aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Make migrations SKIP_TLS_VERIFY apply to git too (#19132)zeripath2022-03-192-16/+22
| | | | | | | | Make SKIP_TLS_VERIFY apply to git data migrations too through adding the `-c http.sslVerify=false` option to the git clone command. Fix #18998 Signed-off-by: Andrew Thornton <art27@cantab.net>
* remove not needed (#19128)65432022-03-183-73/+2
|
* nit fix (#19116)65432022-03-171-2/+1
|
* Store the foreign ID of issues during migration (#18446)Aravinth Manivannan2022-03-177-53/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Storing the foreign identifier of an imported issue in the database is a prerequisite to implement idempotent migrations or mirror for issues. It is a baby step towards mirroring that introduces a new table. At the moment when an issue is created by the Gitea uploader, it fails if the issue already exists. The Gitea uploader could be modified so that, instead of failing, it looks up the database to find an existing issue. And if it does it would update the issue instead of creating a new one. However this is not currently possible because an information is missing from the database: the foreign identifier that uniquely represents the issue being migrated is not persisted. With this change, the foreign identifier is stored in the database and the Gitea uploader will then be able to run a query to figure out if a given issue being imported already exists. The implementation of mirroring for issues, pull requests, releases, etc. can be done in three steps: 1. Store an identifier for the element being mirrored (issue, pull request...) in the database (this is the purpose of these changes) 2. Modify the Gitea uploader to be able to update an existing repository with all it contains (issues, pull request...) instead of failing if it exists 3. Optimize the Gitea uploader to speed up the updates, when possible. The second step creates code that does not yet exist to enable idempotent migrations with the Gitea uploader. When a migration is done for the first time, the behavior is not changed. But when a migration is done for a repository that already exists, this new code is used to update it. The third step can use the code created in the second step to optimize and speed up migrations. For instance, when a migration is resumed, an issue that has an update time that is not more recent can be skipped and only newly created issues or updated ones will be updated. Another example of optimization could be that a webhook notifies Gitea when an issue is updated. The code triggered by the webhook would download only this issue and call the code created in the second step to update the issue, as if it was in the process of an idempotent migration. The ForeignReferences table is added to contain local and foreign ID pairs relative to a given repository. It can later be used for pull requests and other artifacts that can be mirrored. Although the foreign id could be added as a single field in issues or pull requests, it would need to be added to all tables that represent something that can be mirrored. Creating a new table makes for a simpler and more generic design. The drawback is that it requires an extra lookup to obtain the information. However, this extra information is only required during migration or mirroring and does not impact the way Gitea currently works. The foreign identifier of an issue or pull request is similar to the identifier of an external user, which is stored in reactions, issues, etc. as OriginalPosterID and so on. The representation of a user is however different and the ability of users to link their account to an external user at a later time is also a logic that is different from what is involved in mirroring or migrations. For these reasons, despite some commonalities, it is unclear at this time how the two tables (foreign reference and external user) could be merged together. The ForeignID field is extracted from the issue migration context so that it can be dumped in files with dump-repo and later restored via restore-repo. The GetAllComments downloader method is introduced to simplify the implementation and not overload the Context for the purpose of pagination. It also clarifies in which context the comments are paginated and in which context they are not. The Context interface is no longer useful for the purpose of retrieving the LocalID and ForeignID since they are now both available from the PullRequest and Issue struct. The Reviewable and Commentable interfaces replace and serve the same purpose. The Context data member of PullRequest and Issue becomes a DownloaderContext to clarify that its purpose is not to support in memory operations while the current downloader is acting but is not otherwise persisted. It is, for instance, used by the GitLab downloader to store the IsMergeRequest boolean and sort out issues. --- [source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/36) Signed-off-by: Loïc Dachary <loic@dachary.org> Co-authored-by: Loïc Dachary <loic@dachary.org>
* rm .sample hooks which aren't used (#19101)techknowlogick2022-03-1634-1950/+0
|
