aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)zeripath2022-03-297-101/+313
| | | | | | | | | | | | | | | | | Strangely #19038 appears to relate to an issue whereby a tag appears to be listed in `git show-ref --tags` but then does not appear when `git show-ref --tags -- short_name` is called. As a solution though I propose to stop the second call as it is unnecessary and only likely to cause problems. I've also noticed that the tags calls are wildly inefficient and aren't using the common cat-files - so these have been added. I've also noticed that the git commit-graph is not being written on mirroring - so I've also added writing this to the migration which should improve mirror rendering somewhat. Fix #19038 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* More commit info from API (#19252)John Olheiser2022-03-292-5/+28
| | | | | Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Provide configuration to allow camo-media proxying (#12802)zeripath2022-03-294-0/+108
| | | | | | | | | * Provide configuration to allow camo-media proxying Fix #916 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move init repository related functions to modules (#19159)Lunny Xiao2022-03-292-5/+222
| | | | | | | | | * Move init repository related functions to modules * Fix lint * Use ctx but db.DefaultContext Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move organization related structs into sub package (#18518)Lunny Xiao2022-03-296-27/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move organization related structs into sub package * Fix test * Fix lint * Move more functions into sub packages * Fix bug * Fix test * Update models/organization/team_repo.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Apply suggestions from code review Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Fix fmt * Follow suggestion from @Gusted * Fix test * Fix test * Fix bug * Use ctx but db.DefaultContext on routers * Fix bug * Fix bug * fix bug * Update models/organization/team_user.go * Fix bug Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor repo clone button and repo clone links, fix JS error on empty repo ↵wxiaoguang2022-03-291-5/+12
| | | | | | | | | | | | | | | | | page (#19208) The last PR about clone buttons introduced an JS error when visiting an empty repo page: * https://github.com/go-gitea/gitea/pull/19028 * `Uncaught ReferenceError: isSSH is not defined`, because the variables are scoped and doesn't share between sub templates. This: 1. Simplify `templates/repo/clone_buttons.tmpl` and make code clear 2. Move most JS code into `initRepoCloneLink` 3. Remove unused `CloneLink.Git` 4. Remove `ctx.Data["DisableSSH"] / ctx.Data["ExposeAnonSSH"] / ctx.Data["DisableHTTP"]`, and only set them when is is needed (eg: deploy keys / ssh keys) 5. Introduce `Data["CloneButton*"]` to provide data for clone buttons and links 6. Introduce `Data["RepoCloneLink"]` for the repo clone link (not the wiki) 7. Remove most `ctx.Data["PageIsWiki"]` because it has been set in the `/wiki` middleware 8. Remove incorrect `quickstart` class in `migrating.tmpl`
* Prevent intermittent failures in RepoIndexerTest (2) (#19229)zeripath2022-03-271-0/+5
| | | | | | | | | | | So whilst #19225 fixes one issue it caused another. We need to initialise the Git module first. Related #19225 Fix #19162 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Hide sensitive content on admin panel progress monitor (#19218)Lunny Xiao2022-03-272-1/+28
| | | | | | Sanitize urls within git process descriptions. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Do not include global arguments in process manager (#19226)zeripath2022-03-271-8/+10
| | | | | | | | The git command by default adds a number of global arguments. These are not helpful to be displayed in the process manager and so should be skipped for default process descriptions. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent intermittent failures in RepoIndexerTest (#19225)zeripath2022-03-271-2/+8
| | | | | | | | | | | The RepoIndexerTest is failing with considerable frequency due to a race inherrent in its design. This PR adjust this test to avoid the reliance on waiting for the populate repo indexer to run and forcibly adds the repo to the queue. It then flushes the queue. It may be worth separating out the tests somewhat by testing the Index function directly away from the queue however, this forceful method should solve the current problem. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Set the default branch for repositories generated from templates (#19136)Abheek Dhawan2022-03-272-2/+15
| | | | | | | | | | | | * Set the default branch for repositories generated from templates * Allows default branch to be set through the API for repos generated from templates * Update swagger API template * Only set default branch to the one from the template if not specified * Use specified default branch if it exists while generating git commits Fix #19082 Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Add auto logging of goroutine pid label (#19212)zeripath2022-03-263-0/+61
| | | | | | | | | | | | | | * Add auto logging of goroutine pid label This PR uses unsafe to export the hidden runtime_getProfLabel function from the runtime package and then casts the result to a map[string]string. We can then interrogate this map to get the pid label from the goroutine allowing us to log it with any logging request. Reference #19202 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add `ContextUser` to http request context (#18798)KN4CK3R2022-03-263-3/+6
| | | | | This PR adds a middleware which sets a ContextUser (like GetUserByParams before) in a single place which can be used by other methods. For routes which represent a repo or org the respective middlewares set the field too. Also fix a bug in modules/context/org.go during refactoring.
