aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate query string auth tokens (#28390)Jack Hay2023-12-121-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Changes - Add deprecation warning to `Token` and `AccessToken` authentication methods in swagger. - Add deprecation warning header to API response. Example: ``` HTTP/1.1 200 OK ... Warning: token and access_token API authentication is deprecated ... ``` - Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth tokens entirely. Default is `false` ## Next steps - `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and the methods should be removed in swagger - `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of the auth methods in question should be removed ## Open questions - Should there be further changes to the swagger documentation? Deprecation is not yet supported for security definitions (coming in [OpenAPI Spec version 3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506)) - Should the API router logger sanitize urls that use `token` or `access_token`? (This is obviously an insufficient solution on its own) --------- Co-authored-by: delvh <dev.lh@web.de>
* Improve doctor cli behavior (#28422)wxiaoguang2023-12-111-6/+10
| | | | | | 1. Do not sort the "checks" slice again and again when "Register", it just wastes CPU when the Gitea instance runs 2. If a check doesn't exist, tell the end user 3. Add some tests
* Second part of refactor `db.Find` (#28194)Lunny Xiao2023-12-112-9/+5
| | | Continue of #27798 and move more functions to `db.Find` and `db.Count`.
* Make gogit Repository.GetBranchNames consistent (#28348)Adam Majer2023-12-071-13/+28
|
* Remove GetByBean method because sometimes it's danger when query condition ↵Lunny Xiao2023-12-072-10/+13
| | | | | | | | | | | | | | | | | | | | parameter is zero and also introduce new generic methods (#28220) The function `GetByBean` has an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem. To avoid the possibility, this PR removed function `GetByBean` and all references. And some new generic functions have been introduced to be used. The recommand usage like below. ```go // if query an object according id obj, err := db.GetByID[Object](ctx, id) // query with other conditions obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b}) ```
* Include public repos in doer's dashboard for issue search (#28304)Jason Song2023-12-073-29/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It will fix #28268 . <img width="1313" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc"> <img width="1318" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9"> ## :warning: BREAKING :warning: But need to give up some features: <img width="1312" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610"> However, such abandonment may fix #28055 . ## Backgroud When the user switches the dashboard context to an org, it means they want to search issues in the repos that belong to the org. However, when they switch to themselves, it means all repos they can access because they may have created an issue in a public repo that they don't own. <img width="286" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97"> It's a confusing design. Think about this: What does "In your repositories" mean when the user switches to an org? Repos belong to the user or the org? Whatever, it has been broken by #26012 and its following PRs. After the PR, it searches for issues in repos that the dashboard context user owns or has been explicitly granted access to, so it causes #28268. ## How to fix it It's not really difficult to fix it. Just extend the repo scope to search issues when the dashboard context user is the doer. Since the user may create issues or be mentioned in any public repo, we can just set `AllPublic` to true, which is already supported by indexers. The DB condition will also support it in this PR. But the real difficulty is how to count the search results grouped by repos. It's something like "search issues with this keyword and those filters, and return the total number and the top results. **Then, group all of them by repo and return the counts of each group.**" <img width="314" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4"> Before #26012, it was being done in the DB, but it caused the results to be incomplete (see the description of #26012). And to keep this, #26012 implement it in an inefficient way, just count the issues by repo one by one, so it cannot work when `AllPublic` is true because it's almost impossible to do this for all public repos. https://github.com/go-gitea/gitea/blob/1bfcdeef4cca0f5509476358e5931c13d37ed1ca/modules/indexer/issues/indexer.go#L318-L338 ## Give up unnecessary features We may can resovle `TODO: use "group by" of the indexer engines to implement it`, I'm sure it can be done with Elasticsearch, but IIRC, Bleve and Meilisearch don't support "group by". And the real question is, does it worth it? Why should we need to know the counts grouped by repos? Let me show you my search dashboard on gitea.com. <img width="1304" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff"> I never think the long repo list helps anything. And if we agree to abandon it, things will be much easier. That is this PR. ## TODO I know it's important to filter by repos when searching issues. However, it shouldn't be the way we have it now. It could be implemented like this. <img width="1316" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe"> The indexers support it well now, but it requires some frontend work, which I'm not good at. So, I think someone could help do that in another PR and merge this one to fix the bug first. Or please block this PR and help to complete it. Finally, "Switch dashboard context" is also a design that needs improvement. In my opinion, it can be accomplished by adding filtering conditions instead of "switching".