* use go1.18 to build gitea (#19099)techknowlogick2022-03-162-7/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | * use go1.18 to build gitea& update min go version to 1.17 * bump in a few more places * add a few simple tests for isipprivate * update go.mod * update URL to https://go.dev/dl/ * golangci-lint * attempt golangci-lint workaround * change version * bump fumpt version * skip strings.title test * go mod tidy * update tests as some aren't private?? * update tests
* Update golang.org/x/crypto (#19097)Gusted2022-03-162-57/+1
| | | | | | | | | | | | | | | | | | | | * Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf - & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a * Update Kex Algorithms - Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a - Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
* Fix lfs bug (#19072)Lunny Xiao2022-03-142-0/+68
| | | * Fix lfs bug
* RSS/Atom support for Repos (#19055)65432022-03-132-3/+5
| | | | | | | * support for repos * refactor * advertise the feeds via meta tags * allow feed suffix and feed header * optimize performance
* If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049)zeripath2022-03-101-1/+1
| | | | | | | | | | | | | Unfortunately #18642 does not work because a `*net.OpError` does not implement the `Is` interface to make `errors.Is` work correctly - thus leading to the irritating conclusion that a `*net.OpError` is not a `*net.OpError`. Here we keep the `errors.Is` because presumably this will be fixed at some point in the golang main source code but also we add a simply type cast to also check. Fix #18629 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Improve SyncMirrors logging (#19045)zeripath2022-03-102-20/+33
| | | | | | | | | Yet another issue has come up where the logging from SyncMirrors does not provide enough context. This PR adds more context to these logging events. Related #19038 Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix pam authorization (#19040)zeripath2022-03-101-0/+4
| | | | | https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb/ Co-authored-by: ysf <34326+ysf@users.noreply.github.com>
* Don't show context cancelled errors in attribute reader (#19006)zeripath2022-03-081-1/+3
| | | | | | Fix #18997 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add Index to comment for migrations and mirroring (#18806)singuliere2022-03-061-1/+2
| | | | | | | | | | | | Comments have an id (see Gitea[0], GitLab[1], GitHub[2], etc.), and the comment migration format must represent it during migrations so that it can be used during mirroring or incremental migrations. [0] https://try.gitea.io/api/swagger#/issue/issueGetComment [1] https://docs.gitlab.com/ee/api/discussions.html#get-single-issue-discussion-item [2] https://docs.github.com/en/rest/reference/issues#get-an-issue-comment Signed-off-by: Loïc Dachary <loic@dachary.org> Co-authored-by: Loïc Dachary <loic@dachary.org>
* Support ignore all santize for external renderer (#18984)Lunny Xiao2022-03-066-18/+54
| | | | | | | | | | | | | | * Support ignore all santize for external renderer * Update docs * Apply suggestions from code review Co-authored-by: silverwind <me@silverwind.io> * Fix doc Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de>
* Add config option to disable "Update branch by rebase" (#18745)Jimmy Praet2022-03-041-0/+2
|
* git backend ignore replace objects (#18979)65432022-03-021-0/+2
| | | | | * git backend ignore replace objects * comment
* Refactor admin user filter query parameters (#18965)wxiaoguang2022-03-021-9/+0
| | | | Only pass `status_filter` on admin page Use a more general method to pass query parameters, remove hard-coded keys
* Fix admin user list pagination (#18957)Otto Richter (fnetX)2022-03-011-0/+9
|
* [API] Allow removing issues (#18879)Otto Richter (fnetX)2022-03-014-0/+13
| | | | | | | | Add new feature to delete issues and pulls via API Co-authored-by: fnetx <git@fralix.ovh> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Refactor SecToTime() function (#18863)René Schaar2022-02-282-35/+59
| | | | | - Add helper method to reduce redundancy - Expand the scope from displaying days to years - Reduce irrelevance by not displaying small units (hours, minutes, seconds) when bigger ones apply (years)
* Adjust error for already locked db and prevent level db lock on malformed ↵zeripath2022-02-271-6/+42
| | | | | | | | | | | | connstr (#18923) This PR adjusts the error returned when there is failure to lock the level db, and permits a connections to the same leveldb where there is a different connection string. Reference #18921 Reference #18917 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow adminstrator teams members to see other teams (#18918)Gusted2022-02-261-0/+16
| | | | | | * Allow adminstrator teams to see other teams - Allow team members with adminstrator access, to view other teams. - Resolves #18885
* Don't treat BOM escape sequence as hidden character. (#18909)Gusted2022-02-262-4/+25
| | | | | | | | | | | * Don't treat BOM escape sequence as hidden character. - BOM sequence is a common non-harmfull escape sequence, it shouldn't be shown as hidden character. - Follows GitHub's behavior. - Resolves #18837 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Disable service worker by default (#18914)silverwind2022-02-261-1/+1
| | | | | | | | The service worker causes a lot of issues with JS errors after instance upgrades while not bringing any real performance gain over regular HTTP caching. Disable it by default for this reason. Maybe later we can remove it completely, as I simply see no benefit in having it.