* Add pprof labels in processes and for lifecycles (#19202)zeripath2022-03-254-48/+55
| | | | | | Use pprof labelling to help identify goroutines with stacks. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Bump goldmark to v1.4.11 (#19201)Robert Kaussow2022-03-241-0/+13
| | | | | | | | | * Bump goldmark to v1.4.11 * add testcase Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Prevent redirect to Host (2) (#19175)zeripath2022-03-231-0/+6
| | | | | | | | | | | | | | | Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent start panic due to missing DotEscape functionAndrew Thornton2022-03-231-0/+1
| | | | | | | | | | Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev mode because the templates are compiled dynamically there. The issue is that DotEscape is not in the original FuncMap at the time of compilation which causes a panic. Ref #19169 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Redirect .wiki/* ui link to /wiki (#18831)a10121127962022-03-231-0/+20
| | | | | | | | | | Redirect .wiki/* ui link to /wiki fix #18590 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Try to prevent autolinking of displaynames by email readers (#19169)zeripath2022-03-231-0/+5
| | | | | | | | | | | | | | Unfortunately many email readers will (helpfully) detect url or url-like names and automatically create links to them, even in HTML emails. This is not ideal when usernames can have dots in them. This PR tries to prevent this behaviour by sticking ZWJ characters between dots and also set the meta tag to prevent format detection. Not every email template has been changed in this way - just the activation emails but it may be that we should be setting the above meta tag in all of our emails too. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update HTTP status codes to modern codes (#18063)KN4CK3R2022-03-236-9/+9
| | | | | | * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
* Clean paths when looking in Storage (#19124)zeripath2022-03-223-40/+30
| | | | | | | | | | | | | * Clean paths when looking in Storage Ensure paths are clean for minio aswell as local storage. Use url.Path not RequestURI/EscapedPath in storageHandler. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv>
* Ensure that setting.LocalURL always has a trailing slash (#19171)zeripath2022-03-221-1/+4
| | | | | Fix #19166 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-227-19/+17
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Fix the bug: deploy key with write access can not push (#19010)wxiaoguang2022-03-222-4/+4
| | | Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.