* Use `filepath` instead of `path` to create SQLite3 database file (#28374)wxiaoguang2023-12-061-2/+1
|
* Fix incorrect default value of `[attachment].MAX_SIZE` (#28373)capvor2023-12-061-1/+1
|
* Render PyPi long description as document (#28272)Earl Warren2023-12-051-0/+1
| | | | Co-authored-by: Gusted <postmaster@gusted.xyz>
* Convert git commit summary to valid UTF8. (#28356)darrinsmart2023-12-051-1/+2
| | | | | | | | The summary string ends up in the database, and (at least) MySQL & PostgreSQL require valid UTF8 strings. Fixes #28178 Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
* Read `previous` info from git blame (#28306)KN4CK3R2023-12-012-24/+41
| | | | | | | Fixes #28280 Reads the `previous` info from the `git blame` output instead of calculating it afterwards.
* Meilisearch: require all query terms to be matched (#28293)Brecht Van Lommel2023-11-291-4/+5
| | | | | | | | | | | | | Previously only the first term had to be matched. That default Meilisearch behavior makes sense for e.g. some kind of autocomplete to find and select a single result. But for filtering issues it means you can't narrow down results by adding more terms. This is also more consistent with other indexers and GitHub. --- Reference: https://www.meilisearch.com/docs/reference/api/search#matching-strategy
* Ignore "non-existing" errors when getDirectorySize calculates the size (#28276)wxiaoguang2023-11-291-15/+12
| | | | | | | | | The git command may operate the git directory (add/remove) files in any time. So when the code iterates the directory, some files may disappear during the "walk". All "IsNotExist" errors should be ignored. Fix #26765
* Ignore temporary files for directory size (#28265)Earl Warren2023-11-281-1/+5
| | | | Co-authored-by: Gusted <postmaster@gusted.xyz>
* Fix delete-orphaned-repos (#28200)pitpalme2023-11-241-2/+2
| | | | | | | gitea doctor failed at checking and fixing 'delete-orphaned-repos', because table name 'user' needs quoting to be correctly recognized by at least PostgreSQL. fixes #28199
* Refactor graceful manager to use shared code (#28073)wxiaoguang2023-11-243-174/+119
| | | | Make "windows" and "unix" share as much code as possible. No logic change.
* Use restricted sanitizer for repository description (#28141)Earl Warren2023-11-232-3/+54
| | | | | | | | | | | | | | | - Currently the repository description uses the same sanitizer as a normal markdown document. This means that element such as heading and images are allowed and can be abused. - Create a minimal restricted sanitizer for the repository description, which only allows what the postprocessor currently allows, which are links and emojis. - Added unit testing. - Resolves https://codeberg.org/forgejo/forgejo/issues/1202 - Resolves https://codeberg.org/Codeberg/Community/issues/1122 (cherry picked from commit 631c87cc2347f0036a75dcd21e24429bbca28207) Co-authored-by: Gusted <postmaster@gusted.xyz>
* Make CORS work for oauth2 handlers (#28184)wxiaoguang2023-11-231-0/+4
| | | | | | Fix #25473 Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`, it never really worked, because it still lacks the "OPTIONS" handler.
* Add guide page to actions when there's no workflows (#28145)yp053272023-11-211-0/+1
| | | | | | | | | Before: ![image](https://github.com/go-gitea/gitea/assets/18380374/599d40c1-9b8d-4189-9286-c9c36fb780dd) After: ![image](https://github.com/go-gitea/gitea/assets/18380374/848a73d1-aaec-478f-93a7-adcc7ee18907)
* add skip ci functionality (#28075)Denys Konovalov2023-11-181-2/+4
| | | | | | | | | | | | Adds the possibility to skip workflow execution if the commit message contains a string like [skip ci] or similar. The default strings are the same as on GitHub, users can also set custom ones in app.ini Reference: https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs Close #28020
* Change default size of attachments and repo files (#28100)Nanguan Lin2023-11-172-2/+2
| | | | https://github.com/go-gitea/gitea/pull/27946 forgets to change them in code. Sorry about that.
* Fix incorrect pgsql conn builder behavior (#28085)wxiaoguang2023-11-172-9/+11
| | | Fix #28083 and fix the tests
* Improve graceful manager code/comment (#28063)wxiaoguang2023-11-158-83/+29
| | | | The graceful manager has some bugs (#27643, #28062). This is a preparation for further fixes.