* Correctly link URLs to users/repos with dashes, dots or underscores (#18890)Alexander Neumann2022-02-262-1/+10
| | | | | | | | * Add tests for references with dashes This commit adds tests for full URLs referencing repos names and user names containing a dash. * Extend regex to match URLs to repos/users with dashes
* migrations: add test for importing pull requests in gitea uploader (#18752)singuliere2022-02-258-0/+167
| | | | | | | | | | | | | | | | | | | * logs: add the buffer logger to inspect logs during testing Signed-off-by: Loïc Dachary <loic@dachary.org> * migrations: add test for importing pull requests in gitea uploader Signed-off-by: Loïc Dachary <loic@dachary.org> * for each git.OpenRepositoryCtx, call Close * Content is expected to return the content of the log * test for errors before defer Co-authored-by: Loïc Dachary <loic@dachary.org> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent Stats Indexer reporting error if repo dir missing (#18870)zeripath2022-02-241-0/+3
| | | | | | | | | | Repositories missing their directory should not report an error from the stats indexer. Close #18847 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Lock gofumpt to v0.3.0 and run it (#18866)silverwind2022-02-238-10/+18
| | | | | We can't depend on `latest` version of gofumpt because the output will not be stable across versions. Lock it down to the latest version released yesterday and run it again.
* Immediately Hammer if second kill is sent (#18823)zeripath2022-02-192-2/+7
| | | | | | | Currently Gitea will wait for HammerTime or nice shutdown if kill -1 or kill -2 is sent. We should just immediately hammer if there is a second kill. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix panic in EscapeReader (#18820)zeripath2022-02-192-0/+10
| | | | | | There is a potential panic due to a mistaken resetting of the length parameter when multibyte characters go over a read boundary. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix problem when self-assign notification (#18797)Lunny Xiao2022-02-181-1/+1
|
* Fix redirect when using lowercase reponame (#18775)Ghanem2022-02-181-1/+1
| | | | | | | | * Previously, `GET {username}/{reponame}/raw///file-path` (the middle two slashes are blank to get the default branch) when the repo name has uppercase letters, e.g., https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware, using a lowercase version of the name redirected to the correct URL * In other words both * `GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw///images/back.png` * `GET https://try.gitea.io/AbdulrhmnGhanem/ch330_hardware/raw///images/back.png` were redirecting to ` GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw/branch/master/images/back.png` This isn't the case after #17551. Specifically because of this [line](https://github.com/zeripath/gitea/blob/cbd5eecd148dfca5fcb1a3da469e491a84f6b32b/modules/context/repo.go#L860).
* Fix display time of milestones (#18753)René Schaar2022-02-163-2/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | * Fix display time of milestones * Move the SecToTime function From the models/issue_stopwatch.go file to the modules/util package * Rename the sec_to_time file * Updated formatting * Include copyright notice in sec_to_time.go * Apply PR review suggestions - Update copyright notice dates to 2022 - Change `1 day 3h 5min 7s` to `1d 3h 5m 7s` * Rename hrs var and combine conditions * Update unit tests to match new time pattern Changed `1min` to `1m` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent dangling GetAttribute calls (#18754)zeripath2022-02-142-7/+12
| | | | | | It appears possible that there could be a hang due to unread data from the repo-attribute command pipes. This PR simply closes these during the defer. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix isempty detection of git repository (#18746)Lunny Xiao2022-02-141-6/+5
| | | | | * Fix isempty detection of git repository * Fix IsEmpty check
* Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707)flozzone2022-02-121-2/+2
| | | | | | | | | | | | | I want to address #17892, where emails notifications are not sent to assignees (issue and PR) and reviewers (PR) when they have the email setting Only email on mention enabled. From the user experience perspective, when a user gets a issue/PR assigned or a PR review request, he/she would expect to be implicitly mentioned since the assignment or request is personal and targeting a single person only. Thus I see #17892 as a bug. Could we therefore mark this ticket as such? The changed code just explicitly checks for the EmailNotificationsOnMention setting beside the existing EmailNotificationsEnabled check. Too rude? @lunny mentioned a mock mail server for tests, is there something ready. How could I make use of it? #12774 (comment) Fix #17892
* Add number in queue status to monitor page (#18712)zeripath2022-02-123-0/+22
| | | | | | | | | Add number in queue status to the monitor page so that administrators can assess how much work is left to be done in the queues. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Display template path of current page in dev mode (#18717)Lunny Xiao2022-02-121-1/+4
| | | | | | | | | | | | * Display template path of current page in dev mode * improve code * Update templates/base/footer_content.tmpl Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
* Change git.cmd to RunWithContext (#18693)Martin Scholz2022-02-1120-95/+257
| | | | | | | Change all `cmd...Pipeline` commands to `cmd.RunWithContext`. #18553 Co-authored-by: Martin Scholz <martin.scholz@versasec.com>
* Update SSH Server crypto settings (#18697)Gusted2022-02-101-3/+3
| | | | - Use a better and more curated list of Ciphers and KeyExchanges, these roughly follows OpenSSH's default. - Remove some cryptography values which were deprecated.