* Renamed ctx.User to ctx.Doer. (#19161)KN4CK3R2022-03-227-56/+56
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Cleanup protected branches when deleting users & teams (#19158)Norwin2022-03-221-0/+18
| | | | | | | | | | | * Clean up protected_branches when deleting user fixes #19094 * Clean up protected_branches when deleting teams * fix issue Co-authored-by: Lauris BH <lauris@nix.lv>
* Make migrations SKIP_TLS_VERIFY apply to git too (#19132)zeripath2022-03-192-16/+22
| | | | | | | | Make SKIP_TLS_VERIFY apply to git data migrations too through adding the `-c http.sslVerify=false` option to the git clone command. Fix #18998 Signed-off-by: Andrew Thornton <art27@cantab.net>
* remove not needed (#19128)65432022-03-183-73/+2
|
* nit fix (#19116)65432022-03-171-2/+1
|
* Store the foreign ID of issues during migration (#18446)Aravinth Manivannan2022-03-177-53/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Storing the foreign identifier of an imported issue in the database is a prerequisite to implement idempotent migrations or mirror for issues. It is a baby step towards mirroring that introduces a new table. At the moment when an issue is created by the Gitea uploader, it fails if the issue already exists. The Gitea uploader could be modified so that, instead of failing, it looks up the database to find an existing issue. And if it does it would update the issue instead of creating a new one. However this is not currently possible because an information is missing from the database: the foreign identifier that uniquely represents the issue being migrated is not persisted. With this change, the foreign identifier is stored in the database and the Gitea uploader will then be able to run a query to figure out if a given issue being imported already exists. The implementation of mirroring for issues, pull requests, releases, etc. can be done in three steps: 1. Store an identifier for the element being mirrored (issue, pull request...) in the database (this is the purpose of these changes) 2. Modify the Gitea uploader to be able to update an existing repository with all it contains (issues, pull request...) instead of failing if it exists 3. Optimize the Gitea uploader to speed up the updates, when possible. The second step creates code that does not yet exist to enable idempotent migrations with the Gitea uploader. When a migration is done for the first time, the behavior is not changed. But when a migration is done for a repository that already exists, this new code is used to update it. The third step can use the code created in the second step to optimize and speed up migrations. For instance, when a migration is resumed, an issue that has an update time that is not more recent can be skipped and only newly created issues or updated ones will be updated. Another example of optimization could be that a webhook notifies Gitea when an issue is updated. The code triggered by the webhook would download only this issue and call the code created in the second step to update the issue, as if it was in the process of an idempotent migration. The ForeignReferences table is added to contain local and foreign ID pairs relative to a given repository. It can later be used for pull requests and other artifacts that can be mirrored. Although the foreign id could be added as a single field in issues or pull requests, it would need to be added to all tables that represent something that can be mirrored. Creating a new table makes for a simpler and more generic design. The drawback is that it requires an extra lookup to obtain the information. However, this extra information is only required during migration or mirroring and does not impact the way Gitea currently works. The foreign identifier of an issue or pull request is similar to the identifier of an external user, which is stored in reactions, issues, etc. as OriginalPosterID and so on. The representation of a user is however different and the ability of users to link their account to an external user at a later time is also a logic that is different from what is involved in mirroring or migrations. For these reasons, despite some commonalities, it is unclear at this time how the two tables (foreign reference and external user) could be merged together. The ForeignID field is extracted from the issue migration context so that it can be dumped in files with dump-repo and later restored via restore-repo. The GetAllComments downloader method is introduced to simplify the implementation and not overload the Context for the purpose of pagination. It also clarifies in which context the comments are paginated and in which context they are not. The Context interface is no longer useful for the purpose of retrieving the LocalID and ForeignID since they are now both available from the PullRequest and Issue struct. The Reviewable and Commentable interfaces replace and serve the same purpose. The Context data member of PullRequest and Issue becomes a DownloaderContext to clarify that its purpose is not to support in memory operations while the current downloader is acting but is not otherwise persisted. It is, for instance, used by the GitLab downloader to store the IsMergeRequest boolean and sort out issues. --- [source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/36) Signed-off-by: Loïc Dachary <loic@dachary.org> Co-authored-by: Loïc Dachary <loic@dachary.org>