* Render email addresses as such if followed by punctuation (#27987)Yarden Shoham2023-11-112-1/+13
| | | | | | | | | | | | | | | | | | | | | | Added the following characters to the regular expression for the email: - , - ; - ? - ! Also added a test case. - Fixes #27616 # Before ![image](https://github.com/go-gitea/gitea/assets/20454870/c57eac26-f281-43ef-a51d-9c9a81b63efa) # After ![image](https://github.com/go-gitea/gitea/assets/20454870/fc7d5c08-4350-4af0-a7f0-d1444d2d75af) Signed-off-by: Yarden Shoham <git@yardenshoham.com>
* Remove `title` from elements on Org mode (#27968)KN4CK3R2023-11-102-11/+15
| | | | | | | | | | | | | | | | The Org mode rendering has some problems: 1. `[[https://example.com][pre https://example.com/example.mp4 post]]` renders as `<p><a href="https://example.com" title="pre <video src="https://example.com/example.mp4" title="https://example.com/example.mp4">https://example.com/example.mp4</video> post">pre <video src="https://example.com/example.mp4" title="https://example.com/example.mp4">https://example.com/example.mp4</video> post</a></p>` As you can see, the `title` attribute contains the inner html in unescaped form. I removed the `title` attribute because it is of little value. 3. The `title` attribute on `img` and `video` is of little value. 4. The inner elements of `video` are different depending on the `if`.
* Allow to set explore page default sort (#27951)65432023-11-091-0/+1
| | | | | | | as title --- *Sponsored by Kithara Software GmbH*
* Fix format error (#27963)Lunny Xiao2023-11-081-1/+1
|
* Unify two factor check (#27915)KN4CK3R2023-11-061-27/+0
| | | | | | | | Fixes #27819 We have support for two factor logins with the normal web login and with basic auth. For basic auth the two factor check was implemented at three different places and you need to know that this check is necessary. This PR moves the check into the basic auth itself.
* Remove action runners on user deletion (#27902)Earl Warren2023-11-051-0/+7
| | | | | | | | | | - On user deletion, delete action runners that the user has created. - Add a database consistency check to remove action runners that have nonexistent belonging owner. - Resolves https://codeberg.org/forgejo/forgejo/issues/1720 (cherry picked from commit 009ca7223dab054f7f760b7ccae69e745eebfabb) Co-authored-by: Gusted <postmaster@gusted.xyz>
* Remove SSH workaround (#27893)Earl Warren2023-11-031-7/+2
| | | Revert the workaround of #26409 and fix #26411, update github.com/gliderlabs/ssh to include https://github.com/gliderlabs/ssh/commit/02f9d573009f8c13755b6b90fa14a4f549b17b22
* refactor postgres connection string building (#27723)Moritz Poldrack2023-11-012-29/+44
| | | | | | | | This patchset changes the connection string builder to use net.URL and the host/port parser to use the stdlib function for splitting host from port. It also adds a footnote about a potentially required portnumber for postgres UNIX sockets. Fixes: #24552
* Support storage base path as prefix (#27827)Lunny Xiao2023-11-012-3/+67
| | | | | | This PR adds a prefix path for all minio storage and override base path will override the path. The previous behavior is undefined officially, so it will be marked as breaking.
* Clean up template locale usage (#27856)wxiaoguang2023-10-311-1/+0
| | | | | | | | | | | | | | | | | After many refactoring PRs for the "locale" and "template context function", now the ".locale" is not needed for web templates any more. This PR does a clean up for: 1. Remove `ctx.Data["locale"]` for web context. 2. Use `ctx.Locale` in `500.tmpl`, for consistency. 3. Add a test check for `500 page` locale usage. 4. Remove the `Str2html` and `DotEscape` from mail template context data, they are copy&paste errors introduced by #19169 and #16200 . These functions are template functions (provided by the common renderer), but not template data variables. 5. Make email `SendAsync` function mockable (I was planning to add more tests but it would make this PR much too complex, so the tests could be done in another PR)
* Fix package webhook (#27839)Lunny Xiao2023-10-311-0/+1
| | | | | | | Fix #23742 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Close all hashed buffers (#27787)KN4CK3R2023-10-251-1/+1
| | | | Add missing `.Close()` calls. The current code does not delete the temporary files if the data grows over 32mb.