* Add apply-patch, basic revert and cherry-pick functionality (#17902)zeripath2022-02-092-2/+24
| | | | | | | | | | | | | | | This code adds a simple endpoint to apply patches to repositories and branches on gitea. This is then used along with the conflicting checking code in #18004 to provide a basic implementation of cherry-pick revert. Now because the buttons necessary for cherry-pick and revert have required us to create a dropdown next to the Browse Source button I've also implemented Create Branch and Create Tag operations. Fix #3880 Fix #17986 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent security failure due to bad APP_ID (#18678)zeripath2022-02-091-2/+5
| | | | | | | | | | | WebAuthn may cause a security exception if the provided APP_ID is not allowed for the current origin. Therefore we should reattempt authentication without the appid extension. Also we should allow [u2f] as-well as [U2F] sections. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Simplify Boost/Pause logic (#18673)zeripath2022-02-081-17/+36
| | | | | | | | | | | | | | | | | | | | * Simplify Boost/Pause logic #18658 has added a check to see if we need to boost because there is still work to do however the check is slightly complex and not ideal. There's no point boosting if the queue is paused or can't scale. Therefore merge the two selects into one and add a check to p.paused. Signed-off-by: Andrew Thornton <art27@cantab.net> * And on resume add a zeroboost if necessary Signed-off-by: Andrew Thornton <art27@cantab.net> * simplify Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Restart zero worker if there is still work to do (#18658)zeripath2022-02-081-0/+14
| | | | | | | | | | | | | | * Restart zero worker if there is still work to do It is possible for the zero worker to timeout before all the work is finished. This may mean that work may take a long time to complete because a worker will only be induced on repushing. Also ensure that requested count is reset after pulls and push mirror sync requests and add some more trace logging to the queue push. Fix #18607 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Support custom ACME provider (#18340)Cristian Le2022-02-081-22/+52
| | | | | | * Added ACMECAURL option to support custom ACME provider. Closes #18306 * Refactor setting.go https settings, renamed options and variables, and documented app.example.ini * Refactored runLetsEncrypt to runACME * Improved documentation
* Refactor i18n, use Locale to provide i18n/translation related functions (#18648)wxiaoguang2022-02-082-19/+28
| | | | | | | | * remove unnecessary web context data fields, and unify the i18n/translation related functions to `Locale` * in development, show an error if a translation key is missing * remove the unnecessary loops `for _, lang := range translation.AllLangs()` for every request, which improves the performance slightly * use `ctx.Locale.Language()` instead of `ctx.Data["Lang"].(string)` * add more comments about how the Locale/LangType fields are used
* Only request write when necessary (#18657)Gusted2022-02-081-11/+4
| | | | | | | | | | | | | | | | | * Only request write when necessary - Only request write for `INTERNAL_TOKEN_URI` when no token was found. - Resolves #18655 * Fix perm * Update setting.go * Update setting.go * Update setting.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Add separate SSH_USER config option (#17584)Clar Fon2022-02-071-0/+2
| | | Co-authored-by: zeripath <art27@cantab.net>
* Fix the missing i18n key for update checker (#18646)wxiaoguang2022-02-071-0/+12
|