE_REPO_UNITS` options to allow users to specify default units for mirrors and templates. Thanks to @lng2020 for the [idea](https://github.com/go-gitea/gitea/issues/30350#issuecomment-2053942243)
* Use 8 as default value for git lfs concurrency (#32421)wxiaoguang2024-11-052-3/+3
|
* Make LFS http_client parallel within a batch. (#32369)Royce Remer2024-11-042-1/+20
| | | | Signed-off-by: Royce Remer <royceremer@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add new [lfs_client].BATCH_SIZE and [server].LFS_MAX_BATCH_SIZE config ↵Royce Remer2024-10-302-4/+33
| | | | | | | | | | | | | | | | | | settings. (#32307) This contains two backwards-compatible changes: * in the lfs http_client, the number of lfs oids requested per batch is loaded from lfs_client#BATCH_SIZE and defaulted to the previous value of 20 * in the lfs server/service, the max number of lfs oids allowed in a batch api request is loaded from server#LFS_MAX_BATCH_SIZE and defaults to 'nil' which equates to the previous behavior of 'infinite' This fixes #32306 --------- Signed-off-by: Royce Remer <royceremer@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add `DISABLE_ORGANIZATIONS_PAGE` and `DISABLE_CODE_PAGE` settings for ↵Zettat1232024-10-221-2/+4
| | | | | | | | | | | | explore pages and fix an issue related to user search (#32288) These settings can allow users to only display the repositories explore page. Thanks to yp05327 and wxiaoguang ! --------- Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Enhance USER_DISABLED_FEATURES to allow disabling change username or full ↵Zisu Zhang2024-10-051-0/+2
| | | | | | | | | | | | | | | name (#31959) Fix #31958 Enhanced `USER_DISABLED_FEATURES`(also `EXTERNAL_USER_DISABLE_FEATURES`) option in `[admin]` section. Added following values: - `change_username`: Disable change username - `change_full_name`: Disable change full name --- Progress: - [x] Update code - [x] Update translations
* Add pure SSH LFS support (#31516)ConcurrentCrab2024-09-271-0/+1
| | | | | | | | | Fixes #17554 /claim #17554 Docs PR https://gitea.com/gitea/docs/pulls/49 To test, run pushes like: `GIT_TRACE=1` git push. The trace output should mention "pure SSH connection".
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 03:34:38 +0000