* Fix issue not showing on default board and add test (#27720)Nanguan Lin2023-10-251-0/+6
| | | | | | | | | | | | See https://github.com/go-gitea/gitea/pull/27718#issuecomment-1773743014 . Add a test to ensure its behavior. Why this test uses `ProjectBoardID=0`? Because in `SearchOptions`, `ProjectBoardID=0` means what it is. But in `IssueOptions`, `ProjectBoardID=0` means there is no condition, and `ProjectBoardID=db.NoConditionID` means the board ID = 0. It's really confusing. Probably it's better to separate the db search engine and the other issue search code. It's really two different systems. As far as I can see, `IssueOptions` is not necessary for most of the code, which has very simple issue search conditions.
* Upgrade to golangci-lint@v1.55.0 (#27756)silverwind2023-10-247-96/+91
| | | https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
* Fix label render containing invalid HTML (#27752)Earl Warren2023-10-231-1/+1
| | | | | | | | | - The label HTML contained a quote that wasn't being closed. Refs: https://codeberg.org/forgejo/forgejo/pulls/1651 (cherry picked from commit e2bc2c9a1fff482c49dbeb3a51e4e1c698bf506c) Co-authored-by: Gusted <postmaster@gusted.xyz>
* refactor: make db iterate context aware (#27710)65432023-10-211-15/+20
| | | | | | | | | the iteration will run until finished atm. this changes it by checking if if the context got canceled before each run of a loop sequence is executed [View this pull with now whitespace](https://github.com/go-gitea/gitea/pull/27710/files?diff=unified&w=1)
* Clean some functions about project issue (#27705)Nanguan Lin2023-10-201-1/+0
| | | | | | | | | 1. remove unused function `MoveIssueAcrossProjectBoards` 2. extract the project board condition into a function 3. use db.NoCondition instead of -1. (BTW, the usage of db.NoCondition is too confusing. Is there any way to avoid that?) 4. remove the unnecessary comment since the ctx refactor is completed. 5. Change `b.ID != 0` to `b.ID > 0`. It's more intuitive but I think they're the same since board ID can't be negative.
* Add doctor dbconsistency fix to delete repos with no owner (#27290)65432023-10-191-0/+70
| | | | to address #27273 replace #24873
* Support allowed hosts for webhook to work with proxy (#27655)Jason Song2023-10-181-3/+15
| | | | | | | | | | | | | | | | | When `webhook.PROXY_URL` has been set, the old code will check if the proxy host is in `ALLOWED_HOST_LIST` or reject requests through the proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`. However, it actually allows all requests to any port on the host, when the proxy host is probably an internal address. But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work when requests are sent to the allowed proxy, and the proxy could forward them to any hosts. This PR fixes it by: - If the proxy has been set, always allow connectioins to the host and port. - Check `ALLOWED_HOST_LIST` before forwarding.
* Improve retrying index issues (#27554)Jason Song2023-10-152-30/+41
| | | Fix #27540
* Replace more db.DefaultContext (#27628)Lunny Xiao2023-10-154-18/+24
| | | Target #27065
* Final round of `db.DefaultContext` refactor (#27587)JakobDev2023-10-142-7/+7
| | | Last part of #27065
* Enhanced auth token / remember me (#27606)KN4CK3R2023-10-142-46/+0
| | | | | | | | | | | | | | | | | Closes #27455 > The mechanism responsible for long-term authentication (the 'remember me' cookie) uses a weak construction technique. It will hash the user's hashed password and the rands value; it will then call the secure cookie code, which will encrypt the user's name with the computed hash. If one were able to dump the database, they could extract those two values to rebuild that cookie and impersonate a user. That vulnerability exists from the date the dump was obtained until a user changed their password. > > To fix this security issue, the cookie could be created and verified using a different technique such as the one explained at https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies. The PR removes the now obsolete setting `COOKIE_USERNAME`.
* Replace assert.Fail with assert.FailNow (#27578)Nanguan Lin2023-10-115-18/+11
| | | | | | | | | assert.Fail() will continue to execute the code while assert.FailNow() not. I thought those uses of assert.Fail() should exit immediately. PS: perhaps it's a good idea to use [require](https://pkg.go.dev/github.com/stretchr/testify/require) somewhere because the assert package's default behavior does not exit when an error occurs, which makes it difficult to find the root error reason.
* Penultimate round of `db.DefaultContext` refactor (#27414)JakobDev2023-10-118-12/+14
| | | | | | | Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Increase queue length (#27555)Jason Song2023-10-102-2/+2
|
* Fix `environment-to-ini` inherited key bug (#27543)wxiaoguang2023-10-102-1/+28
| | | | | | | Fix #27541 The INI package has a quirk: by default, the keys are inherited. When maintaining the keys, the newly added sub key should not be affected by the parent key.