* rm .sample hooks which aren't used (#19101)techknowlogick2022-03-1634-1950/+0
|
* use go1.18 to build gitea (#19099)techknowlogick2022-03-162-7/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | * use go1.18 to build gitea& update min go version to 1.17 * bump in a few more places * add a few simple tests for isipprivate * update go.mod * update URL to https://go.dev/dl/ * golangci-lint * attempt golangci-lint workaround * change version * bump fumpt version * skip strings.title test * go mod tidy * update tests as some aren't private?? * update tests
* Update golang.org/x/crypto (#19097)Gusted2022-03-162-57/+1
| | | | | | | | | | | | | | | | | | | | * Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf - & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a * Update Kex Algorithms - Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a - Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
* Fix lfs bug (#19072)Lunny Xiao2022-03-142-0/+68
| | | * Fix lfs bug
* RSS/Atom support for Repos (#19055)65432022-03-132-3/+5
| | | | | | | * support for repos * refactor * advertise the feeds via meta tags * allow feed suffix and feed header * optimize performance
* If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049)zeripath2022-03-101-1/+1
| | | | | | | | | | | | | Unfortunately #18642 does not work because a `*net.OpError` does not implement the `Is` interface to make `errors.Is` work correctly - thus leading to the irritating conclusion that a `*net.OpError` is not a `*net.OpError`. Here we keep the `errors.Is` because presumably this will be fixed at some point in the golang main source code but also we add a simply type cast to also check. Fix #18629 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Improve SyncMirrors logging (#19045)zeripath2022-03-102-20/+33
| | | | | | | | | Yet another issue has come up where the logging from SyncMirrors does not provide enough context. This PR adds more context to these logging events. Related #19038 Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix pam authorization (#19040)zeripath2022-03-101-0/+4
| | | | | https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb/ Co-authored-by: ysf <34326+ysf@users.noreply.github.com>
* Don't show context cancelled errors in attribute reader (#19006)zeripath2022-03-081-1/+3
| | | | | | Fix #18997 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add Index to comment for migrations and mirroring (#18806)singuliere2022-03-061-1/+2
| | | | | | | | | | | | Comments have an id (see Gitea[0], GitLab[1], GitHub[2], etc.), and the comment migration format must represent it during migrations so that it can be used during mirroring or incremental migrations. [0] https://try.gitea.io/api/swagger#/issue/issueGetComment [1] https://docs.gitlab.com/ee/api/discussions.html#get-single-issue-discussion-item [2] https://docs.github.com/en/rest/reference/issues#get-an-issue-comment Signed-off-by: Loïc Dachary <loic@dachary.org> Co-authored-by: Loïc Dachary <loic@dachary.org>
* Support ignore all santize for external renderer (#18984)Lunny Xiao2022-03-066-18/+54
| | | | | | | | | | | | | | * Support ignore all santize for external renderer * Update docs * Apply suggestions from code review Co-authored-by: silverwind <me@silverwind.io> * Fix doc Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de>
* Add config option to disable "Update branch by rebase" (#18745)Jimmy Praet2022-03-041-0/+2
|
* git backend ignore replace objects (#18979)65432022-03-021-0/+2
| | | | | * git backend ignore replace objects * comment
* Refactor admin user filter query parameters (#18965)wxiaoguang2022-03-021-9/+0
| | | | Only pass `status_filter` on admin page Use a more general method to pass query parameters, remove hard-coded keys
* Fix admin user list pagination (#18957)Otto Richter (fnetX)2022-03-011-0/+9
|
* [API] Allow removing issues (#18879)Otto Richter (fnetX)2022-03-014-0/+13
| | | | | | | | Add new feature to delete issues and pulls via API Co-authored-by: fnetx <git@fralix.ovh> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Refactor SecToTime() function (#18863)René Schaar2022-02-282-35/+59
| | | | | - Add helper method to reduce redundancy - Expand the scope from displaying days to years - Reduce irrelevance by not displaying small units (hours, minutes, seconds) when bigger ones apply (years)
* Adjust error for already locked db and prevent level db lock on malformed ↵zeripath2022-02-271-6/+42
| | | | | | | | | | | | connstr (#18923) This PR adjusts the error returned when there is failure to lock the level db, and permits a connections to the same leveldb where there is a different connection string. Reference #18921 Reference #18917 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow adminstrator teams members to see other teams (#18918)Gusted2022-02-261-0/+16
| | | | | | * Allow adminstrator teams to see other teams - Allow team members with adminstrator access, to view other teams. - Resolves #18885
* Don't treat BOM escape sequence as hidden character. (#18909)Gusted2022-02-262-4/+25
| | | | | | | | | | | * Don't treat BOM escape sequence as hidden character. - BOM sequence is a common non-harmfull escape sequence, it shouldn't be shown as hidden character. - Follows GitHub's behavior. - Resolves #18837 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>